CN114363013A - Supervision-friendly block chain content privacy protection system, message sending method and query method - Google Patents

Abstract

The invention provides a supervision-friendly block chain content privacy protection system, a message sending method and a query method. The system mainly comprises a server and a client, wherein the server is positioned on an Ethernet platform and is realized in an intelligent contract mode and is responsible for providing key agreement, key management, encrypted data storage, user query processing and third-party supervision functions; the client side uses the browser as a carrier and combines common Etherhouse wallet application to realize local encryption and decryption of content, interacts with a contract of the server side, initiates actions such as transaction and the like, and provides friendly sending and inquiring interfaces for users and third-party supervisors. The invention solves the problem of user privacy protection on the block chain, and can provide a communication mode of encrypted transmission for the user; meanwhile, the content on the block chain can be supervised, and the supervision-friendly encryption transmission on the block chain is realized under the condition of not influencing normal user communication.

Description

Supervision-friendly block chain content privacy protection system, message sending method and query method

Technical Field

The invention relates to the technical field of computer information security, mainly relates to an Ether house block chain, and particularly relates to a supervision-friendly block chain content privacy protection system, a message sending method and a query method.

Background

Blockchain 2.0 enters the programmable financial phase. At this stage, the blockchain system infiltrates the economic, financial and capital markets, forming intelligent contracts for stocks, bonds, futures, loans, mortgages, property rights, intelligent property, and the like. Besides building a currency system, the blockchain has numerous application cases in the field of ubiquitous finance. For example, the core of smart contracts is the execution of contracts by program algorithms instead of humans, these contracts containing three basic elements: the automatic combination and mutual coordination of assets, processes and systems can be realized through the exchange of offers, commitments and values.

Compared with centralized service, the characteristics of the block chain bring the advantages of high safety and strong credibility of the system, and meanwhile, great challenges are brought to the supervision and compliance of data on the chain. First, anonymous transactions on the chain are difficult to audit, thereby bringing about transaction risks, such as money laundering, illegal transactions, etc.; secondly, decentralized uplink data is difficult to monitor, which may result in incorrect uplink of illegal information, such as illegal uplink of information; finally, the data on the link is difficult to modify, so that the data or illegal information of the wrong link cannot be cleared, and adverse social effects can be brought.

In the face of new technology, supervision always lags behind. Generally, the block chain involves a difficult technology and a complex operation mechanism, and the characteristics of natural exclusion supervision brought by decentralization of the block chain cause great difficulty in supervision.

Disclosure of Invention

The invention provides a supervision-friendly block chain content privacy protection system, a message sending method and a query method, which are used for solving or at least partially solving the technical problem that effective supervision cannot be realized while user privacy is protected in the prior art.

In order to solve the above technical problem, a first aspect of the present invention provides a supervision-friendly blockchain content privacy protection system, including a server and a client,

the server is positioned on the Etherhouse platform and is realized in an intelligent contract mode, and the intelligent contract monitoring system comprises a first communication module, a first encryption and decryption management module and a supervision authority management module, wherein the first communication module is used for receiving sending messages and query messages of a client, the first encryption and decryption management module is used for storing and managing encrypted data, and the supervision authority management module is used for verifying user authority and providing super administrator authority for an authorized third party;

the client uses a browser as a carrier, the browser is provided with an Ethenhouse wallet application, the Ethenhouse wallet application comprises a second communication module and a second encryption and decryption management module, the second communication module is used for sending messages to the server and sending query messages, the second encryption and decryption management module is used as a user agent, a channel for safe transmission of a user and a server paper towel is established, and transparent local encryption and decryption work is conducted on the user, wherein the Ethenhouse wallet application can execute transfer transactions in the Ethenhouse and can interact with an Ethenhouse platform, the browser can load a client source file code in a JavaScript form, and a client file is operated and functions of the client are tested.

In one embodiment, the first encryption and decryption management module comprises a first key management unit and an encryption and decryption data management unit, wherein the encryption and decryption data management unit is used for performing key agreement with the client communication process and performing encryption and decryption operations on data to be transmitted, and the first key management unit is used for managing keys which need to be generated and used in one communication process.

In one embodiment, the encryption and decryption data management unit is specifically configured to employ a symmetric encryption algorithm in combination with an asymmetric encryption algorithm, to encrypt and decrypt the message content using the symmetric algorithm, and to encrypt and decrypt the key used by the symmetric algorithm using the asymmetric algorithm.

In one embodiment, the supervisory authority management module is implemented as a white list, and sets an authorized super administrator ether house address in advance before deployment, and determines an initial super administrator list in a hard-coded manner.

In one embodiment, the authority verification result of the supervision authority management module is a common user and a super manager, the authority of the common user is to inquire the message sent by the common user, and the authority of the super manager comprises to inquire the message sent by any user and inquire a super manager list.

In one implementation, the second encryption and decryption management module comprises a user interaction unit and a second key management unit, wherein the user interaction unit is used for interacting with a user in a webpage form, acquiring information input by the user and returning an operation result to the user; and the second key management unit is used for managing keys which need to be generated and used in one communication process.

Based on the same inventive concept, a second aspect of the present invention provides a message sending method based on the system of the first aspect, including:

the client acquires the message content and the address of a receiver, generates a first session key used by the session, and symmetrically encrypts the message content by using the first session key;

the client acquires a public key from the server and asymmetrically encrypts a first session key used by the session;

the client side sends the encrypted first session key, the encrypted message content and the first receiver address to the server side;

and performing uplink storage on the session record, wherein the session record comprises the encrypted first session key, the encrypted message content, the address of a receiver and the address of a sender, and the address of the receiver and the address of the sender are the address of the EtherFang account.

Based on the same inventive concept, a third aspect of the present invention provides a query method based on the system of the first aspect, including:

the client acquires a sender address and query parameters required to be queried and filled by a user, generates a public and private key pair required to be used in the query, and sends the sender address, the query parameters and a public key required to be queried to the server;

after receiving the query request, the server first verifies whether the user has the right to query the corresponding message, and if not, the server rejects the request;

when the user has the right to inquire the corresponding message, the server side searches the corresponding history message record on the chain, selects the corresponding inquiry result set according to the inquiry parameters, decrypts the second pair of session keys by using the private key of the server side, re-encrypts the second session keys by using the public key transmitted from the client side, and returns the inquiry result set and the encrypted second session keys to the client side;

the client decrypts the encrypted second session key by using the corresponding private key, decrypts the query result set by using the decrypted second session key, and displays the plaintext content of the decrypted query result set to the user on the webpage.

One or more technical solutions in the embodiments of the present application have at least one or more of the following technical effects:

firstly, in the aspect of supervision, through uniqueness and openness of a blockchain address, unforgeability of an authorized third party is guaranteed, user permission is automatically managed through the form of an intelligent contract, and whether a user has permission to acquire private content or not is automatically identified. Through the mode of interacting with the contract, an authorized supervision third party can inquire the communication record of any time among any users, and supervision friendliness is fully achieved.

Secondly, in the aspect of privacy protection, the whole system operates based on the block chain, and on the premise of fully utilizing the safety of the block chain, the safety of the method is further enhanced by combining various encryption algorithms.

Thirdly, in the development aspect, a traditional communication server is not required to be additionally built, and only a client for operation is required to be provided for a user; data are all linked to be stored, automatic management is carried out by an intelligent contract, and the data security and integrity are guaranteed by the non-tampering property of the block chain.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a flow chart of a user sending a message in an embodiment of the present invention;

FIG. 2 is a flow chart of a user query message in an embodiment of the present invention;

FIG. 3 is a block diagram of a framework for a supervisory-friendly blockchain content privacy protection system in an embodiment of the present invention;

FIG. 4 is a diagram of a user messaging interface in an embodiment of the invention;

FIG. 5 is a diagram of a user query message usage interface in an embodiment of the invention;

FIG. 6 is a diagram of an interface used by a supervisor to perform a message query in an embodiment of the present invention.

Detailed Description

The inventor of the application finds out through a great deal of research and practice that: block chains have wide application in various fields. For example, in the financial field, the blockchain technology can improve the settlement efficiency of transactions, reduce the transaction cost, and effectively solve the problems of lack of trust of each party, low transaction efficiency and the like in the financial application scene. The block chain technology introduced in the industrial field can connect various devices at the upstream and downstream of the industrial chain, help enterprises, manufacturers, raw material suppliers and supervision departments to establish a trust system, and improve the safety of production and manufacturing. In the logistics field, the data of all logistics participants are connected and recorded into a block chain network, so that the problem of tracing the source of commodities can be effectively solved. In the government affair field, the block chain provides a distributed and multi-scenario solution for interconnection and intercommunication of government affair data, so that government service authority and responsibility are more definite, coordination work of cross-region and cross-department is smoother, and people can handle affairs more conveniently.

Based on this, how to compromise privacy protection and supervision is crucial in future blockchain development. On one hand, the supervision mechanism needs to process illegal data in the blockchain network from the aspects of prevention, detection, tracking, responsibility pursuit and the like, on the other hand, the supervision mechanism also needs to protect the privacy information of legal users, and a pair of spears for privacy protection and supervision is used for seeking balance to establish a controllable supervision system for protecting the privacy of honest users and tracking the information of illegal users.

However, in the face of new technology, supervision always lags behind. Generally, the block chain involves a difficult technology and a complex operation mechanism, and the characteristics of natural exclusion supervision brought by decentralization of the block chain cause great difficulty in supervision. The block chain technology needs to deeply analyze the mechanism and adopts unconventional supervision measures.

The technical problem to be solved by the invention is as follows: the safe communication method based on the block chain is provided, only two communication parties can know the communication content, and the privacy of the two communication parties is effectively protected; and meanwhile, an authorized third-party super manager can check all communication records on the chain and supervise the communication content of the common user.

The main concept of the invention is as follows:

the block chain content privacy protection method which is friendly to supervision is provided, decentralized application of the block chain is used as a carrier, and a supervision function is provided for a third party under the condition that encrypted communication of two parties is realized by compiling an intelligent contract. The system mainly comprises a server and a client, wherein the server is positioned on an Ethernet platform and is realized in an intelligent contract mode and is responsible for providing key agreement, key management, encrypted data storage, user query processing and third-party supervision functions; the client side uses the browser as a carrier and combines common Etherhouse wallet application to realize local encryption and decryption of content, interacts with a contract of the server side, initiates actions such as transaction and the like, and provides friendly sending and inquiring interfaces for users and third-party supervisors. The invention solves the problem of user privacy protection on the block chain, and can provide a communication mode of encrypted transmission for the user; meanwhile, the content on the block chain can be supervised, and under the condition that normal user communication is not influenced, the user communication content can be checked by supervision departments such as national governments, enterprise institutions and the like, so that supervision-friendly encrypted transmission on the block chain is realized.

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example one

The embodiment of the invention provides a supervision-friendly block chain content privacy protection system, which comprises a server side and a client side,

the server is positioned on the Etherhouse platform and is realized in an intelligent contract mode, and the intelligent contract monitoring system comprises a first communication module, a first encryption and decryption management module and a supervision authority management module, wherein the first communication module is used for receiving sending messages and query messages of a client, the first encryption and decryption management module is used for storing and managing encrypted data, and the supervision authority management module is used for verifying user authority and providing super administrator authority for an authorized third party;

the client uses a browser as a carrier, the browser is provided with an Ethenhouse wallet application, the Ethenhouse wallet application comprises a second communication module and a second encryption and decryption management module, the second communication module is used for sending messages to the server and sending query messages, the second encryption and decryption management module is used as a user agent, a channel for safe transmission of a user and a server paper towel is established, and transparent local encryption and decryption work is conducted on the user, wherein the Ethenhouse wallet application can execute transfer transactions in the Ethenhouse and can interact with an Ethenhouse platform, the browser can load a client source file code in a JavaScript form, and a client file is operated and functions of the client are tested.

Generally, the server is used for providing core functions such as authority check, data management and the like; the client serves as a user agent, establishes a channel for the secure transmission between the user and the server, and performs transparent local encryption and decryption work for the user. The browser is used for providing a client running environment; the Ethenhouse block chain platform is used for providing a service end running environment; the server is deployed on the Etherhouse blockchain platform in the form of an intelligent contract, and the client is installed in the browser as a software module framework.

The usage process of the supervision-friendly blockchain content privacy protection system comprises the following steps:

200) a user starts a browser;

210) a user logs in an own Ether house account in a wallet application of a browser;

220) a user loads a browser client program;

230) the common user can interact with the client on the webpage and select to send messages or inquire messages;

240) the authorized third-party super administrator can select to execute all operations of the ordinary users and can also inquire the historical information of any user to supervise the content;

250) the authorized third-party super administrator can inquire the super administrator list recorded by the current server.

In one embodiment, the first encryption and decryption management module comprises a first key management unit and an encryption and decryption data management unit, wherein the encryption and decryption data management unit is used for performing key agreement with the client communication process and performing encryption and decryption operations on data to be transmitted, and the first key management unit is used for managing keys which need to be generated and used in one communication process.

In one embodiment, the encryption and decryption data management unit is specifically configured to employ a symmetric encryption algorithm in combination with an asymmetric encryption algorithm, to encrypt and decrypt the message content using the symmetric algorithm, and to encrypt and decrypt the key used by the symmetric algorithm using the asymmetric algorithm.

In one embodiment, the supervisory authority management module is implemented as a white list, and sets an authorized super administrator ether house address in advance before deployment, and determines an initial super administrator list in a hard-coded manner.

In one embodiment, the authority verification result of the supervision authority management module is a common user and a super manager, the authority of the common user is to inquire the message sent by the common user, and the authority of the super manager comprises to inquire the message sent by any user and inquire a super manager list.

In one implementation, the second encryption and decryption management module comprises a user interaction unit and a second key management unit, wherein the user interaction unit is used for interacting with a user in a webpage form, acquiring information input by the user and returning an operation result to the user; and the second key management unit is used for managing keys which need to be generated and used in one communication process.

As shown in fig. 3, the server communication module is a first communication module, the server encryption and decryption management module is a first encryption and decryption management module, and the server key management module is a first key management module. The client communication module is a second communication module, the encryption and decryption module of the client is a second encryption and decryption management module, and the key management module of the client is a first key management module.

The server needs to realize the storage and management of encrypted data; realizing key negotiation in the communication process with the client, and carrying out encryption and decryption operation on the content to be transmitted; receiving a message sent by a user and storing the information uplink; receiving a query request (query message) from a client, querying a corresponding record in a database through a request address (an address of a message sender) and a requester address (an address of a message receiver) and responding; the authority management of the user is realized, the request authentication from the user is realized, and the unauthorized operation is prevented.

The service end user authority management (supervision authority management) is realized in a white list mode, an authorized super manager Ethernet room address is preset before deployment, and an initial super manager list is determined in a hard coding mode.

After receiving the message sent by the user, the server needs to store the uplink of the communication record, and needs to store the address of the sender, the address of the receiver, the encrypted symmetric key used by the record, and the information content of the record encrypted by the symmetric key.

The server needs to provide the function of user inquiry information, inquires all communication records of the user in the history record for the inquiry request sent by the common user, and determines the returned inquiry result set according to the inquiry parameters of the user; for the inquiry request sent by the authorized third-party super administrator, whether the user has the real super administrator authority or not needs to be confirmed in a white list, if so, a corresponding inquiry result set is returned, otherwise, the request is rejected.

The server side needs to decrypt the symmetric key by using the private key of the server side when returning the query result, and then re-encrypts the symmetric key by using the public key of the user during query so as to ensure the transmission safety.

The server needs to be able to receive a query request for the white list from an authorized third-party hypervisor.

As shown in fig. 3, the client needs to run on a browser, interact with the user in a web page form, and need to obtain user input and return an operation result to the user; the encryption and decryption process transparent to the user needs to be realized, the content security in the communication process of the user is guaranteed, and the privacy of the user is protected; the information sending and information inquiring functions need to be provided for common users, and the information inquiring and white list inquiring functions need to be provided for authorized third-party super administrators.

When a client sends a message, firstly, a sender address and a receiver address are obtained from a page, a random symmetric session key used for secondary use is generated, and the symmetric key is used for encrypting the content to be sent by a user; and then, encrypting the session key used this time by using the public key of the server, and finally sending the session key, the encrypted content and the receiver address I to the server.

When the client side inquires information, the inquiry parameters provided for the common user comprise the quantity and the inquiry starting value, namely the sequence number value descending according to time.

When the client side carries out the function of inquiring information by a user, firstly, a random public and private key pair required to be used by the request is generated, after a sender address and a serial number required to be inquired by the user are obtained, the public key and information required by the user (the sender address and the serial number required to be inquired, namely inquiry parameters) are sent to a contract together, after a response of the contract is received, the obtained session key is decrypted by using a corresponding private key, then, the content is decrypted by using the decrypted session key, and finally, the content plaintext is returned to the user.

According to the method, regarding the server side, the basic functions of the server side comprise receiving messages sent by users, encrypting and decrypting message contents, receiving user inquiry message requests, verifying user authority and providing super administrator authority for authorized third parties. The encryption and decryption algorithm of the server side combines a symmetric encryption algorithm and an asymmetric encryption algorithm, the symmetric algorithm is used for encrypting and decrypting the message content, and the asymmetric algorithm is used for encrypting and decrypting a key used by the symmetric algorithm. The server side has a public key of the server side, and the public key can be obtained by the client side and used for encrypting a symmetric key used for encrypting the content. The request of the server for receiving the user inquiry message comprises a common user request and an authorized third-party super administrator request. The user authority verification of the server side comprises verification of a common user and verification of an authorized third-party super administrator. The super administrator authority of the server side comprises the inquiry of the message sent by any user and the inquiry of a super administrator list.

As for the client, the functions of the client comprise the functions of sending messages and inquiring messages for common users; the functions of the client comprise functions of providing all functions of a common user for a super administrator, inquiring any user information and inquiring a super administrator list.

The use method of the block chain content privacy protection system based on supervision friendliness comprises the following steps:

100) a user logs in an own Ether house account in a wallet application on a browser;

110) a user browser loads a client program;

120) the user can send a message to another user by using the basic function of the client through the webpage client

130) The user can also inquire the message sent to the user by the user through the webpage client;

140) the authorized third-party super manager can initiate query requests to all user messages to realize the supervision of the content;

150) the authorized third-party super administrator can inquire the super administrator list;

wherein, 120) after the user sends the message, and 130) before inquiring the corresponding message, the method further comprises:

121) the transmitted content is stored on the server-side intelligent contract;

122) after initiating a query message request, the server side verifies the user authority;

123) if the authority is inquired, the server side uses the symmetric key used by the asymmetric key encryption message of the inquiry user, and returns the encrypted message and the encryption key to the client side;

124) the client side carries out symmetric key decryption and message content decryption on the browser side for a user;

125) the browser client displays the content to a user;

wherein 100) the ether house wallet account represents the unique identifier of the user, and the user sends a message and inquires the message through the ether house block chain address of the wallet and the intelligent contract of the service end;

120) the information inquiry function used by the common user can only inquire the information sent to the user;

130) the message inquiring function used by the super administrator can inquire the message of all the users stored in the server.

In a word, the invention can use a series of symmetric and asymmetric encryption algorithms to ensure the safety and privacy protection of data between two communication parties, and through the symmetric encryption message content and the asymmetric encryption symmetric key, the invention can ensure the data safety and the system operation efficiency, and based on a block chain platform, the invention also ensures the integrity and the non-tampering property of the data; meanwhile, the intelligent contract is utilized to realize the process of storing and supervising the message, a safe and reliable block chain communication platform can be provided for the user, and meanwhile, a supervisor can supervise the content of the user, so that the propagation of bad information is avoided. The invention fully combines the characteristics of the block chain, is simple and easy to implement, is convenient for developing a test prototype system, has lower use threshold for developers and users, and can quickly understand the use method and use the platform for communication. This is of great significance for applications and blockchain networks.

Example two

Based on the same inventive concept, the embodiment provides a message sending method based on a supervision-friendly block chain content privacy protection system, which includes:

the client acquires the message content and the address of a receiver, generates a first session key used by the session, and symmetrically encrypts the message content by using the first session key;

the client acquires a public key from the server and asymmetrically encrypts a first session key used by the session;

the client side sends the encrypted first session key, the encrypted message content and the first receiver address to the server side;

and performing uplink storage on the session record, wherein the session record comprises the encrypted first session key, the encrypted message content, the receiver address and the sender address.

Referring to fig. 1, a flow chart of a message sending process for a user according to an embodiment of the present invention is shown, wherein concepts and related meanings of characters referred to in fig. 1 are shown in table 1.

TABLE 1

Field(s)	Means of
		addr	Recipient address
Key management	Means that the client code manages the key to be generated and used in one communication
		Sk	Session key used in communication
M	Content plaintext to be transmitted by user
		C	Ciphertext of M after Sk encryption
Contract public key	Public key contracted for client use
		E(Sk)	Session key encrypted using a contract public key
Encryption database	Database for storing three contents of addr, E (Sk) and C

Referring to fig. 2, a flow chart of a user query message according to an embodiment of the present invention is shown, wherein concepts and related meanings of characters involved in fig. 2 are shown in table 2.

TABLE 2

In the specific implementation process, the process of sending the message by the client is as follows:

100) a user starts a client program of a browser;

110) a user logs in an Ether house 'wallet' application in a browser by using an Ether house account;

120) user fills in content to be sent and Ether house address of receiver in web page

130) After confirming sending on the webpage, the client acquires the message content and the address of the receiver filled by the user;

140) the client generates a session key to be used by the message sent this time and symmetrically encrypts the content of the message sent this time;

150) the client acquires a public key from the server and asymmetrically encrypts the session key used at this time;

160) the client sends the message content of the user, the encrypted session key and the receiver address to the server;

the process of the server side receiving the message sent by the client side comprises the following steps:

100) the server receives the encrypted message content, the encrypted session key and the receiver address sent by the client;

110) the server stores the encrypted message, the encrypted session key, the address of the sender and the address of the receiver in uplink.

Since the method described in the second embodiment of the present invention is implemented based on the supervision-friendly block chain content privacy protection system described in the first embodiment of the present invention, those skilled in the art can understand the variation of the implementation method based on the system described in the first embodiment of the present invention, and thus, the details are not described herein again. All the methods implemented by the system according to the first embodiment of the present invention belong to the protection scope of the present invention.

Example two

Based on the same inventive concept, the embodiment provides that the client acquires the sender address and the query parameters which are required to be queried and are filled by the user, generates a public and private key pair required to be used by the query, and sends the sender address, the query parameters and the public key required to be queried to the server;

after receiving the query request, the server first verifies whether the user has the right to query the corresponding message, and if not, the server rejects the request;

when the user has the right to inquire the corresponding message, the server side searches the corresponding history message record on the chain, selects the corresponding inquiry result set according to the inquiry parameters, decrypts the second pair of session keys by using the private key of the server side, re-encrypts the second session keys by using the public key transmitted from the client side, and returns the inquiry result set and the encrypted second session keys to the client side;

the client decrypts the encrypted second session key by using the corresponding private key, decrypts the query result set by using the decrypted second session key, and displays the plaintext content of the decrypted query result set to the user on the webpage.

In the specific implementation process, the process of inquiring the message by the client is as follows:

100) a user fills a sender address to be inquired and inquiry parameters into a client program on a webpage;

110) the client generates a public and private key pair to be used for the query, and sends a query request and parameters filled by a user and a public key to the server;

120) after receiving the content sent back by the server, decrypting the session key by using the private key paired in the query, then decrypting the content by using the session key, and displaying the plaintext content of the query result to the user on a webpage;

the process of the server side for processing the query message request comprises the following steps:

100) after receiving the query request, the server first verifies whether the user has the right to query the corresponding message, and if not, the server rejects the request;

110) if the query request is a legal user query request with authority, searching a corresponding history message record from the chain, selecting a query result set according to the query parameters, decrypting the session key by using a private key of the server, re-encrypting the session key by using a public key transmitted from the client, and returning the query result set and the encrypted session key to the client.

Referring to fig. 4-6, fig. 4 is a diagram of a user interface for sending messages according to an embodiment of the present invention; FIG. 5 is a diagram of a user query message usage interface in an embodiment of the invention; FIG. 6 is a diagram of an interface used by a supervisor to perform a message query in an embodiment of the present invention.

Since the method described in the second embodiment of the present invention is implemented based on the supervision-friendly block chain content privacy protection system described in the first embodiment of the present invention, those skilled in the art can understand the variation of the implementation method based on the system described in the first embodiment of the present invention, and thus, the details are not described herein again. All the methods implemented by the system based on the first embodiment of the present invention belong to the protection scope of the present invention

The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. The supervision-friendly blockchain content privacy protection system is characterized by comprising a server side and a client side,

the server is positioned on the Etherhouse platform and is realized in an intelligent contract mode, and the intelligent contract monitoring system comprises a first communication module, a first encryption and decryption management module and a supervision authority management module, wherein the first communication module is used for receiving sending messages and query messages of a client, the first encryption and decryption management module is used for storing and managing encrypted data, and the supervision authority management module is used for verifying user authority and providing super administrator authority for an authorized third party;

the client uses a browser as a carrier, the browser is provided with an Ethenhouse wallet application, the Ethenhouse wallet application comprises a second communication module and a second encryption and decryption management module, the second communication module is used for sending messages to the server and sending query messages, the second encryption and decryption management module is used as a user agent, a channel for safe transmission of a user and a server paper towel is established, and transparent local encryption and decryption work is conducted on the user, wherein the Ethenhouse wallet application can execute transfer transactions in the Ethenhouse and can interact with an Ethenhouse platform, the browser can load a client source file code in a JavaScript form, and a client file is operated and functions of the client are tested.

2. The blockchain content privacy protection system of claim 1, wherein the first encryption/decryption management module includes a first key management unit and an encryption/decryption data management unit, wherein the encryption/decryption data management unit is configured to perform key agreement with a client communication process and perform encryption/decryption operations on data to be transmitted, and the first key management unit is configured to manage keys that need to be generated and used in a communication process.

3. The blockchain content privacy protection system of claim 2, wherein the encryption and decryption data management unit is specifically configured to employ a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, to encrypt and decrypt message content using the symmetric algorithm, and to encrypt and decrypt a key used by the symmetric algorithm using the asymmetric algorithm.

4. The blockchain content privacy protection system of claim 1 wherein the supervisory authority management module is implemented as a white list, and wherein authorized super administrator etherhouse addresses are pre-set prior to deployment, and wherein an initial super administrator list is determined in a hard-coded manner.

5. The system of claim 1, wherein the administrative privilege management module verifies the privileges of the general users and the super administrators, the general users have privileges to query messages sent by themselves, and the super administrators have privileges to query messages sent by any user and query a list of super administrators.

6. The system according to claim 1, wherein the second encryption/decryption management module includes a user interaction unit and a second key management unit, the user interaction unit is configured to interact with the user in a web form, obtain information input by the user, and return an operation result to the user; and the second key management unit is used for managing keys which need to be generated and used in one communication process.

7. A message sending method based on the system of any one of claims 1 to 6, comprising:

the client acquires the message content and the address of a receiver, generates a first session key used by the session, and symmetrically encrypts the message content by using the first session key;

the client acquires a public key from the server and asymmetrically encrypts a first session key used by the session;

the client side sends the encrypted first session key, the encrypted message content and the first receiver address to the server side;

and performing uplink storage on the session record, wherein the session record comprises the encrypted first session key, the encrypted message content, the address of a receiver and the address of a sender, and the address of the receiver and the address of the sender are the address of the EtherFang account.

8. A query method based on the system of any one of claims 1 to 6, comprising:

the client acquires a sender address and query parameters required to be queried and filled by a user, generates a public and private key pair required to be used in the query, and sends the sender address, the query parameters and a public key required to be queried to the server;

after receiving the query request, the server first verifies whether the user has the right to query the corresponding message, and if not, the server rejects the request;

when the user has the right to inquire the corresponding message, the server side searches the corresponding history message record on the chain, selects the corresponding inquiry result set according to the inquiry parameters, decrypts the second pair of session keys by using the private key of the server side, re-encrypts the second session keys by using the public key transmitted from the client side, and returns the inquiry result set and the encrypted second session keys to the client side;

the client decrypts the encrypted second session key by using the corresponding private key, decrypts the query result set by using the decrypted second session key, and displays the plaintext content of the decrypted query result set to the user on the webpage.

Images