CN115834047A - Continuous trusted data sharing method based on block chain - Google Patents
Continuous trusted data sharing method based on block chain Download PDFInfo
- Publication number
- CN115834047A CN115834047A CN202211409364.6A CN202211409364A CN115834047A CN 115834047 A CN115834047 A CN 115834047A CN 202211409364 A CN202211409364 A CN 202211409364A CN 115834047 A CN115834047 A CN 115834047A
- Authority
- CN
- China
- Prior art keywords
- data
- capsule
- block chain
- key
- owner
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 239000002775 capsule Substances 0.000 claims abstract description 136
- 230000008569 process Effects 0.000 claims abstract description 23
- 238000005516 engineering process Methods 0.000 claims abstract description 21
- 238000012795 verification Methods 0.000 claims abstract description 18
- 238000004806 packaging method and process Methods 0.000 claims abstract description 8
- 230000007246 mechanism Effects 0.000 claims description 5
- 230000008859 change Effects 0.000 abstract description 6
- 238000007726 management method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 4
- 108090000623 proteins and genes Proteins 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a continuous credible data sharing method based on a block chain, the implementation of the data sharing method comprises a user node Client, an alliance block chain, a private block chain control server BCS and a credible certificate authority CA, and the specific implementation process comprises the following steps: step 1: generating a secret key; step 2: data capsule packaging, updating and opening; and 3, step 3: data retrieval; and 4, step 4: sharing data; and 5: the data is continuously credible; step 6: dispute arbitration, the invention uses hash function and encryption technology to encapsulate data and time stamp in the data set of the data capsule, along with the change of data in the data capsule, the change of the session key of the time stamp or the block cipher is matched with the change of the session key and marked, the data continuous credible node uses public key algorithm to distribute the session key of the block cipher and verify the signature, the signature verification key and the encryption public key of the public key are stored in the block chain, so as to verify the integrity commitment and dispute of the data.
Description
Technical Field
The invention relates to the technical field of block chains and data sharing, in particular to a continuous trusted data sharing method based on block chains.
Background
A conventional public key infrastructure originates from the internet, and can implement functions such as generation, management, storage, distribution, revocation and the like of certificates and keys based on an asymmetric cryptosystem, such as trusted identity authentication, key management and the like, and generally, a PKI includes the following core contents: the most standard implementation process of the PKI is that firstly a user registers and applies for a certificate through the RA to provide personal identity and authentication content, secondly the certificate is manufactured and issued to the user after the certificate is approved by the CA, and if the user wants to cancel the certificate, only application operation needs to be sent to the CA again, so that how to realize key management is the core content of the PKI constructed password service system. However, the conventional PKI is central, and has a large difference from the block chain system in the application environment, so that it is difficult to satisfy the application requirements of the block chain.
The block chain is a specific data structure formed by combining data blocks in a chain mode according to a time sequence, and comprises information technologies such as distributed data storage, a consensus mechanism, an intelligent contract, point-to-point transmission, digital signatures, a hash function and the like, a decentralized shared general ledger which is not falsifiable and counterfeitable is guaranteed in a cryptographic mode, data which is structured and has precedence relation and can be verified in a system can be safely stored, and the technology has wide and deep application in the fields of financial service, credit investigation management, ownership management and traceability, resource sharing, logistics and supply chain, internet of things, digital artwork, NFT and the like.
With the development of science and technology, a block chain is combined with the internet of things, big data, artificial intelligence and the like, which is greatly different from a classic Turing operation system and a computer network architecture, and new requirements are generated on continuous credibility and autonomous operation of data.
The traditional data credibility is generally realized by technologies such as digital signature and the like through a CA center, the use range of data is limited by the completely centralized mode, and if the conventional centerless data exchange mode is one-to-one, the sharing performance is low; if it is not one-to-one, it is difficult to achieve trustworthiness of the data, especially if the data and participants change dynamically. The invention can realize a data credible sharing technology which is independent of a classical PKI system and is based on partial or complete decentralization of a block chain.
Chinese patent document CN106789090 proposes a public key infrastructure system based on block chains, i.e. a semi-random combined certificate signature method, and CN 107769925 improves and proposes another public key infrastructure system based on block chains and its certificate management method, but both of these patents map part or all of the conventional PKI onto the block chains, and do not address the continuous credibility of the data content and owner, and are different from the present invention in nature, so how to solve the above-mentioned problems becomes a problem that needs to be solved urgently at present.
Disclosure of Invention
The invention aims to provide a continuous credible data sharing method based on a block chain, which is characterized in that the continuous credible data sharing method is packaged in a specific data structure called a data capsule by using a hash function, an encryption technology and a time stamp, the time stamp or the change of a session key is matched with and marked along with the change of data in the data capsule, a public key algorithm is used by a data continuous credible node for distributing a session password and verifying a signature, and the signature verification key and an encryption public key are stored on the block chain so as to perform verification during integrity commitment and disputence of the data.
In order to achieve the purpose, the invention provides the following technical scheme: a continuous credible data sharing method based on a block chain is characterized in that: the implementation of the data sharing method comprises a user node Client, a federation blockchain and private blockchain control server BCS and a trusted certificate authority CA, and the specific implementation process comprises the following steps: step 1: generating a secret key; step 2: data capsule packaging, updating and opening; and step 3: data retrieval; and 4, step 4: sharing data; and 5: the data is continuously credible; step 6: and (5) arbitration of disputes.
Preferably, step 1: and (2) generating 2 pairs of public keys and private keys based on a public key cryptographic algorithm by a user Client at a local block chain server, wherein the public keys and the private keys are used as an encryption and decryption key and a signature verification key respectively, nodes without public key generation capacity entrust a trusted Certificate Authority (CA) to generate, the nodes are marked as encryption and decryption public and private keys PK and IK respectively, the signature verification public and private keys PSK and ISK are reserved, and the public keys PK and PSK are stored by utilizing an audit application mechanism of the block chain, such as an arbitration protocol and the like to upload the block chain.
Preferably, step 2: and (3) packaging, updating and opening a data capsule, wherein the data capsule is a special data structure designed to ensure the integrity and continuous credibility of data by utilizing a hash function and an optional encryption technology. For non-encrypted data, when an owner of the data needs to share the data, the owner mark + the data + the timestamp are combined into a data packet, the hash value of the data packet is attached together, the data packet is a data capsule, the hash value is signed by a signature private key of the owner and then uploaded to a block chain together with a feature mark for data capsule retrieval, the data capsule selects the block chain to be uploaded or not to be uploaded according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, a continuous data packet is formed, and the non-encrypted data capsule can be directly opened.
For encrypted data, when an owner of the data wants to share the data, the owner mark + the data + the timestamp are combined into a data packet, the data owner generates a key of a symmetric encryption algorithm as a session key, the session key is used for encrypting the data packet, the encrypted data packet becomes a data capsule, the hash values of the capsule are attached together, the hash values of the data capsule and the session key are respectively signed by a signature private key of the data owner and then uploaded to a block chain together with a characteristic mark for retrieval of the data capsule, the data capsule selects the uploading block chain or not according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, the session key can be selected to be updated, and a continuous data capsule is formed.
Preferably, step 3: and when the data needs to be shared, the data receiver searches the data capsule searching characteristic mark on the block chain, judges whether the data capsule is the content required by the data receiver, if the data capsule is determined to be the data required by the data receiver, the non-encrypted data capsule can be directly read, and the encrypted data capsule sends a sharing request to the data owner.
Preferably, step 4: and sharing the data, wherein after the encrypted data capsule owner receives the sharing request, if the sharing is agreed, the public key of the data receiver on the block chain is retrieved, the session key of the corresponding data capsule is encrypted by using the public key and is sent to the data receiver, and then the data receiver can open the data in the data capsule to realize the sharing.
Preferably, step 5: the data is continuously credible, and an encryption public key and a signature verification public key of a data owner are both published on the block chain, so that the secret key cannot be tampered; publishing the hash signature value of the data capsule on a block chain to ensure that the data in the data capsule cannot be tampered; the hash value of the session key is published on the block chain, so that the session key is ensured not to be falsified, the signature in the data capsule contains continuous time stamps, and the sequence of data can be determined when the content of the data capsule is replaced.
Preferably, step 6: and (4) dispute arbitration, wherein when disputes occur, various nodes including control nodes of a alliance chain and a private chain can read data stored on a block chain in the data circulation process, an arbitration algorithm is operated by utilizing the non-tampering characteristic of the block chain, and the trusted arbitration and judicial authentication can be realized under the condition of decrypting or not decrypting the data in the data capsule.
Compared with the prior art, the invention has the beneficial effects that:
(1) The invention provides a continuous credible data sharing technology based on a block chain, which can also be called as a data gene technology, adopts various cryptographic technologies aiming at the block chain technology and application scenes to realize continuous credible and reliable sharing of data, can also be used for automatic data operation based on the block chain, and can realize dispute arbitration.
(2) Meanwhile, the invention forms a strong protection system to resist external attacks by utilizing various optional consensus algorithms such as workload certification on distributed nodes of the block chain and the characteristic that the data of the block chain cannot be falsified and counterfeited, thereby having extremely high safety
The certificate verification mode solves the problems of low efficiency, high management difficulty and the like.
(3) In the process design of trusted data storage of the blockchain, a data and certificate management system which is based on the blockchain and integrates data management and key management is designed by taking the management process of a digital certificate in the traditional PKI system as a reference.
(4) The invention combines the block chain technology, the public key encryption technology, the public key signature technology, the symmetric encryption technology and the session key exchange protocol to realize the credible exchange of the session key under the condition of no center. (5) The invention uses the Hash function technology, combines the technologies of data encryption, time stamp and the like, and realizes the data capsule technology that only an authorized user can write and read data, but an unauthorized user cannot tamper or even read the data.
(6) The invention uses the hash function technology to upload the data capsule hash value and the session key hash value to the block chain, thereby realizing the functions of verifiability and indecomposability of the data and the session key.
(7) The encryption public key and the signature verification public key of the data owner are published on the block chain, so that the data owner has non-tamper property; because the hash value of the data capsule is published on the block chain after being signed, the data in the data capsule has non-tamper property; since the hash value signature of the session key is published on the block chain and has non-tamper-resistance, the owner of the data and the content of the data can be determined to be trusted wherever the data is; when the data in the data capsule is replaced, the signature of the data owner contains continuous time stamps, so that the owner and the content of the data stored on the block chain or under the chain are guaranteed to be continuously and trustable and cannot be tampered.
(8) The owner of the data and the content of the data can be determined to be credible no matter where the data is; the signature within the data capsule contains successive time stamps, ensuring that the data sequence is unambiguous even when the contents of the data capsule are changed.
Drawings
FIG. 1 is a schematic diagram of the flow chart of the operation of the present invention;
FIG. 2 is a system framework diagram of an embodiment of the present invention;
FIG. 3 is a diagram of a data capsule configuration of the present invention;
fig. 4 is a system operation diagram of the present invention.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the invention. In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The specific meanings of the above terms in the present invention can be understood by those of ordinary skill in the art according to specific situations.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
The first embodiment is as follows:
as shown in the figure, a continuous trusted data sharing method based on a block chain is characterized in that: the data sharing method is implemented by a user node Client, a federation blockchain and private Blockchain Control Server (BCS) and a trusted Certificate Authority (CA), and the specific implementation process comprises the following steps: step 1: generating a secret key; step 2: data capsule packaging, updating and opening; and step 3: data retrieval; and 4, step 4: sharing data; and 5: the data is continuously credible; step 6: and (5) arbitration of disputes.
Step 1: the method comprises the steps that a secret key is generated, a user Client generates 2 pairs of public keys and private keys of a public key cryptographic algorithm in a local block chain server, the public keys and the private keys are used as an encryption and decryption secret key and a signature verification secret key respectively, nodes without the public key generation capacity are generated by a trusted Certificate Authority (CA) and are marked as encryption and decryption public and private key pairs PK and IK respectively, the signature verification public and private key pairs are PSK and ISK, the private keys IK and ISK are reserved, and then the public keys PK and PSK are stored by utilizing an auditing application mechanism of a block chain, such as an arbitration protocol and the like to upload the block chain.
Step 2: the data capsule is packaged, updated and opened, for non-encrypted data, when an owner of the data shares the data, the owner mark + the data + the timestamp are combined into a data packet, the data packet is the data capsule, the hash value of the data packet is attached together, the hash value is signed by a signature private key of the owner and then uploaded to a block chain together with a characteristic mark for data capsule retrieval, the data capsule selects the uploading block chain or the non-uploading block chain as required, when the owner of the data updates the data, the process is repeated, the timestamp is changed, a continuous data packet is formed, and the non-encrypted data capsule can be directly opened.
For encrypted data, when an owner of the data needs to share the data, the owner mark + the data + the timestamp are combined into a data packet, the owner of the data generates a key of a symmetric encryption algorithm as a session key, the session key is used for encrypting the data packet, the encrypted data packet becomes a data capsule, hash values of the capsule are attached together, the hash values of the data capsule and the session key are respectively signed by a signature private key of the owner and then uploaded to a block chain together with a characteristic mark for retrieval of the data capsule, the data capsule selects the uploading block chain or not according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, the session key can be selected to be updated, and continuous data packets are formed.
And step 3: and when the data needs to be shared, the data receiver searches the data capsule searching characteristic mark on the block chain, judges whether the data capsule is the content required by the data receiver, if the data capsule is determined to be the data required by the data receiver, the non-encrypted data capsule can be directly read, and the encrypted data capsule sends a sharing request to the data owner.
And 4, step 4: and sharing the data, wherein after the encrypted data capsule owner receives the sharing request, if the sharing is agreed, the public key of the data receiver on the block chain is retrieved, the session key of the corresponding data capsule is encrypted by using the public key and is sent to the data receiver, and then the data receiver can open the data in the data capsule to realize the sharing.
And 5: the data is continuously credible, and an encryption public key and a signature verification public key of a data owner are published on the block chain to ensure that the key cannot be tampered; publishing the hash signature value of the data capsule on a block chain to ensure that the data in the data capsule cannot be tampered; the hash value of the session key is published on the block chain, so that the session key is ensured not to be falsified, the signature in the data capsule contains continuous time stamps, and the sequence of data can be determined when the content of the data capsule is replaced.
And 6: and (4) dispute arbitration, wherein when disputes occur, various nodes including control nodes of a alliance chain or a private chain can read data stored on a block chain in the data circulation process, an arbitration algorithm is operated by utilizing the non-tampering characteristic of the block chain, and the trusted arbitration and judicial authentication can be realized under the condition of decrypting or not decrypting the data in the data capsule.
Example two:
generating a master key; the user Client generates 2 pairs of public key and private key pairs of a public key cryptographic algorithm in the local block chain server, the public key and the private key pairs are used as an encryption and decryption key and a signature verification key respectively, the public key and the private key pairs are not marked as PK and IK of encryption and decryption, the public key and the private key pair of signature verification are PSK, the ISK reserves the private keys IK and the ISK, and a node without public key generation capacity can delegate a trusted certificate authority CA to generate a certificate. The basic architecture of the data gene provided by the invention is operated in a multi-fork chain manner, and one user Client can generate a plurality of public key and private key pairs which are used for participating in different data gene chains.
And uploading the block chain by using the master key, and uploading the public keys PK and PSK by using the uploading block chain mechanism of the block chain, so that all nodes can retrieve the public keys PK and PSK, and the public keys PK and PSK can ensure the identity of the nodes not to be tampered even if the nodes are anonymous.
Data encapsulation, when the owner of the data needs to share the data, the data is encapsulated in data capsules to be shared, so that the data content and the owner of the data cannot be tampered, the number of the data capsules is not limited, the owner of the data can continuously generate new data capsules, the size of the data capsules can be fixed or unfixed, the data capsules are divided into two types, the first type is non-encrypted, any node can be read and used, but the owner of the data and the data cannot be tampered, the second type is encrypted, the data capsule can be opened to read the data only when the owner of the data obtains permission, and the owner of the data content and the data cannot be tampered.
The package of the unencrypted data capsule is produced by combining the data search flag + owner flag + data + time stamp for unencrypted data into a data packet, and attaching the hash value of the data packet to the data packet, thereby forming the data capsule. The hash value is signed by a signature private key of the user and then uploaded to the block chain together with the characteristic mark for data capsule retrieval, the data packet selects the block chain to be uploaded or not to be uploaded according to needs, the data packet can be prevented from being tampered due to the protection of the hash algorithm, the signed hash value can be prevented from being counterfeited by an adversary, the data packet can be called as a data capsule, the data capsule packaging is completed at the moment, when a data owner updates data, the process is repeated, the timestamp is changed, a continuous data packet is formed, and the unencrypted data capsule can be directly opened.
And (5) packaging and manufacturing the encrypted data capsule. For encrypted data, when an owner of the data wants to share the data, the owner mark + the data + the timestamp are combined into a data packet, the data owner generates a key of a symmetric encryption algorithm as a session key, the session key is used for encrypting the data packet, the encrypted data packet becomes a data capsule, the hash values of the capsule are attached together, the hash values of the data capsule and the session key are respectively signed by a signature private key of the data owner and then uploaded to a block chain together with a characteristic mark for retrieval of the data capsule, the data capsule selects the uploading block chain or not according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, the session key can be selected to be updated, and a continuous data packet is formed.
Data retrieval, when data needs to be shared, a data receiver retrieves the data capsule retrieval feature tag on the block chain, judges whether the data is the content required by the data receiver, if the data is determined to be the data required by the data receiver, the non-encrypted data capsule can be directly read, the encrypted data capsule sends a sharing request to a data owner, and the sending mode can be through the block chain or other available systems such as point-to-point.
Data sharing, the unencrypted data capsule can be read directly. After the encrypted data capsule owner receives the sharing request, if sharing is agreed, the public key of the data receiver on the block chain is retrieved, the session key of the corresponding data capsule is encrypted by using the public key and is sent to the data receiver, and then the data receiver can open the data in the data capsule to realize sharing. The data receiver can verify the data capsule hash value and the session key hash value of the data owner uploading block chain, thereby verifying the authenticity of the data. An unauthorized data receiver cannot read the data because the session key is not available.
And opening the encrypted data capsule, wherein the data capsule can be opened to obtain data for operation after the data receiver takes the session key, the data receiver can communicate other data with the data owner by using the session key, and can also open other data capsules encrypted by using the same session key, each data receiver can be the data owner, and respective data capsules can be generated according to the process.
And (3) iteration of the data capsule, wherein the content in the data capsule needs to be updated according to the operation requirement, a new data capsule is generated at this time, the generation process of the data capsule is called as iteration of the data capsule, and if a data owner generates the new data capsule, the process is selected to be repeated according to encryption or not, so that the data in the data capsule can be updated, the time stamp can be changed, and the session key can be simultaneously changed according to the requirement to generate the new data capsule.
The data is continuously and credibly realized, and as the encryption public key and the signature verification public key of the data owner are both published on the block chain, the data has non-tamper property; because the hash value of the data capsule is published on the block chain after being signed, the data in the data capsule has non-tamper property; since the hash value signature of the session key is published on the block chain and has non-tamper-resistance, the owner of the data and the content of the data can be determined to be trusted wherever the data is; when data in the data capsule is replaced, the signature of a data owner comprises continuous time stamps, so that the continuous credibility that the owner and the content of the data stored on the block chain or under the chain cannot be tampered is ensured, the data exists in the form of the data capsule, a key management system based on the block chain ensures that a session key under the control of a master key is continuously uploaded to the block chain, and the continuous credibility in the continuous operation process of the data is formed
The encryption public key and the signature verification public key of the data owner are published on the block chain, so that the secret key cannot be tampered; publishing the hash signature value of the data capsule on a block chain to ensure that the data in the data capsule cannot be tampered; the hash value of the session key is published on the block chain, so that the session key is ensured not to be falsified, and the signature in the data capsule contains continuous time stamps, so that the sequence of the data can be ensured to be clear even when the content of the data capsule is replaced.
In dispute arbitration, as plaintext readable or non-plaintext verifiable data are left on a block chain at each step of data circulation, when dispute occurs, various nodes including control nodes of a alliance chain or a private chain can read data stored on the block chain in the data circulation process, an arbitration algorithm is operated by utilizing the non-tampering characteristic of the block chain, and credible arbitration can be realized under the condition of decrypting or not decrypting the data in a data capsule, and the data can also be used for judicial identification when law is applicable.
And the second embodiment makes specific detailed development on the basis of the first embodiment.
The above embodiments are only preferred embodiments of the present invention, and are not intended to limit the technical solutions of the present invention, so long as the technical solutions can be realized on the basis of the above embodiments without creative efforts, which should be considered to fall within the protection scope of the patent of the present invention.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A continuous credible data sharing method based on a block chain is characterized in that: the implementation of the data sharing method comprises a user node Client, a federation blockchain and private blockchain control server BCS and a trusted certificate authority CA, and the specific implementation process comprises the following steps: step 1: generating a secret key; step 2: data capsule packaging, updating and opening; and 3, step 3: data retrieval; and 4, step 4: sharing data; and 5: the data is continuously credible; step 6: and (5) arbitration of disputes.
2. The method according to claim 1, wherein the method comprises: step 1: and (2) generating a public key and a private key of 2 pairs based on a public key cryptographic algorithm by the Client in the local block chain server, respectively using the public key and the private key as an encryption and decryption key and a signature verification key, authorizing a trusted Certificate Authority (CA) to generate a node without the public key generation capacity, respectively marking the public key and the private key as PK and IK for encryption and decryption, respectively marking the public key and the private key for signature verification as PSK and ISK, reserving the private key IK and the ISK, and then storing the public key PK and the PSK by using an auditing application mechanism of the block chain, such as an arbitration protocol and the like for uploading the block chain.
3. The method according to claim 1, wherein the method comprises: step 2: and (3) packaging, updating and opening a data capsule, wherein the data capsule is a special data structure designed to ensure the integrity and continuous credibility of data by utilizing a hash function and an optional encryption technology. For non-encrypted data, when an owner of the data needs to share the data, the owner mark + the data + the timestamp are combined into a data packet, the hash value of the data packet is attached together, the data packet is a data capsule, the hash value is signed by a signature private key of the owner and then uploaded to a block chain together with a feature mark for data capsule retrieval, the data capsule selects the block chain to be uploaded or not to be uploaded according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, a continuous data packet is formed, and the non-encrypted data capsule can be directly opened.
For encrypted data, when an owner of the data needs to share the data, the owner mark + the data + the timestamp are combined into a data packet, the owner of the data generates a key of a symmetric encryption algorithm as a session key, the session key is used for encrypting the data packet, the encrypted data packet becomes a data capsule, hash values of the capsule are attached together, the hash values of the data capsule and the session key are respectively signed by a signature private key of the owner and then uploaded to a block chain together with a characteristic mark for retrieval of the data capsule, the data capsule selects the uploading block chain or not according to needs, when the owner of the data updates the data, the process is repeated, the timestamp is changed, the session key can be selected to be updated, and continuous data capsules are formed.
4. The method for continuous trusted data sharing based on blockchain according to claim 1, wherein: and step 3: and when the data needs to be shared, the data receiver searches the data capsule searching characteristic mark on the block chain, judges whether the data capsule is the content required by the data receiver, if the data capsule is determined to be the data required by the data receiver, the non-encrypted data capsule can be directly read, and the encrypted data capsule sends a sharing request to the data owner.
5. The method according to claim 1, wherein the method comprises: and 4, step 4: and sharing data, wherein after the encrypted data capsule owner receives the sharing request, if sharing is agreed, the public key of the data receiver on the block chain is retrieved, the session key of the corresponding data capsule is encrypted by using the public key and is sent to the data receiver, and then the data receiver can open the data in the data capsule to realize sharing.
6. The method according to claim 1, wherein the method comprises: and 5: the data is continuously credible, and an encryption public key and a signature verification public key of a data owner are both published on the block chain, so that the secret key cannot be tampered; publishing the hash signature value of the data capsule on a block chain to ensure that the data in the data capsule cannot be tampered; the hash value of the session key is published on the block chain, so that the session key is ensured not to be falsified, the signature in the data capsule contains continuous time stamps, and the sequence of data can be determined when the content of the data capsule is replaced.
7. The method for continuous trusted data sharing based on blockchain according to claim 1, wherein: step 6: and (4) dispute arbitration, wherein when disputes occur, various nodes including control nodes of a alliance chain and a private chain can read data stored on a block chain in the data circulation process, an arbitration algorithm is operated by utilizing the non-tampering characteristic of the block chain, and the trusted arbitration and judicial authentication can be realized under the condition of decrypting or not decrypting the data in the data capsule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211409364.6A CN115834047A (en) | 2022-11-11 | 2022-11-11 | Continuous trusted data sharing method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211409364.6A CN115834047A (en) | 2022-11-11 | 2022-11-11 | Continuous trusted data sharing method based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115834047A true CN115834047A (en) | 2023-03-21 |
Family
ID=85527645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211409364.6A Pending CN115834047A (en) | 2022-11-11 | 2022-11-11 | Continuous trusted data sharing method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834047A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860709A (en) * | 2023-09-01 | 2023-10-10 | 国能(北京)商务网络有限公司 | Sharing and using method of transaction decision data |
| CN118101198A (en) * | 2024-04-23 | 2024-05-28 | 成都飞机工业(集团)有限责任公司 | Block chain-based supply chain data secure sharing method |
-
2022
- 2022-11-11 CN CN202211409364.6A patent/CN115834047A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860709A (en) * | 2023-09-01 | 2023-10-10 | 国能(北京)商务网络有限公司 | Sharing and using method of transaction decision data |
| CN116860709B (en) * | 2023-09-01 | 2023-12-05 | 国能(北京)商务网络有限公司 | Sharing and using method of transaction decision data |
| CN118101198A (en) * | 2024-04-23 | 2024-05-28 | 成都飞机工业(集团)有限责任公司 | Block chain-based supply chain data secure sharing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109829326B (en) | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain | |
| Guo et al. | TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain | |
| CN112418860A (en) | Block chain efficient management framework based on cross-chain technology and working method | |
| CN115834047A (en) | Continuous trusted data sharing method based on block chain | |
| WO2014114080A1 (en) | Method and system for data encryption protection | |
| CN115883102B (en) | Cross-domain identity authentication method and system based on identity credibility and electronic equipment | |
| CN113162907A (en) | Attribute-based access control method and system based on block chain | |
| Xu et al. | An efficient blockchain‐based privacy‐preserving scheme with attribute and homomorphic encryption | |
| EP4183104A1 (en) | Challenge-response protocol based on physically unclonable functions | |
| Ahmed et al. | Toward fine‐grained access control and privacy protection for video sharing in media convergence environment | |
| CN115883214A (en) | Electronic medical data sharing system and method based on alliance chain and CP-ABE | |
| Guo et al. | Using blockchain to control access to cloud data | |
| CN115883154A (en) | Access certificate issuing method, block chain-based data access method and device | |
| Tan et al. | Access control scheme based on combination of blockchain and XOR-coding for ICN | |
| Chen et al. | IOV Privacy Protection System Based on Double‐Layered Chains | |
| Li et al. | MACT: A multi-channel anonymous consensus based on Tor | |
| WO2022069132A1 (en) | Physically unclonable functions | |
| WO2022069135A1 (en) | Physically unclonable functions storing response values on a data store | |
| Zhang et al. | A Data Sharing Scheme Based on Blockchain System and Attribute-Based Encryption | |
| CN117200966A (en) | Trusted authorization data sharing method based on distributed identity and alliance chain | |
| CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
| EP4183103A1 (en) | Physically unclonable functions storing response values on a blockchain | |
| CN113630448A (en) | Distributed encryption storage method and system, computer device and readable storage medium | |
| Vrielynck et al. | DeFIRED: decentralized authorization with receiver-revocable and refutable delegations | |
| Tian et al. | Exploiting blockchain and secure access control scheme to enhance privacy-preserving of IoT publish-subscribe system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |