CN115603917A - Data sharing method, system, device and storage medium based on block chain - Google Patents

Data sharing method, system, device and storage medium based on block chain Download PDF

Info

Publication number
CN115603917A
CN115603917A CN202211262658.0A CN202211262658A CN115603917A CN 115603917 A CN115603917 A CN 115603917A CN 202211262658 A CN202211262658 A CN 202211262658A CN 115603917 A CN115603917 A CN 115603917A
Authority
CN
China
Prior art keywords
user
data
user data
string
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211262658.0A
Other languages
Chinese (zh)
Inventor
陈宏鸿
周磊
肇熙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Digital China Fangyuan Technology Co ltd
Original Assignee
Beijing Digital China Fangyuan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Digital China Fangyuan Technology Co ltd filed Critical Beijing Digital China Fangyuan Technology Co ltd
Priority to CN202211262658.0A priority Critical patent/CN115603917A/en
Publication of CN115603917A publication Critical patent/CN115603917A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data sharing method, a system, equipment and a storage medium based on a block chain, wherein the method comprises the following steps: receiving a first public key in a public and private key pair generated by a user, and creating a unique user identification code based on the first public key; acquiring user data authorized by the user through the user unique identification code, encrypting and signing the user data, and uploading the user data to a block chain; receiving a user data authority application of an application mechanism, and sending the user data authority application to the user for authorization; wherein the user-generated authorization information is received when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user data. Through the processing scheme disclosed by the invention, while the safety and the authenticity of the user data are ensured, the repeated verification process is reduced, and the data sharing efficiency is improved.

Description

Data sharing method, system, device and storage medium based on block chain
Technical Field
The present invention relates to the field of block chain data sharing technologies, and in particular, to a data sharing method, system, device and storage medium based on a block chain.
Background
At present, when a user performs operations such as real-name registration and account opening in different organizations, a large amount of personal information and a large amount of certification materials are often required to be filled in each time. Meanwhile, each organization also needs to check the information and data submitted by the user to ensure the authenticity of the information and the data, so that the whole processes of real-name registration, account opening and the like are complex, the workload is large, and the data is difficult to be multiplexed because the safety and the authenticity of the data in the data sharing process are difficult to ensure.
Although the above data transmission method can ensure the integrity and accuracy of the data submitted by the user to a certain extent, in practical use, it is found that there are some disadvantages in the structure, and the disadvantages can be summarized as follows because the best use effect cannot be achieved:
1) The operation is complicated. When a user performs operations such as real-name registration and account opening, a large amount of personal information and a large amount of certification materials need to be filled in each time, so that the operation is inconvenient and very complicated.
2) The user needs to prepare a large amount of materials, but the lack of key materials can cause failure in real-name registration or account opening, and multiple material submissions or additions are needed.
3) The information verification workload is large. The organization needs to check the information and data submitted by the user, and the workload is large.
4) Long process and poor timeliness. Because the data submitted by the user needs to be checked, manual checking is needed in many times, the whole business process is long, and the timeliness is poor.
5) It is difficult to reuse the user information that has been registered and verified in other organizations.
6) In the traditional data multiplexing process, the safety and the authenticity of data are difficult to ensure, and the data which is often synchronized can only be used as reference, and verification is still needed.
7) In the traditional data multiplexing process, a user authorization process is lacked or user authorization is available, but the authenticity of user authorization operation cannot be guaranteed, so that the risk of legal dispute is caused.
Therefore, it is obvious that the above-mentioned conventional data transmission method still has inconvenience and defects in use, and further improvement is needed. How to create a new real and secure data sharing method becomes an object of great improvement in the current industry.
Disclosure of Invention
In view of the above, embodiments of the present disclosure provide a data sharing method based on a block chain, which at least partially solves the problems in the prior art.
In a first aspect, an embodiment of the present disclosure provides a data sharing method based on a block chain, including the following steps:
receiving a first public key in a public and private key pair generated by a user, and creating a unique user identification code based on the first public key;
acquiring user data authorized by the user through the unique user identification code, encrypting and signing the user data, and uploading the encrypted and signed user data to a block chain;
receiving a user data authority application of an application mechanism, and sending the user data authority application to the user for authorization;
receiving authorization information generated by the user when the user agrees to authorization;
when the user refuses authorization, the application mechanism can not obtain the user data.
According to a specific implementation manner of the embodiment of the present disclosure, the user data includes at least one of user information and attachment information, where the attachment information includes at least one of a picture, an image, and a file; the user information comprises at least one item of a unique user identification code, a name, an identification card number and a mobile phone number.
According to a specific implementation manner of the embodiment of the present disclosure, the receiving a first public key in a public-private key pair generated by a user, and creating a user unique identification code based on the first public key further includes the following steps:
and carrying out data uplink on the user unique identification code and the user information, and sending the user unique identification code to the user.
According to a specific implementation manner of the embodiment of the present disclosure, the encrypting and signing the user data and uploading the user data to the block chain includes the following steps:
verifying the user data;
carrying out structured assembly on the user data with the true verification result, and signing the user data subjected to structured assembly by using a second private key to obtain a signature string;
assembling the user data, the signature string and the first unique identification code according to a preset standard to obtain uplink data;
generating a first random key based on a symmetric algorithm, and encrypting the uplink data by using the first random key to obtain an uplink data ciphertext;
assembling the cochain data ciphertext according to a preset format to obtain a ciphertext string in the preset format;
chaining the ciphertext strings in the preset format, and completing data chaining;
encrypting the first random key through a first public key to obtain a first random key ciphertext, and assembling the first unique identification code and the first random key ciphertext to generate a first check string;
and encrypting the first random key through a second public key to obtain a second random key ciphertext, and assembling the first unique identification code and the second random key ciphertext to generate a second check string.
According to a specific implementation manner of the embodiment of the present disclosure, when the user data includes the attachment information, the encrypting and signing the user data and uploading the user data to the block chain further includes the following steps:
uploading the attachment information to a file server through a file transfer service;
receiving a file summary string, signing the file summary string by using a second private key to obtain a file signature string, generating a unique file number by the file transmission service according to the received attachment information, and calculating the attachment information by using a summary algorithm to obtain a file summary string;
receiving the unique file number, the file signature string and a second random key, completing uploading of the accessory information, generating the second random key by the file transmission service based on a symmetric algorithm, and encrypting and storing the accessory information based on the second random key to obtain a file ciphertext;
assembling the unique file number, the file signature string, and a second random key into the user data.
According to a specific implementation manner of the embodiment of the present disclosure, when the user data with the authenticity verification result contains more than 1 type of data, the user data is encrypted and signed respectively by the above method according to the type of the user data, and then uploaded to a block chain; the type of the user data is pre-classification of the user data by the user.
According to a specific implementation manner of the embodiment of the present disclosure, the receiving the authorization information generated by the user when the user agrees to authorization includes the following steps:
receiving a first query string application sent by the user, wherein the first query string application comprises: the unique identification code of the user and the type of the data of the application user;
applying for inquiring the first checking string according to the inquiring first checking string, and sending the first checking string to the user;
receiving the authorization information generated by the user, and finishing user authorization, wherein the user generates the authorization information and comprises the following steps:
the user obtains a first random key ciphertext from the first check string, and decrypts the first random key ciphertext by using a first private key in a public and private key pair generated by the user to obtain a first random key;
the user encrypts the first random key through a third public key of the application mechanism to obtain a third random key ciphertext;
and generating authorization information according to the unique identification code of the application mechanism and the third random key ciphertext, wherein the authorization information is the check string of the application mechanism.
According to a specific implementation manner of the embodiment of the disclosure, the method further includes, at a preset time, obtaining a ciphertext string in a preset format on the user chain from the block chain through the unique user identification code and the type of user data applied by an application organization;
the method further comprises the following steps:
receiving a user data application sent by the application mechanism, and acquiring the ciphertext string in the preset format on the user chain according to a user unique identification code and the type of applied user data contained in the user data application;
the application mechanism checks the signature of the ciphertext string in the preset format and acquires the uplink data ciphertext from the ciphertext string in the preset format, the signature checking result of which is successful in signature checking;
the application mechanism decrypts the uplink data cipher text through a first random key in the authorization information to obtain the uplink data;
the application organization acquires the user data, the signature string and the first unique identification code from the uplink data;
and the application mechanism checks the signature of the signature string, wherein when the signature is checked successfully, the user data is successfully acquired.
According to a specific implementation manner of the embodiment of the present disclosure, when the user data includes accessory information, the applying authority acquires the user data, the signature string, and the first unique identification code from the uplink data, and the method further includes the following steps:
receiving the unique file number sent by the application mechanism, and sending the file ciphertext corresponding to the unique file number to the application mechanism, wherein the application mechanism further comprises the following steps after receiving the file ciphertext:
the application mechanism obtains the unique file number, the file signature string and a second random key from the user data, and decrypts the file ciphertext by using the second random key to obtain the accessory information;
and the application mechanism uses the second public key to check the signature of the file signature string and the attachment information, and when the signature passes, the file is successfully obtained.
In a second aspect, an embodiment of the present disclosure provides a data sharing system based on a block chain, where the system includes:
the identification code creating module is configured to receive a first public key in a public and private key pair generated by a user and create a user unique identification code based on the first public key;
an uplink module configured to acquire user data authorized by the user through the user unique identifier, encrypt and sign the user data, and upload the encrypted user data to a block chain;
the authority application module is configured to receive a user data authority application of an application mechanism and send the user data authority application to the user for authorization; and receiving authorization information generated by the user when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user information.
According to a specific implementation manner of the embodiment of the present disclosure, the system further includes: a plausibility module configured to perform a plausibility check on the user data.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor, which when executed by the at least one processor, cause the at least one processor to perform the method for blockchain-based data sharing of any one of the preceding first aspect or any implementation of the first aspect.
In a fourth aspect, the disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions, which, when executed by at least one processor, cause the at least one processor to perform the method for blockchain-based data sharing in the foregoing first aspect or any implementation manner of the first aspect.
In a fifth aspect, the present disclosure also provides a computer program product including a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions that, when executed by a computer, cause the computer to perform the method for sharing data based on a blockchain in the foregoing first aspect or any implementation manner of the first aspect.
According to the data sharing method based on the block chain in the embodiment of the disclosure, by improving the security of user data sharing and the authenticity of user data, potential safety hazards caused by data leakage are reduced, repeated verification processes performed for ensuring the authenticity of data are reduced, and the data sharing efficiency is improved.
Drawings
The foregoing is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood, the present invention is further described in detail below with reference to the accompanying drawings and the detailed description.
Fig. 1 is a schematic flowchart of a data sharing method based on a block chain according to an embodiment of the present disclosure;
fig. 2 is a block flow diagram of a data sharing method based on a block chain according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a data sharing system based on a block chain according to an embodiment of the present disclosure; and
fig. 4 is a schematic view of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure of the present disclosure. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the invention provides a data sharing method based on a block chain. When trusted data on the chain needs to be shared to a third-party mechanism, the third-party mechanism obtains the authority through applying for the data, and after the authorization of the user, the third party can obtain the user data from the block chain and decrypt the user data according to the authorization information of the user, so that the secure sharing of the trusted data is realized.
Fig. 1 is a schematic diagram of a block chain-based data sharing method flow 100 according to an embodiment of the present disclosure.
Fig. 2 is a block diagram of a block chain-based data sharing method corresponding to fig. 1.
As shown in fig. 1, at step S110, a first public key of a user-generated public-private key pair is received, and a user unique identification code is created based on the first public key.
Before the user (or called user A) uses the data sharing method of the invention, the user needs to apply for the unique user identification code of the user by calling the trusted data sharing service (or called block chain).
Preferably, the user unique identification code uses a distributed Digital Identity (DID), but in the embodiment of the present invention, the user unique identification code may also be replaced with other numbers representing a unique client Identity in a service scope, such as an Identity card number, a client number, and the like, which is not limited herein.
More specifically, a user locally generates a public and private key pair a of an asymmetric algorithm through an electronic device such as a computer, a mobile phone APP, or a tool provided by other means, where the public and private key pair a includes a public key a (or first public key) and a private key a (or first private key) (hereinafter, the mobile phone APP is taken as an example, and other device methods are similar).
In the embodiment of the present invention, all the technical points using the asymmetric algorithm in the technical solution of the present invention may be replaced by other asymmetric encryption algorithms, for example, asymmetric algorithms such as SM2, RSA, ECC, ECDSA, etc., but this does not limit the present invention.
The user uploads the generated public key A to the trusted data sharing server through the mobile phone APP for DID application, and meanwhile, the private key A is kept properly.
In the embodiment of the present invention, the user may select to use various media such as a hardware device, an encrypted file, a two-dimensional code, and the like to store the private key a, or to host the private key a through a secure and trusted hosting service, which does not limit the present invention.
After receiving a public key A and a DID request of a user, the trusted data sharing server performs multiple hash operations on the public key A to obtain a DID string DID A DID (direct digital imaging) A And associated user information for data uplink and DID A And returning to the APP terminal of the user mobile phone, and finishing DID application of the user.
In the embodiment of the present invention, the user information may include a user unique identification code, a user name, an identification number, and a mobile phone number, which, however, does not limit the present invention.
It next goes to step S120.
At step S120, user data authorized by the user through the user unique identification code is obtained, and the user data is encrypted and signed and then uploaded to the blockchain.
In the data chaining process, after a chaining mechanism to which a user belongs obtains user authorization, user data are obtained, after the user data are verified, the user data with the verified results being true are respectively encrypted and signed according to the data types, and then the user data are subjected to chaining, and a data checking string is generated and stored in a trusted data sharing server.
In the embodiment of the present invention, the type of the user data is a pre-classification performed by the user before authorizing the user data to the uplink mechanism, for example: the types of user data may be basic data, revenue data, tax data, and other custom data types, and are not intended to limit the scope of the present invention. When the user data contains more than 1 type of data, the uplink operation is respectively performed according to the type of the user data by the method for uploading the user data to the block chain.
In the embodiment of the invention, the user data comprises at least one item of user information and accessory information, wherein the accessory information comprises at least one item of pictures, videos and files; the user information comprises at least one item of a unique user identification code, a name, an identification card number and a mobile phone number.
More specifically, the method for uploading user data to a block chain after encrypting and signing the user data comprises the following steps:
1. before performing user DATA uplink, the uplink mechanism B acquires user DATA DATA from the user A A And an uplink grant.
Wherein when the user DATA DATA A When the file contains the attachment information such as pictures, images and files, the attachment information needs to be uploaded firstly, and the uploading of the attachment information comprises the following steps:
(1) And the uplink mechanism B calls a file transmission service in the trusted data sharing service and uploads the attachment information file to the file server.
(2) After the file transmission service receives the attachment information file, a unique file ID is generated according to the attachment information file F (or called as unique file number), and using abstract algorithm to calculate the whole attachment information file to obtain file abstract string, then using private key B (or called as second private key) of chain linking mechanism B to SIGN the file abstract string to obtain file signature string SIGN F
In the embodiment of the present invention, all the technical points using the digest algorithm in the technical solution of the present invention may be replaced by other digest algorithms, for example, MD series, SHA series, hash, MAC, etc., but are not limited to the present invention.
In the embodiment of the present invention, all the technical points using digital signatures in the technical solution of the present invention may be replaced by other digital signature algorithms, such as DSA, etc., but do not limit the present invention.
(3) Generation of random symmetric key RK by file transfer service F (or second random key) using a random symmetric key RK F And encrypting and storing the attachment information file.
(4) File ID transfer service F The document signature string SIGN F Random symmetric key RK F And (5) after the file information is returned to the chain winding mechanism B, the file is uploaded.
2. UpPCHPOS B prepares the user DATA DATA for UpPCHPOS A Structured packing is carried out when the user DATA DATA A When the file contains the attachment information file, the file ID obtained after uploading the attachment information file F The file signature string SIGN F Random symmetric key RK F Assembling the file information into the user DATA DATA A In the file field of (2).
3. Pairing user DATA DATA with private key B of uplink mechanism A Signing to obtain a signature string SIGN A
4. DATA of the user A Signature string SIGN A DID of winding mechanism B B (or called first unique identification code) and the like are assembled according to the W3C data format standard to obtain uplink data DOC A Here, DID of the winding mechanism B B The application process is similar to the process of the user a applying for the DID, and is not repeated.
Preferably, the uplink data of the present invention is assembled according to the W3C data standard, but in the embodiment of the present invention, the data can be structurally assembled by other standards including a custom standard.
5. Generating a random key RK A (or first random key) using a random key RK A Pairing uplink data DOC by a symmetric algorithm A Encrypting to obtain CIP data ciphertext A
In the embodiment of the present invention, all the technical points using the symmetric algorithm in the technical solution of the present invention may be replaced by other symmetric encryption algorithms, such as SM1, SM4, AES256, DES, 3DES, AES128, and the like, but do not limit the present invention.
6. CIP for cochain data cipher A Assembling according to PKCS #7 format to obtain PKCS7 A A string. The signature, certificate and other information needed to be used in the assembly process are all processed by using the certificate chain of the uplink organization B.
Preferably, the uplink data cipher text of the present invention is assembled in PKCS #7 format, but in the embodiment of the present invention, it can also be assembled in other standards including custom standards.
7. The assembled PKCS7 A And completing uplink, namely completing data uplink.
8. Using asymmetric algorithms, random key RK is paired with public key B A Encrypting to obtain random cipher key ciphertext CIPB RKA . DID of mechanism B to be linked B And random key ciphertext CIPB RKA Generating an assembly-generated check string CK B (or called the second check string) and saved to the trusted data sharing service.
9. Using asymmetric algorithms, random key RK is paired with public key A A Encrypting to obtain random cipher key ciphertext CIPA RKA . DID of user A A And random key ciphertext CIPA RKA Generating an assembly-generated check string CK A (or first check string) and saved to the trusted data sharing service.
In the embodiment of the present invention, all the technical points using the symmetric algorithm in the technical solution of the present invention may be replaced by other symmetric encryption algorithms, such as SM1, SM4, AES256, DES, 3DES, AES128, and the like, but do not limit the present invention.
It next goes to step S130.
In step S130, a user data authority application of an application organization is received, and the user data authority application is sent to the user for authorization.
When the data needs to be shared to other mechanisms, the application mechanism calls the trusted data sharing service to apply for the data acquisition permission. The trusted data sharing service acquires the user unique identification code and the target user data type in the user data permission application, and notifies the corresponding user mobile phone APP terminal to request the user to authorize.
More specifically, for example: when the application organization C needs to acquire the user DATA DATA of the user A A When the tax information is contained in the tax information, the application organization C calls the credible data security sharing service through the business application,DID to upload user A A And the target data type is information such as tax information, and the like, and the trusted data sharing service informs the user A mobile phone APP terminal of the authorization application to request the user to authorize.
It next goes to step S140.
At step S140, wherein the user-generated authorization information is received when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user information.
And when the user refuses authorization, the application mechanism fails to acquire the user information authorization, and the application mechanism cannot acquire the user information.
And when the user agrees to the authorization, generating a data check string used for decrypting the user data of the corresponding application type by the application mechanism, and uploading the data check string to the trusted data sharing service.
More specifically, when the user a agrees to the authorization, the APP of the user handset queries the trusted data sharing service for the check string (or called the first check string) of the user a, and the trusted data sharing service queries the trusted data sharing service according to the DID of the user a A And applying for the target user data type of organization C to inquire the first check string CK A And the first check string CK is used A And returning the data to the APP end of the mobile phone of the user.
Further, the APP terminal of the user mobile phone checks the CK string A In-process acquisition to random key cipher text CIPA RKA Using an asymmetric algorithm, cipher text CIPA of random key is encrypted by private key A RKA Decrypting to obtain a random key RK A
Then, the APP end of the user mobile phone uses an asymmetric algorithm to pair the random key RK through the public key C (or called third public key) of the application organization C A Encrypting to obtain random cipher key ciphertext CIPC RKA-C (or third random key ciphertext). Will apply for DID of organization C C And random key ciphertext CIPC RKA-C Checking string CK of assembly generation application mechanism C C Here, the DID of institution C is applied C The application process is similar to the process of the user a applying for DID, and is not described again.
The APP terminal of the user mobile phone authorizes the check string CK C And uploading to a trusted data sharing service, and completing user authorization.
The application organization C calls the credible data security sharing service to inquire the authorization information through the service application to obtain the check string CK authorized by the user A C And through DID of user A A PKCS7 for obtaining encrypted user data from block chain (trusted data sharing service) together with target data type A And using the data check string CK C The secret key in (2) is decrypted, and the trusted data is safely shared.
More specifically, using a data check string CK C The decrypting of the key in (1) comprises the following steps:
1. by checking the string CK C In-process acquisition to random key ciphertext (CIPC) RKA-C Using an asymmetric algorithm, cipher-text CIPC of random key is encrypted by private key C RKA-C Decrypting to obtain a random key RK A
2. Application institution C based on user DID A And the user A authorizes the data type to obtain the data PKCS7 on the chain from the block chain A And by means of a random key RK A PKCS7 for data on chain A Decrypt it and PKCS7 the data A And verifying the signature, the certificate and the like to ensure the authenticity and credibility of the data.
In the embodiment of the invention, the application organization C applies according to the DID of the user A And user A authorizes the data type to obtain the data PKCS7 on the chain from the block chain A The steps may be at any stage after user authorization.
3. From PKCS7 A In-process acquisition cochain data cipher CIP A And using a symmetric algorithm with a random key RK A For cochain data cipher text CIP A Decrypting to obtain upper chain data DOC A And counting DOC from the upper chain A Where user DATA DATA is acquired A Signature string SIGN A DID of winding mechanism B B And so on.
4. For signature string SIGN A Checking the signature and calling DOC by selection A In the signature service of the signature DATA address provided in or locally using the public key B to the user DATA DATA A Carry out the inspection and sign。
5. The signature verification is successful, namely the trusted user DATA DATA is successfully acquired A And the trusted data sharing is completed.
Wherein when the user DATA DATA A If the file contains the attachment information file, the attachment information file needs to be acquired according to the following steps:
(1) From user DATA DATA A In obtaining the file ID F The file signature string SIGN F Random symmetric key RK F And so on.
(2) File transfer service invoking trusted data secure sharing service, uploading file ID F And downloading the file ciphertext.
(3) Using a symmetric algorithm with a random symmetric key RK F And decrypting the file ciphertext to obtain the file original text.
(4) Signature string SIGN for file using chaining mechanism as public key B F And checking the label of the file original text, wherein the label is checked to be passed, and the file is successfully acquired.
The data sharing operation of the data sharing method based on the block chain can be completed on line in real time, the user registration data can be shared, the user does not need to repeatedly prepare data, the data sharing can be completed only by few operations such as authorization and the like when the user performs new operations such as real-name registration, account opening and the like, and the data sharing method is convenient, efficient and good in user experience; and the invention checks, verifies and signs the shared data through the uplink mechanism, thus ensuring the authenticity and safety of the user data, all data sharing needs user authorization, and a user private key is needed in the authorization process, thus ensuring the authenticity of authorization operation, all authorization operations can be inquired, effectively ensuring the safety of user information, and simultaneously avoiding the risk of legal dispute. The data sharing method based on the block chain realizes the multiplexing of user data among different mechanisms and improves the use efficiency of the data.
Fig. 3 shows a block chain-based data sharing system 300 provided by the present invention, which includes an identifier code creation module 310, an uplink module 320, and an authority application module 330.
Identification code creation module 310 is configured to receive a first public key of a user-generated public-private key pair and create a user-unique identification code based on the first public key.
The uplink module 320 is configured to acquire user data authorized by the user through the user unique identifier, encrypt and sign the user data, and upload the encrypted user data to the blockchain.
The authority application module 330 is configured to receive a user data authority application from an application authority, and send the user data authority application to the user for authorization; and receiving authorization information generated by the user when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user information.
In the embodiment of the present invention, the block chain based data sharing system 300 further includes a verification module 340, configured to verify the user data.
Referring to fig. 4, an embodiment of the present disclosure also provides an electronic device 40, including:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method for block chain based data sharing in the above method embodiments.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the method for sharing data based on a blockchain in the foregoing method embodiments.
Embodiments of the present disclosure also provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the method for data sharing based on a blockchain in the foregoing method embodiments.
Referring now to FIG. 4, a block diagram of an electronic device 40 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 4, the electronic device 40 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage means 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 40 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication device 409 may allow the electronic device 40 to communicate wirelessly or by wire with other devices to exchange data. While the figures illustrate an electronic device 40 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or installed from the storage device 408, or installed from the ROM 402. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 401.
It should be noted that the computer readable medium of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may be separate and not incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (13)

1. A method for sharing data based on block chains, the method comprising the steps of:
receiving a first public key in a public and private key pair generated by a user, and creating a unique user identification code based on the first public key;
acquiring user data authorized by the user through the user unique identification code, encrypting and signing the user data, and uploading the user data to a block chain;
receiving a user data authority application of an application mechanism, and sending the user data authority application to the user for authorization;
wherein the user-generated authorization information is received when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user data.
2. The method according to claim 1, wherein the user data comprises at least one of user information and attachment information, wherein the attachment information comprises at least one of pictures, videos and files; the user information comprises at least one of a unique user identification code, a name, an identification card number and a mobile phone number.
3. The blockchain-based data sharing method according to claim 1, wherein the receiving a first public key of a user-generated public-private key pair and creating a user unique identification code based on the first public key, further comprises the steps of:
and carrying out data uplink on the user unique identification code and the user information, and sending the user unique identification code to the user.
4. The method for sharing data based on block chain according to claim 1, wherein the encrypting and signing the user data and uploading the user data to the block chain comprises the following steps:
verifying the user data;
carrying out structured assembly on the user data with the true verification result, and signing the user data subjected to structured assembly by using a second private key to obtain a signature string;
assembling the user data, the signature string and the first unique identification code according to a preset standard to obtain uplink data;
generating a first random key based on a symmetric algorithm, and encrypting the uplink data by using the first random key to obtain an uplink data ciphertext;
assembling the cochain data ciphertext according to a preset format to obtain a ciphertext string in the preset format;
chaining the ciphertext strings in the preset format, and completing data chaining;
encrypting the first random key through a first public key to obtain a first random key ciphertext, and assembling the first unique identification code and the first random key ciphertext to generate a first check string;
and encrypting the first random key through a second public key to obtain a second random key ciphertext, and assembling the first unique identification code and the second random key ciphertext to generate a second check string.
5. The blockchain-based data sharing method according to claim 4, wherein when the user data contains attachment information, the user data is encrypted and signed and then uploaded to a blockchain, further comprising the following steps:
uploading the attachment information to a file server through a file transfer service;
receiving a file summary string, signing the file summary string by using a second private key to obtain a file signature string, generating a unique file number by the file transmission service according to the received attachment information, and calculating the attachment information by using a summary algorithm to obtain a file summary string;
receiving the unique file number, the file signature string and a second random key, completing uploading of the accessory information, generating the second random key by the file transmission service based on a symmetric algorithm, and encrypting and storing the accessory information based on the second random key to obtain a file ciphertext;
assembling the unique file number, the file signature string, and the second random key into the user data.
6. The blockchain-based data sharing method according to claim 4, wherein when the user data with the verification result of true contains more than 1 type of data, the user data is encrypted and signed according to the type of the user data by the method according to claims 4 to 5 and then uploaded to a blockchain; the type of the user data is pre-classification of the user data by the user.
7. The blockchain-based data sharing method according to claim 1, wherein the receiving the user-generated authorization information when the user agrees to authorization comprises the steps of:
receiving a first query string application sent by the user, wherein the first query string application comprises: the unique identification code of the user and the type of the data of the application user;
applying for querying the first checking string according to the query first checking string, and sending the first checking string to the user;
receiving the authorization information generated by the user, and finishing user authorization, wherein the user generates the authorization information and comprises the following steps:
the user obtains a first random key ciphertext from the first ping string, and decrypts the first random key ciphertext by using a first private key in a public and private key pair generated by the user to obtain a first random key;
the user encrypts the first random key through a third public key of the application mechanism to obtain a third random key ciphertext;
and generating authorization information according to the unique identification code of the application mechanism and the third random key ciphertext, wherein the authorization information is a check string of the application mechanism.
8. The method according to claim 7, further comprising, at a preset time, obtaining a ciphertext string in a preset format on the user chain from the blockchain through the unique user identifier and a type of user data applied by an application organization;
the method further comprises the following steps:
receiving a user data application sent by the application mechanism, and acquiring the ciphertext string in the preset format on the user chain according to a user unique identification code and the type of the application user data contained in the user data application;
the application mechanism checks the signature of the ciphertext string in the preset format and acquires the uplink data ciphertext from the ciphertext string in the preset format, the signature checking result of which is successful in signature checking;
the application mechanism decrypts the uplink data ciphertext through a first random key in the authorization information to obtain the uplink data;
the application organization acquires the user data, the signature string and the first unique identification code from the uplink data;
and the application mechanism checks the signature of the signature string, wherein when the signature is checked successfully, the user data is acquired successfully.
9. The method of claim 8, wherein the applying authority obtains the user data, the signature string and the first unique id from the uplink data when the user data includes the attachment information, further comprising the steps of:
receiving the unique file number sent by the application mechanism, and sending the file ciphertext corresponding to the unique file number to the application mechanism, wherein the application mechanism further comprises the following steps after receiving the file ciphertext:
the application mechanism acquires the unique file number, the file signature string and a second random key from the user data, and decrypts the file ciphertext by using the second random key to obtain the accessory information;
and the application mechanism uses the second public key to check the signature of the file signature string and the attachment information, and when the signature passes, the file is successfully obtained.
10. A system for sharing data based on block chains, the system comprising: the identification code creating module is configured to receive a first public key in a public and private key pair generated by a user and create a user unique identification code based on the first public key;
an uplink module configured to acquire user data authorized by the user through the user unique identification code, encrypt and sign the user data, and upload the encrypted user data to a block chain;
the authority application module is configured to receive a user data authority application of an application mechanism and send the user data authority application to the user for authorization; and receiving authorization information generated by the user when the user agrees to authorization; when the user refuses authorization, the application mechanism can not obtain the user data.
11. The blockchain-based data sharing system according to claim 10, further comprising: a plausibility module configured to perform a plausibility check on the user data.
12. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor, which when executed by the at least one processor, cause the at least one processor to perform the blockchain-based data sharing method of any one of claims 1 to 9.
13. A non-transitory computer-readable storage medium storing computer instructions which, when executed by at least one processor, cause the at least one processor to perform the blockchain-based data sharing method of any one of claims 1 to 9.
CN202211262658.0A 2022-10-14 2022-10-14 Data sharing method, system, device and storage medium based on block chain Pending CN115603917A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211262658.0A CN115603917A (en) 2022-10-14 2022-10-14 Data sharing method, system, device and storage medium based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211262658.0A CN115603917A (en) 2022-10-14 2022-10-14 Data sharing method, system, device and storage medium based on block chain

Publications (1)

Publication Number Publication Date
CN115603917A true CN115603917A (en) 2023-01-13

Family

ID=84847492

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211262658.0A Pending CN115603917A (en) 2022-10-14 2022-10-14 Data sharing method, system, device and storage medium based on block chain

Country Status (1)

Country Link
CN (1) CN115603917A (en)

Similar Documents

Publication Publication Date Title
US9742570B2 (en) Securing multimedia content via certificate-issuing cloud service
US20180227131A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN102024127B (en) Control platform, user terminal, distribution system and method of application software
CN113193965B (en) Digital content materialization display system based on NFT
CN111177801B (en) Signature method and device of electronic document, storage medium and electronic equipment
CN112134708A (en) Authorization method, authorization request method and device
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
CN102427442A (en) Combining request-dependent metadata with media content
CN110611657A (en) File stream processing method, device and system based on block chain
CN102281300A (en) digital rights management license distribution method and system, server and terminal
CN108923925B (en) Data storage method and device applied to block chain
CN104869103A (en) Method for searching multimedia file, terminal equipment and server
CN113193961B (en) Digital certificate management method and device
CN115065487B (en) Privacy protection cloud computing method and cloud computing method for protecting financial privacy data
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN111865761B (en) Social chat information evidence storing method based on block chain intelligent contracts
CN111464295B (en) Bank card making method and device
CN111010283B (en) Method and apparatus for generating information
CN110414269B (en) Processing method, related device, storage medium and system of application installation package
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
CN114499893B (en) Bidding file encryption and evidence storage method and system based on block chain
CN110602075A (en) File stream processing method, device and system for encryption access control
US10621319B2 (en) Digital certificate containing multimedia content
CN114301597B (en) Key verification method, device and readable storage medium
CN106257483A (en) The processing method of electronic data, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination