CN113761543B - Data processing method, device, equipment and machine-readable medium based on alliance chain - Google Patents

Data processing method, device, equipment and machine-readable medium based on alliance chain Download PDF

Info

Publication number
CN113761543B
CN113761543B CN202010486125.5A CN202010486125A CN113761543B CN 113761543 B CN113761543 B CN 113761543B CN 202010486125 A CN202010486125 A CN 202010486125A CN 113761543 B CN113761543 B CN 113761543B
Authority
CN
China
Prior art keywords
data
symmetric key
key
ciphertext
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010486125.5A
Other languages
Chinese (zh)
Other versions
CN113761543A (en
Inventor
李欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cainiao Smart Logistics Holding Ltd
Original Assignee
Cainiao Smart Logistics Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cainiao Smart Logistics Holding Ltd filed Critical Cainiao Smart Logistics Holding Ltd
Priority to CN202010486125.5A priority Critical patent/CN113761543B/en
Publication of CN113761543A publication Critical patent/CN113761543A/en
Application granted granted Critical
Publication of CN113761543B publication Critical patent/CN113761543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the application provides a data processing method, a device, equipment and a machine-readable medium based on a alliance chain, wherein the method comprises the following steps: encrypting the data by using the symmetric key to obtain ciphertext data; encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key; generating associated data between the identification of the preset alliance chain member and the encryption symmetric key; uploading the ciphertext data and the association data to a blockchain. According to the embodiment of the application, the data can be isolated from the non-preset alliance chain members, so that the privacy data can be protected, and the safety of the data can be improved.

Description

Data processing method, device, equipment and machine-readable medium based on alliance chain
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data processing method based on a coalition chain, a data processing apparatus based on a coalition chain, a device, and a machine readable medium.
Background
With the continuous development of internet technology, blockchain technology is gradually introduced into service transactions of financial institutions such as banks, electronic commerce and the like. The block chain technology is a brand new network application technology formed by combining the traditional encryption technology and the internet distributed technology. Currently, blockchains are generally classified into public chains, alliance chains and private chains according to the admittance forms of the constituent nodes, wherein the alliance chains are blockchains applied among institutions, the nodes contained in the blockchains are generally organized by corresponding entity institutions such as banks, insurance, securities, business associations and the like, and each institution organization forms an alliance related to benefits and jointly maintains the healthy operation of the blockchains.
Currently, multiple nodes of a federation chain typically share a set of blockchain data, i.e., nodes of all federation members within the federation chain share the same ledger. However, in practical applications, some data isolation between different nodes is desirable for privacy protection.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present application is to provide a data processing method based on a coalition chain, which can isolate data from non-preset coalition chain members, so as to protect private data and improve the security of the data.
Correspondingly, the embodiment of the application also provides a data processing device based on the alliance chain, a device and a machine-readable medium, which are used for ensuring the realization and the application of the method.
In order to solve the above problems, an embodiment of the present application discloses a data processing method based on a federation chain, including:
encrypting the data by using the symmetric key to obtain ciphertext data;
encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key;
generating associated data between the identification of the preset alliance chain member and the encryption symmetric key;
Uploading the ciphertext data and the association data to a blockchain.
In order to solve the above problem, an embodiment of the present application further provides a data processing method based on a federation chain, which is characterized by including:
reading ciphertext data and associated data in a block chain; the association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member;
and decrypting the encrypted symmetric key by utilizing the private key of the target alliance chain member to obtain the symmetric key.
On the other hand, the embodiment of the application also discloses a data processing device based on the alliance chain, which comprises:
the data encryption module is used for encrypting the data by utilizing the symmetric key so as to obtain ciphertext data;
the key encryption module is used for encrypting the symmetric key by utilizing a public key of a preset alliance chain member so as to obtain an encrypted symmetric key;
the association generation module is used for generating association data between the identification of the preset alliance chain member and the encryption symmetric key;
and the uploading module is used for uploading the ciphertext data and the associated data to a blockchain.
On the other hand, the embodiment of the application also discloses a data processing device based on the alliance chain, which comprises:
The reading module is used for reading ciphertext data and associated data in the block chain; the association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member;
and the key decryption module is used for decrypting the encrypted symmetric key by utilizing the private key of the target alliance chain member so as to obtain the symmetric key.
In yet another aspect, an embodiment of the present application further discloses an apparatus, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform one or more of the methods described previously.
In yet another aspect, embodiments of the present application disclose one or more machine-readable media having instructions stored thereon that, when executed by one or more processors, cause an apparatus to perform one or more of the methods described previously.
Embodiments of the present application include the following advantages:
according to the embodiment of the application, the public key of the preset alliance chain member is utilized to encrypt the symmetric key, and the association data between the identification of the preset alliance chain member and the encrypted symmetric key is provided, so that the preset alliance chain member has the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset coalition chain members may be specified by a data provider who wishes one or more coalition chain members to see data, and corresponding association data may be provided for the one or more coalition chain members. Whereas for non-preset coalition chain members (members other than preset coalition chain members), they do not have the ability to decrypt encrypted symmetric keys and access corresponding data. The embodiment of the application can enable the data to be accessed by the preset alliance chain members but not by the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the privacy data can be protected, and the safety of the data can be improved.
Drawings
FIG. 1 is a flowchart illustrating steps of an embodiment of a federated chain-based data processing method in accordance with the present application;
FIG. 2 is a flowchart illustrating steps of a second embodiment of a data processing method based on a federated chain;
FIG. 3 is a flowchart illustrating steps of a third exemplary embodiment of a data processing method based on a federated chain;
FIG. 4 is a flowchart illustrating steps of a fourth embodiment of a data processing method based on a federated chain in accordance with the present application;
FIG. 5 is a flowchart illustrating steps in a fifth exemplary embodiment of a data processing method based on a federated chain;
FIG. 6 is a flowchart illustrating steps of a sixth exemplary embodiment of a data processing method based on a federated chain;
FIG. 7 is a flowchart illustrating steps of a seventh embodiment of a data processing method based on a federated chain according to the present application;
FIG. 8 is an application example of a federated chain-based data processing method in accordance with an embodiment of the present application;
FIG. 9 is a block diagram illustrating an embodiment of a federated-based data processing apparatus of the present application;
FIG. 10 is a block diagram illustrating an embodiment of a federated-based data processing apparatus of the present application; and
fig. 11 is an exemplary device 1300 that may be used to implement various embodiments described herein.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application are within the scope of the protection of the present application.
The concepts of the present application are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the description herein of specific embodiments is not intended to limit the concepts of the present application to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the scope of the present application.
Reference in the specification to "one embodiment," "an embodiment," "one particular embodiment," etc., means that a particular feature, structure, or characteristic may be included in the described embodiments, but every embodiment may or may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, where a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the purview of one skilled in the art to effect such feature, structure, or characteristic in connection with other ones of the embodiments whether or not explicitly described. In addition, it should be understood that the items in the list included in this form of "at least one of A, B and C" may include the following possible items: (A); (B); (C); (A and B); (A and C); (B and C); or (A, B and C). Likewise, an item listed in this form of "at least one of A, B or C" may mean (A); (B); (C); (A and B); (A and C); (B and C); or (A, B and C).
In some cases, the disclosed embodiments may be implemented as hardware, firmware, software, or any combination thereof. The disclosed embodiments may also be implemented as instructions carried on or stored on one or more transitory or non-transitory machine-readable (e.g., computer-readable) storage media, which may be executed by one or more processors. A machine-readable storage medium may be implemented as a storage device, mechanism, or other physical structure (e.g., volatile or non-volatile memory, a media disc, or other media other physical structure device) for storing or transmitting information in a form readable by a machine.
In the drawings, some structural or methodological features may be shown in a particular arrangement and/or ordering. Preferably, however, such specific arrangement and/or ordering is not necessary. Rather, in some embodiments, such features may be arranged in a different manner and/or order than as shown in the drawings. Furthermore, inclusion of a feature in a particular figure that is not necessarily meant to imply that such feature is required in all embodiments and that, in some embodiments, may not be included or may be combined with other features.
The embodiment of the application can be applied to the scene of the alliance chain. The coalition chain may include: a data provider and a data access party.
The processing flow of the data provider may include: encrypting the data by using the symmetric key to obtain ciphertext data; encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key; generating associated data between the identification of the preset alliance chain member and the encryption symmetric key; uploading the ciphertext data and the association data to a blockchain.
The process flow of the data access party can comprise: reading ciphertext data and associated data in a block chain; the above-mentioned association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member; decrypting the encrypted symmetric key by using the private key of the target alliance chain member to obtain the symmetric key; and decrypting the ciphertext data by using the symmetric key.
It will be appreciated that in addition to the data provider and the data accessor, the federation chain may include: and the blockchain platform can provide services of the alliance chain for the nodes of the alliance chain so as to enable the nodes of the alliance chain to obtain the encrypted distributed account book.
According to the embodiment of the application, the public key of the preset alliance chain member is utilized to encrypt the symmetric key, and the associated data between the identification of the preset alliance chain member and the encrypted symmetric key is provided, so that the preset alliance chain member has the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset coalition chain members may be specified by a data provider who wishes one or more coalition chain members to see data, and corresponding association data may be provided for the one or more coalition chain members. Whereas for non-preset coalition chain members (members other than preset coalition chain members), they do not have the ability to decrypt encrypted symmetric keys and access corresponding data. The embodiment of the application can enable the data to be accessed by the preset alliance chain members but not by the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the privacy data can be protected, and the safety of the data can be improved.
Moreover, the embodiment of the application can be implemented under the condition that one distributed account book exists on the alliance chain, so that network synchronization overhead and storage overhead can be reduced.
In addition, the embodiment of the application utilizes the symmetric encryption algorithm and the asymmetric encryption algorithm to encrypt and protect the data, so that the implementation difficulty of the encryption technology can be reduced.
Method embodiment one
Referring to fig. 1, a flowchart illustrating steps of a first embodiment of a data processing method based on a federation chain according to the present application may specifically include the following steps:
step 101, encrypting data by using a symmetric key to obtain ciphertext data;
102, encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key;
step 103, generating association data between the identification of the preset alliance chain member and the encryption symmetric key;
step 104, uploading the ciphertext data and the associated data to a blockchain.
At least one step included in the method shown in fig. 1 of the embodiments of the present application may be performed by a data provider, which may correspond to any federation chain member or any node in a federation chain.
At least one step included in the method of fig. 1 of embodiments of the present application may be performed by a blockchain platform. The blockchain platform may provide services of the federation chain for nodes of the federation chain to enable the nodes of the federation chain to obtain an encrypted distributed ledger. The blockchain platform may receive a write chain request for the coalition chain and perform the method of fig. 1 in accordance with the write chain request.
It will be appreciated that embodiments of the present application are not limited to the specific implementation of the method illustrated in fig. 1.
In the embodiment of the present application, the data provided by the data provider may be transaction data, and of course, the embodiment of the present application does not limit specific data provided by the data provider.
In step 101, a symmetric key may be randomly generated and the data encrypted using the symmetric key. The embodiment of the application can adopt a symmetric encryption algorithm, and encrypt data by using a symmetric key, wherein the symmetric encryption algorithm can comprise: DES (data encryption standard ), AES (advanced encryption standard, advanced Encryption Standard), and the like.
The data in step 101 may correspond to all or part of the transaction data. For example, embodiments of the present application may utilize symmetric keys to encrypt transaction data. As another example, embodiments of the present application may encrypt a preset field in transaction data using a symmetric key. The preset field may be a sensitive field in the transaction data, such as a name, a phone number, etc., to protect the private information of the user. It will be appreciated that, those skilled in the art may determine the preset field according to actual application requirements, and the embodiment of the present application is not limited to a specific preset field.
In an optional embodiment of the present application, the encrypting the data with the symmetric key may specifically include: encrypting a preset field in transaction data by using a first symmetric key to obtain first ciphertext data; and encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data.
In another optional embodiment of the present application, the encrypting the data with the symmetric key may specifically include: and encrypting the transaction data by using the third symmetric key to obtain third ciphertext data.
In step 102, the preset coalition chain members may be specified by a data provider, and the data provider may wish one or more coalition chain members to see the data, and then determine the one or more coalition chain members as preset coalition chain members, so that the preset coalition chain members have the capability of decrypting the encrypted symmetric key. Whereas for non-preset coalition chain members (members other than preset coalition chain members), they do not have the ability to decrypt encrypted symmetric keys. For example, if the data provider is party a, it may take party a, party B and party C as preset coalition chain members, so that party a, party B and party C have the ability to decrypt the encrypted symmetric key, and thus can enable party a, party B and party C to access the corresponding data in the blockchain.
In an application example of the present application, the coalition chain member corresponding to the electronic commerce scene may include: sellers, buyers, trading platforms, partners (logistics institutions), national institutions (customs, tax authorities), etc. For one federated chain member, it is typically desirable for the preset federated chain member to view the corresponding data, while the non-preset federated chain member is not desirable to view the corresponding data. For example, customs or tax authorities wish the trading platform and buyer to view corresponding trading data, while not wish the seller and partner to view corresponding data; thus, a customs or tax office may determine the corresponding preset coalition chain members for the data. Similarly, other alliance chain members can determine the preset alliance chain members corresponding to the data according to the actual application requirements.
The preset alliance chain members are obtained according to the security information of the alliance chain members. The security information may be a security level or a security value, etc. For example, the security level may include: high-level, medium-level, low-level, etc., then for the transaction data, the high-level and medium-level coalition chain members can be used as preset coalition chain members; for the preset field in the transaction data, the advanced alliance chain member can be used as the preset alliance chain member. It can be appreciated that, those skilled in the art may determine the preset coalition chain member according to the actual application requirement, and the specific determination manner of the preset coalition chain member in the embodiment of the present application is not limited.
In this embodiment, optionally, the preset coalition chain member may include: the data provider corresponds to the federated chain members, and/or the data provider specifies the federated chain members.
The embodiment of the application can encrypt the symmetric key by utilizing the public key corresponding to the alliance chain member corresponding to the data provider, so that the data provider can obtain the capability of decrypting at any time and obtaining the plaintext data.
The embodiment of the application can encrypt the symmetric key by utilizing the public key corresponding to the alliance chain member appointed by the data provider, so that the alliance chain member appointed by the data provider can acquire the capability of decrypting and acquiring the plaintext data at any time.
In the embodiment of the application, the public keys of a plurality of alliance chain members can be provided in the scope of the alliance chain, in other words, the public keys of a plurality of alliance chain members are public in the scope of the alliance chain. Therefore, the embodiment of the application can encrypt the symmetric key by using the public key of the preset alliance chain member.
It should be noted that a symmetric key may correspond to at least one preset coalition chain member. If one symmetric key corresponds to a plurality of preset alliance chain members, the symmetric key can be encrypted by using public keys of the preset alliance chain members respectively. For example, the plurality of preset coalition chain members includes: party a, party B and party C may encrypt the symmetric key according to the public key of party a to obtain encrypted symmetric key a. Similarly, the encrypted symmetric key B may be obtained according to the public key of the party B, and the encrypted symmetric key C may be obtained according to the public key of the party C.
Alternatively, the embodiment of the application may encrypt the symmetric key by adopting an asymmetric encryption algorithm. The asymmetric encryption algorithm may include: RSA (proposed by Ron Rivest, adi Shamir, leonard Adleman), ECDSA (elliptic curve signature algorithm, elliptic Curve Digital Signature Algorithm), etc., it is to be understood that embodiments of the present application are not limited to a particular asymmetric encryption algorithm.
In an optional embodiment of the present application, the encrypting the symmetric key specifically includes: encrypting the first symmetric key by using a public key of a first preset alliance chain member to obtain a first encrypted symmetric key; and encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key. Wherein the first preset coalition chain member and the second preset coalition chain member may be the same or different. For example, the first preset coalition chain member includes: party a and party B, the second preset coalition chain member comprising: participant a, participant B, participant C, etc.
In step 103, the identification of the preset coalition chain member may be used to uniquely identify the preset coalition chain member. The identification of the preset coalition chain members may include: user account number, user device information, etc.
In the case that one symmetric key corresponds to a plurality of preset coalition chain members, corresponding association data can be generated for the plurality of preset coalition chain members, respectively. For example, party a corresponds to associated data a, party B corresponds to associated data B, party C corresponds to associated data C, and so on.
According to one embodiment, the symmetric key comprises: in the case of the first symmetric key and the second symmetric key, the associated data may include:
the first associated data corresponding to the first encryption symmetric key; and
and the second associated data corresponding to the second encryption symmetric key.
According to another embodiment, the symmetric key comprises: in the case of the third symmetric key, the associated data may include: and third associated data corresponding to the third symmetric key.
Alternatively, the above-mentioned associated data may be key-value pair (key-value) data. The key may be an identifier, and the value may be an encryption symmetric key. For example, the association data may include: { party a: encrypt symmetric key a, party B: encrypt symmetric key B }, etc.
The embodiment of the application can write the associated data into a data body, and the data body can be in a JSON (JS object numbered musical notation, javaScript Object Notation) format. The data body may include: nested key-value pair data.
The key in the first layer key value pair data in the data body may represent a data type, and the value in the first layer key value pair data may include: and the second-layer key value pair data corresponds to the associated data.
An example of a data body may be: { second key content key: { second identification: second encrypted symmetric key, first key content key: { first identification: first encryption symmetric key }. The second identifier is specifically an identifier of a second preset alliance chain member, and the first identifier is specifically an identifier of a first preset alliance chain member.
In step 104, the ciphertext data and the associated data are uploaded to a blockchain, so that a preset coalition chain member can read the ciphertext data and decrypt the ciphertext data.
The embodiment of the application can write the ciphertext data and the associated data into a data body and upload the data body to the block chain.
An example of a data body may be: { data ciphertext content key: { second ciphertext data }, second key content key: { second identifier; second encrypted symmetric key, first key content key: { first identity, first encryption symmetric key } }.
In summary, according to the data processing method based on the coalition chain disclosed by the embodiment of the application, the public key of the preset coalition chain member is utilized to encrypt the symmetric key, and the associated data between the identification of the preset coalition chain member and the encrypted symmetric key is provided, so that the preset coalition chain member has the capabilities of decrypting the encrypted symmetric key and accessing the corresponding data. The preset coalition chain members may be specified by a data provider who wishes one or more coalition chain members to see data, and corresponding association data may be provided for the one or more coalition chain members. Whereas for non-preset coalition chain members (members other than preset coalition chain members), they do not have the ability to decrypt encrypted symmetric keys and access corresponding data. The embodiment of the application can enable the data to be accessed by the preset alliance chain members but not by the non-preset alliance chain members, so that the data can be isolated from the non-preset alliance chain members, the privacy data can be protected, and the safety of the data can be improved.
Method embodiment II
Referring to fig. 2, a flowchart illustrating steps of a second embodiment of a data processing method based on a federation chain according to the present application may specifically include the following steps:
step 201, encrypting a preset field in transaction data by using a first symmetric key to obtain first ciphertext data;
step 202, encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data;
step 203, encrypting the first symmetric key by using the public key of the first preset alliance chain member to obtain a first encrypted symmetric key;
step 204, encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key;
step 205, generating first association data between the identification of the first preset coalition chain member and the first encryption symmetric key, and generating second association data between the identification of the second preset coalition chain member and the second encryption symmetric key;
step 206, uploading the second ciphertext data, the first association data, and the second association data to a blockchain.
The embodiment of the application can carry out multi-layer encryption on the transaction data so as to share the full plaintext, partial plaintext or full ciphertext of the transaction data aiming at different alliance chain members.
Assuming that the first preset alliance chain member corresponds to a first range and the second preset alliance chain member corresponds to a second range, the alliance chain members in the first range and the second range are hit, and the full plaintext of the transaction data can be seen; alliance chain members that hit the second range but miss the first range may see a portion of the plaintext of the transaction data, which may include: plaintext in the transaction data except for a preset field; the full ciphertext of the transaction data may be seen by the coalition chain members that miss the second range.
Method example III
Referring to fig. 3, a flowchart illustrating steps of a third embodiment of a data processing method based on a federation chain according to the present application may specifically include the following steps:
step 301, encrypting the transaction data by using the third symmetric key to obtain third ciphertext data;
step 302, encrypting the third symmetric key by using the public key of the third preset alliance chain member to obtain a third encrypted symmetric key;
step 303, generating third association data between the identifier of the third preset coalition chain member and the third encryption symmetric key;
step 304, uploading the third ciphertext data and the third association data to a blockchain.
The embodiment of the application can encrypt the transaction data in one layer so as to share the full plaintext or full ciphertext of the transaction data aiming at different alliance chain members.
Assuming that a third preset alliance chain member corresponds to a third range, hitting the alliance chain member in the third range, and seeing the full plaintext of the transaction data; the full ciphertext of the transaction data may be seen by coalition chain members that miss the third range.
In practical applications, the third preset coalition chain member may be the same as or different from the first preset coalition chain member, and similarly, the third preset coalition chain member may be the same as or different from the second preset coalition chain member.
Method example IV
Referring to fig. 4, a flowchart illustrating steps of a fourth embodiment of a data processing method based on a federation chain according to the present application may specifically include the following steps:
step 401, reading ciphertext data and associated data in a block chain; the association data may include: presetting an identifier and an encryption symmetric key of a alliance chain member;
step 402, decrypting the encrypted symmetric key by using the private key of the target alliance chain member to obtain the symmetric key.
At least one step included in the method shown in fig. 4 of the embodiments of the present application may be performed by a data access party, which may correspond to any federation chain member or any node in a federation chain.
At least one step included in the method of fig. 4 of embodiments of the present application may be performed by a blockchain platform. The blockchain platform may provide services of the federation chain to nodes of the federation chain to cause the nodes of the federation chain to obtain a distributed ledger. The blockchain platform may receive a read chain request for the coalition chain and perform the method of fig. 4 in accordance with the read chain request.
It will be appreciated that embodiments of the present application are not limited to the specific implementation of the method illustrated in fig. 4.
In step 402, the target federated chain member may be a federated chain member corresponding to the data access party, which may characterize the federated chain member logged on the node. The target coalition chain member may be the same as or different from the preset coalition chain member.
Under the condition that the target alliance chain member is the same as the preset alliance chain member, a target encryption symmetric key corresponding to the target alliance chain member can be obtained from the associated data according to the identification of the target alliance chain member; and decrypting the target encryption symmetric key by using the private key of the target alliance chain member to obtain a result of successful decryption.
In the case that the target coalition chain member is different from the preset coalition chain member, the target encryption symmetric key corresponding to the target coalition chain member cannot be obtained. In this case, the private key of the target alliance chain member is used to decrypt any encrypted symmetric key in the associated data, and a decryption failure result is obtained.
In an alternative embodiment of the present application, the method may further include: and if the decryption of the encrypted symmetric key is successful, decrypting the ciphertext data by using the symmetric key. It can be understood that if the decryption of the encrypted symmetric key fails, the process ends.
In an optional embodiment of the present application, in a case of single-layer encryption, the decrypting the encrypted symmetric key specifically includes: and decrypting the third encrypted symmetric key by using the private key of the target alliance chain member to obtain a third symmetric key.
Optionally, the method may further include: and if the decryption of the third encryption symmetric key is successful, decrypting the third ciphertext data by using the third symmetric key to obtain plaintext data.
In another alternative embodiment of the present application, where multi-layer encryption is employed, the decrypting the encrypted symmetric key includes: and decrypting the second encrypted symmetric key by using the private key of the target alliance chain member to obtain a second symmetric key.
Optionally, the method may further include: and if the decryption of the second encryption symmetric key is successful, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data. The first ciphertext data may include: presetting a field ciphertext.
In order to decrypt the preset field ciphertext in the first ciphertext data, the method may further include: acquiring a preset field ciphertext from the first ciphertext data; and decrypting the first encrypted symmetric key by utilizing the private key of the target alliance chain member to obtain the first symmetric key.
Optionally, the method may further include: and if the decryption of the first encryption symmetric key is successful, decrypting the preset field ciphertext by using the first symmetric key to obtain a preset field plaintext.
In summary, according to the data processing method based on the coalition chain disclosed by the embodiment of the application, the association data between the identifier of the preset coalition chain member and the encrypted symmetric key is provided, so that the preset coalition chain member can decrypt the encrypted symmetric key by using the private key of the preset coalition chain member to access the corresponding data. According to the embodiment of the application, the non-preset alliance chain members can obtain the decryption failure result, so that the data can be accessed by the preset alliance chain members but not by the non-preset alliance chain members, the data can be isolated from the non-preset alliance chain members, the privacy data can be further protected, and the safety of the data can be improved.
Method embodiment five
Referring to fig. 5, a flowchart illustrating steps of a fifth embodiment of a data processing method based on a federation chain according to the present application may specifically include the following steps:
step 501, reading second ciphertext data and associated data in a block chain; the association data may include: first and second associated data; the first association data specifically includes: the identification of the first preset alliance chain member and the first encryption symmetric key; the second association data specifically includes: the identification of the second preset alliance chain member and the second encryption symmetric key;
step 502, decrypting the second encrypted symmetric key by using the private key of the target alliance chain member to obtain a second symmetric key;
step 503, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data;
step 504, acquiring a preset field ciphertext from the first ciphertext data;
step 505, decrypting the first encrypted symmetric key by using the private key of the target alliance chain member to obtain a first symmetric key;
and step 506, decrypting the ciphertext of the preset field by using the first symmetric key to obtain a plaintext of the preset field.
The embodiment of the application can carry out multi-layer decryption on the transaction data so as to access the transaction data in full plaintext, partial plaintext or full ciphertext aiming at different alliance chain members.
In the embodiment of the application, first decryption is performed on the second ciphertext data to obtain first ciphertext data. The second symmetric key corresponding to the first decryption can be obtained by decrypting the second encrypted symmetric key according to the private key of the target alliance chain member. Specifically, the target second encryption symmetric key corresponding to the target alliance chain member can be obtained from the second associated data according to the identification of the target alliance chain member, and the target second encryption symmetric key is decrypted according to the private key of the target alliance chain member.
The first ciphertext data may include a preset field ciphertext, and the embodiment of the present application may perform second decryption on the preset field ciphertext to obtain a preset field plaintext. The second decryption corresponding first symmetric key may be obtained by decrypting the first encrypted symmetric key according to the private key of the target alliance chain member. Specifically, a target first encryption symmetric key corresponding to the target alliance chain member can be obtained from the first associated data according to the identification of the target alliance chain member, and the target first encryption symmetric key is decrypted according to the private key of the target alliance chain member.
The embodiment of the application can provide a list of preset fields, and the target alliance chain member can see the names of the preset fields, but needs to obtain the contents of the preset fields through second decryption.
It should be noted that, the decryption in step 502 and step 505 may include: decryption success or decryption failure. If decryption fails, the flow may end.
Method example six
Referring to fig. 6, a flowchart illustrating a step of a sixth embodiment of a data processing method based on a coalition chain for describing a flow of writing transaction data into a blockchain by a data provider is shown, which may specifically include the following steps:
step 601, determining transaction data and preset fields in the transaction data;
step 602, judging whether a preset field exists, if yes, executing step 603, otherwise executing step 608;
step 603, randomly generating a first symmetric key;
step 604, encrypting the preset field by using the symmetric key to obtain first encrypted data;
step 605, reading a first preset coalition chain member capable of decrypting a preset field
Configuration data;
step 606, obtaining a public key of a first preset alliance chain member from the first configuration data, and encrypting the first symmetric key by using the public key;
Step 607, generating a first key value pair data of a first identifier and a first encryption symmetric key;
step 608, randomly generating a second symmetric key;
step 609, encrypting the first encrypted data with the second symmetric key to obtain second encrypted data;
step 610, reading second configuration data of a second preset coalition chain member capable of decrypting the second encrypted data;
step 611, obtaining the public key of the second preset alliance chain member from the second configuration data, and encrypting the second symmetric key to obtain a second encrypted symmetric key;
step 612, generating a second key value pair data of the identification of the second preset coalition chain member and the second encryption symmetric key;
step 613, writing the first key value pair data, the second key value pair data and the second encrypted data into a data body;
step 614, upload the data body to the blockchain.
Method embodiment seven
Referring to fig. 7, a flowchart illustrating a step of a seventh embodiment of a data processing method based on a coalition chain according to the present application, where the step is used to illustrate a process that a data access party reads and decrypts transaction data in a blockchain may specifically include the following steps:
step 701, reading second ciphertext data and associated data in a blockchain;
Step 702, according to the identification of the target alliance chain member, acquiring a corresponding target second encryption symmetric key from the associated data;
step 703, decrypting the target second encrypted symmetric key according to the private key of the target alliance chain member;
step 704, judging whether decryption is successful, if yes, executing step 705;
step 705, decrypting the second ciphertext data by using the second symmetric key obtained by decryption to obtain the first ciphertext data;
step 706, judging whether the first ciphertext data includes a preset field ciphertext, if yes, executing step 707;
step 707, acquiring a preset field ciphertext from the first ciphertext data;
it will be appreciated that in addition to the preset field ciphertext, the first ciphertext data may also include plaintext of a non-preset field.
Step 708, according to the identification of the target alliance chain member, acquiring a corresponding target first encryption symmetric key from the associated data;
step 709, decrypting the target first encrypted symmetric key according to the private key of the target alliance chain member;
step 710, judging whether decryption is successful, if yes, executing step 711;
and 711, decrypting the preset field ciphertext by using the first symmetric key to obtain a preset field plaintext.
For a better understanding of the embodiments of the present application, reference is made to fig. 8, which shows an example of an application of a data processing method based on a federated chain, where a blockchain may include a plurality of blockchain nodes, including: participant a, participant B, participant C, and participant D correspond to blockchain nodes, respectively.
Participant a may correspond to a trading platform for providing trading data plaintext { 'name:' James ', product:' MP3', phone:' 123456 }. Party a may learn the public keys respectively corresponding to party a, party B, party C and party D.
Party a may encrypt the transaction data plaintext in multiple layers.
Wherein the first layer encryption is sensitive field encryption. The list of sensitive fields is: name, phone. The symmetric key may be randomly generated, the sensitive field encrypted with the symmetric key, the symmetric key encrypted with the public keys of party a and party B, respectively, and the mapping between the identity and the encrypted symmetric key, referred to as first mapping data, generated for party a and party B, respectively. After the first layer encryption, first encrypted data can be obtained: { 'name': ', product': 'MP3', phone ':' }.
The second layer of encryption is transaction data encryption. The symmetric key may be randomly generated, the first encrypted data is encrypted with the symmetric key, the symmetric keys are encrypted with the public keys of party a, party B and party C, respectively, and the mapping between the identification and the encrypted symmetric key, referred to as second mapping data, is generated for party a, party B and party C, respectively. After the second layer encryption, second encrypted data can be obtained: * ***********************.
The data uploaded by party a to the blockchain may include: second encrypted data, first mapped data, and second mapped data.
For party B, it may decrypt the encrypted symmetric key in the second mapping data and the first mapping data using its private key, so that two-layer decryption can be implemented to obtain all transaction plaintext.
For the party C, the private key can be utilized to decrypt the encrypted symmetric key in the second mapping data, so that the second-layer decryption can be realized to obtain partial transaction plaintext; while the sensitive fields are not visible to the participants.
For party D, it cannot decrypt the encrypted symmetric key in the second mapping data using its private key, so it cannot decrypt any data and only gets the full transaction ciphertext.
It will be appreciated that the two-layer encryption and two-layer decryption shown in fig. 8 are only alternative embodiments, and in fact, embodiments of the present application may perform two or more layers of encryption and two or more layers of decryption on the plaintext of the transaction data.
In an alternative embodiment of the present application, the multi-layer encryption may be an N-layer encryption, which may include: front (N-1) layer encryption and nth layer encryption.
Wherein, the encryption of the front (N-1) layer is used for encrypting the fields, and the fields corresponding to the front (N-1) layer can respectively comprise: a first layer field, a second layer field, a third layer field …, an (N-1) th field, and the like. Alternatively, the field corresponding to the previous (N-1) layer may be determined according to security. Generally, the higher the security, the higher the number of layers of the corresponding field. Optionally, the security of the i-th layer field is higher than the security of the (i+1) -th layer field, so that the number of encryption layers of the i-th layer field is greater than that of the (i+1) -th layer field, that is, the field with higher security can be encrypted with more layers, and the security of layered encryption is improved. Wherein N, i can be a natural number greater than 0.
The N-th layer encryption is used for encrypting data corresponding to the encrypted field. Similar to the second layer encryption process shown in fig. 8, the interfaces are not described in detail herein.
In another alternative embodiment of the present application, the multi-layer encryption may include: a plurality of pairs of encryption, wherein a pair of encryption may in turn comprise: field encryption and data encryption, a first layer of encryption as shown in fig. 8 corresponds to field encryption, and a second layer of encryption as shown in fig. 8 corresponds to data encryption. The embodiment of the application can repeatedly execute the first-layer encryption and the second-layer encryption shown in fig. 8 so as to improve the security of data.
It is understood that the encryption of different layers may correspond to the same or different preset coalition chain members, and will not be described herein.
In addition, it can be understood that the multi-layer decryption is the inverse of the multi-layer encryption, and the multi-layer decryption can be performed according to the multi-layer encryption logic, which is not described herein.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments and that the acts referred to are not necessarily required by the embodiments of the present application.
The embodiment of the application also provides a data processing device based on the alliance chain.
With reference to FIG. 9, a block diagram illustrating an embodiment of a federated chain-based data processing apparatus of the present application may include the following modules in particular:
the data encryption module 901 is configured to encrypt data by using a symmetric key to obtain ciphertext data;
a key encryption module 902, configured to encrypt the symmetric key by using a public key of a preset alliance chain member, so as to obtain an encrypted symmetric key;
the association generating module 903 is configured to generate association data between the identifier of the preset coalition chain member and the encrypted symmetric key;
an uploading module 904, configured to upload the ciphertext data and the association data to a blockchain.
Optionally, the data encryption module 901 may include:
the first data encryption module is used for encrypting a preset field in the transaction data by using the first symmetric key so as to obtain first ciphertext data;
and the second data encryption module is used for encrypting the first ciphertext data by using the second symmetric key so as to obtain second ciphertext data.
Alternatively, the key encryption module 902 may include:
The first key encryption module is used for encrypting the first symmetric key by utilizing the public key of the first preset alliance chain member so as to obtain a first encrypted symmetric key;
and the second key encryption module is used for encrypting the second symmetric key by using the public key of the second preset alliance chain member so as to obtain a second encrypted symmetric key.
Optionally, the association data includes:
the first associated data corresponding to the first encryption symmetric key; and
and the second associated data corresponding to the second encryption symmetric key.
Optionally, the data encryption module 901 may include:
and the third data encryption module is used for encrypting the transaction data by utilizing the third symmetric key so as to obtain third ciphertext data.
Alternatively, the key encryption module 902 may include:
and the third key encryption module is used for encrypting the third symmetric key by utilizing the public key of a third preset alliance chain member so as to obtain a third encrypted symmetric key.
Optionally, the preset coalition chain member is obtained according to security information of the coalition chain member.
Optionally, the preset coalition chain member includes: the data provider corresponds to the federated chain members, and/or the data provider specifies the federated chain members.
With reference to FIG. 10, there is illustrated a block diagram of an embodiment of a federated-based data processing apparatus of the present application, which may include the following modules in particular:
a reading module 1001, configured to read ciphertext data and associated data in a blockchain; the above-mentioned association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member;
the key decryption module 1002 is configured to decrypt the encrypted symmetric key by using the private key of the target federation chain member, so as to obtain the symmetric key.
Optionally, the apparatus may further include:
and the first data decryption module is used for decrypting the ciphertext data by using the symmetric key if the decryption of the encrypted symmetric key is successful.
Optionally, the key decryption module 1002 specifically includes:
and the first key decryption module is used for decrypting the second encrypted symmetric key by utilizing the private key of the target alliance chain member so as to obtain the second symmetric key.
Optionally, the apparatus may further include:
and the second data decryption module is used for decrypting the second ciphertext data by using the second symmetric key if the decryption of the second encryption symmetric key is successful, so as to obtain the first ciphertext data.
Optionally, the apparatus may further include:
the field ciphertext obtaining module is used for obtaining a preset field ciphertext from the first ciphertext data;
and the second key decryption module is used for decrypting the first encrypted symmetric key by utilizing the private key of the target alliance chain member so as to obtain the first symmetric key.
Optionally, the apparatus may further include:
and the third data decryption module is used for decrypting the preset field ciphertext by using the first symmetric key if the decryption of the first encrypted symmetric key is successful, so as to obtain the preset field plaintext.
Optionally, the key decryption module 1002 includes:
and the third key decryption module is used for decrypting the third encrypted symmetric key by utilizing the private key of the target alliance chain member so as to obtain the third symmetric key.
Optionally, the apparatus may further include:
and the fourth data decryption module is used for decrypting the third ciphertext data by using the third symmetric key if the decryption of the third encryption symmetric key is successful, so as to obtain plaintext data.
Optionally, the preset coalition chain member may include: the data provider corresponds to the federated chain members, and/or the data provider specifies the federated chain members.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Embodiments of the present application may be implemented as a system or apparatus configured as desired using any suitable hardware and/or software. Fig. 11 schematically illustrates an exemplary device 1300 that may be used to implement various embodiments described above in this application.
For one embodiment, fig. 11 illustrates an exemplary device 1300, the device 1300 may include: one or more processors 1302, a system control module (chipset) 1304 coupled to at least one of the processors 1302, a system memory 1306 coupled to the system control module 1304, a non-volatile memory (NVM)/storage 1308 coupled to the system control module 1304, one or more input/output devices 1310 coupled to the system control module 1304, and a network interface 1312 coupled to the system control module 1304. The system memory 1306 may include: instructions 1362, the instructions 1362 being executable by the one or more processors 1302.
The processor 1302 may include one or more single-core or multi-core processors, and the processor 1302 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the device 1300 can be a server, a target device, a wireless device, etc. as described in the embodiments of the present application.
In some embodiments, the apparatus 1300 may include one or more machine-readable media (e.g., system memory 1306 or NVM/storage 1308) having instructions and one or more processors 1302, in combination with the one or more machine-readable media, configured to execute the instructions to implement the modules included in the foregoing apparatus to perform the actions described above in embodiments of the present application.
The system control module 1304 of an embodiment may include any suitable interface controller for providing any suitable interface to at least one of the processors 1302 and/or any suitable device or component in communication with the system control module 1304.
The system control module 1304 of an embodiment may include one or more memory controllers to provide an interface to the system memory 1306. The memory controller may be a hardware module, a software module, and/or a firmware module.
The system memory 1306 of one embodiment may be used to load and store data and/or instructions 1362. For one embodiment, the system memory 1306 may include any suitable volatile memory, such as suitable DRAM (dynamic random Access memory). In some embodiments, the system memory 1306 may include: double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
The system control module 1304 of an embodiment may include one or more input/output controllers to provide interfaces to the NVM/storage 1308 and the input/output device(s) 1310.
NVM/storage 1308 for one embodiment may be used to store data and/or instructions 1382. NVM/storage 1308 may include any suitable nonvolatile memory (e.g., flash memory, etc.) and/or may include any suitable nonvolatile storage device(s), such as, for example, one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives, etc.
NVM/storage 1308 may include storage resources that are physically part of the device on which apparatus 1300 is installed, or which may be accessed by the device without being part of the device. For example, NVM/storage 1308 may be accessed over a network via network interface 1312 and/or through input/output devices 1310.
Input/output device(s) 1310 for one embodiment may provide an interface for device 1300 to communicate with any other suitable device, input/output device 1310 may include a communication component, an audio component, a sensor component, and the like.
The network interface 1312 for one embodiment may provide an interface for the apparatus 1300 to communicate over one or more networks and/or with any other suitable device, and the apparatus 1300 may communicate wirelessly with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols, such as accessing a wireless network based on a communication standard, such as WiFi (wireless fidelity ), 2G or 3G or 4G or 5G, or a combination thereof.
For one embodiment, at least one of the processors 1302 may be packaged together with logic of one or more controllers (e.g., memory controllers) of the system control module 1304. For one embodiment, at least one of the processors 1302 may be packaged together with logic of one or more controllers of the system control module 1304 to form a System In Package (SiP). For one embodiment, at least one of the processors 1302 may be integrated on the same new product as the logic of one or more controllers of the system control module 1304. For one embodiment, at least one of the processors 1302 may be integrated on the same chip with logic of one or more controllers of the system control module 1304 to form a system on chip (SoC).
In various embodiments, device 1300 may include, but is not limited to: a desktop computing device or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.), among others. In various embodiments, device 1300 may have more or fewer components and/or different architectures. For example, in some embodiments, device 1300 may include one or more cameras, keyboards, liquid Crystal Display (LCD) screens (including touch screen displays), non-volatile memory ports, multiple antennas, graphics chips, application Specific Integrated Circuits (ASICs), and speakers.
Wherein if the display comprises a touch panel, the display screen may be implemented as a touch screen display to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation.
The embodiment of the application also provides a non-volatile readable storage medium, where one or more modules (programs) are stored, where the one or more modules are applied to an apparatus, and the apparatus may be caused to execute instructions (instructions) of each method in the embodiment of the application.
In one example, an apparatus is provided, comprising: one or more processors; and instructions in one or more machine-readable media stored thereon, which when executed by the one or more processors, cause the apparatus to perform a method as in an embodiment of the present application, the method may comprise: the method shown in fig. 2 or fig. 3 or fig. 4 or fig. 5 or fig. 6 or fig. 7 or fig. 8.
One or more machine-readable media are also provided in one example, having instructions stored thereon that, when executed by one or more processors, cause an apparatus to perform a method as in an embodiment of the present application, the method may comprise: the method shown in fig. 2 or fig. 3 or fig. 4 or fig. 5 or fig. 6 or fig. 7 or fig. 8.
The specific manner in which the operations of the respective modules are performed in the apparatus of the above embodiments has been described in detail in the embodiments related to the method, and will not be described in detail herein, but only with reference to the portions of the description related to the embodiments of the method.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present embodiments have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the present application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined a particular example of the principles and implementations of the present application in order that the principles and implementations of the present application may be better understood, and in order that the present application may be better understood, the present application may be practiced with respect to other methods and systems that use a combination of the above-described methods and systems; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (18)

1. A method of federation chain-based data processing, comprising:
encrypting the data by using the symmetric key to obtain ciphertext data;
encrypting the symmetric key by using a public key of a preset alliance chain member to obtain an encrypted symmetric key;
generating associated data between the identification of the preset alliance chain member and the encryption symmetric key;
uploading the ciphertext data and the association data to a blockchain;
wherein encrypting the data using the symmetric key comprises: encrypting a preset field in transaction data by using a first symmetric key to obtain first ciphertext data; encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data; the transaction data corresponds to a full plaintext; the first ciphertext data corresponds to a partial plaintext; the second ciphertext data corresponds to a full ciphertext;
Said encrypting said symmetric key comprising: encrypting the first symmetric key by using a public key of a first preset alliance chain member to obtain a first encrypted symmetric key; and encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key.
2. The method of claim 1, wherein the association data comprises:
the first associated data corresponding to the first encryption symmetric key; and
and the second associated data corresponding to the second encryption symmetric key.
3. The method of claim 1, wherein encrypting the data using the symmetric key further comprises:
and encrypting the transaction data by using the third symmetric key to obtain third ciphertext data.
4. The method of claim 3, wherein encrypting the symmetric key further comprises:
and encrypting the third symmetric key by using the public key of the third preset alliance chain member to obtain a third encrypted symmetric key.
5. The method according to any one of claims 1 to 4, wherein the preset coalition chain members are obtained according to security information of the coalition chain members.
6. The method of any one of claims 1 to 4, wherein the preset coalition chain membership comprises: the data provider corresponds to the federated chain members, and/or the data provider specifies the federated chain members.
7. A method of federation chain-based data processing, comprising:
reading ciphertext data and associated data in a block chain; the association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member;
decrypting the encrypted symmetric key by using the private key of the target alliance chain member to obtain a symmetric key;
wherein decrypting the encrypted symmetric key comprises: decrypting the second encrypted symmetric key with the private key of the target coalition chain member to obtain a second symmetric key;
the method further comprises the steps of: if the decryption of the second encryption symmetric key is successful, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data; the first ciphertext data is obtained by encrypting a preset field in the full plaintext corresponding to the transaction data; the first ciphertext data corresponds to a partial plaintext; the second ciphertext data corresponds to a full ciphertext;
Acquiring a preset field ciphertext from the first ciphertext data;
and decrypting the first encrypted symmetric key by utilizing the private key of the target alliance chain member to obtain the first symmetric key.
8. The method of claim 7, wherein the method further comprises:
and if the decryption of the encrypted symmetric key is successful, decrypting the ciphertext data by using the symmetric key.
9. The method of claim 7, wherein the method further comprises:
and if the decryption of the first encryption symmetric key is successful, decrypting the preset field ciphertext by using the first symmetric key to obtain a preset field plaintext.
10. The method of claim 7, wherein decrypting the encrypted symmetric key further comprises:
and decrypting the third encrypted symmetric key by using the private key of the target alliance chain member to obtain a third symmetric key.
11. The method according to claim 10, wherein the method further comprises:
and if the decryption of the third encryption symmetric key is successful, decrypting the third ciphertext data by using the third symmetric key to obtain plaintext data.
12. The method according to any one of claims 7 to 11, wherein the preset coalition chain membership comprises: the data provider corresponds to the federated chain members, and/or the data provider specifies the federated chain members.
13. A data processing apparatus based on a federation chain, the apparatus comprising:
the data encryption module is used for encrypting the data by utilizing the symmetric key so as to obtain ciphertext data;
the key encryption module is used for encrypting the symmetric key by utilizing a public key of a preset alliance chain member so as to obtain an encrypted symmetric key;
the association generation module is used for generating association data between the identification of the preset alliance chain member and the encryption symmetric key;
the uploading module is used for uploading the ciphertext data and the associated data to a blockchain;
wherein encrypting the data using the symmetric key comprises: encrypting a preset field in transaction data by using a first symmetric key to obtain first ciphertext data; encrypting the first ciphertext data by using a second symmetric key to obtain second ciphertext data; the transaction data corresponds to a full plaintext; the first ciphertext data corresponds to a partial plaintext; the second ciphertext data corresponds to a full ciphertext;
Said encrypting said symmetric key comprising: encrypting the first symmetric key by using a public key of a first preset alliance chain member to obtain a first encrypted symmetric key; and encrypting the second symmetric key by using the public key of the second preset alliance chain member to obtain a second encrypted symmetric key.
14. A data processing apparatus based on a federation chain, the apparatus comprising:
the reading module is used for reading ciphertext data and associated data in the block chain; the association data includes: presetting an identifier and an encryption symmetric key of a alliance chain member;
the key decryption module is used for decrypting the encrypted symmetric key by utilizing the private key of the target alliance chain member so as to obtain the symmetric key;
wherein decrypting the encrypted symmetric key comprises: decrypting the second encrypted symmetric key with the private key of the target coalition chain member to obtain a second symmetric key;
if the decryption of the second encryption symmetric key is successful, decrypting the second ciphertext data by using the second symmetric key to obtain the first ciphertext data; the first ciphertext data is obtained by encrypting a preset field in the full plaintext corresponding to the transaction data; the first ciphertext data corresponds to a partial plaintext; the second ciphertext data corresponds to a full ciphertext;
Acquiring a preset field ciphertext from the first ciphertext data;
and decrypting the first encrypted symmetric key by utilizing the private key of the target alliance chain member to obtain the first symmetric key.
15. A computer device, comprising:
one or more processors; and
one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the computer device to perform the method of one or more of claims 1-6.
16. One or more machine-readable media having instructions stored thereon that, when executed by one or more processors, cause a computer device to perform the method of one or more of claims 1-6.
17. A computer device, comprising:
one or more processors; and
one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the computer device to perform the method of one or more of claims 7-12.
18. One or more machine-readable media having instructions stored thereon that, when executed by one or more processors, cause a computer device to perform the method of one or more of claims 7-12.
CN202010486125.5A 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain Active CN113761543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010486125.5A CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010486125.5A CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Publications (2)

Publication Number Publication Date
CN113761543A CN113761543A (en) 2021-12-07
CN113761543B true CN113761543B (en) 2024-04-02

Family

ID=78782667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010486125.5A Active CN113761543B (en) 2020-06-01 2020-06-01 Data processing method, device, equipment and machine-readable medium based on alliance chain

Country Status (1)

Country Link
CN (1) CN113761543B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114254365A (en) * 2021-12-26 2022-03-29 迅鳐成都科技有限公司 Block chain technology-based key value data directional sharing method, device, system and storage medium

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377560A (en) * 2010-08-19 2012-03-14 北京韩美智恒科技有限公司 Data encryption method and device for mobile communication terminal
CN104935429A (en) * 2014-03-17 2015-09-23 Tcl集团股份有限公司 Data processing method and system employing multi-encryption technology
CN106375990A (en) * 2016-10-21 2017-02-01 上海统宁科技发展有限公司 Encryption and decryption system and encryption and decryption method for private data of mobile phone
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN108667595A (en) * 2017-03-28 2018-10-16 吉林化工学院 A kind of compression encryption method of large data files
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109218291A (en) * 2018-08-14 2019-01-15 海南高灯科技有限公司 A kind of stream compression method, system and relevant device based on block chain
CN109523267A (en) * 2018-10-30 2019-03-26 苏宁易购集团股份有限公司 A kind of verification method, the apparatus and system of the transaction data based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain
CN109802940A (en) * 2018-12-12 2019-05-24 北京众享比特科技有限公司 Block chain data base encryption and decryption method, device, equipment and its storage medium
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
CN111193702A (en) * 2019-10-18 2020-05-22 腾讯科技(深圳)有限公司 Method and device for data encryption transmission
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3831013A4 (en) * 2018-07-27 2022-04-20 HRL Laboratories, LLC System and method to protect data privacy of lightweight devices using blockchain and multi-party computation
US20200084027A1 (en) * 2018-09-06 2020-03-12 Bank Of Montreal Systems and methods for encryption of data on a blockchain

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377560A (en) * 2010-08-19 2012-03-14 北京韩美智恒科技有限公司 Data encryption method and device for mobile communication terminal
CN104935429A (en) * 2014-03-17 2015-09-23 Tcl集团股份有限公司 Data processing method and system employing multi-encryption technology
CN106375990A (en) * 2016-10-21 2017-02-01 上海统宁科技发展有限公司 Encryption and decryption system and encryption and decryption method for private data of mobile phone
CN108667595A (en) * 2017-03-28 2018-10-16 吉林化工学院 A kind of compression encryption method of large data files
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109218291A (en) * 2018-08-14 2019-01-15 海南高灯科技有限公司 A kind of stream compression method, system and relevant device based on block chain
CN109523267A (en) * 2018-10-30 2019-03-26 苏宁易购集团股份有限公司 A kind of verification method, the apparatus and system of the transaction data based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain
CN109802940A (en) * 2018-12-12 2019-05-24 北京众享比特科技有限公司 Block chain data base encryption and decryption method, device, equipment and its storage medium
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
CN111193702A (en) * 2019-10-18 2020-05-22 腾讯科技(深圳)有限公司 Method and device for data encryption transmission
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption

Also Published As

Publication number Publication date
CN113761543A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
TWI734041B (en) Method and device for data audit
Hoy An introduction to the blockchain and its implications for libraries and medicine
US10942920B2 (en) Service processing system and method based on blockchain
WO2021159684A1 (en) Data processing method, system and platform, and device and machine-readable medium
US11057189B2 (en) Providing data authorization based on blockchain
TWI723261B (en) Data storage method, data query method and device
CN108932297B (en) Data query method, data sharing method, device and equipment
RU2744494C2 (en) Method and device for installing keys and sending data
AU2015101933A4 (en) Secure storage of data among multiple devices
Sun et al. Data security and privacy in cloud computing
WO2019100872A1 (en) Method and apparatus for encrypting and decrypting product information
TW201917666A (en) Data auditing method and device
US20140177825A1 (en) Asymmetric Tokenization
KR20200079218A (en) Verifying the integrity of data stored in the consortium blockchain using a public sidechain
CN109325870A (en) The method and system of shared private data
US11270029B2 (en) Data check methods, apparatuses, and devices
CN112787976B (en) Data encryption, decryption and sharing method, device, system and storage medium
US11720689B2 (en) Data registration method, data decryption method, data structure, computer, and program
US10979410B1 (en) Systems and methods for utilizing cryptology with virtual ledgers in support of transactions and agreements
CN111639938A (en) Data processing method, device, equipment and medium
CN113761543B (en) Data processing method, device, equipment and machine-readable medium based on alliance chain
US20150193870A1 (en) Generating electronic documents (edocs) for transactions
CN113762955B (en) Transaction processing method, device, equipment and machine-readable medium
Mittal Attribute based encryption for secure data access in cloud
US12124875B2 (en) System and method for facilitating creation, verification, and management of digital resources

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant