WO2020108019A1 - Consortium blockchain-based data transfer method and device - Google Patents

Consortium blockchain-based data transfer method and device Download PDF

Info

Publication number
WO2020108019A1
WO2020108019A1 PCT/CN2019/106022 CN2019106022W WO2020108019A1 WO 2020108019 A1 WO2020108019 A1 WO 2020108019A1 CN 2019106022 W CN2019106022 W CN 2019106022W WO 2020108019 A1 WO2020108019 A1 WO 2020108019A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
key
ciphertext
blockchain
data
Prior art date
Application number
PCT/CN2019/106022
Other languages
French (fr)
Chinese (zh)
Inventor
姚平
姚雷
吴杰
季峰
韩松江
Original Assignee
苏宁云计算有限公司
苏宁易购集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏宁云计算有限公司, 苏宁易购集团股份有限公司 filed Critical 苏宁云计算有限公司
Priority to CA3162736A priority Critical patent/CA3162736A1/en
Publication of WO2020108019A1 publication Critical patent/WO2020108019A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the invention relates to the field of blockchain technology, in particular to a data transmission method and device based on alliance chain.
  • Blockchain is a new application model that integrates computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms. According to the degree of centralization of the blockchain network, three different application scenarios of blockchains are differentiated:
  • the whole network is open, and the blockchain without user authorization mechanism is called public chain;
  • All the nodes in the network are in the hands of an institution, called a private chain.
  • the alliance chain has more practical significance and business prospects. It can better play the role of Internet interconnection and sharing information.
  • the application scenarios of the alliance chain are gradually enriched, the requirements for the security of data transmission and privacy are becoming higher and higher.
  • the data transmission in the alliance channel mainly adopts the overall message encryption transmission technology, and the specific technologies involved include symmetric encryption, asymmetric encryption, and digital signature verification. among them:
  • Symmetric encryption technology the same key is used for encryption and decryption.
  • Asymmetric encryption technology create a key pair, the undisclosed key is called a private key, and the public key is called a public key.
  • the public key encrypts the data, and the corresponding private key decrypts it.
  • Digital signature verification technology the use of asymmetric key encryption technology and digital digest technology. Create a key pair, private key digitally sign the digital digest, and verify the corresponding public key.
  • the above method has the following problems: on the one hand, the data is encrypted and decrypted as a whole, and the receiver can only view the entire message after obtaining the key, and the sender cannot perform fine-grained control, such as only allowing the receiver to see specific parts; On the one hand, symmetric encryption has the advantages of high speed and high efficiency, but the network transmission key security is not very high, and asymmetric encryption has the advantage of high security, but the encryption and decryption speed is slow.
  • the embodiments of the present invention provide a data transmission method and device based on the alliance chain, to overcome the overall encryption and decryption in the prior art, the receiver can only view the entire message after obtaining the key, and the sender There is no fine-grained control (for example, only the receiver sees a specific part), the security of network transmission keys in symmetric encryption technology is not very high, and the speed of encryption and decryption in asymmetric encryption technology is slow.
  • a data transmission method based on a consortium chain is provided.
  • the method is applied to a first node on a blockchain.
  • the method includes the following steps:
  • the public key of the second node is used to encrypt the corresponding symmetric key, a second key ciphertext is generated, and sent to the second node through the blockchain, so that all The second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key.
  • the dividing the data into several data blocks, respectively encrypting the data blocks using different symmetric keys, generating and ciphering a number of data blocks and uploading to the blockchain after numbering specifically include:
  • a symmetric key is generated for each data block
  • the corresponding data blocks are encrypted using the symmetric keys respectively, and the ciphertext of the data blocks is generated and numbered and uploaded to the blockchain.
  • the method further includes:
  • the corresponding symmetric key is encrypted using the public key of the second node, a second key ciphertext is generated, and sent to the second through the blockchain
  • the nodes specifically include:
  • the second key ciphertext is sent to the second node through the blockchain.
  • a query rejection message is generated and sent to the second node through the blockchain.
  • a data transmission method based on a consortium chain is provided.
  • the method is applied to a second node on a blockchain.
  • the method includes the following steps:
  • a query rejection message is generated and sent to the second node through the blockchain.
  • the method further includes:
  • the obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, decrypting the ciphertext of the data block to be queried, and obtaining the required data block specifically includes:
  • a data transmission device based on a consortium chain is provided.
  • the device is applied to a first node on a blockchain.
  • the device includes at least:
  • Data segmentation module used to divide data into several data blocks
  • the first encryption module is used to respectively encrypt the plurality of data blocks using different symmetric keys, generate a number of data block ciphertexts and number them, and upload them to the blockchain;
  • the first encryption module is also used to encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
  • the first decryption module is used to decrypt the numbered ciphertext from the blockchain using the private key of the first node to obtain the number of the ciphertext of the data block to be queried of the second node, where the numbered ciphertext is
  • the node uses the public key of the first node to encrypt the number of the ciphertext of the data block to be queried;
  • the first encryption module is also used to encrypt the corresponding symmetric key using the public key of the second node to generate a second key ciphertext;
  • the sending module is used to send the second key ciphertext to the second node through the blockchain.
  • the device further includes:
  • the first generation module is used to generate a symmetric key for each data block.
  • the device further includes:
  • the second generation module is used to locally generate the public key and private key of the first node, and upload the public key of the first node to the blockchain.
  • a data transmission device based on a consortium chain is provided.
  • the device is applied to a second node on a blockchain.
  • the device includes at least:
  • the second encryption module is used to encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain to generate a numbered ciphertext;
  • the signature module is used to sign the numbered ciphertext and send it to the blockchain;
  • the obtaining module is used to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain;
  • the second decryption module is used to decrypt the ciphertext of the data block to be queried to obtain the required data block.
  • the device further includes:
  • the third generation module is used to locally generate the public key and private key of the second node, and upload the public key of the second node to the blockchain.
  • the data transmission method and device-based data sharing system based on the alliance chain provided by the embodiments of the present invention can define a block encryption strategy for the first node on the block chain.
  • the first node can be flexible Control the message access strategy and perform fine-grained control, such as only allowing the second node to see specific parts, etc., and the second node needs to be authorized by the first node to view certain blocks in the message, ensuring the controllability of the data ;
  • Fig. 1 is a flow chart showing a data transmission method based on alliance chain according to an exemplary embodiment
  • Fig. 2 is a flow chart showing dividing data into several data blocks according to an exemplary embodiment, using different symmetric keys to correspondingly encrypt data blocks, generating several data block ciphertexts and numbering them, and uploading them to the blockchain;
  • Fig. 3 shows that when a second node is allowed to query, the corresponding symmetric key is encrypted using the second node's public key to generate a second key ciphertext and sent to the Flow chart of the second node;
  • Fig. 4 is a flow chart showing a data transmission method based on alliance chain according to an exemplary embodiment
  • Fig. 5 is a flowchart illustrating obtaining a symmetric key corresponding to a ciphertext of a data block to be queried from a blockchain according to an exemplary embodiment, decrypting the ciphertext of a data block to be queried, and obtaining a required data block;
  • Fig. 6 is a schematic structural diagram of an alliance chain-based data transmission device according to an exemplary embodiment
  • Fig. 7 is a schematic structural diagram of a data transmission device based on a consortium chain according to an exemplary embodiment.
  • Fig. 1 is a flowchart of a data transmission method based on an alliance chain according to an exemplary embodiment. The method is applied to a first node on a blockchain. Referring to Fig. 1, the method includes the following steps:
  • S101 Divide the data into several data blocks, use different symmetric keys to correspondingly encrypt the several data blocks, generate and number several data block ciphertexts, and upload them to the blockchain.
  • the first node (that is, the data sender) can divide the data (that is, the plain text message) into several data blocks according to business needs, temporarily generate a symmetric key, and use the symmetric key to encrypt the data blocks respectively to generate several first Encrypted data blocks, where each data block corresponds to a symmetric key, and all symmetric keys are different, and then the number of the first encrypted data blocks are sequentially numbered, the number of the first encrypted data blocks and their The number is uploaded to the blockchain for storage. It should be noted here that the symmetric key used to encrypt the data block may also be the same.
  • S102 Use the public key of the first node to encrypt the symmetric key, generate the first key ciphertext, and upload it to the blockchain.
  • the first node before encrypting the symmetric key using the public key of the first node, the first node locally generates the public key and private key of the first node, and uploads the public key of the first node to the zone Blockchain.
  • the first node first encrypts the symmetric key using the public key of the first node to generate the first key ciphertext, and then uploads the first key ciphertext to the blockchain for storage. Since all symmetric keys are temporarily generated and encrypted using the public key of the first node and stored on the blockchain, as long as the local asymmetric private key is not lost, it can be easily recovered from the blockchain Decryption ensures the recoverability of the data. And the symmetric key is encrypted and stored on the blockchain, which can avoid the loss of the symmetric key due to the failure of the local node. In addition, uploading the public key of the first node to the blockchain can be easily shared with other users in the blockchain.
  • S103 Use the private key of the first node to decrypt the numbered ciphertext from the blockchain to obtain the number of the ciphertext of the data block to be queried of the second node, where the second node uses the first node
  • the public key of is encrypted by the number of the ciphertext of the data block to be queried.
  • the first node (that is, the data sender) listens to the data in the blockchain. After receiving the signed numbered ciphertext, it first decrypts it with its own private key to obtain the second node (that is, data reception Square) The number of the ciphertext of the data block that you want to query (that is, the number of the ciphertext of the data block to be queried).
  • S104 When allowing the second node to query, encrypt the corresponding symmetric key using the public key of the second node, generate a second key ciphertext, and send it to the second node through the blockchain, to The second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key.
  • the symmetric key used to encrypt the ciphertext of the data block to be queried is uploaded to the blockchain.
  • the obtained public key of the second node encrypts the corresponding symmetric key, generates the second key ciphertext, and uploads it to the blockchain
  • Fig. 2 is a flow chart showing dividing data into several data blocks according to an exemplary embodiment, using different symmetric keys to encrypt data blocks, generating a number of data block ciphertexts and uploading to the blockchain after numbering, refer to Fig. 2 As shown, it includes the following steps:
  • S101.1 Divide the data into several data blocks according to the type of information in the data.
  • the first node (that is, the data sender) can flexibly divide the data (that is, the message) into multiple data blocks according to service requirements.
  • a message contains three types of information: user name, mobile phone number, and email address.
  • the sending terminal can divide the message into 3 blocks.
  • the first node traverses the foregoing several data blocks, and a symmetric key is generated for each data block, that is, the symmetric key may be temporarily generated.
  • different symmetric keys are used to encrypt the corresponding data blocks to generate the first encrypted data block, the first encrypted data block is sequentially numbered, and then the first encrypted data block and its number are uploaded to the blockchain for storage, that is Different data blocks use different symmetric keys.
  • Fig. 3 shows that when a second node is allowed to query, the corresponding symmetric key is encrypted using the second node's public key to generate a second key ciphertext and sent to the
  • the flowchart of the second node includes the following steps:
  • S104.1 Use the private key of the first node to decrypt the first key ciphertext obtained from the blockchain to obtain the symmetric key.
  • the first node first obtains the first key ciphertext from the blockchain, decrypts it using its own private key, and obtains all symmetric passwords key.
  • the first node may query the symmetric key according to the number of the ciphertext of the data block to be queried or other methods, and obtain the symmetric key corresponding to the ciphertext of the data block to be queried from it.
  • the first node obtains the public key of the second node shared by the second node from the blockchain, and then uses the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the query data block to generate the second key Ciphertext.
  • the second node monitors the data in the blockchain. After the first node uploads the second key ciphertext to the blockchain, the second node obtains the second key ciphertext from the blockchain.
  • the method further includes:
  • a query rejection message is generated and sent to the second node through the blockchain.
  • the rejection message does not include the symmetric key used when encrypting the ciphertext of the data block to be queried, so the second node cannot obtain the data block to be queried.
  • Fig. 4 is a flowchart of a data transmission method based on a consortium chain according to an exemplary embodiment. The method is applied to a second node on a blockchain. Referring to Fig. 4, the method includes the following steps:
  • S201 Encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain, generate a numbered ciphertext, sign the numbered ciphertext, and send it to the blockchain.
  • the second node listens to the data in the blockchain.
  • the second node When receiving the ciphertext of the data block, if you want to query some of the data blocks, the second node will use the data obtained from the blockchain
  • the first node's public key encrypts the number of the ciphertext of the query data block, generates a numbered ciphertext, signs the numbered ciphertext, and sends it to the blockchain.
  • encrypting the number of the ciphertext of the data block to be queried and sending it to the blockchain instead of encrypting the ciphertext of the data block to be queried and sending it to the blockchain, on the one hand, it can reduce the burden of data transmission
  • the data block that the second node wants to query can be kept secret to prevent other nodes in the blockchain from obtaining the information.
  • signing the numbered ciphertext can facilitate the first node to perform identity authentication on the second node and determine whether to approve the second node's query request for the corresponding data block.
  • S202 Obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, decrypt the ciphertext of the data block to be queried, and obtain the required data block.
  • the public key and the private key of the second node are generated locally, and the public key of the second node is uploaded to the block chain.
  • Fig. 5 is a flowchart illustrating obtaining a symmetric key corresponding to a ciphertext of a data block to be queried from a blockchain according to an exemplary embodiment, decrypting a ciphertext of a data block to be queried, and obtaining a required data block, refer to the figure As shown in 5, it includes the following steps:
  • S202.1 Obtain a second key ciphertext from the blockchain, wherein the second key ciphertext is generated by the first node using the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the data block to be queried .
  • the second node monitors the data on the blockchain.
  • the first node uses the second node's public key to encrypt the symmetric key corresponding to the ciphertext of the query data block
  • the second key ciphertext is generated and uploaded to the block After the chain, the second node obtains the second key ciphertext from the blockchain.
  • S202.2 Use the private key of the second node to decrypt the second key ciphertext to obtain the corresponding symmetric key.
  • the second node uses the private key that matches the second node's public key to decrypt the second key ciphertext, and obtains and encrypts the symmetric key used when encrypting the ciphertext of the data block to be queried.
  • S202.3 Use the corresponding symmetric key to decrypt the ciphertext of the data block to be queried to obtain the data block to be queried.
  • the second node decrypts and decrypts the ciphertext of the data block to be queried using the corresponding symmetric key, and finally obtains the data block that it needs to facilitate its own query.
  • a data sender S (ie the first node) and data receivers A and B (ie the second node and the third node).
  • the data sender S, data receiver A, and data receiver B use the RSA algorithm to generate public and private key pairs locally.
  • the data block ciphertext Cipher and its number, and the first key ciphertext Ck are uploaded to the blockchain for storage.
  • the data receiver A receives the ciphertext Cipher of the data block and its number, and wants to know some of the blocks.
  • the number is block x, y (x, y are all less than or equal to n).
  • the data receiver A first uses the public key of the data sender S to encrypt the number (ie x and y) of the ciphertext of the data block of the xth and yth blocks through RSA, generate the numbered ciphertext and sign it, and then store it in the blockchain.
  • the data sender S receives ReqA, decrypts it with its own private key, and obtains the numbers x, y. If the data sender S agrees to the data receiver A's request to view Plainx and Plainy, the corresponding keys AES_KEYx and AES_KEYy are stored in the blockchain.
  • the specific process is:
  • the data receiver B After receiving the Cipher, the data receiver B wants to know some of the blocks. Here, the z-th block is assumed (z is less than or equal to n).
  • the data sender S After receiving the ReqB, the data sender S decrypts it with its own private key to obtain the number z. If the data sender S does not agree with B's request, the response message is stored in the blockchain. Among them, the response message obtained by the data receiver B does not contain AES_KEYz, which means that the data receiver B cannot obtain the required message block.
  • Fig. 6 is a schematic structural diagram of a data transmission device based on a consortium chain shown according to an exemplary embodiment.
  • the device is applied to a first node on a blockchain, where the blockchain does not belong to the structure of the device, so Framed by a dotted line, referring to FIG. 6, the device includes at least:
  • Data segmentation module used to divide data into several data blocks
  • the first encryption module is used to respectively encrypt the plurality of data blocks using different symmetric keys, generate a number of data block ciphertexts and number them, and upload them to the blockchain;
  • the first encryption module is also used to encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
  • the first decryption module is used to decrypt the numbered ciphertext from the blockchain using the private key of the first node to obtain the number of the ciphertext of the data block to be queried of the second node, where the numbered ciphertext is
  • the node uses the public key of the first node to encrypt the number of the ciphertext of the data block to be queried;
  • the first encryption module is also used to encrypt the corresponding symmetric key using the public key of the second node to generate a second key ciphertext;
  • the sending module is used to send the second key ciphertext to the second node through the blockchain.
  • the device further includes:
  • the first generation module is used to generate a symmetric key for each data block.
  • the device further includes:
  • the second generation module is used to locally generate the public key and private key of the first node, and upload the public key of the first node to the blockchain.
  • the first decryption module is further used to decrypt the first key ciphertext obtained from the blockchain using the private key of the first node to obtain the symmetric Key.
  • the first encryption module is also used to encrypt the symmetric key corresponding to the ciphertext of the data block to be queried using the public key of the second node to generate a second key ciphertext.
  • the sending module is also used to generate a query rejection message when the second node is not allowed to query, and send it to the second node through the blockchain.
  • the device may further include:
  • the query module is configured to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the symmetric key.
  • Fig. 7 is a schematic structural diagram of a data transmission device based on a consortium chain according to an exemplary embodiment.
  • the device is applied to a second node on a blockchain, where the blockchain does not belong to the structure of the device, so Framed by a dotted line, referring to FIG. 7, the device includes at least:
  • the second encryption module is used to encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain to generate a numbered ciphertext;
  • the signature module is used to sign the numbered ciphertext and send it to the blockchain;
  • the obtaining module is used to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain;
  • the second decryption module is used to decrypt the ciphertext of the data block to be queried to obtain the required data block.
  • the device further includes:
  • the third generation module is used to locally generate the public key and private key of the second node, and upload the public key of the second node to the blockchain.
  • the apparatus may further include:
  • the receiving module is used to obtain the second key ciphertext from the blockchain, wherein the second key ciphertext is encrypted by the first node using the symmetric key corresponding to the ciphertext of the query data block using the second node's public key generate.
  • the second decryption module is also used to decrypt the second key ciphertext using the private key of the second node to obtain the corresponding symmetric key.
  • the data transmission method and device-based data sharing system based on the alliance chain provided by the embodiments of the present invention can define a block encryption strategy for the first node on the block chain.
  • the first node can be flexible Control the message access strategy and perform fine-grained control, such as only allowing the second node to see specific parts, etc., and the second node needs to be authorized by the first node to view certain blocks in the message, ensuring the controllability of the data ;
  • the data transmission device based on the alliance chain provided by the first and second nodes on the blockchain provided by the above embodiments triggers the data transmission service
  • only the above-mentioned division of each functional module is used as an example to illustrate In actual applications, the above functions can be allocated by different function modules according to needs, that is, the internal structure of the device is divided into different function modules to complete all or part of the functions described above.
  • the above-mentioned embodiment provides the alliance chain-based data transmission device applied to the first node on the blockchain and the alliance chain-based data transmission method embodiment belong to the same concept, and is applied to the second node on the blockchain based on the alliance
  • the chain data transmission device and the alliance chain-based data transmission method embodiment belong to the same concept. For the specific implementation process, refer to the method embodiment, and details are not described here.
  • the program may be stored in a computer-readable storage medium.
  • the mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a consortium blockchain-based data transfer method and device. The method comprises: dividing data into a plurality of data blocks, correspondingly encrypting the data blocks using different symmetric keys to generate a plurality of data block cyphertexts, and numbering the data block cyphertexts and then uploading same to a blockchain; encrypting the symmetric keys using a public key of a first node to generate a first key ciphertext and then uploading the first key ciphertext to the blockchain; decrypting a numbered cyphertext from the blockchain using a private key of the first node to obtain a number of a data block ciphertext to be queried of a second node; and if the second node is allowed to perform querying, encrypting the corresponding symmetric key using a public key of the second node to generate a second key ciphertext, and sending the second key ciphertext to the second node by means of the blockchain, such that the second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key. The present invention ensures the security, controllability, and restorability of data, and improves the encryption/decryption efficiency.

Description

一种基于联盟链的数据传递方法及装置Data transmission method and device based on alliance chain 技术领域Technical field
本发明涉及区块链技术领域,特别涉及一种基于联盟链的数据传递方法以及装置。The invention relates to the field of blockchain technology, in particular to a data transmission method and device based on alliance chain.
背景技术Background technique
区块链是一种将分布式数据存储、点对点传输、共识机制、加密算法等计算机技术融合起来的新型应用模式。根据区块链网络中心化程度的不同,分化出3种不同应用场景下的区块链:Blockchain is a new application model that integrates computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms. According to the degree of centralization of the blockchain network, three different application scenarios of blockchains are differentiated:
1、全网公开,无用户授权机制的区块链,称为公有链;1. The whole network is open, and the blockchain without user authorization mechanism is called public chain;
2、允许授权的节点加入网络,可根据权限查看信息,往往被用于机构间的区块链,称为联盟链;2. Allow authorized nodes to join the network and view information according to permissions. It is often used in inter-institutional blockchains, called alliance chains;
3、所有网络中的节点都掌握在一家机构手中,称为私有链。3. All the nodes in the network are in the hands of an institution, called a private chain.
从目前来说,联盟链更有实践意义和商业前景。它可以更好的发挥互联网的互联互通,共享信息的作用。但是随着联盟链的应用场景逐渐丰富,对于数据的传递的安全性,私密性的要求也越来越高。For now, the alliance chain has more practical significance and business prospects. It can better play the role of Internet interconnection and sharing information. However, as the application scenarios of the alliance chain are gradually enriched, the requirements for the security of data transmission and privacy are becoming higher and higher.
目前,联盟通道内的数据传递主要采用消息整体加密传输技术,涉及的具体技术包括对称加密、非对称加密以及数字签名验证等。其中:At present, the data transmission in the alliance channel mainly adopts the overall message encryption transmission technology, and the specific technologies involved include symmetric encryption, asymmetric encryption, and digital signature verification. among them:
对称加密技术:加密和解密使用相同的密钥。Symmetric encryption technology: the same key is used for encryption and decryption.
非对称加密技术:创建密钥对,不公开的密钥称为私钥,公开的密钥称为公钥。公钥对数据进行加密,对应的私钥进行解密。Asymmetric encryption technology: create a key pair, the undisclosed key is called a private key, and the public key is called a public key. The public key encrypts the data, and the corresponding private key decrypts it.
数字签名验证技术:将非对称密钥加密技术与数字摘要技术结合使用。创建密钥对,私钥对数字摘要进行数字签名,对应的公钥进行验证。Digital signature verification technology: the use of asymmetric key encryption technology and digital digest technology. Create a key pair, private key digitally sign the digital digest, and verify the corresponding public key.
但是上述方法存在以下问题:一方面,对数据进行整体加解密,接收方获得密钥后只能够查看整个消息,发送方无法进行细粒度的控制,比如只让接收方看到特定的部分;另一方面,对称加密具有速度快,效率高的优点,但是网络传输密钥安全性不太高,而非对称加密具有安全性高的优点,但是加解密速度较慢。However, the above method has the following problems: on the one hand, the data is encrypted and decrypted as a whole, and the receiver can only view the entire message after obtaining the key, and the sender cannot perform fine-grained control, such as only allowing the receiver to see specific parts; On the one hand, symmetric encryption has the advantages of high speed and high efficiency, but the network transmission key security is not very high, and asymmetric encryption has the advantage of high security, but the encryption and decryption speed is slow.
发明内容Summary of the invention
为了解决现有技术的问题,本发明实施例提供了一种基于联盟链的数据传递方法及装置,以克服现有技术中整体加解密,接收方获得密钥后只能够查看整个消息,发送方无法进行细粒度的控制(比如只让接收方看到特定的部分),对称加密技术中网络传输密钥安全性不太高以及非对称加密技术中加解密速度慢等问题。In order to solve the problems of the prior art, the embodiments of the present invention provide a data transmission method and device based on the alliance chain, to overcome the overall encryption and decryption in the prior art, the receiver can only view the entire message after obtaining the key, and the sender There is no fine-grained control (for example, only the receiver sees a specific part), the security of network transmission keys in symmetric encryption technology is not very high, and the speed of encryption and decryption in asymmetric encryption technology is slow.
为解决上述技术问题,本发明采用的技术方案是:In order to solve the above technical problems, the technical solutions adopted by the present invention are:
第一方面,提供了一种基于联盟链的数据传递方法,所述方法应用于区块链上的第一节点,所述方法包括如下步骤:In the first aspect, a data transmission method based on a consortium chain is provided. The method is applied to a first node on a blockchain. The method includes the following steps:
将数据分成若干数据块,使用不同的对称密钥对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链;Divide the data into several data blocks, use different symmetric keys to correspondingly encrypt the several data blocks, generate several data block ciphertexts and number them, and upload them to the blockchain;
使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链;Encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节点使用第一节点的公钥对待查询数据块密文的编号进行加密生成;Use the private key of the first node to decrypt the numbered ciphertext from the blockchain to obtain the number of the ciphertext of the data block to be queried by the second node, where the second node uses the first node’s public key The key encrypts the number of the ciphertext of the data block to be queried;
当允许所述第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过所述区块链发送至第二节点,以使所述第二节点使用自己的私钥对所述第二密钥密文进行解密获取相应的对称密钥。When the second node is allowed to query, the public key of the second node is used to encrypt the corresponding symmetric key, a second key ciphertext is generated, and sent to the second node through the blockchain, so that all The second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key.
进一步的,所述将数据分成若干数据块,使用不同的对称密钥分别对应加 密所述数据块,生成若干数据块密文并编号后上传至所述区块链具体包括:Further, the dividing the data into several data blocks, respectively encrypting the data blocks using different symmetric keys, generating and ciphering a number of data blocks and uploading to the blockchain after numbering specifically include:
根据数据中信息的类型将所述数据分成若干数据块;Divide the data into several data blocks according to the type of information in the data;
对应每个数据块均生成一个对称密钥;A symmetric key is generated for each data block;
分别使用所述对称密钥对相应的数据块进行加密,生成数据块密文并编号后上传至区块链。The corresponding data blocks are encrypted using the symmetric keys respectively, and the ciphertext of the data blocks is generated and numbered and uploaded to the blockchain.
进一步的,所述使用第一节点的公钥对所述对称密钥进行加密前还包括:Further, before encrypting the symmetric key using the public key of the first node, the method further includes:
在本地生成第一节点的公钥和私钥,并将所述第一节点的公钥上传至区块链。Generate the public key and private key of the first node locally, and upload the public key of the first node to the blockchain.
进一步的,所述当允许所述第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过所述区块链发送至第二节点具体包括:Further, when the second node is allowed to query, the corresponding symmetric key is encrypted using the public key of the second node, a second key ciphertext is generated, and sent to the second through the blockchain The nodes specifically include:
使用所述第一节点的私钥对从区块链上获取的所述第一密钥密文进行解密,获取所述对称密钥;Decrypt the first key ciphertext obtained from the blockchain using the private key of the first node to obtain the symmetric key;
从所述对称密钥中获取所述待查询数据块密文对应的对称密钥;Obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the symmetric key;
使用第二节点的公钥对所述待查询数据块密文对应的对称密钥进行加密,生成第二密钥密文;Encrypt the symmetric key corresponding to the ciphertext of the data block to be queried using the public key of the second node to generate a second key ciphertext;
通过所述区块链将第二密钥密文发送至第二节点。The second key ciphertext is sent to the second node through the blockchain.
进一步的,当不允许所述第二节点查询时,则生成查询拒绝消息,并通过所述区块链发送至第二节点。Further, when the second node is not allowed to query, a query rejection message is generated and sent to the second node through the blockchain.
第二方面,提供了一种基于联盟链的数据传递方法,所述方法应用于区块链上的第二节点,所述方法包括如下步骤:In a second aspect, a data transmission method based on a consortium chain is provided. The method is applied to a second node on a blockchain. The method includes the following steps:
当不允许所述第二节点查询时,则生成查询拒绝消息,并通过所述区块链发送至第二节点。When the second node is not allowed to query, a query rejection message is generated and sent to the second node through the blockchain.
进一步的,所述从区块链上获取待查询数据块密文对应的对称密钥前还包括:Further, before obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, the method further includes:
在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块 链。Generate the public key and private key of the second node locally, and upload the public key of the second node to the blockchain.
进一步的,所述从区块链上获取待查询数据块密文对应的对称密钥,对所述待查询数据块密文进行解密,获取所需要的数据块具体包括:Further, the obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, decrypting the ciphertext of the data block to be queried, and obtaining the required data block specifically includes:
从区块链上获取第二密钥密文,其中所述第二密钥密文由第一节点使用第二节点的公钥对待查询数据块密文对应的对称密钥加密生成;Obtain a second key ciphertext from the blockchain, where the second key ciphertext is generated by the first node using the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the query data block;
使用所述第二节点的私钥对所述第二密钥密文进行解密,获取相应的对称密钥;Decrypt the second key ciphertext using the private key of the second node to obtain the corresponding symmetric key;
使用所述相应的对称密钥对所述待查询的数据块密文进行解密,获取所需要查询的数据块。Use the corresponding symmetric key to decrypt the ciphertext of the data block to be queried to obtain the data block to be queried.
第三方面,提供了一种基于联盟链的数据传递装置,所述装置应用于区块链上的第一节点,所述装置至少包括:In a third aspect, a data transmission device based on a consortium chain is provided. The device is applied to a first node on a blockchain. The device includes at least:
数据分割模块,用于将数据分成若干数据块;Data segmentation module, used to divide data into several data blocks;
第一加密模块,用于使用不同的对称密钥分别对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链;The first encryption module is used to respectively encrypt the plurality of data blocks using different symmetric keys, generate a number of data block ciphertexts and number them, and upload them to the blockchain;
所述第一加密模块还用于使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链;The first encryption module is also used to encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
第一解密模块,用于使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节点使用第一节点的公钥对待查询数据块密文的编号进行加密生成;The first decryption module is used to decrypt the numbered ciphertext from the blockchain using the private key of the first node to obtain the number of the ciphertext of the data block to be queried of the second node, where the numbered ciphertext is The node uses the public key of the first node to encrypt the number of the ciphertext of the data block to be queried;
所述第一加密模块还用于使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文;The first encryption module is also used to encrypt the corresponding symmetric key using the public key of the second node to generate a second key ciphertext;
发送模块,用于将第二密钥密文通过所述区块链发送至第二节点。The sending module is used to send the second key ciphertext to the second node through the blockchain.
进一步的,所述装置还包括:Further, the device further includes:
第一生成模块,用于对应每个数据块均生成一个对称密钥。The first generation module is used to generate a symmetric key for each data block.
进一步的,所述装置还包括:Further, the device further includes:
第二生成模块,用于在本地生成第一节点的公钥和私钥,并将所述第一节 点的公钥上传至区块链。The second generation module is used to locally generate the public key and private key of the first node, and upload the public key of the first node to the blockchain.
第四方面,提供了一种基于联盟链的数据传递装置,所述装置应用于区块链上的第二节点,所述装置至少包括:According to a fourth aspect, a data transmission device based on a consortium chain is provided. The device is applied to a second node on a blockchain. The device includes at least:
第二加密模块,用于使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号进行加密,生成编号密文;The second encryption module is used to encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain to generate a numbered ciphertext;
签名模块,用于对所述编号密文签名后发送至区块链;The signature module is used to sign the numbered ciphertext and send it to the blockchain;
获取模块,用于从区块链上获取待查询数据块密文对应的对称密钥;The obtaining module is used to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain;
第二解密模块,用于对所述待查询数据块密文进行解密,获取所需要的数据块。The second decryption module is used to decrypt the ciphertext of the data block to be queried to obtain the required data block.
进一步的,所述装置还包括:Further, the device further includes:
第三生成模块,用于在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块链。The third generation module is used to locally generate the public key and private key of the second node, and upload the public key of the second node to the blockchain.
本发明实施例提供的技术方案带来的有益效果是:The beneficial effects brought by the technical solutions provided by the embodiments of the present invention are:
1、本发明实施例提供的基于联盟链的数据传递方法及装置数据共享系统的区块链上的第一节点可以自定义分块加密策略,通过分块加密的方法,第一节点可以灵活的控制消息访问策略,进行细粒度的控制,比如只让第二节点看到特定的部分等,且第二节点查看消息中的某些块需要经过第一节点的授权,保证了数据的可控性;1. The data transmission method and device-based data sharing system based on the alliance chain provided by the embodiments of the present invention can define a block encryption strategy for the first node on the block chain. Through the block encryption method, the first node can be flexible Control the message access strategy and perform fine-grained control, such as only allowing the second node to see specific parts, etc., and the second node needs to be authorized by the first node to view certain blocks in the message, ensuring the controllability of the data ;
2、本发明实施例提供的基于联盟链的数据传递方法及装置,通过使用对称加密算法对消息进行分块加密,使用非对称加密算法对对称密钥进行加密,保证数据安全性的同时也尽量提高加解密的效率;2. The data transmission method and device based on the alliance chain provided by the embodiments of the present invention, by using a symmetric encryption algorithm to encrypt the message in blocks, and using an asymmetric encryption algorithm to encrypt the symmetric key to ensure data security while also trying to Improve the efficiency of encryption and decryption;
3、本发明实施例提供的基于联盟链的数据传递方法及装置,通过将数据加密后存储在区块链上,除非经过授权,否则其他人无法对数据进行解密,且将数据分块加密后进行传递时,存储在区块链上的都是加密后的数据,保证了数据的安全性,私密性;3. The data transmission method and device based on the alliance chain provided by the embodiments of the present invention, by encrypting the data and storing it on the blockchain, unless authorized, no one else can decrypt the data and encrypt the data in blocks When transferring, the encrypted data is stored on the blockchain, ensuring the security and privacy of the data;
4、本发明实施例提供的基于联盟链的数据传递方法及装置,所有对称密钥 都是临时生成保存在区块链上,只要本地的非对称私钥不丢失,可以很方便从区块链上再次解密,保证了数据的可恢复性。4. The data transmission method and device based on the alliance chain provided in the embodiments of the present invention, all symmetric keys are temporarily generated and stored on the blockchain, as long as the local asymmetric private key is not lost, it can be easily removed from the blockchain It is decrypted again to ensure the recoverability of the data.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present invention, the drawings required in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the invention For those of ordinary skill in the art, without paying any creative work, other drawings can be obtained based on these drawings.
图1是根据一示例性实施例示出的基于联盟链的数据传递方法的流程图;Fig. 1 is a flow chart showing a data transmission method based on alliance chain according to an exemplary embodiment;
图2是根据一示例性实施例示出的将数据分成若干数据块,使用不同的对称密钥对应加密数据块,生成若干数据块密文并编号后上传至区块链的流程图;Fig. 2 is a flow chart showing dividing data into several data blocks according to an exemplary embodiment, using different symmetric keys to correspondingly encrypt data blocks, generating several data block ciphertexts and numbering them, and uploading them to the blockchain;
图3是根据一示例性实施例示出的当允许第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过区块链发送至第二节点的流程图;Fig. 3 shows that when a second node is allowed to query, the corresponding symmetric key is encrypted using the second node's public key to generate a second key ciphertext and sent to the Flow chart of the second node;
图4是根据一示例性实施例示出的基于联盟链的数据传递方法的流程图;Fig. 4 is a flow chart showing a data transmission method based on alliance chain according to an exemplary embodiment;
图5是根据一示例性实施例示出的从区块链上获取待查询数据块密文对应的对称密钥,对待查询数据块密文进行解密,获取所需要的数据块的流程图;Fig. 5 is a flowchart illustrating obtaining a symmetric key corresponding to a ciphertext of a data block to be queried from a blockchain according to an exemplary embodiment, decrypting the ciphertext of a data block to be queried, and obtaining a required data block;
图6是根据一示例性实施例示出的基于联盟链的数据传递装置的结构示意图;Fig. 6 is a schematic structural diagram of an alliance chain-based data transmission device according to an exemplary embodiment;
图7是根据一示例性实施例示出的基于联盟链的数据传递装置的结构示意图。Fig. 7 is a schematic structural diagram of a data transmission device based on a consortium chain according to an exemplary embodiment.
具体实施方式detailed description
为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中 的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。To make the objectives, technical solutions, and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be described clearly and completely in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are merely Some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
图1是根据一示例性实施例示出的基于联盟链的数据传递方法的流程图,所述方法应用于区块链上的第一节点,参照图1所示,所述方法包括如下步骤:Fig. 1 is a flowchart of a data transmission method based on an alliance chain according to an exemplary embodiment. The method is applied to a first node on a blockchain. Referring to Fig. 1, the method includes the following steps:
S101:将数据分成若干数据块,使用不同的对称密钥对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链。S101: Divide the data into several data blocks, use different symmetric keys to correspondingly encrypt the several data blocks, generate and number several data block ciphertexts, and upload them to the blockchain.
具体的,第一节点(即数据发送方)可根据业务需求将数据(即明文消息)分成若干数据块,临时生成对称密钥,使用对称密钥分别对数据块进行加密,生成若干个第一加密数据块,其中每个数据块对应一个对称密钥,且所有对称密钥均不相同,然后对这若干个第一加密数据块依次进行编号后,将这若干个第一加密数据块及其编号上传至区块链保存。这里需要说明的是,对数据块进行加密的对称密钥还可以为同一个。Specifically, the first node (that is, the data sender) can divide the data (that is, the plain text message) into several data blocks according to business needs, temporarily generate a symmetric key, and use the symmetric key to encrypt the data blocks respectively to generate several first Encrypted data blocks, where each data block corresponds to a symmetric key, and all symmetric keys are different, and then the number of the first encrypted data blocks are sequentially numbered, the number of the first encrypted data blocks and their The number is uploaded to the blockchain for storage. It should be noted here that the symmetric key used to encrypt the data block may also be the same.
S102:使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链。S102: Use the public key of the first node to encrypt the symmetric key, generate the first key ciphertext, and upload it to the blockchain.
进一步的,在使用第一节点的公钥对所述对称密钥进行加密前,第一节点在本地生成第一节点的公钥和私钥,并将所述第一节点的公钥上传至区块链。Further, before encrypting the symmetric key using the public key of the first node, the first node locally generates the public key and private key of the first node, and uploads the public key of the first node to the zone Blockchain.
具体的,第一节点先将对称密钥使用第一节点的公钥进行加密后生成第一密钥密文,然后将第一密钥密文上传至区块链保存。由于所有对称密钥都是临时生成的,且使用第一节点的公钥将其加密后保存在区块链上,只要本地的非对称私钥不丢失,就可以很方便从区块链上再次解密,保证了数据的可恢复性。且将对称密钥加密后保存至区块链上,可以避免因本地节点失效而导致对称密钥丢失。另外,将第一节点的公钥上传至区块链,可以方便与区块链中其他用户共享。Specifically, the first node first encrypts the symmetric key using the public key of the first node to generate the first key ciphertext, and then uploads the first key ciphertext to the blockchain for storage. Since all symmetric keys are temporarily generated and encrypted using the public key of the first node and stored on the blockchain, as long as the local asymmetric private key is not lost, it can be easily recovered from the blockchain Decryption ensures the recoverability of the data. And the symmetric key is encrypted and stored on the blockchain, which can avoid the loss of the symmetric key due to the failure of the local node. In addition, uploading the public key of the first node to the blockchain can be easily shared with other users in the blockchain.
S103:使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节点使用第一节点的公钥对待查询数据块密文的编号进行加密生成。S103: Use the private key of the first node to decrypt the numbered ciphertext from the blockchain to obtain the number of the ciphertext of the data block to be queried of the second node, where the second node uses the first node The public key of is encrypted by the number of the ciphertext of the data block to be queried.
具体的,第一节点(即数据发送方)监听着区块链中的数据,当接收到签名后的编号密文后,先使用自己的私钥对其解密,获取第二节点(即数据接收方)想要查询的数据块密文的编号(即待查询数据块密文的编号)。Specifically, the first node (that is, the data sender) listens to the data in the blockchain. After receiving the signed numbered ciphertext, it first decrypts it with its own private key to obtain the second node (that is, data reception Square) The number of the ciphertext of the data block that you want to query (that is, the number of the ciphertext of the data block to be queried).
S104:当允许所述第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过所述区块链发送至第二节点,以使所述第二节点使用自己的私钥对所述第二密钥密文进行解密获取相应的对称密钥。S104: When allowing the second node to query, encrypt the corresponding symmetric key using the public key of the second node, generate a second key ciphertext, and send it to the second node through the blockchain, to The second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key.
具体的,若是第一节点同意第二节点查询上述待查询数据块密文,则将加密待查询数据块密文时使用的对称密钥上传至区块链,上传前,使用从区块链上获取的第二节点的公钥对相应的对称密钥加密,生成第二密钥密文后再上传至区块链Specifically, if the first node agrees to the second node to query the ciphertext of the data block to be queried, the symmetric key used to encrypt the ciphertext of the data block to be queried is uploaded to the blockchain. The obtained public key of the second node encrypts the corresponding symmetric key, generates the second key ciphertext, and uploads it to the blockchain
图2是根据一示例性实施例示出的将数据分成若干数据块,使用不同的对称密钥对应加密数据块,生成若干数据块密文并编号后上传至区块链的流程图,参照图2所示,其包括如下步骤:Fig. 2 is a flow chart showing dividing data into several data blocks according to an exemplary embodiment, using different symmetric keys to encrypt data blocks, generating a number of data block ciphertexts and uploading to the blockchain after numbering, refer to Fig. 2 As shown, it includes the following steps:
S101.1:根据数据中信息的类型将所述数据分成若干数据块。S101.1: Divide the data into several data blocks according to the type of information in the data.
具体的,第一节点(即数据发送方)可根据业务需求,灵活的将数据(即消息)分为多个数据块。比如,一个消息中包含用户名、手机号、邮箱地址三种信息,发送终端可以将该消息分为3个块。Specifically, the first node (that is, the data sender) can flexibly divide the data (that is, the message) into multiple data blocks according to service requirements. For example, a message contains three types of information: user name, mobile phone number, and email address. The sending terminal can divide the message into 3 blocks.
S101.2:对应每个数据块均生成一个对称密钥。S101.2: A symmetric key is generated for each data block.
具体的,第一节点遍历上述若干个数据块,对应每个数据块均生成一个对称密钥,也就是说对称密钥可以是临时生成的。Specifically, the first node traverses the foregoing several data blocks, and a symmetric key is generated for each data block, that is, the symmetric key may be temporarily generated.
S101.3:分别使用所述对称密钥对相应的数据块进行加密,生成数据块密文并编号后上传至区块链。S101.3: Use the symmetric keys to encrypt the corresponding data blocks, generate and ciphertext the data blocks, and upload them to the blockchain.
具体的,分别使用不同对称密钥对相应的数据块进行加密,生成第一加密数据块,依次对第一加密数据块编号后将第一加密数据块及其编号上传至区块链保存,即不同的数据块使用的对称密钥也不相同。Specifically, different symmetric keys are used to encrypt the corresponding data blocks to generate the first encrypted data block, the first encrypted data block is sequentially numbered, and then the first encrypted data block and its number are uploaded to the blockchain for storage, that is Different data blocks use different symmetric keys.
图3是根据一示例性实施例示出的当允许第二节点查询时,使用第二节点 的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过区块链发送至第二节点的流程图,参照图3所示,其包括如下步骤:Fig. 3 shows that when a second node is allowed to query, the corresponding symmetric key is encrypted using the second node's public key to generate a second key ciphertext and sent to the The flowchart of the second node, referring to FIG. 3, includes the following steps:
S104.1:使用所述第一节点的私钥对从区块链上获取的所述第一密钥密文进行解密,获取所述对称密钥。S104.1: Use the private key of the first node to decrypt the first key ciphertext obtained from the blockchain to obtain the symmetric key.
具体的,若是第一节点同意第二节点的的查询请求,则第一节点先从区块链上获取第一密钥密文,使用自己本身的私钥对其进行解密,获取所有的对称密钥。Specifically, if the first node agrees to the query request of the second node, the first node first obtains the first key ciphertext from the blockchain, decrypts it using its own private key, and obtains all symmetric passwords key.
S104.2:从所述对称密钥中获取所述待查询数据块密文对应的对称密钥;S104.2: Obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the symmetric key;
具体的,第一节点可以根据待查询数据块密文的编号或其他方式对对称密钥进行查询,从中获取到与待查询数据块密文相对应的对称密钥。Specifically, the first node may query the symmetric key according to the number of the ciphertext of the data block to be queried or other methods, and obtain the symmetric key corresponding to the ciphertext of the data block to be queried from it.
S104.3:使用第二节点的公钥对所述待查询数据块密文对应的对称密钥进行加密,生成第二密钥密文;S104.3: Use the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the data block to be queried to generate a second key ciphertext;
具体的,第一节点从区块链上获取第二节点共享的第二节点的公钥,然后使用第二节点的公钥对待查询数据块密文对应的对称密钥进行加密,生成第二钥密文。Specifically, the first node obtains the public key of the second node shared by the second node from the blockchain, and then uses the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the query data block to generate the second key Ciphertext.
S104.4:通过所述区块链将第二密钥密文发送至第二节点。S104.4: Send the second key ciphertext to the second node through the blockchain.
具体的,第二节点监听着区块链中的数据,当第一节点将第二钥密文上传至区块链后,第二节点从区块链获取第二密钥密文。Specifically, the second node monitors the data in the blockchain. After the first node uploads the second key ciphertext to the blockchain, the second node obtains the second key ciphertext from the blockchain.
在本发明另一示例性实施例中,该方法还包括:In another exemplary embodiment of the present invention, the method further includes:
当不允许所述第二节点查询时,则生成查询拒绝消息,并通过所述区块链发送至第二节点。When the second node is not allowed to query, a query rejection message is generated and sent to the second node through the blockchain.
具体的,拒绝消息中不包含加密待查询数据块密文时使用的对称密钥,因此,第二节点无法获得需要查询的数据块。Specifically, the rejection message does not include the symmetric key used when encrypting the ciphertext of the data block to be queried, so the second node cannot obtain the data block to be queried.
图4是根据一示例性实施例示出的基于联盟链的数据传递方法的流程图,所述方法应用于区块链上的第二节点,参照图4所示,所述方法包括如下步骤:Fig. 4 is a flowchart of a data transmission method based on a consortium chain according to an exemplary embodiment. The method is applied to a second node on a blockchain. Referring to Fig. 4, the method includes the following steps:
S201:使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号 进行加密,生成编号密文,对所述编号密文签名后发送至区块链。S201: Encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain, generate a numbered ciphertext, sign the numbered ciphertext, and send it to the blockchain.
具体的,第二节点(即数据接收方)监听区块链中的数据,当接收到数据块密文时,想要查询其中的某些数据块,第二节点会使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号进行加密,生成编号密文,并对编号密文签名后发送至区块链中。这里需要说明的是,将待查询数据块密文的编号加密后发送至区块链中,而不是将待查询数据块密文加密后发送至区块链中,一方面可以减轻数据传送的负担,另一方面,可以对第二节点想要查询的数据块进行保密,防止区块链中其他节点获取该信息。此外,对编号密文进行签名可以方便第一节点对第二节点进行身份认证,判断是否同意第二节点对相应数据块的查询请求。Specifically, the second node (that is, the data receiver) listens to the data in the blockchain. When receiving the ciphertext of the data block, if you want to query some of the data blocks, the second node will use the data obtained from the blockchain The first node's public key encrypts the number of the ciphertext of the query data block, generates a numbered ciphertext, signs the numbered ciphertext, and sends it to the blockchain. It should be noted here that encrypting the number of the ciphertext of the data block to be queried and sending it to the blockchain, instead of encrypting the ciphertext of the data block to be queried and sending it to the blockchain, on the one hand, it can reduce the burden of data transmission On the other hand, the data block that the second node wants to query can be kept secret to prevent other nodes in the blockchain from obtaining the information. In addition, signing the numbered ciphertext can facilitate the first node to perform identity authentication on the second node and determine whether to approve the second node's query request for the corresponding data block.
S202:从区块链上获取待查询数据块密文对应的对称密钥,对所述待查询数据块密文进行解密,获取所需要的数据块。S202: Obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, decrypt the ciphertext of the data block to be queried, and obtain the required data block.
进一步的,在从区块链上获取待查询数据块密文对应的对称密钥前,在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块链。Further, before obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, the public key and the private key of the second node are generated locally, and the public key of the second node is uploaded to the block chain.
图5是根据一示例性实施例示出的从区块链上获取待查询数据块密文对应的对称密钥,对待查询数据块密文进行解密,获取所需要的数据块的流程图,参照图5所示,其包括如下步骤:Fig. 5 is a flowchart illustrating obtaining a symmetric key corresponding to a ciphertext of a data block to be queried from a blockchain according to an exemplary embodiment, decrypting a ciphertext of a data block to be queried, and obtaining a required data block, refer to the figure As shown in 5, it includes the following steps:
S202.1:从区块链上获取第二密钥密文,其中所述第二密钥密文由第一节点使用第二节点的公钥对待查询数据块密文对应的对称密钥加密生成。S202.1: Obtain a second key ciphertext from the blockchain, wherein the second key ciphertext is generated by the first node using the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the data block to be queried .
具体的,第二节点监听区块链上的数据,当第一节点使用第二节点的公钥对待查询数据块密文对应的对称密钥加密,生成第二密钥密文并上传至区块链后,第二节点从区块链上获取第二密钥密文,。Specifically, the second node monitors the data on the blockchain. When the first node uses the second node's public key to encrypt the symmetric key corresponding to the ciphertext of the query data block, the second key ciphertext is generated and uploaded to the block After the chain, the second node obtains the second key ciphertext from the blockchain.
S202.2:使用所述第二节点的私钥对所述第二密钥密文进行解密,获取相应的对称密钥。S202.2: Use the private key of the second node to decrypt the second key ciphertext to obtain the corresponding symmetric key.
具体的,第二节点使用与第二节点的公钥相匹配私钥对第二密钥密文进行解密,获取与加密待查询数据块密文时使用的对称密钥。Specifically, the second node uses the private key that matches the second node's public key to decrypt the second key ciphertext, and obtains and encrypts the symmetric key used when encrypting the ciphertext of the data block to be queried.
S202.3:使用所述相应的对称密钥对所述待查询的数据块密文进行解密,获取所需要查询的数据块。S202.3: Use the corresponding symmetric key to decrypt the ciphertext of the data block to be queried to obtain the data block to be queried.
具体的,第二节点使用相应的对称密钥对待查询的数据块密文进行解密进行解密,最终获取到自己所需要的数据块,方便自己查询。Specifically, the second node decrypts and decrypts the ciphertext of the data block to be queried using the corresponding symmetric key, and finally obtains the data block that it needs to facilitate its own query.
以下为一示例性的举例,以方便理解本发明实施例提供的基于联盟链的数据传递方法传递数据的具体过程:The following is an exemplary example to facilitate understanding of the specific process of transferring data by the data transmission method based on the alliance chain provided by the embodiment of the present invention:
假设有一数据发送方S(即第一节点),数据接收方A和B(即第二节点和第三节点)。数据发送方S、数据接收方A和数据接收方B使用RSA算法分别在本地生成公私钥对。Suppose there is a data sender S (ie the first node) and data receivers A and B (ie the second node and the third node). The data sender S, data receiver A, and data receiver B use the RSA algorithm to generate public and private key pairs locally.
数据发送方S先根据具体业务需求将明文消息Plain(即数据)分成n块,即Plain=Plain[1,2,…n]。然后对每个数据块进行加密并编号。循环遍历Plain数组,对于每个Plain元素均使用AES算法临时生成一个AES_KEY(即对称密钥),即Ci=AES_encrypt(Pi,AES_KEY)。使用AES_KEY对该元素进行对称加密得到密文(即数据块密文)并编号,再将密文添加到密文数组中,即Cipher=[C1,C2,…Cn]。并且数据发送方S用自己的RSA公钥对这n个AES_KEY加密,生成第一密钥密文Ck=RSA_encrypt(AES_KEY,Pub_S)。最后将数据块密文Cipher及其编号、第一密钥密文Ck都上传至区块链中保存。The data sender S first divides the plain text message Plain (that is, data) into n blocks according to specific service requirements, that is, Plain=Plain[1,2,...n]. Then encrypt and number each data block. Loop through the Plain array, and use the AES algorithm to temporarily generate an AES_KEY (that is, symmetric key) for each Plain element, that is, Ci=AES_encrypt(Pi, AES_KEY). Use AES_KEY to symmetrically encrypt the element to obtain the ciphertext (ie, the data block ciphertext) and number it, and then add the ciphertext to the ciphertext array, that is, Cipher=[C1, C2,...Cn]. And the data sender S encrypts the n AES_KEYs with its own RSA public key to generate the first key ciphertext Ck=RSA_encrypt(AES_KEY, Pub_S). Finally, the data block ciphertext Cipher and its number, and the first key ciphertext Ck are uploaded to the blockchain for storage.
数据接收方A接收到数据块密文Cipher及其编号,想要知道其中的某些块,此处假设编号为第x,y块(x,y均小于或等于n)。数据接收方A先使用数据发送方S的公钥将第x,y块数据块密文的编号(即x和y)经过RSA加密,生成编号密文并签名后存入区块链中,即将ReqA=RSA_encrypt((x,y),Pub_S)存入区块链中。The data receiver A receives the ciphertext Cipher of the data block and its number, and wants to know some of the blocks. Here, it is assumed that the number is block x, y (x, y are all less than or equal to n). The data receiver A first uses the public key of the data sender S to encrypt the number (ie x and y) of the ciphertext of the data block of the xth and yth blocks through RSA, generate the numbered ciphertext and sign it, and then store it in the blockchain. ReqA=RSA_encrypt((x, y), Pub_S) is stored in the blockchain.
数据发送方S接收到ReqA,用自己的私钥进行解密,获得编号x,y。若数据发送方S同意数据接收方A查看Plain x,Plain y的请求,则将对应密钥AES_KEYx,AES_KEYy存入区块链。具体过程为:The data sender S receives ReqA, decrypts it with its own private key, and obtains the numbers x, y. If the data sender S agrees to the data receiver A's request to view Plainx and Plainy, the corresponding keys AES_KEYx and AES_KEYy are stored in the blockchain. The specific process is:
从区块链中查询到Ck,并使用自己的私钥解密,获取所有对称密钥: AES_KEY=RSA_decrypt(Ck,Priv_S)。从AES_KEY中取出第x,y的AES_KEY,然后使用数据接收方A的公钥加密成第二密钥密文RespA,其中RespA=RSA_encrypt((AES_KEYx,AES_KEYy),Pub_A)。Ck is queried from the blockchain and decrypted using its own private key to obtain all symmetric keys: AES_KEY=RSA_decrypt(Ck, Priv_S). Take the x, y AES_KEY from AES_KEY, and then use the public key of the data receiver A to encrypt into the second key ciphertext RespA, where RespA=RSA_encrypt((AES_KEYx, AES_KEYy), Pub_A).
数据接收方A接收到RespA就,先使用数据接收方A的私钥将其解密,获得AES_KEYx,AES_KEYy,即:(AES_KEYx,AES_KEYy)=RSA_decrypt(RespA,Priv_A)。然后数据接收方A根据获得的密钥,对密文解密,获得所需的消息块。即:When data receiver A receives RespA, it first decrypts data receiver A's private key to obtain AES_KEYx, AES_KEYy, that is: (AES_KEYx, AES_KEYy) = RSA_decrypt(RespA, Priv_A). Then the data receiver A decrypts the ciphertext according to the obtained key to obtain the required message block. which is:
Plainx=AES_decrypt(Cx,AES_KEYx)Plainx=AES_decrypt(Cx, AES_KEYx)
Plainy=AES_decrypt(Cy,AES_KEYy)Plainy=AES_decrypt(Cy, AES_KEYy)
另外,数据接收方B接收到Cipher后,想要知道其中的某些块,此处假设为第z块(z小于或等于n)。数据接收方B使用数据发送方S的公钥将z经过RSA加密,并签名后存入区块链。即:ReqB=RSA_encrypt((z),Pub_S)。In addition, after receiving the Cipher, the data receiver B wants to know some of the blocks. Here, the z-th block is assumed (z is less than or equal to n). The data receiver B uses the public key of the data sender S to encrypt z by RSA, and then signs it and stores it in the blockchain. That is: ReqB=RSA_encrypt((z), Pub_S).
数据发送方S接收到ReqB后,用自己的私钥进行解密,获得编号z。若数据发送方S不同意B的请求,则将响应消息存入区块链中。其中,数据接收方B获得的响应消息里面不包含AES_KEYz,也就是说数据接收方B无法获得所需消息块。After receiving the ReqB, the data sender S decrypts it with its own private key to obtain the number z. If the data sender S does not agree with B's request, the response message is stored in the blockchain. Among them, the response message obtained by the data receiver B does not contain AES_KEYz, which means that the data receiver B cannot obtain the required message block.
图6是根据一示例性实施例示出的基于联盟链的数据传递装置的结构示意图,所述装置应用于区块链上的第一节点,其中,区块链不属于该装置的结构,因此用虚线框出,参照图6所示,该装置至少包括:Fig. 6 is a schematic structural diagram of a data transmission device based on a consortium chain shown according to an exemplary embodiment. The device is applied to a first node on a blockchain, where the blockchain does not belong to the structure of the device, so Framed by a dotted line, referring to FIG. 6, the device includes at least:
数据分割模块,用于将数据分成若干数据块;Data segmentation module, used to divide data into several data blocks;
第一加密模块,用于使用不同的对称密钥分别对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链;The first encryption module is used to respectively encrypt the plurality of data blocks using different symmetric keys, generate a number of data block ciphertexts and number them, and upload them to the blockchain;
所述第一加密模块还用于使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链;The first encryption module is also used to encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
第一解密模块,用于使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节 点使用第一节点的公钥对待查询数据块密文的编号进行加密生成;The first decryption module is used to decrypt the numbered ciphertext from the blockchain using the private key of the first node to obtain the number of the ciphertext of the data block to be queried of the second node, where the numbered ciphertext is The node uses the public key of the first node to encrypt the number of the ciphertext of the data block to be queried;
所述第一加密模块还用于使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文;The first encryption module is also used to encrypt the corresponding symmetric key using the public key of the second node to generate a second key ciphertext;
发送模块,用于将第二密钥密文通过所述区块链发送至第二节点。The sending module is used to send the second key ciphertext to the second node through the blockchain.
进一步的,所述装置还包括:Further, the device further includes:
第一生成模块,用于对应每个数据块均生成一个对称密钥。The first generation module is used to generate a symmetric key for each data block.
进一步的,所述装置还包括:Further, the device further includes:
第二生成模块,用于在本地生成第一节点的公钥和私钥,并将所述第一节点的公钥上传至区块链。The second generation module is used to locally generate the public key and private key of the first node, and upload the public key of the first node to the blockchain.
在本发明另一示例性实施例中,第一解密模块还用于使用所述第一节点的私钥对从区块链上获取的所述第一密钥密文进行解密,获取所述对称密钥。In another exemplary embodiment of the present invention, the first decryption module is further used to decrypt the first key ciphertext obtained from the blockchain using the private key of the first node to obtain the symmetric Key.
第一加密模块还用于使用第二节点的公钥对所述待查询数据块密文对应的对称密钥进行加密,生成第二密钥密文。The first encryption module is also used to encrypt the symmetric key corresponding to the ciphertext of the data block to be queried using the public key of the second node to generate a second key ciphertext.
发送模块还用于当不允许所述第二节点查询时,则生成查询拒绝消息,并通过所述区块链发送至第二节点。The sending module is also used to generate a query rejection message when the second node is not allowed to query, and send it to the second node through the blockchain.
所述装置还可以包括:The device may further include:
查询模块,用于从所述对称密钥中获取所述待查询数据块密文对应的对称密钥。The query module is configured to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the symmetric key.
图7是根据一示例性实施例示出的基于联盟链的数据传递装置的结构示意图,所述装置应用于区块链上的第二节点,其中,区块链不属于该装置的结构,因此用虚线框出,参照图7所示,该装置至少包括:Fig. 7 is a schematic structural diagram of a data transmission device based on a consortium chain according to an exemplary embodiment. The device is applied to a second node on a blockchain, where the blockchain does not belong to the structure of the device, so Framed by a dotted line, referring to FIG. 7, the device includes at least:
第二加密模块,用于使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号进行加密,生成编号密文;The second encryption module is used to encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain to generate a numbered ciphertext;
签名模块,用于对所述编号密文签名后发送至区块链;The signature module is used to sign the numbered ciphertext and send it to the blockchain;
获取模块,用于从区块链上获取待查询数据块密文对应的对称密钥;The obtaining module is used to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain;
第二解密模块,用于对所述待查询数据块密文进行解密,获取所需要的数 据块。The second decryption module is used to decrypt the ciphertext of the data block to be queried to obtain the required data block.
进一步的,所述装置还包括:Further, the device further includes:
第三生成模块,用于在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块链。The third generation module is used to locally generate the public key and private key of the second node, and upload the public key of the second node to the blockchain.
在本发明另一示例性实施例中,所述装置还可以包括:In another exemplary embodiment of the present invention, the apparatus may further include:
接收模块,用于从区块链上获取第二密钥密文,其中所述第二密钥密文由第一节点使用第二节点的公钥对待查询数据块密文对应的对称密钥加密生成。The receiving module is used to obtain the second key ciphertext from the blockchain, wherein the second key ciphertext is encrypted by the first node using the symmetric key corresponding to the ciphertext of the query data block using the second node's public key generate.
第二解密模块还用于使用所述第二节点的私钥对所述第二密钥密文进行解密,获取相应的对称密钥。The second decryption module is also used to decrypt the second key ciphertext using the private key of the second node to obtain the corresponding symmetric key.
综上所述,本发明实施例提供的技术方案带来的有益效果是:In summary, the beneficial effects brought by the technical solutions provided by the embodiments of the present invention are:
1、本发明实施例提供的基于联盟链的数据传递方法及装置数据共享系统的区块链上的第一节点可以自定义分块加密策略,通过分块加密的方法,第一节点可以灵活的控制消息访问策略,进行细粒度的控制,比如只让第二节点看到特定的部分等,且第二节点查看消息中的某些块需要经过第一节点的授权,保证了数据的可控性;1. The data transmission method and device-based data sharing system based on the alliance chain provided by the embodiments of the present invention can define a block encryption strategy for the first node on the block chain. Through the block encryption method, the first node can be flexible Control the message access strategy and perform fine-grained control, such as only allowing the second node to see specific parts, etc., and the second node needs to be authorized by the first node to view certain blocks in the message, ensuring the controllability of the data ;
2、本发明实施例提供的基于联盟链的数据传递方法及装置,通过使用对称加密算法对消息进行分块加密,使用非对称加密算法对对称密钥进行加密,保证数据安全性的同时也尽量提高加解密的效率;2. The data transmission method and device based on the alliance chain provided by the embodiments of the present invention, by using a symmetric encryption algorithm to encrypt the message in blocks, and using an asymmetric encryption algorithm to encrypt the symmetric key to ensure data security while also trying to Improve the efficiency of encryption and decryption;
3、本发明实施例提供的基于联盟链的数据传递方法及装置,通过将数据加密后存储在区块链上,除非经过授权,否则其他人无法对数据进行解密,且将数据分块加密后进行传递时,存储在区块链上的都是加密后的数据,保证了数据的安全性,私密性;3. The data transmission method and device based on the alliance chain provided by the embodiments of the present invention, by encrypting the data and storing it on the blockchain, unless authorized, no one else can decrypt the data and encrypt the data in blocks When transferring, the encrypted data is stored on the blockchain, ensuring the security and privacy of the data;
4、本发明实施例提供的基于联盟链的数据传递方法及装置,所有对称密钥都是临时生成保存在区块链上,只要本地的非对称私钥不丢失,可以很方便从区块链上再次解密,保证了数据的可恢复性。4. The data transmission method and device based on the alliance chain provided in the embodiments of the present invention, all symmetric keys are temporarily generated and stored on the blockchain, as long as the local asymmetric private key is not lost, it can be easily removed from the blockchain It is decrypted again to ensure the recoverability of the data.
上述所有可选技术方案,可以采用任意结合形成本发明的可选实施例,在 此不再一一赘述。All of the above optional technical solutions may be combined in any combination to form optional embodiments of the present invention, and details are not repeated herein.
需要说明的是:上述实施例提供的应用于区块链上第一节点和第二节点的基于联盟链的数据传递装置在触发数据传递业务时,均仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而分别将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的应用于区块链上第一节点的基于联盟链的数据传递装置与基于联盟链的数据传递方法实施例属于同一构思,应用于区块链上第二节点的基于联盟链的数据传递装置与基于联盟链的数据传递方法实施例属于同一构思其具体实现过程详见方法实施例,这里不再赘述。It should be noted that when the data transmission device based on the alliance chain provided by the first and second nodes on the blockchain provided by the above embodiments triggers the data transmission service, only the above-mentioned division of each functional module is used as an example to illustrate In actual applications, the above functions can be allocated by different function modules according to needs, that is, the internal structure of the device is divided into different function modules to complete all or part of the functions described above. In addition, the above-mentioned embodiment provides the alliance chain-based data transmission device applied to the first node on the blockchain and the alliance chain-based data transmission method embodiment belong to the same concept, and is applied to the second node on the blockchain based on the alliance The chain data transmission device and the alliance chain-based data transmission method embodiment belong to the same concept. For the specific implementation process, refer to the method embodiment, and details are not described here.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。A person of ordinary skill in the art may understand that all or part of the steps for implementing the above-described embodiments may be completed by hardware, or may be completed by a program instructing related hardware. The program may be stored in a computer-readable storage medium. The mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. within the spirit and principle of the present invention should be included in the protection of the present invention Within range.

Claims (13)

  1. 一种基于联盟链的数据传递方法,其特征在于,所述方法应用于区块链上的第一节点,所述方法包括如下步骤:A data transmission method based on alliance chain, characterized in that the method is applied to the first node on the blockchain, and the method includes the following steps:
    将数据分成若干数据块,使用不同的对称密钥对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链;Divide the data into several data blocks, use different symmetric keys to correspondingly encrypt the several data blocks, generate several data block ciphertexts and number them, and upload them to the blockchain;
    使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链;Encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
    使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节点使用第一节点的公钥对待查询数据块密文的编号进行加密生成;Use the private key of the first node to decrypt the numbered ciphertext from the blockchain to obtain the number of the ciphertext of the data block to be queried by the second node, where the second node uses the first node’s public key The key encrypts the number of the ciphertext of the data block to be queried;
    当允许所述第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过所述区块链发送至第二节点,以使所述第二节点使用自己的私钥对所述第二密钥密文进行解密获取相应的对称密钥。When the second node is allowed to query, the public key of the second node is used to encrypt the corresponding symmetric key, a second key ciphertext is generated, and sent to the second node through the blockchain, so that all The second node uses its own private key to decrypt the second key ciphertext to obtain the corresponding symmetric key.
  2. 根据权利要求1所述的基于联盟链的数据传递方法,其特征在于,所述将数据分成若干数据块,使用不同的对称密钥对应加密所述数据块,生成若干数据块密文并编号后上传至所述区块链具体包括:The data transmission method based on alliance chain according to claim 1, wherein the data is divided into several data blocks, the data blocks are encrypted correspondingly using different symmetric keys, and several data block ciphertexts are generated and numbered The upload to the blockchain specifically includes:
    根据数据中信息的类型将所述数据分成若干数据块;Divide the data into several data blocks according to the type of information in the data;
    对应每个数据块均生成一个对称密钥;A symmetric key is generated for each data block;
    分别使用所述对称密钥对相应的数据块进行加密,生成数据块密文并编号后上传至区块链。The corresponding data blocks are encrypted using the symmetric keys respectively, and the ciphertext of the data blocks is generated and numbered and uploaded to the blockchain.
  3. 根据权利要求1或2所述的基于联盟链的数据传递方法,其特征在于,所述使用所述第一节点的公钥对所述对称密钥进行加密前还包括:The data transmission method based on the alliance chain according to claim 1 or 2, characterized in that before encrypting the symmetric key using the public key of the first node further includes:
    在本地生成第一节点的公钥和私钥,并将所述第一节点的公钥上传至区块链。Generate the public key and private key of the first node locally, and upload the public key of the first node to the blockchain.
  4. 根据权利要求3所述的基于联盟链的数据传递方法,其特征在于,所述 当允许所述第二节点查询时,使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文,并通过所述区块链发送至第二节点具体包括:The data transmission method based on alliance chain according to claim 3, wherein when the second node is allowed to query, the corresponding symmetric key is encrypted using the public key of the second node to generate the second The key ciphertext and sent to the second node through the blockchain specifically includes:
    使用所述第一节点的私钥对从区块链上获取的所述第一密钥密文进行解密,获取所述对称密钥;Decrypt the first key ciphertext obtained from the blockchain using the private key of the first node to obtain the symmetric key;
    从所述对称密钥中获取所述待查询数据块密文对应的对称密钥;Obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the symmetric key;
    使用第二节点的公钥对所述待查询数据块密文对应的对称密钥进行加密,生成第二密钥密文;Encrypt the symmetric key corresponding to the ciphertext of the data block to be queried using the public key of the second node to generate a second key ciphertext;
    通过所述区块链将第二密钥密文发送至第二节点。The second key ciphertext is sent to the second node through the blockchain.
  5. 根据权利要求1或2所述的基于联盟链的数据传递方法,其特征在于,当不允许所述第二节点查询时,则生成查询拒绝消息,并通过所述区块链发送至第二节点。The data transmission method based on the alliance chain according to claim 1 or 2, wherein when the second node is not allowed to query, a query rejection message is generated and sent to the second node through the blockchain .
  6. 一种基于联盟链的数据传递方法,其特征在于,所述方法应用于区块链上的第二节点,所述方法包括如下步骤:A data transmission method based on alliance chain, characterized in that the method is applied to a second node on the blockchain, and the method includes the following steps:
    使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号进行加密,生成编号密文,对所述编号密文签名后发送至区块链;Encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain, generate a numbered ciphertext, sign the numbered ciphertext, and send it to the blockchain;
    从区块链上获取待查询数据块密文对应的对称密钥,对所述待查询数据块密文进行解密,获取所需要的数据块。Obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, decrypt the ciphertext of the data block to be queried, and obtain the required data block.
  7. 根据权利要求6所述的基于联盟链的数据传递方法,其特征在于,所述从区块链上获取待查询数据块密文对应的对称密钥前还包括:The data transmission method based on the consortium chain according to claim 6, wherein before obtaining the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain, the method further comprises:
    在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块链。Generate the public key and private key of the second node locally, and upload the public key of the second node to the blockchain.
  8. 根据权利要求7所述的基于联盟链的数据传递方法,其特征在于,所述从区块链上获取待查询数据块密文对应的对称密钥,对所述待查询数据块密文进行解密,获取所需要的数据块具体包括:The data transmission method based on alliance chain according to claim 7, wherein the symmetric key corresponding to the ciphertext of the data block to be queried is obtained from the blockchain, and the ciphertext of the data block to be queried is decrypted , The data blocks needed to obtain specifically include:
    从区块链上获取第二密钥密文,其中所述第二密钥密文由第一节点使用第二节点的公钥对待查询数据块密文对应的对称密钥加密生成;Obtain a second key ciphertext from the blockchain, where the second key ciphertext is generated by the first node using the public key of the second node to encrypt the symmetric key corresponding to the ciphertext of the query data block;
    使用所述第二节点的私钥对所述第二密钥密文进行解密,获取相应的对称密钥;Decrypt the second key ciphertext using the private key of the second node to obtain the corresponding symmetric key;
    使用所述相应的对称密钥对所述待查询的数据块密文进行解密,获取所需要查询的数据块。Use the corresponding symmetric key to decrypt the ciphertext of the data block to be queried to obtain the data block to be queried.
  9. 一种基于联盟链的数据传递装置,其特征在于,所述装置应用于区块链上的第一节点,所述装置至少包括:A data transmission device based on alliance chain, characterized in that the device is applied to a first node on a blockchain, and the device includes at least:
    数据分割模块,用于将数据分成若干数据块;Data segmentation module, used to divide data into several data blocks;
    第一加密模块,用于使用不同的对称密钥分别对应加密所述若干数据块,生成若干数据块密文并编号后上传至所述区块链;The first encryption module is used to respectively encrypt the plurality of data blocks using different symmetric keys, generate a number of data block ciphertexts and number them, and upload them to the blockchain;
    所述第一加密模块还用于使用所述第一节点的公钥对所述对称密钥进行加密,生成第一密钥密文后上传至区块链;The first encryption module is also used to encrypt the symmetric key using the public key of the first node, generate the first key ciphertext, and upload it to the blockchain;
    第一解密模块,用于使用第一节点的私钥对来自区块链的编号密文进行解密,获取第二节点的待查询数据块密文的编号,其中,所述编号密文由第二节点使用第一节点的公钥对待查询数据块密文的编号进行加密生成;The first decryption module is used to decrypt the numbered ciphertext from the blockchain using the private key of the first node to obtain the number of the ciphertext of the data block to be queried of the second node, where the numbered ciphertext is The node uses the public key of the first node to encrypt the number of the ciphertext of the data block to be queried;
    所述第一加密模块还用于使用第二节点的公钥对相应的对称密钥进行加密,生成第二密钥密文;The first encryption module is also used to encrypt the corresponding symmetric key using the public key of the second node to generate a second key ciphertext;
    发送模块,用于将第二密钥密文通过所述区块链发送至第二节点。The sending module is used to send the second key ciphertext to the second node through the blockchain.
  10. 根据权利要求9所述的基于联盟链的数据传递装置,其特征在于,所述装置还包括:The data transmission device based on alliance chain according to claim 9, wherein the device further comprises:
    第一生成模块,用于对应每个数据块均生成一个对称密钥。The first generation module is used to generate a symmetric key for each data block.
  11. 根据权利要求9或10所述的基于联盟链的数据传递装置,其特征在于,所述装置还包括:The data transmission device based on alliance chain according to claim 9 or 10, wherein the device further comprises:
    第二生成模块,用于在本地生成第一节点的公钥和私钥,并将所述第一节点的公钥上传至区块链。The second generation module is used to locally generate the public key and private key of the first node, and upload the public key of the first node to the blockchain.
  12. 一种基于联盟链的数据传递装置,其特征在于,所述装置应用于区块链上的第二节点,所述装置至少包括:A data transmission device based on alliance chain, characterized in that the device is applied to a second node on a blockchain, and the device includes at least:
    第二加密模块,用于使用从区块链上获取的第一节点的公钥对待查询数据块密文的编号进行加密,生成编号密文;The second encryption module is used to encrypt the number of the ciphertext of the data block to be queried using the public key of the first node obtained from the blockchain to generate a numbered ciphertext;
    签名模块,用于对所述编号密文签名后发送至区块链;The signature module is used to sign the numbered ciphertext and send it to the blockchain;
    获取模块,用于从区块链上获取待查询数据块密文对应的对称密钥;The obtaining module is used to obtain the symmetric key corresponding to the ciphertext of the data block to be queried from the blockchain;
    第二解密模块,用于对所述待查询数据块密文进行解密,获取所需要的数据块。The second decryption module is used to decrypt the ciphertext of the data block to be queried to obtain the required data block.
  13. 根据权利要求12基于联盟链的数据传递装置,其特征在于,所述装置还包括:The data transmission device based on the alliance chain according to claim 12, wherein the device further comprises:
    第三生成模块,用于在本地生成第二节点的公钥和私钥,并将所述第二节点的公钥上传至区块链。The third generation module is used to locally generate the public key and private key of the second node, and upload the public key of the second node to the blockchain.
PCT/CN2019/106022 2018-11-29 2019-09-16 Consortium blockchain-based data transfer method and device WO2020108019A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CA3162736A CA3162736A1 (en) 2018-11-29 2019-09-16 Data transmission method and device based on consortium blockchain

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811449441.4A CN109587132B (en) 2018-11-29 2018-11-29 Data transmission method and device based on alliance chain
CN201811449441.4 2018-11-29

Publications (1)

Publication Number Publication Date
WO2020108019A1 true WO2020108019A1 (en) 2020-06-04

Family

ID=65923853

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/106022 WO2020108019A1 (en) 2018-11-29 2019-09-16 Consortium blockchain-based data transfer method and device

Country Status (3)

Country Link
CN (1) CN109587132B (en)
CA (1) CA3162736A1 (en)
WO (1) WO2020108019A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740827A (en) * 2020-07-28 2020-10-02 北京金山云网络技术有限公司 Data transmission method and device, computer equipment and storage medium
CN112907247A (en) * 2021-03-18 2021-06-04 上海能链众合科技有限公司 Block chain authorization calculation control method
CN112968782A (en) * 2021-04-07 2021-06-15 北京安天网络安全技术有限公司 Safety evaluation method and system based on alliance chain
CN113572617A (en) * 2021-07-20 2021-10-29 广州炒米信息科技有限公司 Distributed inter-node identity authentication method based on alliance chain
CN114025346A (en) * 2021-10-12 2022-02-08 杭州趣链科技有限公司 Safe and effective data transmission method for data between mobile self-set networks
CN114629901A (en) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 BaaS-based block chain data sharing method, device and equipment
CN114745181A (en) * 2022-04-11 2022-07-12 中国南方电网有限责任公司 Data processing method and device
CN114756881A (en) * 2022-04-18 2022-07-15 云南天上人间茶业有限公司 Data analysis system based on block chain

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587132B (en) * 2018-11-29 2021-03-26 南京苏宁软件技术有限公司 Data transmission method and device based on alliance chain
CN110059503B (en) * 2019-04-24 2023-03-24 成都派沃特科技股份有限公司 Traceable social information anti-leakage method
CN110046521B (en) * 2019-04-24 2023-04-18 成都派沃特科技股份有限公司 Decentralized privacy protection method
CN110224989B (en) * 2019-05-10 2022-01-28 深圳壹账通智能科技有限公司 Information interaction method and device, computer equipment and readable storage medium
CN110223064B (en) * 2019-05-27 2020-07-28 四川大学 Non-repudiation safety data transmission method based on block chain
CN110336673B (en) * 2019-06-03 2022-03-08 江苏科技大学 Block chain design method based on privacy protection
CN110299964B (en) * 2019-06-28 2020-11-24 京东数字科技控股有限公司 Data transmission method and device, computer storage medium
CN110555318A (en) * 2019-09-17 2019-12-10 山东爱城市网信息技术有限公司 privacy data protection method based on block chain
CN112787976B (en) * 2019-11-06 2023-04-07 阿里巴巴集团控股有限公司 Data encryption, decryption and sharing method, device, system and storage medium
CN111131311A (en) * 2019-12-31 2020-05-08 北京中电普华信息技术有限公司 Data transmission method based on block chain and block chain link point
CN111431857B (en) * 2020-02-27 2022-09-27 深圳壹账通智能科技有限公司 Authorized access method and device for super account book and storage medium
CN111614643B (en) * 2020-05-12 2022-11-25 傲林科技有限公司 Key management method and block chain system
CN113761543B (en) * 2020-06-01 2024-04-02 菜鸟智能物流控股有限公司 Data processing method, device, equipment and machine-readable medium based on alliance chain
CN112714120B (en) * 2020-12-24 2021-10-29 四川长虹电器股份有限公司 Chained data encryption and decryption method and separated storage method of encrypted data
CN112597527B (en) * 2021-03-05 2021-06-08 浙江数秦科技有限公司 Data access method for preventing alliance chain data leakage
CN113301018B (en) * 2021-04-22 2022-05-24 浙江数秦科技有限公司 Data sharing method based on alliance chain
CN113507468A (en) * 2021-07-08 2021-10-15 上海欧冶金融信息服务股份有限公司 Encryption method, decryption method and authorization method based on block chain technology
CN113987594B (en) * 2021-10-26 2024-08-02 深圳前海微众银行股份有限公司 Block chain signature management method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004034182A2 (en) * 2002-07-24 2004-04-22 Qualcomm Incorporated Efficient encryption and authentication for data processing systems
CN101127597A (en) * 2007-10-09 2008-02-20 华中科技大学 Data transmission encryption method of MANET network
CN107370595A (en) * 2017-06-06 2017-11-21 福建中经汇通有限责任公司 One kind is based on fine-grained ciphertext access control method
CN107659567A (en) * 2017-09-19 2018-02-02 北京许继电气有限公司 The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509B (en) * 2008-01-22 2011-10-26 中兴通讯股份有限公司 Data protection transmission method of P2P network
CN102968423A (en) * 2012-03-27 2013-03-13 广州市国迈科技有限公司 Design of high-performance private cloud storage node file system on basis of data container
CN103685162A (en) * 2012-09-05 2014-03-26 中国移动通信集团公司 File storing and sharing method
CN103118089A (en) * 2013-01-22 2013-05-22 华中科技大学 Safe storage method based on a plurality of cloud storage systems and system thereof
CN103179114B (en) * 2013-03-15 2015-09-23 华中科技大学 Data fine-grained access control method during a kind of cloud stores
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
CN104601563B (en) * 2015-01-06 2017-09-15 南京信息工程大学 The method of the sharable content object cloud storage data property held based on MLE
CN105260668B (en) * 2015-10-10 2018-07-24 北京搜狗科技发展有限公司 A kind of file encrypting method and electronic equipment
CN105721485B (en) * 2016-03-04 2019-02-01 安徽大学 Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment
CN106101257B (en) * 2016-07-07 2019-07-02 广东工业大学 A kind of cloud storage data managing method and device based on Bloom filter
CN107241417A (en) * 2017-06-12 2017-10-10 郑州云海信息技术有限公司 A kind of method, system, transmitting terminal and the receiving terminal of file transmission
CN108108127B (en) * 2017-12-15 2021-07-02 苏州朗润创新知识产权运营有限公司 File reading method and system
CN108062202A (en) * 2017-12-15 2018-05-22 中链科技有限公司 A kind of file block storage method and system
CN108108633B (en) * 2017-12-20 2021-07-13 中国科学院深圳先进技术研究院 Data file and access method, device and equipment thereof
CN108200079A (en) * 2018-01-19 2018-06-22 深圳四方精创资讯股份有限公司 Block chain method for secret protection and device based on symmetrical and asymmetric Hybrid Encryption
CN108183973A (en) * 2018-02-23 2018-06-19 苏州汉辰数字科技有限公司 A kind of Streaming Media quantum flow block data structure and encipher-decipher method
CN108768930A (en) * 2018-04-09 2018-11-06 华北水利水电大学 A kind of encrypted transmission method of data
CN110245144B (en) * 2018-04-27 2022-02-22 腾讯科技(深圳)有限公司 Protocol data management method, device, storage medium and system
CN108681898B (en) * 2018-05-15 2021-09-17 广东工业大学 Data transaction method and system based on block chain
CN108876383A (en) * 2018-08-27 2018-11-23 广东工业大学 A kind of data trade method, device and equipment based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004034182A2 (en) * 2002-07-24 2004-04-22 Qualcomm Incorporated Efficient encryption and authentication for data processing systems
CN101127597A (en) * 2007-10-09 2008-02-20 华中科技大学 Data transmission encryption method of MANET network
CN107370595A (en) * 2017-06-06 2017-11-21 福建中经汇通有限责任公司 One kind is based on fine-grained ciphertext access control method
CN107659567A (en) * 2017-09-19 2018-02-02 北京许继电气有限公司 The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109587132A (en) * 2018-11-29 2019-04-05 苏宁易购集团股份有限公司 A kind of data transferring method and device based on alliance's chain

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740827A (en) * 2020-07-28 2020-10-02 北京金山云网络技术有限公司 Data transmission method and device, computer equipment and storage medium
CN111740827B (en) * 2020-07-28 2022-10-28 北京金山云网络技术有限公司 Data transmission method and device, computer equipment and storage medium
CN114629901A (en) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 BaaS-based block chain data sharing method, device and equipment
CN112907247A (en) * 2021-03-18 2021-06-04 上海能链众合科技有限公司 Block chain authorization calculation control method
CN112907247B (en) * 2021-03-18 2024-01-26 上海零数众合信息科技有限公司 Block chain authorization calculation control method
CN112968782A (en) * 2021-04-07 2021-06-15 北京安天网络安全技术有限公司 Safety evaluation method and system based on alliance chain
CN113572617A (en) * 2021-07-20 2021-10-29 广州炒米信息科技有限公司 Distributed inter-node identity authentication method based on alliance chain
CN113572617B (en) * 2021-07-20 2023-05-26 广州炒米信息科技有限公司 Distributed inter-node identity authentication method based on alliance chain
CN114025346A (en) * 2021-10-12 2022-02-08 杭州趣链科技有限公司 Safe and effective data transmission method for data between mobile self-set networks
CN114025346B (en) * 2021-10-12 2024-03-29 杭州趣链科技有限公司 Data transmission method for data security and effectiveness between mobile self-setting networks
CN114745181A (en) * 2022-04-11 2022-07-12 中国南方电网有限责任公司 Data processing method and device
CN114756881A (en) * 2022-04-18 2022-07-15 云南天上人间茶业有限公司 Data analysis system based on block chain

Also Published As

Publication number Publication date
CN109587132B (en) 2021-03-26
CA3162736A1 (en) 2020-06-04
CN109587132A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
WO2020108019A1 (en) Consortium blockchain-based data transfer method and device
CN109120639B (en) Data cloud storage encryption method and system based on block chain
WO2019214070A1 (en) Encryption method for user communication on block chain, apparatus, terminal device and storage medium
EP3813298B1 (en) Method and apparatus for establishing trusted channel between user and trusted computing cluster
US20210152370A1 (en) Digital signature method, device, and system
CN108418686A (en) A kind of how distributed SM9 decryption methods and medium and key generation method
US11044082B2 (en) Authenticating secure channel establishment messages based on shared-secret
JP2013539248A (en) Secure node authorization in communication networks
CN111371790B (en) Data encryption sending method based on alliance chain, related method, device and system
CN105245328A (en) User and file key generation and management method based on third party
JP2016158189A (en) Change direction with key control system and change direction with key control method
CN113901512A (en) Data sharing method and system
CN112039883A (en) Data sharing method and device for block chain
US11818268B2 (en) Hub-based token generation and endpoint selection for secure channel establishment
CN106790259A (en) A kind of asymmetric across cryptographic system re-encryption, decryption method and system
Rizvi et al. A trusted third-party (TTP) based encryption scheme for ensuring data confidentiality in cloud environment
CN117200966A (en) Trusted authorization data sharing method based on distributed identity and alliance chain
CN106332074A (en) Multi-party communication authentication method and system
US20220360429A1 (en) Location-key encryption system
US20220385453A1 (en) Secure file transfer
CN116527358A (en) Time sensitive access control method and device based on CP-ABE edge calculation
KR20210020699A (en) Method for performing backup and recovery private key in consortium blockchain network, and device using them
CN115174188A (en) Message transmission method and device, electronic equipment and storage medium
KR20210020851A (en) Method for performing backup and recovery private key in consortium blockchain network, and device using them
CN118449786B (en) Local communication lightweight authentication method, system, equipment and medium of power terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19888734

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19888734

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 3162736

Country of ref document: CA

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13/01/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19888734

Country of ref document: EP

Kind code of ref document: A1