CN113949591A - Data encryption protection method and system based on block chain - Google Patents
Data encryption protection method and system based on block chain Download PDFInfo
- Publication number
- CN113949591A CN113949591A CN202111566387.3A CN202111566387A CN113949591A CN 113949591 A CN113949591 A CN 113949591A CN 202111566387 A CN202111566387 A CN 202111566387A CN 113949591 A CN113949591 A CN 113949591A
- Authority
- CN
- China
- Prior art keywords
- data
- node
- block chain
- terminal
- uploading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1008—Server selection for load balancing based on parameters of servers, e.g. available memory or workload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1023—Server selection for load balancing based on a hash applied to IP addresses or costs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a data encryption protection method and a data encryption protection system based on a block chain, wherein the method comprises the following steps: responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal; calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal; comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain; and uploading the encrypted ciphertext to a storage node of the block chain. According to the method and the device, the data uploading terminal with low safety and reliability is prevented from encrypting and storing data on the block chain, the storage node with abnormal storage performance is prevented from storing the data or the data is prevented from being stolen by an illegal request terminal, and the safety and reliability of the data in the block chain storage node are improved.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a block chain-based data encryption protection method and system.
Background
Since the generation of the block chain, decentralized, unchangeable, synchronous and intelligent distributed management are the biggest technical advantages, the distributed advantage is that data is tampered to be a bubble shadow, however, in the authentication communication process of the block chain link and the peripheral equipment, if an encryption instruction is fixed, a remote attack node can obtain a corresponding encryption instruction, the authentication safety is reduced, and in the prior art, the identity identification or early authentication matching process cannot be carried out in the authentication process, so that the data in the block chain node is illegally stolen.
In addition, some abnormal storage nodes are inevitably generated in the block chain, which causes the stored data to be abnormal, the safety to be reduced and the data to be easily stolen.
Therefore, how to evaluate the security performance of the data uploading terminal and the storage performance of the storage node, and perform authorization verification on the request terminal, prevent the data uploading terminal with low security reliability from encrypting and storing data on the blockchain, prevent the storage node with abnormal storage performance from stealing the stored data or the data by the illegal request terminal, and improve the security and reliability of the data in the blockchain storage node is a technical problem that needs to be solved by technical personnel in the field urgently.
Disclosure of Invention
The application aims to provide a data encryption protection method and system based on a block chain, which can prevent a data uploading terminal with low safety and reliability from encrypting and storing data on the block chain, prevent the storage node with abnormal storage performance from storing the data or the data from being stolen by an illegal request terminal, and improve the safety and reliability of the data in the storage node of the block chain.
In order to achieve the above object, the present application provides a data encryption protection method based on a block chain, including:
responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal;
calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and uploading the encrypted ciphertext to a storage node of the block chain.
The block chain-based data encryption protection method further comprises the following steps:
acquiring storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
and judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node of which the storage performance evaluation value is larger than the preset second threshold value, and otherwise, not transferring the data.
The block chain-based data encryption protection method further includes:
responding to an instruction for requesting to acquire data in the blockchain storage node, and acquiring authentication data of a request terminal;
comparing the authentication data of the request end with the data in the preset reference database, and judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, otherwise, forbidding the request end to acquire the related data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
As above, wherein, the security assessment feature data of the data uploading terminal includes: attribute characteristic data of the data uploading terminal, operation loopholes of the data uploading terminal and a feedback result of requesting to upload data to be encrypted to the block chain.
As above, the calculation formula of the safe and reliable value of the data uploading terminal is:
wherein the content of the first and second substances,the data is uploaded to a safe and reliable value of the terminal;the number of the attribute features of the data uploading terminal belonging to authorization is represented;;representing data upload terminalsA security impact value of the individual attribute feature;the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;are all parameters which are used as the raw materials,is shown asA security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;representing data upload terminalsA security impact value of the individual unauthorized feature;representing the total number of the loopholes;is shown asA security impact factor for each vulnerability;is shown asA risk value of an individual vulnerability;representing the number of times of uploading data is allowed as a feedback result;representing the number of times that the feedback result is that the data uploading is forbidden;the feedback result is represented as a safety influence factor allowing data to be uploaded;and indicating that the feedback result is a safety influence factor for forbidding uploading data.
As above, the block chain has an encryption node, a storage node, and an index node, the encryption terminal on the encryption node generates a key, encrypts data to be encrypted through the key to obtain a ciphertext, stores the ciphertext in the storage node, and stores the encrypted key and address information of the storage node where the ciphertext is located in the index node.
As above, wherein the storage performance indicator data of the storage node comprises: node attribute feature data, node resource consumption feature data and node anomaly feature data.
The present application further provides a block chain-based data encryption protection system, which is characterized in that the system includes:
the data acquisition module is used for responding to a request of the data uploading terminal to store data to be encrypted into a storage node of the block chain and acquiring security evaluation characteristic data of the data uploading terminal;
the data processor is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module is used for comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and the data uploading module is used for uploading the encrypted ciphertext to a storage node of the block chain.
The data acquisition module is also used for acquiring the storage performance index data of the storage nodes;
the data processor is also used for calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
the data comparison module is further used for judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node with the storage performance evaluation value larger than the preset second threshold value, otherwise, not needing to transfer the data.
The data acquisition module is also used for responding to an instruction for requesting to acquire data in the block chain storage node and acquiring authentication data of a request end;
the data comparison module is further used for comparing the authentication data of the request end with the data in the preset reference database, judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, and otherwise, forbidding the request end to acquire the related data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
The beneficial effect that this application realized is as follows:
(1) according to the method and the device, the safe and reliable value of the data uploading terminal is calculated according to the safety evaluation characteristic data of the data uploading terminal, so that users with safe and reliable values meeting requirements are allowed to upload data, unsafe users are forbidden to upload data, the data uploading terminal with low safe and reliable degree is prevented from encrypting and storing data on the block chain, and the safe and reliable performance of the data on the block chain is improved.
(2) According to the method and the device, the storage performance index data of the storage node are collected, the storage performance evaluation value of the storage node is calculated, and the encrypted ciphertext data is stored in the storage node with the storage performance evaluation value meeting the requirement, so that the safety and reliability of ciphertext data storage are guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a flowchart of a data encryption protection method based on a blockchain according to an embodiment of the present disclosure.
Fig. 2 is a flowchart of a method for determining whether to allow a data uploading terminal to upload data according to a safe and reliable value of the data uploading terminal in an embodiment of the present application.
Fig. 3 is a schematic structural diagram of a data encryption protection system based on a block chain according to an embodiment of the present application.
Reference numerals: 10-a data acquisition module; 20-a data processor; 30-a data comparison module; 40-a data upload module; 50-blockchain; 100-data encryption protection system.
Detailed Description
The technical solutions in the embodiments of the present application are clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example one
As shown in fig. 1, the present application provides a data encryption protection method based on a block chain, which includes the following steps:
step S1, in response to the request signal that the data uploading terminal stores the data to be encrypted in the blockchain, obtaining the security assessment feature data of the data uploading terminal.
Specifically, the data uploading terminal generates data to be encrypted, the data to be encrypted is packaged to generate a data summary or a file name, the data is requested to be uploaded to an encryption node on the block chain and stored, and the encryption node on the block chain receives the request signal to obtain the security evaluation characteristic data of the data uploading terminal.
As a specific embodiment of the present invention, the security assessment feature data of the data uploading terminal includes: attribute feature data of the data uploading terminal: the IP address, the MAC address, the user name, the request access port and the like, and the operation loophole of the data uploading terminal, the feedback result (including forbidding to upload data or permitting to upload data) of the data to be encrypted, which is requested to upload the data to the block chain, and the like.
And step S2, calculating the safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal.
The calculation formula of the safe and reliable value of the data uploading terminal is as follows:
wherein the content of the first and second substances,the data is uploaded to a safe and reliable value of the terminal;the number of the attribute features of the data uploading terminal belonging to authorization is represented;;representing data upload terminalsA security impact value of the individual attribute feature;the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;are all parameters which are used as the raw materials,is shown asA security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;representing data upload terminalsA security impact value of the individual unauthorized feature;representing the total number of the loopholes;is shown asA security impact factor for each vulnerability;is shown asA risk value of an individual vulnerability;representing the number of times of uploading data is allowed as a feedback result;representing the number of times that the feedback result is that the data uploading is forbidden;the feedback result is represented as a safety influence factor allowing data to be uploaded;and indicating that the feedback result is a safety influence factor for forbidding uploading data.
Step S3, comparing the safety and reliability value with a preset first threshold value, if the safety and reliability value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, encrypting the data to be encrypted, and uploading the encrypted ciphertext to a storage node of the block chain; and if not, forbidding to upload the data to be encrypted of the data upload terminal to the block chain.
As shown in fig. 2, step S3 includes the following sub-steps:
step S310, comparing the safety and reliability value with a preset first threshold, if the safety and reliability value is greater than the preset first threshold, executing steps S320 and S330, otherwise, executing step S340.
And step S320, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted.
And step S330, uploading the encrypted ciphertext to a storage node of the block chain.
And step S340, prohibiting uploading the data to be encrypted of the data uploading terminal to the block chain.
As a specific embodiment of the present invention, the safety and reliability value is compared with a preset first threshold, and if the safety and reliability value is greater than the preset first threshold, a result that the data uploading to the encryption node of the block chain is permitted is fed back to the data uploading terminal, otherwise, a result that the data uploading to the encryption node of the block chain is prohibited is fed back to the data uploading terminal.
As a specific embodiment of the present invention, a storage node of a block chain is connected to an encryption terminal (encryption node), the encryption terminal generates a key, encrypts data to be encrypted by the key to obtain a ciphertext, and stores the ciphertext into the storage node of the block chain.
As an embodiment of the present invention, a key for encryption processing and location information (address information of a storage node) of ciphertext storage are stored in an index node of a block chain.
As a specific embodiment of the present invention, a ciphertext file name and data upload terminal information are stored in an index node, a key for decrypting a ciphertext and location information of the ciphertext storage are stored in the index node after signature processing, and a verification private key for verifying a signature is sent to an authorized user. And the authorized user acquires the ciphertext storage position and the key for ciphertext decryption according to the verification private key, so that the ciphertext is acquired according to the ciphertext storage position, and the ciphertext is decrypted according to the key.
Step S4, obtaining storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the security performance index data of the storage node.
As a specific embodiment of the present invention, the storage performance index data of the storage node includes: node attribute feature data, node resource consumption feature data, node abnormal feature data and the like.
As a specific embodiment of the present invention, the node attribute feature data includes: node number, node address information, node networking information and node marking authorization information. The node number and the address information of the node both reflect whether the node is an authorized storage node for storing encrypted data. The node networking information displays the network information connected with the storage node, whether the network information connected with the storage node is an authorized network or not can be judged according to the network information connected with the storage node, if yes, the networking information is correct, the networking information can be used for normally receiving the encrypted data needing to be stored, and otherwise, the encrypted data needing to be stored cannot be normally received. The storage nodes are marked with authorization information, and the nodes marked with the authorization information are set storage nodes capable of storing the encrypted data.
As a specific embodiment of the present invention, the node resource consumption feature data includes: the memory occupancy rate, the CPU utilization rate and the average rate of the node processor for processing the current task (read-write operation) are the same, the average rate of the node processor for processing the current task is equal to the average value of the rates of the node processor for processing all the current tasks, the rate for processing a single task is equal to the task size divided by the task processing time length, and the rate of the node processor for processing the task in the selected task processing time length is calculated.
As a specific embodiment of the present invention, the abnormal characteristic data of the node includes network connection interruption, route change, bad disk block, storage process interruption, storage data messy code, and the like.
The calculation formula of the storage performance evaluation value of the storage node is as follows:
wherein the content of the first and second substances,representing a storage performance evaluation value of the storage node;representing the influence parameters of the node attribute characteristic data on the storage performance evaluation value;is shown asThe influence value of the attribute characteristics of each node belonging to the authorization on the storage performance;representing the total number of the attribute characteristics of the nodes belonging to the authorization;is shown asThe influence value of the attribute characteristics of each node belonging to the unauthorized node on the storage performance;representing the total number of attribute features belonging to unauthorized nodes;;representing a multiplicative sign;data pair representing node resource consumption characteristicsStoring the influence parameters of the performance evaluation values;the influence parameter represents the influence parameter of the abnormal characteristic data of the node on the storage performance evaluation value;represents the average rate at which the node processor processes the current task;representing the memory occupancy rate of the node processor;representing a CPU usage rate;representing the total number of node anomaly characteristics;is shown asThe weight of the abnormal characteristic of each node;is shown asThe degree of influence of the abnormal characteristics of each node on the storage performance is measured.
Step S5, determining whether the storage performance evaluation value of the storage node is smaller than a preset second threshold, if so, transferring the data stored in the storage node to the storage node whose storage performance evaluation value is larger than the preset second threshold, otherwise, not performing data transfer.
Step S6, in response to the instruction for requesting to acquire data in the blockchain storage node, acquires authentication data of the requesting end.
As a specific embodiment of the present invention, the authentication data includes: username, IP address, MAC address, connection network, authentication private key, etc.
Step S7, comparing the authentication data of the request end with the data in the preset reference database, and determining whether the authentication data all belong to the data in the preset reference database, if yes, allowing the request end to obtain the requested data, otherwise, prohibiting the request end from obtaining the requested data.
As a specific embodiment of the present invention, the reference database stores authorized user names, IP addresses, MAC addresses, connection networks, and the like. The reference database is disposed in the index node. The reference database also stores the name of the encrypted data file, and address information and key information of a storage node corresponding to the encrypted data file.
As a specific embodiment of the present invention, whether the request end is an authorized user is verified according to the verification private key, and if so, the request end is allowed to obtain the location where the ciphertext is stored and the key information for decrypting the ciphertext. Specifically, address information and key information of a corresponding storage node are searched in an index node according to a name of an encrypted data file (ciphertext) requested to be acquired by a request end, whether the acquired authentication data of the request end is consistent with authorization information stored in a preset authorization standard library or not is compared in the index node, if yes, the request end has the authority of acquiring block chain data, the request end is allowed to acquire the requested data, otherwise, the request end does not have the authority of acquiring the block chain data, and the request end is prohibited from acquiring related data.
As another specific embodiment of the present invention, first, it is determined whether the user name, the IP address, the MAC address, and the connection network of the request end all belong to authorized data in the reference database, if so, a verification private key of the request end is obtained, it is determined whether the verification private key of the request end is consistent with a key stored in the reference database, if so, the request end is allowed to obtain a key used for obtaining signature processing and location information of ciphertext storage, the request end obtains ciphertext data on a block chain according to the obtained key and the location information of ciphertext storage, and the request end decrypts the ciphertext data encrypted on the block chain by using the verification key thereof, thereby obtaining the required data; and if not, prohibiting the request terminal from acquiring the position information of the key and the ciphertext storage.
Example two
As shown in fig. 3, the present application further provides a data encryption protection system 100 based on a blockchain, which includes:
the data acquisition module 10 is configured to respond to a request of the data uploading terminal to store data to be encrypted in a storage node of the block chain, and acquire security evaluation feature data of the data uploading terminal;
the data processor 20 is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module 30 is configured to compare the safe and reliable value with a preset first threshold, and if the safe and reliable value is greater than the preset first threshold, upload the to-be-encrypted data of the data upload terminal to an encryption node of the block chain 50, and encrypt the to-be-encrypted data; otherwise, forbidding uploading the data to be encrypted of the data uploading terminal to the block chain 50;
and the data uploading module 40 is configured to be in communication connection with the blockchain 50, and upload the encrypted ciphertext to a storage node of the blockchain 50.
The data acquisition module 10 is further configured to acquire storage performance index data of the storage node;
the data processor 20 is further configured to calculate a storage performance evaluation value of the storage node according to the security performance index data of the storage node;
the data comparing module 30 is further configured to determine whether the storage performance evaluation value of the storage node is smaller than a preset second threshold, if so, transfer the data stored in the storage node to the storage node whose storage performance evaluation value is larger than the preset second threshold, otherwise, do not need to perform data transfer.
The data obtaining module 10 is further configured to, in response to an instruction for requesting to obtain data in a storage node of the blockchain 50, obtain authentication data of a requesting end;
the data comparison module 30 is further configured to compare the authentication data of the request end with data in a preset reference database, and determine whether the authentication data all belong to the data in the preset reference database, if yes, allow the request end to acquire the requested data, and if not, prohibit the request end from acquiring the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
The calculation formula of the safe and reliable value of the data uploading terminal is as follows:
wherein the content of the first and second substances,the data is uploaded to a safe and reliable value of the terminal;the number of the attribute features of the data uploading terminal belonging to authorization is represented;;representing data upload terminalsA security impact value of the individual attribute feature;the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;are all parameters which are used as the raw materials,is shown asA security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;representing data upload terminalsA security impact value of the individual unauthorized feature;representing the total number of the loopholes;is shown asA security impact factor for each vulnerability;is shown asA risk value of an individual vulnerability;representing the number of times of uploading data is allowed as a feedback result;representing the number of times that the feedback result is that the data uploading is forbidden;the feedback result is represented as a safety influence factor allowing data to be uploaded;and indicating that the feedback result is a safety influence factor for forbidding uploading data.
The calculation formula of the storage performance evaluation value of the storage node is as follows:
wherein the content of the first and second substances,representing a storage performance evaluation value of the storage node;representing the influence parameters of the node attribute characteristic data on the storage performance evaluation value;is shown asThe influence value of the attribute characteristics of each node belonging to the authorization on the storage performance;representing the total number of the attribute characteristics of the nodes belonging to the authorization;is shown asThe influence value of the attribute characteristics of each node belonging to the unauthorized node on the storage performance;representing the total number of attribute features belonging to unauthorized nodes;;representing a multiplicative sign;the influence parameter represents the influence parameter of the node resource consumption characteristic data on the storage performance evaluation value;the influence parameter represents the influence parameter of the abnormal characteristic data of the node on the storage performance evaluation value;represents the average rate at which the node processor processes the current task;representing the memory occupancy rate of the node processor;representing a CPU usage rate;representing the total number of node anomaly characteristics;is shown asThe weight of the abnormal characteristic of each node;is shown asThe degree of influence of the abnormal characteristics of each node on the storage performance is measured.
The beneficial effect that this application realized is as follows:
(1) according to the method and the device, the safe and reliable value of the data uploading terminal is calculated according to the safety evaluation characteristic data of the data uploading terminal, so that users with safe and reliable values meeting requirements are allowed to upload data, unsafe users are forbidden to upload data, the data uploading terminal with low safe and reliable degree is prevented from encrypting and storing data on the block chain, and the safe and reliable performance of the data on the block chain is improved.
(2) According to the method and the device, the storage performance index data of the storage node are collected, the storage performance evaluation value of the storage node is calculated, and the encrypted ciphertext data is stored in the storage node with the storage performance evaluation value meeting the requirement, so that the safety and reliability of ciphertext data storage are guaranteed.
The above description is only an embodiment of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. A data encryption protection method based on a block chain is characterized by comprising the following steps:
responding to a request signal of the data uploading terminal for storing the data to be encrypted in the block chain, and acquiring security evaluation characteristic data of the data uploading terminal;
calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and uploading the encrypted ciphertext to a storage node of the block chain.
2. The method for protecting data encryption based on block chains according to claim 1, further comprising:
acquiring storage performance index data of the storage node, and calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
and judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node of which the storage performance evaluation value is larger than the preset second threshold value, and otherwise, not transferring the data.
3. The method for protecting data encryption based on block chains according to claim 1 or 2, further comprising:
responding to an instruction for requesting to acquire data in the blockchain storage node, and acquiring authentication data of a request terminal;
comparing the authentication data of the request end with the data in the preset reference database, and judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, otherwise, forbidding the request end to acquire the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
4. The data encryption protection method based on the blockchain according to claim 1, wherein the security evaluation feature data of the data uploading terminal includes: attribute characteristic data of the data uploading terminal, operation loopholes of the data uploading terminal and a feedback result of requesting to upload data to be encrypted to the block chain.
5. The block chain-based data encryption protection method according to claim 4, wherein the secure and reliable value of the data upload terminal is calculated by the following formula:
wherein the content of the first and second substances,the data is uploaded to a safe and reliable value of the terminal;the number of the attribute features of the data uploading terminal belonging to authorization is represented;;representing data upload terminalsA security impact value of the individual attribute feature;the number of attribute features representing that the attribute features of the data uploading terminal do not belong to authorized features or unauthorized features;are all parameters which are used as the raw materials,is shown asA security impact value for an attribute feature that is neither an authorized feature nor an unauthorized feature;the number of the attribute features of the data uploading terminal which belong to the unauthorized number is represented;representing data upload terminalsA security impact value of the individual unauthorized feature;representing the total number of the loopholes;is shown asA security impact factor for each vulnerability;is shown asA risk value of an individual vulnerability;representing the number of times of uploading data is allowed as a feedback result;representing the number of times that the feedback result is that the data uploading is forbidden;the feedback result is represented as a safety influence factor allowing data to be uploaded;and indicating that the feedback result is a safety influence factor for forbidding uploading data.
6. The data encryption protection method based on the block chain as claimed in claim 1, wherein the block chain has an encryption node, a storage node and an index node, the encryption terminal on the encryption node generates a key, encrypts the data to be encrypted by the key to obtain a ciphertext, stores the ciphertext in the storage node, and stores the encrypted key and address information of the storage node where the ciphertext is located in the index node.
7. The method according to claim 2, wherein the storing performance index data of the storage node comprises: node attribute feature data, node resource consumption feature data and node anomaly feature data.
8. A system for encrypting and protecting data based on a blockchain, the system comprising:
the data acquisition module is used for responding to a request of the data uploading terminal to store data to be encrypted into a storage node of the block chain and acquiring security evaluation characteristic data of the data uploading terminal;
the data processor is used for calculating a safe and reliable value of the data uploading terminal according to the safety evaluation characteristic data of the data uploading terminal;
the data comparison module is used for comparing the safe and reliable value with a preset first threshold value, if the safe and reliable value is larger than the preset first threshold value, uploading the data to be encrypted of the data uploading terminal to an encryption node of the block chain, and encrypting the data to be encrypted; otherwise, forbidding to upload the data to be encrypted of the data upload terminal to the block chain;
and the data uploading module is used for uploading the encrypted ciphertext to a storage node of the block chain.
9. The blockchain-based data encryption protection system of claim 8,
the data acquisition module is also used for acquiring the storage performance index data of the storage nodes;
the data processor is also used for calculating a storage performance evaluation value of the storage node according to the safety performance index data of the storage node;
the data comparison module is further used for judging whether the storage performance evaluation value of the storage node is smaller than a preset second threshold value, if so, transferring the data stored in the storage node to the storage node with the storage performance evaluation value larger than the preset second threshold value, otherwise, not needing to transfer the data.
10. The system for encryption protection of data based on block chains according to claim 8 or 9,
the data acquisition module is also used for responding to an instruction for requesting to acquire data in the block chain storage node and acquiring authentication data of a request end;
the data comparison module is further used for comparing the authentication data of the request end with the data in the preset reference database, judging whether the authentication data belong to the data in the preset reference database, if so, allowing the request end to acquire the requested data, and otherwise, forbidding the request end to acquire the requested data;
the reference database stores authorized user names, IP addresses, MAC addresses and connection networks.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111566387.3A CN113949591B (en) | 2021-12-21 | 2021-12-21 | Data encryption protection method and system based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111566387.3A CN113949591B (en) | 2021-12-21 | 2021-12-21 | Data encryption protection method and system based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113949591A true CN113949591A (en) | 2022-01-18 |
CN113949591B CN113949591B (en) | 2022-07-05 |
Family
ID=79339447
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111566387.3A Active CN113949591B (en) | 2021-12-21 | 2021-12-21 | Data encryption protection method and system based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113949591B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115134169A (en) * | 2022-08-29 | 2022-09-30 | 北京中科金财科技股份有限公司 | Block chain data management method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108932664A (en) * | 2018-06-26 | 2018-12-04 | 尹煦 | A kind of region chain data platform information method for uploading |
CN109690551A (en) * | 2018-08-24 | 2019-04-26 | 区链通网络有限公司 | Block chain data guard method, device, system and computer readable storage medium |
US20210056547A1 (en) * | 2019-08-19 | 2021-02-25 | Anchor Labs, Inc. | Cryptoasset custodial system with proof-of-stake blockchain support |
CN112637341A (en) * | 2020-12-22 | 2021-04-09 | 平安银行股份有限公司 | File uploading method and device, electronic equipment and storage medium |
CN113411397A (en) * | 2021-06-18 | 2021-09-17 | 北京伟杰东博信息科技有限公司 | Data secure transmission method and system based on Internet of things |
CN113420091A (en) * | 2021-06-30 | 2021-09-21 | 中国银行股份有限公司 | Block chain-based user behavior acquisition method and device |
-
2021
- 2021-12-21 CN CN202111566387.3A patent/CN113949591B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108932664A (en) * | 2018-06-26 | 2018-12-04 | 尹煦 | A kind of region chain data platform information method for uploading |
CN109690551A (en) * | 2018-08-24 | 2019-04-26 | 区链通网络有限公司 | Block chain data guard method, device, system and computer readable storage medium |
US20210056547A1 (en) * | 2019-08-19 | 2021-02-25 | Anchor Labs, Inc. | Cryptoasset custodial system with proof-of-stake blockchain support |
CN112637341A (en) * | 2020-12-22 | 2021-04-09 | 平安银行股份有限公司 | File uploading method and device, electronic equipment and storage medium |
CN113411397A (en) * | 2021-06-18 | 2021-09-17 | 北京伟杰东博信息科技有限公司 | Data secure transmission method and system based on Internet of things |
CN113420091A (en) * | 2021-06-30 | 2021-09-21 | 中国银行股份有限公司 | Block chain-based user behavior acquisition method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115134169A (en) * | 2022-08-29 | 2022-09-30 | 北京中科金财科技股份有限公司 | Block chain data management method and system |
CN115134169B (en) * | 2022-08-29 | 2022-11-15 | 北京中科金财科技股份有限公司 | Block chain data management method and system |
Also Published As
Publication number | Publication date |
---|---|
CN113949591B (en) | 2022-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106230851B (en) | Data security method and system based on block chain | |
KR101404755B1 (en) | Method for securely communicating information about the location of a compromised computing device | |
KR101252707B1 (en) | Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access | |
US8484486B2 (en) | Integrated cryptographic security module for a network node | |
CN107404472B (en) | Method and apparatus for migration of encryption keys | |
CN112468995B (en) | Searchable encryption privacy protection method and system based on Internet of vehicles | |
CN107438230A (en) | Safe wireless ranging | |
CN113114621B (en) | Communication method for bus dispatching system and bus dispatching system | |
CA2538850A1 (en) | Record carrier, system, method and program for conditional access to data stored on the record carrier | |
CN113949591B (en) | Data encryption protection method and system based on block chain | |
CN111541790B (en) | Big data processing method and system based on block chain | |
CN107026729B (en) | Method and device for transmitting software | |
CN110830507B (en) | Resource access method, device, electronic equipment and system | |
JP2008176741A (en) | Client terminal, service providing server, service providing system, control method, and service providing method | |
KR102462736B1 (en) | Method, device, and computer-readable storage medium comprising instructions for signing measurement values of a sensor | |
CN113411397A (en) | Data secure transmission method and system based on Internet of things | |
KR102055888B1 (en) | Encryption and decryption method for protecting information | |
CN111651740B (en) | Trusted platform sharing system for distributed intelligent embedded system | |
CN114386063A (en) | Authentication system, method and device for accessing data of Internet of things equipment | |
CN117407849B (en) | Industrial data security protection method and system based on industrial Internet technology | |
CN115242440B (en) | Block chain-based internet of things equipment trusted calling method, device and equipment | |
CN114218559A (en) | Big data security protection method and system | |
CN118041589A (en) | Data encryption method, device and storage medium | |
CN113158212A (en) | Distributed database security authentication method based on block chain technology | |
CN117972789A (en) | Artificial intelligence water affair data management method, device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |