CN115048670A - Encryption and evidence storage method, device and equipment based on block chain and storage medium - Google Patents

Encryption and evidence storage method, device and equipment based on block chain and storage medium Download PDF

Info

Publication number
CN115048670A
CN115048670A CN202210633353.XA CN202210633353A CN115048670A CN 115048670 A CN115048670 A CN 115048670A CN 202210633353 A CN202210633353 A CN 202210633353A CN 115048670 A CN115048670 A CN 115048670A
Authority
CN
China
Prior art keywords
user terminal
user
public key
certificate
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210633353.XA
Other languages
Chinese (zh)
Inventor
王耿
顾费勇
曹崇瑞
胡志敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202210633353.XA priority Critical patent/CN115048670A/en
Publication of CN115048670A publication Critical patent/CN115048670A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an encryption and evidence-saving method, an apparatus, a device and a storage medium based on a block chain, wherein the encryption and evidence-saving method is applied to the block chain system, and specifically comprises the following steps: the first user terminal acquires a second user public key of the second user terminal from the certificate storing system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. By the method, the key can be directly shared between the upper monitoring terminal and the user terminal through the block chain, so that the checking efficiency of the upper monitoring terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.

Description

Encryption and evidence storage method, device and equipment based on block chain and storage medium
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method, an apparatus, a device, and a storage medium for encrypting and storing a certificate based on a blockchain.
Background
The block chain is a distributed shared account book and a database, and has the characteristics of decentralization, no tampering, trace retaining in the whole process, traceability, collective maintenance, openness and transparency and the like. Based on the characteristics, when the existing storage system based on the block chain stores the certificate information of the user terminal, the certificate information is usually stored in a plaintext, and the certificate information cannot be encrypted; or after the user terminal encrypts the certificate storing information based on the own secret key, the encrypted certificate storing information is stored.
At the moment, when plaintext storage is carried out on the certificate storing information, the common user terminal can also access the certificate storing information, so that the information security performance of the certificate storing information is low; when the user terminal stores the certificate storing information encrypted based on the own secret key, the private key cannot be stored in the public platform, so that the user terminal cannot directly share the secret key with a superior supervision terminal through a block chain, and the superior supervision terminal is inconvenient to check the certificate storing information of the user terminal.
Disclosure of Invention
In view of this, an object of the present application is to provide an encryption and certificate storage method, apparatus, device and storage medium based on a block chain, so that a superior monitoring terminal and a user terminal can directly share a secret key through the block chain, and on the basis of ensuring information security of certificate storage information, the checking efficiency of the superior monitoring terminal on the certificate storage information is improved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
In a first aspect, an embodiment of the present application provides an encryption and credential storage method based on a block chain, where the encryption and credential storage method is applied to a block chain system, where the block chain system includes a credential storage system and a plurality of user terminals, and the encryption and credential storage method includes:
the first user terminal acquires a second user public key of the second user terminal from the deposit certificate system; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
In an optional embodiment, the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; and the second user public key is determined according to a second block chain address of the second user terminal in the block chain system.
In an optional implementation manner, the encrypting the to-be-stored-certificate information according to the second user public key and the first user private key of the first user terminal includes:
generating a first symmetric secret key according to the second user public key and a first user private key of the first user terminal;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
In an optional embodiment, after the storing the target credential information and the first user public key of the first user terminal in the credential system, the encrypted credential storing method further includes:
the second user terminal acquires the target certificate storing information and the first user public key from the certificate storing system;
decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information;
and checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
In an optional implementation manner, after the first user terminal obtains the second user public key of the second user terminal from the credentialing system, the encryption credentialing method further includes:
the first user terminal acquires a second blockchain address of the second user terminal in the blockchain system;
verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
In an optional implementation manner, after the storing the target deposit certificate information and the first user public key of the first user terminal in the deposit certificate system, the encrypted deposit certificate method further includes:
the second user terminal obtains the first user public key from the storage system;
verifying the first user public key according to a first blockchain address of the first user terminal in the blockchain system to obtain a verification result of the first user public key;
and when the verification result of the first user public key meets the verification passing condition, determining that the first user terminal is the target checking object.
In a second aspect, an embodiment of the present application provides an encryption and evidence saving device based on a blockchain, which is applied to a blockchain system, where the blockchain system includes an evidence saving system and a plurality of user terminals, and the encryption and evidence saving device includes:
the first obtaining unit is used for obtaining a second user public key of a second user terminal from the certificate storing system through the first user terminal; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
the encryption unit is used for encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and the storage unit is used for storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
In a third aspect, an embodiment of the present application provides a blockchain system, where the blockchain system includes a credit system and a plurality of user terminals, where a first user terminal in the blockchain system is configured to:
acquiring a second user public key of a second user terminal from the certificate storage system; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
In a fourth aspect, the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the above encryption certification method based on a block chain when executing the computer program.
In a fifth aspect, the present application provides a computer-readable storage medium, where a computer program is stored, where the computer program is executed by a processor to perform the steps of the above-mentioned encryption and authentication method based on a blockchain.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
the embodiment of the application provides an encryption and evidence saving method based on a block chain, which is applied to a block chain system, and specifically comprises the following steps: the first user terminal acquires a second user public key of the second user terminal from the certificate storing system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flowchart illustrating a method for encrypted certificate storage based on a blockchain according to an embodiment of the present application;
fig. 2 is a flowchart illustrating a method for authenticating a second user terminal according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating a method for encrypting information to be certified;
fig. 4 is a flowchart illustrating a method for checking target license information according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a method for authenticating a first user terminal according to an embodiment of the present application;
fig. 6 is a schematic structural diagram illustrating an encryption evidence storing device based on a blockchain according to an embodiment of the present application;
fig. 7 is a schematic structural diagram illustrating a blockchain system according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device 800 according to an embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the term "comprising" will be used in the embodiments of the present application to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
When storing the certificate storing information of a user terminal, the existing storage system based on the block chain usually stores the certificate storing information in a plaintext, and cannot encrypt the certificate storing information; or after the user terminal encrypts the certificate storing information based on the own secret key, the encrypted certificate storing information is stored.
At the moment, when plaintext storage is carried out on the certificate storing information, the common user terminal can also access the certificate storing information, so that the information security performance of the certificate storing information is low; when the user terminal stores the certificate storing information encrypted based on the own secret key, the private key cannot be stored in the public platform, so that the user terminal cannot directly share the secret key with a superior supervision terminal through a block chain, and the superior supervision terminal is inconvenient to check the certificate storing information of the user terminal.
Based on this, an embodiment of the present application provides an encryption and verification method, an apparatus, a device, and a storage medium based on a block chain, where the encryption and verification method is applied in a block chain system, and the encryption and verification method specifically includes: the first user terminal acquires a second user public key of the second user terminal from the certificate storing system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
The following describes a block chain-based encryption and authentication method, apparatus, device, and storage medium provided in an embodiment of the present application in detail.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a block chain-based encrypted certificate storing method according to an embodiment of the present application, where the encrypted certificate storing method includes steps S101-S103; specifically, the method comprises the following steps:
s101, the first user terminal obtains a second user public key of the second user terminal from the certificate storage system.
S102, encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target information to be stored with the certificate.
S103, storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
According to the encryption and certificate storage method based on the block chain, a first user terminal obtains a second user public key of a second user terminal from a certificate storage system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
In the embodiment of the application, the encryption evidence storing method based on the block chain is applied to a block chain system, wherein the block chain system comprises an evidence storing system and a plurality of user terminals, each user terminal can access the evidence storing system on the block chain, and electronic information with storage value is stored in the evidence storing system; two user terminals (e.g., different participant user terminals within the same intelligent contract in the blockchain system) that are trusted with each other may be enabled to perform secure data transmission via the verification system on the blockchain. The embodiments of the present application are not limited to specific terminal types of each ue in the block chain system.
Taking two user terminals (i.e. a first user terminal and a second user terminal) with data transmission requirements in the block chain system as an example, the following respectively exemplifies each step in the above encryption and authentication method based on the block chain provided in the embodiment of the present application:
s101, the first user terminal obtains a second user public key of the second user terminal from the certificate storage system.
Here, the first user terminal is used for representing the user terminal which initiates the certificate storing request to the certificate storing system at the current moment; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system.
For the second user terminal, it should be noted that the second user terminal may be a higher-level supervision terminal of the first user terminal (for example, a user terminal belonging to a supervision and management organization such as a judicial department), or may be a trusted user terminal (equivalent to another user terminal to which the first user terminal gives an access right) that has an intelligent contract with the first user terminal; the embodiment of the present application is not limited to a specific user type corresponding to the second user terminal.
Specifically, in the block chain system, a first user terminal sends a certificate storing request to a certificate storing system, the certificate storing system responds to the certificate storing request, a second user public key pre-stored in an intelligent contract by a second user terminal is obtained from the intelligent contract corresponding to the second user terminal, and the obtained second user public key is sent to the first user terminal; so that the first user terminal can directly obtain the public key of the second user terminal through the storage system on the blockchain without the help of other communication channels.
And S102, encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain the target information to be stored with the certificate.
Here, the second user public key is determined according to a second blockchain address of the second user terminal in the blockchain system.
For the second blockchain address, it should be noted that, when any user terminal accesses the blockchain in the blockchain, the identity on the blockchain is unique, and the unique identity is the blockchain address of the user terminal. Specifically, in the embodiment of the present application, the second blockchain address is equivalent to a corresponding unique identity address when the second user terminal accesses the credit system on the blockchain system; that is, the second blockchain address may uniquely identify the second user terminal from among a plurality of user terminals included in the blockchain system.
Here, the information to be credited is used to characterize the electronic data information that the first user terminal needs to store in the credentialing system.
It should be noted that, in consideration that different types of first user terminals may have different information storage requirements, for example, if the first user terminal is an enterprise-level user terminal, the information to be certified may be electronic information files such as relevant legal certification files, auditing files of business qualification classes, business capability certification files, and the like required for working on enterprise business activities; if the first user terminal is a personal-level user terminal, the card storage information may be an electronic information file such as a personal identification document, an asset document, a academic record document, and the like. Based on this, the embodiment of the present application is not limited to the specific information content of the information to be stored.
S103, storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
Here, the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; similar to the second blockchain address, the first blockchain address may also uniquely identify the first user terminal from a plurality of user terminals included in the blockchain system.
It should be noted that the first user public key and the first user private key are a set of matched key pairs, that is, when the first user terminal encrypts the information to be stored according to the first user private key only, other user terminals can decrypt the encrypted information to be stored only according to the first user public key paired with the first user private key, so as to obtain a plaintext of the information to be stored.
Based on this, in the blockchain system, since the user public key of each user terminal corresponds to the blockchain address where the user terminal can uniquely identify the user terminal identity on the blockchain, each user terminal corresponds to a unique key pair (i.e. a set of mutually matched user public key and user private key), and the unique key pair can also identify the user terminal identity on the blockchain.
Specifically, in the embodiment of the present application, the first user terminal is equivalent to a user terminal corresponding to a credential storing party, and the second user terminal is equivalent to a user terminal corresponding to a verifying party; the first user terminal serving as the certificate depositor encrypts the certificate depositor information needing to be checked by the verifier by using the public key (namely, the second user public key) of the verifier and the user private key (namely, the first user private key) of the first user terminal, and stores the encrypted result of the certificate depositor information into the certificate depositor system on the block chain.
According to the encryption and evidence storage method based on the block chain, on one hand, the encrypted result of the evidence storage information is stored in the evidence storage system, and the plaintext storage of the evidence storage information is not stored; on the other hand, based on the mutual matching between the user public key and the user private key, when the second user terminal as the verifier needs to verify the certificate storing information, the decryption operation of the encrypted information can be realized only by acquiring the first user public key paired with the first user private key from the certificate storing system, and the certificate storing information plaintext which can be used for checking is obtained. Based on this, the embodiment of the application enables the upper monitoring terminal and the user terminal to directly share the secret key through the block chain, so that the checking efficiency of the upper monitoring terminal on the certificate-storing information is improved on the basis of ensuring the information security of the certificate-storing information.
The following detailed description is made for the specific implementation process of the above steps in the embodiments of the present application, respectively:
for the specific implementation of the step S101, in combination with the description of the second blockchain address in the step S101, it can be known that: the second blockchain address can uniquely identify the second user terminal from a plurality of user terminals included in the blockchain system; therefore, the second user public key determined according to the second blockchain address can also perform unique identity identification on the second user terminal from a plurality of user terminals included in the blockchain system.
Based on this, as shown in fig. 2, fig. 2 is a schematic flowchart illustrating a method for authenticating a second user terminal according to an embodiment of the present application, where after step S101 is executed, the method includes steps S201 to S203; specifically, the method comprises the following steps:
s201, the first user terminal obtains a second blockchain address of the second user terminal in the blockchain system.
Specifically, because the first user terminal, the second user terminal, and the authentication system are all located on the same block chain (equivalent to the block chain system), the first user terminal initiates an acquisition request for the second block chain address to the authentication system, and the authentication system responds to the acquisition request, i.e., the second block chain address can be sent to the first user terminal.
S202, verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key.
And S203, when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
For the specific implementation process of the steps S202 to S203, taking the correct user public key corresponding to the second blockchain address D2 as g2 as an example, if the second user public key acquired by the first user terminal before is g5, it may be determined that the second user public key g5 does not satisfy the verification passing condition, and at this time, the first user terminal does not perform the information encryption step in the step S102; if the second user public key previously acquired by the first user terminal is g2, it may be determined that the second user public key g2 meets the verification passing condition, that is, the identity of the second user terminal passes the verification, and at this time, the first user terminal performs the information encryption step in step S102.
For the specific encryption step in the step S102, as shown in fig. 3, fig. 3 is a schematic flowchart illustrating a method for encrypting the information to be stored, provided by the embodiment of the present application, where the method includes steps S301 to S302; specifically, the method comprises the following steps:
s301, generating a first symmetric key according to the second user public key and the first user private key of the first user terminal.
S302, the information to be stored with the certificate is encrypted according to the first symmetric secret key, and the target information to be stored with the certificate is obtained.
Here, regarding the above steps S301 to S302, it should be noted that:
the first symmetric key is generated in a non-unique manner, for example, a splicing result of the public key of the second user and the private key of the first user may be directly used as the first symmetric key, or a relatively complex ECDH (Elliptic Curve differential-Hellman key Exchange) algorithm may be used to generate the corresponding first symmetric key according to the public key of the second user and the private key of the first user. The embodiment of the present application is not limited to a specific generation algorithm type for generating the first symmetric key according to the second user public key and the first user private key.
Here, after the foregoing steps S101 to S103 are executed, in this embodiment of the application, the second user terminal as the verifier may further perform a verification on the target authentication information stored in the authentication system by the first user terminal based on the following steps:
in an alternative implementation, as shown in fig. 4, fig. 4 is a schematic flowchart illustrating a method for checking target certificate storing information according to an embodiment of the present application, where the method includes steps S401 to S403; specifically, the method comprises the following steps:
s401, the second user terminal obtains the target certificate storing information and the first user public key from the certificate storing system.
Specifically, taking a second user terminal as a terminal corresponding to a judicial department as an example, in a block chain system, when the judicial department needs to check target certificate-storing information stored in a first user terminal, the judicial department can send an information checking request to a certificate-storing system through the second user terminal, the certificate-storing system responds to the information checking request, and obtains the target certificate-storing information and a first user public key, which are previously stored in an intelligent contract by the first user terminal, from the intelligent contract corresponding to the first user terminal, and sends the obtained target certificate-storing information and the obtained first user public key to the second user terminal; the second user terminal can directly obtain the public key and the target certificate storage information of the first user terminal through the certificate storage system on the block chain without the aid of other communication channels.
S402, decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information.
Here, since the second user private key is matched with the second user public key and the first user public key is matched with the first user private key, based on the symmetry between the encryption step and the decryption step, the second user terminal can perform a corresponding decryption step on the target certificate storage information encrypted according to the second user private key and the first user public key, thereby obtaining the plaintext of the target certificate storage information.
And S403, checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
For example, taking the target certificate storing information as the business license information of the target enterprise a corresponding to the first user terminal as an example, if the second user terminal checks the plaintext of the target certificate storing information and determines that the business license of the target enterprise a is expired, a reminding message may be sent to the target enterprise a to prompt the target enterprise a to update the business license as soon as possible.
Here, similar to steps S201 to S203, after the steps S101 to S103 are performed, in the embodiment of the present application, the second user terminal as the verifying party may further perform identity verification on the first user terminal based on the following steps, specifically:
in an alternative implementation, as shown in fig. 5, fig. 5 is a schematic flowchart illustrating a method for authenticating a first user terminal according to an embodiment of the present application, where after step S103 is performed, the method includes steps S501-S503; specifically, the method comprises the following steps:
s501, the second user terminal obtains the first user public key from the certificate storing system.
S502, verifying the first user public key according to the first block chain address of the first user terminal in the block chain system to obtain a verification result of the first user public key.
And S503, when the verification result of the first user public key is determined to meet the verification passing condition, determining that the first user terminal is the target checking object.
Here, the implementation of the above steps S501 to S503 is similar to the above steps S201 to S203, and the repetition is not repeated here.
According to the encryption and storage method based on the block chain, the first user terminal obtains the second user public key of the second user terminal from the storage system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. By the method, the key can be directly shared between the upper monitoring terminal and the user terminal through the block chain, so that the checking efficiency of the upper monitoring terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
Based on the same inventive concept, the present application further provides an encryption and evidence saving device corresponding to the above encryption and evidence saving method based on the block chain, and as the principle of solving the problem of the encryption and evidence saving device in the embodiment of the present application is similar to that of the above encryption and evidence saving method based on the block chain in the embodiment of the present application, the implementation of the encryption and evidence saving device can refer to the implementation of the above encryption and evidence saving method, and repeated parts are not described again.
Referring to fig. 6, fig. 6 is a schematic structural diagram illustrating an encryption and certification storing device based on a blockchain according to an embodiment of the present disclosure, where the encryption and certification storing device is applied to a blockchain system, where the blockchain system includes a certification storing system and a plurality of user terminals, and the encryption and certification storing device includes:
a first obtaining unit 601, configured to obtain, by a first user terminal, a second user public key of a second user terminal from the certificate storing system; the second user terminal is used for representing the user terminal with access right to the certificate storage information of the first user terminal in the certificate storage system;
an encrypting unit 602, configured to encrypt the to-be-stored-certificate information according to the second user public key and the first user private key of the first user terminal, to obtain target-stored-certificate information;
a storage unit 603, configured to store the target certificate storage information and the first user public key of the first user terminal in the certificate storage system.
In an optional embodiment, the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; and the second user public key is determined according to a second block chain address of the second user terminal in the block chain system.
In an alternative embodiment, the encryption unit 602 is specifically configured to:
generating a first symmetric secret key according to the second user public key and a first user private key of the first user terminal;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
In an optional implementation manner, the encryption and certification device further includes:
the second obtaining unit is used for obtaining the target certificate storing information and the first user public key from the certificate storing system through the second user terminal;
the decryption unit is used for decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information;
and the checking unit is used for checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
In an optional implementation manner, the encryption and certification device further includes:
a third obtaining unit, configured to obtain, by the first user terminal, a second blockchain address of the second user terminal in the blockchain system;
the first verification unit is used for verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and the first determining unit is used for taking the second user public key after passing the verification as the second user public key for encrypting the information to be stored when the verification result of the second user public key meets the verification passing condition.
In an optional implementation manner, the encryption and certification device further includes:
a fourth obtaining unit, configured to obtain the first user public key from the certificate storing system through the second user terminal;
the second verification unit is used for verifying the first user public key according to a first block chain address of the first user terminal in the block chain system to obtain a verification result of the first user public key;
and the second determining unit is used for determining that the first user terminal is the target checking object when the verification result of the first user public key meets the verification passing condition.
By the encryption and certificate storage device based on the block chain, the first user terminal obtains the second user public key of the second user terminal from the certificate storage system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. By the method, the key can be directly shared between the upper monitoring terminal and the user terminal through the block chain, so that the checking efficiency of the upper monitoring terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
Based on the same inventive concept, the present application further provides a block chain system corresponding to the above encryption and evidence saving method based on the block chain, and as the principle of solving the problem of the block chain system in the embodiment of the present application is similar to that of the above encryption and evidence saving method based on the block chain in the embodiment of the present application, the implementation of the block chain system may refer to the implementation of the above encryption and evidence saving method, and repeated parts are not described again.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a blockchain system provided in an embodiment of the present application, where the blockchain system includes a storage system 700 and a plurality of user terminals, where a first user terminal 701 in the blockchain system is configured to:
obtaining a second user public key of a second user terminal 702 from the depository system 700; the second user terminal 702 is configured to represent a user terminal having access right to the certificate storing information of the first user terminal 701 in the certificate storing system 700;
encrypting the information to be stored with the certificate according to the second user public key and a first user private key of the first user terminal 701 to obtain target certificate storing information;
the target certificate storing information and the first user public key of the first user terminal 701 are stored in the certificate storing system 700.
In an optional embodiment, the first user public key is determined according to a first blockchain address of the first user terminal 701 in the blockchain system; the second user public key is determined according to a second blockchain address of the second user terminal 702 in the blockchain system.
In an optional implementation manner, when the information to be certified is encrypted according to the second user public key and the first user private key of the first user terminal 701, the first user terminal 701 is specifically configured to:
generating a first symmetric key according to the second user public key and a first user private key of the first user terminal 701;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
In an alternative embodiment, the second user terminal 702 is configured to:
acquiring the target certificate storing information and the first user public key from the certificate storing system 700;
decrypting the target certificate storing information according to a second user private key of a second user terminal 702 and the first user public key to obtain a plaintext of the target certificate storing information;
and checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
In an alternative embodiment, after obtaining the second user public key of the second user terminal 702 from the depository system 700, the first user terminal 701 is further configured to:
acquiring a second blockchain address of the second user terminal 702 in the blockchain system;
verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
In an optional implementation, the second user terminal 702 is further configured to:
obtaining the first user public key from the depository system 700;
verifying the first user public key according to a first blockchain address of a first user terminal 701 in the blockchain system to obtain a verification result of the first user public key;
and when the verification result of the first user public key meets the verification passing condition, determining that the first user terminal 701 is the target inspection object.
Through the block chain system provided by the embodiment of the application, the first user terminal obtains the second user public key of the second user terminal from the certificate storing system; encrypting the information to be stored with the certificate according to the second user public key and a first user private key of the first user terminal to obtain target certificate storing information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
Fig. 8 is a schematic structural diagram of an electronic device 800 according to an embodiment of the present application, including: a processor 801, a memory 802 and a bus 803, wherein the memory 802 stores machine-readable instructions executable by the processor 801, and when the electronic device 800 executes a block chain-based encryption evidence storing method as in the embodiment, the processor 801 communicates with the memory 802 via the bus 803, and the processor 801 executes the machine-readable instructions, and when the processor 801 executes the machine-readable instructions, the following steps are implemented:
acquiring a second user public key of a second user terminal from the certificate storing system through the first user terminal; the second user terminal is used for representing the user terminal with access right to the certificate storage information of the first user terminal in the certificate storage system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
In an optional embodiment, the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; and the second user public key is determined according to a second block chain address of the second user terminal in the block chain system.
In an optional implementation manner, when the to-be-stored information is encrypted according to the second user public key and the first user private key of the first user terminal, the processor 801 is configured to:
generating a first symmetric secret key according to the second user public key and a first user private key of the first user terminal;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
In an optional embodiment, after storing the target authentication information and the first user public key of the first user terminal in the authentication system, the processor 801 is further configured to:
acquiring the target certificate storage information and the first user public key from the certificate storage system through the second user terminal;
decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information;
and checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
In an optional implementation, after the first user terminal obtains the second user public key of the second user terminal from the authentication system, the processor 801 is further configured to:
acquiring a second blockchain address of the second user terminal in the blockchain system through the first user terminal;
verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
In an optional embodiment, after storing the target credential information and the first user public key of the first user terminal in the credential system, the processor 801 is further configured to:
acquiring the first user public key from the certificate storing system through the second user terminal;
verifying the first user public key according to a first block chain address of the first user terminal in the block chain system to obtain a verification result of the first user public key;
and when the verification result of the first user public key meets the verification passing condition, determining that the first user terminal is the target checking object.
In the above manner, the first user terminal obtains the second user public key of the second user terminal from the certificate storage system; encrypting the information to be stored with the certificate according to the second user public key and a first user private key of the first user terminal to obtain target certificate storing information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
Based on the same inventive concept, the embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program is executed by a processor when the computer program is executed by the processor, where the processor executes the following steps:
acquiring a second user public key of a second user terminal from the certificate storing system through the first user terminal; the second user terminal is used for representing the user terminal with access right to the certificate storage information of the first user terminal in the certificate storage system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
In an optional embodiment, the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; and the second user public key is determined according to a second block chain address of the second user terminal in the block chain system.
In an optional implementation manner, when the to-be-stored information is encrypted according to the second user public key and the first user private key of the first user terminal, the processor is configured to:
generating a first symmetric secret key according to the second user public key and a first user private key of the first user terminal;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
In an optional embodiment, after storing the target authentication information and the first user public key of the first user terminal in the authentication system, the processor is further configured to:
acquiring the target certificate storing information and the first user public key from the certificate storing system through the second user terminal;
decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information;
and checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
In an optional embodiment, after the first user terminal obtains the second user public key of the second user terminal from the vouching system, the processor is further configured to:
acquiring a second blockchain address of the second user terminal in the blockchain system through the first user terminal;
verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
In an optional embodiment, after storing the target authentication information and the first user public key of the first user terminal in the authentication system, the processor is further configured to:
acquiring the first user public key from the certificate storing system through the second user terminal;
verifying the first user public key according to a first blockchain address of the first user terminal in the blockchain system to obtain a verification result of the first user public key;
and when the verification result of the first user public key meets the verification passing condition, determining that the first user terminal is the target checking object.
In the above manner, the first user terminal obtains the second user public key of the second user terminal from the certificate storage system; encrypting the information to be stored according to the second user public key and the first user private key of the first user terminal to obtain target storage information; and storing the target certificate storing information and the first user public key of the first user terminal into a certificate storing system. Through the mode, the key can be directly shared between the upper supervisory terminal and the user terminal through the block chain, so that the checking efficiency of the upper supervisory terminal on the certificate storage information is improved on the basis of ensuring the information security of the certificate storage information.
In the embodiment of the present application, when being executed by a processor, the computer program may further execute other machine-readable instructions to perform other encryption and verification methods as described in the embodiment, and for the method steps and principles of specific execution, reference is made to the description of the embodiment, which is not described in detail herein.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units into only one type of logical function may be implemented in other ways, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments provided in the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus once an item is defined in one figure, it need not be further defined and explained in subsequent figures, and moreover, the terms "first", "second", "third", etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the present disclosure, which should be construed in light of the above teachings. Are intended to be covered by the scope of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An encryption and evidence storing method based on a block chain is applied to a block chain system, the block chain system comprises an evidence storing system and a plurality of user terminals, and the encryption and evidence storing method comprises the following steps:
the first user terminal acquires a second user public key of the second user terminal from the deposit certificate system; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
2. The encrypted certificate storing method according to claim 1, wherein the first user public key is determined according to a first blockchain address of the first user terminal in the blockchain system; and the second user public key is determined according to a second block chain address of the second user terminal in the block chain system.
3. The encryption and deposit certificate method of claim 1, wherein the encrypting the information to be deposited certificate according to the second user public key and the first user private key of the first user terminal comprises:
generating a first symmetric secret key according to the second user public key and a first user private key of the first user terminal;
and encrypting the information of the certificate to be stored according to the first symmetric secret key to obtain the information of the target certificate to be stored.
4. The encrypted certificate storing method according to claim 1, wherein after storing the target certificate storing information and the first user public key of the first user terminal in the certificate storing system, the encrypted certificate storing method further comprises:
the second user terminal acquires the target certificate storing information and the first user public key from the certificate storing system;
decrypting the target certificate storing information according to a second user private key of the second user terminal and the first user public key to obtain a plaintext of the target certificate storing information;
and checking the plaintext of the target certificate storing information to obtain an information checking result aiming at the target certificate storing information.
5. The encrypted credentialing method of claim 2, wherein after the first user terminal obtains the second user public key of the second user terminal from the credentialing system, the encrypted credentialing method further comprises:
the first user terminal acquires a second blockchain address of the second user terminal in the blockchain system;
verifying the second user public key according to the second block chain address to obtain a verification result of the second user public key;
and when the verification result of the second user public key meets the verification passing condition, taking the second user public key after the verification passing as the second user public key for encrypting the information to be stored.
6. The encrypted certificate storing method according to claim 2, wherein after storing the target certificate storing information and the first user public key of the first user terminal in the certificate storing system, the encrypted certificate storing method further comprises:
the second user terminal obtains the first user public key from the storage system;
verifying the first user public key according to a first blockchain address of the first user terminal in the blockchain system to obtain a verification result of the first user public key;
and when the verification result of the first user public key meets the verification passing condition, determining that the first user terminal is the target checking object.
7. The utility model provides an encryption deposit certificate device based on block chain which characterized in that is applied to block chain system, block chain system includes deposit certificate system and a plurality of user terminal, the encryption deposit certificate device includes:
the first obtaining unit is used for obtaining a second user public key of a second user terminal from the certificate storing system through the first user terminal; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
the encryption unit is used for encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and the storage unit is used for storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
8. A blockchain system, the blockchain system comprising a witness system and a plurality of user terminals, wherein a first user terminal in the blockchain system is configured to:
acquiring a second user public key of a second user terminal from the certificate storage system; the second user terminal is used for representing the user terminal with access right to the certificate storing information of the first user terminal in the certificate storing system;
encrypting the information to be stored with the certificate according to the second user public key and the first user private key of the first user terminal to obtain target certificate storing information;
and storing the target certificate storing information and the first user public key of the first user terminal into the certificate storing system.
9. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is operating, the machine-readable instructions when executed by the processor performing the steps of the cryptographic credentialing method of any one of claims 1 to 6.
10. A computer-readable storage medium, having stored thereon a computer program for performing, when executed by a processor, the steps of the cryptographic authentication method according to any one of claims 1 to 6.
CN202210633353.XA 2022-06-06 2022-06-06 Encryption and evidence storage method, device and equipment based on block chain and storage medium Pending CN115048670A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210633353.XA CN115048670A (en) 2022-06-06 2022-06-06 Encryption and evidence storage method, device and equipment based on block chain and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210633353.XA CN115048670A (en) 2022-06-06 2022-06-06 Encryption and evidence storage method, device and equipment based on block chain and storage medium

Publications (1)

Publication Number Publication Date
CN115048670A true CN115048670A (en) 2022-09-13

Family

ID=83160272

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210633353.XA Pending CN115048670A (en) 2022-06-06 2022-06-06 Encryption and evidence storage method, device and equipment based on block chain and storage medium

Country Status (1)

Country Link
CN (1) CN115048670A (en)

Similar Documents

Publication Publication Date Title
US11588637B2 (en) Methods for secure cryptogram generation
JP6524347B2 (en) Information sharing system
EP3590223B1 (en) Integrated method and device for storing and sharing data
CN107851253B (en) Contract consensus method, consensus verification method, contract consensus system, consensus verification device, contract consensus device, computer-readable recording medium
CA3017858C (en) Certificate issuing system based on block chain
US9397839B2 (en) Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (IGCP/PKI)
CN112437938A (en) System and method for block chain address and owner verification
CN102782694A (en) Transaction auditing for data security devices
CN111160909B (en) Hidden static supervision system and method for blockchain supply chain transaction
US20210241270A1 (en) System and method of blockchain transaction verification
WO2018088475A1 (en) Electronic authentication method and program
CN112699353B (en) Financial information transmission method and financial information transmission system
CN114580029A (en) Block chain digital asset privacy protection method, device, equipment and storage medium
US20210306135A1 (en) Electronic device within blockchain based pki domain, electronic device within certification authority based pki domain, and cryptographic communication system including these electronic devices
US20230237437A1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
WO2021134897A1 (en) Blockchain supply chain transaction hidden dynamic supervision system and method
JP2010231404A (en) System, method, and program for managing secret information
US20230259899A1 (en) Method, participant unit, transaction register and payment system for managing transaction data sets
US11943210B2 (en) System and method for distributed, keyless electronic transactions with authentication
CN109818965A (en) Personal verification device and method
CN112347516A (en) Asset certification method and device based on block chain
CN114358932A (en) Authentication processing method and device
CN111369251B (en) Block chain transaction supervision method based on user secondary identity structure
CN115048670A (en) Encryption and evidence storage method, device and equipment based on block chain and storage medium
EP3035589A1 (en) Security management system for authenticating a token by a service provider server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination