CN117294522A - Block chain-based financial data sharing method, device, equipment and storage medium - Google Patents

Block chain-based financial data sharing method, device, equipment and storage medium Download PDF

Info

Publication number
CN117294522A
CN117294522A CN202311433060.8A CN202311433060A CN117294522A CN 117294522 A CN117294522 A CN 117294522A CN 202311433060 A CN202311433060 A CN 202311433060A CN 117294522 A CN117294522 A CN 117294522A
Authority
CN
China
Prior art keywords
key
ciphertext
financial data
data
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311433060.8A
Other languages
Chinese (zh)
Inventor
孙爽
唐华云
李�荣
王延昭
陈式敏
陈浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Bond Jinke Information Technology Co ltd
Original Assignee
China Bond Jinke Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Bond Jinke Information Technology Co ltd filed Critical China Bond Jinke Information Technology Co ltd
Priority to CN202311433060.8A priority Critical patent/CN117294522A/en
Publication of CN117294522A publication Critical patent/CN117294522A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a financial data sharing method, device, equipment and storage medium based on a blockchain, and relates to the technical field of cryptography. The method comprises the following steps: based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of a financial data owner to obtain data ciphertext; determining a plurality of target nodes which have access to plaintext financial data and public keys corresponding to the target nodes; based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node; transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system; the first key value pair comprises a data ciphertext keyword corresponding to plaintext financial data and a data ciphertext; the second key value pair corresponding to any target node comprises a key ciphertext keyword corresponding to the target node and a key ciphertext. The invention can prevent the financial data from being leaked so as to improve the safety of the financial data.

Description

Block chain-based financial data sharing method, device, equipment and storage medium
Technical Field
The present invention relates to the field of cryptography, and in particular, to a blockchain-based financial data sharing method, apparatus, device, and storage medium.
Background
With the rapid development of the blockchain technology, the application scene of the blockchain is wider and wider. Because blockchains have the characteristics of difficult tampering, decentralization and the like of data, at present, most of financial data is stored and shared through the blockchains. The blockchain needs to complete consensus of the financial data in the public network, which causes sensitive data leakage in the financial data, reduces the data security of the financial data, and therefore needs to encrypt the financial data.
At present, a financial data owner encrypts financial data locally based on a key, then stores the encrypted data ciphertext in a blockchain, and shares the key to all other financial data visitors to realize the sharing of the financial data. However, since different financial data visitors have different access rights to the same financial data, the financial data may be shared to financial data visitors without access rights, thereby causing financial data leakage; in the sharing process, namely, the process of transmitting the secret key between devices, the secret key is possibly attacked, so that the secret key is revealed, and finally, the financial data is revealed.
Disclosure of Invention
The invention provides a financial data sharing method, device, equipment and storage medium based on a blockchain, which are used for solving the defect of financial data leakage in the prior art and realizing safe financial data sharing.
The invention provides a financial data sharing method based on a blockchain, which is applied to encryption nodes corresponding to financial data owners, and comprises the following steps:
based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of the financial data owner to obtain data ciphertext;
determining a plurality of target nodes which have access to the plaintext financial data, and public keys corresponding to the target nodes;
based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node;
transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system;
the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
According to the blockchain-based financial data sharing method provided by the invention, the public key corresponding to any target node is generated based on the node unique identity of the target node.
According to the blockchain-based financial data sharing method provided by the invention, the sending of the first key value pair corresponding to the plaintext financial data and the second key value pair corresponding to each target node to the blockchain system further includes:
acquiring node unique identity identifiers of all the target nodes;
and respectively generating key ciphertext keywords corresponding to the target nodes based on the unique node identity.
The invention also provides a financial data sharing method based on the blockchain, which is applied to the decryption nodes corresponding to the financial data visitors, and comprises the following steps:
transmitting a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key;
The key ciphertext keyword corresponding to the decryption node is sent to the blockchain system, so that the blockchain system can search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node;
acquiring the data ciphertext and the key ciphertext which are sent by the block chain system;
decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key;
and decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
According to the financial data sharing method based on the blockchain, the public key corresponding to the decryption node is generated based on the node unique identity of the decryption node; the private key corresponding to the decryption node is generated based on the node unique identity of the decryption node.
According to the blockchain-based financial data sharing method provided by the invention, the step of sending the key ciphertext keyword corresponding to the decryption node to the blockchain system further comprises the following steps:
And generating a key ciphertext keyword corresponding to the decryption node based on the node unique identity of the decryption node.
The invention also provides a financial data sharing device based on the blockchain, which is deployed at an encryption node corresponding to a financial data owner, and comprises:
the data encryption module is used for symmetrically encrypting the plaintext financial data of the financial data owner based on the symmetric encryption key to obtain a data ciphertext;
the public key determining module is used for determining a plurality of target nodes which have the right to access the plaintext financial data and public keys corresponding to the target nodes;
the key encryption module is used for respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphertext corresponding to the target nodes;
the ciphertext sending module is used for sending a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system;
the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
The invention also provides a financial data sharing device based on the blockchain, which is deployed at a decryption node corresponding to a financial data visitor, and comprises:
the system comprises a first sending module, a block chain system and a second sending module, wherein the first sending module is used for sending a data ciphertext keyword corresponding to plaintext financial data to be accessed to the block chain system, so that the block chain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, and the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key;
the second sending module is used for sending the key ciphertext keyword corresponding to the decryption node to the blockchain system so that the blockchain system can retrieve the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node;
the ciphertext acquisition module is used for acquiring the data ciphertext and the key ciphertext which are sent by the blockchain system;
the first decryption module is used for decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key;
And the second decryption module is used for decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the blockchain-based financial data sharing method as described in any of the above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a blockchain-based financial data sharing method as described in any of the above.
According to the blockchain-based financial data sharing method, device, equipment and storage medium, the plaintext financial data of a financial data owner is symmetrically encrypted based on the symmetric encryption key to obtain the data ciphertext, so that the encryption speed of the plaintext financial data is improved through symmetric encryption, and compared with asymmetric encryption, the problem of data ciphertext expansion is avoided; determining a plurality of target nodes with the right to access the plaintext financial data and public keys corresponding to the target nodes, and respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphers corresponding to the target nodes, so that the symmetric encryption keys are only encrypted based on the public keys corresponding to the target nodes with the right to access the plaintext financial data to obtain the key ciphers corresponding to the target nodes with the right to access the plaintext financial data, the target nodes with the right to access the plaintext financial data can decrypt the corresponding key ciphers to obtain the symmetric encryption keys, and the data ciphers can be decrypted based on the symmetric encryption keys to obtain the plaintext financial data, so that the financial data is ensured to be only shared to financial data visitors with access rights, financial data leakage is prevented, and the safety of the financial data is improved; the symmetric encryption key for encrypting the plaintext financial data is also encrypted, so that the symmetric encryption key is prevented from being leaked, the sharing safety of the symmetric encryption key is improved, and further, the financial data is prevented from being leaked, so that the safety of the financial data is improved; and sending the first key value pair corresponding to the plaintext financial data and the second key value pair corresponding to each target node to a blockchain system so as to realize the sharing of the plaintext financial data based on the blockchain system, thereby better realizing the sharing of the financial data by utilizing the characteristics of the blockchain.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a block chain based financial data sharing method according to the present invention;
FIG. 2 is a second flow chart of a block chain based financial data sharing method according to the present invention;
FIG. 3 is a schematic diagram of a block chain-based financial data sharing apparatus according to the present invention;
FIG. 4 is a second schematic diagram of a block-chain-based financial data sharing apparatus according to the present invention;
fig. 5 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
With the rapid development of the blockchain technology, the application scene of the blockchain is wider and wider. Because blockchains have the characteristics of difficult tampering, decentralization and the like of data, at present, most of financial data is stored and shared through the blockchains. The blockchain needs to complete consensus of the financial data in the public network, which causes sensitive data leakage in the financial data, reduces the data security of the financial data, and therefore needs to encrypt the financial data. For example, the blockchain provides data access and management services for users in a public sharing manner, so that privacy leakage risks exist in the process of combining with financial services.
At present, a financial data owner encrypts financial data locally based on a key, then stores the encrypted data ciphertext in a blockchain, and shares the key to all other financial data visitors to realize the sharing of the financial data. However, since different financial data visitors have different access rights to the same financial data, the financial data may be shared to financial data visitors without access rights, thereby causing financial data leakage; in the sharing process, namely, the process of transmitting the secret key between devices, the secret key is possibly attacked, so that the secret key is revealed, and finally, the financial data is revealed.
In view of the above problems, the present invention proposes the following embodiments. Fig. 1 is a schematic flow chart of a blockchain-based financial data sharing method according to the present invention, as shown in fig. 1, the blockchain-based financial data sharing method applied to an encryption node corresponding to a financial data owner includes:
and 110, symmetrically encrypting the plaintext financial data of the financial data owner based on the symmetrical encryption key to obtain a data ciphertext.
In the embodiment of the invention, the encryption node can be any node in a blockchain system. It should be understood that the encryption node may also be a decryption node corresponding to the visitor to the financial data.
Illustratively, the encryption node is a distributed service node corresponding to the financial direct-connection mechanism. The distributed service node is that the financial direct-connected machine establishes its own business operation system (such as blockchain pre-software) in the interior so as to connect the business operation system in the interior of the financial direct-connected machine with the blockchain system through the data interface of the blockchain pre-software, thereby realizing the distributed service. The financial direct-connection mechanism can realize the functions of real-time business operation, business data storage, business data query and the like through the block chain prepositive software, so that the instantaneity, the credibility and the flexibility of the business are greatly improved.
Here, the plaintext financial data is data owned by the financial data owner, that is, data provided by the plaintext financial data to the financial data owner, that is, data that the plaintext financial data is required to be shared by the financial data owner.
Here, the symmetric encryption key may be generated by the encryption node. Further, the symmetric encryption key may be a randomly generated key.
In an embodiment, the symmetric encryption key is generated based on a security parameter that characterizes a desired security level, which may be used to determine the length of the symmetric encryption key.
Step 120, determining a plurality of target nodes having access to the plaintext financial data, and a public key corresponding to each of the target nodes.
It should be noted that, for the plaintext financial data, different nodes (financial data visitors) have different access rights.
In some embodiments, a number of target nodes that have access to the plaintext financial data are determined from a known number of nodes (financial data visitors).
In one embodiment, a target class of plaintext financial data is determined, and based on the target class, a number of target nodes are determined from a known plurality of nodes that have access to the plaintext financial data. Specifically, a node-access right mapping relation corresponding to the target category is determined, and a plurality of target nodes which have the right to access the plaintext financial data are determined from a plurality of known nodes based on the node-access right mapping relation, wherein the node-access right mapping relation is used for representing the corresponding relation between the plurality of nodes and the access right. The access rights may include accessible rights and inaccessible rights.
In another embodiment, a target class of plaintext financial data is determined, and a known role class of a plurality of nodes is determined, from the known plurality of nodes, a number of target nodes having access to the plaintext financial data being determined based on the target class and the role class of the plurality of nodes. Illustratively, assume that the role categories include a core organization (core member), a financial service provider (important member), a member unit (general member), and a regulatory department (administrator), the financial data categories include core data, important data, and general data, and the mapping relationships between the financial data categories and the role categories and access rights are as shown in the following table:
in one embodiment, the public key corresponding to each target node is generated by the encryption node.
In another embodiment, the public key corresponding to each target node is generated by a key generation center. The public key corresponding to each target node can be directly sent to the encryption node from the key generation center; the public key corresponding to each node can be sent from the key generation center to the blockchain system in advance for storage, and then the encryption node acquires the public key corresponding to each target node stored in the blockchain system. Based on the method, when each encryption node needs to acquire the public key corresponding to the relevant node, the public key does not need to be generated by itself, so that the public key corresponding to each target node is acquired rapidly and conveniently.
And step 130, respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphertexts corresponding to the target nodes.
Specifically, based on the public key corresponding to each target node, asymmetric encryption is performed on the symmetric encryption key to obtain the key ciphertext corresponding to each target node.
In a specific embodiment, an identification cryptographic algorithm is adopted, and based on public keys corresponding to all target nodes, the symmetric encryption keys are respectively encrypted to obtain key ciphertexts corresponding to all target nodes.
Step 140, sending the first key value pair corresponding to the plaintext financial data and the second key value pair corresponding to each target node to a blockchain system, so as to realize sharing of the plaintext financial data based on the blockchain system.
The first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
Specifically, based on a data ciphertext keyword corresponding to plaintext financial data and the data ciphertext, a first key value pair corresponding to the plaintext financial data is established, namely the data ciphertext keyword is a key, and the data ciphertext is a value; establishing a second key value pair corresponding to each target node based on the key ciphertext keyword corresponding to each target node and the key ciphertext corresponding to each target node, wherein the key ciphertext keyword is a key, and the key ciphertext is a value; the first key value pair and each second key value pair are sent to the blockchain system.
It should be noted that different plaintext financial data corresponds to different data ciphertext keywords, and different target nodes correspond to different key ciphertext keywords.
In an embodiment, the data ciphertext keyword may be generated by the encryption node, which only needs to ensure that the encryption node and the decryption node generate the data ciphertext keyword by the same method, so as to ensure that a subsequent decryption node can accurately retrieve the data ciphertext corresponding to the plaintext financial data.
For the blockchain system, the blockchain system acquires a first key value pair and each second key value pair sent by the encryption node, and stores the first key value pair and each second key value pair to the blockchain system for subsequent retrieval to obtain the data ciphertext based on the data ciphertext keyword and for subsequent retrieval to obtain the corresponding key ciphertext based on the key ciphertext keyword. In one embodiment, the first key value pair and each second key value pair are stored to a ledger of the blockchain system. Further, the blockchain system determines that the first key value pair and each second key value pair are successfully stored, and returns storage success information to the encryption node so that the encryption node can know that the plaintext financial data of the encryption node is successfully stored. The blockchain system may be commonly maintained by a financial data owner and a financial data visitor.
It can be appreciated that storing the first key value pair and each second key value pair to an account book of the blockchain system for subsequent retrieval from the account book based on the data ciphertext keyword and the key ciphertext keyword to obtain the stored first key value pair and second key value pair; and meanwhile, determining successful storage, returning storage success information to the encryption node so that the encryption node can know that the plaintext financial data is successfully stored, and if the encryption node does not receive the storage success information, retransmitting the first key value pair and each second key value pair to ensure that the first key value pair and each second key value pair are successfully stored in the blockchain, thereby ensuring successful sharing of the financial data.
According to the block chain-based financial data sharing method provided by the embodiment of the invention, the plaintext financial data of the financial data owner is symmetrically encrypted based on the symmetric encryption key to obtain the data ciphertext, so that the encryption speed of the plaintext financial data is improved through symmetric encryption, and the problem of data ciphertext expansion is avoided compared with asymmetric encryption; determining a plurality of target nodes with the right to access the plaintext financial data and public keys corresponding to the target nodes, and respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphers corresponding to the target nodes, so that the symmetric encryption keys are only encrypted based on the public keys corresponding to the target nodes with the right to access the plaintext financial data to obtain the key ciphers corresponding to the target nodes with the right to access the plaintext financial data, the target nodes with the right to access the plaintext financial data can decrypt the corresponding key ciphers to obtain the symmetric encryption keys, and the data ciphers can be decrypted based on the symmetric encryption keys to obtain the plaintext financial data, so that the financial data is ensured to be only shared to financial data visitors with access rights, financial data leakage is prevented, and the safety of the financial data is improved; the symmetric encryption key for encrypting the plaintext financial data is also encrypted, so that the symmetric encryption key is prevented from being leaked, the sharing safety of the symmetric encryption key is improved, and further, the financial data is prevented from being leaked, so that the safety of the financial data is improved; and sending the first key value pair corresponding to the plaintext financial data and the second key value pair corresponding to each target node to a blockchain system so as to realize the sharing of the plaintext financial data based on the blockchain system, thereby better realizing the sharing of the financial data by utilizing the characteristics of the blockchain.
Based on any of the above embodiments, considering that in the conventional centralized system, the owner of the financial data only needs to protect the privacy security of the financial data in the transmission process, the corresponding certificate is only issued by the PKI (Public Key Infrastructure ) of the server; however, in the blockchain, each party in the blockchain is required to issue a certificate corresponding to PKI in the blockchain, in order to complete fine-grained data protection and secure data sharing, the whole system faces a complicated certificate management problem, and in order to reduce the complexity of certificate transmission, each party generally transmits the certificate of the party to the blockchain for storage, but the blockchain retrieval efficiency has a bottleneck, so that encryption based on a certificate system is extremely serious, and based on the fact, a public key corresponding to any target node is generated based on a node unique identity of the target node.
Here, the node unique identity is used to uniquely identify the node. Further, each node (each participant) of the blockchain system has a corresponding node unique identity.
In one embodiment, the public key corresponding to any target node is generated by the encryption node based on the node unique identity of the target node.
In another embodiment, the public key corresponding to any target node is generated by the key generation center based on the node unique identity of the target node.
According to the financial data sharing method based on the blockchain, the public key corresponding to the target node is generated based on the node unique identity of the target node, so that the node unique identity of the target node can be determined based on the public key, a certificate is not required to be applied for the public key corresponding to the target node, encryption complexity is further reduced, and encryption efficiency is finally improved.
Based on any of the above embodiments, prior to step 140 above, the method further comprises:
acquiring node unique identity identifiers of all the target nodes;
and respectively generating key ciphertext keywords corresponding to the target nodes based on the unique node identity.
Here, the node unique identity is used to uniquely identify the node. Further, each node (each participant) of the blockchain system has a corresponding node unique identity.
The key ciphertext keyword can be generated by the encryption node, and the encryption node and the decryption node only need to generate the key ciphertext keyword by adopting the same method, so that the subsequent decryption node can accurately retrieve the corresponding key ciphertext.
According to the block chain-based financial data sharing method provided by the embodiment of the invention, key ciphertext keywords corresponding to each target node are respectively generated based on the unique identity of each node, so that each target node can be ensured to generate the key ciphertext keywords corresponding to each target node based on the same keyword generation method, and further, for any target node, the target node can quickly and accurately search the key ciphertext corresponding to the target node based on the key ciphertext keywords corresponding to the target node, thereby improving the search efficiency and the search accuracy, and finally improving the sharing efficiency and the sharing accuracy of financial data.
The invention also provides a block chain-based financial data sharing method applied to the decryption node corresponding to the financial data visitor. Fig. 2 is a second flowchart of a blockchain-based financial data sharing method according to the present invention, as shown in fig. 2, the blockchain-based financial data sharing method applied to a decryption node corresponding to a financial data visitor includes:
step 210, a data ciphertext keyword corresponding to plaintext financial data to be accessed is sent to a blockchain system, so that the blockchain system can retrieve and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key.
Here, the visitor to the financial data is a visitor to the plain financial data, which may also be a processor of the plain financial data.
In an embodiment, the data ciphertext keyword may be generated by the decryption node, which only needs to ensure that the encryption node and the decryption node generate the data ciphertext keyword by adopting the same method, so as to ensure that the block chain system can accurately retrieve the data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword.
And for the block chain system, based on the mapping relation between the data ciphertext keyword and the data ciphertext, retrieving to obtain the data ciphertext corresponding to the data ciphertext keyword, and transmitting the data ciphertext to the decryption node.
Step 220, sending the key ciphertext keyword corresponding to the decryption node to the blockchain system, so that the blockchain system can retrieve and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, wherein the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node.
And 230, acquiring the data ciphertext and the key ciphertext which are transmitted by the block chain system.
In an embodiment, the key ciphertext keyword may be generated by the decryption node, which only needs to ensure that the encryption node and the decryption node generate the key ciphertext keyword by adopting the same method, so as to ensure that the block chain system can accurately retrieve the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword.
And for the blockchain system, based on the mapping relation between the key ciphertext keyword and the key ciphertext, retrieving to obtain the key ciphertext corresponding to the key ciphertext keyword, and transmitting the key ciphertext to the decryption node.
And step 240, decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key.
Specifically, based on a private key corresponding to the decryption node, asymmetric decryption is performed on the key ciphertext to obtain a symmetric encryption key.
And step 250, decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
It should be noted that, because the data ciphertext is obtained by symmetrically encrypting the plaintext financial data based on the symmetric encryption key, correspondingly, the data ciphertext can be decrypted based on the symmetric encryption key to obtain the plaintext financial data.
According to the block chain-based financial data sharing method provided by the embodiment of the invention, the data ciphertext is obtained by symmetrically encrypting plaintext financial data of a financial data owner based on the symmetric encryption key, so that the encryption speed of the plaintext financial data is improved through symmetric encryption, and compared with asymmetric encryption, the problem of data ciphertext expansion does not occur; the method comprises the steps of sending a key ciphertext keyword corresponding to a decryption node to a blockchain system, so that the blockchain system can retrieve and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, so that the decryption node which has the right to access the plaintext financial data can decrypt the corresponding key ciphertext to obtain a symmetric encryption key, and further can decrypt the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data, thereby ensuring that the financial data is only shared to a financial data visitor with access rights, preventing the financial data from being revealed, and improving the safety of the financial data; the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node, so that the symmetric encryption key is prevented from being leaked, the sharing safety of the symmetric encryption key is improved, and further financial data is prevented from being leaked, so that the safety of the financial data is improved; and sending the data ciphertext keywords corresponding to the plaintext financial data to be accessed to a blockchain system so as to realize the sharing of the plaintext financial data based on the blockchain system, thereby better realizing the sharing of the financial data by utilizing the characteristics of the blockchain.
Based on any embodiment, considering that in the traditional centralized system, the owner of the financial data only needs to protect the privacy security of the financial data in the transmission process, and the corresponding certificate is only issued by the PKI of the server; however, in the blockchain, each party in the blockchain is required to issue a certificate corresponding to PKI in the blockchain, in order to complete fine-grained data protection and safe data sharing, the whole system faces the problem of complicated certificate management, and in order to reduce the complexity of certificate transmission, each party generally transmits the certificate of the party to the blockchain for storage, but the blockchain retrieval efficiency has a bottleneck, so that the encryption time based on a certificate system is very serious, and based on the fact, the public key corresponding to the decryption node is generated based on the unique node identity of the decryption node; the private key corresponding to the decryption node is generated based on the node unique identity of the decryption node.
Here, the node unique identity is used to uniquely identify the decryption node. Further, each node (each participant) of the blockchain system has a corresponding node unique identity.
In one embodiment, the public key corresponding to the decryption node is generated by the encryption node based on the node unique identity of the decryption node.
In another embodiment, the public key corresponding to the decryption node is generated by a key generation center based on the node unique identity of the decryption node.
In one embodiment, the private key corresponding to the decryption node is generated by the key generation center based on the node unique identity of the decryption node. Further, the private key corresponding to the decryption node is generated by the key generation center based on the node unique identity of the decryption node and the security parameter. The security parameters are used to characterize the required security level, which may be entered by the data owner. It should be understood that the key generation center may determine, according to the number of participants in the blockchain system, a node unique identity of each node, and further generate, based on the security parameter input by the data owner and the unique identity of each node, a private key corresponding to each node.
According to the financial data sharing method based on the blockchain, the public key corresponding to the decryption node is generated based on the node unique identity of the decryption node, so that the node unique identity of the decryption node can be determined based on the public key, certificates are not required to be applied for the public key corresponding to the decryption node, encryption complexity is further reduced, and encryption efficiency is finally improved; correspondingly, the private key corresponding to the decryption node is also generated based on the node unique identity of the decryption node.
Based on any of the above embodiments, prior to step 220 above, the method further comprises:
and generating a key ciphertext keyword corresponding to the decryption node based on the node unique identity of the decryption node.
Here, the node unique identity is used to uniquely identify the decryption node. Further, each node (each participant) of the blockchain system has a corresponding node unique identity.
The key ciphertext keyword can be generated by the decryption node, and the encryption node and the decryption node only need to generate the key ciphertext keyword by adopting the same method, so that the subsequent blockchain system can accurately retrieve the corresponding key ciphertext.
According to the block chain-based financial data sharing method provided by the embodiment of the invention, the key ciphertext keyword corresponding to the decryption node is quickly and accurately generated based on the node unique identity of the decryption node, so that the block chain system can quickly and accurately search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, the search efficiency and the search accuracy are further improved, and finally the financial data sharing efficiency and the financial data sharing accuracy are improved.
The blockchain-based financial data sharing device provided by the invention is described below, and the blockchain-based financial data sharing device described below and the blockchain-based financial data sharing method described above can be correspondingly referred to each other.
Fig. 3 is a schematic structural diagram of a blockchain-based financial data sharing device according to the present invention, as shown in fig. 3, the blockchain-based financial data sharing device disposed at an encryption node corresponding to a financial data owner includes:
the data encryption module 310 is configured to symmetrically encrypt plaintext financial data of the financial data owner based on a symmetric encryption key to obtain a data ciphertext;
a public key determining module 320, configured to determine a plurality of target nodes that have access to the plaintext financial data, and a public key corresponding to each of the target nodes;
the key encryption module 330 is configured to encrypt the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphertext corresponding to the target nodes;
the ciphertext sending module 340 is configured to send a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each of the target nodes to a blockchain system, so as to realize sharing of the plaintext financial data based on the blockchain system;
the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
According to the financial data sharing device based on the blockchain, provided by the embodiment of the invention, the plaintext financial data of a financial data owner is symmetrically encrypted based on the symmetric encryption key to obtain the data ciphertext, so that the encryption speed of the plaintext financial data is improved through symmetric encryption, and the problem of data ciphertext expansion is avoided compared with asymmetric encryption; determining a plurality of target nodes with the right to access the plaintext financial data and public keys corresponding to the target nodes, and respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphers corresponding to the target nodes, so that the symmetric encryption keys are only encrypted based on the public keys corresponding to the target nodes with the right to access the plaintext financial data to obtain the key ciphers corresponding to the target nodes with the right to access the plaintext financial data, the target nodes with the right to access the plaintext financial data can decrypt the corresponding key ciphers to obtain the symmetric encryption keys, and the data ciphers can be decrypted based on the symmetric encryption keys to obtain the plaintext financial data, so that the financial data is ensured to be only shared to financial data visitors with access rights, financial data leakage is prevented, and the safety of the financial data is improved; the symmetric encryption key for encrypting the plaintext financial data is also encrypted, so that the symmetric encryption key is prevented from being leaked, the sharing safety of the symmetric encryption key is improved, and further, the financial data is prevented from being leaked, so that the safety of the financial data is improved; and sending the first key value pair corresponding to the plaintext financial data and the second key value pair corresponding to each target node to a blockchain system so as to realize the sharing of the plaintext financial data based on the blockchain system, thereby better realizing the sharing of the financial data by utilizing the characteristics of the blockchain.
Based on any of the above embodiments, the public key corresponding to any of the target nodes is generated based on the node unique identity of the target node.
Based on any of the above embodiments, the apparatus further comprises:
the identification acquisition module is used for acquiring the node unique identification of each target node;
the first generation module is used for respectively generating key ciphertext keywords corresponding to the target nodes based on the unique identity identifiers of the nodes.
Fig. 4 is a second schematic structural diagram of a blockchain-based financial data sharing device according to the present invention, as shown in fig. 4, the blockchain-based financial data sharing device disposed at a decryption node corresponding to a financial data visitor includes:
a first sending module 410, configured to send a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system retrieves, based on the data ciphertext keyword, a data ciphertext corresponding to the data ciphertext keyword, where the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key;
a second sending module 420, configured to send a key ciphertext keyword corresponding to the decryption node to the blockchain system, so that the blockchain system retrieves, based on the key ciphertext keyword, a key ciphertext corresponding to the key ciphertext keyword, where the key ciphertext is obtained by encrypting the symmetric encryption key based on a public key corresponding to the decryption node;
The ciphertext acquisition module is used for acquiring the data ciphertext and the key ciphertext which are sent by the blockchain system;
the first decryption module 430 is configured to decrypt the key ciphertext based on a private key corresponding to the decryption node to obtain the symmetric encryption key;
the second decryption module 440 is configured to decrypt the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
According to the financial data sharing device based on the blockchain, which is provided by the embodiment of the invention, the data ciphertext is obtained by symmetrically encrypting plaintext financial data of a financial data owner based on the symmetric encryption key, so that the encryption speed of the plaintext financial data is improved through symmetric encryption, and compared with asymmetric encryption, the problem of data ciphertext expansion does not occur; the method comprises the steps of sending a key ciphertext keyword corresponding to a decryption node to a blockchain system, so that the blockchain system can retrieve and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, so that the decryption node which has the right to access the plaintext financial data can decrypt the corresponding key ciphertext to obtain a symmetric encryption key, and further can decrypt the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data, thereby ensuring that the financial data is only shared to a financial data visitor with access rights, preventing the financial data from being revealed, and improving the safety of the financial data; the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node, so that the symmetric encryption key is prevented from being leaked, the sharing safety of the symmetric encryption key is improved, and further financial data is prevented from being leaked, so that the safety of the financial data is improved; and sending the data ciphertext keywords corresponding to the plaintext financial data to be accessed to a blockchain system so as to realize the sharing of the plaintext financial data based on the blockchain system, thereby better realizing the sharing of the financial data by utilizing the characteristics of the blockchain.
Based on any of the above embodiments, the public key corresponding to the decryption node is generated based on a node unique identity of the decryption node; the private key corresponding to the decryption node is generated based on the node unique identity of the decryption node.
Based on any of the above embodiments, the apparatus further comprises:
and the second generation module is used for generating a key ciphertext keyword corresponding to the decryption node based on the node unique identity of the decryption node.
Fig. 5 illustrates a physical schematic diagram of an electronic device, as shown in fig. 5, which may include: processor 510, communication interface (Communications Interface) 520, memory 530, and communication bus 540, wherein processor 510, communication interface 520, memory 530 complete communication with each other through communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform a blockchain-based financial data sharing method applied to an encryption node corresponding to a financial data owner, the method comprising: based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of the financial data owner to obtain data ciphertext; determining a plurality of target nodes which have access to the plaintext financial data, and public keys corresponding to the target nodes; based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node; transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system; the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword. Or, executing a blockchain-based financial data sharing method applied to a decryption node corresponding to a financial data visitor, the method comprising: transmitting a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key; the key ciphertext keyword corresponding to the decryption node is sent to the blockchain system, so that the blockchain system can search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node; acquiring the data ciphertext and the key ciphertext which are sent by the block chain system; decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key; and decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
Further, the logic instructions in the memory 530 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of executing the blockchain-based financial data sharing method applied to an encryption node corresponding to a financial data owner provided by the methods above, the method comprising: based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of the financial data owner to obtain data ciphertext; determining a plurality of target nodes which have access to the plaintext financial data, and public keys corresponding to the target nodes; based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node; transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system; the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword. Or, the computer can execute the blockchain-based financial data sharing method applied to the decryption node corresponding to the financial data visitor, which is provided by the methods, and the method comprises the following steps: transmitting a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key; the key ciphertext keyword corresponding to the decryption node is sent to the blockchain system, so that the blockchain system can search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node; acquiring the data ciphertext and the key ciphertext which are sent by the block chain system; decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key; and decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the blockchain-based financial data sharing method provided by the methods above applied to an encryption node corresponding to a financial data owner, the method comprising: based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of the financial data owner to obtain data ciphertext; determining a plurality of target nodes which have access to the plaintext financial data, and public keys corresponding to the target nodes; based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node; transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system; the first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword. Or, the computer program is implemented when executed by a processor to perform the blockchain-based financial data sharing method applied to a decryption node corresponding to a financial data visitor provided by the methods, where the method includes: transmitting a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key; the key ciphertext keyword corresponding to the decryption node is sent to the blockchain system, so that the blockchain system can search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node; acquiring the data ciphertext and the key ciphertext which are sent by the block chain system; decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key; and decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A blockchain-based financial data sharing method, applied to an encryption node corresponding to a financial data owner, the method comprising:
based on the symmetric encryption key, carrying out symmetric encryption on plaintext financial data of the financial data owner to obtain data ciphertext;
determining a plurality of target nodes which have access to the plaintext financial data, and public keys corresponding to the target nodes;
based on the public key corresponding to each target node, encrypting the symmetric encryption key to obtain a key ciphertext corresponding to each target node;
transmitting a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system;
The first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
2. The blockchain-based financial data sharing method of claim 1, wherein the public key corresponding to any of the target nodes is generated based on a node unique identity of the target node.
3. The blockchain-based financial data sharing method of claim 1, wherein the sending the first key-value pair corresponding to the plaintext financial data and the second key-value pair corresponding to each of the target nodes to a blockchain system further comprises:
acquiring node unique identity identifiers of all the target nodes;
and respectively generating key ciphertext keywords corresponding to the target nodes based on the unique node identity.
4. A blockchain-based financial data sharing method, which is applied to decryption nodes corresponding to financial data visitors, the method comprising:
Transmitting a data ciphertext keyword corresponding to plaintext financial data to be accessed to a blockchain system, so that the blockchain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, wherein the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key;
the key ciphertext keyword corresponding to the decryption node is sent to the blockchain system, so that the blockchain system can search and obtain the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node;
acquiring the data ciphertext and the key ciphertext which are sent by the block chain system;
decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key;
and decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
5. The blockchain-based financial data sharing method of claim 4, wherein the public key corresponding to the decryption node is generated based on a node unique identity of the decryption node; the private key corresponding to the decryption node is generated based on the node unique identity of the decryption node.
6. The blockchain-based financial data sharing method of claim 4, wherein the sending the key ciphertext key corresponding to the decryption node to the blockchain system further comprises:
and generating a key ciphertext keyword corresponding to the decryption node based on the node unique identity of the decryption node.
7. A blockchain-based financial data sharing device, deployed at an encryption node corresponding to a financial data owner, the device comprising:
the data encryption module is used for symmetrically encrypting the plaintext financial data of the financial data owner based on the symmetric encryption key to obtain a data ciphertext;
the public key determining module is used for determining a plurality of target nodes which have the right to access the plaintext financial data and public keys corresponding to the target nodes;
the key encryption module is used for respectively encrypting the symmetric encryption keys based on the public keys corresponding to the target nodes to obtain key ciphertext corresponding to the target nodes;
the ciphertext sending module is used for sending a first key value pair corresponding to the plaintext financial data and a second key value pair corresponding to each target node to a blockchain system so as to realize sharing of the plaintext financial data based on the blockchain system;
The first key value pair comprises a data ciphertext keyword corresponding to the plaintext financial data and the data ciphertext corresponding to the data ciphertext keyword; any second key value pair corresponding to the target node comprises a key ciphertext keyword corresponding to the target node and the key ciphertext corresponding to the key ciphertext keyword.
8. A blockchain-based financial data sharing device, deployed at a decryption node corresponding to a financial data visitor, the device comprising:
the system comprises a first sending module, a block chain system and a second sending module, wherein the first sending module is used for sending a data ciphertext keyword corresponding to plaintext financial data to be accessed to the block chain system, so that the block chain system can search and obtain a data ciphertext corresponding to the data ciphertext keyword based on the data ciphertext keyword, and the data ciphertext is obtained by symmetrically encrypting the plaintext financial data of a financial data owner based on a symmetric encryption key;
the second sending module is used for sending the key ciphertext keyword corresponding to the decryption node to the blockchain system so that the blockchain system can retrieve the key ciphertext corresponding to the key ciphertext keyword based on the key ciphertext keyword, and the key ciphertext is obtained by encrypting the symmetric encryption key based on the public key corresponding to the decryption node;
The ciphertext acquisition module is used for acquiring the data ciphertext and the key ciphertext which are sent by the blockchain system;
the first decryption module is used for decrypting the key ciphertext based on the private key corresponding to the decryption node to obtain the symmetric encryption key;
and the second decryption module is used for decrypting the data ciphertext based on the symmetric encryption key to obtain the plaintext financial data.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the blockchain-based financial data sharing method of any of claims 1 to 6 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the blockchain-based financial data sharing method of any of claims 1 to 6.
CN202311433060.8A 2023-10-31 2023-10-31 Block chain-based financial data sharing method, device, equipment and storage medium Pending CN117294522A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311433060.8A CN117294522A (en) 2023-10-31 2023-10-31 Block chain-based financial data sharing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311433060.8A CN117294522A (en) 2023-10-31 2023-10-31 Block chain-based financial data sharing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117294522A true CN117294522A (en) 2023-12-26

Family

ID=89257285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311433060.8A Pending CN117294522A (en) 2023-10-31 2023-10-31 Block chain-based financial data sharing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117294522A (en)

Similar Documents

Publication Publication Date Title
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
US20230254129A1 (en) Key management for multi-party computation
CN111371790B (en) Data encryption sending method based on alliance chain, related method, device and system
US8683204B2 (en) Efficient techniques for achieving secure transactions using tamper-resistant tokens
US20120087495A1 (en) Method for generating an encryption/decryption key
US11374910B2 (en) Method and apparatus for effecting a data-based activity
JP2023500570A (en) Digital signature generation using cold wallet
CN111510288B (en) Key management method, electronic device and storage medium
US20200358622A1 (en) Anonymous broadcast method, key exchange method, anonymous broadcast system, key exchange system, communication device, and program
CN115473655B (en) Terminal authentication method, device and storage medium for access network
US11637817B2 (en) Method and apparatus for effecting a data-based activity
US10699021B2 (en) Method and a device for secure storage of at least one element of digital information, and system comprising such device
CN106257859A (en) A kind of password using method
JPH0969831A (en) Cipher communication system
Chang et al. Multi-user searchable encryption scheme with constant-size keys
CN106972928B (en) Bastion machine private key management method, device and system
CN112398818B (en) Software activation method and related device thereof
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN117294522A (en) Block chain-based financial data sharing method, device, equipment and storage medium
KR20170001633A (en) Tokenization-based encryption key managemnent sytem and method
CN116599771B (en) Data hierarchical protection transmission method and device, storage medium and terminal
CN117155715B (en) Block chain-based financial data sharing method, device, equipment and storage medium
JPH09326789A (en) Opposite party verification method and system in communication between portable radio terminal equipments
JP3721176B2 (en) Authentication system and encrypted communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination