CN115189886A - Multi-party credible data interaction method and device based on block chain - Google Patents
Multi-party credible data interaction method and device based on block chain Download PDFInfo
- Publication number
- CN115189886A CN115189886A CN202210672617.2A CN202210672617A CN115189886A CN 115189886 A CN115189886 A CN 115189886A CN 202210672617 A CN202210672617 A CN 202210672617A CN 115189886 A CN115189886 A CN 115189886A
- Authority
- CN
- China
- Prior art keywords
- data
- storage
- block chain
- information
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000003993 interaction Effects 0.000 title claims abstract description 34
- 238000003860 storage Methods 0.000 claims abstract description 55
- 238000013500 data storage Methods 0.000 claims abstract description 18
- 238000007689 inspection Methods 0.000 claims abstract description 13
- 238000013461 design Methods 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims abstract description 9
- 230000008569 process Effects 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 5
- 238000012986 modification Methods 0.000 claims description 5
- 239000004744 fabric Substances 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013502 data validation Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain-based multiparty trusted data interaction method and device, which comprise a block chain basic network and multiparty data interaction. The block chain network is designed in a alliance chain form and is responsible for storing information entities, installing, verifying and calling intelligent contracts and verifying the reliability configuration of nodes; the multiparty credible data interaction is a set of complete multiparty data storage, inquiry and verification structure constructed on the basis of a block chain to realize data interaction among multiple parties, a user can upload own data and store the data according to different safety and privacy levels, and for the stored historical data, the data can be directly acquired through inquiry to realize data intercommunication or the authenticity and the falsification of the data are verified according to conditions. The invention utilizes the characteristic that the block chain can not be tampered with by permanent storage and designs complete data storage, query and verification logic, thereby ensuring that the data can realize multi-party intercommunication and credible inspection under the condition of safety and confidentiality.
Description
Technical Field
The invention belongs to the field of service data information security interaction, and particularly relates to a block chain-based multiparty trusted data interaction method.
Background
In recent years, with the continuous development of information technology, the informatization level of enterprises is continuously improved, paperless office of the enterprises and the like enable more and more business communication of the enterprises to be transferred to online, and online business communication brings safety and trust problems of data interaction between the enterprises while facilitating and accelerating business expansion. Many companies are limited companies which are willing to cooperate, and enterprises with less cooperation are worried about the authenticity of data provided by the companies, and meanwhile, the companies do not need to provide own data to other parties too much, and data leakage is feared. This situation greatly reduces the effect of digitization on efficiency improvement and business growth of inter-enterprise collaboration. At present, data interaction in business communication among enterprises is transmitted by private hardware copy or through private communication software of employees, so that a lot of security holes and inconvenience exist in the process, data content is easy to leak and tamper, and enterprise loss is caused as a result, which is also a reason that enterprises do not want to cooperate with strange enterprises to a great extent and are more willing to cooperate with familiar enterprises.
Disclosure of Invention
The invention aims to provide a block chain-based multi-party credible data interaction method aiming at the defects of the existing method.
The purpose of the invention is realized by the following technical scheme: in a first aspect, the present invention provides a block chain-based multiparty trusted data interaction method, including the following steps:
(1) Building a block chain network, designing a Data Information (DI) field structure of Data storage, wherein the DI is composed of a plurality of fields, and designing corresponding fields according to different confidentiality, safety and modification requirements; selecting a storage mode according to the privacy level and the security level of the data; the index DId (Data Id, data index Id) of the Data is returned after the Data is successfully stored;
(2) Based on the field structure DI of the data storage designed in the step (1), carrying out corresponding data query according to the privacy level and security level selection and DId or corresponding field information of the data when the data is stored;
(3) For the data stored in step (1), data inspection can be performed based on the designed field structure DI of the data storage, and there are three verification forms:
a. verify whether a DId itself is valid: specifically, whether data exist under the current DId is determined, if the data exist, the DId is valid, the public data description information in the DI is returned, and if the DId is invalid, error information is returned;
b. authentication of part of the unencrypted content of the DI: specifically, whether the information of the non-encrypted content is consistent with the DI stored in the block chain network or not is verified, and a corresponding result of the matching degree is obtained according to the DId and a value needing to be verified;
c. authentication of the partially encrypted content of the DI: specifically, whether the data information to be checked is consistent with the encrypted segment data in the DI is verified by combining a secret key and an encryption and decryption algorithm, and whether the result is matched is judged according to the DId, the encryption algorithm used during the storage of the certificate, the corresponding secret key and the value of the field to be verified.
Further, in the step (1), a specific process of data storage is as follows:
(1) Different index field combinations are designed according to different data types, various storage requirements are met, corresponding storage forms are designed for contents to be stored, accurate recording of information is required to be met, and corresponding fields are set according to different requirements for safety, encryption and services. In order to meet the revision requirement, a revision flag field is added, and the revision history of the data is recorded.
(2) Before data storage, a certificate for verifying the identity of the data needs to be checked, whether the stored information is null or not is verified, replay attack is prevented, a one-time random number is applied before the storage certificate is submitted, and then the random number is encrypted by a private key to serve as a signature and is attached to the information submitted by storage.
(3) And providing a uniform interface service, writing the storage information in advance according to design requirements, or generating the storage information by using a conversion tool.
(4) The stores use the idempotent rule, exactly the same DI, and return the same DId regardless of how many times the store was made. If the data with the same grading mark has no revision mark, and the information loads stored for multiple times are different, an error prompt message is returned. For DI with revision flags, a new DId is returned every time it is stored.
Further, in the step (2), the data query includes the following two types:
A. the method has no identity authentication, does not need to provide authentication information such as an identity certificate, and can directly inquire corresponding data according to the DId. And judging the channel to which the data belongs according to the DId during inquiry, directly returning the data if the data is public data, verifying whether the current caller is an authorized object of the private data set if the data is private data, rejecting the data inquiry request if the data is not the authorized object, and returning the corresponding data if the data is the authorized object.
B. The demand data is queried providing corresponding retrievable fields of the demand data.
Further, in the step (3), the way of verifying the part of the unencrypted content of the DI in the data inspection is specifically as follows:
and inputting the key value pair and the DId of the corresponding field for the non-encrypted segment information needing to be verified, checking the matching degree of the checked data and the provided key value pair internally, and returning a corresponding result according to the matching degree, such as matching, partial matching or mismatching.
Further, in the step (1), the blockchain network is built by using a Hyperhedger Fabric framework, a channel is newly built in the blockchain network, a node added into the channel is set as required, and the chain code required by storage and inspection is installed.
Further, in the step (1), the selecting a storage mode according to the privacy level and the security level of the data specifically includes: the data is directly stored in the corresponding channel, all members of the channel can obtain the data, or the data is only opened as private data storage to specific members of the channel, or the data load is encrypted in different levels and modes.
Further, in the step (2), when data query is performed, data disclosed in a blockchain network channel can be directly queried, and for data in a channel private data set, if the data set is an authorized object, the data can be obtained, otherwise, the data cannot be obtained; for encrypted data, the queried data needs a corresponding key for decryption.
Further, in the step (3), the data check can be used in a scenario where only the authenticity of the data needs to be verified, and the content of the data itself is not needed.
In a second aspect, the present invention provides a block chain-based multi-party trusted data interaction apparatus, including a memory and one or more processors, where the memory stores executable codes, and the processors execute the executable codes to implement the block chain-based multi-party trusted data interaction method.
In a third aspect, the present invention provides a computer-readable storage medium, on which a program is stored, where the program, when executed by a processor, implements the block chain-based multiparty trusted data interaction method.
The beneficial effects of the invention are: based on the block chain technology, the invention can enable enterprises which are not familiar with each other and do not establish credit basis to develop high-efficiency, credible and safe service communication, thereby realizing data intercommunication. In the blockchain network, a centralized management mechanism is not arranged, all the participants are in equal positions, and meanwhile, the blockchain network developed by the Hyperhedger Fabric framework can verify the identity of each joined organization and provide corresponding certificates, so that the trust basis among the participating enterprises is ensured. The specific information storage structure designed by the invention can ensure the accurate positioning of one piece of information, provides an updating function for historical data on the basis of ensuring that the data cannot be falsified and permanently stored, and meets the requirement of enterprise modification. Under the condition of ensuring that data is safe and not exposed, the verification function for the correctness and the integrity of the stored data information is provided, so that the enterprise not only ensures the safety and the confidentiality of data submitted by the own party, but also can believe the consistency before and after the provided data is not tampered when cooperating with other enterprises without a trust foundation, and can provide favorable evidence support if disputes occur.
Drawings
FIG. 1 is a flow chart of the method storage of the present invention.
FIG. 2 is a flow chart of query and examination according to the method of the present invention.
Fig. 3 is a schematic diagram of a multi-party trusted data interaction device based on a block chain according to an embodiment of the present invention.
Detailed Description
The invention will be described in more detail hereinafter with reference to the accompanying drawings and with reference to an embodiment, to which, however, the invention is not restricted.
As shown in fig. 1 and fig. 2, the method for interacting multi-party trusted data based on a block chain provided by the present invention includes the following steps:
(1) Building a block chain network, developing by using a Hyperhedger Fabric framework, newly building a channel in the block chain network, setting nodes added into the channel as required, and installing and storing chain codes required for inspection.
Specifically, the blockchain comprises the following structure:
1. node point
The block chain network is provided with three nodes serving as peers, the nodes serve as entities held by a block chain account book, chain codes are installed, audited and operated, uplink data are verified, a kafka algorithm is adopted to guarantee that distributed consensus can be achieved under the condition that one node fails, and data consistency is guaranteed. The operation of storing certificate and checking can be carried out through the interaction of any node and the block chain network. And determining the node for storing the uploaded information according to the selected strategy.
2. Contract product
The intelligent contract adopts a programming service model, defines a service flow, and determines the access process of the operation data in the block chain network. The contract is edited by a user according to certain specifications and finally takes effect after node installation, auditing and submission. The code in the contract is written according to the need, and can be updated continuously.
3. General knowledge of
The block chain network consensus process is totally divided into two parts, namely an endorsement process of transactions and global sequencing of the transactions. The global ordering is a part of the operation of the consensus mechanism, and because of the distributed system, an orderer cluster is required to perform global ordering on transactions sent by different nodes. And the consensus mechanism can ensure the data consistency in the distributed system.
(2) Data storage design, namely designing a Data Information (DI) field structure of Data storage, wherein the DI is composed of a plurality of fields, and corresponding fields are designed according to different requirements on confidentiality, safety, modification and the like; the Data can be directly stored in a corresponding channel according to the privacy level and the security level of the Data, all members of the channel can obtain the Data, or the Data can be used as private Data storage and only opened for specific members of the channel, the load of the Data can be encrypted in different levels and modes, and an index DId (Data Id, data index Id) of the Data can be returned after the Data is successfully stored. The storage design details are described as follows:
storage needs to meet the characteristics of safe, simple and diverse storage modes.
1. In order to support various storages and rich inquiry and verification implementation and ensure that the storage information and the verification are in a tight logic closed loop, the storage data field DI with a clear structure and rich contents is designed. Firstly, hierarchical index field combinations are designed according to different data types, various storage requirements are met, and reasonable classification and quick search of stored information can be achieved. Corresponding storage forms are designed for the contents to be stored, accurate recording of information needs to be met, and corresponding fields are set according to different requirements of safety, encryption, service and the like. In order to meet the revision requirement, a revision flag field is added and the revision history of the data is recorded.
2. The method comprises the steps of designing a logic step for ensuring the safety, verifying whether stored information is null invalid information to prevent replay attack, applying for a one-time random number before submitting the stored information, and encrypting the random number by using a private key to serve as a signature and attaching the signature to the stored and submitted information.
3. The storage form is simple and convenient, other additional data are not needed except for providing necessary identity information and storage data, unified interface service is provided, and a large amount of advanced configuration is not needed. The storage information can be written in advance according to design requirements and can also be generated by utilizing a provided conversion tool.
4. To improve robustness in a distributed environment, the storage uses an idempotent rule, with exactly the same DI, returning the same DId regardless of how many times it is stored. The current commit does not affect subsequent operations, and each store behavior is isolated and independent of each other. If the data with the same grading mark has no revision mark, and the information loads stored for multiple times are different, an error prompt message is returned. For DI with revision tags, a new DId is returned every time it is stored. The specific process comprises the following steps: firstly, acquiring a signature of data information to be stored, then judging whether the Did of the data exists, and if so, judging whether a revision mark exists; if the intelligent contract is not stored, calling the intelligent contract for storage, then verifying whether the intelligent contract is stored successfully, and if the intelligent contract is stored successfully, returning a storage number Did; if not successful, returning an error code; and when judging whether the revision mark exists, if the revision mark exists, calling the intelligent contract storage certificate to execute a subsequent flow, and if the revision mark does not exist, directly returning an error code.
(3) And (2) designing data query, namely selecting DId or corresponding field information according to the privacy level and the security level when the data is stored and acquiring the data from a corresponding channel based on the field structure DI of the data storage designed in the step (1). The data disclosed in the channel can be directly inquired, and for the data in the private data set of the channel, if the data is an authorized object of the data set, the data can be acquired, otherwise, the data cannot be acquired. For encrypted data, the queried data needs a corresponding key for decryption. The fast and convenient query can accelerate the speed of data intercommunication and realize the sharing of data among multiple parties. The data query design details are as follows:
1. the corresponding data can be directly inquired according to the DId without identity authentication and authentication information such as an identity certificate and the like. And during query, the channel to which the data belongs is automatically judged according to the DId, if the data is public, the data is directly returned, if the data is private, whether the current caller is in an authorized object set of the private data set or not is verified, if the data is not in the authorized object set, the request is rejected, and if the data is in the authorized object set, the corresponding data is returned.
2. In order to enrich the query style, in addition to querying data in a DId-providing style, query requirement data can be provided for corresponding retrievable fields that require data.
(4) The data inspection design provides data inspection technical support for the scene that the content of the data is not needed and the data is only verified to be true or false, A provides a piece of data for B (the data A is stored in the step (2) before), and B holds the data and the DId of the A to inspect to obtain a matched or unmatched result by knowing whether the taken data and the original A are changed or not. The examination is classified into non-encryption examination and encryption examination according to the fact that A has not been encrypted during storage. The method specifically comprises the following three verification forms:
(1) verifying whether a DId is valid, determining whether data are stored under the current DId, inputting the DId, if the data are stored, the DId is valid, returning public data description information in the DI, including uploading time, an uploader, a data brief description and the like, and if the DId is invalid, returning error information;
(2) verifying part of non-encrypted contents of the DI, verifying whether the grasped information (information of the non-encrypted contents) is consistent with the DI stored in the block chain network, inputting the DId and some values needing verification, and outputting a corresponding result according to the matching degree;
(3) and verifying part of the encrypted content of the DI, verifying whether the data information to be checked is consistent with the encrypted segment data in the DI by combining a key and an encryption and decryption algorithm, inputting the DId, the encryption algorithm used during the storage of the certificate, the corresponding key and the value of a field to be verified, and outputting whether the result is matched and judged. Data inspection design details are as follows:
besides the direct data query function, the data inspection is also a function with a large demand. The inspection does not directly return to the original storage data, and different inspection functions are respectively provided according to requirements.
DId validation
In some cases, it is necessary to verify whether a DId itself is valid, and if the DId is input, part of the description information will be returned if data under the id is already stored, otherwise, an error message will be returned.
DI unencrypted segment data verification
And inputting the key value pair and the DId of the corresponding field for the non-encrypted segment information needing to be verified, checking the matching degree of the checked data and the provided key value pair internally, and returning a corresponding result according to the matching degree, such as matching, partial matching or mismatching.
Encrypted segment data validation for DI
The data stored in an encrypted form during storage can also be verified, the fields to be verified, the DId and the salt input during storage are input, the encrypted data can be integrally verified, and a corresponding result is returned according to the comparison condition.
Corresponding to the embodiment of the multiparty trusted data interaction method based on the block chain, the invention also provides an embodiment of a multiparty trusted data interaction device based on the block chain.
Referring to fig. 3, an embodiment of the present invention provides a block chain-based multi-party trusted data interaction apparatus, which includes a memory and one or more processors, where the memory stores executable codes, and when the processors execute the executable codes, the processor is configured to implement the block chain-based multi-party trusted data interaction method in the foregoing embodiment.
The embodiment of the block chain based multi-party trusted data interaction device of the present invention can be applied to any device with data processing capability, such as a computer or other devices or devices. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a logical device, the device is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for running through the processor of any device with data processing capability. In terms of hardware, as shown in fig. 3, the present invention is a hardware structure diagram of any device with data processing capability where a multi-party trusted data interaction apparatus based on a block chain is located, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, any device with data processing capability where the apparatus is located in the embodiment may also include other hardware according to the actual function of the any device with data processing capability, which is not described again.
The specific details of the implementation process of the functions and actions of each unit in the above device are the implementation processes of the corresponding steps in the above method, and are not described herein again.
For the device embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
An embodiment of the present invention further provides a computer-readable storage medium, on which a program is stored, where the program, when executed by a processor, implements the block chain-based multiparty trusted data interaction method in the foregoing embodiments.
The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory, of any data processing capability device described in any of the foregoing embodiments. The computer readable storage medium may also be any external storage device of a device with data processing capabilities, such as a plug-in hard disk, a Smart Media Card (SMC), an SD Card, a Flash memory Card (Flash Card), etc. provided on the device. Further, the computer readable storage medium may include both an internal storage unit and an external storage device of any data processing capable device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the arbitrary data processing-capable device, and may also be used for temporarily storing data that has been output or is to be output.
The above-described embodiments are intended to illustrate rather than to limit the invention, and any modifications and variations of the present invention are within the spirit of the invention and the scope of the appended claims.
Claims (10)
1. A multiparty trusted data interaction method based on a block chain is characterized by comprising the following steps:
(1) Building a block chain network, designing a Data Information (DI) field structure of Data storage, wherein the DI is composed of a plurality of fields, and designing corresponding fields according to different confidentiality, safety and modification requirements; selecting a storage mode according to the privacy level and the security level of the data; the index DId (Data Id, data index Id) of the Data is returned after the Data is successfully stored;
(2) Based on the field structure DI of the data storage designed in the step (1), carrying out corresponding data query according to the privacy level and security level selection and DId or corresponding field information of the data when the data is stored;
(3) For the data stored in step (1), data inspection can be performed based on the designed field structure DI of the data storage, and there are three verification forms:
a. verify whether a DId itself is valid: specifically, whether data exist under the current DId is determined, if the data exist, the DId is valid, the public data description information in the DI is returned, and if the DId is invalid, error information is returned;
b. authentication of part of the unencrypted content of the DI: specifically, whether the information of the non-encrypted content is consistent with the DI stored in the block chain network or not is verified, and a corresponding result of the matching degree is obtained according to the DId and a value needing to be verified;
c. authentication of the partially encrypted content of the DI: specifically, whether the data information to be checked is consistent with the encrypted segment data in the DI is verified by combining a secret key and an encryption and decryption algorithm, and whether the result is matched is judged according to the DId, the encryption algorithm used during the certificate storage, the corresponding secret key and the value of the field to be verified.
2. The method for multiparty trusted data interaction based on block chains according to claim 1, wherein in step (1), the specific process of data storage is as follows:
(1) Different index field combinations are designed according to different data types, various storage requirements are met, corresponding storage forms are designed for contents to be stored, accurate recording of information is required to be met, and corresponding fields are set according to different requirements of safety, encryption and services. In order to meet the revision requirement, a revision flag field is added, and the revision history of the data is recorded.
(2) Before data storage, a certificate for verifying the identity of the data needs to be checked, whether the stored information is null or not is verified, replay attack is prevented, a one-time random number is applied before the storage certificate is submitted, and then the random number is encrypted by a private key to serve as a signature and is attached to the information submitted by storage.
(3) And a uniform interface service is provided, and the storage information is written in advance according to the design requirements or generated by using a conversion tool.
(4) The storage adopts an idempotent rule, and the identical DI returns the same DId no matter how many times the storage is carried out. If the data with the same grading mark has no revision mark, and the information loads stored for multiple times are different, an error prompt message is returned. For DI with revision tags, a new DId is returned every time it is stored.
3. The method for multiparty trusted data interaction based on block chains as claimed in claim 1, wherein in said step (2), the data query includes the following two types:
A. the method has no identity authentication, does not need to provide authentication information such as an identity certificate, and can directly inquire corresponding data according to the DId. And judging the channel to which the data belongs according to the DId during inquiry, directly returning the data if the data is public data, verifying whether the current caller is an authorized object of the private data set if the data is private data, rejecting the data inquiry request if the data is not the authorized object, and returning the corresponding data if the data is the authorized object.
B. The corresponding retrievable field providing the required data queries the required data.
4. The method for multiparty trusted data interaction based on block chains according to claim 1, wherein in the step (3), the way of verifying part of unencrypted contents of DI in the ping is specifically:
and inputting the key value pair and the DId of the corresponding field for the non-encrypted segment information needing to be verified, checking the matching degree of the checked data and the provided key value pair internally, and returning a corresponding result according to the matching degree, such as matching, partial matching or mismatching.
5. The method of claim 1, wherein in step (1), the blockchain network is built by using a Hyperridge Fabric framework, a channel is newly built in the blockchain network, a node for adding in the channel is set as required, and a chain code required for storage and inspection is installed.
6. The method for multi-party trusted data interaction based on the block chain as claimed in claim 5, wherein in step (1), the storage mode selected according to the privacy level and the security level of the data is specifically: the data is directly stored in the corresponding channel, all members of the channel can obtain the data, or the data is only opened as private data storage to specific members of the channel, or the data load is encrypted in different levels and modes.
7. The method for multi-party trusted data interaction based on blockchain as claimed in claim 1, wherein in step (2), during data query, data published in a blockchain network channel can be directly queried, and for data in a channel private data set, if authorized object of the data set is obtained, no right is obtained otherwise; for encrypted data, the queried data needs a corresponding key for decryption.
8. The method for multiparty trusted data interaction based on block chains as claimed in claim 1, wherein in step (3), said data check can be used in a scenario that only data authenticity needs to be verified, and the content of data itself is not needed.
9. A block chain based multi-party trusted data interaction device, comprising a memory and one or more processors, wherein the memory stores executable code, and the processors execute the executable code to implement the block chain based multi-party trusted data interaction method according to any one of claims 1 to 8.
10. A computer-readable storage medium, on which a program is stored, wherein the program, when executed by a processor, implements the block chain-based multiparty trusted data interaction method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672617.2A CN115189886B (en) | 2022-06-14 | 2022-06-14 | Multi-party trusted data interaction method and device based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672617.2A CN115189886B (en) | 2022-06-14 | 2022-06-14 | Multi-party trusted data interaction method and device based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115189886A true CN115189886A (en) | 2022-10-14 |
| CN115189886B CN115189886B (en) | 2024-10-01 |
Family
ID=83513817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210672617.2A Active CN115189886B (en) | 2022-06-14 | 2022-06-14 | Multi-party trusted data interaction method and device based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189886B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110022217A (en) * | 2019-04-04 | 2019-07-16 | 深圳大通实业股份有限公司 | A kind of credible deposit system of advertisement media business datum based on block chain |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
| CN113127926A (en) * | 2021-03-12 | 2021-07-16 | 西安电子科技大学 | Method, system, storage medium and computer for analyzing statistical relevance of private data |
| WO2021179743A1 (en) * | 2020-03-09 | 2021-09-16 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for querying account privacy information in blockchain |
-
2022
- 2022-06-14 CN CN202210672617.2A patent/CN115189886B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110022217A (en) * | 2019-04-04 | 2019-07-16 | 深圳大通实业股份有限公司 | A kind of credible deposit system of advertisement media business datum based on block chain |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
| WO2021179743A1 (en) * | 2020-03-09 | 2021-09-16 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for querying account privacy information in blockchain |
| CN113127926A (en) * | 2021-03-12 | 2021-07-16 | 西安电子科技大学 | Method, system, storage medium and computer for analyzing statistical relevance of private data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115189886B (en) | 2024-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11038883B2 (en) | System and method for decentralized-identifier creation | |
| US10972274B2 (en) | Trusted identity solution using blockchain | |
| US20210243193A1 (en) | Systems, methods, and apparatuses for implementing consensus on read via a consensus on write smart contract trigger for a distributed ledger technology (dlt) platform | |
| KR102609061B1 (en) | Blockchain transaction security technique based on undetermined data | |
| CN108833081B (en) | Block chain-based equipment networking authentication method | |
| US10742424B2 (en) | Trusted identity solution using blockchain | |
| Bhaskaran et al. | Double-blind consent-driven data sharing on blockchain | |
| US11238543B2 (en) | Payroll based blockchain identity | |
| US11741083B2 (en) | Cross-shard private atomic commit | |
| CN110516474B (en) | User information processing method and device in blockchain network, electronic equipment and storage medium | |
| CN111144881A (en) | Selective access to asset transfer data | |
| CN114008971A (en) | Binding a decentralized identifier to a verified assertion | |
| CN115705571A (en) | Protecting privacy of auditable accounts | |
| JP2023530594A (en) | Permitted Event Processing in Distributed Databases | |
| CN112613747A (en) | Building information management method, device, equipment and storage medium | |
| CN114168913B (en) | Method and system for evaluating and rewarding distribution based on intelligent contract crowdsourcing result | |
| CN114338081B (en) | Multi-block-chain unified identity authentication method, device and computer equipment | |
| CN116529723A (en) | Automatic merging of DLT networks | |
| CN117435671A (en) | Legal prosecution and certification system based on blockchain technology and operation method | |
| CN115189886B (en) | Multi-party trusted data interaction method and device based on blockchain | |
| TW202303425A (en) | System, method and computer readable medium for authentication and transfer traceability of digital documents | |
| Rao et al. | VAPKI: A blockchain-based identification system with validation and authentication | |
| US20240214228A1 (en) | Blockchain based public key infrastructure | |
| US20240171406A1 (en) | Sharing security settings between entities using verifiable credentials | |
| US20230403161A1 (en) | Aggregate anonymous credentials for decentralized identity in blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |