CN115118485A - Method and device for acquiring data based on block chain - Google Patents
Method and device for acquiring data based on block chain Download PDFInfo
- Publication number
- CN115118485A CN115118485A CN202210722354.1A CN202210722354A CN115118485A CN 115118485 A CN115118485 A CN 115118485A CN 202210722354 A CN202210722354 A CN 202210722354A CN 115118485 A CN115118485 A CN 115118485A
- Authority
- CN
- China
- Prior art keywords
- data
- blockchain
- private key
- transaction
- management device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the specification provides a method and a device for acquiring data based on a block chain. The first data stored in the block chain is obtained by performing attribute encryption based on a master public key of the management device and a preset policy. A specific implementation method of the method comprises the following steps: user equipment uploads user information to a block chain; the management equipment acquires the user information from the block chain, determines an attribute label of a user based on the user information, generates a sub private key of the user based on the attribute label, a main public key of the management equipment and a main private key of the management equipment, and uploads the sub private key to the block chain; the user equipment acquires the sub private key and the first data from the block chain, decrypts the first data by using the sub private key, and successfully decrypts the first data to obtain second data when the attribute tag conforms to the preset strategy.
Description
Technical Field
The embodiment of the specification belongs to the technical field of block chains, and particularly relates to a method and a device for acquiring data based on a block chain.
Background
A block chain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. In the block chain system, data blocks are combined into a chain data structure in a sequential connection mode according to a time sequence, and a distributed account book which is not falsifiable and counterfeitable is ensured in a cryptographic mode. Because the blockchain has the characteristics of decentralization, information non-tampering, autonomy and the like, the blockchain is also paid more and more attention and is applied by people.
Blockchains are changing industries, and compared with a traditional data management system, blockchains allow parties to manage and share stored data together under the condition that the parties are not trusted with each other, and because data is backed up at each party, the situation that the stored data is modified is avoided. However, some information that may be intangible assets, such as Intellectual Property (IP), proprietary technology, etc., may involve security issues for the information when the presentation and transaction on the blockchain is performed after the digitization of the assets on the blockchain. The data owner does not want the data of the owner to be displayed to other participants in a whole-disk and transparent manner, and the owner needs to be opened after the data is subjected to targeted filtering. Therefore, how to control the participants to read the data in the blockchain has important practical significance and value.
Disclosure of Invention
The embodiment of the specification describes a method and a device for acquiring data based on a block chain, wherein first data stored in the block chain is acquired by performing attribute encryption based on a master public key of a management device and a preset policy, and only user equipment of a user with an attribute tag conforming to the preset policy corresponding to the first data can successfully decrypt the first data to acquire second data, so that control over data reading in the block chain is realized, and the security of the data in the block chain is improved.
According to a first aspect, there is provided a method for obtaining data based on a blockchain, wherein first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of a management device and a preset policy, the method comprising: the user equipment uploads user information to the block chain; the management device acquires the user information from the block chain, determines an attribute tag of a user based on the user information, generates a sub-private key of the user based on the attribute tag, the main public key of the management device and the main private key of the management device, and uploads the sub-private key to the block chain; and the user equipment acquires the sub-private key and the first data from the block chain, decrypts the first data by using the sub-private key, and successfully decrypts the first data to obtain second data when the attribute tag meets the preset strategy.
According to a second aspect, there is provided a method for obtaining data based on a blockchain, which is applied to a blockchain node, wherein first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of a management device and a preset policy, and the method includes: receiving user information, and storing the user information into a block chain; responding to a request sent by a management device, and sending the user information to the management device; receiving a sub private key from the management device, and storing the sub private key in a blockchain, wherein the sub private key is generated based on the user information, a main public key of the management device, and a main private key of the management device; and responding to a request sent by the user equipment, and sending the sub private key and the first data to the user equipment.
According to a third aspect, there is provided an apparatus for obtaining data based on a blockchain, where the apparatus is disposed at a blockchain node, where first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of a management device and a preset policy, the apparatus including: a receiving unit configured to receive user information and store the user information in a block chain; a transmission unit configured to transmit the user information to a management apparatus in response to a request transmitted by the management apparatus; a storage unit configured to receive a sub-private key from the management device, and store the sub-private key in a blockchain, wherein the sub-private key is generated based on the user information, a master public key of the management device, and a master private key of the management device; and the data sending unit is configured to respond to the request sent by the user equipment and send the sub private key and the first data to the user equipment.
According to a fourth aspect, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method as described in any one of the implementations of the second aspect.
According to a fifth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory stores executable code, and the processor executes the executable code to implement the method as described in any implementation manner of the second aspect.
According to the method and the device for acquiring data based on the blockchain provided by the embodiment of the specification, the first data stored in the blockchain is acquired by performing attribute encryption based on the master public key of the management device and a preset policy, and the specific method comprises the following steps: first, the ue uploads user information to the blockchain. And then, the management equipment acquires the user information from the block chain, determines an attribute label of the user based on the user information, generates a sub private key of the user based on the attribute label, the main public key of the management equipment and the main private key of the management equipment, and uploads the sub private key of the user to the block chain. And finally, the user equipment acquires the sub-private key and the first data from the block chain, decrypts the first data by using the sub-private key, and successfully decrypts the first data to obtain second data when the attribute tag meets a preset strategy. Therefore, only the user equipment of the user with the attribute tag in accordance with the preset strategy corresponding to the first data can successfully decrypt the first data to obtain the second data, so that the data reading in the block chain is controlled, and the safety of the data in the block chain is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 illustrates a block chain architecture diagram in one embodiment;
FIG. 2 shows a schematic diagram of one application scenario in which embodiments of the present specification may be applied;
FIG. 3 shows a timing diagram of one example of multiple participant devices interacting with a blockchain before reading data to the blockchain;
FIG. 4 shows a schematic diagram of a preset strategy;
FIG. 5 illustrates a timing diagram of a method of obtaining data based on a blockchain, according to one embodiment;
FIG. 6 is a diagram illustrating an example of a user device applying for a new attribute tag from a management device;
fig. 7 shows a schematic block diagram of an apparatus for acquiring data based on a blockchain according to one embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
The block chain technology is a special distributed database technology designed by artificial bitcoin (a digital currency) with a certain name of 'Zhongxiong', is suitable for storing simple data which have precedence relationship and can be verified in a system, and the data is ensured to be not falsified and forged by using cryptography and consensus algorithm. To further illustrate the blockchain technique, FIG. 1 illustrates a blockchain architecture diagram in one embodiment. In the block chain architecture diagram shown in fig. 1, for example, 6 nodes are included in the block chain 100. The lines between the nodes schematically represent P2P (Peer-to-Peer) connections. The nodes may have a full ledger stored on them, i.e. the status of all blocks and all accounts. Wherein each node in the blockchain can generate the same state in the blockchain by performing the same transaction, and each node in the blockchain can store the same state database. It is to be understood that although fig. 1 illustrates 6 nodes included in the blockchain, embodiments of the present specification are not limited thereto and may include other numbers of nodes. Specifically, the nodes included in the block chain can meet the Byzantine Fault Tolerance (BFT) requirement. The byzantine fault tolerance requirement can be understood as that byzantine nodes can exist in a block chain, and the block chain does not show the byzantine behavior to the outside. Generally, some Byzantine Fault-tolerant algorithms require the number of nodes to be greater than 3f +1, where f is the number of Byzantine nodes, such as the practical Byzantine Fault-tolerant algorithm pbft (practical Byzantine Fault tolerance).
A transaction in the blockchain domain may refer to a unit of task that is performed in the blockchain and recorded in the blockchain. The transaction typically includes a send field (From), a receive field (To), and a Data field (Data). Where the transaction is a transfer transaction, the From field indicates the address of the account From which the transaction was initiated (i.e., From which a transfer task To another account was initiated), the To field indicates the address of the account From which the transaction was received (i.e., From which a transfer was received), and the Data field includes the transfer amount. In the case of a transaction calling an intelligent contract in a blockchain, a From field represents an account address for initiating the transaction, a To field represents an account address of the contract called by the transaction, and a Data field includes Data such as a function name in the calling contract and incoming parameters To the function, so as To obtain code of the function From the blockchain and execute the code of the function when the transaction is executed.
The block chain may provide the functionality of an intelligent contract. An intelligent contract on a blockchain is a contract that can be executed on a blockchain system triggered by a transaction. An intelligent contract may be defined in the form of code. The intelligent contract is called in the Ethernet workshop, and a transaction pointing to the intelligent contract address is initiated, so that each node in the Ethernet workshop network runs the intelligent contract code in a distributed mode. It should be noted that, in addition to the creation of the smart contracts by the users, the smart contracts may also be set by the system in the creation block. Such contracts are generally referred to as foundational contracts. In general, the data structure, parameters, attributes and methods of some blockchains may be set in the startup contract. Further, an account with system administrator privileges may create a contract at the system level, or modify a contract at the system level (simply referred to as a system contract). Wherein the system contract is usable to add data structures for different services in a blockchain.
In the scenario of contract deployment, for example, Bob sends a transaction containing information to create an intelligent contract (i.e., a deployment contract) into the blockchain as shown in fig. 1, the data field of the transaction includes the code (e.g., bytecode or machine code) of the contract to be created, and the to field of the transaction is null to indicate that the transaction is for contract deployment. After the agreement is achieved among the nodes through a consensus mechanism, a contract address '0 x6f8ae93 …' of the contract is determined, each node adds a contract account corresponding to the contract address of the intelligent contract in a state database, allocates a state storage corresponding to the contract account, and stores a contract code in the state storage of the contract, so that the contract creation is successful.
In the scenario of invoking a contract, for example, Bob sends a transaction for invoking a smart contract into the blockchain as shown in fig. 1, where the from field of the transaction is the address of the account of the transaction initiator (i.e., Bob), and "0 x6f8ae93 …" in the to field represents the address of the invoked smart contract, and the data field of the transaction includes the method and parameters for invoking the smart contract. After the transaction is identified in the blockchain, each node in the blockchain can execute the transaction respectively, so that the contract is executed respectively, and the state database is updated based on the execution of the contract.
As described above, in some scenarios, the data owner of the data on the blockchain does not want to expose the data of the owner to other participants in a full disk and transparently, and needs to open the filtered data targeted by the participants.
Therefore, the embodiments of the present disclosure provide a method for obtaining data based on a blockchain, so as to implement control on data reading in the blockchain and improve the security of the data in the blockchain. As an example, fig. 2 shows a schematic diagram of one application scenario in which embodiments of the present specification may be applied. As shown in fig. 2, in the present application scenario, a plurality of participant devices of the blockchain 100, such as a management device 201, a data owner device 202, a user device 203, and the like, may be included. Among them, the management device 201 may refer to a device used by a regulatory body. The data owner device 202 may refer to a device used by a copyright owner of information such as intellectual property rights, patents, trademarks, etc., where the intellectual property rights may include copyrights, patents, trademarks, etc. The user equipment 203 may refer to a device used by a user who wants to read data on the blockchain. Each participant device may be provided with an encryption system, for example, a CP-ABE (ciphertext policy based attribute encryption) encryption system, where a ciphertext of the CP-ABE corresponds to an access policy, and a key corresponds to an attribute set, and the ciphertext may be decrypted only when an attribute in the attribute set can satisfy the access policy. The first data stored in the blockchain 100 may be obtained by the data owner device 202 performing attribute encryption by using the master public key of the management device 201 and a preset policy, and the data owner device 202 uploads the obtained first data to the blockchain 100. User device 203 may upload user information to blockchain 100, after which management device 201 may obtain the user information from blockchain 100 and determine an attribute tag of the user based on the user information, generate a sub-private key of the user based on the attribute tag, the main public key, and the main private key, and upload a user identification of the user in association with the sub-private key to blockchain 100. In this way, the user device 203 may obtain the sub-private key and the first data from the blockchain 100, and attempt to decrypt the first data using the sub-private key, and in a case that the attribute tag conforms to the preset policy, the decryption may be successful, and the second data may be obtained.
With continued reference to fig. 3, fig. 3 illustrates a timing diagram of one example of multiple participant devices interacting with a blockchain prior to reading data from the blockchain. In the example shown in fig. 3, the participant devices interacting with the blockchain 100 include a management device 201 and a data owner device 202, each of which may be provided with a CP-ABE encryption system.
The specific interaction process may be as follows:
s301, the management apparatus 201 generates a master public key and a master private key. As one example, the management device 201 may generate the master public key and the master private key by calling the Setup function of the CP-ABE encryption system. As another example, a secure multiparty computation may also be employed to generate a master public key and a master private key, where the master private key is commonly maintained by multiple management devices 201, and the multiple management devices 201 participate in computation at the same time when the master private key is needed. The calculation process may be as follows: CPABE _ Setup (msk, mpk), where mpk may represent the master public key and msk may represent the master private key.
S302, the management apparatus 201 uploads the master public key to the blockchain 100. For example, the management device 201 may send a transaction to any blockchain node of the blockchain 100, which may invoke a data curation contract C1 (hereinafter abbreviated as contract C1) in the blockchain to upload the master public key to the blockchain. Wherein the contract may be deployed by the management device 201 into the blockchain for administration of data, administration of data access, and the like. The above-mentioned blockchain node, after receiving the transaction, sends the transaction to other nodes in the blockchain, so that each node in the blockchain can execute the transaction. Each node of the blockchain stores the master public key into the contract state of the contract by performing the transaction.
S303, the data owner device 202 sends account registration information to the blockchain 100.
S304, the data owner device 202 receives the on-chain account information returned by the blockchain 100. In particular, the data owner device 202 may send a transaction to the blockchain 100, which may invoke the contract C1 to register an External Owned Accounts (EOA) with the blockchain. The nodes of the blockchain execute the transaction, generate on-chain account information, and return the on-chain account information to the data owner device 202. The blockchain may store the generated account information of the data owner under the contract account. The account registration information may include industry and commerce certification information, enterprise information, an asymmetrically encrypted public key accountPK, and the like. The business information may include a name, an address, a group of customers, a business scope, a category and a scale of goods or services. The business certification information and the enterprise information can also be used for KYC (Know your customer ). The data owner may save the private key accountSK corresponding to the public key accountPK of asymmetric encryption for subsequent transmission of encrypted information. For example, the information included in the account registration information may be concatenated and then subjected to hash calculation, so as to obtain the linked account ID. In particular, the method comprises the following steps of,
accountId=RegisterCopyrightOwner(accountInfo,accountPK)=HASH(accountInfo||accountPK)。
the accountInfo may include, for example, business certification information, enterprise information, and the like.
S305, after the registration is completed, the data owner device 202 may obtain the master public key from the blockchain 100.
Specifically, the data owner device 202 may query the master public key by sending a transaction (or request) invoking the contract C1 to any block chain node that, upon receiving the transaction, obtains the master public key from the state of the contract C1 in accordance with the transaction and returns the master public key to the data owner device 202.
S306, the data owner device 202 generates first data based on the master public key, the information to be uplink, and a preset policy.
Here, the information to be uplink may include information of intellectual property, proprietary technology, and the like. The data owner can set the policy when encrypting according to the need of the data owner, and the policy can stipulate that the data can be decrypted only under the condition that the attribute tags are met. As an example, the structure of policy may be a tree structure. With continued reference to fig. 4, fig. 4 shows a schematic diagram of a preset strategy. Taking the preset policy set by the data owner device 202 as the tree structure shown in fig. 4 as an example, the policy encrypts the first data, and a user who meets the condition of "high credit company" and at least two of the three conditions of "luxury", "cultural trend" and "dress" can decrypt the first data, otherwise, the decryption fails. Here, the data owner device 202 may generate the first data by calling an Encrypt function of the CP-ABE encryption system, specifically:
first data is CPABE _ ENCRYPT (to-be-uplink information, ploicy, mpk).
Thus, the first data can be obtained by performing attribute encryption based on the master public key and the policy.
In some implementations, the data owner device 202 may also generate a hash value for the information to be uplinked and upload the hash value to the blockchain 100 in association with the first data.
S307, the data owner device 202 uploads the first data to the blockchain 100. In particular, data owner device 202 may send a transaction to blockchain 100, which may invoke contract C1 to upload the first data to the blockchain. The nodes of the blockchain perform the transaction, storing the first data into a contract state of contract C1.
Optionally, in step S307, the uploading, by the data owner device, the first data to the block chain may specifically include:
first, the data owner device sends a first transaction to the blockchain, which may invoke contract C1 to upload the first data to the blockchain.
The nodes of the blockchain then perform a first transaction, storing the first data into a contract state of contract C1. As an example, the first data may be stored in a data list of contract C1, which may be used to store data uploaded by the data owner device. With the present implementation, storage of the first data in the contract C1 may be achieved.
In some optional implementations, the method may further include:
1) the management device receives the first data from the blockchain by sending a second transaction to the blockchain that invokes the contract C1.
2) The management device decrypts the first data by using the master private key msk to obtain second data, and checks whether the second data is legal. As an example, the management device may DECRYPT the first data by calling a DECRYPT function of the CP-ABE encryption system to obtain second data, specifically:
the second data is CPABE _ DECRYPT (first data, msk).
After the second data is decrypted, the management apparatus may perform various checks on the second data, for example, check whether the second data contains no speech, an inappropriate image, or the like.
3) If, after checking the second data, the management device determines that the check did not pass, the management device may send a third transaction to the blockchain invoking contract C1, recording the first data as illegal data in the contract state of contract C1. As an example, the hash value of the first data may be recorded in an illegal data list preset in the contract C1, and the illegal data list may contain hash values of a plurality of illegal data.
Optionally, the first transaction sent by the data owner device to the blockchain is further used to upload the first hash value of the second data to the blockchain. Specifically, the data owner device may upload the first hash value of the second data to the blockchain in association with the first data. In this way, the management device checks whether the second data is legal, which may be specifically performed as follows:
first, the management device may acquire a first hash value from the blockchain and calculate a second hash value of the decrypted second data.
Then, it is determined whether the second hash value matches the first hash value. For example, it may be determined whether the second hash value is the same as the first hash value, and if so, it indicates that the second hash value is matched with the first hash value, and the decrypted second data is legal; if not, the second hash value is not matched with the first hash value, and the decrypted second data is illegal. In practice, if the first hash value received by the management device from the blockchain is not the same as the second hash value of the second data decrypted by the management device, it indicates that the second data in the first data is at risk of being tampered, and therefore, in order to ensure data security, the first data is determined to be illegal data. Through the implementation mode, the management equipment can realize the data check through the hash value, and the data security is ensured.
By way of example shown in fig. 3, the registration of the data owner device 202 in the blockchain 100, and the generation, uplink and other steps of the first data can be completed, so as to provide support for the subsequent ue to read data from the blockchain 100.
With continued reference to FIG. 5, FIG. 5 illustrates a timing diagram for a method of obtaining data based on a blockchain, according to one embodiment. It is understood that the method may be performed by the management apparatus 201, the user apparatus 203, the data owner apparatus 202 and the blockchain 100 collectively, wherein the management apparatus, the user apparatus, the data owner apparatus and the blockchain node may be performed by any device, apparatus, platform, apparatus cluster having computing and processing capabilities. As shown in fig. 5, the method for obtaining data based on a block chain may include the following steps:
s501, the user equipment uploads user information to the block chain.
In this embodiment, the user equipment may upload user information to the blockchain, where the user information may be used for account registration. The user information may include industrial and commercial certification information, enterprise information, the asymmetrically encrypted public key accountPK, and the like. The business information may include a name, an address, a group of customers, a business scope, a category and a scale of goods or services. The user device may then receive the on-chain account information returned by the blockchain. It is understood that the registration process of the user device is similar to that of the data owner device, and is not described herein again.
In some optional implementations, the uploading, by the ue, the user information to the blockchain may specifically include: the user equipment uploads user information to the blockchain for user registration or for updating the user information.
S502, the management device obtains the user information from the blockchain. In particular, management device 201 may send a transaction to blockchain 100, which may invoke contract C1 to obtain user information from the blockchain. The nodes of the blockchain execute the transaction and send the user information to the management device.
S503, the management device determines the attribute label of the user based on the user information, and generates the sub private key of the user based on the attribute label, the main public key of the management device and the main private key of the management device.
S504, the management device uploads the sub private key to the block chain. In particular, the management device may send a transaction to blockchain 100, which may invoke contract C1 to upload the child private key to the blockchain. The nodes of the blockchain perform the transaction, storing the child private key into the contract state of contract C1.
In this embodiment, the management device may monitor a registration event of the user equipment on the chain, acquire user information from the blockchain, and determine the attribute tag of the user based on the user information. For example, the management device may extract the attribute tag from the user information. Here, the attribute tags may be a sum of a class of features, for example, enterprise-oriented client groups including elderly, young and middle-aged, young children, students, and so forth; service classes provided by enterprises, including services, restaurants, hotels, tours, and the like; the scale of the enterprise, including small enterprises, medium enterprises, large enterprises, and the like; the types of information that enterprises may wish to read, such as intellectual property information, may include national tide, luxury goods, and so on. Thereafter, the management device may generate a child private key for the user based on the attribute label, the master public key mpk, and the master private key msk. The management device may generate a user-specific sub-private key sk, for example, by calling the KeyGen function of the CP-ABE encryption system, which, in particular,
CPABE _ KeyGen (attribute tag, msk, mpk).
After the management device generates the private sub-key sk specific to the user, the user identifier of the user and the private sub-key may be uploaded to the block chain in an associated manner, so that the user device may obtain the private sub-key from the block chain. Here, the user identification may include an on-chain account identification of the user.
In some optional implementation manners, the uploading the sub-private key to the block chain may be further specifically performed as follows:
firstly, the management device encrypts the sub-private key based on the public key of the blockchain account corresponding to the user device to obtain an encryption result. As an example, the public key of the blockchain account corresponding to the user equipment may be encrypted by using an encryption scheme, for example, an ECIES (integrated encryption scheme), to obtain a first encryption result, and the user equipment may obtain the sub-private key by decrypting the first encryption result. As another example, the attribute tag and the sub-private key may also be encrypted using a public key, resulting in a second encryption result, specifically,
the second encryption result is ECIES _ ENCRYPT (public key, attribute tag, sk corresponding to the user equipment).
The user equipment can obtain the attribute label and the sub private key by decrypting the second encryption result.
And then, the management equipment uploads the encryption result and the user identification of the user to the block chain in a correlation manner, so that the user equipment can obtain the corresponding encryption result from the block chain according to the user identification and decrypt the encryption result to obtain the sub-private key. Through the implementation mode, the sub-private key can be encrypted and then uploaded to the block chain, so that the protection of the sub-private key can be realized, and the safety of the sub-private key is improved.
In actual use, the user equipment 203 can also apply for a new attribute tag from the management equipment 201 at any time based on the blockchain 100. As shown in fig. 6, fig. 6 is a diagram illustrating an example of a user device applying a new attribute tag to a management device.
In the example shown in fig. 6, the process of the user device 203 applying for a new attribute tag to the management device 201 specifically includes the following steps:
s601, the ue 203 uploads the updated user information to the blockchain. The updated user information may include business certification information, enterprise information, and the like.
S602, the management apparatus 201 acquires updated user information from the blockchain. In particular, management device 201 may send a transaction to blockchain 100, which may invoke contract C1 to obtain updated user information from the blockchain. And the nodes of the block chain execute the transaction and send the updated user information to the management equipment.
S603, the management device 201 determines the updated attribute tag of the user based on the updated user information, and generates an updated sub-private key skNew based on the updated attribute tag, the main public key of the management device, and the main private key of the management device. The management device may generate the updated child private key skNew, specifically,
skNew is CPABE _ KeyGen (updated attribute tag, msk, mpk).
S604, the management equipment uploads the updated attribute tag and the updated sub private key skNew to the block chain. In particular, the management device may send a transaction to blockchain 100, which may invoke contract C1 to upload the updated attribute tags and the updated skNew child private key to the blockchain. The nodes of the blockchain perform the transaction, storing the updated attribute tags and the updated child private key skNew in the contract state of contract C1. Therefore, the attribute tag corresponding to the user equipment is updated, and the subsequent user equipment can obtain the updated attribute tag and the updated sub private key skNew from the block chain.
S505, the user equipment acquires the sub private key and the first data from the block chain. In particular, the user device may send a transaction to blockchain 100, which may invoke contract C1 to obtain the child private key and the first data from the blockchain. The node of the blockchain executes the transaction, and sends the sub private key and the first data to the user equipment.
S506, the user equipment decrypts the first data by using the sub-private key, and when the attribute tag meets the preset strategy, the decryption is successful, and second data are obtained.
In this embodiment, the user equipment may obtain the sub-private key and the first data from the blockchain, attempt to decrypt the first data using the sub-private key, and obtain the second data after decryption succeeds when the attribute tag meets the preset policy. Here, the second data is the same as the information to be uplink used when the first data is generated. The user equipment may attempt to Decrypt the first data, for example, by calling a Decrypt function of the CP-ABE encryption system, specifically,
the second data is CPABE _ DECRYPT (first data sk).
And through the Decrypt function, the second data can be obtained only if the attribute tag of the user accords with the strategy of the first data.
Continuing with the preset policy shown in fig. 4 as an example, the policy encrypts the first data that needs to satisfy the condition of "high credit company" and at least two of the three conditions of "luxury", "cultural trend", and "dress" to be decrypted, otherwise, the decryption fails. For example, user a, for which the administrative device assigned attribute tags include "high credit company", "luxury", "hotel", cannot decrypt the first data. As another example, user B, for which the administrative device assigned attribute tags include "high credit company," "luxury," "dress," "national tide," may decrypt the first data to obtain second data.
Reviewing the above process, in the above embodiment of the present specification, the data owner sets a policy in encryption according to its own needs, and performs attribute encryption based on the policy to obtain the first data. During decryption, only the user equipment of the user with the attribute tag in accordance with the preset strategy corresponding to the first data can successfully decrypt the first data to obtain the second data, so that the data reading in the block chain is controlled, and the security of the data in the block chain is improved.
This specification also illustrates a method for obtaining data based on a blockchain, in accordance with one embodiment. The method may be applied to blockchain nodes. Wherein, the block chain node can be executed by any device, equipment, platform and equipment cluster with calculation and processing capability. The method for acquiring data based on the block chain can comprise the following steps:
step one, receiving user information and storing the user information into a block chain.
In the present embodiment, the first data stored in the blockchain is obtained by performing attribute encryption based on the master public key of the management apparatus and a preset policy. The blockchain node may receive user information sent by the user equipment, and store the user information in the blockchain, where the user information may be used for account registration. The user information may include industrial and commercial certification information, enterprise information, the asymmetrically encrypted public key accountPK, and the like. The business information may include a name, an address, a group of customers, a business scope, a category and a scale of goods or services.
In some optional implementations, before step one, the method may further include the following:
first, the blockchain link point may receive a first transaction sent by the data owner device, which may invoke a contract to upload first data to the blockchain.
The block link point may then perform a first transaction, storing the first data into a contract state of the contract. By the implementation mode, the first data can be stored in the contract.
Optionally, the method may further include the following:
1) and receiving a second transaction of the calling contract sent by the management device, wherein the second transaction is used for receiving the first data from the block link.
2) And executing the second transaction and sending the first data to the management equipment. Then, the management device may decrypt the first data using the master private key msk to obtain the second data, and check whether the second data is legal. As an example, the management device may DECRYPT the first data by calling a DECRYPT function of the CP-ABE encryption system to obtain the second data, specifically:
the second data is CPABE _ DECRYPT (first data, msk).
After decrypting the second data, the management device may check whether the second data is legitimate. If the check is determined not to pass, the management device may send a third transaction to the blockchain invoking the contract.
3) And receiving and executing a third transaction sent by the management device, and recording the first data as illegal data in a contract state of the contract, wherein the third transaction is sent by the management device under the condition of checking that the second data does not pass.
And step two, responding to the request sent by the management equipment, and sending the user information to the management equipment.
In this embodiment, the management device may monitor a registration event of the user equipment on the chain, and after monitoring the registration event of the user, the management device may send a request for acquiring user information to the blockchain. In response to the request sent by the management device, the block link point may send user information to the management device. Then, the management device may determine an attribute tag of the user based on the user information, generate a sub-private key of the user based on the attribute tag, the main public key of the management device, and the main private key of the management device, and upload the user identifier of the user and the sub-private key to the block chain in association.
And step three, receiving the sub private key from the management equipment, and storing the sub private key in the block chain.
In this embodiment, the tile chain node may receive the user identifier and the sub private key of the user from the management device, and store the user identifier and the sub private key of the user in association in the tile chain. Wherein the sub-private key is generated based on the user information, the master public key of the management device, and the master private key of the management device. For example, the management device may extract the attribute tags from the user information. Thereafter, the management device may generate a child private key for the user based on the attribute label, the primary public key mpk, and the primary private key msk. The management device may generate a user-specific sub-private key sk, for example, by calling the KeyGen function of the CP-ABE encryption system, which, in particular,
CPABE _ KeyGen (attribute tag, msk, mpk).
In some alternative implementations, storing the child private key in the blockchain may be performed as follows: and storing the user identification of the user and the ciphertext of the sub private key in the block chain in an associated manner. The ciphertext of the sub-private key can be obtained by encrypting the sub-private key based on the public key of the block chain account corresponding to the user equipment.
And step four, responding to the request sent by the user equipment, and sending the sub private key and the first data to the user equipment.
In this embodiment, the user equipment may send a request for obtaining the child private key to the block chain node, and in response to the request sent by the user equipment, the block chain node may send the child private key to the user equipment. The user equipment may also send a request to the block node for obtaining the first data, and in response to the request sent by the user equipment, the block node may send the first data to the user equipment. And then, the user equipment can decrypt the first data by using the sub-private key, and the second data is obtained by successfully decrypting the first data under the condition that the attribute tag accords with the preset strategy.
According to an embodiment of another aspect, an apparatus for acquiring data based on a block chain is provided. The apparatus for acquiring data based on the blockchain may be disposed at a blockchain node, wherein the blockchain node may be deployed in any device, platform or device cluster having computing and processing capabilities.
Fig. 7 shows a schematic block diagram of an apparatus for acquiring data based on a blockchain according to one embodiment. The first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of the management device and a preset policy. As shown in fig. 7, the apparatus 700 for obtaining data based on block chains comprises: a receiving unit 701 configured to receive user information and store the user information in a block chain; a sending unit 702 configured to send the user information to a management apparatus in response to a request sent by the management apparatus; a storage unit 703 configured to receive a sub-private key from the management device, and store the sub-private key in a blockchain, where the sub-private key is generated based on the user information, a master public key of the management device, and a master private key of the management device; a data sending unit 704 configured to send the subprivate key and the first data to the user equipment in response to the request sent by the user equipment.
In some optional implementations of this embodiment, the storage unit 703 is further configured to: and storing the user identification of the user and the ciphertext of the sub private key in a block chain in an associated manner, wherein the ciphertext of the sub private key is obtained by encrypting the sub private key based on the public key of the block chain account corresponding to the user equipment.
In some optional implementations of this embodiment, the apparatus 700 further includes: a first transaction receiving unit (not shown in the figure) configured to receive a first transaction sent by the data owner device, wherein the first transaction invokes a contract to upload the first data to the blockchain; a first transaction execution unit (not shown) configured to execute the first transaction, and store the first data in a contract state of the contract.
In some optional implementations of this embodiment, the apparatus 700 further includes: a second transaction receiving unit (not shown in the figure) configured to receive a second transaction for invoking the contract, which is sent by the management device, wherein the second transaction is used for receiving the first data from the blockchain; a second transaction executing unit (not shown) configured to execute the second transaction, and send the first data to the management device; and a third transaction receiving unit (not shown) configured to receive and execute a third transaction transmitted by the management apparatus, the third transaction being transmitted by the management apparatus in a case where the second data is checked to fail, and record the first data as illegal data in a contract state of the contract.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform a method of acquiring data based on a blockchain, the method being applicable to a blockchain node.
According to another aspect of the embodiments, there is also provided a computing device, including a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement a method for obtaining data based on a blockchain, where the method may be applied to a blockchain node. In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium that stores computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server system. Of course, this application does not exclude that with future developments in computer technology, the computer implementing the functionality of the above described embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, the use of the terms first, second, etc. are used to denote names, but not to denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Moreover, various embodiments or examples and features of various embodiments or examples described in this specification can be combined and combined by one skilled in the art without being mutually inconsistent.
The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.
Claims (17)
1. A method of acquiring data based on a blockchain, wherein first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of a management device and a preset policy, the method comprising:
user equipment uploads user information to a block chain;
the management equipment acquires the user information from the block chain, determines an attribute label of a user based on the user information, generates a sub private key of the user based on the attribute label, a main public key of the management equipment and a main private key of the management equipment, and uploads the sub private key to the block chain;
the user equipment acquires the sub private key and the first data from the block chain, decrypts the first data by using the sub private key, and successfully decrypts the first data to obtain second data when the attribute tag conforms to the preset strategy.
2. The method of claim 1, wherein the uploading the child private key to a blockchain comprises:
and the management equipment encrypts the sub-private key based on a public key of a block chain account corresponding to the user equipment to obtain an encryption result, and uploads the encryption result and the user identification of the user to the block chain in an associated manner, so that the user equipment obtains the encryption result from the block chain and then decrypts the encryption result to obtain the sub-private key.
3. The method of claim 1, wherein the method further comprises:
the management equipment generates a main public key and a main private key and uploads the main public key to a block chain;
and after the data owner device acquires the main public key from the block chain, encrypting the second data based on the main public key and the preset strategy to generate first data, and uploading the first data to the block chain.
4. The method of claim 3, wherein uploading the first data to the blockchain by a data owner device comprises:
the data owner device sends a first transaction to the blockchain, and the first transaction calls a contract to upload the first data to the blockchain;
a node of the blockchain executes the first transaction, storing the first data into a contract state of the contract.
5. The method of claim 4, wherein the method further comprises:
the management device receiving the first data from the blockchain by sending a second transaction to the blockchain invoking the contract; decrypting the first data by using the main private key to obtain second data, and checking whether the second data is legal or not; and if the check is not passed, sending a third transaction for calling the contract to the blockchain, and recording the first data as illegal data in the contract state of the contract.
6. The method of claim 5, wherein the first transaction is further for uploading a first hash value of the second data to the blockchain, and the checking by the management device whether the second data is legitimate specifically comprises:
the management equipment acquires the first hash value from the blockchain and calculates a second hash value of the second data;
determining whether the second hash value matches the first hash value.
7. The method of claim 1, wherein the user equipment uploading user information to a blockchain comprises:
the user equipment uploads user information to the blockchain for user registration or for updating user information.
8. A method for acquiring data based on a blockchain is applied to a blockchain node, wherein first data stored in the blockchain is acquired by performing attribute encryption based on a master public key of a management device and a preset strategy, and the method comprises the following steps:
receiving user information, and storing the user information into a block chain;
sending the user information to a management device in response to a request sent by the management device;
receiving a sub-private key from the management device, the sub-private key being stored in a blockchain, wherein the sub-private key is generated based on the user information, a master public key of the management device, and a master private key of the management device;
and responding to a request sent by user equipment, and sending the sub private key and the first data to the user equipment.
9. The method of claim 8, wherein the storing the child private key in a blockchain comprises:
and storing the user identification of the user and the ciphertext of the sub private key in a block chain in an associated manner, wherein the ciphertext of the sub private key is obtained by encrypting the sub private key based on a public key of a block chain account corresponding to the user equipment.
10. The method of claim 8, wherein the method further comprises:
receiving a first transaction sent by a data owner device, wherein the first transaction invokes a contract to upload the first data to the blockchain;
the first transaction is executed, storing the first data into a contract state of the contract.
11. The method of claim 10, wherein the method further comprises:
receiving a second transaction which is sent by the management device and used for calling the contract, wherein the second transaction is used for receiving the first data from the blocklink;
executing the second transaction, and sending the first data to the management device;
and receiving and executing a third transaction sent by the management device, and recording the first data as illegal data in a contract state of the contract, wherein the third transaction is sent by the management device under the condition of checking that the second data does not pass.
12. An apparatus for acquiring data based on a blockchain, which is provided at a blockchain node, wherein first data stored in the blockchain is obtained by performing attribute encryption based on a master public key of a management device and a preset policy, the apparatus comprising:
the receiving unit is configured to receive user information and store the user information into a block chain;
a transmission unit configured to transmit the user information to a management apparatus in response to a request transmitted by the management apparatus;
a storage unit configured to receive a sub private key from the management device, the sub private key being stored in a blockchain, wherein the sub private key is generated based on the user information, a master public key of the management device, and a master private key of the management device;
and the data sending unit is configured to respond to a request sent by user equipment and send the sub private key and the first data to the user equipment.
13. The apparatus of claim 12, wherein the storage unit is further configured to:
and storing the user identification of the user and the ciphertext of the sub private key in a block chain in an associated manner, wherein the ciphertext of the sub private key is obtained by encrypting the sub private key based on a public key of a block chain account corresponding to the user equipment.
14. The apparatus of claim 12, wherein the apparatus further comprises:
a first transaction receiving unit configured to receive a first transaction sent by a data owner device, wherein the first transaction invokes a contract to upload the first data to the blockchain;
a first transaction execution unit configured to execute the first transaction, storing the first data into a contract state of the contract.
15. The apparatus of claim 14, wherein the apparatus further comprises:
a second transaction receiving unit configured to receive a second transaction which calls the contract and is sent by the management device, wherein the second transaction is used for receiving the first data from the blockchain;
a second transaction execution unit configured to execute the second transaction, and send the first data to the management device;
a third transaction receiving unit configured to receive and execute a third transaction sent by the management device, the first data being recorded as illegal data in a contract state of the contract, wherein the third transaction is sent by the management device under a condition that the second data is checked not to pass.
16. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 8-11.
17. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code, and wherein the processor, when executing the executable code, implements the method of any of claims 8-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210722354.1A CN115118485A (en) | 2022-06-24 | 2022-06-24 | Method and device for acquiring data based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210722354.1A CN115118485A (en) | 2022-06-24 | 2022-06-24 | Method and device for acquiring data based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115118485A true CN115118485A (en) | 2022-09-27 |
Family
ID=83327466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210722354.1A Pending CN115118485A (en) | 2022-06-24 | 2022-06-24 | Method and device for acquiring data based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115118485A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190164153A1 (en) * | 2017-11-30 | 2019-05-30 | Shashank Agrawal | Blockchain system for confidential and anonymous smart contracts |
| US20200349261A1 (en) * | 2019-05-03 | 2020-11-05 | International Business Machines Corporation | Database private document sharing |
| CN111935080A (en) * | 2020-06-24 | 2020-11-13 | 布比(北京)网络技术有限公司 | Data sharing method and device for block chain, computer equipment and storage medium |
| CN113221184A (en) * | 2021-03-27 | 2021-08-06 | 重庆邮电大学 | Internet of things system and device based on block chain network |
| CN114465790A (en) * | 2022-01-24 | 2022-05-10 | 蚂蚁区块链科技(上海)有限公司 | Method, device and equipment for processing IP content library service |
-
2022
- 2022-06-24 CN CN202210722354.1A patent/CN115118485A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190164153A1 (en) * | 2017-11-30 | 2019-05-30 | Shashank Agrawal | Blockchain system for confidential and anonymous smart contracts |
| US20200349261A1 (en) * | 2019-05-03 | 2020-11-05 | International Business Machines Corporation | Database private document sharing |
| CN111935080A (en) * | 2020-06-24 | 2020-11-13 | 布比(北京)网络技术有限公司 | Data sharing method and device for block chain, computer equipment and storage medium |
| CN113221184A (en) * | 2021-03-27 | 2021-08-06 | 重庆邮电大学 | Internet of things system and device based on block chain network |
| CN114465790A (en) * | 2022-01-24 | 2022-05-10 | 蚂蚁区块链科技(上海)有限公司 | Method, device and equipment for processing IP content library service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3058013C (en) | Managing sensitive data elements in a blockchain network | |
| CN110060162B (en) | Data authorization and query method and device based on block chain | |
| JP6892513B2 (en) | Off-chain smart contract service based on a reliable execution environment | |
| US10880077B2 (en) | Processing blockchain data based on smart contract operations executed in a trusted execution environment | |
| US11057189B2 (en) | Providing data authorization based on blockchain | |
| WO2021017433A1 (en) | Data authorization method and device employing smart contract | |
| CN113255005B (en) | Block chain-based data asset circulation method, device and equipment | |
| EP3673432B1 (en) | Implementing a blockchain-based workflow | |
| AU2019204712A1 (en) | Managing sensitive data elements in a blockchain network | |
| CN109146482B (en) | Block chain-based user rights and interests providing method and device | |
| CN115134075A (en) | Cross-subnet calling method and device, electronic equipment and storage medium | |
| CN115118486B (en) | Internet of things system, method and device for acquiring data based on blockchain, storage medium and computing device | |
| CN115131029A (en) | Block chain-based digital file signing method and device | |
| CN115118485A (en) | Method and device for acquiring data based on block chain | |
| CN114239043A (en) | Shared encryption storage system constructed based on block chain technology | |
| CN115037548B (en) | System, method, device, medium and equipment for secure multiparty computation of data based on blockchain | |
| CN115134136B (en) | System, method, device, storage medium and computing device for socializing based on blockchain | |
| shaher Alslman et al. | Exchanging digital documents using blockchain technology | |
| CN115580412B (en) | System, method and device for managing digital heritage based on block chain | |
| CN113255008B (en) | Method and system for outputting multimedia file | |
| CN115242398A (en) | Knowledge question-answering system, method and device based on block chain | |
| CN115204880A (en) | Consensus method and device for blockchain transaction | |
| CN115277003A (en) | Digital identity management method, block chain node and system | |
| CN116155602A (en) | Resource data processing method and device | |
| CN115174183A (en) | Block chain-based digital file signing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |