CN114297593A - Data hosting and sharing method and system based on block chain - Google Patents
Data hosting and sharing method and system based on block chain Download PDFInfo
- Publication number
- CN114297593A CN114297593A CN202111628525.6A CN202111628525A CN114297593A CN 114297593 A CN114297593 A CN 114297593A CN 202111628525 A CN202111628525 A CN 202111628525A CN 114297593 A CN114297593 A CN 114297593A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- verification
- identity
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a data hosting and sharing method and system based on a block chain, comprising the following steps: deploying an identity verification intelligent contract and a re-encryption intelligent contract on the bottom layer block chain; encrypting a data plaintext by using a first public key to generate a first ciphertext; obtaining an authority certificate through an identity authentication mechanism and the identity authentication intelligent contract; sending the authority certificate to the first user to generate a re-encryption key according to a first private key of the first user and a second public key of the second user; calling the re-encrypted intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encrypted key; and sending the second ciphertext to the second user to obtain the data plaintext. Compared with the prior art, the method and the system have the advantages that the identity authentication and the proxy re-encryption operation are implemented by calling the intelligent contract, so that the data ownership returns to the user, and the data security is guaranteed.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a data hosting and sharing method and system based on a block chain.
Background
The collection and storage of the current private data are independently managed by a third-party platform or mechanism, the data cannot be directly communicated and called, and the data are directly stored in a plaintext form. In the centralized data hosting mode, firstly, the problem of unreliable data hosting side can occur; secondly, the centralized platform is easy to attack, and the system security coefficient is low; thirdly, data leakage is easily caused in the data sharing process among different platforms. The above are three points to be urgently solved in realizing the storage and sharing of private data.
Patent document CN111222155A discloses a method and system for sharing data by re-encryption and block linking, the method includes: a first user sends a first ciphertext to a block chain platform, wherein the first ciphertext is obtained by encrypting a target data plaintext according to a first public key by the first user; receiving a target data sharing request message of a second user, wherein the target data sharing request message carries a second public key; performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; and sending the re-encryption key to the block chain platform, so that the block chain platform re-encrypts the first ciphertext according to the re-encryption key to obtain a second ciphertext, and the second ciphertext is used for the second user to decrypt according to a second private key to obtain the target data plaintext. But the method can not effectively protect the plaintext of the epidemic prevention data of the user.
Disclosure of Invention
In view of the defects in the prior art, the present invention provides a method and a system for data hosting and sharing based on a blockchain.
The invention provides a data hosting and sharing method based on a block chain, which comprises the following steps:
step 1: deploying an identity verification intelligent contract and a re-encryption intelligent contract on the bottom layer block chain;
step 2: encrypting a data plaintext by using a first public key of a first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain;
and step 3: obtaining a second user's authority certificate for reading the data of the data plaintext through an identity authentication mechanism and an identity authentication intelligent contract;
and 4, step 4: sending the authority certificate to the first user to generate a re-encryption key according to a first private key of the first user and a second public key of a second user;
and 5: calling a re-encryption intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encryption key;
step 6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
Preferably, step 3, comprises:
step 301: sending the first verification content to the second user through the identity verification mechanism;
step 302: sending the second verification content to an identity verification mechanism for verification, wherein the second verification content is generated by a second user according to the first verification content;
step 303: if the verification fails, the second user continues to apply for data reading, or refuses to read the data of the data plaintext by the second user;
step 304: and if the verification is passed, sending the decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
Preferably, step 304, comprises:
step 3041: calling an identity authentication intelligent contract to authenticate the decentralized identity;
step 3042: if the verification is passed, acquiring an authority certificate;
step 3043: and if the verification is not passed, the data reading of the second user is refused.
Preferably, the first authentication content comprises at least one of: organization, department of ownership, job and credit rating.
Preferably, step 4, comprises:
step 401: sending the authority certificate to a first user for data calling application;
step 402: if the application is passed, a re-encryption key is generated according to the first private key and the second public key;
step 403: and if the application is not passed, refusing the second user to read the data in the plaintext.
The invention provides a data hosting and sharing system based on a block chain, which comprises:
module M1: deploying an identity verification intelligent contract and a re-encryption intelligent contract on the bottom layer block chain;
module M2: encrypting a data plaintext by using a first public key of a first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain;
module M3: obtaining a second user's authority certificate for reading the data of the data plaintext through an identity authentication mechanism and an identity authentication intelligent contract;
module M4: sending the authority certificate to the first user to generate a re-encryption key according to a first private key of the first user and a second public key of a second user;
module M5: calling a re-encryption intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encryption key;
module M6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
Preferably, the module M3, comprises:
submodule M301: sending the first verification content to the second user through the identity verification mechanism;
submodule M302: sending the second verification content to an identity verification mechanism for verification, wherein the second verification content is generated by the second user according to the first verification content;
submodule M303: if the verification fails, the second user continues to apply for data reading, or refuses to read the data of the data plaintext by the second user;
submodule M304: and if the verification is passed, sending the decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
Preferably, the submodule M304 includes:
unit D3041: calling an identity authentication intelligent contract to authenticate the decentralized identity;
unit D3042: if the verification is passed, acquiring an authority certificate;
unit D3043: and if the verification is not passed, the data reading of the second user is refused.
Preferably, the first authentication content comprises at least one of: organization, department of ownership, job and credit rating.
Preferably, the module M4, comprises:
submodule M401: sending the authority certificate to a first user for data calling application;
submodule M402: if the application is passed, a re-encryption key is generated according to the first private key and the second public key;
submodule M403: and if the application is not passed, refusing the second user to read the data in the plaintext.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention changes the personal epidemic prevention information of the user from the plaintext into the ciphertext by adopting a symmetric encryption mode, and then stores the ciphertext on the block chain, thereby solving the problem of information leakage when the block chain is attacked maliciously and ensuring the safety of data storage.
2. According to the method, a Decentralized Identity (DID) is acquired under the chain, and the work of processing a large number of Identity attributes is transferred to the under-chain mode, so that the block chain congestion problem is solved, the on-chain expansion is realized, the information processing amount of the block chain per second is increased, and the efficient expansion of each region epidemic prevention work is accelerated.
3. The invention adopts the intelligent contract for identity authentication to replace the mode of manual verification, thereby solving the possibility that manual authentication calculation errors occur and malicious nodes forge identity DID authority certificates.
4. The invention ensures point-to-point transmission of the private data in the sharing process by adopting the proxy re-encryption contract, and only the node which obtains permission of the data owner can unlock the ciphertext acquisition information, thereby solving the ownership problem of the private data and ensuring that a user individual really has the data privacy use right.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of the non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
Fig. 1 is a schematic flow chart of the present invention, and as shown in fig. 1, the present invention provides a data hosting and sharing method based on a block chain, including:
step 1: and deploying the identity verification intelligent contract and the re-encryption intelligent contract on the bottom layer block chain.
Specifically, a bottom layer block chain is firstly established, and then an authentication intelligent contract for authentication and a heavy encryption intelligent contract for agent heavy encryption are deployed on the bottom layer block chain.
The identity authentication is an operation of judging whether a certain node on the block chain has the authority of calling other private data, and the certain node on the block chain is a second user for data reading application in the invention.
Step 2: and encrypting the data plaintext by using a first public key of the first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain.
Specifically, a first user locally generates a first public key and a first private key for managing personal data plaintext on an underlying block chain.
Wherein the first public key is stored locally and the first private key is stored on the underlying layer blockchain.
Specifically, a first public key is used for encrypting a data plaintext of a first user to obtain a first ciphertext, and the first ciphertext is sent to a bottom layer block chain for storage.
The data may be private data, such as epidemic prevention data, among others.
And step 3: and obtaining the authority certification of the second user for reading the data in the data plaintext through the identity authentication mechanism and the identity authentication intelligent contract.
Preferably, step 3, comprises: step 301: sending the first verification content to the second user through the identity verification mechanism; step 302: sending the second verification content to an identity verification mechanism for verification, wherein the second verification content is generated by a second user according to the first verification content; step 303: if the verification fails, the second user continues to apply for data reading, or the second user refuses to read the data of the data plaintext; step 304: and if the verification is passed, sending the decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
Preferably, step 304, comprises: step 3041: calling an identity authentication intelligent contract to authenticate the decentralized identity; step 3042: if the verification is passed, acquiring an authority certificate; step 3043: and if the verification is not passed, the data reading of the second user is refused.
Preferably, the first authentication content comprises at least one of: organization, department of ownership, job and credit rating.
The department of correlation is used as an authoritative authentication authority in the invention.
Specifically, the identity authentication mechanism sends first authentication content of the identity attribute to the second user under the link, and the first authentication content is set as: { organization, department of ownership, job title, credit rating }.
Wherein the organization is a relevant department of a national or local government.
And further, the second user performs data filling according to the first verification content to obtain second verification content, the second verification content is returned to the identity verification mechanism, the identity verification mechanism verifies the second verification inner cylinder, if the second verification inner cylinder passes the verification, the identity verification mechanism generates DID (differential identification) to be returned to the second user, and if the second verification inner cylinder does not pass the verification, the second user continues to apply for data reading or the identity verification mechanism directly refutes the second user to read the data of the data plaintext.
Further specifically, the second user sends the DID to the underlying block chain, and invokes the intelligent contract for authentication, the authentication is passed, the authority certificate is obtained, and if the authentication is not passed, the data reading of the second user is directly rejected.
And 4, step 4: and sending the authority certificate to the first user so as to generate a re-encryption key according to a first private key of the first user and a second public key of the second user.
Preferably, step 4, comprises: step 401: sending the authority certificate to a first user for data calling application; step 402: if the application is passed, a re-encryption key is generated according to the first private key and the second public key; step 403: and if the application is not passed, refusing the second user to read the data in the plaintext.
Specifically, after the first user confirms the authority certification, the re-encryption key is generated according to the first private key and the second public key of the second user.
And the second public key and the second private key of the second user are generated locally at the second user, and the second private key is stored on the underlying layer block chain.
Preferably, the proof of authority carries the second public key.
It can be known that the second user initiates a data call application to the first user by obtaining the authority certification of the data reading authority through the steps 3 and 4.
And 5: and calling the re-encryption intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encryption key.
Specifically, a first user sends a first ciphertext and a re-encryption key to a re-encryption intelligent contract encrypted by an agent, a second ciphertext is obtained through secondary encryption, the second ciphertext is issued to the network, and consensus confirmation is obtained
Step 6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
Specifically, the second user synchronization network obtains a second ciphertext, and decrypts the second ciphertext with a second private key to obtain the data plaintext of the first user.
The invention provides a data hosting and sharing system based on a block chain, which comprises:
module M1: and deploying the identity verification intelligent contract and the re-encryption intelligent contract on the bottom layer block chain.
Module M2: and encrypting the data plaintext by using a first public key of the first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain.
Module M3: and obtaining the authority certification of the second user for reading the data in the data plaintext through the identity authentication mechanism and the identity authentication intelligent contract.
Preferably, the module M3, comprises:
submodule M301: the first authentication content is sent to the second user through the authentication mechanism.
Submodule M302: and sending the second verification content to an identity verification mechanism for verification, wherein the second verification content is generated by the second user according to the first verification content.
Submodule M303: and if the verification fails, the second user continues to apply for data reading, or refuses to read the data of the data plaintext by the second user.
Submodule M304: and if the verification is passed, sending the decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
Preferably, the submodule M304 includes:
unit D3041: and calling an identity authentication intelligent contract to authenticate the decentralized identity.
Unit D3042: and if the verification is passed, acquiring the authority certificate.
Unit D3043: and if the verification is not passed, the data reading of the second user is refused.
Preferably, the first authentication content comprises at least one of: organization, department of ownership, job and credit rating.
Module M4: and sending the authority certificate to the first user so as to generate a re-encryption key according to a first private key of the first user and a second public key of the second user.
Preferably, the module M4, comprises:
submodule M401: and sending the authority certificate to the first user for data calling application.
Submodule M402: and generating a re-encryption key according to the first private key and the second public key after the application is passed.
Submodule M403: and if the application is not passed, refusing the second user to read the data in the plaintext.
Module M5: and calling the re-encryption intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encryption key.
Module M6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention changes the personal epidemic prevention information of the user from the plaintext into the ciphertext by adopting a symmetric encryption mode, and then stores the ciphertext on the block chain, thereby solving the problem of information leakage when the block chain is attacked maliciously and ensuring the safety of data storage.
2. According to the method, a Decentralized Identity (DID) is acquired under the chain, and the work of processing a large number of Identity attributes is transferred to the under-chain mode, so that the block chain congestion problem is solved, the on-chain expansion is realized, the information processing amount of the block chain per second is increased, and the efficient expansion of each region epidemic prevention work is accelerated.
3. The invention adopts the intelligent contract for identity authentication to replace the mode of manual verification, thereby solving the possibility that manual authentication calculation errors occur and malicious nodes forge identity DID authority certificates.
4. The invention ensures point-to-point transmission of the private data in the sharing process by adopting the proxy re-encryption contract, and only the node which obtains permission of the data owner can unlock the ciphertext acquisition information, thereby solving the ownership problem of the private data and ensuring that a user individual really has the data privacy use right.
Those skilled in the art will appreciate that, in addition to implementing the systems, apparatus, and individual modules thereof provided by the present invention in purely computer readable program code, the same procedures can be implemented entirely by logically programming method steps into logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules that perform various functions may also be considered to be either software programs that implement the methods or structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. A data hosting and sharing method based on a block chain is characterized by comprising the following steps:
step 1: deploying an identity verification intelligent contract and a re-encryption intelligent contract on the bottom layer block chain;
step 2: encrypting a data plaintext by using a first public key of a first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain;
and step 3: obtaining the authority certification of the second user for reading the data of the data plaintext through an identity authentication mechanism and the identity authentication intelligent contract;
and 4, step 4: sending the authority certificate to the first user to generate a re-encryption key according to a first private key of the first user and a second public key of the second user;
and 5: calling the re-encrypted intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encrypted key;
step 6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
2. The method according to claim 1, wherein the step 3 comprises:
step 301: sending, by the authentication mechanism, first authentication content to the second user;
step 302: sending the second verification content to the identity verification mechanism for verification, wherein the second verification content is generated by the second user according to the first verification content;
step 303: if the verification fails, the second user continues to apply for data reading, or refuses to read the data of the data plaintext by the second user;
step 304: and if the verification is passed, sending a decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
3. The blockchain-based data hosting and sharing method according to claim 2, wherein the step 304 comprises:
step 3041: calling the intelligent contract for identity authentication to authenticate the decentralized identity;
step 3042: if the verification is passed, acquiring the authority certificate;
step 3043: and if the verification is not passed, rejecting the data reading of the second user.
4. The blockchain-based data hosting and sharing method according to claim 2, wherein the first verification content includes at least one of: organization, department of ownership, job and credit rating.
5. The method according to claim 1, wherein the step 4 comprises:
step 401: sending the authority certificate to the first user for data calling application;
step 402: if the application is passed, the re-encryption key is generated according to the first private key and the second public key;
step 403: and if the application is not passed, refusing the second user to read the data of the data plaintext.
6. A blockchain-based data hosting and sharing system, comprising:
module M1: deploying an identity verification intelligent contract and a re-encryption intelligent contract on the bottom layer block chain;
module M2: encrypting a data plaintext by using a first public key of a first user to generate a first ciphertext, and storing the first ciphertext on the bottom layer block chain;
module M3: obtaining the authority certification of the second user for reading the data of the data plaintext through an identity authentication mechanism and the identity authentication intelligent contract;
module M4: sending the authority certificate to the first user to generate a re-encryption key according to a first private key of the first user and a second public key of the second user;
module M5: calling the re-encrypted intelligent contract to obtain a second ciphertext according to the first ciphertext and the re-encrypted key;
module M6: and sending the second ciphertext to the second user to obtain the data plaintext according to a second private key of the second user.
7. The blockchain-based data hosting and sharing system according to claim 6, wherein the module M3 comprises:
submodule M301: sending, by the authentication mechanism, first authentication content to the second user;
submodule M302: sending the second verification content to the identity verification mechanism for verification, wherein the second verification content is generated by the second user according to the first verification content;
submodule M303: if the verification fails, the second user continues to apply for data reading, or refuses to read the data of the data plaintext by the second user;
submodule M304: and if the verification is passed, sending a decentralized identity to the second user so that the second user can obtain the authority certificate according to the decentralized identity and the identity verification intelligent contract.
8. The system according to claim 5, wherein the submodule M304 comprises:
unit D3041: calling the intelligent contract for identity authentication to authenticate the decentralized identity;
unit D3042: if the verification is passed, acquiring the authority certificate;
unit D3043: and if the verification is not passed, rejecting the data reading of the second user.
9. The blockchain-based data hosting and sharing system of claim 7, wherein the first verification content includes at least one of: organization, department of ownership, job and credit rating.
10. The blockchain-based data hosting and sharing system according to claim 1, wherein the module M4 comprises:
submodule M401: sending the authority certificate to the first user for data calling application;
submodule M402: if the application is passed, the re-encryption key is generated according to the first private key and the second public key;
submodule M403: and if the application is not passed, refusing the second user to read the data of the data plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111628525.6A CN114297593A (en) | 2021-12-28 | 2021-12-28 | Data hosting and sharing method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111628525.6A CN114297593A (en) | 2021-12-28 | 2021-12-28 | Data hosting and sharing method and system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114297593A true CN114297593A (en) | 2022-04-08 |
Family
ID=80972251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111628525.6A Pending CN114297593A (en) | 2021-12-28 | 2021-12-28 | Data hosting and sharing method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114297593A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844695A (en) * | 2022-04-28 | 2022-08-02 | 华能招标有限公司 | Service data circulation method, system and related equipment based on block chain |
-
2021
- 2021-12-28 CN CN202111628525.6A patent/CN114297593A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844695A (en) * | 2022-04-28 | 2022-08-02 | 华能招标有限公司 | Service data circulation method, system and related equipment based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106548345B (en) | Method and system for realizing block chain private key protection based on key partitioning | |
| CN106973036B (en) | Block chain privacy protection method based on asymmetric encryption | |
| CN1714529B (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
| CN112926051B (en) | Multi-party security computing method and device | |
| JPH06223041A (en) | Rarge-area environment user certification system | |
| CN1694395A (en) | Data authentication method and agent based system | |
| CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
| CN112632574A (en) | Multi-mechanism data processing method and device based on alliance chain and related equipment | |
| CN114297593A (en) | Data hosting and sharing method and system based on block chain | |
| CN105656635A (en) | Dynamic password generation method and device and authentication method and system | |
| CN110719167A (en) | Block chain-based signcryption method with timeliness | |
| CN109587115B (en) | Safe distribution and use method of data files | |
| US6983369B2 (en) | Authentication system, and contents-information sender and receiver | |
| CN106992978A (en) | Network safety managing method and server | |
| CN108667800B (en) | Access authority authentication method and device | |
| CN114268437A (en) | Data processing method, block chain node, system and computer readable storage medium | |
| Feng et al. | Autonomous Vehicles' Forensics in Smart Cities | |
| CN116112185A (en) | Private data sharing method based on blockchain and zero knowledge proof | |
| CN115348054A (en) | Block chain data proxy re-encryption model based on IPFS | |
| US8239678B2 (en) | Method for combining data to be processed with a data-specific apparatus, and apparatus and computer program for implementing the method | |
| CN210745178U (en) | Identity authentication system | |
| JP2004320174A (en) | Authentication system, authentication apparatus, and authentication method | |
| CN112906032A (en) | File secure transmission method, system and medium based on CP-ABE and block chain | |
| Hsiao et al. | An implementation of efficient hierarchical access control method for VR/AR platform | |
| CN107872421B (en) | Node authentication method and system and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |