WO2020088108A1 - Procédé et appareil d'attestation de données à base de chaîne de blocs, et dispositif électronique - Google Patents

Procédé et appareil d'attestation de données à base de chaîne de blocs, et dispositif électronique Download PDF

Info

Publication number
WO2020088108A1
WO2020088108A1 PCT/CN2019/104943 CN2019104943W WO2020088108A1 WO 2020088108 A1 WO2020088108 A1 WO 2020088108A1 CN 2019104943 W CN2019104943 W CN 2019104943W WO 2020088108 A1 WO2020088108 A1 WO 2020088108A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
computing environment
private key
terminal device
secure computing
Prior art date
Application number
PCT/CN2019/104943
Other languages
English (en)
Chinese (zh)
Inventor
王林青
蒋海滔
张鸿
翁欣雨
李富强
林锋
吴军
曾晓东
杨磊
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020088108A1 publication Critical patent/WO2020088108A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and in particular to a blockchain-based data certification method and device, and electronic equipment.
  • Blockchain technology also known as distributed ledger technology, is an emerging technology in which several computing devices jointly participate in "bookkeeping" and jointly maintain a complete distributed database.
  • Blockchain technology has the characteristics of decentralization, openness and transparency, each computing device can participate in database records, and data synchronization can be quickly performed between computing devices, making blockchain technology widely used in many fields. To apply.
  • This specification proposes a blockchain-based data storage method, which is applied to terminal devices; wherein the terminal device is equipped with a secure computing environment, and the secure computing environment stores a private key corresponding to the terminal device
  • the method includes:
  • Sign the data digest based on the private key corresponding to the terminal device in the secure computing environment and publish the signed data digest to the blockchain to allow the nodes in the blockchain
  • the device verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified in the blockchain for data certification.
  • signing the data digest based on the private key corresponding to the terminal device in the secure computing environment includes:
  • the data digest is signed based on the private key corresponding to the terminal device in the secure computing environment.
  • a key generation algorithm is stored in the secure computing environment
  • the method also includes:
  • the generated private key is bound to the user's identity information, and the binding relationship is stored in the secure computing environment.
  • signing the data digest based on the private key corresponding to the terminal device in the secure computing environment includes:
  • the secure computing environment also stores device authentication information signed based on the private key held by the manufacturer of the terminal device;
  • the method Before signing the data digest based on the private key in the secure computing environment, the method further includes:
  • signing the data digest based on the private key corresponding to the terminal device in the secure computing environment, and publishing the signed target data to the blockchain includes:
  • the data digest and the description information of the target data are overall signed based on the private key corresponding to the terminal device, and the signed data digest and the description data are published To the blockchain certificate; or,
  • the description data includes: a collection time, a collection location of the target data, and a combination of one or more of the objects related to the target data.
  • the terminal device includes a law enforcement recorder or a driving recorder;
  • the target data includes one or a combination of video data, audio data, and image data.
  • This specification also proposes a blockchain-based data certificate storage device, which is applied to terminal devices; wherein the terminal device is equipped with a secure computing environment, and the secure computing environment stores a private key corresponding to the terminal device ,
  • the device includes:
  • Acquisition module to acquire the collected target data
  • a calculation module to calculate a data summary of the target data
  • the certificate storage module signs the data digest based on the private key corresponding to the terminal device in the secure computing environment, and publishes the signed data digest to the blockchain to allow the block
  • the node device in the chain verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified in the blockchain for data certification.
  • the certificate storage module further:
  • the data digest is signed based on the private key corresponding to the terminal device in the secure computing environment.
  • a key generation algorithm is stored in the secure computing environment
  • the acquisition module further:
  • the certificate storage module further:
  • identity authentication for the user based on the identity information obtained by the obtaining module; if the identity authentication for the user is passed, calling the key generation algorithm in the secure computing environment to generate the private A key and a public key; and, binding the generated private key with the identity information of the user, and storing the binding relationship in the secure computing environment.
  • the certificate storage module further:
  • the secure computing environment also stores device authentication information signed based on the private key held by the manufacturer of the terminal device;
  • the certificate storage module further:
  • the data digest Before signing the data digest based on the private key in the secure computing environment, verify the signature of the device authentication information based on the public key corresponding to the private key held by the manufacturer of the terminal device; If the verification is passed, it is determined that the terminal device is a legal terminal device produced by the manufacturer, and the data digest is further signed based on the private key corresponding to the terminal device in the secure computing environment.
  • certificate storage module
  • the data digest and the description information of the target data are overall signed based on the private key corresponding to the terminal device, and the signed data digest and the description data are published To the blockchain certificate; or,
  • the description data includes: a collection time, a collection location of the target data, and a combination of one or more of the objects related to the target data.
  • the terminal device includes a law enforcement recorder or a driving recorder;
  • the target data includes one or a combination of video data, audio data, and image data.
  • This manual also proposes an electronic device, including:
  • Memory for storing machine executable instructions
  • the electronic device is equipped with a secure computing environment, and a private key corresponding to the electronic device is stored in the secure computing environment;
  • Sign the data digest based on the private key corresponding to the electronic device in the secure computing environment and publish the signed data digest to the blockchain to allow the nodes in the blockchain
  • the device verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified in the blockchain for data certification.
  • the terminal device is equipped with a secure computing environment, and the private key corresponding to the terminal device is stored in the secure computing environment, so that the terminal device will collect
  • terminal devices no longer need to deposit the original content of the collected data on the blockchain, but the original content of the collected data Store locally, and deposit the data summary of the original content on the blockchain, so that the terminal device can serve as the hub of the physical world and the on-chain world, and it is more convenient to deposit the collected data on the blockchain;
  • the third party that obtains the data collected by the terminal since the data summary of the obtained data is matched with the data summary of the data stored on the blockchain, the obtained data can be conveniently Perform legality verification; therefore, the data collected by the terminal device can be submitted to third parties as evidence, which can significantly improve the availability of the data collected by the terminal device.
  • FIG. 1 is a flowchart of a blockchain-based data certification method provided by an exemplary embodiment.
  • FIG. 2 is a schematic structural diagram of an electronic device provided by an exemplary embodiment.
  • FIG. 3 is a block diagram of a blockchain-based data certification device provided by an exemplary embodiment.
  • this specification proposes a technical solution that uses the terminal device as the hub of the physical world and the on-chain world to more conveniently store the data it collects on the blockchain.
  • the hardware environment of the terminal device can be improved, a secure computing environment can be built in the hardware environment of the terminal device, and the private key corresponding to the terminal device can be stored and maintained in the secure computing environment.
  • a security chip can be mounted in the hardware environment of the law enforcement recorder or a driving recorder, and a secure computing environment can be built based on the security chip. Store and maintain the private key held by the law enforcement recorder or driving recorder, and provide a secure computing environment for the law enforcement recorder or driving recorder.
  • the terminal device can obtain the collected data and calculate the data summary of the collected data, and then based on the private corresponding to the terminal device in the secure computing environment Key, sign the calculated data digest, and then publish the signed data digest to the blockchain.
  • the node device in the blockchain can obtain the public key corresponding to the private key of the terminal device, and then verify the signature of the data digest based on the public key; if After the signature is verified, the data digest can be stored in the blockchain for data certification.
  • the terminal device is equipped with a secure computing environment, and the private key corresponding to the terminal device is stored in the secure computing environment, so that the terminal device will collect
  • terminal devices no longer need to deposit the original content of the collected data on the blockchain, but the original content of the collected data Store locally, and deposit the data summary of the original content on the blockchain, so that the terminal device can serve as the hub of the physical world and the on-chain world, and it is more convenient to deposit the collected data on the blockchain;
  • the third party that obtains the data collected by the terminal since the data summary of the obtained data is matched with the data summary of the data stored on the blockchain, the obtained data can be conveniently Perform legality verification; therefore, the data collected by the terminal device can be submitted to third parties as evidence, which can significantly improve the availability of the data collected by the terminal device.
  • FIG. 1 is a blockchain-based data certification method provided in an embodiment of the present specification, which is applied to a terminal device, wherein the terminal device is equipped with a secure computing environment, and the secure computing environment The private key corresponding to the terminal device is stored and the following steps are performed:
  • Step 102 Obtain the collected target data
  • Step 104 Calculate the data summary of the target data
  • Step 106 sign the data digest based on the private key corresponding to the terminal device in the secure computing environment, and publish the signed data digest to the blockchain, so that the blockchain
  • the node device in verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified for data in the blockchain.
  • the blockchain described in this specification may specifically include private chains, shared chains, and alliance chains, etc., and is not particularly limited in this specification.
  • the above-mentioned blockchain may specifically be a consortium chain consisting of a server of a third-party payment platform, a domestic bank server, an overseas bank server, and several user node devices as member devices.
  • the operator of the alliance chain can rely on the alliance chain to deploy online services such as cross-border transfer and asset transfer based on the alliance chain online.
  • the above terminal device may include any form of terminal device that can join the blockchain as a node device and deposit the collected data on the blockchain;
  • the terminal device may specifically include a law enforcement recorder or a driving recorder.
  • Law enforcement recorders or driving recorders can be added to the blockchain as nodes, and the collected streaming data such as video data and audio data can be stored on the blockchain for certification.
  • storing data on the blockchain refers to using the data as evidence for persistent storage in the blockchain.
  • the above target data including any type of data collected by the terminal device, needs to be completed in the distributed database of the blockchain for data certification;
  • the above target data may specifically be stream data such as video data, audio data, and image data collected by terminal devices such as law enforcement recorders or driving recorders.
  • the specific way to build a secure computing environment in the hardware environment of the terminal device is not particularly limited in this specification.
  • a solution based on SE can be used to build a secure computing environment for terminal devices.
  • SE hardware can be introduced into the hardware environment of the terminal device (either hardware built into the terminal ’s hardware environment or hardware externally connected to the terminal through the interface), using SE hardware to store and Maintain the private key of the terminal equipment, and provide a secure computing environment for the terminal equipment.
  • a solution based on TEE can be used to build a secure computing environment for terminal devices.
  • TEE Trusted Execution, Trusted Execution Environment
  • a solution based on SE + TEE can be adopted to build a secure computing environment for terminal devices.
  • SE hardware can be used to store and maintain the private key of the terminal device
  • TEE can be used to provide a secure computing environment for the terminal device.
  • the above terminal device can be added as a node device to the blockchain (also known as device on-chain), and the private key corresponding to the terminal device is performed in a secure computing environment built for the terminal device Storage and maintenance.
  • the private key corresponding to the terminal device may specifically be a private key held by the terminal device or a private key held by a user who uses the terminal device.
  • the "private key corresponding to the terminal device" described in this specification may specifically be the private key generated by the terminal device manufacturer for the terminal device in the device production stage and held by the terminal device; also It may be a private key generated by the terminal device for the user when the user uses the terminal device, and held by the user personally.
  • the private key and the public key held by the terminal device can be generated by the device manufacturer for the terminal device during the device production stage, and the private key is written into the terminal device by the device manufacturer in advance Storage and maintenance in a secure computing environment.
  • the private key and public key held by the terminal device are not related to the identity of the user who uses the terminal device. For different users of the terminal device, they can share the same private key written by the device manufacturer in the secure computing environment of the terminal device by default.
  • the private key and the public key held by the terminal device can also be generated by the terminal device for the user of the terminal device, and the terminal device can automatically write the private key to the Safe computing environment for terminal equipment.
  • the private key and the public key generated by the terminal device can be associated with the identity of the user of the terminal device, and the terminal device can generate one for each user based on the identity information of the different user. Bind the private key and the public key, and bind the generated private key with the identity information of each user, and then store and maintain the binding relationship in a secure computing environment.
  • the manufacturer of the terminal device may write the key generation algorithm into the secure computing environment of the terminal device in advance.
  • the terminal device may prompt the user to input identity information for identity authentication;
  • the data type of the identity information input by the user and the identity authentication method adopted by the terminal device are not particularly limited in this specification; for example, a traditional authentication method such as entering a password or a password may also be used. Authentication methods such as fingerprints or human faces.
  • the terminal device After the terminal device obtains the identity information input by the user, it can determine whether the private key bound to the identity information is stored in the secure computing environment; if the private key bound to the identity information is not stored in the secure computing environment, It indicates that the user is a new user using the terminal device for the first time. At this time, the terminal device can authenticate the user based on the obtained identity information; if the identity authentication for the user is passed, the terminal device can be in the above security Call the above key generation algorithm in the computing environment to generate a pair of private and public keys, and bind the generated private key with the user's identity information, and then store and maintain the binding relationship in the above secure computing environment .
  • users can use terminal devices to collect data, and deposit the collected data on the blockchain through the terminal device.
  • the terminal device only needs to store the collected data locally, and save the data summary of the collected data on the blockchain, and it is no longer necessary to store the original data collected.
  • the content is stored on the blockchain.
  • the terminal device can check the streaming data according to a preset time period Ways to conduct shard deposit certificate;
  • the terminal device can take the video data every N minutes as a shard, calculate the data summary of the shard, and then deposit the data summary of the shard in the blockchain, and strictly Ensure the chronological order of the data summary of each shard stored on the blockchain to facilitate backtracking.
  • the terminal device when the terminal device needs to collect the collected target data on the blockchain, it can first calculate the data summary of the target data; for example, the data summary can be calculated based on a specific hash algorithm The hash value of the target data; then, the terminal device can sign the data digest based on the private key stored in the secure computing environment in the secure computing environment.
  • device authentication information after signing based on the private key held by the manufacturer of the terminal device can also be stored and maintained; for example, the device The authentication information can be written into the secure computing environment for storage and maintenance after the device manufacturer signs the signature based on the held private key at the device generation stage.
  • the above-mentioned device authentication information may specifically be any form of information for legally authenticating the terminal device; for example, the above-mentioned device authentication information may specifically be such as the production number of the terminal device or other forms of anti-counterfeiting information.
  • the terminal device can obtain the key corresponding to the private key held by the manufacturer of the terminal device before signing the data digest based on the private key stored in the secure computing environment in the secure computing environment.
  • the public key and based on the obtained public key, verify the signature of the device authentication information; if the verification is passed, it can be determined that the terminal device is a legitimate terminal device produced by the manufacturer; at this time, the terminal device performs further, In a secure computing environment, the process of signing the data digest based on the private key stored in the secure computing environment.
  • the private key stored and maintained in the secure computing environment of the terminal device is the private key generated by the device manufacturer for the terminal device during the device production stage and held by the terminal device;
  • an identity authentication mechanism for the user of the terminal device can be introduced to prompt the user to enter identity information for identity authentication; when the terminal device obtains the identity information entered by the user, the user can use the identity information based on the obtained identity information.
  • the user performs identity authentication; if the identity authentication for the user is passed, the terminal device can sign the data digest in the secure computing environment based on the private key held and maintained by the terminal device in the secure computing environment deal with.
  • the terminal device autonomously generates the private key generated by the user and held by the user; at this time, the secure computing environment The binding relationship between the user's identity information and the private key is stored and maintained in advance.
  • the terminal device after the terminal device obtains the identity information input by the user, it can query the binding relationship maintained in the secure computing environment to determine whether the private key bound to the identity information is stored in the secure computing environment; If the private key bound to the identity information is stored in the secure computing environment, the terminal device can sign the data summary based on the queried private key in the secure computing environment.
  • the terminal device can identify the user based on the obtained identity information.
  • Perform identity authentication and after the identity authentication is passed, call the key generation algorithm stored in the secure computing environment to generate the private key and public key for the user, and use the generated private key to sign the data digest; and , Bind the generated private key with the user's identity information, and then store and maintain the binding relationship in a secure computing environment.
  • the terminal device when the terminal device is in a secure computing environment, based on the private key stored in the secure computing environment, after the signature digest of the collected target data is completed, the signed data digest can be placed in the block Publish in the chain;
  • a blockchain transaction can be constructed based on the signed data digest, and the transaction can be broadcast and diffused to other node devices.
  • the node device in the blockchain can obtain the public key corresponding to the private key stored in the secure computing environment, and then verify the signature of the data digest based on the obtained public key; If the signature verification of the data digest is passed, the node device can initiate consensus processing on the data digest in the blockchain, and after the data digest consensus processing is passed, package the data digest into the block in the blockchain Store to complete the data certification for the data summary.
  • the consensus mechanism adopted by the blockchain described in this specification is not particularly limited in this specification. In practical applications, the operator of the blockchain can flexibly based on actual needs select.
  • the terminal device when the terminal device collects the target data, when depositing on the blockchain, it can also describe the target data and the data summary of the target data. And deposit certificates on the blockchain.
  • the terminal device in the secure computing environment based on the private key stored in the secure computing environment, when signing the data summary of the target data, the data summary and the description information of the target data can be signed as a whole
  • the data summary and the description information of the target data are packaged and signed as a whole; then, the signed data summary and the description data of the above target data are released to the blockchain for data certification.
  • the terminal device may construct a blockchain transaction based on the signed data digest and the above-mentioned target data description data, and broadcast the transaction to other node devices for broadcast diffusion.
  • the terminal device in the secure computing environment signs the data digest of the target data based on the private key stored in the secure computing environment, it may also sign only the data digest; then , The description data of the above target data, and the signed data summary, are released to the blockchain for data certification.
  • the terminal device may construct a blockchain transaction based on the description data of the target data and the signed data summary, and broadcast the transaction to other node devices for broadcast diffusion.
  • the specific content contained in the description information of the above target data is not particularly limited in this specification, and in practical applications, it can cover any content related to the above target data;
  • the data collection time, collection location, and data-related objects are usually extremely important attributes of the data as evidence documents; therefore, in this specification, the description information of the above target data, Specifically, it may include a collection time, a collection location of the target data, and a combination of one or more of the objects related to the target data.
  • the target data collection time may specifically be the terminal authority interacts with the time authentication center when the target data is collected, and obtains the authoritative authorized time obtained from the time authentication center ( Timestamp).
  • the collection location of the target data may be an accurate collection location obtained by calling the positioning module (such as a GPS module) carried by the terminal device in real time when the terminal device collects the target data.
  • the object related to the above target data may be a related object manually input by a legal user of the terminal device after the terminal device collects the target data.
  • the description information of the video data may specifically include the authoritative and authorized moments acquired from the time certification center
  • the law enforcement recorder calls the precise collection location obtained by the positioning module in real time, and the vehicle information and driver information related to the video data input by the law enforcement officer.
  • the terminal device is equipped with a secure computing environment, and the private key corresponding to the terminal device is stored in the secure computing environment, so that the terminal device will collect
  • terminal devices no longer need to deposit the original content of the collected data on the blockchain, but the original content of the collected data Store locally, and deposit the data summary of the original content on the blockchain, so that the terminal device can serve as the hub of the physical world and the on-chain world, and it is more convenient to deposit the collected data on the blockchain;
  • the third party that obtains the data collected by the terminal since the data summary of the obtained data is matched with the data summary of the data stored on the blockchain, the obtained data can be conveniently Perform legality verification; therefore, the data collected by the terminal device can be submitted to third parties as evidence, which can significantly improve the availability of the data collected by the terminal device.
  • the third-party institution when the user submits the flow data collected by the law enforcement recorder or driving recorder as evidence to a third-party institution (such as a judicial institution or an insurance company), the third-party institution only needs to recalculate the data summary of the obtained data
  • the data summary of the data matches the data summary of the data stored on the blockchain, so that the legality of the obtained data can be conveniently verified, so that in this way, the law enforcement recorder or driving recorder can be significantly improved
  • this specification also provides an embodiment of a blockchain-based data storage device.
  • the embodiment of the blockchain-based data certification device of this specification can be applied to electronic devices.
  • the electronic device is equipped with a secure computing environment, and a private key corresponding to the electronic device is stored in the secure computing environment.
  • the device embodiments may be implemented by software, or by hardware or a combination of hardware and software. Taking software implementation as an example, as a logical device, it is formed by reading the corresponding computer program instructions in the non-volatile memory into the memory through the processor of the electronic device where it is located.
  • FIG. 2 it is a hardware structure diagram of the electronic equipment where the blockchain-based data certification device is located in this specification, except for the processor, memory, network interface, and In addition to the non-volatile memory, the electronic device in which the apparatus is located in the embodiment generally may include other hardware according to the actual function of the electronic device, which will not be repeated here.
  • FIG. 3 is a block diagram of a blockchain-based data certification device shown in an exemplary embodiment of this specification.
  • the blockchain-based data certification device 30 can be applied to the aforementioned electronic device shown in FIG. 2, including: an acquisition module 301, a calculation module 302 and a certification module 303.
  • the obtaining module 301 obtains the collected target data
  • the calculation module 302 calculates the data summary of the target data
  • the certificate storage module 303 signs the data digest based on the private key corresponding to the electronic device in the secure computing environment, and publishes the signed data digest to the blockchain to allow
  • the node device in the blockchain verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified in the blockchain for data certification.
  • the certificate storage module 303 further:
  • the data digest is signed based on the private key corresponding to the electronic device in the secure computing environment.
  • a key generation algorithm is stored in the secure computing environment
  • the obtaining module 301 further:
  • the certificate storage module 303 further:
  • the acquiring module 301 Based on the identity information acquired by the acquiring module 301, perform identity authentication for the user; if the identity authentication for the user is passed, call the key generation algorithm in the secure computing environment to generate the A private key and a public key; and, binding the generated private key with the identity information of the user, and storing the binding relationship in the secure computing environment.
  • the certificate storage module 303 further:
  • the secure computing environment also stores device authentication information signed based on the private key held by the manufacturer of the electronic device;
  • the certificate storage module 303 further:
  • the data digest Before signing the data digest based on the private key in the secure computing environment, verifying the signature of the device authentication information based on the public key corresponding to the private key held by the manufacturer of the electronic device; If the verification is passed, it is determined that the electronic device is a legitimate electronic device produced by the manufacturer, and the data digest is further signed based on the private key corresponding to the electronic device in the secure computing environment.
  • the certificate storage module 303 the certificate storage module 303:
  • the data digest and the description information of the target data are overall signed, and the signed data digest and the description data are published To the blockchain certificate; or,
  • the description data includes: a collection time of the target data, a collection location, and a combination of one or more of the objects related to the target data.
  • the electronic device includes a law enforcement recorder or a driving recorder;
  • the target data includes one or a combination of one of video data, audio data, and image data.
  • the relevant parts can be referred to the description of the method embodiments.
  • the device embodiments described above are only schematic, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, may be located in One place, or can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the objectives of the solution in this specification. Those of ordinary skill in the art can understand and implement without paying creative labor.
  • the system, device, module or module explained in the above embodiments may be implemented by a computer chip or entity, or by a product with a certain function.
  • a typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet computer, wearable device, or any combination of these devices.
  • the electronic device includes: a processor and a memory for storing machine-executable instructions; wherein, the processor and the memory are usually connected to each other through an internal bus.
  • the device may also include an external interface to be able to communicate with other devices or components.
  • the electronic device is equipped with a secure computing environment, and a private key corresponding to the electronic device is stored in the secure computing environment;
  • Sign the data digest based on the private key corresponding to the electronic device in the secure computing environment and publish the signed data digest to the blockchain to allow the nodes in the blockchain
  • the device verifies the signature of the data digest based on the public key corresponding to the private key, and after the signature verification is passed, the data digest is verified in the blockchain for data certification.
  • the data digest is signed based on the private key corresponding to the electronic device in the secure computing environment.
  • a key generation algorithm is stored in the secure computing environment
  • the generated private key is bound to the user's identity information, and the binding relationship is stored in the secure computing environment.
  • the secure computing environment also stores device authentication information signed based on the private key held by the manufacturer of the electronic device;
  • the data digest and the description information of the target data are overall signed, and the signed data digest and the description data are published To the blockchain certificate; or,

Abstract

L'invention concerne un procédé d'attestation de données à base de chaîne de blocs, qui est appliqué à un équipement terminal, l'équipement terminal étant monté avec un environnement informatique sécurisé, et une clé privée correspondant à l'équipement terminal étant stockée dans l'environnement informatique sécurisé. Le procédé consiste à : obtenir des données cibles collectées ; calculer un condensé de données des données cibles ; signer le condensé de données sur la base de la clé privée correspondant à l'équipement terminal dans l'environnement informatique sécurisé, et publier le condensé de données signé sur une chaîne de blocs, de sorte qu'un dispositif de nœud dans la chaîne de blocs vérifie la signature du condensé de données sur la base d'une clé publique correspondant à la clé privée, et une fois que la vérification de signature est effectuée, une attestation de données est effectuée pour le condensé de données dans la chaîne de blocs.
PCT/CN2019/104943 2018-10-31 2019-09-09 Procédé et appareil d'attestation de données à base de chaîne de blocs, et dispositif électronique WO2020088108A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811289558.0A CN109660350A (zh) 2018-10-31 2018-10-31 基于区块链的数据存证方法及装置、电子设备
CN201811289558.0 2018-10-31

Publications (1)

Publication Number Publication Date
WO2020088108A1 true WO2020088108A1 (fr) 2020-05-07

Family

ID=66110371

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/104943 WO2020088108A1 (fr) 2018-10-31 2019-09-09 Procédé et appareil d'attestation de données à base de chaîne de blocs, et dispositif électronique

Country Status (3)

Country Link
CN (1) CN109660350A (fr)
TW (1) TWI701573B (fr)
WO (1) WO2020088108A1 (fr)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109660350A (zh) * 2018-10-31 2019-04-19 阿里巴巴集团控股有限公司 基于区块链的数据存证方法及装置、电子设备
CN113793151A (zh) * 2018-11-28 2021-12-14 创新先进技术有限公司 基于区块链的数据存证方法及装置、电子设备
CN115632854A (zh) * 2019-04-30 2023-01-20 创新先进技术有限公司 一种基于区块链的数据处理方法和装置
CN110263583B (zh) * 2019-05-17 2020-09-08 阿里巴巴集团控股有限公司 一种基于区块链的侵权存证方法、装置及电子设备
CN113240519A (zh) * 2019-05-30 2021-08-10 创新先进技术有限公司 基于区块链的智能合约管理方法及装置、电子设备
CN110445617B (zh) * 2019-07-16 2022-05-03 创新先进技术有限公司 一种基于区块链的车辆停靠图像存储方法、装置及系统
CN110365928A (zh) * 2019-07-16 2019-10-22 阿里巴巴集团控股有限公司 一种基于区块链的驾考录像存储方法、装置及系统
CN110414203B (zh) * 2019-07-26 2022-06-17 郑州大学 一种基于区块链技术的互联网医疗身份认证方法
CN110609869B (zh) * 2019-09-10 2023-04-07 连连银通电子支付有限公司 一种基于区块链的数据存储方法、相关设备及存储介质
CN111130751A (zh) * 2019-11-04 2020-05-08 杭州云萃流图网络科技有限公司 基于区块链的约定信息处理方法、装置、系统及电子设备
CN112966042A (zh) * 2019-12-12 2021-06-15 成都鼎桥通信技术有限公司 一种基于区块链的执法记录仪信息处理方法及系统
CN111191240B (zh) * 2019-12-30 2023-04-07 蚂蚁区块链科技(上海)有限公司 互联网电子证据的采集方法、装置及设备
CN113794569B (zh) * 2020-02-27 2023-10-13 支付宝(杭州)信息技术有限公司 基于区块链的物资盘点数据提供方法、装置及系统
CN111786791A (zh) * 2020-06-16 2020-10-16 湖南天河国云科技有限公司 一种基于区块链的工业互联网数据采集方法及网关
CN112073728A (zh) * 2020-08-29 2020-12-11 富盛科技股份有限公司 视频处理方法、装置、电子设备及计算机可读存储介质
CN112257107A (zh) * 2020-10-23 2021-01-22 上海万向区块链股份公司 一种基于区块链的存证验证方法及系统
CN112291067B (zh) * 2020-11-02 2023-02-07 路玉太 一种业务操作记录及操作验证方法、装置
CN112583587B (zh) * 2020-12-11 2022-11-01 杭州趣链科技有限公司 一种数字身份构建方法、系统、管理设备及存储介质
CN112560104B (zh) * 2021-01-17 2022-07-19 金网络(北京)电子商务有限公司 一种基于云计算和区块链的数据存储方法及安全信息平台
CN113037496B (zh) * 2021-03-15 2022-11-04 承德石油高等专科学校 一种基于区块链技术视频采集装置及其方法
TWI818344B (zh) * 2021-11-01 2023-10-11 神達數位股份有限公司 影像資料管理方法及系統
CN115694790B (zh) * 2023-01-04 2023-06-23 广东安证计算机司法鉴定所 基于量子安全的数字资产存证方法、装置、设备及介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277020A (zh) * 2017-06-23 2017-10-20 国民认证科技(北京)有限公司 基于公私钥体制的远程验证移动设备合法性的系统和方法
CN107480451A (zh) * 2017-08-15 2017-12-15 济南浪潮高新科技投资发展有限公司 基于区块链技术的快速验证电子病历完整性的解决方法
CN108616539A (zh) * 2018-05-03 2018-10-02 东莞市翔实信息科技有限公司 一种区块链交易记录访问的方法及系统
CN109583230A (zh) * 2018-10-31 2019-04-05 阿里巴巴集团控股有限公司 基于区块链的数据存证方法及装置、电子设备
CN109660350A (zh) * 2018-10-31 2019-04-19 阿里巴巴集团控股有限公司 基于区块链的数据存证方法及装置、电子设备
US10298395B1 (en) * 2018-09-26 2019-05-21 Accenture Global Solutions Limited Interoperability of zero-knowledge proof enabled blockchains

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10402792B2 (en) * 2015-08-13 2019-09-03 The Toronto-Dominion Bank Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers
CN105975868A (zh) * 2016-04-29 2016-09-28 杭州云象网络技术有限公司 一种基于区块链的证据保全方法及装置
US9992022B1 (en) * 2017-02-06 2018-06-05 Northern Trust Corporation Systems and methods for digital identity management and permission controls within distributed network nodes
CN107248074A (zh) * 2017-03-29 2017-10-13 阿里巴巴集团控股有限公司 一种基于区块链的业务处理方法及设备
CN107222303A (zh) * 2017-05-11 2017-09-29 暨南大学 基于区块链和云平台的数字版权追溯系统建设方法
CN107169125B (zh) * 2017-05-31 2020-12-18 北京小米移动软件有限公司 多媒体资源的投放统计数据获取方法及装置
CN107292621B (zh) * 2017-06-22 2020-10-27 丁江 海量数据确权存证方法和节点
CN107862215B (zh) * 2017-09-29 2020-10-16 创新先进技术有限公司 一种数据存储方法、数据查询方法及装置
CN108055133B (zh) * 2017-12-12 2020-02-14 江苏安凰领御科技有限公司 一种基于区块链技术的密钥安全签名方法
CN108717431A (zh) * 2018-05-11 2018-10-30 中国科学院软件研究所 一种基于区块链的电子证据存证、验证方法及系统
CN108632381B (zh) * 2018-05-14 2020-09-29 浪潮集团有限公司 一种基于区块链的环境监督方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277020A (zh) * 2017-06-23 2017-10-20 国民认证科技(北京)有限公司 基于公私钥体制的远程验证移动设备合法性的系统和方法
CN107480451A (zh) * 2017-08-15 2017-12-15 济南浪潮高新科技投资发展有限公司 基于区块链技术的快速验证电子病历完整性的解决方法
CN108616539A (zh) * 2018-05-03 2018-10-02 东莞市翔实信息科技有限公司 一种区块链交易记录访问的方法及系统
US10298395B1 (en) * 2018-09-26 2019-05-21 Accenture Global Solutions Limited Interoperability of zero-knowledge proof enabled blockchains
CN109583230A (zh) * 2018-10-31 2019-04-05 阿里巴巴集团控股有限公司 基于区块链的数据存证方法及装置、电子设备
CN109660350A (zh) * 2018-10-31 2019-04-19 阿里巴巴集团控股有限公司 基于区块链的数据存证方法及装置、电子设备

Also Published As

Publication number Publication date
TWI701573B (zh) 2020-08-11
CN109660350A (zh) 2019-04-19
TW202018569A (zh) 2020-05-16

Similar Documents

Publication Publication Date Title
WO2020088108A1 (fr) Procédé et appareil d'attestation de données à base de chaîne de blocs, et dispositif électronique
TWI741314B (zh) 基於區塊鏈的資料存證方法及裝置、電子設備
TW202018571A (zh) 基於區塊鏈的資料存證方法及裝置、電子設備
CN108898389B (zh) 基于区块链的内容验证方法及装置、电子设备
TWI694709B (zh) 基於區塊鏈的電子簽名方法及裝置、電子設備
US11170092B1 (en) Document authentication certification with blockchain and distributed ledger techniques
WO2020108114A1 (fr) Procédé et appareil d'attestation de données sur la base d'une chaîne de blocs et dispositif électronique
US11334882B1 (en) Data access management on a distributed ledger system
TW202024944A (zh) 資料共享方法、裝置及系統、電子設備
CN110958319B (zh) 一种基于区块链的侵权存证管理方法及装置
WO2020000770A1 (fr) Procédé et appareil basés sur une chaîne de blocs pour rechercher des informations d'engagement, et dispositif informatique
CN110800254A (zh) 用于生成数字标记的系统和方法
WO2020108130A1 (fr) Procédé et appareil de traitement de service basé sur une chaîne de blocs, et dispositif électronique
US20220021528A1 (en) Secure storage techniques utilizing consortium distributed ledgers
CN110969531A (zh) 借款存证、在线查证方法及其系统
Xu et al. Blockchain-based transparency framework for privacy preserving third-party services
CN113779637B (zh) 一种属性数据处理方法、装置、设备以及介质
WO2021223653A1 (fr) Procédés et dispositifs de protection et de vérification de transition d'état d'enregistrement
WO2021139605A1 (fr) Procédés et dispositifs de fourniture de vérification d'identité décentralisée
CN117155553A (zh) 一种存证方法、装置、介质和设备
WO2021223661A1 (fr) Procédés et dispositifs de protection et de vérification d'informations d'état d'enregistrement
CN116244758A (zh) 基于区块链的电子合约固化方法、装置、设备及存储介质
CN115576944A (zh) 基于区块链的电子证照认证方法及装置
CN116091063A (zh) 交易处理方法、电子设备及可读存储介质
CN112801659A (zh) 基于智能合约的隐私交易处理方法、装置及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19879595

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19879595

Country of ref document: EP

Kind code of ref document: A1