CN115914263A - Information management method, device and editable block chain management system - Google Patents
Information management method, device and editable block chain management system Download PDFInfo
- Publication number
- CN115914263A CN115914263A CN202211365360.2A CN202211365360A CN115914263A CN 115914263 A CN115914263 A CN 115914263A CN 202211365360 A CN202211365360 A CN 202211365360A CN 115914263 A CN115914263 A CN 115914263A
- Authority
- CN
- China
- Prior art keywords
- information
- blockchain
- editable
- encryption
- privileged
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present disclosure provides an information management method, which relates to the technical field of a block chain, and is applied to a privileged node of an editable block chain management system, wherein the editable block chain management system comprises an editable first block chain and a non-editable second block chain, and the information management method comprises the following steps: responding to the encryption instruction, and acquiring information to be encrypted; determining publicable information and non-publicable information from information to be encrypted; jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-public information to obtain a ciphertext of the non-public information; generating target information according to the publicable information and the ciphertext; establishing a mapping relation between a plurality of privileged nodes for encrypting the non-public information and target information; and storing the target information to the first block chain, and storing the mapping relation to the second block chain. The disclosure also provides an information management device and an editable block chain management system.
Description
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to an information management method, an information management apparatus, an editable blockchain management system, an electronic device, a storage medium, and a program product.
Background
The block chain is used as a decentralized, tamper-resistant and traceable distributed account book system, and is applied to various aspects of the social field. The core of the concept is that a centralized accounting mode is changed into a distributed account book which is backed up by people together, and the anti-tampering property and the safety of the account book are enhanced through supervision of people.
The reliability of information management can be improved by introducing the block chain technology into the information management system. However, different organizations have different requirements for information management, for example, data in some organizations have certain specificity, uplink information needs to be supervised for these organizations, and part of the uplink information can be masked according to actual needs, which is difficult to be satisfied by the conventional block chain technology.
Disclosure of Invention
In view of the above, the present disclosure provides an information management method, apparatus, editable blockchain management system, electronic device, storage medium, and program product.
According to a first aspect of the present disclosure, there is provided an information management method applied to at least one of a plurality of privileged nodes of an editable blockchain management system including an editable first blockchain and a non-editable second blockchain, the information management method including:
responding to the encryption instruction, and acquiring information to be encrypted;
determining publicable information and non-publicable information from the information to be encrypted;
jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-public information to obtain a ciphertext of the non-public information;
generating target information according to the publicable information and the ciphertext;
establishing a mapping relation between a plurality of privileged nodes encrypting the non-public information and the target information;
and storing the target information to the first block chain, and storing the mapping relation to the second block chain.
According to an embodiment of the present disclosure, each of the plurality of privileged nodes has at least one key partition, different ones of the privileged nodes having different key partitions; the encryption instructions are sent by at least one management node in the editable blockchain management system to N of the plurality of privileged nodes in a random manner;
the jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-publicable information to obtain a ciphertext of the non-publicable information, includes:
obtaining the key block of each of the N privileged nodes receiving the encryption instruction;
forming an encryption key by the obtained key blocks;
encrypting the non-public information according to a preset encryption algorithm based on the encryption key;
and N is a positive integer, M is more than N and more than or equal to 2, and M is the total number of privileged nodes in the editable block chain management system.
According to an embodiment of the present disclosure, the encryption key comprises an SM4 encryption key, the encryption algorithm comprises an SM4 encryption algorithm, and N =4.
According to an embodiment of the present disclosure, the mapping relationship includes a combination order adopted by the key blocks when the encryption key is composed, and identity information of the privileged node to which each of the key blocks belongs.
A second aspect of the present disclosure provides an information management method, where the information management method is applied to at least one management node of an editable blockchain management system, where the editable blockchain management system includes an editable first blockchain and a non-editable second blockchain, and an intelligent contract is configured in the second blockchain, where the intelligent contract is configured to record an update operation occurring on the first blockchain, and the information management method includes:
monitoring the intelligent contract to judge whether an updating operation is to be initiated on the first block chain;
when the updating operation is to occur on the first block chain, acquiring updating content matched with the updating operation;
when the acquired updated content contains non-public information, an encryption instruction is sent to a plurality of privileged nodes in the editable blockchain management system.
According to an embodiment of the present disclosure, when the update operation to be performed on the first blockchain includes an edit operation, the management node further issues an edit instruction to at least one of the privileged nodes when issuing the encryption instruction, where the edit instruction is configured to:
enabling the privileged node to take the target information as target content of the editing operation, and initiating the editing operation on the block to be edited through a chameleon trap door;
and the hash values of the edited content in the block before and after editing are the same.
According to an embodiment of the present disclosure, at least one of the tiles in the first chain of tiles is configured with an edit factor, the smart contract is further configured to:
when the editing operation is initiated, configuring the editing coefficient of the block to be edited as a first value, the first value being configured to: enabling at least one ordinary node of the editable blockchain management system to determine that the content in the block is in an untrusted state according to the first value when the content in the block is read;
when the editing operation is completed, configuring the editing coefficient of the edited block as a second value, wherein the second value is configured to: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in a trusted state according to the second value when the content in the block is read.
A third aspect of the present disclosure provides an information management apparatus applied to at least one of a plurality of privileged nodes of an editable blockchain management system including an editable first blockchain and a non-editable second blockchain, the information management apparatus including:
the first acquisition module is used for responding to the encryption instruction and acquiring the information to be encrypted;
the first processing module is used for determining the public information and the non-public information from the information to be encrypted;
the encryption module is used for encrypting the non-publicable information by combining a plurality of privileged nodes receiving the encryption instruction so as to obtain a ciphertext of the non-publicable information;
the information generation module is used for generating target information according to the publicable information and the ciphertext;
the mapping relation generating module is used for establishing a mapping relation between a plurality of privileged nodes which encrypt the non-public information and the target information;
and the second processing module is used for storing the target information to the first block chain and storing the mapping relation to the second block chain.
A fourth aspect of the present disclosure provides an information management apparatus, where the information management apparatus is applied to at least one management node of an editable blockchain management system, the editable blockchain management system includes an editable first blockchain and a non-editable second blockchain, an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an update operation occurring on the first blockchain, and the information management apparatus includes:
the monitoring module is used for monitoring the intelligent contract to judge whether the first block chain initiates an updating operation;
a second obtaining module, configured to obtain, when the update operation is to occur on the first block chain, update content matched with the update operation;
and the third processing module is used for sending an encryption instruction to a plurality of privileged nodes in the editable block chain management system when the acquired non-public information exists in the updated content.
A fifth aspect of the present disclosure provides an editable blockchain management system, wherein the editable blockchain management system includes a first blockchain, a second blockchain, at least one management node, and a plurality of privileged nodes, and an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an update operation occurring on the first blockchain; the at least one privileged node comprises a first information management device and the at least one management node comprises a second information management device; the first information management apparatus includes: the device comprises a first acquisition module, a first processing module, an encryption module, an information generation module, a mapping relation generation module and a second processing module; the second information management apparatus includes: the monitoring module, the second acquisition module and the third processing module;
the monitoring module is used for monitoring the intelligent contract to judge whether an updating operation is to be initiated on the first block chain;
the second obtaining module is configured to obtain, when the update operation is to occur on the first block chain, update content matched with the update operation;
the third processing module is configured to, when the acquired update content includes non-publicable information, issue an encryption instruction to a plurality of privileged nodes in the editable blockchain management system;
the first acquisition module is used for responding to an encryption instruction and acquiring information to be encrypted;
the first processing module is used for determining the public information and the non-public information from the information to be encrypted;
the encryption module is used for jointly receiving a plurality of privileged nodes of the encryption instruction and encrypting the non-public-available information to obtain a ciphertext of the non-public-available information;
the information generation module is used for generating target information according to the publicable information and the ciphertext;
the mapping relation generating module is used for establishing a mapping relation between the N privileged nodes which encrypt the non-public information and the target information;
the second processing module is configured to store the target information to the first blockchain, and store the mapping relationship to the second blockchain.
A sixth aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described information management method.
A seventh aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described information management method.
An eighth aspect of the present disclosure also provides a computer program product comprising a computer program that, when executed by a processor, implements the information management method described above.
One or more of the above-described embodiments may provide the following advantages or benefits:
the public information is stored on the first block chain in a public transparent mode for being inquired and used by other nodes; the non-public information is stored on the first block chain in a form of a ciphertext, and the encryption mode is stored on the second block chain in a form of a mapping relation (for example, the non-public information comprises a privileged node used for encryption) so as to be used for decrypting the ciphertext, so that the traceability of the information on the chain can be realized, meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage can be prevented.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, taken in conjunction with the accompanying drawings of which:
fig. 1 schematically illustrates an application scenario diagram of an information management method, apparatus, editable blockchain management system, electronic device, storage medium and program product in some embodiments of the disclosure;
FIG. 2 schematically illustrates a flow chart of an information management method in some embodiments of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of administrative node and privileged node interaction in some embodiments of the present disclosure;
FIG. 4 schematically illustrates a flow diagram for encrypting non-publicable information in some embodiments of the present disclosure;
FIG. 5 schematically illustrates a flow diagram for configuring edit coefficients in some embodiments of the disclosure;
FIG. 6 schematically illustrates a flow chart of an information management method in further embodiments of the disclosure;
FIG. 7 schematically illustrates a block diagram of an information management apparatus in some embodiments of the disclosure
FIG. 8 is a block diagram schematically illustrating an information management apparatus in further embodiments of the present disclosure;
fig. 9 schematically illustrates a block diagram of an electronic device suitable for implementing the information management method in some embodiments of the present disclosure.
Detailed Description
To facilitate understanding of the aspects of the embodiments of the present application, a brief introduction of related concepts is first given as follows:
first, the blockchain technique.
Blockchain technology, also known as distributed ledger technology, is an emerging technology for several computing devices to participate in "accounting" (i.e., recording transaction data) together, maintaining a complete distributed database together. The blockchain technology has been widely used in many fields due to its characteristics of decentralization (i.e., no central node), transparency of disclosure, participation of each computing device in database recording, and rapid data synchronization among computing devices.
Currently, the blockchain can be divided into: public chains and federation chains. Public chain refers to a blockchain that is readable by any device around the world, or that is a blockchain in which any device can participate in a consensus verification process for a transaction. A federation chain, also called a community block chain (consortium block chains), refers to a federation formed by participating members of a specified block chain, and information about business transactions between the members is recorded in the block chain, which defines the size and right of use. In embodiments of the present disclosure, a blockchain may generally refer to a federation chain, unless specifically stated otherwise.
Second, blockchain nodes.
The blockchain in the embodiments of the present disclosure is participated by a plurality of blockchain nodes (hereinafter, may be simply referred to as nodes). The node is a device having a communication function and a storage function, such as a device storing block chain data. Each node may receive information and may generate information. Communication and data synchronization is maintained between different nodes by maintaining a common blockchain. Specifically, in the blockchain system, any node may generate new blockchain data according to data related to a transaction sent by a client, and distribute the new blockchain data to other nodes in a broadcast manner, and the other nodes may verify the blockchain data. When all nodes in the blockchain system agree, new blockchain data can be added to the blockchain.
Alternatively, the node in the embodiments of the present disclosure may be understood as a processing unit. In one implementation, a node may be a physical device, such as a server or a computer. In another implementation, the node may be a virtual computer; the virtual machine is a general term for a running environment virtualized by software in all types of virtualization devices, and the concept includes a virtual machine and a container. In other implementations, a node in embodiments of the present disclosure may be a process or a thread; the thread is the minimum unit which can be operated and scheduled by the operating system, is contained in the process and is the actual operation unit in the process; a process is a running activity of a program in a computer on a certain data set, and is a basic unit for resource allocation and scheduling of a system.
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that these descriptions are illustrative only and are not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "A, B and at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that an information management method, an information management apparatus, an editable blockchain management system, an electronic device, a storage medium, and a program product provided by embodiments of the present disclosure relate to the field of blockchain technology. For example, the information management method, the information management apparatus, the editable blockchain management system, the electronic device, the storage medium and the program product provided by the embodiments of the disclosure may be applied to a docking service with a welfare center in the financial field. The embodiments of the present disclosure do not limit the application fields of an information management method, an information management apparatus, an editable blockchain management system, an electronic device, a storage medium, and a program product.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated.
At present, for the information management system of some organizations, the information on the chain needs to be supervised, and the information on the chain needs to be corrected in time, which is difficult to be satisfied by the traditional block chain technology due to the tamper-proof property. For example, when there is an erroneous transfer of information on the chain due to human error, or there is illegal information that is maliciously disseminated, such information is difficult to modify due to the tamper-resistant nature of the blockchain, which causes a significant loss.
To solve the above problem, in one example, an editable blockchain management system is proposed, in which two blockchains exist simultaneously, one of the two blockchains may be referred to as an editable blockchain, and the other may be referred to as a normal blockchain. The editable block chain is used for storing and managing information needing to be linked up, and simultaneously allows the privileged node to modify the information on the chain, and the common block chain is used for verifying and recording each operation generated on the editable block chain, so that the legality and traceability of each operation generated on the editable block chain are ensured.
However, for some organizations with sensitive data (such as welfare centers, etc.), the editable blockchain management system described above still has difficulty meeting practical requirements. For example, after receiving a social donation, the benefit center needs to link important information related to the donation (such as the donation location, donation time, donation content, and service evaluation) so as to transparently maintain the operation and maintenance information of the benefit center in a public and traceable manner. However, for some sensitive data, such as data containing the identity of the donor, which cannot be directly disclosed on the chain, a screening process is required to protect privacy.
In view of this, embodiments of the present disclosure provide an information management method, which can perform shielding processing on parts of information on a chain according to actual needs, so as to protect the data from being leaked.
Specifically, the information management method is applied to at least one of a plurality of privileged nodes of an editable blockchain management system, the editable blockchain management system comprises an editable first blockchain and a non-editable second blockchain, and the information management method comprises the following steps: responding to the encryption instruction, and acquiring information to be encrypted; determining publicable information and non-publicable information from information to be encrypted; jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-public information to obtain a ciphertext of the non-public information; generating target information according to the publicable information and the ciphertext; establishing a mapping relation between N privileged nodes for encrypting the non-public information and target information; and storing the target information to the first block chain, and storing the mapping relation to the second block chain.
In the disclosed embodiment, the public information is stored on the first block chain in a public and transparent mode for other nodes to inquire and use; the non-public information is stored on the first block chain in a form of a ciphertext, and the encryption mode is stored on the second block chain in a form of a mapping relation (for example, the non-public information comprises a privileged node used for encryption) so as to be used for decrypting the ciphertext, so that the traceability of the information on the chain can be realized, meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage can be prevented.
Fig. 1 schematically illustrates an application scenario diagram of an information management method, apparatus, editable blockchain management system, electronic device, storage medium and program product in some embodiments of the disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include an editable blockchain management system 100, where the editable blockchain management system 100 includes a first blockchain 110, a second blockchain 120, at least one management node 130, a plurality of privileged nodes 140, and a plurality of general nodes 150. For example, the first blockchain 110 may include the editable blockchain described above, and the second blockchain may include the general blockchain described above.
At least one management node 130, a plurality of privileged nodes 140, and a plurality of normal nodes 150 may simultaneously act as participants to the first blockchain 110 and participants to the second blockchain 120. The content of a tile in the first blockchain 110 can be edited by the privileged node 140 through the consensus algorithm.
Illustratively, the editable blockchain management system of the embodiment of the disclosure can be applied to the interface business of a financial institution and a welfare center.
Alternatively, the privileged node 140 may be selected from the normal nodes 150 through a voting mechanism, the privileged node 140 having the right to supervise checking and graceful modification of the content on the first blockchain 110. The normal node 150 may refer to a transaction node performing a normal transaction operation, the normal node 150 only performs a normal uplink transaction information operation, for example, uplink transfer information, and the like, and the normal node 150 does not participate in editing the first blockchain 110.
The second blockchain 120 may be deployed with an intelligent contract, and when initiating the editing of the first blockchain 110, the privileged node 140 may perform identity verification through the intelligent contract, where the verification manner may include a chameleon trap gate algorithm and a Proof of authority (PoA) consensus mechanism, so that the privileged node 140 determines the editing content by voting, and specifically, the editing process will be described in detail below, which is not described herein again. In general, privileged node 140 authenticates through second blockchain 120 and edits information on first blockchain 110.
Network 160 serves to provide a medium for communication links between at least one management node 130, a plurality of privileged nodes 140, and a plurality of general nodes 150. Network 160 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
It should be noted that the information management method provided by some embodiments of the present disclosure may be generally performed by the privileged node 140. Accordingly, the information management apparatus according to the embodiments can be generally disposed in the privileged node 140. Privileged node 140 may comprise a server or a cluster of servers.
The information management methods provided by further embodiments of the present disclosure may generally be performed by the management node 130. Accordingly, the information management apparatus according to the embodiments may be generally disposed in the management node 130. The management node 130 may comprise a server or a cluster of servers.
It should be understood that the number of management nodes 130, privileged nodes 140, and general nodes 150 in fig. 1 is merely illustrative. There may be any number of management nodes 130, privileged nodes 140, and normal nodes 150, as desired for an implementation.
The following will first describe in detail the information management method applied to the privileged node in the disclosed embodiment by fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of an information management method in some embodiments of the disclosure. Figure 3 schematically illustrates a flow diagram of administrative node and privileged node interaction in some embodiments of the present disclosure.
As shown in fig. 2 and 3, the information management method of this embodiment includes steps S210 to S260.
It should be noted that, although the steps in the drawings of the present disclosure are shown in sequence as indicated by arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, in different orders, and may be performed in turn or in alternation with other steps or at least some of the sub-steps or stages of other steps.
In step S210, information to be encrypted is acquired in response to the encryption instruction.
The encryption instruction may be issued by the management node by monitoring an intelligent contract deployed on the second blockchain, and the intelligent contract may record update operations occurring on the first blockchain, such as editing operations and new information uplink operations. When the update operations occur, for example, the edit operations, the management node may first determine whether the edited content has non-publicable information, and when the non-publicable information exists, the management node may first issue an encryption instruction to a plurality of privileged nodes to enable the plurality of privileged nodes to encrypt the edited content, and then issue an edit instruction to enable the privileged nodes to initiate the edit operations, thereby preventing the non-publicable information from being leaked.
In step S220, publicable information and non-publicable information are determined from the information to be encrypted.
The non-publicable information may include more sensitive information, for example, for a welfare center, the non-publicable information may include the identity of the donor, etc., and the publicable information may refer to information other than the publicable information, such as the location of the donation, etc. In the embodiment of the present disclosure, the publicable information and the non-publicable information may be distinguished from the information to be encrypted according to the field of the information to be encrypted.
In step S230, the non-publicable information is encrypted by combining the plurality of privileged nodes that have received the encryption command to obtain the ciphertext of the non-publicable information.
In the disclosed embodiments, for each privileged node, the privileged node may encrypt the non-publicable information in conjunction with a plurality of privileged nodes including the privileged node. For example, multiple key partitions may be deployed in a distributed manner among multiple privileged nodes, with different key partitions deployed on different privileged nodes. For at least one privileged node, when receiving the encryption instruction, the privileged node can broadcast to other privileged nodes, and further can acquire the key blocks stored on the privileged nodes which also receive the encryption instruction, and then the privileged nodes can form the keys by the acquired key blocks and encrypt the non-public information by using the keys.
Optionally, in this embodiment of the present disclosure, after the privileged node completes encryption, the plurality of privileged nodes may verify the encryption result through the consensus mechanism. For example, the plurality of privileged nodes may simultaneously synthesize a key through the above steps and encrypt with the key, and when the encryption results of more than 50% of the members of the plurality of privileged nodes are consistent, the common identification may be confirmed to pass, and the encryption may be determined to be valid.
In step S240, target information is generated from the publicable information and the ciphertext.
In the embodiment of the present disclosure, for non-publicable information, it is processed into ciphertext through the above-mentioned encryption operation, and for publicable information, the original data is retained. And recombining the ciphertext and the publicity information to obtain data, namely the target information, of the information to be encrypted after partial encryption.
In step S250, a mapping relationship is established between the target information and a plurality of privileged nodes that encrypt the non-publicable information.
In the embodiment of the present disclosure, the identity of the privileged node that encrypts the non-publicable information may be recorded, and at the same time, how the plurality of key partitions obtained from the plurality of privileged nodes are combined into the key may also be recorded, and thus a mapping relationship between the information and the non-publicable information is generated, and the mapping relationship may be stored in the smart contract on the second blockchain.
In step S260, the target information is stored in the first block chain, and the mapping relationship is stored in the second block chain.
In the disclosed embodiment, the public information is stored on the first blockchain in a public and transparent mode for other nodes to inquire and use; the non-public information is stored on the first block chain in a form of a ciphertext, and the encryption mode is stored on the second block chain in a form of a mapping relation (for example, the non-public information comprises a privileged node used for encryption) so as to be used for decrypting the ciphertext, so that the traceability of the information on the chain can be realized, meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage can be prevented.
The information management method according to the embodiment of the present disclosure is further described below with reference to fig. 2 to 5.
Fig. 4 schematically illustrates a flow diagram for encrypting non-publicable information in some embodiments of the present disclosure.
In some embodiments, each of the plurality of privileged nodes has at least one key partition, and different privileged nodes have different key partitions. The encryption instructions are sent by at least one management node in the editable blockchain management system to N of the plurality of privileged nodes in a random manner. Wherein N is a positive integer, and M > N ≧ 2,M is the total number of privileged nodes in the editable blockchain management system.
As shown in fig. 4, step S230 includes steps S231 to S233.
In step S231, the key block of each of the N privileged nodes that received the encryption instruction is acquired.
In the disclosed embodiment, for at least one privileged node, when it receives an encryption instruction, it may broadcast to other privileged nodes to obtain the key chunks stored on the privileged node that also received the encryption instruction. For example, in
In step S232, an encryption key is composed of the acquired key blocks.
In step S233, the non-publicable information is encrypted according to a preset encryption algorithm based on the encryption key.
In the embodiment of the present disclosure, the key partitions held by the privileged nodes may be independent from each other, that is, for any one of the privileged nodes, the key partition held by the privileged node may be combined with the key partitions of any of the privileged nodes, rather than only with the key partition held by a specific privileged node, so that the keys of the privileged nodes may be freely combined.
In the disclosed embodiment, the management node may send encryption instructions to a certain number of randomly privileged nodes based on the encryption algorithm employed. In some embodiments, the encryption key includes an SM4 encryption key, the encryption algorithm includes an SM4 encryption algorithm, N =4, that is, each time encryption is performed, the management node may send an encryption instruction to 4 random privileged nodes, and accordingly, each privileged node may store a key block with a length of 32 bits, so as to form an SM4 encryption key with a length of 128 bits.
It should be noted that, in each encryption process, the key blocks obtained and used by the privileged nodes performing encryption should be consistent, so that the same key is used by the privileged nodes during encryption. For example, if the privileged nodes P1 to P4 among the plurality of privileged nodes receive the encryption instruction and the key blocks held by the privileged nodes P1 to P4 are M1 to M4, the key blocks M1 to M4 are used for encryption for any of the privileged nodes P1 to P4.
During each encryption, the management node sends an encryption instruction to the random privileged node, so that the key blocks used for encryption are different with a high probability for the two encryption processes, and the keys used for encryption are also different for the two encryption processes, which is favorable for increasing the cracking difficulty and improving the information security.
For example, when the non-publicable information A1 is encrypted, among the plurality of privileged nodes, the privileged nodes P1 to P4 receive the encryption instruction, and the key blocks held by the privileged nodes P1 to P4 are M1 to M4, respectively, and any one of the privileged nodes P1 to P4 uses the key composed of the key blocks M1 to M4 in the encryption. When the non-publicable information A2 is encrypted, among the plurality of privileged nodes, the privileged nodes P2 to P5 receive the encryption instruction, and the key blocks held by the privileged nodes P2 to P5 are M2 to M5, respectively, so that any one of the privileged nodes P2 to P5 uses the key composed of the key blocks M2 to M5 in the encryption.
Alternatively, in addition to the key blocking, the system parameters FK and the fixed parameters CK required in the SM4 encryption algorithm may be dispersedly disposed in a plurality of privileged nodes, and these system parameters, fixed parameters, and key blocking are independent of each other, so that they can be freely used in combination when encryption is performed.
In some embodiments, the mapping relationship includes a combination order in which the key blocks are used in composing the encryption key, and identity information of the privileged node to which each key block belongs.
For example, when privileged node P1 encrypts non-publicly available information in conjunction with privileged nodes P2-P4, a mapping may be generated that may include identity information for each of privileged nodes P1-P4, and may also include combining key chunks into encryption keys in the order M1-M2-M3-M4.
In some embodiments, when the update operation to occur on the first blockchain comprises an edit operation, the management node further issues an edit instruction to the at least one privileged node when issuing the encryption instruction.
In some embodiments, the information management method further includes step S310.
In step S310, in response to the editing instruction, with the target information as the target content of the editing operation, the editing operation is initiated on the tile to be edited through the chameleon trapdoor. And the hash values of the edited content in the block before and after editing are the same.
In some specific embodiments, the chameleon trapdoor generation method comprises the following steps: first, the radix g of the chameleon hash function and two large prime numbers p and q satisfying p = kq +1 are disclosed all over the network, where k is an arbitrary integer. Each privileged node P i Private generation of random number x in turn i As a slice of the trapdoor, and the public key h is calculated as follows:
and n is the number of the trapdoor fragments. To ensure the trapdoor is partitioned into x i The specific generation process of the public key h is as follows: first privileged node P 1 Issuing a first public key fragment h on an intelligent contract 1 Public key sharding h 1 Can be calculated by the following formula:
second privileged node P 2 According to the latest public key fragmentation h on the intelligent contract 1 Calculate the second public key fragment h 2 Second public key fragment h 2 Can be calculated by the following formula:
and so on, the ith node is according to h i-1 To calculate the latest public key fragment h i And until the synthesis operation of the public key h and the trapdoor x is completed. The public key h is calculated by the following formula:
the trapdoor x is calculated by the following formula:
x=x 1 ·x 2 …x n (5)
by the difficult-to-solve guarantee of the discrete logarithm problem, a common node obtains a public key h and a base number g (or p/q) on a public network, and a trapdoor fragment x cannot be calculated i And a trapdoor x, the security of the trapdoor can be guaranteed.
When the content m of a certain chunk on the blockchain needs to be edited as m', each privileged node P i First, there is a need to broadcast trapdoor slice x off-line i After receiving the trapdoor fragment x to be verified sent by other privileged nodes i After that, according to the formula (5), the trapdoor x 'to be verified is synthesized offline, and the trapdoor x' to be verified can be calculated by the following formula:
meanwhile, the correctness of the trapdoor x' to be verified is verified on the intelligent contract. Optionally, the correctness of the trapdoor x' to be verified can be verified by a homomorphic-chameleon hash function.
For example, all privileged nodes first vote to publish on the smart contract the homomorphic value of the trapdoor x' to be verified, which can be calculated by the following formula:
and if the following formula is satisfied, verifying the correctness of the trapdoor x' to be verified.
f(x)=g x mod q (8)
Subsequently, the privileged node calculates a new hash collision r ' by using the correct trapdoor x (i.e. the verified trapdoor x ' to be verified), the content m before editing the block to be edited, the current hash collision r, and the target content m ' after editing, and the basic principle is as follows:
H=g m ·h r =g m′ ·h r′ mod p (9)
r′=F′(m,m′,r)=(m-m′+xr)x -1 mod q (10)
according to the new hash conflict r ', the content of the block to be edited can be edited from m to m' under the condition of not changing the hash value H, and the whole editing process is ended.
After the editing operation is finished, the chameleon trap door needs to be regenerated once, and meanwhile, the latest public key is issued on the common chain. The specific generation process is the same as the above embodiment, and then a new round of block editing operation can be performed.
In some embodiments, for a block being edited, an editing coefficient may be configured for the block, so that when the block is in the editing process, information in the block is not adopted by other nodes (e.g., common nodes), thereby ensuring that data is accurate and valid.
Specifically, at least one tile in the first blockchain is configured with an editing coefficient, fig. 5 schematically illustrates a flowchart for configuring the editing coefficient in some embodiments of the present disclosure, and as shown in fig. 5, the smart contract is further configured to perform step S320 and step S330.
In step S320, when the editing operation is initiated, the editing coefficient of the block to be edited is configured as a first value, where the first value is configured as: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in an untrusted state according to the first value when reading the content in the block.
In step S330, when the editing operation is completed, the editing coefficient of the edited block is configured to be a second value, and the second value is configured to: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in a trusted state according to the second value when the content in the block is read.
In the embodiment of the present disclosure, the editing coefficient s is configured for the block in the smart contract, and thus the above-mentioned hash value calculation formula is represented by H = g m *h r Changing to H = (g) m *h r ) s Wherein the editing coefficient s can be edited by the privileged node at the smart contract SC x The above publication is published.
Before the editing operation is initiated, the default value of the editing coefficient s may be set to 1, i.e. the second value is 1. Since the hash value calculation formula of the block is H = (g) m *h r ) s Therefore, the chunk hash value remains unchanged, and the ordinary node determines that the content in the chunk is in a trusted state, from which the ordinary node can normally read.
When the privileged node initiates an editing operation, the intelligent contract automatically sets the editing coefficient of the corresponding block to 0, i.e., the first value described above. Since the hash value calculation formula of the block is H = (g) m *h r ) s Therefore, the hash value of the block is 1, and at this time, the hash value of the block cannot be verified, and the normal node determines that the content in the block is in an untrusted state, and the normal node will not adopt the information in the block.
In summary, embodiments of the present disclosure can provide an information management method for funds applicable to a benefit center, which can implement information disclosure, supervision, and traceability, and overcome the disadvantage that the existing blockchain transaction system cannot modify the content of a block at all. More importantly, for information on a chain (or information about uplink to be transmitted), supervision and shielding of partial information can be achieved, so that sensitive information is leaked, and data security is guaranteed.
Still other embodiments of the present disclosure further provide an information management method, where the information management method of these embodiments is applied to at least one management node of an editable blockchain management system, where the editable blockchain management system includes an editable first blockchain and a non-editable second blockchain, and an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an update operation that occurs on the first blockchain, where the update operation may include, for example, the editing operation and an operation of a new information chain described above.
FIG. 6 schematically shows a flow chart of an information management method in further embodiments of the present disclosure.
As shown in fig. 3 and fig. 6, the information management method in these embodiments includes steps S410 to S430.
At step S410, the smart contract is monitored to determine whether an update operation is to be initiated on the first blockchain.
In step S420, when an update operation is to occur on the first block chain, update content matching the update operation is acquired. Otherwise, the judgment is finished.
In step S430, when the non-publicable information exists in the acquired update content, an encryption instruction is issued to a plurality of privileged nodes in the editable blockchain management system. Otherwise, the encryption instruction is not issued, namely, the encryption step is skipped.
In the embodiment of the present disclosure, the update operation on the first blockchain may include an editing operation performed on the content in the existing blocks on the first blockchain, and an operation of adding new block data to the first blockchain (i.e., an operation of linking new information). The intelligent contract may record the full flow of the above-described operations that occur on the first blockchain. Therefore, by monitoring the smart contract, the initiating action of the operation can be monitored, and then an encryption instruction is issued through steps S310 to S330 to encrypt the non-publicable information prior to the operation.
In the embodiment of the present disclosure, for the editing operation, the updated content may be target content after editing, and for the operation of adding new tile data to the first tile chain, the updated content may refer to content in the new tile.
Optionally, when the non-publicable information exists in the updated content, the management node may send the encryption instruction to a certain number of random privileged nodes according to a preset encryption algorithm, for example, the encryption algorithm may include an SM4 encryption algorithm, and at this time, the management node may send the encryption instruction to the random 4 privileged nodes, so that the 4 privileged nodes encrypt the non-publicable information in the encryption manner according to the foregoing embodiment. That is, for each privileged node that receives the encryption command, steps S210 to S260 in the foregoing embodiment may be performed, and for the specific execution process, reference may be made to the foregoing embodiment, and therefore, details are not described herein again.
In the embodiment of the disclosure, the updating operation to be initiated on the first blockchain can be timely discovered by monitoring the intelligent contract deployed on the second blockchain, and further, when the non-public information exists in the updating content, an encryption instruction can be sent, so that the privileged node stores the public information on the first blockchain in a public and transparent manner for other nodes to query and use; the non-public information is stored on the first block chain in a form of ciphertext, and the encryption mode is stored on the second block chain in a form of mapping relation (for example, comprising a privileged node used for encryption) so as to be used for decrypting the ciphertext. Therefore, the traceability of information on the chain can be realized, the confidentiality of non-public information can be ensured, and information leakage is prevented.
In some embodiments, when the update operation to occur on the first blockchain includes an edit operation, the management node further issues an edit instruction to the at least one privileged node when issuing the encryption instruction, the edit instruction configured to: and enabling the privileged node to take the target information as the target content of the editing operation, and initiating the editing operation on the block to be edited through the chameleon trap door. And the hash values of the edited content in the block before and after editing are the same. That is, the privileged node executes step S310 in the above embodiment, and the details can be referred to the above embodiment, and therefore, the details are not described herein again.
In some embodiments, at least one tile in the first chain of tiles is configured with editing coefficients, the smart contract further configured to:
when the editing operation is initiated, configuring the editing coefficient of the block to be edited as a first value, wherein the first value is configured as: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in an untrusted state according to the first value when reading the content in the block.
When the editing operation is completed, configuring the editing coefficient of the edited block as a second value, wherein the second value is configured as: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in a trusted state according to the second value when reading the content in the block.
In the embodiment of the present disclosure, the editing coefficient s is configured for the block in the smart contract, and before the editing operation is initiated, a default value of the editing coefficient s may be set to 1, that is, the second value is 1. At this time, the hash value of the block remains unchanged, and the ordinary node determines that the content in the block is in a trusted state, from which the ordinary node can read normally. When the privileged node initiates an editing operation, the intelligent contract automatically sets the editing coefficient of the corresponding tile to 0, i.e., the first value described above. At this time, the hash value of the block cannot pass the verification, the ordinary node determines that the content in the block is in an untrusted state, and the ordinary node will not adopt the information in the block.
It should be noted that, for the embodiments of the present disclosure, reference may be made to the foregoing embodiments, and therefore, detailed description is not repeated herein.
Based on the above information management method, some embodiments of the present disclosure further provide an information management apparatus, where the information management apparatus of some embodiments is applied to at least one of a plurality of privileged nodes of an editable blockchain management system, and the editable blockchain management system includes an editable first blockchain and a non-editable second blockchain. The apparatus will be described in detail below with reference to fig. 8.
Fig. 7 schematically illustrates a block diagram of an information management apparatus in some embodiments of the present disclosure.
As shown in fig. 7, the information management apparatus 700 of this embodiment includes a first acquisition module 710, a first processing module 720, an encryption module 730, an information generation module 740, a mapping relationship generation module 750, and a second processing module 760.
The first obtaining module 710 is configured to obtain information to be encrypted in response to the encryption instruction. In an embodiment, the first obtaining module 710 may be configured to perform the step S210 described above, and is not described herein again.
The first processing module 720 is used for determining the public information and the non-public information from the information to be encrypted. In an embodiment, the first processing module 720 may be configured to perform the step S220 described above, which is not described herein again.
The encryption module 730 is configured to jointly receive the plurality of privileged nodes of the encryption instruction, and encrypt the non-publicable information to obtain a ciphertext of the non-publicable information. In an embodiment, the encryption module 730 can be configured to perform the step S230 described above, which is not described herein again.
The information generating module 740 is configured to generate target information according to the publicable information and the ciphertext. In an embodiment, the information generating module 740 may be configured to perform the step S240 described above, which is not described herein again.
The mapping relationship generating module 750 is configured to establish a mapping relationship between the N privileged nodes that encrypt the non-publicable information and the target information. In an embodiment, the mapping relationship generating module 750 may be configured to execute the step S250 described above, which is not described herein again.
The second processing module 760 is configured to store the target information in the first blockchain, and store the mapping relationship in the second blockchain. In an embodiment, the second processing module 760 may be configured to perform the step S260 described above, which is not described herein again.
According to the embodiment of the present disclosure, any plurality of the first obtaining module 710, the first processing module 720, the encrypting module 730, the information generating module 740, the mapping relation generating module 750, and the second processing module 760 may be combined into one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 710, the first processing module 720, the encrypting module 730, the information generating module 740, the mapping relation generating module 750, and the second processing module 760 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the first obtaining module 710, the first processing module 720, the encryption module 730, the information generating module 740, the mapping relationship generating module 750, and the second processing module 760 may be at least partially implemented as a computer program module, which may perform a corresponding function when executed.
In the disclosed embodiment, the public information is stored on the first blockchain in a public and transparent mode for other nodes to inquire and use; the non-public information is stored on the first block chain in a form of a ciphertext, and the encryption mode is stored on the second block chain in a form of a mapping relation (for example, the non-public information comprises a privileged node used for encryption) so as to be used for decrypting the ciphertext, so that the traceability of the information on the chain can be realized, meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage can be prevented.
In some embodiments, each of the plurality of privileged nodes has at least one key partition, and different privileged nodes have different key partitions. The encryption instructions are sent by at least one management node in the editable blockchain management system to N of the plurality of privileged nodes in a random manner.
The encryption module 730 is specifically configured to perform the following steps:
key blocks of each of the N privileged nodes that received the encryption instruction are obtained.
And the obtained key blocks form an encryption key.
And encrypting the non-public information according to a preset encryption algorithm based on the encryption key.
Wherein N is a positive integer, and M > N ≧ 2,M is the total number of privileged nodes in the editable blockchain management system.
In some embodiments, the encryption key comprises an SM4 encryption key and the encryption algorithm comprises an SM4 encryption algorithm, N =4.
In some embodiments, the mapping relationship includes a combination order in which the key partitions are used in composing the encryption key, and identity information of the privileged node to which each key partition belongs.
Based on the above information management method, some embodiments of the present disclosure further provide an information management apparatus, where the information management apparatus of these embodiments is applied to at least one management node of an editable blockchain management system, where the editable blockchain management system includes an editable first blockchain and a non-editable second blockchain, and an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an update operation occurring on the first blockchain. The apparatus will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of an information management apparatus in further embodiments of the present disclosure.
As shown in fig. 8, the information management apparatus 800 of this embodiment includes: a monitoring module 810, a second obtaining module 820 and a third processing module 830.
The monitor module 810 is configured to monitor the smart contract to determine whether an update operation is to be initiated on the first blockchain. In an embodiment, the monitoring module 810 may be configured to perform the step S410 described above, which is not described herein again.
The second obtaining module 820 is configured to obtain the update content matching the update operation when the update operation is to occur on the first blockchain. In an embodiment, the second obtaining module 820 may be configured to perform the step S420 described above, and is not described herein again.
The third processing module 830 is configured to, when the non-publicable information exists in the obtained update content, issue an encryption instruction to a plurality of privileged nodes in the editable blockchain management system. In an embodiment, the third processing module 830 may be configured to perform the step S430 described above, and is not described herein again.
According to an embodiment of the present disclosure, any multiple of the monitoring module 810, the second obtaining module 820 and the third processing module 830 may be combined and implemented in one module, or any one of the modules may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the monitoring module 810, the second obtaining module 820 and the third processing module 830 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or may be implemented by any one of three implementations of software, hardware and firmware, or any suitable combination of any of the three. Or at least one of the monitoring module 810, the second obtaining module 820 and the third processing module 830 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
In the embodiment of the disclosure, the updating operation to be initiated on the first blockchain can be timely discovered by monitoring the intelligent contract deployed on the second blockchain, and further, when the non-public information exists in the updating content, an encryption instruction can be sent, so that the privileged node stores the public information on the first blockchain in a public and transparent manner for other nodes to query and use; the non-public information is stored on the first block chain in a form of ciphertext, and the encryption mode is stored on the second block chain in a form of mapping relation (for example, including a privileged node for encryption) so as to be used for decrypting the ciphertext. Therefore, the traceability of the information on the chain can be realized, and meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage is prevented.
In some specific embodiments, when the update operation to be performed on the first blockchain includes an edit operation, the management node further issues an edit instruction to at least one of the privileged nodes when issuing the encryption instruction, the edit instruction configured to:
enabling the privileged node to take the target information as target content of the editing operation, and initiating the editing operation on the block to be edited through a chameleon trap door;
and the hash values of the edited content in the block before and after editing are the same.
In some embodiments, at least one of the blocks in the first blockchain is configured with an edit coefficient, and the smart contract is further configured to:
when the editing operation is initiated, configuring the editing coefficient of the block to be edited as a first value, the first value being configured to: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in an untrusted state according to the first value when reading the content in the block;
when the editing operation is completed, configuring the editing coefficient of the edited block as a second value, wherein the second value is configured to: enabling at least one common node of the editable blockchain management system to determine that the content in the block is in a trusted state according to the second value when the content in the block is read.
Some embodiments of the present disclosure also provide an editable blockchain management system, where the editable blockchain management system includes a first blockchain, a second blockchain, at least one management node, and a plurality of privileged nodes, and an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an update operation occurring on the first blockchain. The at least one privileged node comprises a first information management device and the at least one management node comprises a second information management device. The first information management apparatus includes: the device comprises a first acquisition module, a first processing module, an encryption module, an information generation module, a mapping relation generation module and a second processing module. The second information management apparatus includes: the device comprises a monitoring module, a second acquisition module and a third processing module.
The monitoring module is used for monitoring the intelligent contract to judge whether the first block chain initiates the updating operation.
The second obtaining module is used for obtaining the update content matched with the update operation when the update operation is about to occur on the first block chain.
And the third processing module is used for sending an encryption instruction to a plurality of privileged nodes in the editable blockchain management system when the acquired updated content has the non-public information.
The first obtaining module is used for responding to the encryption instruction and obtaining the information to be encrypted.
The first processing module is used for determining the public information and the non-public information from the information to be encrypted.
The encryption module is used for jointly receiving a plurality of privileged nodes of the encryption instruction and encrypting the non-publicable information to obtain a ciphertext of the non-publicable information.
The information generation module is used for generating target information according to the public information and the ciphertext.
The mapping relation generation module is used for establishing a mapping relation between the N privileged nodes for encrypting the non-publicable information and the target information.
The second processing module is used for storing the target information to the first block chain and storing the mapping relation to the second block chain.
In the disclosed embodiment, the public information is stored on the first blockchain in a public and transparent mode for other nodes to inquire and use; the non-public information is stored on the first block chain in a form of a ciphertext, and the encryption mode is stored on the second block chain in a form of a mapping relation (for example, the non-public information comprises a privileged node used for encryption) so as to be used for decrypting the ciphertext, so that the traceability of the information on the chain can be realized, meanwhile, the confidentiality of the non-public information can be ensured, and the information leakage can be prevented.
Fig. 9 schematically illustrates a block diagram of an electronic device suitable for implementing the information management method in some embodiments of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The above-described computer-readable storage medium carries one or more programs which, when executed, implement the information management method according to an embodiment of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated by the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the information management method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (13)
1. An information management method applied to at least one of a plurality of privileged nodes of an editable blockchain management system, the editable blockchain management system comprising an editable first blockchain and a non-editable second blockchain, the information management method comprising:
responding to the encryption instruction, and acquiring information to be encrypted;
determining publicable information and non-publicable information from the information to be encrypted;
jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-publicable information to obtain a ciphertext of the non-publicable information;
generating target information according to the publicable information and the ciphertext;
establishing a mapping relation between a plurality of privileged nodes encrypting the non-public information and the target information;
and storing the target information to the first block chain, and storing the mapping relation to the second block chain.
2. The information management method according to claim 1, wherein each of a plurality of said privileged nodes has at least one key partition, and different ones of said privileged nodes have different key partitions; the encryption instructions are sent by at least one management node in the editable blockchain management system to N of the plurality of privileged nodes in a random manner;
the jointly receiving a plurality of privileged nodes of the encryption instruction, encrypting the non-publicable information to obtain a ciphertext of the non-publicable information, includes:
obtaining the key block for each of the N privileged nodes that received the encryption instruction;
forming an encryption key by the obtained key blocks;
encrypting the non-public information according to a preset encryption algorithm based on the encryption key;
and N is a positive integer, M is more than N and more than or equal to 2, and M is the total number of privileged nodes in the editable block chain management system.
3. The information management method according to claim 2, wherein the encryption key includes an SM4 encryption key, the encryption algorithm includes an SM4 encryption algorithm, and N =4.
4. The information management method according to claim 2, wherein the mapping relationship includes a combination order adopted by the key blocks in composing the encryption key, and identity information of the privileged node to which each of the key blocks belongs.
5. An information management method applied to at least one management node of an editable blockchain management system, wherein the editable blockchain management system comprises an editable first blockchain and a non-editable second blockchain, an intelligent contract is configured in the second blockchain, and the intelligent contract is configured to record an updating operation occurring on the first blockchain, and the information management method comprises the following steps:
monitoring the intelligent contract to judge whether an updating operation is to be initiated on the first block chain;
when the updating operation is to occur on the first block chain, acquiring updating content matched with the updating operation;
and when the acquired updated content has non-public information, sending an encryption instruction to a plurality of privileged nodes in the editable blockchain management system.
6. The information management method according to claim 5, wherein when the update operation to be performed on the first blockchain includes an edit operation, the management node further issues an edit instruction to at least one of the privileged nodes when issuing the encryption instruction, the edit instruction being configured to:
enabling the privileged node to take the target information as target content of the editing operation, and initiating the editing operation on the block to be edited through a chameleon trap door;
and the hash values of the edited content in the block before and after editing are the same.
7. The information management method of claim 6, wherein at least one of the tiles in the first chain of tiles is configured with an editing coefficient, the smart contract further configured to:
when the editing operation is initiated, configuring the editing coefficient of the block to be edited as a first value, the first value being configured to: enabling at least one ordinary node of the editable blockchain management system to determine that the content in the block is in an untrusted state according to the first value when the content in the block is read;
when the editing operation is completed, configuring the editing coefficient of the edited block as a second value, wherein the second value is configured to: enabling at least one regular node of the editable blockchain management system to determine that the content in the block is in a trusted state according to the second value when the content in the block is read.
8. An information management apparatus applied to at least one of a plurality of privileged nodes of an editable blockchain management system including an editable first blockchain and a non-editable second blockchain, the information management apparatus comprising:
the first acquisition module is used for responding to the encryption instruction and acquiring the information to be encrypted;
the first processing module is used for determining the public information and the non-public information from the information to be encrypted;
the encryption module is used for jointly receiving a plurality of privileged nodes of the encryption instruction and encrypting the non-public-available information to obtain a ciphertext of the non-public-available information;
the information generation module is used for generating target information according to the publicable information and the ciphertext;
the mapping relation generation module is used for establishing a mapping relation between a plurality of privileged nodes which encrypt the non-public information and the target information;
and the second processing module is used for storing the target information to the first block chain and storing the mapping relation to the second block chain.
9. An information management apparatus applied in at least one management node of an editable blockchain management system, the editable blockchain management system including an editable first blockchain and a non-editable second blockchain, an intelligent contract being configured in the second blockchain, the intelligent contract being configured to record an update operation occurring on the first blockchain, the information management apparatus comprising:
the monitoring module is used for monitoring the intelligent contract to judge whether the first block chain initiates an updating operation;
a second obtaining module, configured to obtain, when the update operation is to occur on the first block chain, update content matched with the update operation;
and the third processing module is used for sending an encryption instruction to a plurality of privileged nodes in the editable blockchain management system when the acquired non-publicable information exists in the updated content.
10. An editable blockchain management system, comprising a first blockchain, a second blockchain, at least one management node and a plurality of privileged nodes, wherein the second blockchain is configured with an intelligent contract, and the intelligent contract is configured to record an update operation occurring on the first blockchain; the at least one privileged node comprises a first information management device and the at least one management node comprises a second information management device; the first information management apparatus includes: the device comprises a first acquisition module, a first processing module, an encryption module, an information generation module, a mapping relation generation module and a second processing module; the second information management apparatus includes: the monitoring module, the second acquisition module and the third processing module;
the monitoring module is used for monitoring the intelligent contract to judge whether an updating operation is to be initiated on the first block chain;
the second obtaining module is configured to obtain, when the update operation is to occur on the first block chain, update content matched with the update operation;
the third processing module is configured to, when the acquired update content includes non-publicable information, issue an encryption instruction to a plurality of privileged nodes in the editable blockchain management system;
the first acquisition module is used for responding to an encryption instruction and acquiring information to be encrypted;
the first processing module is used for determining the public information and the non-public information from the information to be encrypted;
the encryption module is used for jointly receiving a plurality of privileged nodes of the encryption instruction and encrypting the non-public-available information to obtain a ciphertext of the non-public-available information;
the information generation module is used for generating target information according to the publicable information and the ciphertext;
the mapping relation generation module is used for establishing a mapping relation between the N privileged nodes encrypting the non-public information and the target information;
the second processing module is configured to store the target information to the first blockchain, and store the mapping relationship to the second blockchain.
11. An electronic device, comprising:
one or more processors;
a storage device to store one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the information management method of any one of claims 1-7.
12. A computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the information management method according to any one of claims 1 to 7.
13. A computer program product, comprising a computer program which, when executed by a processor, implements an information management method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211365360.2A CN115914263A (en) | 2022-11-02 | 2022-11-02 | Information management method, device and editable block chain management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211365360.2A CN115914263A (en) | 2022-11-02 | 2022-11-02 | Information management method, device and editable block chain management system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115914263A true CN115914263A (en) | 2023-04-04 |
Family
ID=86492585
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211365360.2A Pending CN115914263A (en) | 2022-11-02 | 2022-11-02 | Information management method, device and editable block chain management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115914263A (en) |
-
2022
- 2022-11-02 CN CN202211365360.2A patent/CN115914263A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12028459B2 (en) | Multi-access edge computing node with distributed ledger | |
US11630808B2 (en) | Proof of lottery (PoL) blockchain | |
JP7076682B2 (en) | Data processing methods, devices, electronic devices and computer programs based on blockchain networks | |
CN109583885B (en) | Round control of rewritable block chains | |
CN109417483B (en) | Method and system for partitioning blockchains and enhancing privacy of licensed blockchains | |
CN110032873B (en) | Method and system for common election on moderately constrained blockchains | |
CN109450638B (en) | Block chain-based electronic component data management system and method | |
EP4120114A1 (en) | Data processing method and apparatus, smart device and storage medium | |
CN111295660B (en) | Computer-implemented system and method for connecting blockchain to digital twinning | |
US10721078B2 (en) | Method and system for efficient distribution of configuration data utilizing permissioned blockchain technology | |
CN110121727B (en) | Method and system for providing authenticated, auditable and immutable input for intelligent contracts | |
CN115210741B (en) | Partially ordered blockchain | |
CN108370318B (en) | Method and system for blockchain variants using digital signatures | |
CN112968764A (en) | Multi-link cipher logical block chain | |
EP3554042A1 (en) | Method and system for managing centralized encryption and data format validation for secure real time multi-party data distribution | |
JP2023530594A (en) | Permitted Event Processing in Distributed Databases | |
CN114912090A (en) | Block chain-based clinical test result mutual-recognition method and system | |
CN114239044B (en) | Decentralizing device retrospective shared access system | |
CN114978664A (en) | Data sharing method and device and electronic equipment | |
CN112883425B (en) | Block chain-based data processing method and block chain link point | |
US11917077B2 (en) | Method and system for quantum-resistant hashing scheme | |
CN115914263A (en) | Information management method, device and editable block chain management system | |
CN114503093A (en) | Method and system for distributing consistent ledger across multiple blockchains | |
Alhazmi et al. | BCSM: A BlockChain-based Security Manager for Big Data | |
US11699135B2 (en) | Method and system to delegate issuance capability to a third-party |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |