CN115409511A - Personal information protection system based on block chain - Google Patents

Personal information protection system based on block chain Download PDF

Info

Publication number
CN115409511A
CN115409511A CN202211341999.7A CN202211341999A CN115409511A CN 115409511 A CN115409511 A CN 115409511A CN 202211341999 A CN202211341999 A CN 202211341999A CN 115409511 A CN115409511 A CN 115409511A
Authority
CN
China
Prior art keywords
sub
subsystem
key
data
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211341999.7A
Other languages
Chinese (zh)
Other versions
CN115409511B (en
Inventor
崔培升
孙学龙
梁金千
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Original Assignee
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD filed Critical BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202211341999.7A priority Critical patent/CN115409511B/en
Publication of CN115409511A publication Critical patent/CN115409511A/en
Application granted granted Critical
Publication of CN115409511B publication Critical patent/CN115409511B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The invention relates to the technical field of digital data information processing, and discloses a block chain-based personal information protection system, which comprises: the client key management and use subsystem is used for generating a root key and a sub-key and storing the root key and the sub-key in the block chain subsystem; the block chain subsystem is used for receiving a transaction proposal initiated by the client, generating a new block and updating the local block chain based on the new block; the personal information protection infrastructure subsystem is used for verifying the privacy data packet sent by the client, storing the privacy data packet after encryption processing, packaging the transaction signature data and the user sub-account information and sending the packaged transaction signature data and the user sub-account information to the third-party platform; verifying the transaction signature data and sending a verification result to a third-party platform; and the third-party platform verification subsystem is used for performing self-verification on the transaction signature data. The method and the system avoid the risk that personal data of a centralized system is easy to leak, and ensure the extremely high security of the personal privacy data.

Description

Personal information protection system based on block chain
Technical Field
The invention relates to the technical field of block chain data information processing, in particular to a personal information protection system based on a block chain.
Background
With the continuous development of computer technology and internet technology, information explosion is brought, so that the collection and processing of personal information are more common and universal, thereby causing potential threat to personal rights and even seriously impacting the basic security protection rights of personal privacy information. In the field of personal information protection, on one hand, the problem of illegal acquisition and use of personal information is faced, on the other hand, the problem of incapability of protecting stored personal information exists, particularly, a huge safety risk is brought to centralized storage of data of various large platforms, and besides disaster recovery, the problem of leakage of confidential data needs to be considered in backup.
In the prior art, for example, a chinese patent with a publication number of CN107154852B proposes a mobile terminal identity authentication method for block chain application, where on a block chain network, a user must possess a private key and generate an address uniquely identifying the user, and the identity authentication is implemented by a sandbox technology, so as to solve the problem that a conventional APP exposes private information.
The inventor finds in the process of implementing the present invention that the conventional personal information protection solutions are based on centralized data security storage and protection, and centralized systems often risk being breached from inside or outside, thereby causing personal data to be leaked.
Disclosure of Invention
In order to solve the technical problems or at least partially solve the technical problems, the invention provides a personal information protection system based on a block chain, which avoids the risk that personal data of a centralized system is easy to leak, and ensures the extremely high safety of the personal private data in the whole life cycle of acquisition, storage, transmission, processing, use, sharing, opening, destruction and the like.
In one aspect of the present invention, there is provided a block chain-based personal information protection system, including: the system comprises a client key management and use subsystem, a block chain subsystem, a personal information protection infrastructure subsystem and a third-party platform verification subsystem; wherein the content of the first and second substances,
the client key management and use subsystem is used for generating a root key and a sub key for the client and storing the root key and the sub key in the block chain subsystem; the block chain subsystem is used for receiving a transaction proposal initiated by the client, generating a new block after sufficient endorsements are collected, and updating the local block chain based on the new block; the personal information protection infrastructure subsystem is used for verifying the privacy data packet sent by the client, encrypting and storing the privacy data packet, packaging the transaction signature data and the user sub-account information which are obtained by analyzing the privacy data packet according to a certain format and sending the packaged transaction signature data and the user sub-account information to the third-party platform; verifying the transaction signature data based on the user sub-account information and the corresponding sub-key read from the block chain subsystem, and sending a verification result to a third-party platform; and the third-party platform verification subsystem is used for reading the corresponding sub-secret key from the block chain subsystem according to the sub-account information of the user, performing self-verification on the transaction signature data to obtain a self-verification result, and returning the self-verification result to the third-party platform.
According to the personal information protection system based on the block chain, which is provided by the invention, based on the point-to-point decentralized security characteristic of the block chain, the key encryption algorithm system and the related security standard of the block chain wallet are combined, the risk that personal data of the centralized system is easy to leak is avoided, and the extremely high security of the personal private data in the whole life cycle of acquisition, storage, transmission, processing, use, sharing, opening, destruction and the like is ensured.
Drawings
The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and components are not necessarily drawn to scale.
Fig. 1 is a block diagram of a personal information protection system based on a block chain according to an embodiment of the present invention;
FIG. 2 is a block diagram of a client key management and use subsystem in an embodiment of the present invention;
FIG. 3 is a block diagram of a blockchain subsystem according to an embodiment of the present invention;
FIG. 4 is a block diagram of a personal information protection infrastructure subsystem in an embodiment of the invention;
fig. 5 is a block diagram of a third party platform verification subsystem in an embodiment of the invention.
Detailed Description
Embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present invention. It should be understood that the drawings and the embodiments of the present invention are illustrative only and are not intended to limit the scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present invention may be performed in a different order and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present invention are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions executed by the devices, modules or units.
It is noted that references to "a" or "an" or "a plurality" of the present invention are exemplary rather than limiting, and those skilled in the art will appreciate that references to "one or more" are intended to be exemplary and should not be construed as limiting unless the context clearly indicates otherwise.
The elliptic curve public key encryption algorithm system (public key encryption algorithm for short) is a core cornerstone of the block chain technology, and therefore, the block chain system inherently has high security of data protection. The invention mainly focuses on using the point-to-point decentralized security characteristic based on the block chain, combines a public key encryption algorithm system and the related security specifications of the block chain wallet, is applied to the field of personal information security protection, avoids the risk that personal data of a centralized system is easy to leak, and ensures the extremely high security of the personal private data in the whole life cycle of acquisition, storage, transmission, processing, use, sharing, opening, destruction and the like.
Referring to fig. 1, an embodiment of the present invention provides a block chain-based personal information protection system structure diagram. As shown in fig. 1, a client key management and usage subsystem 10, a blockchain subsystem 20, a personal information protection infrastructure subsystem 30, and a third party platform authentication subsystem 40. Wherein the content of the first and second substances,
the client key management and use subsystem 10 is used for generating a root key and a sub-key for the client, and storing the root key and the sub-key in the block chain subsystem 20; the block chain subsystem 20 is configured to receive a transaction proposal initiated by the client, generate a new block after sufficient endorsements are collected, and update the local block chain based on the new block; the personal information protection infrastructure subsystem 30 is used for verifying the privacy data packet sent by the client, encrypting and storing the privacy data packet, and packaging the transaction signature data and the user sub-account information obtained by analyzing the privacy data packet according to a certain format and then sending the packaged transaction signature data and the user sub-account information to the third-party platform; verifying the transaction signature data based on the user sub-account information and the corresponding sub-key read from the block chain subsystem 20, and sending a verification result to the third-party platform; the third party platform verification subsystem 40 is configured to read the corresponding sub-key from the blockchain subsystem 20 according to the user sub-account information, perform self-verification on the transaction signature data to obtain a self-verification result, and return the self-verification result to the third party platform.
Here, the third-party platform mainly includes all third-party related network system platforms such as an online shopping platform, an online lodging system platform, a train ticket internet ticket purchasing platform, and the like.
Here, the client key management and usage system 10 may include a user management module for providing an interactive interface for a user to operate and join the system usage, including a new user registration module, a user information modification module, a user information logout, and the like. Specifically, the client provides a user registration page, and when the user uses the system for the first time, the user needs to register first. The user opens the registration page to fill in personal information, including identity card number, mobile phone number, birth year and month, address, household registration information, etc. After the user fills in the personal information, detailed checking is carried out, the personal information is submitted to the user management module if no error is confirmed, and measures such as verification codes exist on a registered page to prevent the user from maliciously submitting operation. After receiving the user registration information, the user management module performs user information verification and check on one hand to ensure the validity of the information; and on the other hand, the real identity of the user is checked by calling the public security basic information system service, so that the validity of the identity of the user is ensured.
The client side key management and use subsystem 10 generates a root key for a valid user, and distributes the root key to generate sub-keys. Specifically, the service number configuration policy stored in the personal information protection infrastructure subsystem 30 may be read, the service number is used as a sub-key dispersion factor, a calculation function is called, and the root key is dispersed by using the dispersion factor to obtain a sub-key corresponding to each service. The service number configuration strategy is to abstract all transaction services to generate different types of service types, and number and store the service types, and the service number configuration strategy can be updated regularly.
And then, calculating the root key and the sub-keys corresponding to the businesses, generating corresponding root wallet addresses and wallet addresses corresponding to the businesses, and generating root key tokens and sub-key tokens corresponding to the businesses. Finally, the root key token and the corresponding wallet address, the sub key token and the corresponding wallet address corresponding to each service are paired and encapsulated, and the encapsulated data packet is stored in the block chain subsystem 20.
In particular, blockchain data is typically stored in databases including KV key-value databases, relational databases, common files, and the like. The KV key value type database has a simple data structure and interface, high read-write performance and good expandability, can support read-write requests of large-scale concurrent key value pairs for data, and supports basic functions of increasing, deleting, modifying and searching.
A consensus mechanism module, a point-to-point network transport protocol layer and an intelligent contract module are included in the blockchain subsystem 20. The consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights and interests among different trust subject nodes, is provided for distributed network reference nodes for confirming state data changes in an account book caused by transaction actions, and can achieve final consistency. Even if a node failure or an untrusted node occurs, the transaction that has occurred on the blockchain subsystem 20 can be executed in the correct expected manner without the situation where the node data of the entire network is inconsistent with the state of the ledger. Information is directly shared between blockchain nodes in an exchange mode, and the method is also called peer-to-peer computing. Each node in the peer-to-peer network is equally located, a central server node is not needed for distributing tasks, and each node can simultaneously serve as a service provider and a service requester. The distributed architecture avoids the performance bottleneck of a central node of a centralized architecture, and can effectively utilize the performance and the network bandwidth of the network node, thereby improving the overall efficiency of the system. Meanwhile, the scale of the nodes can be expanded according to the requirements, and the method has good expandability and load balancing capability. An intelligent contract module is a set of digitally defined commitments, including an agreement on which contract participants can execute these commitments, a contract that uses computer language instead of legal language to record terms. In the field of blockchain technology, smart contracts refer to computer programs that are triggered, non-tamperproof, and automatically executed based on predetermined events.
Here, after receiving the transaction proposal from the client, the blockchain subsystem 20 verifies the transaction information and determines whether the submitter is authorized to perform the operation, and meanwhile, the execution intelligence is simulated according to the endorsement policy and whether the transaction proposal can be verified and executed by referring to the specified endorsement policy. If there is enough endorsements, the client packs the data together to form a transaction and signs, the blockchain subsystem 20 packs a batch of transactions together according to the blockchain policy, generates a new block, and appends the new block to the local blockchain.
On one hand, the personal information protection infrastructure subsystem 30 is used for encrypting the private data of the user, so that management requirements such as information tracking of management departments and the like are facilitated; and on the other hand, the system is used for verifying the transaction signature data of the third-party platform, when the user performs operations such as transaction and the like with the third-party platform, the user sends the personal sub-account information and the transaction signature data to the third-party platform, the third-party platform sends the personal sub-account information and the transaction signature data submitted by the user to the personal information protection infrastructure system 30 for verification, and after the verification is successful, the relevant transaction operation is completed.
For the encrypted part, the client sends the plain text of the personal privacy data packet to the personal information protection infrastructure system 30, and the system 30 encrypts the plain text of the privacy data by using an encryption algorithm and then stores the cipher text. In addition, the system 30 may analyze the data packet to obtain transaction data and user sub-account information, perform digital signature on the transaction data to obtain transaction signature data, and package the transaction signature data and the user sub-account information according to a certain format and send the packaged transaction signature data and user sub-account information to the third party platform.
For the verification part, the personal information protection infrastructure system 30 reads the corresponding sub-key from the block chain subsystem 20 according to the sub-account information of the user, verifies the transaction signature data by using the sub-key to obtain a verification result, and returns the verification result to the third party platform.
Optionally, the personal information protection infrastructure subsystem 30 further includes a public security basic information system service layer and a telecommunication basic information service layer, which communicate with the management department; the public security basic information service layer provides basic public security authority authentication information; the telecommunication basic information service layer provides basic telecommunication authority information and telecommunication function service.
The third party platform verifies that the system 40 receives the user transaction authentication information from the personal information protection infrastructure system 30 in real time. Further, the third party platform verification system 40 may also be configured to perform self-verification, that is, read a corresponding sub-key from the blockchain subsystem 20 based on the user sub-account information, and perform self-verification on the transaction signature data using the sub-key to obtain a self-verification result.
The block chain-based personal information protection system provided by the embodiment of the invention is based on the point-to-point decentralized security characteristic of the block chain, combines a key encryption algorithm system and the related security specification of the block chain wallet, avoids the risk that personal data of the centralized system is easy to leak, and ensures the extremely high security of the personal private data in the whole life cycle of acquisition, storage, transmission, processing, use, sharing, opening, destruction and the like.
As an alternative implementation manner of the embodiment of the present invention, fig. 2 shows a structure diagram of a client key management and use subsystem, and as shown in fig. 2, the client key management and use subsystem 10 includes a root key management device 110 and a sub-key distributor 120; wherein the content of the first and second substances,
the root key management device 110 generates a root key (including a root public key and a root private key) and corresponding mnemonic words according to the relevant specifications of the blockchain industry; the sub-key distributor 120 reads the service number configuration policy in the personal information protection infrastructure subsystem 30, uses the service number as a sub-key dispersion factor, calls a related calculation function, and disperses the root key using the sub-key dispersion factor to obtain sub-keys (including a sub-public key and a sub-private key) corresponding to each service.
Specifically, the root key management device 110 generates a public and private key pair of the root key for a valid and valid user, invokes an encryption algorithm of the block chain subsystem 20 to generate a key storage file with a certain format, generates a user root key mnemonic word, and returns the user root key mnemonic word to the client for the user to export for cold storage. The sub-key disperser 120 reads the service number configuration policy in the personal information protection infrastructure subsystem 30, uses the service number as a sub-key dispersion factor, calls a calculation function to disperse the root key by using the dispersion factor to obtain a sub-key corresponding to each service, and encrypts and stores the sub-key. Wherein the subkeys and the root key conform to a hierarchical deterministic correlation specification.
Further optionally, the client key management and usage subsystem 10 further includes a blockchain wallet and address generator 130, a user public key token generation device 140, a data signature device 150, and a user data uplink service module 160; wherein the content of the first and second substances,
the block chain wallet and address generator 130 calculates a root key and a sub key to generate a root wallet address and a sub wallet address corresponding to each service; the data signing device 140 signs the related service data by using a private key according to the difference of different services corresponding to the sub-key; the user public key token generating device 150 generates a root public key token and a sub public key token corresponding to each service; the data uplink service 160 pairs and encapsulates the root public key token and the corresponding wallet address, the sub public key token and the corresponding sub wallet address corresponding to each service, and stores the encapsulated data packet in the blockchain subsystem 20.
Specifically, the blockchain wallet and address generator 130 encrypts and converts the root key pair according to the intra-industry specification to generate a fixed format, and stores the fixed format in the client wallet file; and calculating the root public key and the sub public key corresponding to each service to generate a corresponding root wallet address and a sub wallet address corresponding to each service. The user public key token generation device 140 performs related package signature to generate a root public key token and a sub public key token corresponding to each service by using the user root public key and the sub public key corresponding to each service according to the related specification. The data signing device 150 signs the related service data using the private key according to the different service differences corresponding to the respective sub-keys. The ul service module 160 pairs and encapsulates the root public key token and the corresponding wallet address, and the sub public key token and the corresponding sub wallet address corresponding to each service, and stores the encapsulated data packet in the blockchain subsystem 20.
Furthermore, if the personal non-core information of the user is changed, the related user information can be updated after passing the related identity authentication; if the user does not need the personal account information, the user information can be logged off after the relevant identity authentication is passed and the commitment statement is signed, and the relevant key and the wallet information are revoked by the colleagues.
As an alternative implementation manner of the embodiment of the present invention, fig. 3 shows a structure diagram of a blockchain subsystem in the embodiment of the present invention. As shown in fig. 3, the block chain subsystem 20 includes an outbound SDK interface service layer 210, a node module 220 including an endorsement node 221 and a commit node 222, and an ordering module 230; wherein the content of the first and second substances,
the external SDK interface service layer 210 receives a transaction proposal initiated by the client, and sends the transaction proposal to the endorsement node 221; the endorsement node 221 simulates and executes an intelligent contract according to the endorsement strategy after receiving the transaction proposal, and returns the result and the respective certificate signatures thereof to the client; the sorting module 230 performs consensus sorting on the received transactions packed by the clients, generates a new block according to the block generation policy, and sends the new block to the submitting node 222; the commit node 222 checks each transaction in the new block, checks whether the input/output that the transaction depends on conforms to the state of the current block chain, and appends the new block to the local block chain after completion.
Specifically, the external SDK interface service layer 210 decrypts the data corresponding to the sector number located in the buffer according to the sector size in the volume decryption policy, and the volume decryption manager instructs the decryptor to decrypt the sector data. The sorting module 230 is responsible for receiving transactions containing endorsement signatures, sorting unpacked transactions to generate blocks, and broadcasting the blocks to other nodes. The endorsement node 221 is a dynamic role and is bound with a specific code on the chain, and the influence of the failure of the endorsement node on the network depends on the endorsement policy corresponding to the code on the chain. The submitting node 222 will periodically exchange information with other nodes using point-to-point data distribution based on encryption algorithms.
Specifically, the client side calls a certificate service to register and register through the external SDK interface service layer 210, and after obtaining the CA identity card, initiates a transaction proposal to the block chain subsystem 20 through the external SDK interface service layer 210, where the transaction proposal includes contract identification, contract method and parameter information, client side signature, and other information to be called in the transaction; after receiving the transaction proposal, the endorsement node 221 firstly verifies the signature and determines whether the submitter is authorized to execute the operation, and simultaneously simulates and executes the intelligent contract according to the endorsement policy, and sends the result and the respective certificate signature thereof back to the client; after receiving the information returned by the endorsement node, the client judges whether the proposal result is consistent and whether the proposal result is executed by referring to the specified endorsement strategy; if there is not enough endorsements, then the process is aborted; if the proposal result is always and sufficiently endorsed, the client packs the data together to form a transaction and signs, and sends the transaction to the ordering module 230; the sorting module 230 performs consensus sorting on the received transactions, then packs a batch of transactions together according to a block generation strategy to generate a new block, and sends the new block to the submitting node 222; after receiving the new block, the commit node 222 checks each transaction in the new block, checks whether the input/output dependent on the transaction matches the state of the current blockchain, adds the new block to the local blockchain after completion, and modifies the time state.
Further optionally, the block chain subsystem 20 further includes a public key encryption algorithm library, where the public key encryption algorithm library includes a hash algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm, and is used to encrypt the root key and the sub-key, and is used to ensure confidentiality, integrity, and resistance to denial of data.
As an alternative implementation manner of the embodiment of the present invention, fig. 4 shows a structure diagram of a personal information protection infrastructure subsystem in the embodiment of the present invention. As shown in fig. 4, the personal-information protection infrastructure subsystem 30 includes a personal-information encryption module 310, a personal-information ciphertext database 320, and a personal-information transformation module 330; wherein the content of the first and second substances,
the personal information protection infrastructure subsystem 30 analyzes the privacy data packet to obtain transaction information and user sub-account information; the personal information encryption module 310 encrypts the private data plaintext in the private data packet to obtain a private data ciphertext, and stores the private data ciphertext in the personal information ciphertext database 320 according to a fixed format; and the personal information conversion module 330 is used for digitally signing the transaction information, packaging the transaction information and the user sub-account information according to a certain format and then sending the packaged transaction information and the user sub-account information to the third-party platform.
The present scheme is a data encryption process of the personal information protection infrastructure subsystem 30. Specifically, the client packs the plain text of the personal privacy information into a privacy information packet according to a fixed format, and sends the privacy information packet to the personal information protection infrastructure system 30; after receiving the private data packet sent by the client, the personal information protection infrastructure system 30 parses the data packet, verifies the validity and integrity of the data, and can invoke the public key token of the block chain subsystem to verify the validity of the user identity. On the premise that the data is valid and complete and the client personal identity is legal, the personal information protection infrastructure system 30 encrypts the private data plaintext through an encryption algorithm by using the personal information encryption module 310 to obtain a private data ciphertext, and stores the private data ciphertext in the personal information ciphertext database 320 according to a fixed format. The database 320 stores the private data cipher text according to a certain format, which is convenient for management requirements such as information tracking of management departments. Further, the personal information conversion module 330 digitally signs the transaction information, packages the transaction information and the personal sub-account information according to a certain format, and sends the packaged transaction information and the personal sub-account information to the third-party platform.
Further optionally, the personal information protection infrastructure subsystem 30 includes a personal information verification module 340; the personal information verification module 340 analyzes the privacy data packet to obtain transaction signature data and user sub-account information; and reads the corresponding sub public key token from the blockchain subsystem 20 according to the user sub account information, verifies the transaction signature data by using the sub public key token, and sends the verification result to the third party platform.
The present solution is a data verification process of the personal information protection infrastructure subsystem 30. The third party platform calls the interface of the personal information verification module 340 of the personal information protection infrastructure subsystem 30 to perform verification according to the received client signature information, and the personal information protection infrastructure system 30 provides verification service by using the personal information verification module 340 and returns the verification result to the third party platform.
Specifically, after receiving the private data packet sent by the third-party platform system, the personal information protection infrastructure system 30 analyzes the private data packet, and verifies the validity and integrity of the data. The personal information verification module 340 analyzes the private data packet to obtain transaction signature data and user sub-account information; and reading the sub public key token corresponding to the sub account of the user from the block chain subsystem 20 according to the sub account information of the user, verifying the transaction signature data by using the sub public key token to obtain a verification result, and returning the verification result to the third-party platform.
As an optional implementation manner of the embodiment of the present invention, fig. 5 shows a structure diagram of a third party platform verification subsystem in the embodiment of the present invention. As shown in fig. 5, the third party platform verification subsystem 40 includes a verification data reception module 410 and a verification data format confirmation module 420; the verification data receiving module 410 receives a verification result from the personal information protection infrastructure subsystem; the verification data format confirmation module 420 performs format authentication on the verification information to confirm the integrity and validity of the data.
Specifically, the verification data receiving module 410 of the third party platform verification subsystem 40 receives the user transaction verification result from the personal information protection infrastructure subsystem 30 in real time; the verification data format confirmation module 420 performs format authentication on the user transaction verification result received from the personal information protection infrastructure subsystem 30 in real time, and confirms the integrity and validity of the data.
Further optionally, the third party platform verification subsystem 40 further includes an interactive verification interface layer 430; the interactive verification interface layer 430 reads the sub public key token from the blockchain subsystem 20, and performs self-verification on the transaction signature data by using the sub public key token to obtain a self-verification result.
Specifically, the sub public key token may be read from the blockchain subsystem 20 to perform verification of the transaction signature data, and the sub verification result is directly obtained, so that verification by the personal information protection infrastructure subsystem 30 is not required.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
In the context of the present invention, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing description is only exemplary of the preferred embodiments of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other combinations of features described above or equivalents thereof without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Also, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the invention. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (10)

1. A system for block chain based personal information protection, the system comprising: the system comprises a client key management and use subsystem, a block chain subsystem, a personal information protection infrastructure subsystem and a third-party platform verification subsystem; wherein the content of the first and second substances,
the client key management and use subsystem is used for generating a root key and a sub key for a client and storing the root key and the sub key in the block chain subsystem;
the block chain subsystem is used for receiving a transaction proposal initiated by the client, generating a new block after sufficient endorsements are collected, and updating a local block chain based on the new block;
the personal information protection infrastructure subsystem is used for verifying the privacy data packet sent by the client, encrypting and storing the privacy data packet, packaging the transaction signature data and the user sub-account information obtained by analyzing the privacy data packet according to a certain format and sending the packaged transaction signature data and the user sub-account information to a third-party platform; verifying the transaction signature data based on the user sub-account information and the corresponding sub-key read from the blockchain subsystem, and sending a verification result to the third-party platform;
and the third-party platform verification subsystem is used for reading the corresponding sub-secret key from the block chain subsystem according to the user sub-account information, performing self-verification on the transaction signature data to obtain a self-verification result, and returning the self-verification result to the third-party platform.
2. The system of claim 1, wherein the client key management and usage subsystem comprises a root key management device and a child key distributor; wherein the content of the first and second substances,
the root key management device is used for generating the root key and the corresponding mnemonic words according to the relevant specifications of the block chain industry;
and the sub-key disperser is used for reading a service number configuration strategy in the personal information protection infrastructure subsystem, using a service number as a sub-key dispersion factor, calling a related calculation function and dispersing the root key by using the sub-key dispersion factor to obtain the sub-keys corresponding to each service.
3. The system of claim 2, wherein the client key management and usage subsystem further comprises a blockchain wallet and address generator, a user public key token generation device, a data signature device, and a user data uplink service module; wherein, the first and the second end of the pipe are connected with each other,
the block chain wallet and address generator is used for calculating the root key and the sub-keys to generate a root wallet address and sub-wallet addresses corresponding to the businesses;
the data signing device is used for signing the related service data by using a private key according to the difference of different services corresponding to the sub-key;
the user public key token generating device is used for generating a root public key token and a sub public key token corresponding to each service;
and the user data uplink service module is used for pairing and packaging the root public key token and the corresponding wallet address, the sub public key token corresponding to each service and the corresponding sub wallet address, and storing the packaged data packet into the block chain subsystem.
4. The system of claim 1, wherein the blockchain subsystem comprises an outbound SDK interface service layer, node modules, and a ranking module, the node modules comprising an endorsement node and a commit node; wherein the content of the first and second substances,
the external SDK interface service layer is used for receiving a transaction proposal initiated by the client and sending the transaction proposal to the endorsement node;
the endorsement node is used for simulating and executing an intelligent contract according to an endorsement strategy after receiving the transaction proposal, and returning a result and respective certificate signatures thereof to the client;
the sequencing module is used for carrying out consensus sequencing on the received transactions packaged by the client, generating the new block according to a block generation strategy and sending the new block to the submitting node;
and the submitting node is used for verifying each transaction in the new block, checking whether the input and output which are depended by the transaction meet the state of the current block chain or not, and adding the new block into the local block chain after the check is finished.
5. The system of claim 1, wherein the blockchain subsystem comprises a public key encryption algorithm library, the public key encryption algorithm library comprising a hash algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm for encrypting the root key and the subkeys.
6. The system of claim 1, wherein the personal information protection infrastructure subsystem comprises a personal information encryption module, a personal information ciphertext database, and a personal information transformation module; wherein the content of the first and second substances,
the personal information protection infrastructure subsystem is used for analyzing the privacy data packet to obtain transaction information and user sub-account information;
the personal information encryption module is used for encrypting the privacy data plaintext in the privacy data packet to obtain a privacy data ciphertext and storing the privacy data ciphertext in the personal information ciphertext database according to a fixed format;
and the personal information conversion module is used for digitally signing the transaction information, packaging the transaction information and the user sub-account information according to a certain format and then sending the packaged transaction information and the user sub-account information to the third-party platform.
7. The system of claim 6, wherein the personal information protection infrastructure subsystem comprises a personal information verification module;
the personal information verification module is used for analyzing the privacy data packet to obtain transaction signature data and user sub-account information; and reading a corresponding sub public key token from the block chain subsystem according to the user sub account information, verifying the transaction signature data by using the sub public key token, and sending a verification result to the third party platform.
8. The system of claim 1, wherein the third party platform verification subsystem comprises a verification data reception module and a verification data format validation module;
the verification data receiving module is used for receiving the verification result from the personal information protection infrastructure subsystem;
and the verification data format confirmation module is used for carrying out format authentication on the verification information and confirming the integrity and the validity of the data.
9. The system of claim 8, wherein the third party platform validation subsystem further comprises an interactive validation interface layer;
and the interactive verification interface layer is used for reading the sub public key token from the block chain subsystem and performing self-verification on the transaction signature data by using the sub public key token to obtain a self-verification result.
10. The system of claim 1, the personal information protection infrastructure subsystem comprising a police infrastructure service layer and a telecommunications infrastructure service layer; wherein the content of the first and second substances,
the public security basic information service layer is used for providing basic public security authority authentication information;
the telecommunication basic information service layer is used for providing basic telecommunication authority information and telecommunication function service.
CN202211341999.7A 2022-10-31 2022-10-31 Personal information protection system based on block chain Active CN115409511B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211341999.7A CN115409511B (en) 2022-10-31 2022-10-31 Personal information protection system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211341999.7A CN115409511B (en) 2022-10-31 2022-10-31 Personal information protection system based on block chain

Publications (2)

Publication Number Publication Date
CN115409511A true CN115409511A (en) 2022-11-29
CN115409511B CN115409511B (en) 2023-02-10

Family

ID=84168750

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211341999.7A Active CN115409511B (en) 2022-10-31 2022-10-31 Personal information protection system based on block chain

Country Status (1)

Country Link
CN (1) CN115409511B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116383844A (en) * 2023-03-31 2023-07-04 深圳市博通智能技术有限公司 Automatic comprehensive management analysis system, method, medium and equipment based on big data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain
CN113222601A (en) * 2021-05-19 2021-08-06 湖北工业大学 System and method for permitting block chain anonymous transaction endorsement
WO2022036909A1 (en) * 2020-08-21 2022-02-24 中诚区块链研究院(南京)有限公司 High security transaction block system
CN114549194A (en) * 2021-12-30 2022-05-27 北京天成通链科技有限公司 Right asset management service platform based on block chain and implementation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain
WO2022036909A1 (en) * 2020-08-21 2022-02-24 中诚区块链研究院(南京)有限公司 High security transaction block system
CN113222601A (en) * 2021-05-19 2021-08-06 湖北工业大学 System and method for permitting block chain anonymous transaction endorsement
CN114549194A (en) * 2021-12-30 2022-05-27 北京天成通链科技有限公司 Right asset management service platform based on block chain and implementation method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴进喜等: "基于区块链的多方隐私保护公平合同签署协议", 《信息安全学报》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116383844A (en) * 2023-03-31 2023-07-04 深圳市博通智能技术有限公司 Automatic comprehensive management analysis system, method, medium and equipment based on big data
CN116383844B (en) * 2023-03-31 2024-02-09 深圳市博通智能技术有限公司 Automatic comprehensive management analysis system, method, medium and equipment based on big data

Also Published As

Publication number Publication date
CN115409511B (en) 2023-02-10

Similar Documents

Publication Publication Date Title
CN110602138B (en) Data processing method and device for block chain network, electronic equipment and storage medium
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
CN109598616B (en) Method for protecting privacy of blockchain data by introducing arbitration mechanism
CN111970129B (en) Data processing method and device based on block chain and readable storage medium
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN100512201C (en) Method for dealing inserted-requested message of business in groups
CN110336833A (en) Image content common recognition method, server based on block chain
CN111444273B (en) Data authorization method and device based on block chain
US20080263645A1 (en) Privacy identifier remediation
CN112733178B (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
CN110149323B (en) Processing device with ten-million-level TPS (platform secure protocol) contract processing capacity
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN112560072B (en) Key management method, device, medium and equipment based on block chain
CN111460457A (en) Real estate property registration supervision method, device, electronic equipment and storage medium
CN111639952A (en) Returned goods checking method, returned goods checking system, returned goods checking server and returned goods checking terminal based on block chain
CN113486122A (en) Data sharing method and electronic equipment
CN111314066B (en) Block chain-based data transfer method, terminal and computer-readable storage medium
CN115409511B (en) Personal information protection system based on block chain
CN114866323A (en) User-controllable private data authorization sharing system and method
CN107566393A (en) A kind of dynamic rights checking system and method based on trust certificate
CN110602218B (en) Method and related device for assembling cloud service in user-defined manner
CN111553686A (en) Data processing method and device, computer equipment and storage medium
CN111464298A (en) Data processing method and device in block chain and block chain network
CN114978698B (en) Network access method, target terminal, credential management network element and verification network element

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant