CN113761543A - Data processing method, device, equipment and machine readable medium based on alliance chain - Google Patents

Data processing method, device, equipment and machine readable medium based on alliance chain Download PDF

Info

Publication number
CN113761543A
CN113761543A CN202010486125.5A CN202010486125A CN113761543A CN 113761543 A CN113761543 A CN 113761543A CN 202010486125 A CN202010486125 A CN 202010486125A CN 113761543 A CN113761543 A CN 113761543A
Authority
CN
China
Prior art keywords
data
symmetric key
key
chain
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010486125.5A
Other languages
Chinese (zh)
Other versions
CN113761543B (en
Inventor
李欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cainiao Smart Logistics Holding Ltd
Original Assignee
Cainiao Smart Logistics Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cainiao Smart Logistics Holding Ltd filed Critical Cainiao Smart Logistics Holding Ltd
Priority to CN202010486125.5A priority Critical patent/CN113761543B/en
Publication of CN113761543A publication Critical patent/CN113761543A/en
Application granted granted Critical
Publication of CN113761543B publication Critical patent/CN113761543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data processing method, a device, equipment and a machine readable medium based on a alliance chain, wherein the method comprises the following steps: encrypting the data by using the symmetric key to obtain ciphertext data; encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key; generating associated data between the identifier of the preset alliance chain member and the encrypted symmetric key; and uploading the ciphertext data and the associated data to a block chain. According to the embodiment of the application, data can be isolated from non-preset alliance chain members, so that privacy data can be protected, and the safety of the data can be improved.

Description

Data processing method, device, equipment and machine readable medium based on alliance chain
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data processing method based on a federation chain, a data processing apparatus based on a federation chain, a device, and a machine-readable medium.
Background
With the continuous development of internet technology, blockchain technology is gradually introduced into service transactions of financial institutions such as banks and e-commerce. The block chain technology is a brand new network application technology formed by combining the traditional encryption technology and the internet distribution technology. The current block chain is generally classified into a public chain, a alliance chain and a private chain according to different admittance forms of constituent nodes of the block chain, wherein the alliance chain is a block chain applied among organizations, the nodes included in the block chain generally have entity organization corresponding to the nodes, such as banks, insurance, securities, business associations and the like, and the organization forms alliances related to interests, so as to commonly maintain the healthy operation of the block chain.
Currently, multiple nodes of a federation chain typically share a set of blockchain data, that is, nodes of all federation members in the federation chain share the same ledger. However, in practical applications, some data isolation is desired between different nodes for privacy protection.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present application is to provide a data processing method based on a federation chain, which can isolate data from non-preset members of the federation chain, and further can protect private data and improve the security of the data.
Correspondingly, the embodiment of the application also provides a data processing device based on the alliance chain, a device and a machine readable medium, which are used for ensuring the realization and the application of the method.
In order to solve the above problem, an embodiment of the present application discloses a data processing method based on a federation chain, including:
encrypting the data by using the symmetric key to obtain ciphertext data;
encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key;
generating associated data between the identifier of the preset alliance chain member and the encrypted symmetric key;
and uploading the ciphertext data and the associated data to a block chain.
In order to solve the above problem, an embodiment of the present application further provides a data processing method based on a federation chain, including:
reading ciphertext data and associated data in the block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
and decrypting the encrypted symmetric key by using a private key of the target member of the alliance chain to obtain the symmetric key.
On the other hand, the embodiment of the present application further discloses a data processing apparatus based on a federation chain, including:
the data encryption module is used for encrypting the data by using the symmetric key to obtain ciphertext data;
the key encryption module is used for encrypting the symmetric key by using a public key of a preset alliance link member to obtain an encrypted symmetric key;
the association generation module is used for generating association data between the identifier of the preset alliance chain member and the encrypted symmetric key;
and the uploading module is used for uploading the ciphertext data and the associated data to a block chain.
On the other hand, the embodiment of the present application further discloses a data processing apparatus based on a federation chain, including:
the reading module is used for reading the ciphertext data and the associated data in the block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
and the key decryption module is used for decrypting the encrypted symmetric key by using a private key of the target alliance chain member to obtain the symmetric key.
In another aspect, an embodiment of the present application further discloses an apparatus, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform one or more of the methods described above.
In yet another aspect, embodiments of the present application disclose one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform one or more of the methods described above.
The embodiment of the application has the following advantages:
the embodiment of the application encrypts the symmetric key by using the public key of the preset alliance chain member, and provides the associated data between the identifier of the preset alliance chain member and the encrypted symmetric key, so that the preset alliance chain member has the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset federation chain members can be specified by a data provider, and the data provider can provide corresponding associated data for one or more federation chain members when the data provider wants the one or more federation chain members to see the data. For members other than the default federation chain member (other than the default federation chain member), the capabilities to decrypt the encrypted symmetric key and access the corresponding data are not available. According to the method and the device, the data can be accessed by the preset alliance chain members but not the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the private data can be protected, and the safety of the data can be improved.
Drawings
FIG. 1 is a flowchart illustrating steps of a first embodiment of a federation chain-based data processing method of the present application;
FIG. 2 is a flowchart illustrating steps of a second embodiment of a federation chain-based data processing method of the present application;
FIG. 3 is a flowchart illustrating the third step of an embodiment of a federation link-based data processing method of the present application;
FIG. 4 is a flowchart illustrating the fourth step of an embodiment of a federation chain-based data processing method of the present application;
FIG. 5 is a flowchart illustrating the fifth step of an embodiment of a federation chain-based data processing method of the present application;
FIG. 6 is a flowchart illustrating steps of a sixth embodiment of a federation chain-based data processing method of the present application;
FIG. 7 is a flowchart illustrating the seventh step of an embodiment of a federation chain-based data processing method of the present application;
FIG. 8 is an application example of a federation chain-based data processing method according to an embodiment of the present application;
FIG. 9 is a block diagram of an embodiment of a federation chain-based data processing apparatus of the present application;
FIG. 10 is a block diagram of an embodiment of a federation chain-based data processing apparatus of the present application; and
fig. 11 is an exemplary device 1300 that can be used to implement the various embodiments described in this application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
While the concepts of the present application are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the description above is not intended to limit the application to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the application.
Reference in the specification to "one embodiment," "an embodiment," "a particular embodiment," or the like, means that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may or may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, where a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described. In addition, it should be understood that items in the list included in the form "at least one of a, B, and C" may include the following possible items: (A) (ii) a (B) (ii) a (C) (ii) a (A and B); (A and C); (B and C); or (A, B and C). Likewise, a listing of items in the form of "at least one of a, B, or C" may mean (a); (B) (ii) a (C) (ii) a (A and B); (A and C); (B and C); or (A, B and C).
In some cases, the disclosed embodiments may be implemented as hardware, firmware, software, or any combination thereof. The disclosed embodiments may also be implemented as instructions carried or stored on one or more transitory or non-transitory machine-readable (e.g., computer-readable) storage media, which may be executed by one or more processors. A machine-readable storage medium may be implemented as a storage device, mechanism, or other physical structure (e.g., a volatile or non-volatile memory, a media disk, or other media other physical structure device) for storing or transmitting information in a form readable by a machine.
In the drawings, some structural or methodical features may be shown in a particular arrangement and/or ordering. Preferably, however, such specific arrangement and/or ordering is not necessary. Rather, in some embodiments, such features may be arranged in different ways and/or orders than as shown in the figures. Moreover, the inclusion of structural or methodical features in particular figures is not meant to imply that such features are required in all embodiments and that, in some embodiments, such features may not be included or may be combined with other features.
The embodiment of the application can be applied to the scene of the alliance chain. The federation chain may include: a data provider and a data accessor.
The processing flow of the data provider may include: encrypting the data by using the symmetric key to obtain ciphertext data; encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key; generating associated data between the identifier of the preset alliance link member and the encrypted symmetric key; and uploading the ciphertext data and the associated data to a block chain.
The processing flow of the data access party can comprise: reading ciphertext data and associated data in the block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain; decrypting the encrypted symmetric key by using a private key of a target alliance chain member to obtain a symmetric key; and decrypting the ciphertext data by using the symmetric key.
It will be appreciated that the federation chain may include, in addition to the data provider and the data accessor: and the block chain platform can provide services of the alliance chain for the nodes of the alliance chain so that the nodes of the alliance chain obtain the encrypted distributed ledger.
The embodiment of the application encrypts the symmetric key by using the public key of the preset alliance chain member, and provides the associated data between the identifier of the preset alliance chain member and the encrypted symmetric key, so that the preset alliance chain member has the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset federation chain members can be specified by a data provider, and the data provider can provide corresponding associated data for one or more federation chain members when the data provider wants the one or more federation chain members to see the data. For members other than the default federation chain member (other than the default federation chain member), the capabilities to decrypt the encrypted symmetric key and access the corresponding data are not available. According to the method and the device, the data can be accessed by the preset alliance chain members but not the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the private data can be protected, and the safety of the data can be improved.
In addition, the embodiment of the application can be implemented under the condition that a distributed account book exists on a federation chain, so that the network synchronization overhead and the storage overhead can be reduced.
In addition, the embodiment of the application uses a symmetric encryption algorithm and an asymmetric encryption algorithm to encrypt and protect data, so that the difficulty in realizing an encryption technology can be reduced.
Method embodiment one
Referring to fig. 1, a flowchart illustrating steps of a first embodiment of a data processing method based on a federation chain according to the present application is shown, which may specifically include the following steps:
step 101, encrypting data by using a symmetric key to obtain ciphertext data;
102, encrypting the symmetric key by using a public key of a preset alliance link member to obtain an encrypted symmetric key;
103, generating associated data between the identifier of the preset alliance link member and the encrypted symmetric key;
and 104, uploading the ciphertext data and the associated data to a block chain.
At least one step included in the method shown in fig. 1 of the embodiment of the present application may be performed by a data provider, and the data provider may correspond to any member of a federation chain or any node in the federation chain.
At least one of the steps included in the method of fig. 1 according to the embodiments of the present application may be performed by a blockchain platform. The blockchain platform can provide services of the alliance chain for the nodes of the alliance chain, so that the nodes of the alliance chain can obtain the encrypted distributed ledger. The blockchain platform may receive a write chain request for the federation chain and perform the method of FIG. 1 in accordance with the write chain request.
It is to be understood that the embodiments of the present application are not limited to the particular implementation of the method shown in fig. 1.
In this embodiment of the present application, the data provided by the data provider may be transaction data, and of course, the embodiment of the present application does not impose a limitation on the specific data provided by the data provider.
In step 101, a symmetric key may be randomly generated, and data may be encrypted using the symmetric key. In the embodiment of the present application, a symmetric encryption algorithm may be adopted, and the symmetric key is used to encrypt the data, where the symmetric encryption algorithm may include: DES (Data Encryption Standard), AES (Advanced Encryption Standard), and the like.
The data in step 101 may correspond to all or part of the transaction data. For example, embodiments of the present application may encrypt transaction data using a symmetric key. For another example, the embodiment of the present application may encrypt the preset field in the transaction data by using a symmetric key. The preset field can be a sensitive field in the transaction data, such as a name, a telephone number and the like, so as to protect the privacy information of the user. It can be understood that, a person skilled in the art may determine the preset field according to the actual application requirement, and the embodiment of the present application does not limit the specific preset field.
In an optional embodiment of the present application, the encrypting data with a symmetric key specifically includes: encrypting a preset field in the transaction data by using a first symmetric key to obtain first ciphertext data; and encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data.
In another optional embodiment of the present application, the encrypting data with a symmetric key specifically includes: and encrypting the transaction data by using the third symmetric key to obtain third ciphertext data.
In step 102, the preset federation chain members may be specified by the data provider, and if the data provider desires one or more federation chain members to see data, the one or more federation chain members may be determined as the preset federation members, so that the preset federation chain members have the capability of decrypting the encrypted symmetric key. For non-default federation chain members (members other than the default federation chain member), there is no ability to decrypt the encrypted symmetric key. For example, if the data provider is party a, then it may use party a, party B, and party C as members of the predetermined federation chain, so that party a, party B, and party C have the capability of decrypting the encrypted symmetric key, and thus party a, party B, and party C can access the corresponding data in the blockchain.
In an application example of the present application, the league chain members corresponding to the e-market scenes may include: sellers, buyers, transaction platforms, partners (logistics agencies), national agencies (customs, tax authorities), etc. For a member of a federation chain, it is generally desirable to have a preset member of the federation chain view the corresponding data, and not desirable to have a non-preset member of the federation chain view the corresponding data. For example, customs or tax authorities want transaction platforms and buyers to view corresponding transaction data, while sellers and partners do not want to view corresponding data; thus, the customs or tax authority may determine the corresponding preset federation chain members for the data. Similarly, other coalition chain members can also determine the preset coalition chain members corresponding to the data according to the actual application requirements.
The preset alliance chain members are obtained according to the safety information of the alliance chain members. The security information may be a security level or a security value, etc. For example, the security levels may include: high-level, medium-level, low-level, etc., then for the transaction data, the high-level and medium-level federation chain members may be taken as preset federation chain members; and for the preset field in the transaction data, the member of the advanced alliance chain can be used as the member of the preset alliance chain. It can be understood that, a person skilled in the art may determine the preset federation chain member according to an actual application requirement, and a specific determination manner of the preset federation chain member is not limited in the embodiment of the present application.
In this embodiment of the application, optionally, the preset federation chain member may include: the corresponding member of the federation chain of the data provider and/or the member of the federation chain specified by the data provider.
The embodiment of the application can encrypt the symmetric key by using the public key corresponding to the member of the alliance chain corresponding to the data provider, so that the data provider can obtain the capacity of decrypting and obtaining plaintext data at any time.
The embodiment of the application can encrypt the symmetric key by using the public key corresponding to the alliance chain member appointed by the data provider, so that the alliance chain member appointed by the data provider can obtain the capacity of decrypting at any time and obtaining plaintext data.
In the embodiment of the present application, the public keys of the plurality of federation chain members may be provided within the scope of the federation chain, in other words, the public keys of the plurality of federation chain members are public within the scope of the federation chain. Therefore, in the embodiment of the present application, the public key of the member in the preset federation chain may be used to encrypt the symmetric key.
It should be noted that one symmetric key may correspond to at least one member of the default federation chain. If one symmetric key corresponds to a plurality of preset federation chain members, the symmetric key may be encrypted using the public keys of the plurality of preset federation chain members, respectively. For example, the plurality of predefined federation chain members includes: the participant a, the participant B, and the participant C may encrypt the symmetric key according to the public key of the participant a to obtain the encrypted symmetric key a. Similarly, the encrypted symmetric key B may be obtained according to the public key of the party B, and the encrypted symmetric key C may be obtained according to the public key of the party C.
Optionally, in the embodiment of the present application, an asymmetric encryption algorithm may be used to encrypt the symmetric key. The asymmetric encryption algorithm may include: RSA (proposed by Ron Rivest, Adi Shamir, Leonard Adleman), ECDSA (Elliptic Curve Signature Algorithm, eliptic current Digital Signature Algorithm), etc., it is understood that the embodiments of the present application are not limited to a specific asymmetric encryption Algorithm.
In an optional embodiment of the present application, the encrypting the symmetric key specifically includes: encrypting the first symmetric key by using a public key of a first preset alliance link member to obtain a first encrypted symmetric key; and encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key. The first preset alliance chain member and the second preset alliance chain member can be the same or different. For example, the first predetermined federation chain member includes: participant a and participant B, the second predetermined federation chain members including: party a, party B, and party C, etc.
In step 103, the identifier of the preset federation chain member may be used to uniquely identify the preset federation chain member. The presetting of the identities of the members of the federation chain may include: user account, user device information, etc.
In the case that one symmetric key corresponds to a plurality of preset federation chain members, corresponding associated data may be generated for the plurality of preset federation chain members, respectively. For example, party a corresponds to associated data a, party B corresponds to associated data B, party C corresponds to associated data C, and so on.
According to one embodiment, the symmetric key comprises: in the case of the first symmetric key and the second symmetric key, the association data may include:
first associated data corresponding to the first encrypted symmetric key; and
and second associated data corresponding to the second encrypted symmetric key.
According to another embodiment, the symmetric key comprises: in the case of the third symmetric key, the association data may include: and third associated data corresponding to the third symmetric key.
Alternatively, the association data may be key-value data. Wherein, key may be identification, and value may be symmetric encryption key. For example, the association data may include: { party a: encrypted symmetric key a, party B: encrypted symmetric key B, etc.
The embodiment of the application can write the associated data into a data volume, and the data volume can be in a JSON (JSON Object Notation) format. The data volume may include: nested key-value pair data.
Keys in the first-level key-value pair data in the data volume may characterize the data type, and values in the first-level key-value pair data may include: a second layer of key-value pair data, the second layer of key-value pair data corresponding to the association data.
An example of a data volume may be: { second key content key: { second identification: second encryption symmetric key }, first key content key: { first identification: first encryption symmetric key }. The second identifier is specifically an identifier of a second preset alliance chain member, and the first identifier is specifically an identifier of a first preset alliance chain member.
In step 104, the ciphertext data and the associated data are uploaded to a block chain, so that a preset alliance chain member can read the ciphertext data and decrypt the ciphertext data.
The embodiment of the application can write the ciphertext data and the associated data into a data body and upload the data body to a block chain.
An example of a data volume may be: { data ciphertext content key: { second ciphertext data }, second key content key: { a second identification; second encryption symmetric key }, first key content key: { first identity, first encryption symmetric key } }.
In summary, in the data processing method based on the federation chain in the embodiment of the present application, the symmetric key is encrypted by using the public key of the preset federation chain member, and the associated data between the identifier of the preset federation chain member and the encrypted symmetric key is provided, so that the preset federation chain member can have the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset federation chain members can be specified by a data provider, and the data provider can provide corresponding associated data for one or more federation chain members when the data provider wants the one or more federation chain members to see the data. For members other than the default federation chain member (other than the default federation chain member), the capabilities to decrypt the encrypted symmetric key and access the corresponding data are not available. According to the method and the device, the data can be accessed by the preset alliance chain members but not the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the private data can be protected, and the safety of the data can be improved.
Method embodiment two
Referring to fig. 2, a flowchart illustrating steps of a second embodiment of a data processing method based on a federation chain according to the present application is shown, which may specifically include the following steps:
step 201, encrypting a preset field in transaction data by using a first symmetric key to obtain first ciphertext data;
step 202, encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data;
step 203, encrypting the first symmetric key by using a public key of a first preset alliance link member to obtain a first encrypted symmetric key;
step 204, encrypting the second symmetric key by using a public key of a second preset alliance link member to obtain a second encrypted symmetric key;
step 205, generating first association data between the identifier of the first preset alliance chain member and the first encrypted symmetric key, and generating second association data between the identifier of the second preset alliance chain member and the second encrypted symmetric key;
step 206, uploading the second ciphertext data, the first associated data, and the second associated data to a blockchain.
The embodiment of the application can carry out multi-layer encryption on the transaction data so as to share the transaction data with full plaintext, partial plaintext or full ciphertext aiming at different alliance chain members.
If the first preset alliance chain member corresponds to a first range and the second preset alliance chain member corresponds to a second range, the alliance chain members in the first range and the second range are hit, and the full plaintext of the transaction data can be seen; members of the federation chain who hit the second range but miss the first range may see a portion of the transaction data in clear text, which may include: clear text in the transaction data except for the preset field; missing a member of the second range of federation chains, the full ciphertext of the transaction data may be seen.
Method embodiment three
Referring to fig. 3, a flowchart illustrating steps of a third embodiment of a data processing method based on a federation chain according to the present application is shown, which may specifically include the following steps:
step 301, encrypting the transaction data by using a third symmetric key to obtain third ciphertext data;
step 302, encrypting the third symmetric key by using a public key of a third preset alliance link member to obtain a third encrypted symmetric key;
step 303, generating third association data between the identifier of the third preset federation member and the third encrypted symmetric key;
and step 304, uploading the third ciphertext data and the third associated data to a block chain.
The embodiment of the application can encrypt the transaction data by one layer so as to share the transaction data with full plaintext or full ciphertext aiming at different alliance chain members.
If the third preset alliance chain member corresponds to the third range, the alliance chain member in the third range is hit, and the full plaintext of the transaction data can be seen; missing a third range of coalition chain members, the full ciphertext of the transaction data may be seen.
In practical applications, the third preset alliance chain member may be the same as or different from the first preset alliance chain member, and similarly, the third preset alliance chain member may be the same as or different from the second preset alliance chain member.
Method example four
Referring to fig. 4, a flowchart illustrating a fourth step of the data processing method based on a federation chain according to the present application is shown, where the method specifically includes the following steps:
step 401, reading ciphertext data and associated data in a block chain; the association data may include: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
and step 402, decrypting the encrypted symmetric key by using a private key of the target member of the alliance chain to obtain the symmetric key.
At least one step included in the method shown in fig. 4 of the embodiment of the present application may be performed by a data access party, and the data access party may correspond to any member of a federation chain or any node in the federation chain.
At least one of the steps included in the method of fig. 4 according to the embodiments of the present application may be performed by a blockchain platform. The blockchain platform can provide services of the federation chain for the nodes of the federation chain so that the nodes of the federation chain obtain the distributed ledger. The blockchain platform may receive a read chain request for the federation chain and perform the method illustrated in FIG. 4 in accordance with the read chain request.
It is understood that the embodiment of the present application does not impose any limitation on the specific implementation of the method shown in fig. 4.
In step 402, the target federation chain member may be a federation chain member corresponding to the data accessing party, which may characterize the federation chain member logged on the node. The target federation chain member may be the same as or different from the predetermined federation chain member.
Under the condition that the target alliance chain member is the same as the preset alliance chain member, acquiring a target encryption symmetric key corresponding to the target alliance chain member from the associated data according to the identification of the target alliance chain member; and the private key of the target member of the alliance chain is used for decrypting the target encrypted symmetric key to obtain a result of successful decryption.
And under the condition that the target alliance chain member is different from the preset alliance chain member, the target encryption symmetric key corresponding to the target alliance chain member cannot be obtained. In this case, the private key of the target member of the federation chain is used to decrypt any encrypted symmetric key in the associated data, and a result of decryption failure is obtained.
In an optional embodiment of the present application, the method may further include: and if the encrypted symmetric key is successfully decrypted, decrypting the ciphertext data by using the symmetric key. It is understood that if the decryption of the encrypted symmetric key fails, the process ends.
In an optional embodiment of the present application, in a case of using single-layer encryption, the decrypting the encrypted symmetric key specifically includes: and decrypting the third encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the third symmetric key.
Optionally, the method may further include: and if the decryption of the third encrypted symmetric key is successful, decrypting the third ciphertext data by using the third symmetric key to obtain plaintext data.
In another optional embodiment of the present application, in the case of using multiple layers of encryption, the decrypting the encrypted symmetric key includes: and decrypting the second encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the second symmetric key.
Optionally, the method may further include: and if the decryption of the second encrypted symmetric key is successful, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data. The first ciphertext data may include: and presetting a field ciphertext.
In order to decrypt the ciphertext of the preset field in the first ciphertext data, the method may further include: acquiring a preset field ciphertext from the first ciphertext data; and decrypting the first encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the first symmetric key.
Optionally, the method may further include: and if the decryption of the first encrypted symmetric key is successful, decrypting the preset field ciphertext by using the first symmetric key to obtain the preset field plaintext.
In summary, the data processing method based on the federation chain in the embodiment of the present application provides the associated data between the identifier of the preset federation chain member and the encrypted symmetric key, so that the preset federation chain member can decrypt the encrypted symmetric key by using its private key to access the corresponding data. According to the embodiment of the application, the result of decryption failure of the non-preset alliance chain member can be obtained, so that the data can be accessed by the preset alliance chain member but not the non-preset alliance chain member, the data can be isolated from the non-preset alliance chain member, the private data can be protected, and the safety of the data can be improved.
Method example five
Referring to fig. 5, a flowchart illustrating a fifth step of an embodiment of a data processing method based on a federation chain according to the present application is shown, which may specifically include the following steps:
step 501, reading second ciphertext data and associated data in a block chain; the association data may include: first association data and second association data; the first associated data specifically includes: the identification of a first preset alliance chain member and a first encryption symmetric key; the second associated data specifically includes: the identification of a second preset alliance chain member and a second encryption symmetric key are obtained;
step 502, decrypting the second encrypted symmetric key by using a private key of the target member of the federation chain to obtain a second symmetric key;
step 503, decrypting the second ciphertext data by using the second symmetric key to obtain first ciphertext data;
step 504, obtaining a preset field ciphertext from the first ciphertext data;
step 505, decrypting the first encrypted symmetric key by using a private key of the target member of the alliance chain to obtain a first symmetric key;
and step 506, decrypting the ciphertext of the preset field by using the first symmetric key to obtain the plaintext of the preset field.
The embodiment of the application can carry out multi-layer decryption on the transaction data so as to access the transaction data by all plaintexts, partial plaintexts or all ciphertexts aiming at different alliance chain members.
In the embodiment of the application, first decryption is performed on the second ciphertext data to obtain the first ciphertext data. The second symmetric key corresponding to the first decryption may be obtained by decrypting the second encrypted symmetric key according to the private key of the target member of the federation chain. Specifically, the target second encrypted symmetric key corresponding to the target federation chain member may be obtained from the second associated data according to the identifier of the target federation chain member, and the target second encrypted symmetric key may be decrypted according to a private key of the target federation chain member.
The first ciphertext data may include a preset field ciphertext, and the embodiment of the present application may perform second decryption on the preset field ciphertext to obtain a preset field plaintext. The first symmetric key corresponding to the second decryption may be obtained by decrypting the first encrypted symmetric key according to the private key of the target member of the federation chain. Specifically, the target first encrypted symmetric key corresponding to the target federation chain member may be obtained from the first associated data according to the identifier of the target federation chain member, and the target first encrypted symmetric key may be decrypted according to a private key of the target federation chain member.
The embodiment of the application can provide a list of the preset fields, and the target member in the federation chain can see the names of the preset fields, but needs to obtain the contents of the preset fields through second decryption.
It should be noted that, in the decryption in step 502 and step 505, the obtained decryption result may include: decryption is successful or decryption fails. If decryption fails, the process may end.
Method example six
Referring to fig. 6, a flowchart of a sixth step of an embodiment of a data processing method based on a federation chain according to the present application is shown, where the embodiment is used to explain a flow of a data provider writing transaction data into a blockchain, and specifically may include the following steps:
601, determining transaction data and a preset field in the transaction data;
step 602, determining whether a preset field exists, if so, executing step 603, otherwise, executing step 608;
step 603, randomly generating a first symmetric key;
step 604, encrypting the preset field by using the symmetric key to obtain first encrypted data;
step 605, reading a first preset alliance chain member capable of decrypting a preset field
Configuring data;
step 606, obtaining a public key of a first preset alliance chain member from the first configuration data, and encrypting the first symmetric key by using the public key;
step 607, generating a first key-value pair data of the first identifier and the first encryption symmetric key;
step 608, randomly generating a second symmetric key;
step 609, encrypting the first encrypted data by using a second symmetric key to obtain second encrypted data;
step 610, reading second configuration data of a second preset alliance chain member capable of decrypting second encrypted data;
611, obtaining a public key of a second preset alliance link member from the second configuration data, and encrypting the second symmetric key to obtain a second encrypted symmetric key;
step 612, generating an identifier of a second preset alliance chain member and second key value pair data of a second encryption symmetric key;
step 613, writing the first key-value pair data, the second key-value pair data and the second encrypted data into a data body;
and step 614, uploading the data body to the block chain.
Method example seven
Referring to fig. 7, a flowchart of a seventh step of an embodiment of a data processing method based on a federation chain according to the present application is shown, where the embodiment is used to explain a process in which a data access party reads and decrypts transaction data in a block chain, and specifically may include the following steps:
step 701, reading second ciphertext data and associated data in a block chain;
step 702, acquiring a corresponding target second encryption symmetric key from the associated data according to the identification of the target alliance link member;
step 703, decrypting the target second encrypted symmetric key according to the private key of the target member of the federation chain;
step 704, judging whether the decryption is successful, if so, executing step 705;
step 705, decrypting the second ciphertext data by using the decrypted second symmetric key to obtain first ciphertext data;
step 706, determining whether the first ciphertext data includes a preset field ciphertext, if yes, executing step 707;
step 707, obtaining a preset field ciphertext from the first ciphertext data;
it is understood that in addition to the ciphertext of the preset field, the plaintext of the non-preset field may be included in the first ciphertext data.
Step 708, acquiring a corresponding target first encrypted symmetric key from the associated data according to the identifier of the target alliance link member;
step 709, decrypting the target first encrypted symmetric key according to the private key of the target member of the federation chain;
step 710, determining whether the decryption is successful, if so, executing step 711;
and 711, decrypting the preset field ciphertext by using the first symmetric key to obtain a preset field plaintext.
For a person skilled in the art to better understand the embodiment of the present application, referring to fig. 8, an application example of a data processing method based on a federation chain according to the embodiment of the present application is shown, where a blockchain may include a plurality of blockchain nodes, including: and the participant A, the participant B, the participant C and the participant D respectively correspond to block chain nodes.
Participant a may correspond to a trading platform for providing trading data in plaintext { ' name ': James ', product ': MP3 ', phone ': 123456 '. Participant a may learn the public keys corresponding to participant a, participant B, participant C, and participant D, respectively.
Party a may encrypt the transaction data in plaintext in multiple layers.
Wherein the first layer of encryption is sensitive field encryption. The sensitive field list is: name, phone. The symmetric key may be randomly generated, the sensitive field encrypted with the symmetric key, the symmetric key encrypted with the public keys of the party a and the party B, respectively, and a mapping between the identifier and the encrypted symmetric key, referred to as first mapping data, generated for the party a and the party B, respectively. After the first layer of encryption, first encrypted data can be obtained: { ' name '; ', product ': MP3 ', phone '; ' }.
The second layer of encryption is transaction data encryption. Symmetric keys may be randomly generated, first encrypted data may be encrypted with the symmetric keys, the symmetric keys may be encrypted with public keys of the party a, the party B, and the party C, respectively, and mappings between the identifications and the encrypted symmetric keys, referred to as second mapping data, may be generated for the party a, the party B, and the party C, respectively. After the second layer of encryption, second encrypted data can be obtained: ************************.
The data uploaded by party a to the blockchain may include: second encrypted data, first mapping data, and second mapping data.
For the party B, it can decrypt the encrypted symmetric key in the second mapping data and the first mapping data by using its private key, so that two-layer decryption can be implemented to obtain all transaction cleartext.
For the party C, it can decrypt the encrypted symmetric key in the second mapping data by using its private key, thus enabling second-layer decryption to obtain a partial transaction plaintext; while sensitive fields are not visible to the participants.
For the party D, it cannot decrypt the encrypted symmetric key in the second mapping data by using its private key, and therefore it cannot decrypt any data, and can only obtain the whole transaction ciphertext.
It is understood that the two-layer encryption and two-layer decryption shown in fig. 8 are only used as alternative embodiments, and in fact, the embodiments of the present application may perform more than two-layer encryption and more than two-layer decryption on the clear text of the transaction data.
In an alternative embodiment of the present application, the multi-layer encryption may be an N-layer encryption, which may include: the first (N-1) layer encryption and the Nth layer encryption.
Wherein, the front (N-1) layer encryption is used to encrypt the fields, and the fields corresponding to the front (N-1) layer may respectively include: a first layer field, a second layer field, a third layer field … (N-1) th field, etc. Optionally, the corresponding field of the front (N-1) layer may be determined according to security. Generally, the higher the security, the more advanced the number of layers of the corresponding field. Optionally, the security of the i-th layer field is higher than that of the (i +1) -th layer field, so that the number of encryption layers of the i-th layer field can be greater than that of the (i +1) -th layer field, that is, more layers of encryption can be performed on a field with higher security, and the security of layered encryption is improved. Wherein N, i may be a natural number greater than 0.
The nth layer encryption is used for encrypting data corresponding to the encrypted field. Similar to the second layer encryption process shown in fig. 8, the details are not repeated herein, and the interfaces are referred to each other.
In another alternative embodiment of the present application, the multi-layer encryption may include: a plurality of pairs of encryptions, wherein a pair of encryptions may in turn comprise: field encryption and data encryption, with the first layer of encryption shown in fig. 8 corresponding to field encryption and the second layer of encryption shown in fig. 8 corresponding to data encryption. The embodiment of the application can repeatedly perform the first layer encryption and the second layer encryption shown in fig. 8 to improve the security of data.
It can be understood that the encryption of different layers may correspond to the same or different preset federation chain members, and is not described herein again.
In addition, it can be understood that the multi-layer decryption is the inverse process of the multi-layer encryption, and the multi-layer decryption can be performed according to the logic of the multi-layer encryption, which is not described herein.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
The embodiment of the application also provides a data processing device based on the alliance chain.
Referring to fig. 9, a block diagram of an embodiment of a data processing apparatus based on a federation chain according to the present application is shown, and specifically, the data processing apparatus may include the following modules:
a data encryption module 901, configured to encrypt data by using a symmetric key to obtain ciphertext data;
a key encryption module 902, configured to encrypt the symmetric key using a public key of a preset federation link member to obtain an encrypted symmetric key;
an association generating module 903, configured to generate association data between the identifier of the preset federation link member and the encrypted symmetric key;
and an uploading module 904, configured to upload the ciphertext data and the associated data to a block chain.
Optionally, the data encryption module 901 may include:
the first data encryption module is used for encrypting a preset field in the transaction data by using a first symmetric key to obtain first ciphertext data;
and the second data encryption module is used for encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data.
Optionally, the key encryption module 902 may include:
the first key encryption module is used for encrypting the first symmetric key by using a public key of a first preset alliance link member to obtain a first encrypted symmetric key;
and the second key encryption module is used for encrypting the second symmetric key by using the public key of the second preset alliance link member to obtain a second encrypted symmetric key.
Optionally, the associated data includes:
first associated data corresponding to the first encrypted symmetric key; and
and second associated data corresponding to the second encrypted symmetric key.
Optionally, the data encryption module 901 may include:
and the third data encryption module is used for encrypting the transaction data by using a third symmetric key to obtain third ciphertext data.
Optionally, the key encryption module 902 may include:
and the third key encryption module is used for encrypting the third symmetric key by using the public key of a third preset alliance link member to obtain a third encrypted symmetric key.
Optionally, the preset alliance chain member is obtained according to security information of the alliance chain member.
Optionally, the preset federation chain members include: the corresponding member of the federation chain of the data provider and/or the member of the federation chain specified by the data provider.
Referring to fig. 10, a block diagram of an embodiment of a data processing apparatus based on a federation chain according to the present application is shown, and specifically, the block diagram may include the following modules:
a reading module 1001, configured to read ciphertext data and associated data in a block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
the key decryption module 1002 is configured to decrypt the encrypted symmetric key by using a private key of the target federation chain member to obtain a symmetric key.
Optionally, the apparatus may further include:
and the first data decryption module is used for decrypting the ciphertext data by using the symmetric key if the encrypted symmetric key is decrypted successfully.
Optionally, the key decryption module 1002 specifically includes:
and the first key decryption module is used for decrypting the second encrypted symmetric key by using the private key of the target alliance chain member to obtain the second symmetric key.
Optionally, the apparatus may further include:
and the second data decryption module is used for decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data if the decryption of the second encrypted symmetric key is successful.
Optionally, the apparatus may further include:
a field ciphertext obtaining module, configured to obtain a preset field ciphertext from the first ciphertext data;
and the second key decryption module is used for decrypting the first encrypted symmetric key by using the private key of the target alliance chain member to obtain the first symmetric key.
Optionally, the apparatus may further include:
and the third data decryption module is used for decrypting the preset field ciphertext by using the first symmetric key to obtain the preset field plaintext if the decryption of the first encrypted symmetric key is successful.
Optionally, the key decryption module 1002 includes:
and the third key decryption module is used for decrypting the third encrypted symmetric key by using the private key of the target alliance chain member to obtain the third symmetric key.
Optionally, the apparatus may further include:
and the fourth data decryption module is used for decrypting the third ciphertext data by using the third symmetric key to obtain plaintext data if the third encrypted symmetric key is decrypted successfully.
Optionally, the preset federation chain members may include: the corresponding member of the federation chain of the data provider and/or the member of the federation chain specified by the data provider.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Embodiments of the application can be implemented as a system or apparatus employing any suitable hardware and/or software for the desired configuration. Fig. 11 schematically illustrates an exemplary device 1300 that can be used to implement the various embodiments described above in this application.
For one embodiment, fig. 11 illustrates an exemplary apparatus 1300, which apparatus 1300 may comprise: one or more processors 1302, a system control module (chipset) 1304 coupled to at least one of the processors 1302, system memory 1306 coupled to the system control module 1304, non-volatile memory (NVM)/storage 1308 coupled to the system control module 1304, one or more input/output devices 1310 coupled to the system control module 1304, and a network interface 1312 coupled to the system control module 1306. The system memory 1306 may include: instruction 1362, the instruction 1362 executable by the one or more processors 1302.
Processor 1302 may include one or more single-core or multi-core processors, and processor 1302 may include any combination of general-purpose processors or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the device 1300 can be a server, a target device, a wireless device, etc. as described above in embodiments of the present application.
In some embodiments, device 1300 may include one or more machine-readable media (e.g., system memory 1306 or NVM/storage 1308) having instructions thereon and one or more processors 1302, which in combination with the one or more machine-readable media, are configured to execute the instructions to implement the modules included in the aforementioned means to perform the actions described above in embodiments of the present application.
System control module 1304 for one embodiment may include any suitable interface controller to provide any suitable interface to at least one of processors 1302 and/or any suitable device or component in communication with system control module 1304.
System control module 1304 for one embodiment may include one or more memory controllers to provide an interface to system memory 1306. The memory controller may be a hardware module, a software module, and/or a firmware module.
System memory 1306 for one embodiment may be used to load and store data and/or instructions 1362. For one embodiment, system memory 1306 may include any suitable volatile memory, such as suitable DRAM (dynamic random access memory). In some embodiments, system memory 1306 may include: double data rate type four synchronous dynamic random access memory (DDR4 SDRAM).
System control module 1304 for one embodiment may include one or more input/output controllers to provide an interface to NVM/storage 1308 and input/output device(s) 1310.
NVM/storage 1308 for one embodiment may be used to store data and/or instructions 1382. NVM/storage 1308 may include any suitable non-volatile memory (e.g., flash memory, etc.) and/or may include any suitable non-volatile storage device(s), e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives, etc.
The NVM/storage 1308 may include storage resources that are physically part of the device on which the apparatus 1300 is installed or may be accessible by the device and not necessarily part of the device. For example, the NVM/storage 1308 may be accessed over a network via the network interface 1312 and/or through the input/output devices 1310.
Input/output device(s) 1310 for one embodiment may provide an interface for device 1300 to communicate with any other suitable device, and input/output devices 1310 may include communication components, audio components, sensor components, and so forth.
Network interface 1312 of one embodiment may provide an interface for device 1300 to communicate with one or more networks and/or with any other suitable means, and device 1300 may communicate wirelessly with one or more components of a Wireless network according to any of one or more Wireless network standards and/or protocols, e.g., to access a Wireless network based on a communication standard, such as WiFi (Wireless Fidelity), 2G or 3G or 4G or 5G, or a combination thereof.
For one embodiment, at least one of the processors 1302 may be packaged together with logic for one or more controllers (e.g., memory controllers) of the system control module 1304. For one embodiment, at least one of the processors 1302 may be packaged together with logic for one or more controllers of the system control module 1304 to form a System In Package (SiP). For one embodiment, at least one of the processors 1302 may be integrated on the same novelty as the logic of one or more controllers of the system control module 1304. For one embodiment, at least one of processors 1302 may be integrated on the same chip with logic for one or more controllers of system control module 1304 to form a system on a chip (SoC).
In various embodiments, apparatus 1300 may include, but is not limited to: a computing device such as a desktop computing device or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.). In various embodiments, device 1300 may have more or fewer components and/or different architectures. For example, in some embodiments, device 1300 may include one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and speakers.
Wherein, if the display includes a touch panel, the display screen may be implemented as a touch screen display to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The present application also provides a non-transitory readable storage medium, where one or more modules (programs) are stored in the storage medium, and when the one or more modules are applied to an apparatus, the apparatus may be caused to execute instructions (instructions) of methods in the present application.
Provided in one example is an apparatus comprising: one or more processors; and, instructions in one or more machine-readable media stored thereon, which when executed by the one or more processors, cause the apparatus to perform a method as in embodiments of the present application, which may include: the method shown in fig. 2 or fig. 3 or fig. 4 or fig. 5 or fig. 6 or fig. 7 or fig. 8.
One or more machine-readable media are also provided in one example, having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform a method as in embodiments of the application, which may include: the method shown in fig. 2 or fig. 3 or fig. 4 or fig. 5 or fig. 6 or fig. 7 or fig. 8.
The specific manner in which each module performs operations of the apparatus in the above embodiments has been described in detail in the embodiments related to the method, and will not be described in detail here, and reference may be made to part of the description of the method embodiments for relevant points.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above detailed descriptions of a federation chain-based data processing method, a federation chain-based data processing apparatus, a device, and a machine-readable medium provided by the present application are provided, and a specific example is applied in the present application to illustrate the principles and embodiments of the present application, and the description of the above embodiment is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (23)

1. A data processing method based on a federation chain is characterized by comprising the following steps:
encrypting the data by using the symmetric key to obtain ciphertext data;
encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key;
generating associated data between the identifier of the preset alliance chain member and the encrypted symmetric key;
and uploading the ciphertext data and the associated data to a block chain.
2. The method of claim 1, wherein encrypting data using a symmetric key comprises:
encrypting a preset field in the transaction data by using a first symmetric key to obtain first ciphertext data;
and encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data.
3. The method of claim 2, wherein the encrypting the symmetric key comprises:
encrypting the first symmetric key by using a public key of a first preset alliance link member to obtain a first encrypted symmetric key;
and encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key.
4. The method of claim 3, wherein the association data comprises:
first associated data corresponding to the first encrypted symmetric key; and
and second associated data corresponding to the second encrypted symmetric key.
5. The method of claim 1, wherein encrypting data using a symmetric key comprises:
and encrypting the transaction data by using the third symmetric key to obtain third ciphertext data.
6. The method of claim 5, wherein the encrypting the symmetric key comprises:
and encrypting the third symmetric key by using the public key of a third preset alliance chain member to obtain a third encrypted symmetric key.
7. The method according to any one of claims 1 to 6, wherein the predetermined member of the federation chain is obtained according to security information of the member of the federation chain.
8. The method according to any one of claims 1 to 6, wherein the predetermined federation chain members include: the corresponding member of the federation chain of the data provider and/or the member of the federation chain specified by the data provider.
9. A data processing method based on a federation chain is characterized by comprising the following steps:
reading ciphertext data and associated data in the block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
and decrypting the encrypted symmetric key by using a private key of the target member of the alliance chain to obtain the symmetric key.
10. The method of claim 9, further comprising:
and if the decryption of the encrypted symmetric key is successful, decrypting the ciphertext data by using the symmetric key.
11. The method of claim 9, wherein decrypting the encrypted symmetric key comprises:
and decrypting the second encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the second symmetric key.
12. The method of claim 11, further comprising:
and if the decryption of the second encrypted symmetric key is successful, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data.
13. The method of claim 12, further comprising:
acquiring a preset field ciphertext from the first ciphertext data;
and decrypting the first encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the first symmetric key.
14. The method of claim 13, further comprising:
and if the decryption of the first encrypted symmetric key is successful, decrypting the preset field ciphertext by using the first symmetric key to obtain the preset field plaintext.
15. The method of claim 7, wherein decrypting the encrypted symmetric key comprises:
and decrypting the third encrypted symmetric key by using the private key of the target member of the alliance chain to obtain the third symmetric key.
16. The method of claim 7, further comprising:
and if the decryption of the third encrypted symmetric key is successful, decrypting third ciphertext data by using the third symmetric key to obtain plaintext data.
17. The method according to any one of claims 9 to 16, wherein the predetermined federation chain members include: the corresponding member of the federation chain of the data provider and/or the member of the federation chain specified by the data provider.
18. A federation chain-based data processing apparatus, the apparatus comprising:
the data encryption module is used for encrypting the data by using the symmetric key to obtain ciphertext data;
the key encryption module is used for encrypting the symmetric key by using a public key of a preset alliance link member to obtain an encrypted symmetric key;
the association generation module is used for generating association data between the identifier of the preset alliance chain member and the encrypted symmetric key;
and the uploading module is used for uploading the ciphertext data and the associated data to a block chain.
19. A federation chain-based data processing apparatus, the apparatus comprising:
the reading module is used for reading the ciphertext data and the associated data in the block chain; the associated data includes: presetting identifications and encrypted symmetric keys of the members of the alliance chain;
and the key decryption module is used for decrypting the encrypted symmetric key by using a private key of the target alliance chain member to obtain the symmetric key.
20. An apparatus, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method recited by one or more of claims 1-8.
21. One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the method recited by one or more of claims 1-8.
22. An apparatus, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of one or more of claims 9-17.
23. One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the method recited by one or more of claims 9-17.
CN202010486125.5A 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain Active CN113761543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010486125.5A CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010486125.5A CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Publications (2)

Publication Number Publication Date
CN113761543A true CN113761543A (en) 2021-12-07
CN113761543B CN113761543B (en) 2024-04-02

Family

ID=78782667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010486125.5A Active CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Country Status (1)

Country Link
CN (1) CN113761543B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114254365A (en) * 2021-12-26 2022-03-29 迅鳐成都科技有限公司 Block chain technology-based key value data directional sharing method, device, system and storage medium

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377560A (en) * 2010-08-19 2012-03-14 北京韩美智恒科技有限公司 Data encryption method and device for mobile communication terminal
CN104935429A (en) * 2014-03-17 2015-09-23 Tcl集团股份有限公司 Data processing method and system employing multi-encryption technology
CN106375990A (en) * 2016-10-21 2017-02-01 上海统宁科技发展有限公司 Encryption and decryption system and encryption and decryption method for private data of mobile phone
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN108667595A (en) * 2017-03-28 2018-10-16 吉林化工学院 A kind of compression encryption method of large data files
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109218291A (en) * 2018-08-14 2019-01-15 海南高灯科技有限公司 A kind of stream compression method, system and relevant device based on block chain
CN109523267A (en) * 2018-10-30 2019-03-26 苏宁易购集团股份有限公司 A kind of verification method, the apparatus and system of the transaction data based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain
CN109802940A (en) * 2018-12-12 2019-05-24 北京众享比特科技有限公司 Block chain data base encryption and decryption method, device, equipment and its storage medium
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
US20200034550A1 (en) * 2018-07-27 2020-01-30 Hrl Laboratories, Llc System and method to protect data privacy of lightweight devices using blockchain and multi-party computation
US20200084027A1 (en) * 2018-09-06 2020-03-12 Bank Of Montreal Systems and methods for encryption of data on a blockchain
CN111193702A (en) * 2019-10-18 2020-05-22 腾讯科技(深圳)有限公司 Method and device for data encryption transmission
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377560A (en) * 2010-08-19 2012-03-14 北京韩美智恒科技有限公司 Data encryption method and device for mobile communication terminal
CN104935429A (en) * 2014-03-17 2015-09-23 Tcl集团股份有限公司 Data processing method and system employing multi-encryption technology
CN106375990A (en) * 2016-10-21 2017-02-01 上海统宁科技发展有限公司 Encryption and decryption system and encryption and decryption method for private data of mobile phone
CN108667595A (en) * 2017-03-28 2018-10-16 吉林化工学院 A kind of compression encryption method of large data files
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
US20200034550A1 (en) * 2018-07-27 2020-01-30 Hrl Laboratories, Llc System and method to protect data privacy of lightweight devices using blockchain and multi-party computation
CN109218291A (en) * 2018-08-14 2019-01-15 海南高灯科技有限公司 A kind of stream compression method, system and relevant device based on block chain
US20200084027A1 (en) * 2018-09-06 2020-03-12 Bank Of Montreal Systems and methods for encryption of data on a blockchain
CN109523267A (en) * 2018-10-30 2019-03-26 苏宁易购集团股份有限公司 A kind of verification method, the apparatus and system of the transaction data based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain
CN109802940A (en) * 2018-12-12 2019-05-24 北京众享比特科技有限公司 Block chain data base encryption and decryption method, device, equipment and its storage medium
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
CN111193702A (en) * 2019-10-18 2020-05-22 腾讯科技(深圳)有限公司 Method and device for data encryption transmission
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114254365A (en) * 2021-12-26 2022-03-29 迅鳐成都科技有限公司 Block chain technology-based key value data directional sharing method, device, system and storage medium

Also Published As

Publication number Publication date
CN113761543B (en) 2024-04-02

Similar Documents

Publication Publication Date Title
TWI734041B (en) Method and device for data audit
US10942920B2 (en) Service processing system and method based on blockchain
RU2727098C1 (en) Method and device for setting keys and sending data
US11650955B2 (en) Systems and methods for distributed data storage and delivery using blockchain
CN108932297B (en) Data query method, data sharing method, device and equipment
Sun et al. Data security and privacy in cloud computing
WO2021088728A1 (en) Data encryption method, data decryption method, data sharing method, device, system, and storage medium
AU2015101933A4 (en) Secure storage of data among multiple devices
US11270029B2 (en) Data check methods, apparatuses, and devices
WO2021239072A1 (en) Method for creating node group in alliance chain network, and transaction method based on node group
US10979410B1 (en) Systems and methods for utilizing cryptology with virtual ledgers in support of transactions and agreements
CN113761543B (en) Data processing method, device, equipment and machine-readable medium based on alliance chain
Tsai et al. An ECC-based secure EMR transmission system with data leakage prevention scheme
Kumar et al. Design of retrievable data perturbation approach and TPA for public cloud data security
US11870887B2 (en) Managing central secret keys of a plurality of user devices associated with a single public key
US10043015B2 (en) Method and apparatus for applying a customer owned encryption
CN113762955B (en) Transaction processing method, device, equipment and machine-readable medium
JP2015023550A (en) Data decryption system and program
CN114285632B (en) Block chain data transmission method, device and equipment and readable storage medium
CN108509811B (en) Identification method and related device of application installation equipment
CN115459910A (en) Data encryption method, device and storage medium
CN116975902A (en) Task execution method and device based on trusted execution environment
CN111614644A (en) Block chain encryption and decryption algorithm and system
CN117874787A (en) Data protection method, device, electronic equipment and computer readable storage medium
CN117670346A (en) Virtual resource interactive verification method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant