CN113449338B

CN113449338B - Information encryption storage method and system based on block chain

Info

Publication number: CN113449338B
Application number: CN202110725687.5A
Authority: CN
Inventors: 苏许栋
Original assignee: Youlai Beijing Technology Co ltd
Current assignee: Youlai Beijing Technology Co ltd
Priority date: 2021-06-29
Filing date: 2021-06-29
Publication date: 2024-07-26
Anticipated expiration: 2041-06-29
Also published as: CN113449338A

Abstract

The invention discloses a block chain-based information encryption storage method and a block chain-based information encryption storage system, wherein the method comprises the following steps: the method comprises the steps that a first terminal receives login information and sends the login information to a cloud server for verification, if verification is passed, the sensitive information input by a user is encrypted to obtain encrypted sensitive information, the encrypted sensitive information is sent to the cloud server, the cloud server uploads the encrypted sensitive information to a blockchain network for segmented storage, a second terminal receives the user login information and sends the user login information to the cloud server for verification, if verification is passed, an information acquisition request is generated and sent to the cloud server, the cloud server acquires encrypted information corresponding to the information acquisition request and feeds the encrypted information back to the second terminal, and the second terminal decrypts the encrypted information according to the user login information to obtain decrypted sensitive information. The invention belongs to the technical field of block chain encryption, and can encrypt and upload the sensitive information to a block chain network for segmented storage, so that the sensitive information of a user is prevented from being leaked, and the security of storing the sensitive information of the user is improved.

Description

Information encryption storage method and system based on block chain

Technical Field

The invention relates to the technical field of block chain encryption, belongs to an application scene for encrypting and storing information based on a block chain network in a smart city, and particularly relates to an information encryption and storage method and system based on a block chain.

Background

With the development of information technology, more and more services can be handled online in the internet, and the online handling of services on the internet often involves the use of user sensitive information, so as to avoid information leakage in the process of acquiring the user sensitive information, the user sensitive information can be encrypted and stored by an encryption method, however, the conventional technical method generally adopts parameter encryption and database storage, and the manner leads to easy leakage of the user sensitive information and lower security of information storage. Therefore, the user sensitive information storage method in the prior art method has the problem of lower security.

Disclosure of Invention

The embodiment of the invention provides a blockchain-based information encryption storage method and a blockchain-based information encryption storage system, which aim to solve the problem of low security of a user sensitive information storage method in the prior art.

In a first aspect, an embodiment of the present invention provides a blockchain-based information encryption storage method, including:

If the first terminal receives login information input by a user, sending the login information to the cloud server to obtain a verification result obtained by verifying the login information by the cloud server;

If the first terminal receives the verification result fed back by the cloud server as verification passing, encrypting the sensitive information input by the user according to a preset encryption rule and the login information to obtain encrypted sensitive information, and sending the encrypted sensitive information to the cloud server;

if the cloud server receives the encryption sensitive information, uploading the encryption sensitive information to the blockchain network for segmented storage;

If the second terminal receives user login information input by a user, the user login information is sent to the cloud server to obtain a verification result obtained by verifying the user login information by the cloud server;

if the second terminal receives the verification result fed back by the cloud server as verification passing, sending an information acquisition request corresponding to the user login information to the cloud server;

If the cloud server receives the information acquisition request, acquiring encryption information matched with the information acquisition request from the blockchain network and feeding the encryption information back to the second terminal;

And if the second terminal receives the encrypted information fed back by the cloud server according to the information acquisition request, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information.

In a second aspect, an embodiment of the present invention provides a blockchain-based information encryption storage system, which includes a first terminal, a second terminal, and a blockchain network, where the first terminal and the second terminal are connected to a cloud server in the blockchain network through a network to transmit data information;

the first terminal is used for:

If login information input by a user is received, sending the login information to the cloud server to obtain a verification result obtained by verifying the login information by the cloud server;

If the verification result fed back by the cloud server is verification passing, encrypting the sensitive information input by the user according to a preset encryption rule and the login information to obtain encrypted sensitive information, and sending the encrypted sensitive information to the cloud server;

The cloud server is used for:

if the encryption sensitive information is received, uploading the encryption sensitive information to the blockchain network for segmented storage;

if the information acquisition request is received, acquiring encryption information matched with the information acquisition request from the blockchain network and feeding back the encryption information to the second terminal;

The second terminal is used for:

if user login information input by a user is received, the user login information is sent to the cloud server to obtain a verification result obtained by verifying the user login information by the cloud server;

If the verification result fed back by the cloud server is verification passing, sending an information acquisition request corresponding to the user login information to the cloud server;

and if the encrypted information fed back by the cloud server according to the information acquisition request is received, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information.

In a third aspect, an embodiment of the present invention further provides a blockchain-based information encryption storage system, including a first terminal, a second terminal, and a blockchain network, where the first terminal and the second terminal are connected to a cloud server in the blockchain network through a network for transmitting data information, the first terminal includes a first memory, a first processor, and a first computer program stored on the first memory and executable on the first processor, the second terminal includes a second memory, a second processor, and a second computer program stored on the second memory and executable on the second processor, and the cloud server includes a third memory, a third processor, and a third computer program stored on the third memory and executable on the third processor, where the first processor executes the first computer program, the second processor executes the second computer program, and the third processor executes the third computer program to implement the blockchain-based encryption method together.

In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores a first computer program, a second computer program, or a third computer program, where the blockchain-based information encryption storage method according to the first aspect is implemented jointly when the first computer program is executed by a first processor, the second computer program is executed by a second processor, and the third computer program is executed by a third processor.

The embodiment of the invention provides a block chain-based information encryption storage method and system. The method comprises the steps that a first terminal receives login information and sends the login information to a cloud server for verification, if verification is passed, the sensitive information input by a user is encrypted to obtain encrypted sensitive information, the encrypted sensitive information is sent to the cloud server, the cloud server uploads the encrypted sensitive information to a blockchain network for segmented storage, a second terminal receives the user login information and sends the user login information to the cloud server for verification, if verification is passed, an information acquisition request is generated and sent to the cloud server, the cloud server acquires encrypted information corresponding to the information acquisition request and feeds the encrypted information back to the second terminal, and the second terminal decrypts the encrypted information according to the user login information to obtain decrypted sensitive information. By the method, the sensitive information can be encrypted and uploaded to the blockchain network for segmented storage, so that the sensitive information of the user is prevented from being leaked, and the safety of storing the sensitive information of the user is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flowchart of a block chain based information encryption storage method according to an embodiment of the present invention;

Fig. 2 is an application scenario schematic diagram of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 3 is a schematic sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of another sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of another sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of another sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of another sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of another sub-flowchart of a blockchain-based information encryption storage method according to an embodiment of the present invention;

FIG. 9 is a schematic block diagram of a blockchain-based information encryption storage system provided by an embodiment of the present invention;

Fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.

Referring to fig. 1 and fig. 2, fig. 1 is a flow chart of a block chain-based information encryption storage method according to an embodiment of the invention; fig. 2 is an application scenario schematic diagram of a blockchain-based information encryption storage method according to an embodiment of the present invention; the blockchain-based information encryption storage method is applied to a blockchain-based information encryption storage system, the system comprises a first terminal 10, a second terminal 20 and a blockchain network 30, the method is executed through application software installed in cloud servers 31 of the first terminal 10, the second terminal 20 and the blockchain network 30, the first terminal 10 and the second terminal 20 are simultaneously connected with the cloud servers 31 in the blockchain network 30 through networks to transmit data information, and the first terminal 10 is terminal equipment, such as a desktop computer, a notebook computer, a tablet computer or a mobile phone, for receiving login information and sensitive information and carrying out encryption processing on the sensitive information; the second terminal 20 is a terminal device for receiving user login information and decrypting the received encrypted information, such as a desktop computer, a notebook computer, a tablet computer or a mobile phone, etc., the blockchain network 30 is a data processing network composed of a plurality of terminal devices and a cloud server 31 based on intelligent contracts in the internet, and the cloud server 31 is a server terminal accessing the blockchain network and processing information input by the first terminal 10 and the second terminal 20 to provide corresponding services, such as a server constructed by an enterprise or a government department. As shown in fig. 1, the method includes steps S110 to S170.

And S110, if the first terminal receives login information input by a user, sending the login information to the cloud server to obtain a verification result obtained by verifying the login information by the cloud server.

And if the first terminal receives login information input by a user, sending the login information to the cloud server to obtain a verification result obtained by verifying the login information by the cloud server. The user can input login information to the first terminal, the first terminal can send the login information input by the user to the cloud server for verification, specifically, password information corresponding to each registered user is stored in the cloud server, and whether the login password in the login information is identical to the password information corresponding to the user stored in the cloud server or not can be verified, so that whether the login information passes verification is verified. If the verification result of the login information is that verification is passed, continuing to execute subsequent steps, and if the verification result is that verification is not passed, feeding back prompt information that verification is not passed to the first terminal by the cloud server.

And S120, if the first terminal receives the verification result fed back by the cloud server as verification passing, encrypting the sensitive information input by the user according to a preset encryption rule and the login information to obtain encrypted sensitive information, and sending the encrypted sensitive information to the cloud server.

And if the verification result received by the first terminal is verification passing, encrypting the sensitive information input by the user according to a preset encryption rule and the login information to obtain encrypted sensitive information, and sending the encrypted sensitive information to the cloud server. The verification result of the login information is that verification is passed, the first terminal can receive sensitive information input by a user, the sensitive information can be information including personal privacy such as an identity card number, a mobile phone number, an address, a bank card number and the like of the user, the sensitive information input by the user can be encrypted according to an encryption rule and the login information to obtain corresponding encrypted sensitive information, the encryption rule is a specific rule for encrypting the sensitive information, and the login information can be used as a secret key and identification information corresponding to the user in the encrypted sensitive information.

In one embodiment, as shown in FIG. 3, step S120 includes substeps S121, S122, S123, and S124.

S121, splitting the sensitive information according to the dimension types contained in the encryption rule to obtain split information corresponding to each dimension type.

The encryption rule comprises a plurality of dimension types, sensitive information can be split according to the dimension types to obtain split information corresponding to each dimension type, if the dimension types can be identity card numbers, mobile phone numbers, addresses, bank card numbers and the like, the information corresponding to each dimension type can be respectively obtained from the sensitive information to serve as corresponding split information.

S122, generating a dimension encryption key corresponding to each dimension type according to the login information and the dimension identification of each dimension type.

Each dimension type also corresponds to a dimension identifier, a corresponding dimension encryption key can be generated according to login information and the dimension identifier of each dimension type, specifically, login information comprises login passwords, each dimension type corresponds to a dimension identifier, the dimension identifiers are English letters, if the dimension identifier corresponding to an identity card number is SFZH, the login passwords and each dimension identifier can be combined and then hexadecimal conversion is carried out based on ASCII codes, so that a dimension encryption key corresponding to each dimension type is obtained, and the obtained dimension encryption key is 16 bytes (128 bits) or 32 bytes (256 bits).

S123, respectively carrying out encryption processing on the split information corresponding to the corresponding dimension type according to the encryption rule and each dimension encryption key to obtain encryption split information corresponding to each dimension type.

Each dimension encryption key corresponds to one dimension type, each dimension type corresponds to one piece of split information, and the split information of the dimension type corresponding to each dimension encryption key can be respectively encrypted according to encryption rules and each dimension encryption key to obtain encrypted split information corresponding to each dimension type.

In one embodiment, as shown in FIG. 4, step S123 includes sub-steps S1231, S1232, and S1233.

S1231, performing code conversion on each piece of split information according to the code conversion information in the encryption rule to obtain a corresponding code character string.

Specifically, the split information can be respectively subjected to code conversion according to the code conversion information in the encryption rule, specifically, the character type of each split information can be judged, if the character type of the split information is number, letter or combination of number and letter, hexadecimal code conversion can be performed through basic conversion codes in the code conversion information to obtain corresponding code character strings, the basic conversion codes can be ASCII codes, and if the character type of the split information is Chinese characters, hexadecimal code conversion can be performed through Chinese character conversion codes in the code conversion information to obtain corresponding code character strings, and the Chinese character conversion codes can be GB2312 codes.

S1232, performing key expansion according to the dimension encryption key corresponding to each dimension type to obtain an encryption key array corresponding to each dimension encryption key.

Because the encoding character string is required to be encrypted for multiple rounds in the encryption process, the dimension encryption key of each dimension type can be subjected to key expansion to obtain a corresponding encryption key array, and each round of encryption process can acquire a corresponding key value from the encryption key array to carry out encryption processing. Specifically, each dimension encryption key may be split, for example, a dimension encryption key of 16 bytes (128 bits) is split into four segments, each key segment containing 4 bytes (32 bits), i.e., W [0], W [1], W [2], W [3]. And (3) carrying out cyclic solution through the formula (1) and the formula (2) to sequentially obtain W [ j ], j=4 and 5 … … & lt 43 & gt, and combining the 44 key segments corresponding to each dimension type into a corresponding encryption key array.

Wherein g is the exclusive OR operation of the mapping result and a constant (RC [ j/4], 0) of 32bits after S-box mapping is performed on each byte in the key segment, wherein RC is a one-dimensional array, RC= {00,01,02,04,08,10,20,40,80,1B,36},I.e. the exclusive or operation identifier.

S1233, respectively carrying out encryption processing on the coded character strings corresponding to each encryption key array according to each encryption key array to obtain encryption split information corresponding to each coded character string.

Before round key addition is performed on the plaintext, the plaintext can be split into 16-byte plaintext fragments (if the encoded string is not greater than 16 bytes, the encoded string is not split, and is greater than the 16 bytes), each plaintext fragment is converted into a corresponding 4×4 matrix, and then exclusive-or operation is performed on each round key addition and the encryption key array of the corresponding dimension type. Specifically, each byte in the matrix is mapped by an S-box, the S-box is a preset 16×16 array, and the process of mapping the S-box can be represented by using formula (3):

S(2⁸)＝S[2⁴][2⁴] (3)；

Wherein a2 ⁸ is an original byte a mapped by the S box, the original byte a is represented by an 8-bit 2-level number, and S2 ⁴][2⁴ is a specific operation of obtaining a corresponding position value in the S box according to the original byte a. The former 2 ⁴ of S [2 ⁴][2⁴ ] represents the first 4-bit 2-ary number in the original byte a, and the latter 2 ⁴ represents the last 4-bit 2-ary number in the original byte a. For example, the process of S-box mapping the original byte 13 can be expressed as: s (13) =s1 ] [3].

And after each byte in the 4 multiplied by 4 matrix is mapped by an S box, performing row displacement and column confusion on the matrix obtained by mapping to obtain the finally processed encryption matrix. And combining one or more encryption matrixes corresponding to the same coding character string to obtain encryption split information corresponding to each coding character string.

S124, combining the encryption split information and the login information to obtain encryption sensitive information corresponding to the sensitive information.

Specifically, the encryption split information and the login information can be combined, the combined information comprises identification information corresponding to the login information, the identification information can be used for uniquely identifying the combined information, and the combined information is used as encryption sensitive information corresponding to the sensitive information and is sent to the cloud server.

In one embodiment, as shown in FIG. 5, step S124 includes sub-steps S1241 and S1242.

S1241, signature is carried out on the user identification information in the login information according to the signature rule in the encryption rule to obtain corresponding identification signature information.

Specifically, the signature may be performed on the user identification information in the login information according to a signature rule, where the user identification information is identification information in the login information that corresponds to the user uniquely, and once the user identification information is generated, the user identification information cannot be changed, and the user identification information may be formed by a number, a letter, or a combination of a number and a letter.

In this embodiment, i.e., hash (user identification information) =identification signature information, for example, hash (id= "0715443286317579") =0x57F 319BD30a72E9F3C63E8F10A7B29C6, i.e., hash operation is performed on the user identification information, a piece of digest information is obtained, and the digest information is the corresponding identification signature information. For messages of any length (calculated by bit), the SHA256 (secure hash algorithm 256) generates a 32 byte length data, and the SHA256 always treats the message as a bit string. When data information is received, digest information corresponding to the data information may be used to verify whether the data information has changed, i.e., to verify its integrity.

S1242, combining the identification signature information with each piece of encryption split information of the sensitive information, and taking the combined encryption combination information corresponding to each piece of encryption split information as the encryption sensitive information.

And combining the identification signature information with each piece of encryption split information of each piece of encryption sensitive information respectively, so that the identification signature information and one piece of encryption split information are combined to obtain corresponding encryption combined information, the encryption combined information corresponding to each piece of encryption split information can be combined to obtain corresponding encryption sensitive information, and the first terminal can send the obtained encryption sensitive information to the cloud server.

And S130, if the cloud server receives the encryption sensitive information, uploading the encryption sensitive information to the blockchain network for segmented storage.

And if the cloud server receives the encryption sensitive information, uploading the encryption sensitive information to the blockchain network for segmented storage. After receiving the encrypted sensitive information sent by the first terminal, the cloud server can store the encrypted sensitive information, in the embodiment, the encrypted sensitive information is stored in a manner of uploading the encrypted sensitive information to a blockchain network, and the encrypted sensitive information is stored in a distributed manner by the blockchain network, so that the encrypted sensitive information can be prevented from being tampered, and the safety and reliability of storing the encrypted sensitive information are greatly improved.

In one embodiment, as shown in FIG. 6, step S130 includes sub-steps S131 and S132.

S131, obtaining block link point information corresponding to each encryption combination information in a pre-stored node database according to the dimension type corresponding to each encryption combination information in the encryption information.

The node database is a database configured in the cloud server and used for storing the block chain link point information, the node database comprises node information corresponding to each dimension type, the block chain network comprises a plurality of storage channels, each storage channel corresponds to one dimension type, and each storage channel can store information of one dimension type. The encryption sensitive information comprises a plurality of encryption combined information, each encryption combined information corresponds to one dimension type, and then node information corresponding to the corresponding dimension type can be obtained from the node database as block link point information corresponding to each encryption combined information according to the dimension type corresponding to each encryption combined information.

And S132, uploading each piece of encryption combination information to the corresponding block chain node of the corresponding block chain link point information for storage according to the block chain node information.

According to the block chain link point information corresponding to each piece of encryption combined information, the block chain node information comprises the network address of the corresponding block chain node, and then each piece of encryption combined information is respectively uploaded to the block chain node corresponding to the corresponding block chain link point information for storage, namely the purpose of respectively carrying out distributed storage on each piece of encryption combined information is achieved, and as the encryption sensitive information is split into a plurality of pieces of encryption combined information to be respectively carried out distributed storage, the storage process is that the encryption sensitive information is stored in a segmented mode.

And S140, if the second terminal receives the user login information input by the user, sending the user login information to the cloud server to obtain a verification result obtained by verifying the user login information by the cloud server.

And if the second terminal receives user login information input by a user, sending the user login information to the cloud server to obtain a verification result obtained by verifying the user login information by the cloud server. The second terminal can also receive the user login information input by the user, and then the second terminal can send the user login information input by the user to the cloud server for verification, and specifically, the process of verifying the user login information is the same as the process of verifying the login information received by the first terminal. If the verification result of the user login information is verification passing, continuing to execute subsequent steps, and if the verification result is verification failing, feeding back prompt information of the verification failing to the second terminal by the cloud server.

And S150, if the second terminal receives the verification result fed back by the cloud server as verification passing, sending an information acquisition request corresponding to the user login information to the cloud server.

And if the second terminal receives the verification result fed back by the cloud server as verification passing, sending an information acquisition request corresponding to the user login information to the cloud server. If the verification result of the user login information is that the verification is passed, the second terminal can generate a corresponding information acquisition request based on the user login information and send the information acquisition request to the cloud server.

In one embodiment, as shown in FIG. 7, step S150 includes sub-steps S151 and S152.

And S151, signing the user identification information in the user login information according to the signing rule to obtain corresponding user identification signing information.

Specifically, the user identification information included in the user login information may be signed according to a signing rule, and a specific process of signing the user identification information of the user login information is the same as a process of signing the user identification information of the login information. The same method is adopted to sign the user identification information in the user login information, and then the corresponding user identification signature information can be obtained.

And S152, generating a corresponding information acquisition request according to the user identification signature information and sending the information acquisition request to the cloud server.

The corresponding information acquisition request may be generated based on the user identification signature information, and the generated information acquisition request may include user identification signature information, a time stamp, terminal network address information, and the like, where the time stamp is specific time information for generating the information acquisition request, and the terminal network address information is a network address (IP address) corresponding to the second terminal.

And S160, if the cloud server receives the information acquisition request, acquiring encryption information matched with the information acquisition request from the blockchain network and feeding back the encryption information to the second terminal.

And if the cloud server receives the information acquisition request, acquiring encrypted information matched with the information acquisition request from the blockchain network and feeding back the encrypted information to the second terminal. After receiving the information acquisition request, the cloud server can judge whether the information acquisition request meets corresponding acquisition conditions. If the information acquisition request meets the acquisition condition, executing the step of acquiring the encrypted information matched with the information acquisition request from the blockchain network and feeding back the encrypted information to the second terminal; and if the information acquisition request does not meet the acquisition condition, feeding back prompt information of failure information acquisition to the second terminal.

Specifically, the obtaining condition may include a preset time and a blacklist of network addresses; judging whether the information acquisition request meets preset acquisition conditions or not comprises the following steps: judging whether the time stamp of the information acquisition request exceeds the preset time or not; judging whether the terminal network address information of the information acquisition request is not contained in the network address blacklist; and if the time stamp does not exceed the preset time and the network address information of the terminal is not contained in the network address blacklist, judging whether the information acquisition request meets the acquisition condition.

And judging whether the time stamp exceeds the preset time, judging whether the network address information of the terminal is legal address information or not, if the preset time is 2 minutes, judging whether the time stamp is a time point within 2 minutes before the current time, if the time stamp is the time point within 2 minutes before the current time, judging that the time stamp does not exceed the preset time, otherwise judging that the time stamp exceeds the preset time, if the time stamp exceeds the preset time, a configurable network address blacklist in an acquisition condition, verifying whether the network address information of the terminal in the information acquisition request is not contained in the network address blacklist, and judging whether the network address information of the terminal is legal address information or not. If the time stamp is not beyond the preset time and the terminal network address information is legal address information, the information acquisition request can be judged to meet the acquisition condition, namely the encrypted information matched with the user identification signature information can be acquired from the blockchain network according to the user identification signature information in the information acquisition request, and the encrypted information is sent to the corresponding terminal according to the terminal network address information in the information acquisition request. If the time stamp exceeds the preset time or the network address information of the terminal is not legal address information, the information acquisition request can be judged to not meet the acquisition condition, and prompt information of information acquisition failure can be fed back to the second terminal.

And S170, if the second terminal receives the encrypted information fed back by the cloud server according to the information acquisition request, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information.

And if the second terminal receives the encrypted information fed back by the cloud server according to the information acquisition request, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information. After receiving the encrypted information, the second terminal can decrypt the encrypted information according to the user login information input by the user to the second terminal, and corresponding decrypted sensitive information is obtained.

In one embodiment, as shown in FIG. 8, step S170 includes sub-steps S171, S172 and S173.

And S171, generating a dimension decryption key corresponding to each dimension type according to the user login information and the dimension identification of each dimension type.

The user login information includes a corresponding user login password, and the user login password and the dimension identifier of each dimension type can be respectively combined to generate a dimension decryption key corresponding to each dimension type, and the specific process of acquiring the dimension decryption key is the same as the specific process of acquiring the dimension encryption key, which is not described herein.

S172, respectively decrypting the encrypted piece information corresponding to the corresponding dimension type in the encrypted information according to the encryption rule and each dimension decryption key to obtain decryption information corresponding to each dimension type.

The encrypted information can be decrypted according to the encryption rule and the dimension decryption key of each dimension type, so as to obtain the decryption information corresponding to each dimension type. Specifically, the key expansion may be performed according to the dimension decryption key corresponding to each dimension type, so as to obtain a decryption key array corresponding to each dimension decryption key, and the process of obtaining the decryption key array is the same as the process of obtaining the encryption key array, which is not described herein. And then, the encrypted segment information of each dimension type can be respectively decrypted based on the decryption key array corresponding to each dimension type, wherein the decryption process is the inverse operation process of the encryption process, and the description is omitted again. After each encrypted information segment is decrypted, a decrypted character string corresponding to each encrypted information segment can be obtained, and the decrypted character string represented by 16 system can be restored to specific decrypted information by performing code conversion on the decrypted character string.

And S173, combining the decryption information corresponding to each dimension type to obtain the decryption sensitive information.

And combining the decryption information obtained by each dimension type to obtain decryption sensitive information, wherein the decryption sensitive information comprises one piece of user-integrated sensitive information.

The technical method can be applied to scenes including encryption storage of information based on a blockchain network, such as intelligent government affairs, intelligent urban management, intelligent community, intelligent security, intelligent logistics, intelligent medical treatment, intelligent education, intelligent environmental protection, intelligent traffic and the like, so that construction of intelligent cities is promoted.

In the blockchain-based information encryption storage method provided by the embodiment of the invention, a first terminal receives login information and sends the login information to a cloud server for verification, if the login information passes the verification, the sensitive information input by a user is encrypted to obtain encrypted sensitive information, the encrypted sensitive information is sent to the cloud server, the cloud server uploads the encrypted sensitive information to a blockchain network for segmented storage, a second terminal receives the user login information and sends the user login information to the cloud server for verification, if the login information passes the verification, an information acquisition request is generated and sent to the cloud server, the cloud server acquires encrypted information corresponding to the information acquisition request and feeds the encrypted information back to the second terminal, and the second terminal decrypts the encrypted information according to the user login information to obtain decrypted sensitive information. By the method, the sensitive information can be encrypted and uploaded to the blockchain network for segmented storage, so that the sensitive information of the user is prevented from being leaked, and the safety of storing the sensitive information of the user is improved.

The embodiment of the invention also provides a blockchain-based information encryption storage system, which is used for executing any embodiment of the blockchain-based information encryption storage method, and in particular, referring to fig. 9, fig. 9 is a schematic block diagram of the blockchain-based information encryption storage system provided by the embodiment of the invention.

As shown in fig. 9, the blockchain-based information encryption storage system 100 includes a first terminal 10, a second terminal 20, and a blockchain network 30, where the first terminal 10 and the second terminal 20 are connected to a cloud server 31 in the blockchain network 30 through a network to transmit data information. Wherein the first terminal 10 includes: a login information verification unit 11, configured to, if login information input by a user is received, send the login information to the cloud server to obtain a verification result obtained by verifying the login information by the cloud server; the sensitive information encryption unit 12 is configured to encrypt sensitive information input by a user according to a preset encryption rule and the login information to obtain encrypted sensitive information and send the encrypted sensitive information to the cloud server if a verification result fed back by the cloud server is that verification is passed; the cloud server 31 includes: the information storage unit 311 is configured to upload the encrypted sensitive information to the blockchain network for segment storage if the encrypted sensitive information is received; an encrypted information feedback unit 312, configured to acquire, if the information acquisition request is received, encrypted information that matches the information acquisition request from the blockchain network and feed back the encrypted information to the second terminal; the second terminal 20 includes: a user login information verification unit 21, configured to, if user login information input by a user is received, send the user login information to the cloud server to obtain a verification result obtained by verifying the user login information by the cloud server; an information acquisition request sending unit 22, configured to send an information acquisition request corresponding to the user login information to the cloud server if the verification result fed back by the cloud server is that the verification result is verification pass; and the encrypted information decrypting unit 23 is configured to decrypt the encrypted information according to the user login information to obtain corresponding decrypted sensitive information if the encrypted information fed back by the cloud server according to the information acquisition request is received.

In an embodiment, the sensitive information encryption unit 12 comprises a subunit: the splitting information acquisition unit is used for splitting the sensitive information according to the dimension types contained in the encryption rule to obtain splitting information corresponding to each dimension type; the dimension encryption key acquisition unit is used for generating a dimension encryption key corresponding to each dimension type according to the login information and the dimension identifier of each dimension type; the encryption split information acquisition unit is used for respectively carrying out encryption processing on split information corresponding to the corresponding dimension type according to the encryption rule and each dimension encryption key to obtain encryption split information corresponding to each dimension type; and the encryption sensitive information acquisition unit is used for combining the encryption split information and the login information to obtain encryption sensitive information corresponding to the sensitive information.

In an embodiment, the encryption split information acquisition unit includes a subunit: the code character string acquisition unit is used for carrying out code conversion on each piece of split information according to the code conversion information in the encryption rule to obtain a corresponding code character string; the encryption key array acquisition unit is used for carrying out key expansion according to the dimension encryption key corresponding to each dimension type to obtain an encryption key array corresponding to each dimension encryption key; and the encryption processing unit is used for respectively carrying out encryption processing on the coded character strings corresponding to each encryption key array according to each encryption key array to obtain encryption split information corresponding to each coded character string.

In an embodiment, the encryption sensitive information acquisition unit comprises a subunit: the identification signature information acquisition unit is used for signing the user identification information in the login information according to the signature rule in the encryption rule to obtain corresponding identification signature information; and the information combination unit is used for combining the identification signature information with each piece of encryption split information of the sensitive information, and taking the encryption combination information corresponding to each piece of encryption split information obtained after combination as the encryption sensitive information.

In one embodiment, the information storage unit 311 includes a subunit: the block chain node information acquisition unit is used for acquiring block chain node point information corresponding to each piece of encryption combination information in a pre-stored node database according to the dimension type corresponding to each piece of encryption combination information in the encryption information; and the encryption combination information uploading unit is used for uploading each encryption combination information to the corresponding block chain node of the corresponding block chain link point information for storage according to the block chain node information.

In an embodiment, the information acquisition request transmitting unit 22 includes a subunit: the user identification signature information acquisition unit is used for signing the user identification information in the user login information according to the signature rule to obtain corresponding user identification signature information; and the request sending unit is used for generating a corresponding information acquisition request according to the user identification signature information and sending the information acquisition request to the cloud server.

In an embodiment, the encryption information decryption unit 23 includes a subunit: the dimension decryption key acquisition unit is used for generating a dimension decryption key corresponding to each dimension type according to the user login information and the dimension identifier of each dimension type; the decryption information acquisition unit is used for respectively carrying out decryption processing on the encryption segment information corresponding to the corresponding dimension type in the encryption information according to the encryption rule and each dimension decryption secret key to obtain decryption information corresponding to each dimension type; and the decryption information combination unit is used for combining the decryption information corresponding to each dimension type to obtain the decryption sensitive information.

The blockchain-based information encryption storage system provided by the embodiment of the invention is applied to the blockchain-based information encryption storage method, a first terminal receives login information and sends the login information to a cloud server for verification, if the login information passes the verification, the encrypted sensitive information is obtained by encrypting the sensitive information input by a user and sent to the cloud server, the cloud server uploads the encrypted sensitive information to a blockchain network for segmented storage, a second terminal receives the user login information and sends the user login information to the cloud server for verification, if the login information passes the verification, an information acquisition request is generated and sent to the cloud server, the cloud server acquires the encrypted information corresponding to the information acquisition request and feeds the encrypted information back to the second terminal, and the second terminal decrypts the encrypted information according to the user login information to obtain decrypted sensitive information. By the method, the sensitive information can be encrypted and uploaded to the blockchain network for segmented storage, so that the sensitive information of the user is prevented from being leaked, and the safety of storing the sensitive information of the user is improved.

The blockchain-based information encryption storage system described above may be implemented in the form of a computer program that is executable on a computer device as shown in fig. 10.

Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present invention. The computer device may be a first terminal 10 for executing a blockchain-based information encryption storage method to realize encryption storage of information based on a blockchain network, a second terminal 20 for executing a blockchain-based information encryption storage method to realize encryption storage of information based on a blockchain network, or a cloud server 31 for executing a blockchain-based information encryption storage method to realize encryption storage of information based on a blockchain network.

With reference to fig. 10, the computer device 500 includes a processor 502, a memory, and a network interface 505, which are connected by a system bus 501, wherein the memory may include a storage medium 503 and an internal memory 504.

The storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to perform a blockchain-based information encryption storage method, wherein the storage medium 503 may be a volatile storage medium or a non-volatile storage medium.

The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.

The internal memory 504 provides an environment for the execution of a computer program 5032 in the storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a blockchain based information encryption storage method.

The network interface 505 is used for network communication, such as providing for transmission of data information, etc. It will be appreciated by those skilled in the art that the structure shown in FIG. 10 is merely a block diagram of some of the structures associated with the present inventive arrangements and does not constitute a limitation of the computer device 500 to which the present inventive arrangements may be applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine certain components, or may have a different arrangement of components.

The processor 502 is configured to execute a computer program 5032 stored in a memory to implement the corresponding functions in the blockchain-based information encryption storage method.

Those skilled in the art will appreciate that the embodiment of the computer device shown in fig. 10 is not limiting of the specific construction of the computer device, and in other embodiments, the computer device may include more or less components than those shown, or certain components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may include only a memory and a processor, and in such embodiments, the structure and function of the memory and the processor are consistent with the embodiment shown in fig. 10, and will not be described again.

It should be appreciated that in embodiments of the present invention, the Processor 502 may be a central processing unit (Central Processing Unit, CPU), the Processor 502 may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application SPECIFIC INTEGRATED Circuits (ASICs), off-the-shelf Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a volatile or nonvolatile computer readable storage medium. The computer readable storage medium stores a first computer program, a second computer program, or a third computer program, which collectively implement the blockchain-based information encryption storage method as described above when the first computer program is executed by a first processor, the second computer program is executed by a second processor, and the third computer program is executed by a third processor.

It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, device and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.

In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a computer-readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned computer-readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes.

While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims

1. The method is applied to a block chain-based information encryption storage system, the system comprises a first terminal, a second terminal and a block chain network, the first terminal and the second terminal are simultaneously connected with a cloud server in the block chain network through a network so as to transmit data information, and the method comprises the following steps:

if the second terminal receives the encrypted information fed back by the cloud server according to the information acquisition request, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information; wherein,

The encrypting the sensitive information input by the user according to the preset encryption rule and the login information to obtain encrypted sensitive information and sending the encrypted sensitive information to the cloud server comprises the following steps:

splitting the sensitive information according to the dimension types contained in the encryption rule to obtain split information corresponding to each dimension type;

Generating a dimension encryption key corresponding to each dimension type according to the login information and the dimension identifier of each dimension type;

respectively carrying out encryption processing on the split information corresponding to the corresponding dimension type according to the encryption rule and each dimension encryption key to obtain encryption split information corresponding to each dimension type;

Combining the encryption split information and the login information to obtain encryption sensitive information corresponding to the sensitive information; wherein,

The step of respectively encrypting the split information corresponding to the corresponding dimension type according to the encryption rule and each dimension encryption key to obtain the encrypted split information corresponding to each dimension type, comprising the following steps:

according to the code conversion information in the encryption rule, carrying out code conversion on each piece of split information to obtain a corresponding code character string;

performing key expansion according to the dimension encryption key corresponding to each dimension type to obtain an encryption key array corresponding to each dimension encryption key;

and respectively carrying out encryption processing on the coded character strings corresponding to each encryption key array according to each encryption key array to obtain encryption split information corresponding to each coded character string.

2. The blockchain-based information encryption storage method of claim 1, wherein the combining the encryption split information with the login information to obtain the encryption sensitive information corresponding to the sensitive information includes:

signing the user identification information in the login information according to the signature rule in the encryption rule to obtain corresponding identification signature information;

and combining the identification signature information with each piece of encryption split information of the sensitive information, and taking the encryption combined information which is obtained after combination and corresponds to each piece of encryption split information as the encryption sensitive information.

3. The blockchain-based information encryption storage method of claim 1, wherein uploading the encryption sensitive information to the blockchain network for segmented storage comprises:

Acquiring block link point information corresponding to each piece of encryption combination information in a pre-stored node database according to the dimension type corresponding to each piece of encryption combination information in the encryption information;

and uploading each piece of encryption combined information to the corresponding block chain node of the corresponding block chain link point information for storage according to the block chain node information.

4. The blockchain-based information encryption storage method of claim 2, wherein the sending an information acquisition request corresponding to the user login information to the cloud server includes:

Signing the user identification information in the user login information according to a signing rule to obtain corresponding user identification signing information;

And generating a corresponding information acquisition request according to the user identification signature information and sending the information acquisition request to the cloud server.

5. The blockchain-based information encryption storage method of claim 1, wherein decrypting the encrypted information according to the user login information to obtain the corresponding decryption sensitive information comprises:

Generating a dimension decryption key corresponding to each dimension type according to the user login information and the dimension identifier of each dimension type;

Respectively decrypting the encrypted segment information corresponding to the corresponding dimension type in the encrypted information according to the encryption rule and each dimension decryption key to obtain decryption information corresponding to each dimension type;

and combining the decryption information corresponding to each dimension type to obtain the decryption sensitive information.

6. The blockchain-based information encryption storage method of claim 1, wherein before the encrypted information matched with the information acquisition request is acquired from the blockchain network and fed back to the second terminal, further comprising:

judging whether the information acquisition request meets preset acquisition conditions or not;

If the information acquisition request meets the acquisition condition, executing the step of acquiring the encrypted information matched with the information acquisition request from the blockchain network and feeding back the encrypted information to the second terminal;

And if the information acquisition request does not meet the acquisition condition, feeding back prompt information of failure information acquisition to the second terminal.

7. The blockchain-based information encryption storage method of claim 6, wherein the acquisition condition includes a preset time and a blacklist of network addresses, and the determining whether the information acquisition request satisfies the preset acquisition condition includes:

Judging whether the time stamp of the information acquisition request exceeds the preset time or not;

judging whether the terminal network address information of the information acquisition request is not contained in the network address blacklist;

and if the time stamp does not exceed the preset time and the network address information of the terminal is not contained in the network address blacklist, judging whether the information acquisition request meets the acquisition condition.

8. The information encryption storage system based on the block chain is characterized by comprising a first terminal, a second terminal and a block chain network, wherein the first terminal and the second terminal are connected with a cloud server in the block chain network through a network so as to transmit data information;

the first terminal is used for:

The cloud server is used for:

The second terminal is used for:

If the encrypted information fed back by the cloud server according to the information acquisition request is received, decrypting the encrypted information according to the user login information to obtain corresponding decryption sensitive information; wherein,