CN113420319A - Data privacy protection method and system based on block chain and permission contract - Google Patents
Data privacy protection method and system based on block chain and permission contract Download PDFInfo
- Publication number
- CN113420319A CN113420319A CN202110376392.1A CN202110376392A CN113420319A CN 113420319 A CN113420319 A CN 113420319A CN 202110376392 A CN202110376392 A CN 202110376392A CN 113420319 A CN113420319 A CN 113420319A
- Authority
- CN
- China
- Prior art keywords
- data
- private data
- private
- contract
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000013475 authorization Methods 0.000 claims abstract description 94
- 238000012795 verification Methods 0.000 claims abstract description 8
- 230000006399 behavior Effects 0.000 claims description 33
- 230000006870 function Effects 0.000 claims description 18
- 238000012550 audit Methods 0.000 claims description 12
- 238000013500 data storage Methods 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 238000007726 management method Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000000875 corresponding effect Effects 0.000 description 2
- 238000013524 data verification Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
A method and a system for protecting data privacy based on a block chain and an authority contract relate to the technical field of block chains. The method comprises the following steps: 1) the encrypted private data is stored on the block chain to form a private data directory. 2) The required data is inquired out, and a data use application is made to the owner through a private data application contract. 3) After acquiring the application, the owner authorizes the use authority of the data or refuses the application to the user through the authorization intelligent contract, and records the authorization information behavior to the block chain. 4) And when a request for accessing the private data by the user is obtained, judging whether the user has the access authority or not according to the authorization code and the access rule. 5) And after the verification of the authority control contract, decrypting the private data to obtain original data, encrypting the original data by using the public key of the requester and returning the encrypted private data. The invention can obviously improve the security of the private data and ensure that the ownership of the private data is convenient for sharing the private data.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a data privacy protection method and system based on a block chain and an authority contract.
Background
At present, privacy data related contracts based on block chains are increasingly abundant, and more privacy data related contracts need to introduce authority control. If the intelligent contract is not subjected to authority control, the security requirement of the private data cannot be met. In a private data query scene, if the private data query function does not correctly set the authority interception logic, the whole set of logic is easily controlled by an attacker, and the private data cannot play a role in protection. In addition, the security of the private data is protected, but the sharing of the private data is very inconvenient, so that a user cannot acquire the private data information in time and cannot exert the value of the data.
Disclosure of Invention
In view of the above problems in the prior art, it is an object of the present invention to provide a method and system for data privacy protection based on blockchains and privilege contracts. The method fully combines block link tamper resistance, a cryptographic technology and a cross-contract access technology, provides a special authority control contract for governing interception rules of relevant access of private data, enables a user to quickly position required data by providing a private data directory under the condition of ensuring the security of the private data, applies for using the private data, authorizes the data code, sets the validity period of a data query rule and the validity period of the data authorization code, can obviously improve the security of the private data, can ensure that ownership of the private data facilitates sharing of the private data, and has strong practical significance and use scenes.
In order to achieve the above purpose, the technical solution of the present invention is implemented as follows:
a method for data privacy protection based on a blockchain and an authority contract is used for data privacy protection and comprises the following steps:
1) the encrypted private data is stored on the block chain by a data verification contract, and a private data directory is formed under the chain.
2) The user inquires out the required data through the private data directory, and puts forward a data use application to the owner through a private data application contract, and the system sends application information to the owner.
3) And after the owner obtains the application, the owner authorizes the use authority of the data to the user or refuses the application through the intelligent authorization contract, records the authorization information behavior to the block chain, generates an authorization code after the privacy data authorization passes, and sends the authorization code to the user.
4) When a user access privacy data request is acquired, firstly intercepting the access request through an authority control contract, judging whether the user has access authority or not through an authorization code and an access rule, recording illegal access behaviors of the user into a block chain when the user does not have the access authority, and sending the illegal access behaviors to an owner in a message form.
5) After the verification of the authority control contract, inquiring the contract owner through the private data to decrypt the private data and obtain the original data, encrypting the original data by using the public key of the requester and returning the encrypted private data.
In the data privacy protection method, the privacy data first obtains a digital fingerprint of the data through a hash algorithm, and the digital fingerprint is used for verifying whether the privacy data is tampered. The private data is encrypted for the first time through the platform key to obtain an encrypted ciphertext, then the encrypted ciphertext is subjected to asymmetric encryption for the second time through the public key of the user, and the ciphertext subjected to encryption for the second time and the corresponding digital fingerprint are stored on the block chain through a data storage certification contract. After the private data are successfully stored in the block chain, the data fingerprints and the basic information of the private data contain information such as private data names, private data unique identifiers and private data descriptions, but do not contain the private data, and the information is stored in the structured data to form a private data directory, so that a data user can conveniently locate the private data.
In the data privacy protection method, the user inquires out the required data index information through the privacy data directory, and provides a data use application to the system according to the requirement. The system notifies the application information to the data owner in the form of a message. And the data owner receives the application information and then audits the application, after the audit is approved, the system generates a unique data use authorization code through an encryption algorithm according to the unique identification of the private data and the public key of the applicant, the applicant cannot obtain use authorization if the audit does not pass, and the system sends audit result information to the applicant. The data user sets the access authority of the applicant, for example, sets the validity period of data access, the access times and the like, the association relation between the access authority and the authorization code is stored on the block chain through an intelligent contract, the use right, ownership and safety of the private data are guaranteed, and the system sends the authorization code to the user.
In the data privacy protection method, when the user queries the privacy data through the data use authorization code, the data query request is intercepted by the authority control contract, and the legitimacy of the authorization code is checked by the authority control contract. And after the validity check of the authorization code passes, the authority control contract continuously checks the authorization information of the authorization code. And the authorization code authorization information is checked, and the data unique identifier in the authorization code is analyzed by the system through the public key of the user. And inquiring a secret text of the private data through a data inquiry contract through the unique data identifier, and firstly decrypting for the first time through a secret key of the platform to obtain data after the private data is encrypted for the first time. And after the data owner acquires the data encrypted for the first time on the block chain, the data is decrypted for the second time by using the private key of the data owner to acquire plaintext data of the private data, the private data is encrypted by using the public key of the applicant to obtain a ciphertext, and the ciphertext is sent to the user.
In the data privacy protection method, the authority control contract is used for governing the interception rule of the contract related to the private data, the authority contract is only operated for modifying the rule, other contracts do not need to be adjusted, and the modification can take effect in real time.
In the data privacy protection method, the intelligent contract is used for uplink of full-life-cycle behaviors such as private data registration, private data application inquiry, private data authorization, private data inquiry and the like.
The system of the method for protecting data privacy based on the block chain and the authority contract is structurally characterized by comprising the following functional modules:
1) a private data registration module: the method is used for registering the private data, saving the private data to the block chain and forming a private data catalog.
2) Private data application auditing module: the method is used for the data user to apply for the private data access and the use authority, and is used for the data owner to check the use and the access application of the private data.
3) The privacy data authority control module: for private data access authorization and usage authorization, data authorization code generation and verification functions.
4) The private data query module: is used for inquiring the privacy data on the block chain and providing the encryption and decryption functions of the data.
5) A behavior management module: the method is used for recording the full-life-cycle behavior information such as private data registration, private data application inquiry, private data authorization, private data inquiry and the like, and recording the behavior information to the block chain.
6) A message module: the method and the device are used for pushing messages such as private data application messages, private data auditing result information, private data access information and the like.
The system and the method are adopted, block link tamper resistance and a cryptographic technology are fully combined, a special authority control contract is provided for governing the interception rule of relevant access of private data, a private data directory is provided under the condition that the security of the private data is guaranteed, a user can quickly locate the required data, the application for using the private data and the authorization code are applied, and the validity periods of the data query rule and the authorization code are set, so that the security of the private data is guaranteed.
Drawings
FIG. 1 is a schematic flow chart of a data privacy protection method according to the present invention;
FIG. 2 is a functional block diagram of a data privacy protection system according to the present invention;
FIG. 3 is a schematic diagram of a private data store in an embodiment of the invention;
FIG. 4 is a schematic diagram illustrating a flow of authorizing private data according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a principle of a private data right control function according to an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings, and descriptions of some well-known general functions and constructions will be omitted.
Fig. 1 is a schematic flow diagram of a data privacy protection method based on a block chain and a permission contract according to the present invention, and the embodiment of the present invention is applicable to private data registration, private data application, private data usage, storage of private data in the block chain, and private data usage. This embodiment needs to be implemented in conjunction with a blockchain network and a software system, which is embodied by the presentation.
A method for data privacy protection based on a blockchain and a privilege contract in an embodiment of the present invention is further described below with reference to fig. 1, where the method includes the following steps:
step S101: the encrypted private data is stored on the block chain by a data verification contract, and a private data directory is formed under the chain.
Firstly, obtaining a digital fingerprint of data by the private data through a Hash algorithm, wherein the digital fingerprint is used for verifying whether the private data is tampered; the private data is encrypted for the first time through a platform key to obtain an encrypted ciphertext, then the encrypted ciphertext is subjected to asymmetric encryption for the second time through a public key of a user, and the ciphertext subjected to encryption for the second time and a corresponding digital fingerprint are stored on a block chain through a data storage certification contract; after the private data are successfully stored in the block chain, the data fingerprints and the basic information of the private data contain information such as private data names, private data unique identifiers and private data descriptions, but do not contain the private data, and the information is stored in the structured data to form a private data directory, so that a data user can conveniently locate the private data. In the process that the whole private data is stored in the block chain, the encrypted ciphertext is stored in the whole private data process, the encrypted ciphertext is encrypted for two times, the encrypted ciphertext for the first time is in the hands of an owner, a system is not stored, and even if a block chain node is violently accessed, the original content of the private data cannot be taken, so that the safety of the private data is guaranteed.
After the private data are successfully stored, the information such as the transaction hash value, the private data unique identifier, the private data name and the like is stored in the structured data as the basic information of the data directory and is opened to users in the system, so that the data are quickly located, the data directory does not relate to the private data content information, the risk of leakage does not exist, and the data directory is combined with behavior records to realize the private data ownership registration, so that the basis for guaranteeing the private data stream transfer and sharing and promoting the business collaborative tamping is realized under the condition of ensuring the data safety.
In summary, the attributes of the private data should include: the private data name, the private data unique identifier and the private data description. The private data directory attributes should include: directory entry ID, private data name, private data description, time to deposit certificate, transaction hash value.
Step S102: the user inquires out the required data through the private data directory, and puts forward a data use application to the owner through a private data application contract, and the system sends application information to the owner.
When a data user applies for private data, application information of the user is recorded into a block chain as an application behavior through intelligent behavior dating, and data support is provided for behavior tracing.
Step S103: and after the owner obtains the application, the owner authorizes the use authority of the data to the user or refuses the application through the intelligent authorization contract, records the authorization information behavior to the block chain, generates an authorization code after the privacy data authorization passes, and sends the authorization code to the user.
And the data owner receives the application information and then audits the application, after the audit is approved, the system generates a unique data use authorization code through an encryption algorithm according to the unique identification of the private data and the public key of the applicant, the applicant cannot obtain use authorization if the audit does not pass, and the system sends audit result information to the applicant. The data user sets the access authority of the applicant, for example, sets the validity period of data access, the access times and the like, the association relation between the access authority and the authorization code is stored on the block chain through an intelligent contract, the use right, ownership and safety of the private data are guaranteed, and the system sends the authorization code to the user.
The data authorization code is encrypted in an ASE encryption mode, an encryption key K is a public key of a data applicant, the encrypted content P is a unique private data identifier, a user ID of a data user and authorization information (data access validity period and access times), a ciphertext is obtained after encryption in the ASE encryption mode, and the ciphertext is used as the data authorization code.
Step S104: when a user access privacy data request is acquired, firstly intercepting the access request through an authority control contract, judging whether the user has access authority or not through an authorization code and an access rule, recording illegal access behaviors of the user into a block chain when the user does not have the access authority, and sending the illegal access behaviors to an owner in a message form.
The authority control contract intercepts the illegal calling of the contract function, the authority control of private data access can be easily realized through the management of the data authorization code, the user and the resource, a data owner can adjust the authorization information of the data authorization code at any time, the authority can be changed to be effective in real time, and the authority control contract function schematic diagram is shown in detail in figure 5.
Step S105: after the verification of the authority control contract, the contract owner is inquired through the private data to decrypt the private data and obtain the original data, the public key of the requester is used for encrypting the original data, and the encrypted private data ciphertext is returned.
When a user inquires private data through a data use authorization code, firstly, an authority control contract intercepts a data inquiry request, and the authority control contract checks the validity of the authorization code; after the validity check of the authorization code passes, the authority control contract continuously checks authorization information of the authorization code; after the authorization code authorization information check is passed, the system analyzes the data unique identifier in the authorization code through the public key of the user; inquiring a secret text of the private data through a data inquiry contract through the unique data identifier, and firstly decrypting for the first time through a secret key of the platform to obtain data after the private data is encrypted for the first time; and after the data owner acquires the data encrypted for the first time on the block chain, the data is decrypted for the second time by using the private key of the data owner to acquire plaintext data of the private data, the private data is encrypted by using the public key of the applicant to obtain a ciphertext, and the ciphertext is sent to the user. The encryption algorithm related in the step is asymmetric encryption, and commonly used asymmetric encryption algorithms such as the SM2 secret are supported.
According to the technical scheme, the privacy data ciphertext subjected to secondary encryption is stored to the block chain network through the intelligent contract for evidence storage, data storage is successfully correlated with a transaction hash value through the privacy data directory, and through the use of combining the data authorization code through behavior chaining, the privacy data can be rapidly positioned, and the whole-process traceability of the privacy data can be ensured. In the embodiment, illegal access and authority control are intercepted in the authority control contract, so that the authorization strategy can be modified at any time while the data security is ensured, and the authorization strategy can take effect in real time.
Fig. 2 is a schematic diagram of a system functional architecture in the embodiment, and the main functions include the following:
s201: a private data registration module: the system comprises a block chain, a private data directory and a database, wherein the block chain is used for storing private data; in the embodiment, a user fills in a private data name, private data description and private data content, and clicks a save button, the system firstly listens a hash algorithm to obtain a hash value of the private data as a digital fingerprint, a function is built in the system to obtain a unique identifier for a current private data code, the private data is encrypted for the first time through a private key of the user to obtain a ciphertext of the private data, the ciphertext together with the unique code, the digital fingerprint, the private data name, the private data description and user information is packaged into transaction content, a data storage contract is called, the private data is stored into a block chain network, and after the transaction is successful, the system stores the transaction hash value, the unique identifier of the private data, the private data name, the private data description and the user information into a private data directory as basic information of the directory.
S202: private data application auditing module: the system is used for a data user to apply for private data access and use permission and for a data owner to verify the use and access application of the private data; a data user locates required privacy data through a data privacy directory, fills in an application reason through an application function in the embodiment, and after a submission button is clicked, the system stores the application reason and basic directory information into a database to form application information, and the system informs a data owner in the form of in-station information; and checking the application information after the data owner logs in the system, checking the application information, and if the owner refuses the application, finishing the application and ensuring that the owner cannot acquire the private data.
S203: the privacy data authority control module: the functions of access authorization and use authorization for private data, generation of data authorization code and verification;
it should be noted that, after the application for privacy use is approved, the data owner authorizes the data user through this function, in this embodiment, the data owner controls the access right of the privacy data by setting the data use validity period and the data use times, and the data authorization code carrier may enable the two-dimensional code to be also a url address.
S204: the private data query module: the system is used for inquiring the private data on the blockchain and providing the encryption and decryption functions of the data; the method comprises the steps that a user inputs a data authorization code in a system, the system analyzes data resource information in the authorization code through a decryption algorithm through a public key of the user, the access authority is verified through an authorization control module, after the verification is passed, the system obtains a transaction hash value of private data through a private data unique identifier through a query directory, a ciphertext of the private data is queried on a block chain through a query contract, plaintext information of the private data is obtained through secondary decryption, the system encrypts the private data again through the public key of a data user through an asymmetric encryption method to obtain a ciphertext of the private data, and the ciphertext is sent to the data user. The privacy data in the privacy data query module are transmitted in a ciphertext mode in the whole process, so that the security of the privacy data is improved.
S205: a behavior management module: the system is used for recording the full-life-cycle behavior information such as private data registration, private data application inquiry, private data authorization, private data inquiry and the like, and recording the behavior information to a block chain;
s206: a message module: the method is used for pushing messages such as private data application messages, private data auditing result information, private data access information and the like; the introduction of the message module can inform a data owner of the use condition of the private data and the illegal access condition of the private data in time, so that the data owner can acquire the safety information of the data and the use information of the data in time.
It should be noted that, in the system for protecting the private data based on the block chain and the authority contract, all the operation behaviors of the private data in the system are stored in the block chain through the behavior contract, so that support is provided for tracing the whole life cycle of the private data, data is provided for auditing the private data, and the security of the private data is enhanced.
Fig. 3 is a schematic diagram of private data storage in this embodiment, and the specific steps are as follows:
s301: and logging in the system by the data owner, and inputting the name of the private data, the description of the private data and the private data.
S302: and clicking and storing, and generating a unique identifier for the private data by the system through an encoding function.
S303: the system obtains the hash value of the private data through a hash function to the private data, and the hash value is used as the digital fingerprint.
S304: and encrypting the private data for the first time through the public key of the user to obtain a ciphertext encrypted for the first time.
S305: and the encrypted ciphertext encrypted for the first time is encrypted for the second time through the system to obtain the ciphertext encrypted for the second time.
S306: and the encrypted ciphertext, the unique identifier and the data fingerprint information of the second time are stored successfully on a block chain network stored by the intelligent contract and returned to the transaction hash.
S307: and (5) the transaction is failed to be stored, error information is returned, and the process is ended.
S308: the system adds a private data directory to the transaction hash value, the private data unique identifier, the private data name and the like which do not contain the private data, and links blocks for storing the behavior information.
Fig. 4 is a schematic diagram of authorization of private data in this embodiment, which includes the following specific steps:
s401: the data user applies for the use of the data,
s402: the system records the application behavior onto the blockchain.
S403: the system sends an application message to the data owner.
S404: and the data owner reviews the application information.
S405: and if the application is not passed, the system records the auditing behavior to the block chain, and the process is ended.
S406: the application is that the system links the blocks of the authorization information record by setting the access rule of the private data and the access validity period or the access times.
S407: the system generates a data authorization code and sends a message to a data applicant, the system records an authorization behavior on the block chain, and the process is finished.
Fig. 5 is a schematic diagram of a contract-based private data authority control function principle in this embodiment, and the specific steps are as follows:
s501: and inquiring the private data, and calling a private data inquiry contract by a data user.
S502: and judging the authority, wherein an interceptor implanted in the private data query contract inquires the authority control contract whether the user has the authority to invoke the query contract.
S503: and the authority layer is used for inquiring the authorization information of the private data through the authentication request.
Furthermore, when a data user invokes a private data query contract, an interceptor embedded in the private data query contract queries whether the user has an authority to invoke the query contract from an authority control contract, and an authority layer serves a specific authentication function. The data owner can modify the authority rules at any time in the authority layer, and the authority rules take effect after modification is completed, so that the security of the private data is enhanced.
The above-mentioned embodiments are illustrative of the method of the present invention in more detail, and are not intended to limit the scope of the present application. Any modification, equivalent replacement or improvement made based on the idea and principle of the present invention shall fall within the protection scope of the present application.
When the method is used, the authority control contract is used for governing the interception rule of the contract related to the private data, the authority contract is only operated for modifying the rule, the business contract does not need to be adjusted, and the modification can take effect in real time. The method comprises the steps of providing a private data directory under the condition of ensuring the safety of private data to enable a user to quickly locate required data, generating a private data access authorization code through a system by utilizing a public key of an applicant and a unique identifier of the private data after the owner passes authorization through a private data use application, and setting a data query rule and the validity period of the authorization code. The access behavior of the private data is linked up in the whole course through the behavior intelligent contract, a data owner can inquire whether the data is used or not at any time and can use the data by who, and the method of determining whether the data is used or not can greatly increase the transparency of the private data of the user, so that the user has great confidence and trust on the safety of the private data stored on a platform. The invention notifies the data owner in time through the data use application information and the data illegal access information of the message notification module.
Claims (7)
1. A method for data privacy protection based on a blockchain and an authority contract is used for data privacy protection and comprises the following steps:
1) the encrypted private data is stored in a block chain through a data storage contract, and a private data directory is formed under the chain;
2) a user inquires out required data through a private data directory, and provides a data use application to an owner through a private data application contract, and a system sends application information to the owner;
3) after acquiring the application, the owner authorizes the use authority of the data or refuses the application to the user through an authorized intelligent contract, records the behavior of the authorization information to the block chain, generates an authorization code after the privacy data passes the authorization, and sends the authorization code to the user;
4) when a user access privacy data request is acquired, firstly intercepting the access request through an authority control contract, judging whether the user has access authority or not through an authorization code and an access rule, recording illegal access behaviors of the user into a block chain when the user does not have the access authority, and sending the illegal access behaviors to an owner in a message form;
5) after the verification of the authority control contract, inquiring the contract owner through the private data to decrypt the private data and obtain the original data, encrypting the original data by using the public key of the requester and returning the encrypted private data.
2. A method of data privacy protection as claimed in claim 1 wherein: the method comprises the steps that firstly, a digital fingerprint of data is obtained through a hash algorithm, and the digital fingerprint is used for verifying whether the private data is tampered; the private data is encrypted for the first time through a platform key to obtain an encrypted ciphertext, then the encrypted ciphertext is subjected to asymmetric encryption for the second time through a public key of a user, and the ciphertext subjected to encryption for the second time and a corresponding digital fingerprint are stored on a block chain through a data storage certification contract; after the private data are successfully stored in the block chain, the data fingerprints and the basic information of the private data contain information such as private data names, private data unique identifiers and private data descriptions, but do not contain the private data, and the information is stored in the structured data to form a private data directory, so that a data user can conveniently locate the private data.
3. A method of data privacy protection as claimed in claim 1 wherein: the user inquires out the required data index information through the private data directory and provides a data use application to the system according to the requirement; the system informs the data owner of the application information in the form of a message; the data owner receives the application information and then audits the application, after the audit is approved, the system generates a unique data use authorization code through an encryption algorithm according to the unique identification of the private data and the public key of the applicant, if the audit does not pass through the applicant, the use authorization cannot be obtained, and the system sends audit result information to the applicant; the data user sets the access authority of the applicant, for example, sets the validity period of data access, the access times and the like, the association relation between the access authority and the authorization code is stored on the block chain through an intelligent contract, the use right, ownership and safety of the private data are guaranteed, and the system sends the authorization code to the user.
4. A method of data privacy protection as claimed in claim 1 wherein: when the user inquires the private data through the data use authorization code, firstly, the authority control contract intercepts the data inquiry request, and the authority control contract checks the validity of the authorization code; after the validity check of the authorization code passes, the authority control contract continuously checks authorization information of the authorization code; after the authorization code authorization information check is passed, the system analyzes the data unique identifier in the authorization code through the public key of the user; inquiring a secret text of the private data through a data inquiry contract through the unique data identifier, and firstly decrypting for the first time through a secret key of the platform to obtain data after the private data is encrypted for the first time;
and after the data owner acquires the data encrypted for the first time on the block chain, the data is decrypted for the second time by using the private key of the data owner to acquire plaintext data of the private data, the private data is encrypted by using the public key of the applicant to obtain a ciphertext, and the ciphertext is sent to the user.
5. The method of data privacy protection as claimed in claim 4 wherein: the authority control contract is used for governing the interception rule of the contract related to the private data, the authority contract is only operated for modifying the rule, other contracts do not need to be adjusted, and the modification can be effective in real time.
6. A method of data privacy protection as defined in claim 1, wherein: the intelligent contract is used for chaining of full-life-cycle behaviors such as private data registration, private data application inquiry, private data authorization and private data inquiry.
7. The system of block chain and privilege contract-based data privacy protection method as claimed in claim 1, which comprises the following functional modules:
1) a private data registration module: the system comprises a block chain, a private data directory and a database, wherein the block chain is used for storing private data;
2) private data application auditing module: the system is used for a data user to apply for private data access and use permission and for a data owner to verify the use and access application of the private data;
3) the privacy data authority control module: the functions of access authorization and use authorization for private data, generation of data authorization code and verification;
4) the private data query module: the system is used for inquiring the private data on the blockchain and providing the encryption and decryption functions of the data;
5) a behavior management module: the system is used for recording the full-life-cycle behavior information such as private data registration, private data application inquiry, private data authorization, private data inquiry and the like, and recording the behavior information to a block chain;
6) a message module: the method and the device are used for pushing messages such as private data application messages, private data auditing result information, private data access information and the like.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110376392.1A CN113420319A (en) | 2021-04-08 | 2021-04-08 | Data privacy protection method and system based on block chain and permission contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110376392.1A CN113420319A (en) | 2021-04-08 | 2021-04-08 | Data privacy protection method and system based on block chain and permission contract |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113420319A true CN113420319A (en) | 2021-09-21 |
Family
ID=77711887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110376392.1A Pending CN113420319A (en) | 2021-04-08 | 2021-04-08 | Data privacy protection method and system based on block chain and permission contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420319A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468605A (en) * | 2021-09-02 | 2021-10-01 | 江苏荣泽信息科技股份有限公司 | File offline storage system based on block chain |
| CN113987577A (en) * | 2021-10-28 | 2022-01-28 | 浪潮卓数大数据产业发展有限公司 | Authorization method, device and storage medium based on local database |
| CN114358764A (en) * | 2021-11-15 | 2022-04-15 | 深圳众联数字科技有限公司 | Privacy calculation method based on intelligent contracts in block chain and related equipment |
| CN114531247A (en) * | 2022-04-22 | 2022-05-24 | 北京中宇万通科技股份有限公司 | Data sharing method, device, equipment, storage medium and program product |
| CN114553436A (en) * | 2022-02-23 | 2022-05-27 | 山东省计算中心(国家超级计算济南中心) | Data security sharing and privacy protection method and system for intelligent medical engineering |
| CN115051849A (en) * | 2022-06-08 | 2022-09-13 | 联通(四川)产业互联网有限公司 | Digital judicial evidence storing method, evidence storing device and readable storage medium |
| CN115828320A (en) * | 2022-11-17 | 2023-03-21 | 昆仑数智科技有限责任公司 | Authority control method and device of knowledge result information and electronic equipment |
| WO2023115502A1 (en) * | 2021-12-24 | 2023-06-29 | Huawei Technologies Co., Ltd. | System, apparatus and method for data management |
| CN116842546A (en) * | 2023-07-14 | 2023-10-03 | 临沂大学 | Distributed data access authorization and data service method and device, equipment and medium |
| CN117034326A (en) * | 2023-10-08 | 2023-11-10 | 园信(北京)科技有限公司 | Block chain-based super zip code using method, device and system and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
| CN109214197A (en) * | 2018-08-14 | 2019-01-15 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of private data are handled based on block chain |
| CN110046521A (en) * | 2019-04-24 | 2019-07-23 | 成都派沃特科技股份有限公司 | Decentralization method for secret protection |
| CN110473094A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN111222167A (en) * | 2020-04-23 | 2020-06-02 | 同方股份有限公司 | Private data access method based on block chain and explicit authorization mechanism |
| CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
| CN111935208A (en) * | 2020-06-28 | 2020-11-13 | 布比(北京)网络技术有限公司 | Block chain private data sharing method and device, computer equipment and storage medium |
-
2021
- 2021-04-08 CN CN202110376392.1A patent/CN113420319A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109214197A (en) * | 2018-08-14 | 2019-01-15 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of private data are handled based on block chain |
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
| CN110046521A (en) * | 2019-04-24 | 2019-07-23 | 成都派沃特科技股份有限公司 | Decentralization method for secret protection |
| CN110473094A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
| CN111222167A (en) * | 2020-04-23 | 2020-06-02 | 同方股份有限公司 | Private data access method based on block chain and explicit authorization mechanism |
| CN111935208A (en) * | 2020-06-28 | 2020-11-13 | 布比(北京)网络技术有限公司 | Block chain private data sharing method and device, computer equipment and storage medium |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468605A (en) * | 2021-09-02 | 2021-10-01 | 江苏荣泽信息科技股份有限公司 | File offline storage system based on block chain |
| CN113987577A (en) * | 2021-10-28 | 2022-01-28 | 浪潮卓数大数据产业发展有限公司 | Authorization method, device and storage medium based on local database |
| CN113987577B (en) * | 2021-10-28 | 2024-05-31 | 浪潮卓数大数据产业发展有限公司 | Authorization method, device and storage medium based on local database |
| CN114358764A (en) * | 2021-11-15 | 2022-04-15 | 深圳众联数字科技有限公司 | Privacy calculation method based on intelligent contracts in block chain and related equipment |
| WO2023115502A1 (en) * | 2021-12-24 | 2023-06-29 | Huawei Technologies Co., Ltd. | System, apparatus and method for data management |
| CN114553436A (en) * | 2022-02-23 | 2022-05-27 | 山东省计算中心(国家超级计算济南中心) | Data security sharing and privacy protection method and system for intelligent medical engineering |
| CN114553436B (en) * | 2022-02-23 | 2022-11-04 | 山东省计算中心(国家超级计算济南中心) | Data security sharing and privacy protection method and system for intelligent medical engineering |
| CN114531247A (en) * | 2022-04-22 | 2022-05-24 | 北京中宇万通科技股份有限公司 | Data sharing method, device, equipment, storage medium and program product |
| CN115051849A (en) * | 2022-06-08 | 2022-09-13 | 联通(四川)产业互联网有限公司 | Digital judicial evidence storing method, evidence storing device and readable storage medium |
| CN115828320A (en) * | 2022-11-17 | 2023-03-21 | 昆仑数智科技有限责任公司 | Authority control method and device of knowledge result information and electronic equipment |
| CN115828320B (en) * | 2022-11-17 | 2023-09-19 | 昆仑数智科技有限责任公司 | Authority control method and device for knowledge result information and electronic equipment |
| CN116842546A (en) * | 2023-07-14 | 2023-10-03 | 临沂大学 | Distributed data access authorization and data service method and device, equipment and medium |
| CN116842546B (en) * | 2023-07-14 | 2024-08-23 | 临沂大学 | Distributed data access authorization and data service method and device, equipment and medium |
| CN117034326A (en) * | 2023-10-08 | 2023-11-10 | 园信(北京)科技有限公司 | Block chain-based super zip code using method, device and system and electronic equipment |
| CN117034326B (en) * | 2023-10-08 | 2024-01-30 | 园信(北京)科技有限公司 | Block chain-based super zip code using method, device and system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113420319A (en) | Data privacy protection method and system based on block chain and permission contract | |
| CN110855671B (en) | Trusted computing method and system | |
| CN110879897B (en) | Block chain-based power data security protection method | |
| US8799981B2 (en) | Privacy protection system | |
| CN114117522B (en) | Internet of vehicles data sharing implementation method based on block chain and trusted execution environment | |
| US6483920B2 (en) | Key recovery process used for strong encryption of messages | |
| US6751735B1 (en) | Apparatus for control of cryptography implementations in third party applications | |
| US20020046350A1 (en) | Method and system for establishing an audit trail to protect objects distributed over a network | |
| US6701433B1 (en) | Method and apparatus for escrowing properties used for accessing executable modules | |
| CN114329529A (en) | Asset data management method and system based on block chain | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN102546660A (en) | Digital rights protection method supporting dynamic licensing authorization | |
| CN115567312B (en) | Alliance chain data authority management system and method capable of meeting various scenes | |
| CN114826702B (en) | Database access password encryption method and device and computer equipment | |
| CN115396096A (en) | Encryption and decryption method and protection system for secret file based on national cryptographic algorithm | |
| CN111597583A (en) | Data sharing and exchanging method based on block chain | |
| CN111444268A (en) | Data encryption method based on block chain | |
| CN113486082B (en) | Outsourcing data access control system based on block chain | |
| CN113328860A (en) | Block chain-based user privacy data security providing method | |
| CN115021927B (en) | Administrator identity management and control method and system for cryptographic machine cluster | |
| Aljahdali et al. | Efficient and Secure Access Control for IoT-based Environmental Monitoring | |
| CN115665145A (en) | Sensitive data management system and method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |