CN114003940A - Data security sharing system based on block chain and IBE - Google Patents
Data security sharing system based on block chain and IBE Download PDFInfo
- Publication number
- CN114003940A CN114003940A CN202111356455.3A CN202111356455A CN114003940A CN 114003940 A CN114003940 A CN 114003940A CN 202111356455 A CN202111356455 A CN 202111356455A CN 114003940 A CN114003940 A CN 114003940A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- sender
- receiver
- ibe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention provides a data security sharing system based on a block chain and an IBE (information base entity), which relates to the technical field of block chains, and comprises the following steps: data sender S: is responsible for sharing and sending data; and (3) intelligent contract SC: data between a data sender S and a data receiver R are transmitted, and identity registration and management are carried out on the data sender S and the data receiver R; data receiver R: receiving related data sent by a data sender S; block chain network: executing the intelligent contract SC and storing data; wherein the intelligent contract is on a blockchain network with which the data sender S and the data receiver R communicate. The invention can solve the problem of managing the user certificate in the traditional public key infrastructure in the field of data sharing.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a data security sharing system based on a block chain and an IBE.
Background
In the existing data sharing scheme, in order to perform identity authentication and guarantee the security of shared data, a PKI system is generally adopted to perform data party identity authentication and data security protection, and in order to obtain an encryption key of an opposite party, digital certificates need to be exchanged between sharing parties in advance, and the digital certificates need to be exchanged again after the key is updated. Moreover, the ID of the data sharing party has no direct relationship with the key, and the user needs to perform the management of the corresponding relationship. Management and maintenance of public key certificate repositories requires significant computational, communication and storage costs.
The important reason that identity-based cryptography is proposed is to simplify the management of user public key certificates in the traditional public key infrastructure, the basic idea being to bind the user's identity with its public key in the most natural way: the identity information of the user is the public key of the user. And the blockchain has the characteristics of non-tampering, distributed storage, uniqueness, intelligent contracts and the like, and is suitable for management of users, storage of data and the like.
The invention patent with publication number CN111444264A discloses a data security sharing method based on a block chain, which comprises that S1, a data provider, a data demander, a data sharing platform and a platform supervisor are used as nodes to construct a data security sharing chain; s2, uploading the data to a data sharing platform by the data provider; s3, the data sharing platform stores the data into the block chain; s4, the data requester and the data sharing platform reach a data sharing protocol; s5, the data sharing platform calls corresponding data from the block chain according to the data needs; s6, the data sharing platform processes the called data and provides the inquired result to the data demander; s7, judging whether a change event occurs or not, judging whether the change type is data change or not, and if so, encrypting the change data corresponding to the change event to obtain change encrypted data; and S8, recording the behavior of the whole data sharing inquiry process on the blockchain through the blockchain behavior recording contract.
In the existing data sharing scheme, a PKI system security protection mechanism is generally adopted, and in order to obtain an encryption key of an opposite party, digital certificates need to be exchanged between sharing parties in advance, and the digital certificates need to be exchanged again after the key is updated. Moreover, the ID of the data sharing party has no direct relationship with the key, and the user needs to perform the management of the corresponding relationship. Management and maintenance of public key certificate repositories requires significant computational, communication and storage costs.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a data security sharing system based on a block chain and an IBE.
According to the data security sharing system based on the block chain and the IBE, the scheme is as follows:
a system for secure sharing of data based on blockchains and IBEs, the system comprising:
data sender S: is responsible for sharing and sending data;
and (3) intelligent contract SC: data between a data sender S and a data receiver R are transmitted, and identity registration and management are carried out on the data sender S and the data receiver R;
data receiver R: receiving related data sent by a data sender S;
block chain network: executing the intelligent contract SC and storing data;
wherein the intelligent contract is on a blockchain network with which the data sender S and the data receiver R communicate.
Preferably, the data sender S performs the following operations:
randomly generating a data encryption key K;
symmetric encryption is carried out on the shared data M by using a secret key K to obtain a ciphertext M;
IBE encryption is carried out on the key K by using the identity Idr of the data receiver R to obtain a key ciphertext C;
and packaging and sending the key ciphertext C and the ciphertext M to a data receiver R through an intelligent contract.
Preferably, the intelligent contract SC performs the following operations:
the node P with the management authority is responsible for deploying and destroying the contract;
registering and managing the identities of a data sender S and a data receiver R;
generating corresponding IBE algorithm decryption keys SKs and SKr for a data sender S and a data receiver R;
generating new IBE algorithm decryption keys SKs1 and SKr1 for the data sender S and the data receiver R according to the key updating strategy;
data between a data sender S and a data receiver R is communicated.
Preferably, the data receiver R performs the following operations:
obtaining the identity IDr of the data receiver R and the IBE algorithm decryption key SKr of the data receiver R;
acquiring the packed data of a key ciphertext C and a ciphertext M sent to the intelligent contract SC;
decrypting the key ciphertext C by using the IBE algorithm decryption key SKr to obtain a data encryption key K;
symmetrically decrypting the ciphertext M by using the key K to obtain shared data M;
preferably, the operations performed by the blockchain network include: the smart contract SC is executed and the data is stored.
Compared with the prior art, the invention has the following beneficial effects:
the invention fuses the intelligent contract technology of the block chain and an identity-based encryption (IBE) mechanism, realizes the data security sharing of both communication parties, eliminates the management of a user public key certificate in the traditional public key infrastructure, simplifies the data sharing process, and particularly:
(1) user ID registration, management, key updating strategy management and the like are realized through a block chain intelligent contract;
(2) data communication is realized through a block chain intelligent contract;
(3) the data sharing process is completed under the block chain network, and the whole process can be traced.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a full flow interaction diagram.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
An embodiment of the present invention provides a data security sharing system based on a block chain and an IBE, and as shown in fig. 1, the present invention specifically includes:
data sender S: is responsible for sharing and sending data;
and (3) intelligent contract SC: data between a data sender S and a data receiver R are transmitted, and identity registration and management are carried out on the data sender S and the data receiver R;
data receiver R: receiving related data sent by a data sender S;
block chain network: executing the intelligent contract SC and storing data;
wherein the intelligent contract is on a blockchain network with which the data sender S and the data receiver R communicate.
Specifically, the data sender S performs the following operations:
randomly generating a data encryption key K;
symmetric encryption is carried out on the shared data M by using a secret key K to obtain a ciphertext M;
IBE encryption is carried out on the key K by using the identity Idr of the data receiver R to obtain a key ciphertext C;
and packaging and sending the key ciphertext C and the ciphertext M to a data receiver R through an intelligent contract.
The intelligent contract SC performs the following operations:
the node P with the management authority is responsible for deploying and destroying the contract;
registering and managing the identities of a data sender S and a data receiver R;
generating corresponding IBE algorithm decryption keys SKs and SKr for a data sender S and a data receiver R;
generating new IBE algorithm decryption keys SKs1 and SKr1 for the data sender S and the data receiver R according to the key updating strategy;
data between a data sender S and a data receiver R is communicated.
The data receiver R performs the following operations:
obtaining the identity IDr of the data receiver R and the IBE algorithm decryption key SKr of the data receiver R;
acquiring the packed data of a key ciphertext C and a ciphertext M sent to the intelligent contract SC;
decrypting the key ciphertext C by using the IBE algorithm decryption key SKr to obtain a data encryption key K;
symmetrically decrypting the ciphertext M by using the key K to obtain shared data M;
the operations performed by the blockchain network include: the smart contract SC is executed and the data is stored.
The present invention will be described in more detail below.
The invention provides a data security sharing system based on a block chain and an IBE (identity based entity), which specifically comprises:
data sender S: is responsible for sharing and sending data;
and (3) intelligent contract SC: data between a data sender S and a data receiver R are transmitted, and identity registration and management are carried out on the data sender S and the data receiver R;
data receiver R: receiving related data sent by a data sender S;
block chain network: executing the intelligent contract SC and storing data;
wherein the intelligent contract is on a blockchain network with which the data sender S and the data receiver R communicate.
Specifically, the data sender S performs the following operations:
a data sender S registers through an intelligent contract to obtain an identity IDs of the data sender S and a corresponding private key SKs;
collecting/generating shared data m;
querying the identity Idr of the data receiver through the contract;
randomly generating a data encryption key K;
symmetrically encrypting the shared data M by using a data encryption key K to obtain a data ciphertext M;
IBE encryption is carried out on the key K by using the identity Idr of the data receiver R to obtain a key ciphertext C;
and calling an intelligent contract SC, and packaging and sending the key ciphertext C and the data ciphertext M to a data receiver R through the intelligent contract.
The intelligent contract SC performs the following operations:
the node P with the contract management authority is responsible for deploying the intelligent contract SC;
registering identities and managing identities for a data sender S and a data receiver R;
generating corresponding IBE algorithm decryption keys SKs and SKr for a data sender S and a data receiver R;
updating and generating new IBE algorithm decryption keys SKs1 and SKr1 for a data sender S and a data receiver R according to a key updating policy set in the intelligent contract;
data between a data sender S and a data receiver R is communicated.
The data receiver R performs the following operations:
the data sender S registers through an intelligent contract to obtain the identity IDr of the data sender S and a corresponding private key SKr;
acquiring packed data of a key ciphertext C and a data ciphertext M sent to the intelligent contract SC;
decrypting the key ciphertext C by using the IBE algorithm decryption key SKr to obtain a data encryption and decryption key K;
symmetrically decrypting the ciphertext M by using the data encryption and decryption key K to obtain shared data M;
the operations performed by the blockchain network include:
executing the intelligent contract SC;
and storing data information, such as identities IDs and Idr, ciphertext data uploaded by the data sender S and the like.
The implementation principle is as follows:
the block chain node P with the contract management authority is responsible for deploying the intelligent contract SC; the data sender S and the data receiver R register through an intelligent contract SC to obtain respective identities and corresponding IBE decryption keys;
the method comprises the steps that a data sender S acquires/generates data M, randomly generates a symmetric encryption and decryption key K, symmetrically encrypts the data M by using the K to obtain a data ciphertext M, encrypts the symmetric encryption and decryption key K by using the identity Idr of a receiver R to obtain a key ciphertext C, packs the key ciphertext C and the data ciphertext M together and sends the key ciphertext C and the data ciphertext M to the data receiver R through an intelligent contract SC;
the data receiver R obtains data sent to the data receiver R through the intelligent contract SC, analyzes the key ciphertext C and the data ciphertext M, decrypts the key ciphertext C by using the IBE algorithm decryption key SKr to obtain a data encryption and decryption key K, and symmetrically decrypts the ciphertext M by using the decrypted data encryption and decryption key K to obtain the shared data M.
The embodiment of the invention provides a data security sharing system based on a block chain and an IBE (identity based encryption Environment), which adopts a block chain technology (intelligent contract) and an identity-based encryption (IBE) technology to solve the problem of managing user certificates in the traditional public key infrastructure in the field of data sharing.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (5)
1. A data security sharing system based on a blockchain and IBE is characterized by comprising:
data sender S: is responsible for sharing and sending data;
and (3) intelligent contract SC: data between a data sender S and a data receiver R are transmitted, and identity registration and management are carried out on the data sender S and the data receiver R;
data receiver R: receiving related data sent by a data sender S;
block chain network: executing the intelligent contract SC and storing data;
wherein the intelligent contract is on a blockchain network with which the data sender S and the data receiver R communicate.
2. The system according to claim 1, wherein the data sender S performs the following operations:
randomly generating a data encryption key K;
symmetric encryption is carried out on the shared data M by using a secret key K to obtain a ciphertext M;
IBE encryption is carried out on the key K by using the identity Idr of the data receiver R to obtain a key ciphertext C;
and packaging and sending the key ciphertext C and the ciphertext M to a data receiver R through an intelligent contract.
3. The blockchain and IBE based data security sharing system according to claim 1, wherein the intelligent contract SC performs the following operations:
the node P with the management authority is responsible for deploying and destroying the contract;
registering and managing the identities of a data sender S and a data receiver R;
generating corresponding IBE algorithm decryption keys SKs and SKr for a data sender S and a data receiver R;
generating new IBE algorithm decryption keys SKs1 and SKr1 for the data sender S and the data receiver R according to the key updating strategy;
data between a data sender S and a data receiver R is communicated.
4. The system according to claim 1, wherein the data receiver R performs the following operations:
obtaining the identity IDr of the data receiver R and the IBE algorithm decryption key SKr of the data receiver R;
acquiring the packed data of a key ciphertext C and a ciphertext M sent to the intelligent contract SC;
decrypting the key ciphertext C by using the IBE algorithm decryption key SKr to obtain a data encryption key K;
and symmetrically decrypting the ciphertext M by using the key K to obtain the shared data M.
5. The blockchain and IBE based data security sharing system according to claim 1, wherein the blockchain network performs operations comprising: the smart contract SC is executed and the data is stored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356455.3A CN114003940A (en) | 2021-11-16 | 2021-11-16 | Data security sharing system based on block chain and IBE |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356455.3A CN114003940A (en) | 2021-11-16 | 2021-11-16 | Data security sharing system based on block chain and IBE |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114003940A true CN114003940A (en) | 2022-02-01 |
Family
ID=79929358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111356455.3A Pending CN114003940A (en) | 2021-11-16 | 2021-11-16 | Data security sharing system based on block chain and IBE |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114003940A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115102760A (en) * | 2022-06-21 | 2022-09-23 | 上海万向区块链股份公司 | System, method and medium for password-free secure login based on blockchain and DID |
-
2021
- 2021-11-16 CN CN202111356455.3A patent/CN114003940A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115102760A (en) * | 2022-06-21 | 2022-09-23 | 上海万向区块链股份公司 | System, method and medium for password-free secure login based on blockchain and DID |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632292B (en) | Data sharing method and system based on alliance chain | |
| CN109120639A (en) | A kind of data cloud storage encryption method and system based on block chain | |
| CN108377189A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
| CN111797415A (en) | Block chain based data sharing method, electronic device and storage medium | |
| US10880100B2 (en) | Apparatus and method for certificate enrollment | |
| CN113193953A (en) | Multi-authority attribute-based encryption method based on block chain | |
| Fan et al. | TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability | |
| CN109194474A (en) | A kind of data transmission method and device | |
| CN105577383A (en) | Management of cryptographic keys | |
| Asokan | Anonymity in a mobile computing environment | |
| WO2016136024A1 (en) | Key replacement direction control system, and key replacement direction control method | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| Hoang et al. | Privacy-preserving blockchain-based data sharing platform for decentralized storage systems | |
| CN112287392B (en) | Intelligent contract implementation method and system with privacy information protection function | |
| CN112187450B (en) | Method, device, equipment and storage medium for key management communication | |
| CN112966022B (en) | Information query method, device and system of data transaction platform | |
| CN108881240B (en) | Member privacy data protection method based on block chain | |
| CN110190956A (en) | Data transmission method, device, electronic equipment and machine readable storage medium | |
| CN112508576A (en) | Key management method, system and storage medium based on block chain | |
| Kroll et al. | Secure protocols for accountable warrant execution | |
| CN113872760A (en) | SM9 key infrastructure and security system | |
| GB2603495A (en) | Generating shared keys | |
| CN114003940A (en) | Data security sharing system based on block chain and IBE | |
| Fugkeaw et al. | Secure and Lightweight Blockchain-enabled Access Control for Fog-Assisted IoT Cloud based Electronic Medical Records Sharing | |
| Symeonidis et al. | Hermes: Scalable, secure, and privacy-enhancing vehicular sharing-access system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |