CN113556362B - Encryption session establishment and maintenance method based on block chain intelligent contract - Google Patents
Encryption session establishment and maintenance method based on block chain intelligent contract Download PDFInfo
- Publication number
- CN113556362B CN113556362B CN202111069960.XA CN202111069960A CN113556362B CN 113556362 B CN113556362 B CN 113556362B CN 202111069960 A CN202111069960 A CN 202111069960A CN 113556362 B CN113556362 B CN 113556362B
- Authority
- CN
- China
- Prior art keywords
- intelligent contract
- account
- communication
- session
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention relates to a block chain intelligent contract technology, in particular to a method for establishing and maintaining an encrypted session based on a block chain intelligent contract, which comprises the following steps: a1, a block chain account A generates a private key KA used for a communication session at a client, and a public key PA corresponding to the private key KA is deduced by using an asymmetric encryption algorithm; a2, the block chain account A transmits a public key PA established for the communication session to the intelligent contract C1 by an intelligent contract method INIT, and the public key PA is used for encrypting a parameter field needing to be encrypted called by the intelligent contract in the subsequent communication session establishment process; the intelligent contract C1 establishes an internal data structure S1 to represent a session, stores the account A, the public key PA special for the session established by the account A and the communication target account B, and realizes rich media types of point-to-point transmission including videos, so that the block chain application service on the basis of privacy is promoted to be used for transactions and sufficient information communication before the transactions, and the full information exchange, information exchange and transaction achievement are facilitated.
Description
Technical Field
The invention relates to the fields of block chaining, digital encryption, point-to-point communication, distributed storage application and the like, in particular to an encryption session establishment and maintenance method based on a block chaining intelligent contract.
Background
The block chain is open source, the data on the block chain is open to all people, and anyone can inquire the block chain data and develop related application through a public interface, so that the whole system information is highly transparent, a user account is represented by a public key, the private key is generated by a random number, the public key is derived from the private key through an algorithm but cannot be derived from the public key, the public key and the private key exist in pairs, and the functions of the public key and the private key are as follows: encrypting a public key and decrypting a private key; private key signature, public key signature verification.
The blockchain application is decentralized, in the blockchain application, two transaction parties need to communicate before transaction under specific conditions, communication through the traditional centralized instant messaging application and communication between the two parties under the line are not required due to safety requirements, and at the moment, the blockchain technology digital encryption technology can be fully utilized, and the establishment of a point-to-point account number communication channel and subsequent point-to-point communication interaction can be realized through a distributed storage blockchain network.
The public key can be obtained by simple derivation calculation of a unique private key, usually an asymmetric algorithm such as an elliptic algorithm, so that a user who owns the private key corresponding to the public key can execute a chain transaction requiring a specific authority by signing the private key. The transaction is usually realized by a mechanism or an intelligent contract built in the blockchain system, and information with a certain length L can be transmitted as a parameter called by the intelligent contract. The parameters of the call introduced by the calling method of the intelligent contract can be stored as a transaction log or a transaction record on the blockchain, so that the parameters can be used as a special channel for transmitting information between account numbers.
Disclosure of Invention
The invention aims to provide an encryption session establishment method based on a block chain intelligent contract by using a block chain intelligent contract technology, which is characterized by comprising the following steps:
a1, a block chain account A generates a private key KA for a communication session at a client, and a public key PA corresponding to the private key KA is deduced by using an asymmetric encryption algorithm including an elliptic curve;
a2, the block chain account A transmits a public key PA established for the communication session to the intelligent contract C1 through an intelligent contract method INIT, and the public key PA is used for calling a parameter field needing encryption for the intelligent contract after the subsequent communication session establishment process to encrypt; the intelligent contract C1 establishes an internal data structure S1 to store the session structure, and the main stored content fields include the block chain account a initiating the session, the public key PA for encryption purpose generated by the block chain account a for the session, and the communication target account B to be invited to participate in the session, so the internal data structure S1 is represented as:
S1 = {from:A,to:B,PubFrom:PA};
a3, a communication target account B needs to periodically access an intelligent contract C1 according to the height of a block chain, a private key KB of an access session is generated before (intelligent contract calling), a public key PB corresponding to the private key KB is deduced by using an asymmetric algorithm, PB is used as a parameter to call a method for inquiring the access session of the intelligent contract C1, and the C1 needs to read whether a session inviting the communication target account B to participate is required besides the input parameter; because the intelligent contract C1 queries the target account B to be invited for communication, which is matched with the internal data structure S1, the block chain account a and the session public key PA of the block chain account a are easily queried according to the internal data structure S1, and the public key PA and the block chain account a are returned to the target account B for communication as return parameters RC. At this moment, the data structure S1 in the intelligent contract is updated as follows:
S1 = {from:A,to:B,PubFrom:PA,PubTo:PB};
the format of the return parameters is also:
RC ={from:A,PubFrom:PA}
at this time, the communication target account B knows the public key PA of the block chain account a for the point-to-point communication session.
Responding to the communication session by the communication target account B, returning all messages sent to the communication target account B by the encrypted session with the public key PB as the encrypted public key by the point-to-point method of C2 or calling the method CHAT of the intelligent contract C2, decrypting by using the private key KB, and receiving all unread messages sent to the communication target account B in the session which establishes connection and comprises the communication target account B if the decryption is successful; the decryption is unsuccessful, which indicates that the information is not sent to the user; similarly, the block chain account a also checks the information returned by the CHAT method of all the intelligent contracts C2, and decrypts by using the private key KA to receive the information which is sent by the communication target account B and is specially given to the block chain account a. Thus, the account A and the account B acquire the account of the opposite side of the point-to-point communication through the public inquired encrypted text on the decryption chain, and acquire the account of the other side of the point-to-point communication and the public key of the account of the other side for the communication purpose of the session through inquiring the session record on the intelligent contract C1, so that a digital encryption session channel is maintained;
and A5, the account numbers in the communication process actively carry out intelligent contract calling to obtain communication contents, and the contents are transmitted through a network and recorded through block chain intelligent contract calling, but the contents are encrypted by adopting an asymmetric encryption algorithm, so that the communication channel is considered to be safe.
Further, the content of the communication transmission between the block chain accounts is transmitted by the following method, which includes the following steps:
b1, after an information transmission channel is established according to the step A, the account A and the account B both acquire a public key of a communication purpose used by the two parties;
b2, the block chain account number transmits two types of contents through parameters called by an intelligent contract:
1) If the transmitted communication content is encrypted information with a smaller length and is within the length range allowed by the intelligent contract method, the communication content is directly transmitted in the method call of the intelligent contract, and an intelligent contract call log is formed;
2) If the content is longer transmission content, firstly storing the encrypted content through the distributed storage network to obtain the hash value of the content file in the distributed storage network, and transmitting the hash value as the calling parameter of the intelligent contract after encrypting the hash value by using a public key given by the opposite side;
b3, after the account of the other party of communication receives the intelligent contract call log and obtains the information supposed to be transmitted to the account, the account is decrypted by using a private key, and if the information can be decrypted, the other party of point-to-point communication is ensured to be in the communication transmission mode;
b4, when the content obtained after decryption is a hash value, obtaining the file content designated by the hash value on the block chain through the hash value, and decrypting the content through the private key in the session structure stored by the account so as to obtain the original text of the transmission information;
b5, when the account number of any party does not transmit the content any more, deleting the private key of the session in the temporary storage session list of the client side of the party, thereby technically realizing that the content sent to the client side of the party can not be decrypted by the private key any more; if the public key of the opposite party is discarded, the content of the opposite party encrypted by the session public key issued by the party is not received any more, so that the secure ending of the session is realized.
The beneficial effects of the invention are: through the steps in the method, a point-to-point encryption session channel is constructed by calling the intelligent block chain contract between two account numbers in the block chain, the transmitted communication content is encrypted and transmitted through a negotiated public key, and the safety and privacy protection of point-to-point communication are realized by utilizing a digital encryption technology in the communication process; once the session is not required to be maintained, only the private key corresponding to the public key issued by the party is required to be discarded, the effect of burning after reading is achieved, namely the private key is not seen by any other person after the message of the other party is read.
The invention also realizes the rapid distribution, encryption and decryption of the point-to-point communication content by utilizing the distributed storage network, and realizes the rich media type of point-to-point transmission including video, thereby promoting the block chain application service on the basis of privacy for transaction and sufficient information communication and exchange before the transaction, and being beneficial to promoting the sufficient information exchange, information exchange and transaction achievement.
Drawings
For ease of illustration, the invention is described in detail by the following preferred embodiments and the accompanying drawings.
FIG. 1 is a schematic diagram of an encrypted session establishment based on a blockchain intelligent contract in accordance with the present invention;
fig. 2 is a timing diagram of the establishment and maintenance of an encryption session based on a blockchain intelligent contract according to the present invention, which explains how the session is securely established and how the session is maintained by an encryption technique.
Detailed Description
In order to make the implementation objects, technical solutions and features of the present application clearer, the technical solutions implemented by the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some examples of the present application, but not all implementation cases. The embodiments of the subject application, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations.
Therefore, the detailed description of the embodiments provided in the present application is not intended to limit the scope of the claims of the present application, but is merely representative of particular embodiments of the present application. All other embodiments obtained by a person skilled in the art without any inventive step based on the embodiments in this application are within the scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the present application, it is further noted that the terms communication session, session channel, communication channel, asymmetric encryption are to be understood in a broad sense unless explicitly specified or limited otherwise. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Because the block chain is a public distributed accounting technology in nature, the information recorded on the block chain is usually public, all block chain link points can obtain the information recorded on a certain block chain, each account number participating in the block chain transaction record does not need to know where the other party is, a centralized server is not needed, information exchange transmission is carried out through the block chain, and the information on the chain between any two account numbers is publicly visible after the chain is linked; in addition, the private key of the account is managed and stored through a wallet DAPP (digital data processing), and the wallet simplifies the operation of conducting transaction by using the private key for signature.
In view of this, the present embodiment provides a method for establishing and maintaining an encrypted session based on a blockchain intelligent contract, and the following describes in detail a scheme provided by an embodiment of the present invention:
first, please refer to fig. 1 and 2, which are characterized by comprising the following steps:
a1, a block chain account A generates a private key KA for a communication session at a client, and a public key PA corresponding to the private key KA is deduced by using an asymmetric encryption algorithm;
a2, the block chain account A transmits a public key PA established for the communication session to the intelligent contract C1 through an intelligent contract method INIT, and the public key PA is used for encrypting a parameter field needing encryption for calling the intelligent contract in the subsequent communication session establishing process; the intelligent contract C1 establishes an internal data structure S1 representing a session, stores an account number a, a public key PA dedicated to the session established by the account number a, and a communication target account number B, and there are:
S1 = {from:A,to:B,PubFrom:PA};
a3, a communication target account B periodically accesses an intelligent contract C1 according to the height of a block chain, a private key KB established for responding to a communication session is generated before the intelligent contract C1 is called, a public key PB corresponding to the private key KB is deduced by using an asymmetric encryption algorithm, the public key PB is used as a parameter to call a session query CHECK method of the intelligent contract C1, if the session query CHECK method queries that an account needs to establish a communication session with the account B by retrieving a set of an internal data structure S1, a public key PA for establishing the communication session by the account A is returned to the communication target account B, and the internal data structure S1 is updated as follows:
S1= {from:A,to:B,PubFrom:PA,PubTo:PB};
a4, the communication target account B establishes a communication session and sends out a first piece of handshake information Text1 in the same way, the Text1 is encrypted by using a public key PA, and the encrypted ciphertext content Text2 is used as a parameter to send out a call to a method CHAT of the intelligent contract C2. If the length of the encrypted Text1 exceeds the calling parameter length limit L of the intelligent contract, firstly storing the ciphertext content Text2 on a distributed storage network in a file form, returning a hash value CID obtained by the file content through a hash algorithm, encrypting by using a public key PA and then calling the CHAT method of the intelligent contract C2 as a parameter;
a5, after the step A2, the block chain account A calls a log according to a CHAT method for highly searching an intelligent contract C2 of the block chain, and uses a private key KA to decrypt ciphertext information issued by a communication target account which is expected to establish and maintain a communication session with the block chain account A; if the decryption is unsuccessful, increasing the height of the block chain and retrieving the CHAT method call log of the intelligent contract C2 with the increased height of the block chain; if the decryption is successful, judging whether the obtained file hash value CID is the file hash value CID in the distributed storage network, if so, further obtaining the ciphertext content Text2 from the distributed storage network, and decrypting the ciphertext content Text2 by using KA to obtain the information to be transmitted by the communication target account;
and (3) successfully decrypting, namely acquiring the public key PB of the communication target account B by calling a CHECK session CHECK method of the intelligent contract C1, and encrypting reply information sent to the communication target account B by the block chain account A by using the public key PB.
: the account number in the communication session process utilizes the intelligent contract to call and write information into the block chain, communication contents sent to the account number are obtained through block data confirmed by the block chain and a contract method execution log, and the communication contents are encrypted by adopting an asymmetric encryption algorithm.
When any account number in the communication session determines that the content is not transmitted any more, the session channel record established for the point-to-point encrypted communication session is immediately deleted, and at the moment, the session channel data structure is not maintained any more, so that the communication channel between the previous account numbers is abandoned, and the communication channel is not maintained for the session any more.
According to the encryption session establishment method based on the blockchain intelligent contract, a method for maintaining the encryption session based on the blockchain intelligent contract is provided, which is characterized by comprising the following steps:
b1, after the point-to-point encrypted communication session is established according to the step A, when both the block chain account number and the communication target account number know that both parties communicate, a public key which is established by the other party and used for the session needs to be used;
and B2, transmitting two types of contents by the block chain account through parameters called by the intelligent contract:
1) If the length of the communication content transmitted in an encryption mode is smaller than the length limit L of the intelligent contract calling parameter, the communication content is directly transmitted in the method calling of the intelligent contract, and an intelligent contract calling execution log is formed;
2) If the length of the communication content transmitted in an encrypted manner exceeds the length limit L of the intelligent contract calling parameter, the communication content is stored through a distributed storage network to obtain a hash value of the communication content in the distributed storage network, and ciphertext information encrypted by the hash value by using the public key of the other party is transmitted as the intelligent contract calling parameter;
b3, the account of the other party of communication monitors the intelligent contract calling record log according to the height indicated by the block height counter, after the ciphertext information obtained by calling the record log through the intelligent contract, the received ciphertext information is decrypted by using a private key stored by the session recording account of the account, and if the ciphertext information can be decrypted, the caller of the intelligent contract is determined to be the other party of the point-to-point encrypted communication session;
b4, when the content obtained after decryption is a file hash value, the corresponding file content is obtained on the distributed storage area block chain network, and the file content is decrypted through the private key stored in the step B3, so that the plaintext of the point-to-point encrypted communication is obtained.
The embodiment also provides a scheme for realizing point-to-point digital encryption session establishment by the blockchain account through an intelligent contract and carrying out point-to-point communication content transmission by using a distributed storage network, and the scheme provided by the embodiment of the invention is explained in detail as follows:
first, please refer to fig. 1 and 2, which are characterized by comprising the following steps:
a1, a private key KA of a session S2 to be established is established through a client of a block chain account A, and a public key PA is deduced by using an elliptic curve algorithm and is used as a parameter for calling an intelligent contract C;
a2, calling an intelligent contract C1 by the block chain account A, and taking PA as a parameter; the blockchain height indication for this session is set to the current blockchain height +1;
a3, the block chain account A receives confirmation information returned by the intelligent contract C1, and shows that the account A records the session request of the account B;
a4, the communication target account B receives session request information which is returned to the communication target account B by the S2 and is related to the account A in the calling of the polling intelligent contract C1, and obtains a public key PA of the account A for the session;
a5, the communication target account B utilizes a public key PA to encrypt information which is required to be sent by any session, and takes an encrypted ciphertext as a parameter to call an intelligent contract C2; if the information to be sent is a long file and the length of the encrypted ciphertext is large, the ciphertext is stored in the distributed storage network in the form of a file F, the hash of the file F stored in the distributed storage network is used as a parameter for encryption, and then a CHAT method call of an intelligent contract C2 is sent out, so that the content needing to be transmitted is submitted to a chain, or the file content with the long file length is stored in the distributed storage network, and the returned hash representing the file is encrypted by using a PA and then recorded on the chain, so that the other party (here, an account A) of the point-to-point session obtains the encrypted content which is transmitted by the other party.
: and the block chain account A acquires the encrypted and transmitted content field in the intelligent contract call by recording the block chain height returned in the step A2 and inquiring a transaction log executed by a CHAT method of the intelligent contract C2 after the height, and decrypts by using the KA. If the decryption is successful, the description message is encrypted by using the public key PA, the block chain account A initiates the established session, and the communication target account B sending the information to the block chain account A is acquired according to the transaction record.
The blockchain account A maintains a list of sessions at the client, establishes a private key KA and a communication object account B for storing and establishing the sessions at a specific blockchain height H1, and records the following data structure:
SList =[{to:B,key:KA,blockIndex:H1},textList:[]];
after all records of one block are analyzed, the height H1 needs to be increased by one to obtain a new height H2, so as to ensure the safety of the next scan block chain record.
Similarly, the communication target account B initiates a CHAT method for checking the intelligent contract C2 at the block chain height H2, and establishes a corresponding data structure:
SList = [{from:A,key:KB,blockIndex:H2},textList:[]];
a9, both sides send messages by sending CHAT calls to the intelligent contract C2, the encrypted transmission field content of the method is obtained by checking the call logs of the CHAT method of the intelligent contract C2, if the encrypted transmission field content is decrypted by using the private key of the both sides, the ciphertext is definitely deduced to be sent to the both sides, and two block chain account numbers are formed to establish peer-to-peer message sending and receiving on a block chain.
As shown in fig. 2, if the file is large after encryption, the encrypted content is stored on the distributed storage network, and the returned hash CID is encrypted by using the public key of the other party, and is used as a parameter to call an intelligent contract to transmit to the other party:
b1, the sender checks whether the length after encryption according to the public key of the other party exceeds the length L constrained by the intelligent contract C2, if the length is less than L, the sender directly transfers the encrypted ciphertext by calling the intelligent contract; if the length exceeds L, the client should first upload the content in the form of a file to the distributed storage network, resulting in a unique hash value CID in the distributed storage network, which can be used as a parameter to make a call to the intelligent contract C2 because of its fixed length.
After the receiver (the receiver and the account are both the account a or the account B in the above description) checks the CHAT method call execution log of the smart contract C2 from the height H2, the content of the encrypted field in the transaction record written by the caller into the execution result of the block chain smart contract is obtained, after the encrypted ciphertext is obtained, the values stored in the key field of the account corresponding to the slpit session record, that is, the private key used by the session of the account of the party, are one by one, the encrypted information in the log transaction sent by the other party is decrypted, and the normal decryption can be performed, that is, the log information is the information that the account of the other party is sent to the account.
Correspondingly, if the obtained information in the block chain record is decrypted to obtain a character string meeting the hash CID specification, the corresponding information is a file which needs to be further read from the distributed storage network and indicated by the hash CID, the file is decrypted by using the private key, and if the decryption is successful, the file is a file sent by the other party and is read and displayed according to the media format of the file; if the decryption is not successful, the detection is immediately terminated, which indicates that the message is not sent to the account, and the next message sent to the account is continuously searched.
Whether the analysis is successful or not, after all logs called by the CHAT method of the intelligent contract C2 on the height of one block are decrypted, the block height indicating variable blockIndex indicating the next scanning needs to be increased by 1;
and B5, finishing the scanning of the transaction log information of the intelligent contract C2 method until the CHAT method of the block chain intelligent contract C2 highly catches up with the current block height.
The invention has the beneficial effects that: the safe communication session between the block chain account user and the target account user is established only through the block chain and the distributed storage network, the subsequent establishment and maintenance are carried out, the communication content is transmitted through the block chain, and the position of the account user is not required to be known at all and is also irrelevant to an underlying network.
The method and the device establish that the session private key is effective in the session application and the session period and is different from the private key corresponding to the account, so that the safety of the account is enhanced, but the safety of the session private key is not reduced.
During the conversation, the two parties encrypt through the public key, digital encryption transmission of conversation contents is realized through a scheme of private key decryption of the conversation, the sender can be seen on the chain, but the sender cannot know who the sender sends, and privacy protection in a certain sense is realized. Under the condition that both parties hold a session private key and a public key of the other party, the session can be carried out all the time under the support of a block chain and a distributed storage network; and any party discards the private key of the session, namely, the session with the other party is not maintained any more, and the communication session is released.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part. The blockchain in the invention is not limited to a certain blockchain, but comprises all blockchains supporting the intelligent contract function, and the distributed storage network is not limited to a distributed storage network realized by a certain technology, but supports a storage network which is distributed and stored in file blocks and can be referred to by a unique hash value and utilize the hash value to access the file. The public key corresponding to the private key of the invention takes asymmetric encryption algorithms such as an elliptic algorithm and the like as an example of a derivation algorithm from the private key to the public key, and practically any algorithm meeting the following characteristics can be used:
1. the private key may derive the public key;
2. the public key can not directly derive the private key, or the deduction needs to be cracked and calculated resources which can not be met by a real production environment, so that the public key can not derive the private key;
3. the cipher text encrypted by the public key can be decrypted by the private key, and if the private key is not correct, the decryption operation cannot be completed;
4. the submitted information may be signed with the private key and the public key may be used to verify that the information is indeed an operation by the person holding the private key.
It is noted that terms such as communication session, session channel, communication channel, etc. are industry colloquial calls herein. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" - - ", it does not exclude that an identical element or elements reside in a process, method, article or apparatus that comprises a described element.
The above description is only for various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and all such changes or substitutions are included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (2)
1. The encryption session establishment method based on the block chain intelligent contract is characterized by comprising the following steps:
a1, a block chain account A generates a private key KA used for a communication session at a client, and a public key PA corresponding to the private key KA is deduced by using an asymmetric encryption algorithm;
a2, the block chain account A transmits a public key PA established for the communication session to the intelligent contract C1 by an intelligent contract method INIT, and the public key PA is used for encrypting a parameter field needing to be encrypted called by the intelligent contract in the subsequent communication session establishment process; the intelligent contract C1 establishes an internal data structure S1 representing a session, stores an account a, a public key PA dedicated to the session established by a, and a communication target account B, where:
S1 = {from:A,to:B,PubFrom:PA};
a3, a communication target account B periodically accesses an intelligent contract C1 according to the height of a block chain, a private key KB established for responding to a communication session is generated before the intelligent contract C1 is called, a public key PB corresponding to the private key KB is deduced by using an asymmetric encryption algorithm, the public key PB is used as a parameter to call a session query CHECK method of the intelligent contract C1, if the session query CHECK method queries that an account needs to establish a communication session with the account B by retrieving a set of an internal data structure S1, a public key PA for establishing the communication session by the block chain account A is returned to the communication target account B, and the internal data structure S1 is updated as follows:
S1= {from:A,to:B,PubFrom:PA,PubTo:PB};
a4, the communication target account B establishes a communication session and sends out a first piece of handshake information Text1 in the same way, the Text1 is encrypted by using a public key PA, and the encrypted ciphertext content Text2 is used as a parameter to send out a call to a method CHAT of an intelligent contract C2;
if the length of the encrypted Text1 exceeds the calling parameter length limit L of the intelligent contract, firstly storing the ciphertext content Text2 on a distributed storage network in a file form, returning a hash value CID obtained by the file content through a hash algorithm, and then encrypting the file content by using a public key PA as a parameter to call the CHAT method of the intelligent contract C2;
a5, after the step A2, the block chain account A calls a log according to a method CHAT for searching the intelligent contract C2 according to the height of the block chain, and the cipher text information issued by a communication target account establishing and maintaining a communication session with the block chain account A is decrypted by using a private key KA; if the decryption is unsuccessful, increasing the height of the block chain and retrieving the CHAT method call log of the intelligent contract C2 with the increased height of the block chain; if the decryption is successful, judging whether the obtained file hash value CID is the file hash value CID in the distributed storage network, if so, further obtaining the ciphertext content Text2 from the distributed storage network, and decrypting the ciphertext content Text2 by using KA to obtain the information to be transmitted by the communication target account;
the decryption succeeds, a public key PB of the communication target account B is obtained by calling a session CHECK method of the intelligent contract C1, and the block chain account A encrypts reply information sent to the communication target account B by using the public key PB;
a6: the account numbers in the communication session process are all used for calling and writing information into the block chain by using an intelligent contract, and the communication contents sent to the account numbers are obtained through block data confirmed by the block chain and a contract method execution log, and are encrypted by adopting an asymmetric encryption algorithm;
a7, when any account number in the communication session decides not to transmit the content any more, immediately deleting the session channel record established for the point-to-point encrypted communication session, and at the moment, not maintaining the session channel data structure any more, thereby abandoning the communication channel between the previous account numbers and further maintaining the communication channel for the session.
2. The method for establishing the encryption session based on the blockchain intelligent contract according to claim 1, wherein a method for maintaining the encryption session based on the blockchain intelligent contract is provided, and comprises the following steps:
b1, after the point-to-point encrypted communication session is established according to the step A, when both the block chain account number and the communication target account number know that both parties communicate, a public key which is established by the other party and used for the session needs to be used;
and B2, transmitting two types of contents by the block chain account through parameters called by the intelligent contract:
if the length of the communication content transmitted in an encryption mode is smaller than the length limit L of the intelligent contract calling parameter, the communication content is directly transmitted in the method calling of the intelligent contract, and an intelligent contract calling execution log is formed;
if the length of the communication content transmitted in an encrypted mode exceeds the length limit L of the intelligent contract calling parameter, the communication content is stored through the distributed storage network, the hash value of the communication content in the distributed storage network is obtained, and the ciphertext information encrypted by the public key of the opposite side is reused as the intelligent contract calling parameter to be transmitted;
b3, the account of the other party of communication monitors the intelligent contract calling record log according to the height indicated by the block height counter, after the ciphertext information obtained by calling the record log through the intelligent contract, the received ciphertext information is decrypted by using a private key stored by the conversation record account of the account, and if the ciphertext information can be decrypted, the caller of the intelligent contract is the other party of the point-to-point encryption communication conversation;
b4, when the communication content obtained after decryption is a file hash value, the corresponding file content is obtained on the distributed storage area block chain network, and the file content is decrypted through the private key stored in the step B3, so that the plaintext of the point-to-point encrypted communication is obtained.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111069960.XA CN113556362B (en) | 2021-09-13 | 2021-09-13 | Encryption session establishment and maintenance method based on block chain intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111069960.XA CN113556362B (en) | 2021-09-13 | 2021-09-13 | Encryption session establishment and maintenance method based on block chain intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113556362A CN113556362A (en) | 2021-10-26 |
| CN113556362B true CN113556362B (en) | 2023-02-14 |
Family
ID=78134602
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111069960.XA Active CN113556362B (en) | 2021-09-13 | 2021-09-13 | Encryption session establishment and maintenance method based on block chain intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113556362B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666341A (en) * | 2022-03-15 | 2022-06-24 | 数界(深圳)科技有限公司 | Decentralized SDP controller implementation method and computer storage medium |
| CN116074115B (en) * | 2023-03-06 | 2023-06-23 | 广州市悦智计算机有限公司 | Method for realizing cross-chain encryption session based on intelligent contract |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109274573A (en) * | 2018-07-12 | 2019-01-25 | 华泰证券股份有限公司 | A kind of immediate news systems, method and application for merging block chain technology |
| CN110035002A (en) * | 2019-04-01 | 2019-07-19 | 深圳前海达闼云端智能科技有限公司 | Method for implementing instant messaging, terminal equipment and storage medium |
| CN110113244A (en) * | 2018-02-09 | 2019-08-09 | 中企云链(北京)金融信息服务有限公司 | A kind of instant communicating system and method based on block chain technology |
| CN112583593A (en) * | 2021-02-22 | 2021-03-30 | 支付宝(杭州)信息技术有限公司 | Private communication method and device between users |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IT201700011928A1 (en) * | 2017-02-03 | 2018-08-03 | Jlg Group S R L | METHOD FOR THE TRANSMISSION OF MULTIMEDIA DATA IN TELEMATIC SERVICES OF INSTANT MESSAGING FROM AND TO MOBILE DEVICES |
| US11303597B2 (en) * | 2017-09-08 | 2022-04-12 | Nader Asghari Kamrani | Blockchain-based community messaging system and method thereof |
-
2021
- 2021-09-13 CN CN202111069960.XA patent/CN113556362B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113244A (en) * | 2018-02-09 | 2019-08-09 | 中企云链(北京)金融信息服务有限公司 | A kind of instant communicating system and method based on block chain technology |
| CN109274573A (en) * | 2018-07-12 | 2019-01-25 | 华泰证券股份有限公司 | A kind of immediate news systems, method and application for merging block chain technology |
| CN110035002A (en) * | 2019-04-01 | 2019-07-19 | 深圳前海达闼云端智能科技有限公司 | Method for implementing instant messaging, terminal equipment and storage medium |
| CN112583593A (en) * | 2021-02-22 | 2021-03-30 | 支付宝(杭州)信息技术有限公司 | Private communication method and device between users |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113556362A (en) | 2021-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7240366B2 (en) | End-to-end authentication of session initiation protocol messages using certificates | |
| CN112613077B (en) | Privacy-protecting multi-party data processing method, device and system | |
| CN109347835A (en) | Information transferring method, client, server and computer readable storage medium | |
| CN113556362B (en) | Encryption session establishment and maintenance method based on block chain intelligent contract | |
| JP6145806B2 (en) | Immediate communication method and system | |
| US20170317823A1 (en) | Zero Knowledge Encrypted File Transfer | |
| WO2019110574A1 (en) | Methods of secure communication | |
| CN101715638A (en) | Secure electronic messaging system requiring key retrieval for deriving decryption key | |
| CN105553654A (en) | Key information query processing method and device and key information management system | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN110690969B (en) | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation | |
| CN107294968B (en) | Audio and video data monitoring method and system | |
| US10530581B2 (en) | Authenticated broadcast encryption | |
| CN107104938B (en) | Method for establishing secure data exchange channel, client and computer readable medium | |
| CN111865761B (en) | Social chat information evidence storing method based on block chain intelligent contracts | |
| Gürgens et al. | On the security of fair non-repudiation protocols | |
| CN107104888B (en) | Safe instant messaging method | |
| US11265298B2 (en) | Method for end-to-end transmission of a piece of encrypted digital information, application of this method and object implementing this method | |
| CN110798489A (en) | Data approval method and system based on block chain | |
| CN110881019A (en) | Secure communication terminal, secure communication system and communication method thereof | |
| Swetha et al. | A Modified Tiny Asymmetric Encryption for Secure Ftp to Network | |
| CN116074115B (en) | Method for realizing cross-chain encryption session based on intelligent contract | |
| US11870908B1 (en) | End-to-end encryption based on a simple shared secret | |
| CN112702420B (en) | Processing method and system for online and offline data interaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |