WO2019205380A1 - 电子装置、基于区块链的数据处理方法、程序和计算机存储介质 - Google Patents

电子装置、基于区块链的数据处理方法、程序和计算机存储介质 Download PDF

Info

Publication number
WO2019205380A1
WO2019205380A1 PCT/CN2018/102130 CN2018102130W WO2019205380A1 WO 2019205380 A1 WO2019205380 A1 WO 2019205380A1 CN 2018102130 W CN2018102130 W CN 2018102130W WO 2019205380 A1 WO2019205380 A1 WO 2019205380A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
key
authorized
identification information
Prior art date
Application number
PCT/CN2018/102130
Other languages
English (en)
French (fr)
Inventor
陈文博
刘�英
周鹏华
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019205380A1 publication Critical patent/WO2019205380A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an electronic device, a blockchain-based data processing method, a program, and a computer storage medium.
  • the blockchain is essentially a distributed database based on smart contracts.
  • the information on the blockchain is shared by all P2P (Peer-to-peer) networks to all nodes. Due to the advantages of tamper resistance, high transparency and decentralization, blockchain has been widely used in various fields in recent years.
  • the blockchain stores data in plaintext, that is, the data stored in any node in the blockchain will be synchronized to all nodes in the blockchain. Therefore, it is difficult to secure the information for data with confidentiality requirements. Sex.
  • the main purpose of the present application is to provide an electronic device, a blockchain-based data processing method, a program, and a computer storage medium, aiming at solving the problem that the blockchain is difficult to ensure the security of its stored data.
  • the present application provides an electronic device including a memory and a processor, and the memory stores a blockchain-based data processing program executable on the processor, the The data processing program of the blockchain is implemented by the processor to implement the following steps:
  • the encrypted data to be written is stored to Each node in the blockchain;
  • the data to be written is directly stored to each node in the blockchain.
  • the present application further provides a blockchain-based data processing method, the method comprising the steps of:
  • the encrypted data to be written is stored to Each node in the blockchain;
  • the data to be written is directly stored to each node in the blockchain.
  • the present application further provides a blockchain-based data processing program, where the blockchain-based data processing program includes:
  • a receiving module configured to receive a data write request that carries confidential attribute information
  • a determining module configured to determine, according to the secret attribute information, whether to perform encryption processing on the data to be written corresponding to the data write request;
  • a first writing module configured to: when determining to perform encryption processing on the to-be-written data, encrypting the to-be-written data according to the confidentiality attribute information, and encrypting the to-be-written data according to a predetermined encryption rule
  • the data to be written is stored in each node in the blockchain;
  • a second writing module configured to directly store the data to be written into each node in the blockchain when it is determined that the data to be written is not encrypted.
  • the present application further provides a computer readable storage medium storing a blockchain-based data processing program, the blockchain-based data processing program being at least A processor executes to cause the at least one processor to perform the following steps:
  • the encrypted data to be written is stored to Each node in the blockchain;
  • the data to be written is directly stored to each node in the blockchain.
  • the present application determines, according to the confidentiality attribute information, whether to perform the encryption processing on the write data, and when it is determined that the data to be written is encrypted, according to the secret attribute information, and the to-be-written according to the predetermined encryption rule.
  • the incoming data is encrypted, and the encrypted data to be written is stored in each node in the blockchain. Compared with the prior art, the present application improves the security of the blockchain data without affecting the data sharing of the blockchain.
  • FIG. 1 is a schematic flowchart of a first embodiment of a data processing method based on a blockchain according to the present application
  • FIG. 2 is a schematic flowchart of a second embodiment of a data processing method based on a blockchain according to the present application
  • FIG. 3 is a schematic diagram of an operating environment of the first, second, and third embodiments of the blockchain-based data processing program according to the present application;
  • FIG. 4 is a program module diagram of a first embodiment of a blockchain-based data processing program according to the present application.
  • FIG. 5 is a schematic diagram of a program module of a second embodiment of a blockchain-based data processing program according to the present application.
  • the blockchain-based data processing method is applicable to a blockchain-based public interest system, the system includes a plurality of application ends, and each of the The node device corresponding to the application end, the node device is preferably a node device in the alliance chain, and the application end includes a public welfare platform and a public interest object platform, and the node device includes a public welfare platform node device corresponding to the public welfare platform, and the public welfare object platform corresponds to Public interest object platform node device.
  • the blockchain-based public welfare system further includes: a plurality of public welfare platform employee management subsystems, and a public welfare platform employee management node device corresponding to each public welfare platform employee management subsystem, a plurality of notarization institution platforms, and each notarization Notarization agency node equipment corresponding to the organization platform.
  • the encryption and decryption module can be set in the server of the application end, or can be set in the node device (for example, if it is set in the node device, the encryption and decryption module can be a smart contract corresponding to the node device), in addition, the encryption and decryption The module can also be independently placed in any other suitable electronic device or device. It should be noted that the application body of the blockchain-based data processing method is not limited in this application.
  • FIG. 1 is a schematic flowchart of a first embodiment of a data processing method based on a blockchain according to the present application.
  • the method includes:
  • Step S10 receiving a data write request carrying the confidential attribute information.
  • the encryption and decryption module is set in the application server, the data write request sent by the application user is directly received by the application end.
  • the user sends a data write request to the application end, and the application end forwards the data write request to the encryption and decryption module.
  • the user sends a data write request to the application end, and the application end signs the data write request with the application-side private key, and sends the signature-written data write request to the
  • the node device After the node device receives the data write request of the signature signature, the node device checks the data write request; if the verification is successful, sends the data write request to the encryption and decryption module; if the verification fails , the data write request is discarded.
  • the security attribute information may be set by the user, or may be determined by the encryption and decryption module according to a preset rule (for example, extracting feature information data of the data to be written, and determining the to-be-written based on the association relationship between the predetermined feature information data and the confidential attribute information.
  • the secret attribute information corresponding to the data entry is determined by the secret attribute information corresponding to the data to be written corresponding to the data write request.
  • the above-mentioned confidential attribute information includes: confidential identification information (for example, non-confidential, confidential) and/or authorization information (for example, authorized party information, authorization period, etc.).
  • confidential identification information for example, non-confidential, confidential
  • authorization information for example, authorized party information, authorization period, etc.
  • the method further includes:
  • the encryption and decryption module When the user first registers on the application end, the encryption and decryption module generates a user private key, a user public key, and a user key for the user.
  • the generated user private key, user public key, and user key are sent to the user.
  • Encrypting the user private key and the user key according to a preset key encryption rule for example, encrypting the user private key and the user key by using an organization key
  • Encrypting the encrypted user private key And storing the user key in a key set corresponding to the user, and storing a mapping relationship between the user identification information and the key set.
  • the mapping relationship between the key set, the user identifier information, and the key set may be stored in a local storage space (such as an encryption and decryption module), or may be stored in each node in the blockchain;
  • the key refers to the user key of the device.
  • the organization key is a symmetric encryption key of the application end.
  • the organization key is A symmetric encryption key of the node device.
  • the encryption and decryption module is independently disposed in an electronic device, the organization key is a symmetric encryption key of the electronic device.
  • the user private key is the user's asymmetric encryption private key
  • the user public key is the user's asymmetric encryption public key
  • the user key is the user's symmetric encryption key.
  • mapping relationship between the keys is stored on each node in the blockchain.
  • the user key and the user private key are stored by encryption, and then can be prevented from being stolen by others, thereby improving the security of the private key of the user key set user.
  • Step S20 Determine, according to the secret attribute information, whether to perform encryption processing on the data to be written corresponding to the data write request.
  • the step S20 is specifically:
  • Step S21 Read the secret identifier information in the secret attribute information, and determine, according to the secret identifier information, whether to perform encryption processing on the to-be-written data. For example, the security identification information is parsed to obtain the analysis result. If the analysis result is “secure”, it is determined that the data to be written is encrypted. If the analysis result is “public”, it is determined that the to-be-written is not performed. The data is encrypted.
  • step S21 can be replaced by the following step S22:
  • Step S22 Read authorization information in the secret attribute information, and determine, according to the authorization information, whether to perform encryption processing on the to-be-written data. For example, the authorized party information in the authorization information is parsed to obtain an analysis result, and if the parsing result is “no authorized party”, “authorized party is XX user” or “authorized party is XX application end user” And determining to perform encryption processing on the data to be written. If the analysis result is “the authorized party is all users”, it is determined that the data to be written is not encrypted.
  • Step S30 when it is determined that the data to be written is encrypted, according to the confidential attribute information, and after the data to be written is encrypted according to a predetermined encryption rule, the encrypted to be written is to be written.
  • the data is stored to each node in the blockchain.
  • the predetermined encryption rule is specifically:
  • the foregoing classification rule may be set by the user according to requirements, or may be set by the encryption and decryption module, for example, extracting data feature information of the data to be written, and determining the to-before based on a mapping relationship between the predetermined data feature information and the data category.
  • the foregoing encryption rule may encrypt data according to the data category, and the user may authorize data corresponding to one or more data categories to others according to the need, thereby improving the flexibility of data authorization and further improving the data.
  • the security of the data may be encrypt data according to the data category, and the user may authorize data corresponding to one or more data categories to others according to the need, thereby improving the flexibility of data authorization and further improving the data. The security of the data.
  • the step of acquiring the user key corresponding to the user key identification information is specifically:
  • the user key of the data write request initiator is hosted by the encryption and decryption module, acquiring a key set corresponding to the data write request initiator; wherein the data write request initiator All user keys are encrypted and processed according to a preset key encryption rule (for example, using a tissue key to encrypt the user key), and then stored in a key set corresponding to the data write request initiator; Key collection, searching for a corresponding encrypted user key according to the user key identification information; performing decryption rules according to a preset key (for example, using an organization key for decryption processing) for the encrypted user key to be searched Decryption processing to obtain the user key.
  • a preset key encryption rule for example, using a tissue key to encrypt the user key
  • the user key identification information is fed back to the The data is written to the request initiator, and the data write request initiator provides a corresponding user key according to the user key identification information; and receives the user key provided by the data write request initiator.
  • the encryption/decryption module is set in the application server, or is separately set in the electronic device, initiate a transaction request to the node based on the encrypted data to be written, and the transaction request is signed by the organization private key, The node performs the verification with the corresponding organization public key. If the verification fails, the transaction request is not executed. If the verification is successful, the transaction request is executed to generate a new block corresponding to the transaction request, and a The new block is synchronized to all other nodes of the blockchain.
  • the node device If the encryption/decryption module is set in the node device, the node device generates a new block based on the encrypted data to be written, and synchronizes the generated new block to all other nodes of the blockchain.
  • Step S40 When it is determined that the data to be written is not encrypted, the data to be written is directly stored in each node in the blockchain.
  • the encryption/decryption module is disposed in the application server, or is separately disposed in the electronic device, directly initiates a transaction request to the node based on the data to be written, and the transaction request is signed by the organization private key, and the node uses Corresponding organization public key is checked, if the verification fails, the transaction request is not executed, and if the verification is successful, the transaction request is executed to generate a new block corresponding to the transaction request, and the generated The new block is synchronized to all other nodes in the blockchain.
  • the node device directly generates a new block based on the data to be written, and synchronizes the generated new block to all other nodes of the blockchain.
  • the security attribute information it is determined whether the data to be written is subjected to encryption processing.
  • the security attribute information is used according to the predetermined encryption rule.
  • the data is written for encryption processing, and the encrypted data to be written is stored in each node in the blockchain.
  • FIG. 2 is a schematic flowchart of a second embodiment of a data processing method based on a blockchain according to the present application.
  • the second embodiment of the data processing method based on the blockchain of the present application is based on the first embodiment, and the data processing method based on the blockchain further includes:
  • Step S50 Acquire an authorized party user key and an authorized party public key corresponding to the to-be-authorized data when receiving the authorization request carrying the authorization condition information.
  • the foregoing authorization condition information includes data identification information to be authorized, authorization period information, authorized party information, and authorized party information.
  • the step of obtaining an authorized user key corresponding to the to-be-authorized data includes:
  • the key set corresponding to the authorized party is obtained. All the user keys of the authorized party are encrypted and processed according to a preset key encryption rule and stored in a key set corresponding to the authorized party. Then, searching for the to-be-authorized data in the key set corresponding to the authorized party according to the mapping relationship between the to-be-authorized data identification information and the predetermined data identification information and the user key identification information in the authorization condition data. Corresponding encrypted licensor user key. Then, the encrypted authorized party user key is decrypted according to the preset key decryption rule to obtain an authorized party user key corresponding to the to-be-authorized data.
  • the step of obtaining the authorized party public key includes:
  • Step S60 Encrypting the authorized user key by using the authorized party public key, and after receiving the encrypted authorized user key, the authorized party uses the user's private key of the authorized party to encrypt the encrypted The authorized party user key performs decryption processing to obtain the authorized party user key.
  • the authorized user key is transmitted through encryption processing, thereby improving security.
  • the present application further provides a third embodiment of a blockchain-based data processing method.
  • the third embodiment further includes the following steps on the basis of the second embodiment:
  • the triggering condition for ending an authorization includes: receiving an end authorization request; or detecting that an authorization item whose authorization period expires is detected.
  • the data category corresponding to the to-be-authorized data is one, determining the to-be-completed according to the data category of the to-be-authorized data and based on a mapping relationship between the predetermined data category and the user key identification information.
  • User key identification information corresponding to the data category of the authorization data.
  • the user key corresponding to the user key identification information is obtained, and the to-be-authorized authorization data is decrypted by using the obtained user key to obtain plaintext data corresponding to the to-be-authorized authorization data.
  • a new user key is generated, and the obtained plaintext data is encrypted by the new user key to obtain new encrypted data, and the new encrypted data is stored in each blockchain.
  • each node for each node to generate a new block based on the new encrypted data, and update the data index. Simultaneously, the generated new user key is fed back to the user corresponding to the new user key, and the mapping relationship between the new user key identification information and the data category is saved, and the new The mapping relationship between the user key identification information and the user identification information.
  • the new encrypted data is obtained, and the new encrypted data is stored on each node in the blockchain, so that each node generates a new block based on the new encrypted data, and updates the data index. Simultaneously, the generated new user key is fed back to the user corresponding to the new user key, and the mapping relationship between the new user key identification information and the data category is saved, and the new The mapping relationship between the user key identification information and the user identification information.
  • the new user key is encrypted using the organization key, and the encrypted new user key is saved to the key set.
  • the blockchain-based data processing method further includes:
  • the user key corresponding to the data to be read is obtained; when the user key corresponding to the data to be read is obtained, the data to be read is decrypted by using the obtained user key. Obtaining the plaintext data corresponding to the data to be read, and sending the plaintext data to the initiator of the data read request; when the user key corresponding to the data to be read is not obtained, the feedback is Decryption failed message;
  • the data to be read corresponding to the data read request is obtained, and the data to be read is sent to the initiator of the data read request.
  • the present application also proposes a blockchain based data processing program.
  • FIG. 3 is a schematic diagram of an operating environment of the first, second, and third embodiments of the blockchain-based data processing program 10 of the present application.
  • the block chain-based data processing program 10 is installed and operated in the electronic device 1.
  • the electronic device 1 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a server.
  • the electronic device 1 may include, but is not limited to, a memory 11, a processor 12, and a display 13.
  • Figure 3 shows only the electronic device 1 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 11 may be an internal storage unit of the electronic device 1 in some embodiments, such as a hard disk or memory of the electronic device 1.
  • the memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in hard disk equipped on the electronic device 1, a smart memory card (SMC), and a secure digital (SD). Card, flash card, etc.
  • the memory 11 may also include both an internal storage unit of the electronic device 1 and an external storage device.
  • the memory 11 is used to store application software and various types of data installed in the electronic device 1, such as program code of the block chain-based data processing program 10.
  • the memory 11 can also be used to temporarily store data that has been output or is about to be output.
  • the processor 12 in some embodiments, may be a central processing unit (CPU), a microprocessor or other data processing chip for running program code or processing data stored in the memory 11, for example, the embodiment
  • the processor 12 executes the blockchain-based data processing program 10 to implement the above-described blockchain-based data processing method.
  • the display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like in some embodiments.
  • the display 13 is for displaying information processed in the electronic device 1 and a user interface for displaying visualization.
  • the components 11-13 of the electronic device 1 communicate with each other through a program bus.
  • FIG. 4 is a program module diagram of the first embodiment of the blockchain-based data processing program 10 of the present application.
  • the blockchain-based data processing program 10 can be divided into one or more modules, one or more modules being stored in the memory 11, and by one or more processors (this embodiment is The processor 12) executes to complete the application.
  • the blockchain-based data processing program 10 can be divided into a receiving module 101, a determining module 102, a first writing module 103, and a second writing module 104.
  • a module referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is more suitable than a program to describe the execution process of the blockchain-based data processing program 10 in the electronic device 1, wherein:
  • the receiving module 101 is configured to receive a data write request that carries the security attribute information.
  • the determining module 102 is configured to determine, according to the secret attribute information, whether to perform encryption processing on the data to be written corresponding to the data write request;
  • the first writing module 103 is configured to: after performing encryption processing on the data to be written, according to the confidential attribute information, and encrypting the data to be written based on a predetermined encryption rule, The encrypted data to be written is stored in each node in the blockchain;
  • the second writing module 104 is configured to directly store the to-be-written data into each node in the blockchain when it is determined that the data to be written is not encrypted.
  • the receiving module 101 directly receives a data write request sent by the application user through the application end.
  • the electronic device 1 is not an application server or a node device, and is not disposed in the application server or the node device, the user sends a data write request to the application end, and the application end forwards the data write request to the receiving module 101.
  • the electronic device 1 is a node device, or the electronic device 1 is disposed in the node device
  • the user sends a data write request to the application end, and the application end signs the data write request with the application end private key, and sends the add
  • the signed data is written to the node device, and after receiving the data write request of the signature signature, the node device checks the data write request; if the verification is successful, sends the data write request to The receiving module 101; if the verification fails, discarding the data writing request.
  • the foregoing security attribute information may be set by a user, or may be performed by the block chain-based data processing program 10 according to a preset rule (for example, extracting feature information data of data to be written, based on predetermined feature information data and confidential attribute information).
  • the association relationship determines the secret attribute information corresponding to the data to be written, and determines the secret attribute information corresponding to the data to be written corresponding to the data write request.
  • the above-mentioned confidential attribute information includes: confidential identification information (for example, non-confidential, confidential) and/or authorization information (for example, authorized party information, authorization period, etc.).
  • confidential identification information for example, non-confidential, confidential
  • authorization information for example, authorized party information, authorization period, etc.
  • the blockchain based data processing program 10 is also used to:
  • the user private key, the user public key, and the user key are generated for the user;
  • the user private key and the user key are encrypted, and the encrypted user private key and the user key are stored in a key set corresponding to the user, and the mapping between the user identification information and the key set is saved. relationship.
  • the mapping relationship between the key set, the user identification information, and the key set may be stored in a local storage space or may be stored in each node in the blockchain.
  • the organization key is a user key of the device.
  • the organization key is a symmetric encryption key of the application end.
  • the electronic device 1 is a node device, or the electronic device 1 is disposed in the node device, and the organization key is a symmetric encryption key of the node device. If the electronic device 1 is not an application server or a node device, it is not disposed on the application end.
  • the organization key is a symmetric encryption key of the electronic device 1.
  • the user private key is the user's asymmetric encryption private key
  • the user public key is the user's asymmetric encryption public key
  • the user key is the user's symmetric encryption key.
  • mapping relationship between the keys is stored on each node in the blockchain.
  • the user key and the user private key are stored by encryption, and then can be prevented from being stolen by others, thereby improving the security of the private key of the user key set user.
  • the determining module 102 is specifically configured to: read the secret identifier information in the secret attribute information, and determine, according to the secret identifier information, whether to perform encryption processing on the to-be-written data. For example, the security identification information is parsed to obtain the analysis result. If the analysis result is “secure”, it is determined that the data to be written is encrypted. If the analysis result is “public”, it is determined that the to-be-written is not performed. The data is encrypted.
  • the determination module 102 is further configured to:
  • Reading the authorization information in the secret attribute information and determining, according to the authorization information, whether to perform encryption processing on the to-be-written data. For example, the authorized party information in the authorization information is parsed to obtain an analysis result, and if the parsing result is “no authorized party”, “authorized party is XX user” or “authorized party is XX application end user” And determining to perform encryption processing on the data to be written. If the analysis result is “the authorized party is all users”, it is determined that the data to be written is not encrypted.
  • the predetermined encryption rule is specifically:
  • the foregoing classification rule may be set by the user according to requirements, or may be set by the determining module 102, for example, extracting data feature information of the data to be written, and determining the to-before based on a mapping relationship between the predetermined data feature information and the data category.
  • the foregoing encryption rule may encrypt data according to the data category, and the user may authorize data corresponding to one or more data categories to others according to the need, thereby improving the flexibility of data authorization and further improving the data.
  • the security of the data may be encrypt data according to the data category, and the user may authorize data corresponding to one or more data categories to others according to the need, thereby improving the flexibility of data authorization and further improving the data. The security of the data.
  • the step of acquiring the user key corresponding to the user key identification information is specifically:
  • a preset key encryption rule for example, using a tissue key to encrypt the user key
  • the user key identification information is fed back to the The data is written to the request initiator, and the data write request initiator provides a corresponding user key according to the user key identification information; and receives the user key provided by the data write request initiator.
  • a transaction request is initiated to a node based on the encrypted data to be written, and the transaction request is signed with an organization private key, and the node uses Corresponding organization public key is checked, if the verification fails, the transaction request is not executed, and if the verification is successful, the transaction request is executed to generate a new block corresponding to the transaction request, and the generated The new block is synchronized to all other nodes in the blockchain.
  • the node device If the electronic device 1 is a node device, or the electronic device 1 is disposed in the node device, the node device generates a new block based on the encrypted data to be written, and synchronizes the generated new block to all other blocks in the block chain. In the node.
  • the step of the second writing module 104 directly storing the data to be written into each node in the blockchain is specifically as follows:
  • a transaction request is directly initiated to a node based on the data to be written, and the transaction request is signed by an organization private key, and the node uses a corresponding Organizing the public key for verification, if the verification fails, the transaction request is not executed, and if the verification is successful, executing the transaction request to generate a new block corresponding to the transaction request, and the generated new area is generated
  • the block is synchronized to all other nodes in the blockchain.
  • the node device directly generates a new block based on the data to be written, and synchronizes the generated new block to all other nodes in the blockchain. .
  • the security attribute information it is determined whether the data to be written is subjected to encryption processing.
  • the security attribute information is used according to the predetermined encryption rule.
  • the data is written for encryption processing, and the encrypted data to be written is stored in each node in the blockchain.
  • FIG. 4 is a program block diagram of a second embodiment of a blockchain-based data processing program 10 according to the present application.
  • the present embodiment is based on the first embodiment, and the data processing program 10 based on the blockchain further includes:
  • the obtaining module 105 is configured to obtain an authorized party user key and an authorized party public key corresponding to the to-be-authorized data when receiving the authorization request carrying the authorization condition information.
  • the authorization module 106 is configured to perform encryption processing on the authorized user key by using the authorized party public key, and after the authorized party receives the encrypted authorized user key, using the user's private key pair of the authorized party The encrypted authorized party user key performs decryption processing to obtain the authorized party user key.
  • the foregoing authorization condition information includes data identification information to be authorized, authorization period information, authorized party information, and authorized party information.
  • the acquisition module 105 is also used to:
  • the key set corresponding to the authorized party is obtained. All the user keys of the authorized party are encrypted and processed according to a preset key encryption rule and stored in a key set corresponding to the authorized party. Then, searching for the to-be-authorized data in the key set corresponding to the authorized party according to the mapping relationship between the to-be-authorized data identification information and the predetermined data identification information and the user key identification information in the authorization condition data. Corresponding encrypted licensor user key. Then, the encrypted authorized party user key is decrypted according to the preset key decryption rule to obtain an authorized party user key corresponding to the to-be-authorized data.
  • the acquisition module 105 is also used to:
  • the authorized user key is transmitted through encryption processing, thereby improving security.
  • the present embodiment is based on the first embodiment and the second embodiment, and the data processing program based on the blockchain is further used to:
  • the data category of the authorization data to be terminated is determined.
  • the triggering condition for ending an authorization includes: receiving an end authorization request; or detecting that an authorization item whose authorization period expires is detected.
  • the data category corresponding to the to-be-authorized data is one, determining the to-be-completed according to the data category of the to-be-authorized data and based on a mapping relationship between the predetermined data category and the user key identification information.
  • User key identification information corresponding to the data category of the authorization data.
  • the user key corresponding to the user key identification information is obtained, and the to-be-authorized authorization data is decrypted by using the obtained user key to obtain plaintext data corresponding to the to-be-authorized authorization data.
  • a new user key is generated, and the obtained plaintext data is encrypted by the new user key to obtain new encrypted data, and the new encrypted data is stored in each blockchain.
  • each node for each node to generate a new block based on the new encrypted data, and update the data index. Simultaneously, the generated new user key is fed back to the user corresponding to the new user key, and the mapping relationship between the new user key identification information and the data category is saved, and the a mapping relationship between the new user key identification information and the user identification information;
  • the new encrypted data is obtained, and the new encrypted data is stored on each node in the blockchain, so that each node generates a new block based on the new encrypted data, and updates the data index. Simultaneously, the generated new user key is fed back to the user corresponding to the new user key, and the mapping relationship between the new user key identification information and the data category is saved, and the The mapping relationship between the new user key identification information and the user identification information.
  • the blockchain based data processing program is also used to:
  • the new user key is encrypted using the organization key, and the encrypted new user key is saved to the key set.
  • the blockchain-based data processing program is further configured to:
  • the user key corresponding to the data to be read is obtained; when the user key corresponding to the data to be read is obtained, the data to be read is decrypted by using the obtained user key. Obtaining the plaintext data corresponding to the data to be read, and sending the plaintext data to the initiator of the data read request; when the user key corresponding to the data to be read is not obtained, the feedback is Decryption failed message;
  • the data to be read corresponding to the data read request is obtained, and the data to be read is sent to the initiator of the data read request.
  • the present application further provides a computer readable storage medium storing a blockchain-based data processing program, the blockchain-based data processing program being executable by at least one processor So that the at least one processor performs the blockchain-based data processing method in any of the above embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开一种电子装置、基于区块链的数据处理方法、程序和计算机存储介质。本申请根据保密属性信息,确定是否对待写入数据进行加密处理,当确定对所述待写入数据进行加密处理,则根据所述保密属性信息,且基于预先确定的加密规则对所述待写入数据进行加密处理,并将加密后的待写入数据存储至区块链中的各个节点。相较于现有技术,本实施例在不影响区块链数据共享性的前提下,提高了区块链数据的安全性。

Description

电子装置、基于区块链的数据处理方法、程序和计算机存储介质
优先权申明
本申请基于巴黎公约申明享有2018年04月26日递交的申请号为CN201810387989.4、名称为“电子装置、基于区块链的数据处理方法和计算机存储介质”中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。
技术领域
本申请涉及区块链技术领域,特别涉及一种电子装置、基于区块链的数据处理方法、程序和计算机存储介质。
背景技术
区块链本质上是一个基于智能合约的分布式的数据库,区块链上面的信息就会被P2P(Peer-to-peer,对等)网络分享到所有节点上去。由于区块链具有防篡改、高透明及去中心化等优势,近年来被广泛应用于各个领域。
通常,区块链通过明文的方式存储数据,即存入区块链中任一节点的数据将被同步到区块链中的所有节点,因此,对于有保密需求的数据难以保证其信息的安全性。
发明内容
本申请的主要目的是提供一种电子装置、基于区块链的数据处理方法、程序和计算机存储介质,旨在解决区块链难以保证其存储数据安全性的问题。
为实现上述目的,本申请提供一种电子装置,所述电子装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的基于区块链的数据处理程序,所述基于区块链的数据处理程序被所述处理器执行时实现如下步骤:
接收携带保密属性信息的数据写入请求;
根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
此外,为实现上述目的,本申请还提供一种基于区块链的数据处理方法,该方法包括步骤:
接收携带保密属性信息的数据写入请求;
根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
此外,为实现上述目的,本申请还提供一种基于区块链的数据处理程序,所述基于区块链的数据处理程序包括:
接收模块,用于接收携带保密属性信息的数据写入请求;
确定模块,用于根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
第一写入模块,用于当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
第二写入模块,用于当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的数据处理程序,所述基于区块链的数据处理程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:
接收携带保密属性信息的数据写入请求;
根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
本申请根据保密属性信息,确定是否对待写入数据进行加密处理,当确定对所述待写入数据进行加密处理,则根据所述保密属性信息,且基于预先确定的加密规则对所述待写入数据进行加密处理,并将加密后的待写入数据存储至区块链中的各个节点。相较于现有技术,本申请在不影响区块链数据共享性的前提下,提高了区块链数据的安全性。
附图说明
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图示出的结构获得其他的附图。
图1为本申请基于区块链的数据处理方法第一实施例的流程示意图;
图2为本申请基于区块链的数据处理方法第二实施例的流程示意图;
图3为本申请基于区块链的数据处理程序第一、第二、第三实施例的运行环境示意图;
图4为本申请基于区块链的数据处理程序第一实施例的程序模块图;
图5为本申请基于区块链的数据处理程序第二实施例的程序模块图。
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。
具体实施方式
以下结合附图对本申请的原理和特征进行描述,所举实例只用于解释本申请,并非用于限定本申请的范围。
在本申请基于区块链的数据处理方法的下述实施例中,所述基于区块链的数据处理方法适用于基于区块链的公益系统,该系统包括若干个应用端,及各所述应用端对应的节点设备,所述节点设备优选为联盟链中的节点设备,所述应用端包括公益平台、公益对象平台,所述节点设备包括公益平台对应的公益平台节点设备、公益对象平台对应的公益对象平台节点设备。在一些实施例中,该基于区块链的公益系统还包括:若干个公益平台员工管理子系统及各公益平台员工管理子系统对应的公益平台员工管理节点设备、若干个公证机构平台及各公证机构平台对应的公证机构节点设备。
下面将加解密模块作为实施主体对本申请基于区块链的数据处理方法的具体实施方式进行说明。该加解密模块可设置于应用端的服务器中,也可设置于节点设备中(例如,若设置于节点设备中,则该加解密模块可以是该节点设备对应的智能合约),此外,该加解密模块还可独立设置于其他任何适用的电子装置或者设备中。需要注意的是,本申请对所述基于区块链的数据处理方法的实施主体不作限定。
如图1所示,图1为本申请基于区块链的数据处理方法第一实施例的流程示意图。
本实施例中,该方法包括:
步骤S10,接收携带保密属性信息的数据写入请求。
若加解密模块设置于应用端服务器中,则直接通过应用端接收应用端用户发送的数据写入请求。
若加解密模块独立设置于一电子装置中,则用户发送数据写入请求至应用端,由应用端转发该数据写入请求至加解密模块。
若加解密模块设置于节点设备中,则用户发送数据写入请求至应用端,由应用端用应用端私钥对该数据写入请求进行签名,并发送该加注签名的数据写入请求至节点设备,节点设备接收到该加注签名的数据写入请求后,对数据写入请求进行验签;若验签成功,则将所述数据写入请求发送至加解密 模块;若验签失败,则丢弃该数据写入请求。
其中,上述保密属性信息可由用户设置,也可由加解密模块根据预设规则(例如,提取待写入数据的特征信息数据,基于预先确定的特征信息数据与保密属性信息的关联关系,确定待写入数据对应的保密属性信息)确定该数据写入请求对应的待写入数据对应的保密属性信息。
上述保密属性信息包括:保密标识信息(例如,非保密、保密)和/或授权信息(例如,被授权方信息、授权期限等)。
在执行步骤S10之前,该方法还包括:
在用户于应用端首次注册时,加解密模块为该用户生成用户私钥、用户公钥及用户密钥。
询问用户是否需要代管所述用户私钥及用户密钥。
若是,则发送生成的所述用户私钥、用户公钥及用户密钥至用户。根据预设密钥加密规则对所述用户私钥及用户密钥进行加密处理(例如,利用组织密钥对所述用户私钥及用户密钥进行加密处理),并将加密后的用户私钥及用户密钥存储至该用户对应的密钥集中,保存用户标识信息与所述密钥集之间的映射关系。且确定用户标识信息与用户公钥之间的映射关系,将用户公钥、用户标识信息与用户公钥之间的映射关系存储至区块链中各个节点上。
上述密钥集、用户标识信息与所述密钥集之间的映射关系可存储于本地存储空间(如加解密模块)中,也可存储于区块链中各个节点上;其中,上述组织密钥是指设备的用户密钥,例如,若加解密模块设置于应用端服务器,则该组织密钥为应用端的对称加密密钥,若加解密模块设置于节点设备中,则该组织密钥为节点设备的对称加密密钥,若加解密模块独立设置于一电子装置中,则该组织密钥为该电子装置的对称加密密钥。
上述用户私钥为用户的非对称加密私钥,用户公钥为用户的非对称加密公钥,用户密钥为用户的对称加密密钥。
若否,则发送生成的所述用户私钥、用户公钥及用户密钥至用户,且确定用户标识信息与用户公钥之间的映射关系,并将用户公钥、用户标识信息与用户公钥之间的映射关系存储至区块链中各个节点上。
本实施例中,用户密钥及用户私钥通过加密处理后再进行存储,可防止他人窃取,提高了用户密钥集用户私钥的安全性。
步骤S20,根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理。
所述步骤S20,具体为:
步骤S21,读取所述保密属性信息中的保密标识信息,根据所述保密标识信息确定是否对所述待写入数据进行加密处理。例如,对保密标识信息进行解析以得到解析结果,若解析结果为“保密”,则确定对所述待写入数据进行加密处理,若解析结果为“公开”,则确定不对所述待写入数据进行加密处理。
上述步骤S21可由下述步骤S22替换:
步骤S22,读取所述保密属性信息中的授权信息,根据所述授权信息确定 是否对所述待写入数据进行加密处理。例如,对所述授权信息中的被授权方信息进行解析以得到解析结果,若解析结果为“无被授权方”、“被授权方为XX用户”或者“被授权方为XX应用端用户”,则确定对所述待写入数据进行加密处理,若解析结果为“被授权方为所有用户”,则确定不对所述待写入数据进行加密处理。
步骤S30,当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点。
优选的,本实施例中,所述预先确定的加密规则,具体为:
根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
根据查找得到的分类规则,确定并保存待写入数据的数据类别;
根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
获取所述用户密钥标识信息对应的用户密钥,并利用获取的所述用户密钥对所述待写入数据进行加密处理。
上述分类规则可由用户根据需求设置,也可由加解密模块设置,例如,提取所述待写入数据的数据特征信息,基于预先确定的数据特征信息与数据类别之间的映射关系,确定所述待写入数据的数据类别。
本实施例中,上述加密规则可根据数据类别对数据进行加密处理,用户可根据需要将一种或者多种数据类别对应的数据授权给他人查看,提高了数据授权的灵活性,且进一步提高了数据的安全性。
优选地,上述获取所述用户密钥标识信息对应的用户密钥的步骤具体为:
根据所述数据写入请求对应的用户标识信息,且基于预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述数据写入请求发起方对应的密钥集,以确定所述数据写入请求发起方的用户密钥是否由加解密模块代管。
若存在(即表示该数据写入请求发起方的用户密钥由加解密模块代管),则获取所述数据写入请求发起方对应的密钥集;其中,所述数据写入请求发起方的所有用户密钥均根据预设密钥加密规则(例如,利用组织密钥对用户密钥进行加密处理)加密处理后存储于所述数据写入请求发起方对应的密钥集中;在所述密钥集中,根据所述用户密钥标识信息查找对应的加密的用户密钥;根据预设密钥解密规则(例如,利用组织密钥进行解密处理)对于查找的所述加密的用户密钥进行解密处理,以获得所述用户密钥。
若不存在(即表示该数据写入请求发起方的用户密钥不由加解密模块代管,而是由该数据写入请求发起方自行保管),则反馈所述用户密钥标识信息至所述数据写入请求发起方,供所述数据写入请求发起方根据所述用户密钥标识信息提供对应的用户密钥;接收所述数据写入请求发起方提供的所述用户密钥。
上述将加密后的待写入数据存储至区块链中各个节点上的步骤,具体为:
若加解密模块设置于应用端服务器中,或者独立设置于电子装置中,则基于加密后的所述待写入数据向一节点发起一交易请求,该交易请求用组织私钥进行签名,所述节点用对应的组织公钥进行验签,若验签失败,则不执行所述交易请求,若验签成功,则执行所述交易请求,以生成所述交易请求对应的新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
若加解密模块设置于节点设备中,则该节点设备基于加密后的待写入数据生成新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
步骤S40,当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
上述直接将所述待写入数据存储至区块链中各个节点上的步骤,具体为:
若加解密模块设置于应用端服务器中,或者独立设置于电子装置中,则直接基于所述待写入数据向一节点发起一交易请求,该交易请求用组织私钥进行签名,所述节点用对应的组织公钥进行验签,若验签失败,则不执行所述交易请求,若验签成功,则执行所述交易请求,以生成所述交易请求对应的新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
若加解密模块设置于节点设备中,则该节点设备直接基于待写入数据生成新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
本实施例根据保密属性信息,确定是否对待写入数据进行加密处理,当确定对所述待写入数据进行加密处理,则根据所述保密属性信息,且基于预先确定的加密规则对所述待写入数据进行加密处理,并将加密后的待写入数据存储至区块链中各个节点上。相较于现有技术,本实施例在不影响区块链数据共享性的前提下,提高了区块链数据的安全性。
如图2所示,图2为本申请基于区块链的数据处理方法第二实施例的流程示意图。
本申请基于区块链的数据处理方法第二实施例中,本实施在第一实施例的基础上,所述基于区块链的数据处理方法还包括:
步骤S50,在接收到携带授权条件信息的授权请求时,获取待授权数据对应的授权方用户密钥及被授权方公钥。
上述授权条件信息包括待授权数据标识信息、授权期限信息、授权方信息及被授权方信息。
所述获取待授权数据对应的授权方用户密钥的步骤包括:
根据所述授权条件信息中授权方的用户标识信息,且基于预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的密钥集。
当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集。其中,所述授权方的所有用户密钥均根据预设密钥加密规则加密处理后存储于所述授权方对应的密钥集中。然后,根据所述授权条件数据中的待授权数 据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥。接着,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥。
当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息,且基于预先确定的数据标识信息与用户密钥标识信息之间的映射关系,查找所述待授权数据对应的用户密钥标识信息。然后,反馈查找的所述用户密钥标识信息至授权方。接着,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
所述获取被授权方公钥的步骤包括:
根据所述授权条件信息中被授权方的用户标识信息,且基于预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥;其中,所有所述用户公钥均预先存储在所述区块链中的各个节点上。
步骤S60,利用被授权方公钥对授权方用户密钥进行加密处理,所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
本实施例中,授权方用户密钥通过加密处理后再进行传输,提高了安全性。
本申请还提供基于区块链的数据处理方法的第三实施例,该第三实施例在第二实施例的基础上,还包括以下步骤:
当要结束一项授权时,则确定待结束授权数据的数据类别。其中,结束一项授权的触发条件包括:接收到结束授权请求;或者,侦测到存在授权期限到期的授权项。
当所述待结束授权数据对应的数据类别为一个,则根据所述待结束授权数据的数据类别,且基于预先确定的数据类别与用户密钥标识信息之间的映射关系,确定所述待结束授权数据的数据类别对应的用户密钥标识信息。然后,获取所述用户密钥标识信息对应的用户密钥,并利用获取的所述用户密钥对所述待结束授权数据进行解密处理,以获得所述待结束授权数据对应的明文数据。接着,生成新的用户密钥,利用所述新的用户密钥对获得的所述明文数据进行加密处理,以得到新的加密数据,并将所述新的加密数据存储至区块链中各个节点上,以供各节点基于该新的加密数据生成新的区块,并更新该数据索引。同时,将生成的所述新的用户密钥反馈至所述新的用户密钥对应的用户,并保存所述新的用户密钥标识信息与数据类别之间的映射关系,同时保存所述新的用户密钥标识信息与用户标识信息之间的映射关系。
当所述待结束授权数据对应的数据类别为多个,则根据所述待结束授权数据对应的多个数据类别,且基于预先确定的数据类别与用户密钥标识信息之间的映射关系,确定各所述数据类别对应的用户密钥标识信息。然后,获取各所述用户密钥标识信息对应的用户密钥,并利用获取的各所述用户密钥 对相应的所述待结束授权数据进行解密处理,以获得所述待结束授权数据对应的明文数据。接着,为所述明文数据对应的各所述数据类别生成新的用户密钥,利用各所述新的用户密钥,对各所述新的用户密钥对应的数据类别的数据进行加密处理,以得到新的加密数据,并将所述新的加密数据存储至区块链中各个节点上,以供各节点基于该新的加密数据生成新的区块,并更新该数据索引。同时,将生成的所述新的用户密钥反馈至所述新的用户密钥对应的用户,并保存所述新的用户密钥标识信息与数据类别之间的映射关系,同时保存所述新的用户密钥标识信息与用户标识信息之间的映射关系。
在上述步骤中,若用户密钥由加解密模块代管,则还包括以下步骤:
利用组织密钥对所述新的用户密钥进行加密处理,并将加密的所述新的用户密钥保存至密钥集。
优选的,本实施例中,所述基于区块链的数据处理方法还包括:
当接收到数据读取请求时,判断所述数据读取请求对应的待读取数据是否为加密数据;
若是,则获取所述待读取数据对应的用户密钥;当获取到所述待读取数据对应的用户密钥时,利用获取的所述用户密钥对所述待读取数据进行解密处理以获得所述待读取数据对应的明文数据,并将所述明文数据发送至所述数据读取请求的发起方;当未获取到所述待读取数据对应的用户密钥时,则反馈解密失败的消息;
若否,则获取所述数据读取请求对应的待读取数据,并将所述待读取数据发送至所述数据读取请求的发起方。
此外,本申请还提出一种基于区块链的数据处理程序。
请参阅图3,是本申请基于区块链的数据处理程序10第一、第二、第三实施例的运行环境示意图。
在本实施例中,基于区块链的数据处理程序10安装并运行于电子装置1中。电子装置1可以是桌上型计算机、笔记本、掌上电脑及服务器等计算设备。该电子装置1可包括,但不仅限于,存储器11、处理器12及显示器13。图3仅示出了具有组件11-13的电子装置1,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。
存储器11在一些实施例中可以是电子装置1的内部存储单元,例如该电子装置1的硬盘或内存。存储器11在另一些实施例中也可以是电子装置1的外部存储设备,例如电子装置1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括电子装置1的内部存储单元也包括外部存储设备。存储器11用于存储安装于电子装置1的应用软件及各类数据,例如基于区块链的数据处理程序10的程序代码等。存储器11还可以用于暂时地存储已经输出或者将要输出的数据。
处理器12在一些实施例中可以是一中央处理器(Central Processing Unit, CPU),微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如,本实施例中,处理器12执行基于区块链的数据处理程序10,以实现上述基于区块链的数据处理方法。
显示器13在一些实施例中可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。显示器13用于显示在电子装置1中处理的信息以及用于显示可视化的用户界面。电子装置1的部件11-13通过程序总线相互通信。
请参阅图4,是本申请基于区块链的数据处理程序10第一实施例的程序模块图。在本实施例中,基于区块链的数据处理程序10可以被分割成一个或多个模块,一个或者多个模块被存储于存储器11中,并由一个或多个处理器(本实施例为处理器12)所执行,以完成本申请。例如,在图4中,基于区块链的数据处理程序10可以被分割成接收模块101、确定模块102、第一写入模块103及第二写入模块104。本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段,比程序更适合于描述基于区块链的数据处理程序10在电子装置1中的执行过程,其中:
接收模块101,用于接收携带保密属性信息的数据写入请求;
确定模块102,用于根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
第一写入模块103,用于当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
第二写入模块104,用于当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
若电子装置1为应用端服务器,或者电子装置1设置于应用端服务器中,则接收模块101直接通过应用端接收应用端用户发送的数据写入请求。
若电子装置1不为应用端服务器或节点设备,也不设置于应用端服务器或节点设备中,则用户发送数据写入请求至应用端,由应用端转发该数据写入请求至接收模块101。
若电子装置1为节点设备,或者电子装置1设置于节点设备中,则用户发送数据写入请求至应用端,由应用端用应用端私钥对该数据写入请求进行签名,并发送该加注签名的数据写入请求至节点设备,节点设备接收到该加注签名的数据写入请求后,对数据写入请求进行验签;若验签成功,则将所述数据写入请求发送至接收模块101;若验签失败,则丢弃该数据写入请求。
其中,上述保密属性信息可由用户设置,也可由基于区块链的数据处理程序10根据预设规则(例如,提取待写入数据的特征信息数据,基于预先确定的特征信息数据与保密属性信息的关联关系,确定待写入数据对应的保密属性信息)确定该数据写入请求对应的待写入数据对应的保密属性信息。
上述保密属性信息包括:保密标识信息(例如,非保密、保密)和/或授权信息(例如,被授权方信息、授权期限等)。
所述基于区块链的数据处理程序10还用于:
在用户于应用端首次注册时,为该用户生成用户私钥、用户公钥及用户密钥;
询问用户是否需要代管所述用户私钥及用户密钥;
若是,则发送生成的所述用户私钥、用户公钥及用户密钥至用户;根据预设密钥加密规则对所述用户私钥及用户密钥进行加密处理(例如,利用组织密钥对所述用户私钥及用户密钥进行加密处理),并将加密后的用户私钥及用户密钥存储至该用户对应的密钥集中,保存用户标识信息与所述密钥集之间的映射关系。且确定用户标识信息与用户公钥之间的映射关系,将用户公钥、用户标识信息与用户公钥之间的映射关系存储至区块链中各个节点上。上述密钥集、用户标识信息与所述密钥集之间的映射关系可存储于本地存储空间中,也可存储于区块链中各个节点上。
其中,上述组织密钥是指设备的用户密钥,例如,若电子装置1为应用端服务器,或者电子装置1设置于应用端服务器中,则该组织密钥为应用端的对称加密密钥,若电子装置1为节点设备,或者电子装置1设置于节点设备中,则该组织密钥为节点设备的对称加密密钥,若电子装置1不为应用端服务器或节点设备,也不设置于应用端服务器或节点设备中,则该组织密钥为该电子装置1的对称加密密钥。上述用户私钥为用户的非对称加密私钥,用户公钥为用户的非对称加密公钥,用户密钥为用户的对称加密密钥。
若否,则发送生成的所述用户私钥、用户公钥及用户密钥至用户,且确定用户标识信息与用户公钥之间的映射关系,并将用户公钥、用户标识信息与用户公钥之间的映射关系存储至区块链中各个节点上。
本实施例中,用户密钥及用户私钥通过加密处理后再进行存储,可防止他人窃取,提高了用户密钥集用户私钥的安全性。
确定模块102具体用于,读取所述保密属性信息中的保密标识信息,根据所述保密标识信息确定是否对所述待写入数据进行加密处理。例如,对保密标识信息进行解析以得到解析结果,若解析结果为“保密”,则确定对所述待写入数据进行加密处理,若解析结果为“公开”,则确定不对所述待写入数据进行加密处理。
或者,确定模块102还用于:
读取所述保密属性信息中的授权信息,根据所述授权信息确定是否对所述待写入数据进行加密处理。例如,对所述授权信息中的被授权方信息进行解析以得到解析结果,若解析结果为“无被授权方”、“被授权方为XX用户”或者“被授权方为XX应用端用户”,则确定对所述待写入数据进行加密处理,若解析结果为“被授权方为所有用户”,则确定不对所述待写入数据进行加密处理。
优选的,本实施例中,所述预先确定的加密规则,具体为:
根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
根据查找得到的分类规则,确定并保存待写入数据的数据类别;
根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
获取所述用户密钥标识信息对应的用户密钥,并利用获取的所述用户密钥对所述待写入数据进行加密处理。
上述分类规则可由用户根据需求设置,也可由确定模块102设置,例如,提取所述待写入数据的数据特征信息,基于预先确定的数据特征信息与数据类别之间的映射关系,确定所述待写入数据的数据类别。
本实施例中,上述加密规则可根据数据类别对数据进行加密处理,用户可根据需要将一种或者多种数据类别对应的数据授权给他人查看,提高了数据授权的灵活性,且进一步提高了数据的安全性。
优选地,上述获取所述用户密钥标识信息对应的用户密钥的步骤具体为:
根据所述数据写入请求对应的用户标识信息,且基于预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述数据写入请求发起方对应的密钥集,以确定所述数据写入请求发起方的用户密钥是否由电子装置1代管。
若存在(即表示该数据写入请求发起方的用户密钥由电子装置1代管),则获取所述数据写入请求发起方对应的密钥集;其中,所述数据写入请求发起方的所有用户密钥均根据预设密钥加密规则(例如,利用组织密钥对用户密钥进行加密处理)加密处理后存储于所述数据写入请求发起方对应的密钥集中;在所述密钥集中,根据所述用户密钥标识信息查找对应的加密的用户密钥;根据预设密钥解密规则(例如,利用组织密钥进行解密处理)对于查找的所述加密的用户密钥进行解密处理,以获得所述用户密钥。
若不存在(即表示该数据写入请求发起方的用户密钥不由电子装置1代管,而是由该数据写入请求发起方自行保管),则反馈所述用户密钥标识信息至所述数据写入请求发起方,供所述数据写入请求发起方根据所述用户密钥标识信息提供对应的用户密钥;接收所述数据写入请求发起方提供的所述用户密钥。
上述将加密后的待写入数据存储至区块链中各个节点上的步骤,具体为:
若电子装置1不为节点设备,也不设置于节点设备中,则基于加密后的所述待写入数据向一节点发起一交易请求,该交易请求用组织私钥进行签名,所述节点用对应的组织公钥进行验签,若验签失败,则不执行所述交易请求,若验签成功,则执行所述交易请求,以生成所述交易请求对应的新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
若电子装置1为节点设备,或者电子装置1设置于节点设备中,则该节点设备基于加密后的待写入数据生成新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
上述第二写入模块104直接将所述待写入数据存储至区块链中各个节点上的步骤,具体为:
若电子装置1不为节点设备,也不设置于节点设备中,则直接基于所述待写入数据向一节点发起一交易请求,该交易请求用组织私钥进行签名,所述节点用对应的组织公钥进行验签,若验签失败,则不执行所述交易请求,若验签成功,则执行所述交易请求,以生成所述交易请求对应的新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
若电子装置1为节点设备,或者电子装置1设置于节点设备中,则该节点设备直接基于待写入数据生成新区块,并将生成的所述新区块同步至区块链的其他所有节点中。
本实施例根据保密属性信息,确定是否对待写入数据进行加密处理,当确定对所述待写入数据进行加密处理,则根据所述保密属性信息,且基于预先确定的加密规则对所述待写入数据进行加密处理,并将加密后的待写入数据存储至区块链中各个节点上。相较于现有技术,本实施例在不影响区块链数据共享性的前提下,提高了区块链数据的安全性。
参照图4,图4为本申请基于区块链的数据处理程序10第二实施例的程序模块图。
本申请基于区块链的数据处理程序10第二实施例中,本实施在第一实施例的基础上,所述基于区块链的数据处理程序10还包括:
获取模块105,用于在接收到携带授权条件信息的授权请求时,获取待授权数据对应的授权方用户密钥及被授权方公钥。
授权模块106,用于利用被授权方公钥对授权方用户密钥进行加密处理,供所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
上述授权条件信息包括待授权数据标识信息、授权期限信息、授权方信息及被授权方信息。
获取模块105还用于:
根据所述授权条件信息中授权方的用户标识信息,且基于预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的密钥集。
当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集。其中,所述授权方的所有用户密钥均根据预设密钥加密规则加密处理后存储于所述授权方对应的密钥集中。然后,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥。接着,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥。
当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息,且基于预先确定的数据标识信息与用户密钥标识信息 之间的映射关系,查找所述待授权数据对应的用户密钥标识信息。然后,反馈查找的所述用户密钥标识信息至授权方。接着,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
获取模块105还用于:
根据所述授权条件信息中被授权方的用户标识信息,且基于预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥。其中,所有所述用户公钥均预先存储在所述区块链中的各个节点上。
本实施例中,授权方用户密钥通过加密处理后再进行传输,提高了安全性。
本申请基于区块链的数据处理程序第三实施例中,本实施在第一实施例、第二实施例的基础上,所述基于区块链的数据处理程序还用于:
当要结束一项授权时,则确定待结束授权数据的数据类别。
其中,结束一项授权的触发条件包括:接收到结束授权请求;或者,侦测到存在授权期限到期的授权项。
当所述待结束授权数据对应的数据类别为一个,则根据所述待结束授权数据的数据类别,且基于预先确定的数据类别与用户密钥标识信息之间的映射关系,确定所述待结束授权数据的数据类别对应的用户密钥标识信息。然后,获取所述用户密钥标识信息对应的用户密钥,并利用获取的所述用户密钥对所述待结束授权数据进行解密处理,以获得所述待结束授权数据对应的明文数据。接着,生成新的用户密钥,利用所述新的用户密钥对获得的所述明文数据进行加密处理,以得到新的加密数据,并将所述新的加密数据存储至区块链中各个节点上,以供各节点基于该新的加密数据生成新的区块,并更新该数据索引。同时,且将生成的所述新的用户密钥反馈至所述新的用户密钥对应的用户,并保存所述新的用户密钥标识信息与数据类别之间的映射关系,同时保存所述新的用户密钥标识信息与用户标识信息之间的映射关系;
当所述待结束授权数据对应的数据类别为多个,则根据所述待结束授权数据对应的多个数据类别,且基于预先确定的数据类别与用户密钥标识信息之间的映射关系,确定各所述数据类别对应的用户密钥标识信息。然后,获取各所述用户密钥标识信息对应的用户密钥,并利用获取的各所述用户密钥对相应的所述待结束授权数据进行解密处理,以获得所述待结束授权数据对应的明文数据。接着,为所述明文数据对应的各所述数据类别生成新的用户密钥,利用各所述新的用户密钥,对各所述新的用户密钥对应的数据类别的数据进行加密处理,以得到新的加密数据,并将所述新的加密数据存储至区块链中各个节点上,以供各节点基于该新的加密数据生成新的区块,并更新该数据索引。同时,且将生成的所述新的用户密钥反馈至所述新的用户密钥对应的用户,并保存所述新的用户密钥标识信息与数据类别之间的映射关系,同时保存所述新的用户密钥标识信息与用户标识信息之间的映射关系。
若用户密钥由电子装置1代管,则所述基于区块链的数据处理程序还用 于:
利用组织密钥对所述新的用户密钥进行加密处理,并将加密的所述新的用户密钥保存至密钥集。
优选的,本实施例中,所述基于区块链的数据处理程序还用于:
当接收到数据读取请求时,判断所述数据读取请求对应的待读取数据是否为加密数据;
若是,则获取所述待读取数据对应的用户密钥;当获取到所述待读取数据对应的用户密钥时,利用获取的所述用户密钥对所述待读取数据进行解密处理以获得所述待读取数据对应的明文数据,并将所述明文数据发送至所述数据读取请求的发起方;当未获取到所述待读取数据对应的用户密钥时,则反馈解密失败的消息;
若否,则获取所述数据读取请求对应的待读取数据,并将所述待读取数据发送至所述数据读取请求的发起方。
进一步地,本申请还提出一种计算机可读存储介质,所述计算机可读存储介质存储有基于区块链的数据处理程序,所述基于区块链的数据处理程序可被至少一个处理器执行,以使所述至少一个处理器执行上述任一实施例中的基于区块链的数据处理方法。
以上所述仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是在本申请的发明构思下,利用本申请说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本申请的专利保护范围内。

Claims (20)

  1. 一种电子装置,其特征在于,所述电子装置包括存储器和处理器,所述存储器存储有基于区块链的数据处理程序,所述基于区块链的数据处理程序被所述处理器执行时实现如下步骤:
    接收携带保密属性信息的数据写入请求;
    根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
    当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
    当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
  2. 如权利要求1所述的电子装置,其特征在于,所述预先确定的加密规则为:
    根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
    根据查找得到的分类规则确定并保存待写入数据的数据类别;
    根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
    利用所述用户密钥标识信息对应的用户密钥对所述待写入数据进行加密处理。
  3. 如权利要求1或2所述的电子装置,其特征在于,所述处理器执行所述基于区块链的数据处理程序,还实现以下步骤:
    在接收到携带授权条件信息的授权请求时,获取待授权数据对应的授权方用户密钥及被授权方公钥;
    利用被授权方公钥对授权方用户密钥进行加密处理,所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
  4. 如权利要求3中所述的电子装置,其特征在于,所述获取待授权数据对应的授权方用户密钥的步骤包括:
    根据所述授权条件信息中授权方的用户标识信息及预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的密钥集;
    当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥;
    当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,查找所述待授权数据对应的用户密钥标识信息,反馈查找的所述用户密钥标识信息至授权方,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
  5. 如权利要求3所述的电子装置,其特征在于,所述获取被授权方公钥的步骤包括:
    根据所述授权条件信息中被授权方的用户标识信息及预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥,其中,所有所述用户公钥均预先存储在所述区块链中的各个节点。
  6. 一种基于区块链的数据处理方法,其特征在于,该方法包括步骤:
    接收携带保密属性信息的数据写入请求;
    根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
    当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
    当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
  7. 如权利要求6所述的基于区块链的数据处理方法,其特征在于,所述预先确定的加密规则为:
    根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
    根据查找得到的分类规则确定并保存待写入数据的数据类别;
    根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
    利用所述用户密钥标识信息对应的用户密钥对所述待写入数据进行加密处理。
  8. 如权利要求6或7所述的基于区块链的数据处理方法,其特征在于,所述基于区块链的数据处理方法还包括:
    在接收到携带授权条件信息的授权请求时,获取待授权数据对应的授权方用户密钥及被授权方公钥;
    利用被授权方公钥对授权方用户密钥进行加密处理,供所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
  9. 如权利要求8中所述的基于区块链的数据处理方法,其特征在于,所述获取待授权数据对应的授权方用户密钥的步骤包括:
    根据所述授权条件信息中授权方的用户标识信息及预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的 密钥集;
    当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥;
    当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,查找所述待授权数据对应的用户密钥标识信息;反馈查找的所述用户密钥标识信息至授权方,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
  10. 如权利要求8中所述的基于区块链的数据处理方法,其特征在于,所述获取被授权方公钥的步骤包括:
    根据所述授权条件信息中被授权方的用户标识信息及预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥,其中,所有所述用户公钥均预先存储在所述区块链中的各个节点。
  11. 一种基于区块链的数据处理程序,其特征在于,所述基于区块链的数据处理程序包括:
    接收模块,用于接收携带保密属性信息的数据写入请求;
    确定模块,用于根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
    第一写入模块,用于当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
    第二写入模块,用于当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
  12. 如权利要求11所述的基于区块链的数据处理程序,其特征在于,所述预先确定的加密规则为:
    根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
    根据查找得到的分类规则确定并保存待写入数据的数据类别;
    根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
    利用所述用户密钥标识信息对应的用户密钥对所述待写入数据进行加密处理。
  13. 如权利要求11或12所述的基于区块链的数据处理程序,其特征在于,所述基于区块链的数据处理程序还包括:
    获取模块,用于在接收到携带授权条件信息的授权请求时,获取待授权 数据对应的授权方用户密钥及被授权方公钥;
    授权模块,用于利用被授权方公钥对授权方用户密钥进行加密处理,所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
  14. 如权利要求13中所述的基于区块链的数据处理程序,其特征在于,所述获取模块还用于:
    根据所述授权条件信息中授权方的用户标识信息及预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的密钥集;
    当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥;
    当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,查找所述待授权数据对应的用户密钥标识信息,反馈查找的所述用户密钥标识信息至授权方,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
  15. 如权利要求13所述的基于区块链的数据处理程序,其特征在于,所述获取模块还用于:
    根据所述授权条件信息中被授权方的用户标识信息及预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥,其中,所有所述用户公钥均预先存储在所述区块链中的各个节点。
  16. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有基于区块链的数据处理程序,所述基于区块链的数据处理程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:
    接收携带保密属性信息的数据写入请求;
    根据所述保密属性信息,确定是否对所述数据写入请求对应的待写入数据进行加密处理;
    当确定对所述待写入数据进行加密处理时,根据所述保密属性信息,并基于预先确定的加密规则对所述待写入数据进行加密处理后,将加密后的待写入数据存储至区块链中的各个节点;
    当确定不对所述待写入数据进行加密处理时,直接将所述待写入数据存储至区块链中的各个节点。
  17. 如权利要求16所述的计算机可读存储介质,其特征在于,所述预先确定的加密规则为:
    根据所述数据写入请求对应的用户标识信息及预先确定的用户标识信息 与分类规则之间的映射关系,查找所述用户标识信息对应的分类规则;
    根据查找得到的分类规则确定并保存待写入数据的数据类别;
    根据确定的待写入数据的数据类别及预先确定的数据类别与用户密钥标识信息之间的映射关系,查找所述待写入数据对应的用户密钥标识信息;
    利用所述用户密钥标识信息对应的用户密钥对所述待写入数据进行加密处理。
  18. 如权利要求16或17所述的计算机可读存储介质,其特征在于,所述处理器执行所述基于区块链的数据处理程序,还实现以下步骤:
    在接收到携带授权条件信息的授权请求时,获取待授权数据对应的授权方用户密钥及被授权方公钥;
    利用被授权方公钥对授权方用户密钥进行加密处理,所述被授权方接收到加密的授权方用户密钥后,利用所述被授权方的用户私钥对所述加密的授权方用户密钥进行解密处理以得到所述授权方用户密钥。
  19. 如权利要求18中所述的计算机可读存储介质,其特征在于,所述获取待授权数据对应的授权方用户密钥的步骤包括:
    根据所述授权条件信息中授权方的用户标识信息及预先确定的用户标识信息与密钥集之间的映射关系,确定存储空间中是否存在所述授权方对应的密钥集;
    当确定存在所述授权方对应的密钥集时,获取所述授权方对应的密钥集,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,在所述授权方对应的密钥集中查找所述待授权数据对应的加密的授权方用户密钥,根据预设密钥解密规则对查找的所述加密的授权方用户密钥进行解密处理,以获得所述待授权数据对应的授权方用户密钥;
    当确定不存在所述授权方对应的密钥集时,根据所述授权条件数据中的待授权数据标识信息及预先确定的数据标识信息与用户密钥标识信息之间的映射关系,查找所述待授权数据对应的用户密钥标识信息,反馈查找的所述用户密钥标识信息至授权方,接收所述授权方根据所述用户密钥标识信息提供的所述授权方用户密钥。
  20. 如权利要求18所述的计算机可读存储介质,其特征在于,所述获取被授权方公钥的步骤包括:
    根据所述授权条件信息中被授权方的用户标识信息及预先确定的用户标识信息与用户公钥之间的映射关系,查找所述被授权方公钥,其中,所有所述用户公钥均预先存储在所述区块链中的各个节点。
PCT/CN2018/102130 2018-04-26 2018-08-24 电子装置、基于区块链的数据处理方法、程序和计算机存储介质 WO2019205380A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810387989.4A CN108900464B (zh) 2018-04-26 2018-04-26 电子装置、基于区块链的数据处理方法和计算机存储介质
CN201810387989.4 2018-04-26

Publications (1)

Publication Number Publication Date
WO2019205380A1 true WO2019205380A1 (zh) 2019-10-31

Family

ID=64342370

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102130 WO2019205380A1 (zh) 2018-04-26 2018-08-24 电子装置、基于区块链的数据处理方法、程序和计算机存储介质

Country Status (2)

Country Link
CN (1) CN108900464B (zh)
WO (1) WO2019205380A1 (zh)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977687A (zh) * 2019-04-02 2019-07-05 深圳智乾区块链科技有限公司 基于区块链的数据共享方法、装置、系统及可读存储介质
CN110264193B (zh) * 2019-05-20 2021-05-18 创新先进技术有限公司 结合用户类型与交易类型的收据存储方法和节点
CN110545187A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 涉及旅游平台的用户区块链私钥的代签方法及其装置
CN110545178A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 调研平台用户的区块链私钥的代签方法及其装置
CN110380871A (zh) * 2019-08-29 2019-10-25 北京艾摩瑞策科技有限公司 搜索平台的用户区块链私钥的代签方法及其装置
CN110545189A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 社区平台用户的区块链私钥的代签方法及其装置
CN110545188A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 涉及自媒体平台的用户区块链私钥的代签方法及其装置
CN110545186A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 广告平台用户的区块链私钥的代签方法及其装置
CN110401544A (zh) * 2019-08-29 2019-11-01 北京艾摩瑞策科技有限公司 知识付费平台用户的区块链私钥的代签方法及其装置
CN110543786A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 共享经济平台用户的区块链私钥的代签方法及其装置
CN110543773A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 知识问答平台用户的区块链私钥的代签方法及其装置
CN110401543A (zh) * 2019-08-29 2019-11-01 北京艾摩瑞策科技有限公司 涉及招聘平台用户的区块链私钥的代签方法及其装置
CN110380870B (zh) * 2019-08-29 2020-12-22 北京瑞策科技有限公司 电商平台用户的区块链私钥的代签方法及其装置
CN110544093A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 涉及租房平台用户的区块链私钥的代签方法及其装置
CN110545177A (zh) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 生活服务平台用户的区块链私钥的代签方法及其装置
CN110545190B (zh) * 2019-09-06 2021-08-13 腾讯科技(深圳)有限公司 一种签名处理的方法、相关装置以及设备
CN110650191A (zh) * 2019-09-20 2020-01-03 浪潮电子信息产业股份有限公司 一种分布式存储系统的数据读写方法
CN111639363B (zh) * 2020-05-24 2020-12-25 深圳市诚意信科技有限公司 基于区块链的数据分析方法及边缘计算服务器
CN112272086A (zh) * 2020-10-23 2021-01-26 安徽中科美络信息技术有限公司 一种数据加密传输方法、系统及智能终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506493A (zh) * 2016-10-27 2017-03-15 摩登大道时尚电子商务有限公司 基于区块链平台的数据处理方法
CN107240001A (zh) * 2017-06-06 2017-10-10 北京汇通金财信息科技有限公司 一种数字资产的交易方法和系统
CN107292181A (zh) * 2017-06-20 2017-10-24 无锡井通网络科技有限公司 基于区块链的数据库系统及使用该系统的使用方法
CN107465656A (zh) * 2017-06-14 2017-12-12 广州宏和网络科技有限公司 一种基于云计算的安防监控大数据处理方法及系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113595B (zh) * 2014-07-09 2018-01-02 武汉邮电科学研究院 一种基于安全等级划分的混合云存储系统及方法
US9942763B2 (en) * 2015-11-19 2018-04-10 Beijing Nanbao Technology Co., Ltd. Method and apparatus of triggering applications in a wireless environment
CN107124271B (zh) * 2017-04-28 2020-12-04 成都梆梆信息技术咨询服务有限公司 一种数据加密、解密方法和设备
CN107426170B (zh) * 2017-05-24 2019-08-09 阿里巴巴集团控股有限公司 一种基于区块链的数据处理方法及设备
CN107294709A (zh) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 一种区块链数据处理方法、装置及系统
CN107483446A (zh) * 2017-08-23 2017-12-15 上海点融信息科技有限责任公司 用于区块链的加密方法、设备以及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506493A (zh) * 2016-10-27 2017-03-15 摩登大道时尚电子商务有限公司 基于区块链平台的数据处理方法
CN107240001A (zh) * 2017-06-06 2017-10-10 北京汇通金财信息科技有限公司 一种数字资产的交易方法和系统
CN107465656A (zh) * 2017-06-14 2017-12-12 广州宏和网络科技有限公司 一种基于云计算的安防监控大数据处理方法及系统
CN107292181A (zh) * 2017-06-20 2017-10-24 无锡井通网络科技有限公司 基于区块链的数据库系统及使用该系统的使用方法

Also Published As

Publication number Publication date
CN108900464B (zh) 2021-07-23
CN108900464A (zh) 2018-11-27

Similar Documents

Publication Publication Date Title
WO2019205380A1 (zh) 电子装置、基于区块链的数据处理方法、程序和计算机存储介质
US10410018B2 (en) Cryptographic assurances of data integrity for data crossing trust boundaries
US11831782B2 (en) Method and system for verification of identity attribute information
CN109643359B (zh) 控制密钥-值存储的验证
US10200198B2 (en) Making cryptographic claims about stored data using an anchoring system
US9875370B2 (en) Database server and client for query processing on encrypted data
US9350714B2 (en) Data encryption at the client and server level
US9455963B1 (en) Long term encrypted storage and key management
US9881164B1 (en) Securing data
US10324774B2 (en) Kernel program including relational database, and method and apparatus for executing said program
US8234283B2 (en) Search reporting apparatus, method and system
CN111670436B (zh) 数据库系统
CN108429638B (zh) 一种服务器运维方法、装置、系统及电子设备
TWI627554B (zh) 阻擋非授權應用程式方法以及使用該方法的裝置
WO2021151346A1 (zh) 基于区块链的医疗数据调用方法、装置、电子设备及介质
WO2019205389A1 (zh) 电子装置、基于区块链的身份验证方法、程序和计算机存储介质
TWI724684B (zh) 用於執行經過身分驗證的加密操作的方法、系統及裝置
CN114826736A (zh) 信息共享方法、装置、设备及存储介质
JP2012248940A (ja) データ生成装置、データ生成方法、データ生成プログラム及びデータベースシステム
CN112862484A (zh) 一种基于多端交互的安全支付方法及装置
WO2022252880A1 (zh) 数据处理方法及其装置、系统、存储介质
CN111934882B (zh) 基于区块链的身份认证方法、装置、电子设备及存储介质
WO2022073336A1 (zh) 安全支付方法、装置、电子设备及存储介质
US20240039721A1 (en) Using non-fungible tokens (nfts) to securely store and share encrypted data
US11829498B2 (en) Real-time dynamic blockchain securitization platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18916476

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18916476

Country of ref document: EP

Kind code of ref document: A1