CN113949591A - Data encryption protection method and system based on block chain - Google Patents

Data encryption protection method and system based on block chain Download PDF

Info

Publication number
CN113949591A
CN113949591A CN202111566387.3A CN202111566387A CN113949591A CN 113949591 A CN113949591 A CN 113949591A CN 202111566387 A CN202111566387 A CN 202111566387A CN 113949591 A CN113949591 A CN 113949591A
Authority
CN
China
Prior art keywords
data
node
block chain
terminal
uploading
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111566387.3A
Other languages
Chinese (zh)
Other versions
CN113949591B (en
Inventor
王姣杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sinodata Technology Co ltd
Original Assignee
Beijing Sinodata Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sinodata Technology Co ltd filed Critical Beijing Sinodata Technology Co ltd
Priority to CN202111566387.3A priority Critical patent/CN113949591B/en
Publication of CN113949591A publication Critical patent/CN113949591A/en
Application granted granted Critical
Publication of CN113949591B publication Critical patent/CN113949591B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1008Server selection for load balancing based on parameters of servers, e.g. available memory or workload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1023Server selection for load balancing based on a hash applied to IP addresses or costs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data encryption protection method and a data encryption protection system based on a block chain, wherein the method comprises the following steps: responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal; calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal; comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain; and uploading the encrypted ciphertext to a storage node of the block chain. According to the method and the device, the data uploading terminal with low safety and reliability is prevented from encrypting and storing data on the block chain, the storage node with abnormal storage performance is prevented from storing the data or the data is prevented from being stolen by an illegal request terminal, and the safety and reliability of the data in the block chain storage node are improved.

Description

Data encryption protection method and system based on block chain
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a block chain-based data encryption protection method and system.
Background
Since the generation of the block chain, decentralized, unchangeable, synchronous and intelligent distributed management are the biggest technical advantages, the distributed advantage is that data is tampered to be a bubble shadow, however, in the authentication communication process of the block chain link and the peripheral equipment, if an encryption instruction is fixed, a remote attack node can obtain a corresponding encryption instruction, the authentication safety is reduced, and in the prior art, the identity identification or early authentication matching process cannot be carried out in the authentication process, so that the data in the block chain node is illegally stolen.
In addition, some abnormal storage nodes are inevitably generated in the block chain, which causes the stored data to be abnormal, the safety to be reduced and the data to be easily stolen.
Therefore, how to evaluate the security performance of the data uploading terminal and the storage performance of the storage node, and perform authorization verification on the request terminal, prevent the data uploading terminal with low security reliability from encrypting and storing data on the blockchain, prevent the storage node with abnormal storage performance from stealing the stored data or the data by the illegal request terminal, and improve the security and reliability of the data in the blockchain storage node is a technical problem that needs to be solved by technical personnel in the field urgently.
Disclosure of Invention
The application aims to provide a data encryption protection method and system based on a block chain, which can prevent a data uploading terminal with low safety and reliability from encrypting and storing data on the block chain, prevent the storage node with abnormal storage performance from storing the data or the data from being stolen by an illegal request terminal, and improve the safety and reliability of the data in the storage node of the block chain.
In order to achieve the above object, the present application provides a data encryption protection method based on a block chain, including:
responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal;
calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and uploading the encrypted ciphertext to a storage node of the block chain.
The block chain-based data encryption protection method further comprises the following steps:
acquiring storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
and judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node of which the storage performance evaluation value is larger than the preset second threshold value, and otherwise, not transferring the data.
The block chain-based data encryption protection method further includes:
responding to an instruction for requesting to acquire data in the blockchain storage node, and acquiring authentication data of a request terminal;
comparing the authentication data of the request end with the data in the preset reference database, and judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, otherwise, forbidding the request end to acquire the related data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
As above, wherein, the security assessment feature data of the data uploading terminal includes: attribute characteristic data of the data uploading terminal, operation loopholes of the data uploading terminal and a feedback result of requesting to upload data to be encrypted to the block chain.
As above, the calculation formula of the safe and reliable value of the data uploading terminal is:
Figure 131634DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 157097DEST_PATH_IMAGE002
the data is uploaded to a safe and reliable value of the terminal;
Figure 671254DEST_PATH_IMAGE003
the number of the attribute features of the data uploading terminal belonging to authorization is represented;
Figure 800884DEST_PATH_IMAGE004
Figure 349678DEST_PATH_IMAGE005
representing data upload terminals
Figure 31195DEST_PATH_IMAGE006
A security impact value of the individual attribute feature;
Figure 32649DEST_PATH_IMAGE007
the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;
Figure 965970DEST_PATH_IMAGE008
are all parameters which are used as the raw materials,
Figure 979056DEST_PATH_IMAGE009
is shown as
Figure 706841DEST_PATH_IMAGE010
A security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;
Figure 195591DEST_PATH_IMAGE011
the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;
Figure 667023DEST_PATH_IMAGE012
representing data upload terminals
Figure 49463DEST_PATH_IMAGE013
A security impact value of the individual unauthorized feature;
Figure 213728DEST_PATH_IMAGE014
representing the total number of the loopholes;
Figure 189775DEST_PATH_IMAGE015
is shown as
Figure 199319DEST_PATH_IMAGE016
A security impact factor for each vulnerability;
Figure 951112DEST_PATH_IMAGE017
is shown as
Figure 20699DEST_PATH_IMAGE016
A risk value of an individual vulnerability;
Figure 218462DEST_PATH_IMAGE018
representing the number of times of uploading data is allowed as a feedback result;
Figure 156331DEST_PATH_IMAGE019
representing the number of times that the feedback result is that the data uploading is forbidden;
Figure 388730DEST_PATH_IMAGE020
the feedback result is represented as a safety influence factor allowing data to be uploaded;
Figure 160376DEST_PATH_IMAGE021
and indicating that the feedback result is a safety influence factor for forbidding uploading data.
As above, the block chain has an encryption node, a storage node, and an index node, the encryption terminal on the encryption node generates a key, encrypts data to be encrypted through the key to obtain a ciphertext, stores the ciphertext in the storage node, and stores the encrypted key and address information of the storage node where the ciphertext is located in the index node.
As above, wherein the storage performance indicator data of the storage node comprises: node attribute feature data, node resource consumption feature data and node anomaly feature data.
The present application further provides a block chain-based data encryption protection system, which is characterized in that the system includes:
the data acquisition module is used for responding to a request of the data uploading terminal to store data to be encrypted into a storage node of the block chain and acquiring security evaluation characteristic data of the data uploading terminal;
the data processor is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module is used for comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and the data uploading module is used for uploading the encrypted ciphertext to a storage node of the block chain.
The data acquisition module is also used for acquiring the storage performance index data of the storage nodes;
the data processor is also used for calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
the data comparison module is further used for judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node with the storage performance evaluation value larger than the preset second threshold value, otherwise, not needing to transfer the data.
The data acquisition module is also used for responding to an instruction for requesting to acquire data in the block chain storage node and acquiring authentication data of a request end;
the data comparison module is further used for comparing the authentication data of the request end with the data in the preset reference database, judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, and otherwise, forbidding the request end to acquire the related data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
The beneficial effect that this application realized is as follows:
(1) according to the method and the device, the safe and reliable value of the data uploading terminal is calculated according to the safety evaluation characteristic data of the data uploading terminal, so that users with safe and reliable values meeting requirements are allowed to upload data, unsafe users are forbidden to upload data, the data uploading terminal with low safe and reliable degree is prevented from encrypting and storing data on the block chain, and the safe and reliable performance of the data on the block chain is improved.
(2) According to the method and the device, the storage performance index data of the storage node are collected, the storage performance evaluation value of the storage node is calculated, and the encrypted ciphertext data is stored in the storage node with the storage performance evaluation value meeting the requirement, so that the safety and reliability of ciphertext data storage are guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a flowchart of a data encryption protection method based on a blockchain according to an embodiment of the present disclosure.
Fig. 2 is a flowchart of a method for determining whether to allow a data uploading terminal to upload data according to a safe and reliable value of the data uploading terminal in an embodiment of the present application.
Fig. 3 is a schematic structural diagram of a data encryption protection system based on a block chain according to an embodiment of the present application.
Reference numerals: 10-a data acquisition module; 20-a data processor; 30-a data comparison module; 40-a data upload module; 50-blockchain; 100-data encryption protection system.
Detailed Description
The technical solutions in the embodiments of the present application are clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example one
As shown in fig. 1, the present application provides a data encryption protection method based on a block chain, which includes the following steps:
step S1, in response to the request signal that the data uploading terminal stores the data to be encrypted in the blockchain, obtaining the security assessment feature data of the data uploading terminal.
Specifically, the data uploading terminal generates data to be encrypted, the data to be encrypted is packaged to generate a data summary or a file name, the data is requested to be uploaded to an encryption node on the block chain and stored, and the encryption node on the block chain receives the request signal to obtain the security evaluation characteristic data of the data uploading terminal.
As a specific embodiment of the present invention, the security assessment feature data of the data uploading terminal includes: attribute feature data of the data uploading terminal: the IP address, the MAC address, the user name, the request access port and the like, and the operation loophole of the data uploading terminal, the feedback result (including forbidding to upload data or permitting to upload data) of the data to be encrypted, which is requested to upload the data to the block chain, and the like.
And step S2, calculating the safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal.
The calculation formula of the safe and reliable value of the data uploading terminal is as follows:
Figure 845436DEST_PATH_IMAGE022
wherein the content of the first and second substances,
Figure 462362DEST_PATH_IMAGE023
the data is uploaded to a safe and reliable value of the terminal;
Figure 424633DEST_PATH_IMAGE024
the number of the attribute features of the data uploading terminal belonging to authorization is represented;
Figure 101602DEST_PATH_IMAGE025
Figure 273957DEST_PATH_IMAGE026
representing data upload terminals
Figure 428995DEST_PATH_IMAGE027
A security impact value of the individual attribute feature;
Figure 760619DEST_PATH_IMAGE028
the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;
Figure 608489DEST_PATH_IMAGE029
are all parameters which are used as the raw materials,
Figure 268141DEST_PATH_IMAGE030
is shown as
Figure 492449DEST_PATH_IMAGE031
A security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;
Figure 288366DEST_PATH_IMAGE032
the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;
Figure 681039DEST_PATH_IMAGE033
representing data upload terminals
Figure 827987DEST_PATH_IMAGE034
A security impact value of the individual unauthorized feature;
Figure DEST_PATH_IMAGE035
representing the total number of the loopholes;
Figure 324827DEST_PATH_IMAGE036
is shown as
Figure 506410DEST_PATH_IMAGE037
A security impact factor for each vulnerability;
Figure 555138DEST_PATH_IMAGE038
is shown as
Figure 189381DEST_PATH_IMAGE039
A risk value of an individual vulnerability;
Figure 489913DEST_PATH_IMAGE040
representing the number of times of uploading data is allowed as a feedback result;
Figure 526002DEST_PATH_IMAGE041
representing the number of times that the feedback result is that the data uploading is forbidden;
Figure 496363DEST_PATH_IMAGE042
the feedback result is represented as a safety influence factor allowing data to be uploaded;
Figure 883482DEST_PATH_IMAGE043
and indicating that the feedback result is a safety influence factor for forbidding uploading data.
Step S3, comparing the safety and reliability value with a preset first threshold value, if the safety and reliability value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, encrypting the data to be encrypted, and uploading the encrypted ciphertext to a storage node of the block chain; and if not, forbidding to upload the data to be encrypted of the data upload terminal to the block chain.
As shown in fig. 2, step S3 includes the following sub-steps:
step S310, comparing the safety and reliability value with a preset first threshold, if the safety and reliability value is greater than the preset first threshold, executing steps S320 and S330, otherwise, executing step S340.
And step S320, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted.
And step S330, uploading the encrypted ciphertext to a storage node of the block chain.
And step S340, prohibiting uploading the data to be encrypted of the data uploading terminal to the block chain.
As a specific embodiment of the present invention, the safety and reliability value is compared with a preset first threshold, and if the safety and reliability value is greater than the preset first threshold, a result that the data uploading to the encryption node of the block chain is permitted is fed back to the data uploading terminal, otherwise, a result that the data uploading to the encryption node of the block chain is prohibited is fed back to the data uploading terminal.
As a specific embodiment of the present invention, a storage node of a block chain is connected to an encryption terminal (encryption node), the encryption terminal generates a key, encrypts data to be encrypted by the key to obtain a ciphertext, and stores the ciphertext into the storage node of the block chain.
As an embodiment of the present invention, a key for encryption processing and location information (address information of a storage node) of ciphertext storage are stored in an index node of a block chain.
As a specific embodiment of the present invention, a ciphertext file name and data upload terminal information are stored in an index node, a key for decrypting a ciphertext and location information of the ciphertext storage are stored in the index node after signature processing, and a verification private key for verifying a signature is sent to an authorized user. And the authorized user acquires the ciphertext storage position and the key for ciphertext decryption according to the verification private key, so that the ciphertext is acquired according to the ciphertext storage position, and the ciphertext is decrypted according to the key.
Step S4, obtaining storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the security performance index data of the storage node.
As a specific embodiment of the present invention, the storage performance index data of the storage node includes: node attribute feature data, node resource consumption feature data, node abnormal feature data and the like.
As a specific embodiment of the present invention, the node attribute feature data includes: node number, node address information, node networking information and node marking authorization information. The node number and the address information of the node both reflect whether the node is an authorized storage node for storing encrypted data. The node networking information displays the network information connected with the storage node, whether the network information connected with the storage node is an authorized network or not can be judged according to the network information connected with the storage node, if yes, the networking information is correct, the networking information can be used for normally receiving the encrypted data needing to be stored, and otherwise, the encrypted data needing to be stored cannot be normally received. The storage nodes are marked with authorization information, and the nodes marked with the authorization information are set storage nodes capable of storing the encrypted data.
As a specific embodiment of the present invention, the node resource consumption feature data includes: the memory occupancy rate, the CPU utilization rate and the average rate of the node processor for processing the current task (read-write operation) are the same, the average rate of the node processor for processing the current task is equal to the average value of the rates of the node processor for processing all the current tasks, the rate for processing a single task is equal to the task size divided by the task processing time length, and the rate of the node processor for processing the task in the selected task processing time length is calculated.
As a specific embodiment of the present invention, the abnormal characteristic data of the node includes network connection interruption, route change, bad disk block, storage process interruption, storage data messy code, and the like.
The calculation formula of the storage performance evaluation value of the storage node is as follows:
Figure 987704DEST_PATH_IMAGE044
wherein the content of the first and second substances,
Figure 612720DEST_PATH_IMAGE045
representing a storage performance evaluation value of the storage node;
Figure 144196DEST_PATH_IMAGE046
representing the influence parameters of the node attribute characteristic data on the storage performance evaluation value;
Figure 612086DEST_PATH_IMAGE047
is shown as
Figure 520000DEST_PATH_IMAGE048
The influence value of the attribute characteristics of each node belonging to the authorization on the storage performance;
Figure 530681DEST_PATH_IMAGE049
representing the total number of the attribute characteristics of the nodes belonging to the authorization;
Figure 233058DEST_PATH_IMAGE050
is shown as
Figure 63610DEST_PATH_IMAGE051
The influence value of the attribute characteristics of each node belonging to the unauthorized node on the storage performance;
Figure 883537DEST_PATH_IMAGE052
representing the total number of attribute features belonging to unauthorized nodes;
Figure 483145DEST_PATH_IMAGE053
Figure 356423DEST_PATH_IMAGE054
representing a multiplicative sign;
Figure 674272DEST_PATH_IMAGE055
data pair representing node resource consumption characteristicsStoring the influence parameters of the performance evaluation values;
Figure 923988DEST_PATH_IMAGE056
the influence parameter represents the influence parameter of the abnormal characteristic data of the node on the storage performance evaluation value;
Figure 768316DEST_PATH_IMAGE057
represents the average rate at which the node processor processes the current task;
Figure 812495DEST_PATH_IMAGE058
representing the memory occupancy rate of the node processor;
Figure 617640DEST_PATH_IMAGE059
representing a CPU usage rate;
Figure 405468DEST_PATH_IMAGE060
representing the total number of node anomaly characteristics;
Figure 855035DEST_PATH_IMAGE061
is shown as
Figure 70115DEST_PATH_IMAGE062
The weight of the abnormal characteristic of each node;
Figure 96977DEST_PATH_IMAGE063
is shown as
Figure 954075DEST_PATH_IMAGE062
The degree of influence of the abnormal characteristics of each node on the storage performance is measured.
Step S5, determining whether the storage performance evaluation value of the storage node is smaller than a preset second threshold, if so, transferring the data stored in the storage node to the storage node whose storage performance evaluation value is larger than the preset second threshold, otherwise, not performing data transfer.
Step S6, in response to the instruction for requesting to acquire data in the blockchain storage node, acquires authentication data of the requesting end.
As a specific embodiment of the present invention, the authentication data includes: username, IP address, MAC address, connection network, authentication private key, etc.
Step S7, comparing the authentication data of the request end with the data in the preset reference database, and determining whether the authentication data all belong to the data in the preset reference database, if yes, allowing the request end to obtain the requested data, otherwise, prohibiting the request end from obtaining the requested data.
As a specific embodiment of the present invention, the reference database stores authorized user names, IP addresses, MAC addresses, connection networks, and the like. The reference database is disposed in the index node. The reference database also stores the name of the encrypted data file, and address information and key information of a storage node corresponding to the encrypted data file.
As a specific embodiment of the present invention, whether the request end is an authorized user is verified according to the verification private key, and if so, the request end is allowed to obtain the location where the ciphertext is stored and the key information for decrypting the ciphertext. Specifically, address information and key information of a corresponding storage node are searched in an index node according to a name of an encrypted data file (ciphertext) requested to be acquired by a request end, whether the acquired authentication data of the request end is consistent with authorization information stored in a preset authorization standard library or not is compared in the index node, if yes, the request end has the authority of acquiring block chain data, the request end is allowed to acquire the requested data, otherwise, the request end does not have the authority of acquiring the block chain data, and the request end is prohibited from acquiring related data.
As another specific embodiment of the present invention, first, it is determined whether the user name, the IP address, the MAC address, and the connection network of the request end all belong to authorized data in the reference database, if so, a verification private key of the request end is obtained, it is determined whether the verification private key of the request end is consistent with a key stored in the reference database, if so, the request end is allowed to obtain a key used for obtaining signature processing and location information of ciphertext storage, the request end obtains ciphertext data on a block chain according to the obtained key and the location information of ciphertext storage, and the request end decrypts the ciphertext data encrypted on the block chain by using the verification key thereof, thereby obtaining the required data; and if not, prohibiting the request terminal from acquiring the position information of the key and the ciphertext storage.
Example two
As shown in fig. 3, the present application further provides a data encryption protection system 100 based on a blockchain, which includes:
the data acquisition module 10 is configured to respond to a request of the data uploading terminal to store data to be encrypted in a storage node of the block chain, and acquire security evaluation feature data of the data uploading terminal;
the data processor 20 is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module 30 is configured to compare the safe and reliable value with a preset first threshold, and if the safe and reliable value is greater than the preset first threshold, upload the to-be-encrypted data of the data upload terminal to an encryption node of the block chain 50, and encrypt the to-be-encrypted data; otherwise, forbidding uploading the data to be encrypted of the data uploading terminal to the block chain 50;
and the data uploading module 40 is configured to be in communication connection with the blockchain 50, and upload the encrypted ciphertext to a storage node of the blockchain 50.
The data acquisition module 10 is further configured to acquire storage performance index data of the storage node;
the data processor 20 is further configured to calculate a storage performance evaluation value of the storage node according to the security performance index data of the storage node;
the data comparing module 30 is further configured to determine whether the storage performance evaluation value of the storage node is smaller than a preset second threshold, if so, transfer the data stored in the storage node to the storage node whose storage performance evaluation value is larger than the preset second threshold, otherwise, do not need to perform data transfer.
The data obtaining module 10 is further configured to, in response to an instruction for requesting to obtain data in a storage node of the blockchain 50, obtain authentication data of a requesting end;
the data comparison module 30 is further configured to compare the authentication data of the request end with data in a preset reference database, and determine whether the authentication data all belong to the data in the preset reference database, if yes, allow the request end to acquire the requested data, and if not, prohibit the request end from acquiring the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
The calculation formula of the safe and reliable value of the data uploading terminal is as follows:
Figure 241837DEST_PATH_IMAGE064
wherein the content of the first and second substances,
Figure 893398DEST_PATH_IMAGE065
the data is uploaded to a safe and reliable value of the terminal;
Figure 673135DEST_PATH_IMAGE066
the number of the attribute features of the data uploading terminal belonging to authorization is represented;
Figure DEST_PATH_IMAGE067
Figure 537186DEST_PATH_IMAGE068
representing data upload terminals
Figure 194301DEST_PATH_IMAGE069
A security impact value of the individual attribute feature;
Figure 16764DEST_PATH_IMAGE070
the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;
Figure 18218DEST_PATH_IMAGE071
are all parameters which are used as the raw materials,
Figure 217118DEST_PATH_IMAGE072
is shown as
Figure 354838DEST_PATH_IMAGE073
A security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;
Figure 472836DEST_PATH_IMAGE074
the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;
Figure 961586DEST_PATH_IMAGE075
representing data upload terminals
Figure 433018DEST_PATH_IMAGE076
A security impact value of the individual unauthorized feature;
Figure 690824DEST_PATH_IMAGE077
representing the total number of the loopholes;
Figure 730456DEST_PATH_IMAGE078
is shown as
Figure 440923DEST_PATH_IMAGE079
A security impact factor for each vulnerability;
Figure 981626DEST_PATH_IMAGE080
is shown as
Figure 359517DEST_PATH_IMAGE079
A risk value of an individual vulnerability;
Figure 429104DEST_PATH_IMAGE081
representing the number of times of uploading data is allowed as a feedback result;
Figure 17081DEST_PATH_IMAGE082
representing the number of times that the feedback result is that the data uploading is forbidden;
Figure 830316DEST_PATH_IMAGE083
the feedback result is represented as a safety influence factor allowing data to be uploaded;
Figure 62714DEST_PATH_IMAGE084
and indicating that the feedback result is a safety influence factor for forbidding uploading data.
The calculation formula of the storage performance evaluation value of the storage node is as follows:
Figure 568782DEST_PATH_IMAGE085
wherein the content of the first and second substances,
Figure 519420DEST_PATH_IMAGE086
representing a storage performance evaluation value of the storage node;
Figure 346185DEST_PATH_IMAGE087
representing the influence parameters of the node attribute characteristic data on the storage performance evaluation value;
Figure 433090DEST_PATH_IMAGE088
is shown as
Figure DEST_PATH_IMAGE089
The influence value of the attribute characteristics of each node belonging to the authorization on the storage performance;
Figure 844480DEST_PATH_IMAGE090
representing the total number of the attribute characteristics of the nodes belonging to the authorization;
Figure 141469DEST_PATH_IMAGE091
is shown as
Figure 562086DEST_PATH_IMAGE092
The influence value of the attribute characteristics of each node belonging to the unauthorized node on the storage performance;
Figure 769076DEST_PATH_IMAGE093
representing the total number of attribute features belonging to unauthorized nodes;
Figure 351367DEST_PATH_IMAGE094
Figure 11019DEST_PATH_IMAGE095
representing a multiplicative sign;
Figure 845114DEST_PATH_IMAGE096
the influence parameter represents the influence parameter of the node resource consumption characteristic data on the storage performance evaluation value;
Figure 172190DEST_PATH_IMAGE097
the influence parameter represents the influence parameter of the abnormal characteristic data of the node on the storage performance evaluation value;
Figure 190961DEST_PATH_IMAGE098
represents the average rate at which the node processor processes the current task;
Figure 337909DEST_PATH_IMAGE099
representing the memory occupancy rate of the node processor;
Figure 834749DEST_PATH_IMAGE100
representing a CPU usage rate;
Figure 875387DEST_PATH_IMAGE101
representing the total number of node anomaly characteristics;
Figure 65060DEST_PATH_IMAGE102
is shown as
Figure 964882DEST_PATH_IMAGE103
The weight of the abnormal characteristic of each node;
Figure 265414DEST_PATH_IMAGE104
is shown as
Figure 35924DEST_PATH_IMAGE103
The degree of influence of the abnormal characteristics of each node on the storage performance is measured.
The beneficial effect that this application realized is as follows:
(1) according to the method and the device, the safe and reliable value of the data uploading terminal is calculated according to the safety evaluation characteristic data of the data uploading terminal, so that users with safe and reliable values meeting requirements are allowed to upload data, unsafe users are forbidden to upload data, the data uploading terminal with low safe and reliable degree is prevented from encrypting and storing data on the block chain, and the safe and reliable performance of the data on the block chain is improved.
(2) According to the method and the device, the storage performance index data of the storage node are collected, the storage performance evaluation value of the storage node is calculated, and the encrypted ciphertext data is stored in the storage node with the storage performance evaluation value meeting the requirement, so that the safety and reliability of ciphertext data storage are guaranteed.
The above description is only an embodiment of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (10)

1. A data encryption protection method based on a block chain is characterized by comprising the following steps:
responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal;
calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and uploading the encrypted ciphertext to a storage node of the block chain.
2. The method for protecting data encryption based on block chains according to claim 1, further comprising:
acquiring storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
and judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node of which the storage performance evaluation value is larger than the preset second threshold value, and otherwise, not transferring the data.
3. The method for protecting data encryption based on block chains according to claim 1 or 2, further comprising:
responding to an instruction for requesting to acquire data in the blockchain storage node, and acquiring authentication data of a request terminal;
comparing the authentication data of the request end with the data in the preset reference database, and judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, otherwise, forbidding the request end to acquire the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
4. The data encryption protection method based on the blockchain according to claim 1, wherein the security evaluation feature data of the data uploading terminal includes: attribute characteristic data of the data uploading terminal, operation loopholes of the data uploading terminal and a feedback result of requesting to upload data to be encrypted to the block chain.
5. The block chain-based data encryption protection method according to claim 4, wherein the secure and reliable value of the data upload terminal is calculated by the following formula:
Figure 483839DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 605379DEST_PATH_IMAGE002
the data is uploaded to a safe and reliable value of the terminal;
Figure 444022DEST_PATH_IMAGE003
the number of the attribute features of the data uploading terminal belonging to authorization is represented;
Figure 334618DEST_PATH_IMAGE004
Figure 741459DEST_PATH_IMAGE005
representing data upload terminals
Figure 84716DEST_PATH_IMAGE006
A security impact value of the individual attribute feature;
Figure 992629DEST_PATH_IMAGE007
the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;
Figure 737731DEST_PATH_IMAGE008
are all parameters which are used as the raw materials,
Figure 564742DEST_PATH_IMAGE009
is shown as
Figure 395294DEST_PATH_IMAGE010
A security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;
Figure 841319DEST_PATH_IMAGE011
the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;
Figure 706507DEST_PATH_IMAGE012
representing data upload terminals
Figure 579785DEST_PATH_IMAGE013
A security impact value of the individual unauthorized feature;
Figure 271535DEST_PATH_IMAGE014
representing the total number of the loopholes;
Figure 255672DEST_PATH_IMAGE015
is shown as
Figure 975366DEST_PATH_IMAGE016
A security impact factor for each vulnerability;
Figure 19546DEST_PATH_IMAGE017
is shown as
Figure 949324DEST_PATH_IMAGE016
A risk value of an individual vulnerability;
Figure 737152DEST_PATH_IMAGE018
representing the number of times of uploading data is allowed as a feedback result;
Figure 311353DEST_PATH_IMAGE019
representing the number of times that the feedback result is that the data uploading is forbidden;
Figure 526433DEST_PATH_IMAGE020
the feedback result is represented as a safety influence factor allowing data to be uploaded;
Figure 428661DEST_PATH_IMAGE021
and indicating that the feedback result is a safety influence factor for forbidding uploading data.
6. The data encryption protection method based on the block chain as claimed in claim 1, wherein the block chain has an encryption node, a storage node and an index node, the encryption terminal on the encryption node generates a key, encrypts the data to be encrypted by the key to obtain a ciphertext, stores the ciphertext in the storage node, and stores the encrypted key and address information of the storage node where the ciphertext is located in the index node.
7. The method according to claim 2, wherein the storing performance index data of the storage node comprises: node attribute feature data, node resource consumption feature data and node anomaly feature data.
8. A system for encrypting and protecting data based on a blockchain, the system comprising:
the data acquisition module is used for responding to a request of the data uploading terminal to store data to be encrypted into a storage node of the block chain and acquiring security evaluation characteristic data of the data uploading terminal;
the data processor is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module is used for comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and the data uploading module is used for uploading the encrypted ciphertext to a storage node of the block chain.
9. The blockchain-based data encryption protection system of claim 8,
the data acquisition module is also used for acquiring the storage performance index data of the storage nodes;
the data processor is also used for calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
the data comparison module is further used for judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node with the storage performance evaluation value larger than the preset second threshold value, otherwise, not needing to transfer the data.
10. The system for encryption protection of data based on block chains according to claim 8 or 9,
the data acquisition module is also used for responding to an instruction for requesting to acquire data in the block chain storage node and acquiring authentication data of a request end;
the data comparison module is further used for comparing the authentication data of the request end with the data in the preset reference database, judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, and otherwise, forbidding the request end to acquire the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
CN202111566387.3A 2021-12-21 2021-12-21 Data encryption protection method and system based on block chain Active CN113949591B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111566387.3A CN113949591B (en) 2021-12-21 2021-12-21 Data encryption protection method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111566387.3A CN113949591B (en) 2021-12-21 2021-12-21 Data encryption protection method and system based on block chain

Publications (2)

Publication Number Publication Date
CN113949591A true CN113949591A (en) 2022-01-18
CN113949591B CN113949591B (en) 2022-07-05

Family

ID=79339447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111566387.3A Active CN113949591B (en) 2021-12-21 2021-12-21 Data encryption protection method and system based on block chain

Country Status (1)

Country Link
CN (1) CN113949591B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134169A (en) * 2022-08-29 2022-09-30 北京中科金财科技股份有限公司 Block chain data management method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108932664A (en) * 2018-06-26 2018-12-04 尹煦 A kind of region chain data platform information method for uploading
CN109690551A (en) * 2018-08-24 2019-04-26 区链通网络有限公司 Block chain data guard method, device, system and computer readable storage medium
US20210056547A1 (en) * 2019-08-19 2021-02-25 Anchor Labs, Inc. Cryptoasset custodial system with proof-of-stake blockchain support
CN112637341A (en) * 2020-12-22 2021-04-09 平安银行股份有限公司 File uploading method and device, electronic equipment and storage medium
CN113411397A (en) * 2021-06-18 2021-09-17 北京伟杰东博信息科技有限公司 Data secure transmission method and system based on Internet of things
CN113420091A (en) * 2021-06-30 2021-09-21 中国银行股份有限公司 Block chain-based user behavior acquisition method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108932664A (en) * 2018-06-26 2018-12-04 尹煦 A kind of region chain data platform information method for uploading
CN109690551A (en) * 2018-08-24 2019-04-26 区链通网络有限公司 Block chain data guard method, device, system and computer readable storage medium
US20210056547A1 (en) * 2019-08-19 2021-02-25 Anchor Labs, Inc. Cryptoasset custodial system with proof-of-stake blockchain support
CN112637341A (en) * 2020-12-22 2021-04-09 平安银行股份有限公司 File uploading method and device, electronic equipment and storage medium
CN113411397A (en) * 2021-06-18 2021-09-17 北京伟杰东博信息科技有限公司 Data secure transmission method and system based on Internet of things
CN113420091A (en) * 2021-06-30 2021-09-21 中国银行股份有限公司 Block chain-based user behavior acquisition method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134169A (en) * 2022-08-29 2022-09-30 北京中科金财科技股份有限公司 Block chain data management method and system
CN115134169B (en) * 2022-08-29 2022-11-15 北京中科金财科技股份有限公司 Block chain data management method and system

Also Published As

Publication number Publication date
CN113949591B (en) 2022-07-05

Similar Documents

Publication Publication Date Title
CN106230851B (en) Data security method and system based on block chain
KR101404755B1 (en) Method for securely communicating information about the location of a compromised computing device
KR101252707B1 (en) Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access
US8484486B2 (en) Integrated cryptographic security module for a network node
CN107404472B (en) Method and apparatus for migration of encryption keys
CN112468995B (en) Searchable encryption privacy protection method and system based on Internet of vehicles
CN107438230A (en) Safe wireless ranging
CN113114621B (en) Communication method for bus dispatching system and bus dispatching system
CA2538850A1 (en) Record carrier, system, method and program for conditional access to data stored on the record carrier
CN113949591B (en) Data encryption protection method and system based on block chain
CN111541790B (en) Big data processing method and system based on block chain
CN107026729B (en) Method and device for transmitting software
CN110830507B (en) Resource access method, device, electronic equipment and system
JP2008176741A (en) Client terminal, service providing server, service providing system, control method, and service providing method
KR102462736B1 (en) Method, device, and computer-readable storage medium comprising instructions for signing measurement values of a sensor
CN113411397A (en) Data secure transmission method and system based on Internet of things
KR102055888B1 (en) Encryption and decryption method for protecting information
CN111651740B (en) Trusted platform sharing system for distributed intelligent embedded system
CN114386063A (en) Authentication system, method and device for accessing data of Internet of things equipment
CN117407849B (en) Industrial data security protection method and system based on industrial Internet technology
CN115242440B (en) Block chain-based internet of things equipment trusted calling method, device and equipment
CN114218559A (en) Big data security protection method and system
CN118041589A (en) Data encryption method, device and storage medium
CN113158212A (en) Distributed database security authentication method based on block chain technology
CN117972789A (en) Artificial intelligence water affair data management method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant