WO2020181845A1 - Method and device for encrypting blockchain data, computer apparatus, and storage medium - Google Patents

Method and device for encrypting blockchain data, computer apparatus, and storage medium Download PDF

Info

Publication number
WO2020181845A1
WO2020181845A1 PCT/CN2019/123142 CN2019123142W WO2020181845A1 WO 2020181845 A1 WO2020181845 A1 WO 2020181845A1 CN 2019123142 W CN2019123142 W CN 2019123142W WO 2020181845 A1 WO2020181845 A1 WO 2020181845A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
blockchain
ciphertext
data
encrypted
Prior art date
Application number
PCT/CN2019/123142
Other languages
French (fr)
Chinese (zh)
Inventor
谢丹力
张文明
贾牧
陆一凡
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020181845A1 publication Critical patent/WO2020181845A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • This application relates to the field of blockchain encryption technology, and in particular to a blockchain data encryption method, device, computer equipment, and computer-readable storage medium.
  • the blockchain network can realize information sharing between industries, but large companies regard data as life and are unwilling to share data. For this reason, all sensitive data uploaded to the blockchain must be encrypted to solve the problem of large companies Concerns about data sharing will not make data sharing a data welfare.
  • the encrypted data authorization method is encrypted by using a key. Once the encrypted data is authorized to any authorized party, the authorized party has all rights to the data. However, in actual business needs, this method Reduce the efficiency of data management on the blockchain.
  • the embodiments of the present application provide a blockchain data encryption method, device, computer equipment, and computer-readable storage medium, which can solve the problem of low efficiency of data management on the blockchain in the traditional technology.
  • an embodiment of the present application provides a blockchain data encryption method, the method includes: obtaining data to be encrypted; generating a first key corresponding to a read permission and a second key corresponding to a write permission; The first key encrypts the data to obtain a ciphertext; uses the second key to sign the ciphertext; uploads the signed ciphertext to the blockchain so that the blockchain can verify the ciphertext Store the ciphertext in the blockchain after the document verification is passed.
  • an embodiment of the present application also provides a block chain data encryption device, including: a first obtaining unit for obtaining data to be encrypted; a first generating unit for generating a first key corresponding to the read permission And a second key corresponding to the write authority; an encryption unit, used to encrypt the data using the first key to obtain a ciphertext; a signature unit, used to perform an encryption on the ciphertext using the second key Signature; upload unit for uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext.
  • an embodiment of the present application also provides a computer device, which includes a memory and a processor, the memory stores computer-readable instructions, and the processor implements the area when the computer-readable instructions are executed.
  • Block chain data encryption method is provided.
  • an embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes The block chain data encryption method.
  • Figure 1 is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application
  • FIG. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application
  • FIG. 3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 4 is a schematic diagram of digital signature flow interaction of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 5 is another flowchart of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 6 is an interactive schematic diagram of a specific embodiment of a blockchain data encryption method provided by an embodiment of the application.
  • FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • FIG. 8 is another schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • FIG. 9 is a schematic block diagram of a computer device provided by an embodiment of the application.
  • FIG. 1 is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application.
  • the application scenarios include:
  • the blockchain shown in Figure 1 contains 6 terminals. If there are encrypted data on terminal 1 that needs to be uploaded to the blockchain, so that other terminals in the blockchain can share the encrypted data, the data on terminal 1 passes through
  • the data encryption method in the embodiment of this application is encrypted and uploaded to the chain. After obtaining the corresponding authorization authority such as read authorization or write authorization, other terminals in the blockchain can obtain encrypted data from the chain to achieve access to the encrypted data.
  • the terminal 1 that needs to upload encrypted data executes the steps of the data encryption method in the embodiment of the present application.
  • the terminal may be an electronic device such as a notebook computer, a tablet computer, a smart phone, or a desktop computer.
  • the working process of each subject in Fig. 1 is as follows: obtaining the data to be encrypted; generating A first key corresponding to the read permission and a second key corresponding to the write permission; encrypt the data using the first key to obtain a ciphertext; use the second key to sign the ciphertext; Upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • the terminal 5 obtains the first key provided by the terminal 1, it obtains the read permission for the encrypted data.
  • the terminal 5 obtains the second key provided by the terminal 1, it obtains the write permission for the encrypted data.
  • the terminal 5 obtains the read permission and write permission of the encrypted data to obtain full authorization.
  • FIG. 1 only shows a desktop computer as a terminal.
  • the type of the terminal is not limited to that shown in FIG. 1.
  • the terminal may also be an electronic device such as a mobile phone, a notebook computer, or a tablet computer.
  • the application scenarios of the above-mentioned blockchain data encryption method are only used to illustrate the technical solutions of this application, and are not used to limit the technical solutions of this application.
  • the above-mentioned connection relationship may also have other forms.
  • Fig. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application.
  • the blockchain data encryption method is applied to the terminal in FIG. 1 to complete all or part of the functions of the blockchain data encryption method.
  • FIG. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the present application. As shown in Figure 2, the method includes the following steps S210-S290:
  • S220 Generate a first key corresponding to the read permission and a second key corresponding to the write permission.
  • the read permission refers to the permission to view or access encrypted data
  • the write permission refers to the permission to modify or delete the encrypted data
  • the first key corresponding to the read permission and the second key corresponding to the write permission are respectively generated.
  • the key, the first key is used to control the read authority of the encrypted data
  • the second key is used to control the write authority of the encrypted data, so that the first key is used to obtain authorization to view the encrypted data.
  • the second key obtains authorization to modify or delete the encrypted data.
  • the node that uploads the encrypted data in the blockchain will generate two keys for the data to be encrypted. One key is the first key, which is the read permission key, the English is Read Key, and the other is the first key.
  • the second key is the write authority key, and the English is WriteKey.
  • the step of generating the first key corresponding to the read permission and the second key corresponding to the write permission includes:
  • the first key of the symmetric key and the second key of the asymmetric key are generated.
  • the symmetric key refers to the use of symmetric cryptographic encoding technology, and the use of the same key for file encryption and decryption. Since the symmetric encryption algorithm is simple and quick to use, the key is short, and it is difficult to decipher, the symmetric key is used for the corresponding read permission.
  • An asymmetric key means that the encryption algorithm requires two keys, one of which is a public key, English is Publickey, the other is a private key, and English is Privatekey.
  • the public key and the private key are a pair. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt; if the private key is used to encrypt the data, only the corresponding public key can be used Decrypt. Because encryption and decryption use two different keys, this key is called an asymmetric encryption key. Since the typical application of asymmetric encryption is a digital signature, the second key corresponding to the write permission uses an asymmetric key.
  • the node uploading the encrypted data in the blockchain will generate two keys for the data to be encrypted, one of which is the first key, which is the read authority key, and the English is Read Key, which adopts the symmetric key.
  • the other key is the second key, which is the write authority key, and the English is WriteKey, which is an asymmetric key.
  • FIG. 3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application. As shown in Figure 3, the process is as follows:
  • the first subject generates a pair of public key and private key, and sends the public key to the second subject;
  • the second subject uses the public key to encrypt the data, the encryption process is: public key + plaintext -> ciphertext, and the second subject sends the ciphertext to the first subject;
  • the node in the blockchain uses the first key to encrypt the data to obtain the ciphertext.
  • Public and private keys are equivalent to keys and locks. Locks can be used to lock things, and keys can be used to open corresponding locks. One key can only open one lock. Of course, both keys and locks can be copied. Signing is equivalent to generating a lock and a key by myself, then locking the content I want to publish with my lock to form a signature, publishing the content and signature together, and telling everyone what my key is. People can get the key to open the content in the signature to verify that it is consistent with the published content. Everyone in the world can get the key to verify the consistency between the signature and the content, but only I have the signature lock.
  • Figure 4 is a schematic diagram of the digital signature process interaction of the blockchain data encryption method provided by an embodiment of the application.
  • the digital signature involves four or three processes:
  • the first subject generates a pair of public key and private key
  • the first subject uses the private key to sign the encrypted data, and the signing process is: private key + content -> signature;
  • the first subject publishes the encrypted data and signature together, and publishes the public key
  • the second subject uses the published public key to verify the signature.
  • the verification process is: public key + signature + content -> whether the content has changed, so as to determine whether the encrypted data published by the first subject has changed or has been tampered with.
  • the node in the blockchain uses the second key to sign the ciphertext to obtain a signature code.
  • the method further includes:
  • the step of using the second key to sign the ciphertext includes:
  • the step of uploading the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and storing the ciphertext in the blockchain includes:
  • the blockchain secondary node will generate two cryptographically secure keys for this piece of data.
  • the first key is the read authority key
  • the English is Read Key
  • the second key is the write authority key
  • the English is WriteKey.
  • the ciphertext is signed using the write authority key, and the ciphertext is sent to the blockchain, so that different subjects obtain the corresponding authority of the data according to the obtained key.
  • the blockchain node processes the data to be encrypted as follows:
  • the blockchain secondary node will generate two cryptographically secure keys for this piece of data.
  • the first key is the read authority key
  • the English is Read Key
  • the second key is the write authority key
  • the English is WriteKey.
  • the block link After the block link receives the encrypted data EncyptData+PublicKey+S sent by the secondary node of the blockchain, it verifies the encrypted data.
  • the verification process on the blockchain is as follows:
  • FIG. 5 is another flowchart of a blockchain data encryption method provided by an embodiment of the application.
  • the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • it also includes:
  • S260 Send an authorization key to a node in the blockchain so that the node uses the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, The second key or the first key and the second key.
  • the authorizing party since the encrypted data authorization method with separation of read and write permissions is adopted, the authorizing party, that is, the party encrypting the data, uses two keys when encrypting the data.
  • the first key is a symmetric key, which is used to encrypt data
  • the second key is an asymmetric key, which is used to sign the encrypted result.
  • this method also supports reading the secret
  • the key and the write key are authorized to the authorized party at the same time, and the authorized party has both the read permission and the write permission. This method is called full authorization.
  • the authorized party performs corresponding operations on encrypted data according to the obtained authorization, which can be divided into the following types:
  • the authorized party obtains the first key of the read permission.
  • the process of the authorized party to access encrypted data is as follows:
  • the secondary node of the data reader uses ReadKey to decrypt EncyptData to obtain the original data.
  • the authorized party since the authorized party has obtained the second key of the write authority, the authorized party has the authority to modify the data, that is, the authorized party can modify the data. Assuming that the operator has been authorized for ReadKey and WriteKey, at this time, follow Proceed as follows:
  • the operator uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2; the operator uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2; the operator sends EncyptData2+TimeStamp2+S2 To the blockchain.
  • the PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the S2 of the current data on the chain. If the verification is passed, the data is allowed to be modified. If the verification fails, the modification of the data is refused, and the operation fails. .
  • the PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the current S3 of the data on the chain. If the verification is passed, the data is allowed to be deleted. If the verification fails, the data is refused to be deleted, and the operation fails. .
  • the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored after the blockchain passes the verification of the ciphertext After the steps to the blockchain, it also includes:
  • S270 Send the first key through a key exchange algorithm, so that nodes in the blockchain can view the data to be encrypted.
  • the step of sending the first key through a key exchange algorithm to enable nodes in the blockchain to view the data to be encrypted includes:
  • the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key.
  • the first key may also be sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted, for example, when implementing penetrating supervision,
  • the supervising unit can obtain the first key through the key exchange algorithm to view the encrypted data, that is, the embodiment of the present application can support transparent supervision at the same time, where the transparent supervision refers to adopting the key agreement algorithm to
  • the data uploading unit and the supervisory unit exchange information securely through the blockchain and the third party cannot obtain the information.
  • the key agreement algorithm includes ECDH and ECDHE.
  • ECDH is a DH (Diffie-Hellman) key exchange algorithm based on ECC (Elliptic Curve Cryptosystems, elliptic curve cryptosystems), and both parties can negotiate a key without sharing any secrets.
  • the ECC algorithm is used in conjunction with DH for key negotiation.
  • This key exchange algorithm is called ECDH.
  • Diffie-Hellman algorithm referred to as DH algorithm, is a key agreement algorithm.
  • the algorithm is a method of establishing a key, not an encryption method, but the generated key can be used for encryption, key management or any other Encryption method.
  • the purpose of this key exchange technology is to enable two users to exchange keys (KEY) securely for future message encryption.
  • the supervisory unit node in the blockchain can obtain the read permission key through the key exchange algorithm to view the data to be encrypted.
  • the node uploading the data in the blockchain obtains the second public key sent by the supervisory node in the blockchain, and uses all The second key and the second public key are exchanged to obtain the third key of the symmetric key, and the first key is encrypted using the third key to obtain the encrypted first key, and then Send the encrypted first key to the blockchain so that the supervisory node in the blockchain uses the private key corresponding to the second public key to decrypt the first key to view the encrypted data in the blockchain.
  • the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key.
  • the node uploading data in the blockchain uses WriteKey and the public key SupervisePubKey (supervised public key) provided by the supervision to perform ECDH, and obtain both parties
  • SymKey symmetric key
  • the supervisory node can use its own private key to solve the ReadKey to view the content of the encrypted data.
  • FIG. 6 is an interactive schematic diagram of a specific embodiment of the blockchain data encryption method provided by the embodiment of the application. As shown in FIG. 6, the process of the blockchain data encryption method provided by the embodiment of the application is as follows :
  • the authorized party node in the blockchain obtains the data that needs to be encrypted
  • the authorized party node in the blockchain uses the ReadKey to encrypt the data to obtain the ciphertext EncyptData;
  • the authorizing party node in the blockchain uses WriteKey as the private key to generate the corresponding public key PublicKey;
  • the authorized party node in the blockchain uses the current private key WriteKey to sign EncyptData+PublicKey+TimeStamp to obtain the signature code S;
  • the authorized party node in the blockchain sends EncyptData+PublicKey+S to the blockchain;
  • the blockchain obtains the public key PublicKey, and verifies the S code in the data. If the verification is passed, the data storage is agreed;
  • the authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
  • the authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data
  • the authorized party node in the blockchain sends the authorized ReadKey and WriteKey
  • the authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
  • the authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data
  • the authorized party node in the blockchain modifies the original data and uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2;
  • the authorized party node in the blockchain uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2;
  • the authorized party node in the blockchain sends EncyptData2+TimeStamp2+S2 to the blockchain;
  • the blockchain obtains the PublicKey of the original data, and uses the PublicKey to verify the S2 of the current data on the chain. After the verification is passed, the data is allowed to be modified, the verification fails, and the data is refused to be modified, and the operation fails.
  • the encrypted data authorization method with separation of read and write permissions uses two keys when encrypting data.
  • the first key can be a symmetric key for encrypting data
  • the second The key can be an asymmetric key, which is used to sign the encrypted result; in the authorization process, if only the first key is authorized to the other party, the other party only has the right to view the data, and if the other party is authorized the second Key, the other party has the authority to modify and delete data; at the same time, this method also supports to authorize the read and write key to the other party at the same time, so the other party has the read and write authority at the same time.
  • This method is called full authorization.
  • This scheme is an important supplement and enhancement to the traditional encryption data authorization method, and makes up for the shortcomings of the traditional encryption authorization method.
  • This method allows the authorized party to flexibly choose to grant the other party view permissions, modify permissions, or delete permissions. It is a comparison to the traditional authorization method. An improvement that improves the flexibility of nodes in the blockchain to authorize encrypted data and the management efficiency of encrypted data.
  • FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • an embodiment of the present application also provides a blockchain data encryption device.
  • the block chain data encryption device includes a unit for executing the above block chain data encryption method, and the device can be configured in computer equipment such as a server.
  • the blockchain data encryption device 700 includes a first acquisition unit 701, a first generation unit 702, an encryption unit 703, a signature unit 704 and an upload unit 705.
  • the first obtaining unit 701 obtains data to be encrypted
  • the first generating unit 702 is configured to generate a first key corresponding to the read permission and a second key corresponding to the write permission;
  • the encryption unit 703 is configured to use the first key to encrypt the data to obtain a ciphertext
  • the signature unit 704 is configured to use the second key to sign the ciphertext
  • the uploading unit 705 is configured to upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • the first generating unit 702. The first key used to generate the symmetric key and the second key of the asymmetric key.
  • FIG. 8 is another schematic block diagram of the block chain data encryption device provided by an embodiment of the application. As shown in FIG. 8, in this embodiment, the block chain data encryption device 700 further includes:
  • the second generating unit 706 is configured to use the second key as a private key to generate a first public key
  • the second obtaining unit 707 is configured to obtain the current timestamp
  • the signature unit 704 is configured to use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
  • the uploading unit 705 is configured to upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code after passing Store the ciphertext in the blockchain.
  • the block chain data encryption device 700 further includes:
  • the sending unit 708 is configured to send an authorization key to a node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, wherein the authorization key includes the first A key, the second key, or the first key and the second key.
  • the block chain data encryption device 700 further includes:
  • the exchange unit 709 is configured to send the first key through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted;
  • the switching unit 709 includes:
  • the obtaining subunit 7091 is used to obtain the second public key sent by the node in the blockchain;
  • An exchange subunit 7092 configured to perform key exchange using the second key and the second public key to obtain a third key of the symmetric key
  • An encryption subunit 7093 configured to use the third key to encrypt the first key to obtain an encrypted first key
  • the sending subunit 7094 is configured to send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
  • the exchange subunit 7092 is configured to perform ECDH using the second key and the second public key to obtain the third key of the symmetric key.
  • the division and connection of the various units in the above-mentioned blockchain data encryption device are only used for illustration.
  • the blockchain data encryption device can be divided into different units as needed, or the block Each unit in the chain data encryption device adopts different connection sequences and methods to complete all or part of the functions of the block chain data encryption device.
  • the above-mentioned block chain data encryption device may be implemented in a form of computer-readable instructions, and the computer-readable instructions may run on the computer device as shown in FIG. 9.
  • the computer device 900 may be a computer device such as a desktop computer or a server, or may be a component or component in other devices.
  • the computer device 900 includes a processor 902, a memory, and a network interface 905 connected through a system bus 901, where the memory may include a non-volatile storage medium 903 and an internal memory 904.
  • the non-volatile storage medium 903 can store an operating system 9031 and computer-readable instructions 9032.
  • the computer-readable instruction 9032 When executed, it can cause the processor 902 to execute one of the aforementioned blockchain data encryption methods.
  • the processor 902 is used to provide calculation and control capabilities to support the operation of the entire computer device 900.
  • the internal memory 904 provides an environment for the operation of the computer-readable instructions 9032 in the non-volatile storage medium 903.
  • the processor 902 can execute the above-mentioned blockchain data. Encryption method.
  • the network interface 905 is used for network communication with other devices.
  • the structure shown in FIG. 9 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 900 to which the solution of the present application is applied.
  • the specific computer device 900 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
  • the computer device may only include a memory and a processor. In such embodiments, the structures and functions of the memory and the processor are consistent with the embodiment shown in FIG. 9 and will not be repeated here.
  • the processor 902 is configured to run computer-readable instructions 9032 stored in the memory to implement the following steps: obtain the data to be encrypted; generate a first key corresponding to the read permission and a second key corresponding to the write permission; Use the first key to encrypt the data to obtain a cipher text; use the second key to sign the cipher text; upload the signed cipher text to the blockchain so that the blockchain can After the ciphertext is verified and signed, the ciphertext is stored in the blockchain.
  • the processor 902 specifically implements the following steps when implementing the steps of generating the first key corresponding to the read permission and the second key corresponding to the write permission:
  • the first key of the symmetric key and the second key of the asymmetric key are generated.
  • the processor 902 further implements the following steps before implementing the step of signing the ciphertext using the second key:
  • the processor 902 implements the step of using the second key to sign the ciphertext, it specifically implements the following steps:
  • the processor 902 implements the step of uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext, it specifically implements The following steps:
  • the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
  • the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
  • the first key is sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted.
  • step of sending the first key through a key exchange algorithm so that the nodes in the blockchain can view the data to be encrypted the following specifically implements step:
  • the processor 902 when the processor 902 implements the step of using the second key and the second public key to perform key exchange to obtain the third key of the symmetric key, the processor 902 specifically implements the following steps :
  • the processor 902 may be a central processing unit (Central Processing Unit, CPU), and the processor 902 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes the following steps:
  • the present application also provides a computer-readable instruction product, which when running on a computer, causes the computer to execute the steps of the blockchain data encryption method described in the above embodiments.
  • the computer-readable storage medium may be an internal storage unit of the aforementioned device, such as a hard disk or memory of the device.
  • the computer-readable storage medium may also be an external storage device of the device, such as a plug-in hard disk equipped on the device, a Smart Media Card (SMC), or a Secure Digital (SD) card. , Flash Card, etc.
  • the computer-readable storage medium may also include both an internal storage unit of the device and an external storage device.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • ROM read only memory
  • PROM programmable ROM
  • EPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
  • the disclosed device and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of each unit is only a logical function division, and there may be other division methods in actual implementation.
  • multiple units or components can be combined or integrated into another system, or some features can be omitted or not implemented.
  • the steps in the method of the embodiment of the present application can be adjusted, merged, and deleted in order according to actual needs.
  • the units in the devices in the embodiments of the present application may be combined, divided, and deleted according to actual needs.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a storage medium.
  • the technical solution of this application is essentially or the part that contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium It includes several instructions to make an electronic device (which may be a personal computer, a terminal, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided in embodiments of the present invention are a method and device for encrypting blockchain data, a computer apparatus, and a computer readable storage medium. In an embodiment of the present invention, the method for encrypting blockchain data comprises: acquiring data to be encrypted; generating a first key corresponding to a read permission and a second key corresponding to a write permission; using the first key to encrypt the data to obtain a ciphertext; using the second key to affix a signature on the ciphertext; and uploading the signed ciphertext to a blockchain, and storing the ciphertext in the blockchain after the ciphertext has passed authentication performed by the blockchain. The invention realizes separate control on a read permission and a write permission with respect to encrypted data in a blockchain, such that an authorizing party can flexibly select a permission with respect to encrypted data to be granted to an authorized party, thereby enhancing the efficiency of managing encrypted data in a blockchain.

Description

区块链数据加密方法、装置、计算机设备及存储介质Block chain data encryption method, device, computer equipment and storage medium
本申请要求于2019年3月14日提交中国专利局、申请号为201910192718.8、发明名称为“区块链数据加密方法、装置、计算机设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office, the application number is 201910192718.8, and the invention title is "Blockchain data encryption method, device, computer equipment and storage medium" on March 14, 2019, and its entire content Incorporated in this application by reference.
技术领域Technical field
本申请涉及区块链加密技术领域,尤其涉及一种区块链数据加密方法、装置、计算机设备及计算机可读存储介质。This application relates to the field of blockchain encryption technology, and in particular to a blockchain data encryption method, device, computer equipment, and computer-readable storage medium.
背景技术Background technique
区块链网络能够实现行业之间的信息共享,但各个大公司视数据为生命,不愿意共享数据,为此,所有上传区块链的敏感数据都必须是加密的,由此才能解决大公司对数据共享的顾虑,也不至于让数据共享变成数据福利。但是传统技术中对加密数据授权方式,是采用密钥进行加密的,一旦加密数据授权给任一被授权方,被授权方即拥有对数据的全部权限,但是在实际商业需求中,这种方式降低了对区块链上数据的管理效率。The blockchain network can realize information sharing between industries, but large companies regard data as life and are unwilling to share data. For this reason, all sensitive data uploaded to the blockchain must be encrypted to solve the problem of large companies Concerns about data sharing will not make data sharing a data welfare. However, in the traditional technology, the encrypted data authorization method is encrypted by using a key. Once the encrypted data is authorized to any authorized party, the authorized party has all rights to the data. However, in actual business needs, this method Reduce the efficiency of data management on the blockchain.
发明概述Summary of the invention
技术问题technical problem
本申请实施例提供了一种区块链数据加密方法、装置、计算机设备及计算机可读存储介质,能够解决传统技术中对区块链上数据管理效率不高的问题。The embodiments of the present application provide a blockchain data encryption method, device, computer equipment, and computer-readable storage medium, which can solve the problem of low efficiency of data management on the blockchain in the traditional technology.
问题的解决方案The solution to the problem
技术解决方案Technical solutions
第一方面,本申请实施例提供了一种区块链数据加密方法,所述方法包括:获取待加密数据;生成对应读权限的第一密钥和对应写权限的第二密钥;使用所述第一密钥对所述数据进行加密得到密文;使用所述第二密钥对所述密文进行签名;将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。In the first aspect, an embodiment of the present application provides a blockchain data encryption method, the method includes: obtaining data to be encrypted; generating a first key corresponding to a read permission and a second key corresponding to a write permission; The first key encrypts the data to obtain a ciphertext; uses the second key to sign the ciphertext; uploads the signed ciphertext to the blockchain so that the blockchain can verify the ciphertext Store the ciphertext in the blockchain after the document verification is passed.
第二方面,本申请实施例还提供了一种区块链数据加密装置,包括:第一获取 单元,用于获取待加密数据;第一生成单元,用于生成对应读权限的第一密钥和对应写权限的第二密钥;加密单元,用于使用所述第一密钥对所述数据进行加密得到密文;签名单元,用于使用所述第二密钥对所述密文进行签名;上传单元,用于将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。In a second aspect, an embodiment of the present application also provides a block chain data encryption device, including: a first obtaining unit for obtaining data to be encrypted; a first generating unit for generating a first key corresponding to the read permission And a second key corresponding to the write authority; an encryption unit, used to encrypt the data using the first key to obtain a ciphertext; a signature unit, used to perform an encryption on the ciphertext using the second key Signature; upload unit for uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext.
第三方面,本申请实施例还提供了一种计算机设备,其包括存储器及处理器,所述存储器上存储有计算机可读指令,所述处理器执行所述计算机可读指令时实现所述区块链数据加密方法。In a third aspect, an embodiment of the present application also provides a computer device, which includes a memory and a processor, the memory stores computer-readable instructions, and the processor implements the area when the computer-readable instructions are executed. Block chain data encryption method.
第四方面,本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时使所述处理器执行所述区块链数据加密方法。In a fourth aspect, an embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes The block chain data encryption method.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征、目的和优点将从说明书、附图以及权利要求书变得明显。The details of one or more embodiments of the application are set forth in the following drawings and description. Other features, purposes and advantages of this application will become apparent from the description, drawings and claims.
发明的有益效果The beneficial effects of the invention
对附图的简要说明Brief description of the drawings
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only of the present application. For some embodiments, for those of ordinary skill in the art, other drawings can be obtained from these drawings without creative labor.
图1为本申请实施例提供的区块链数据加密方法的应用场景示意图;Figure 1 is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application;
图2为本申请实施例提供的区块链数据加密方法的流程示意图;2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application;
图3为本申请实施例提供的区块链数据加密方法的加密流程交互示意图;3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application;
图4为本申请实施例提供的区块链数据加密方法的数字签名流程交互示意图;4 is a schematic diagram of digital signature flow interaction of the blockchain data encryption method provided by an embodiment of the application;
图5为本申请实施例提供的区块链数据加密方法的另一个流程示意图;FIG. 5 is another flowchart of the blockchain data encryption method provided by an embodiment of the application;
图6为本申请实施例提供的区块链数据加密方法的一个具体实施例的交互示意图;FIG. 6 is an interactive schematic diagram of a specific embodiment of a blockchain data encryption method provided by an embodiment of the application;
图7为本申请实施例提供的区块链数据加密装置的示意性框图;FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application;
图8为本申请实施例提供的区块链数据加密装置的另一个示意性框图;以及FIG. 8 is another schematic block diagram of a block chain data encryption device provided by an embodiment of the application; and
图9为本申请实施例提供的计算机设备的示意性框图。FIG. 9 is a schematic block diagram of a computer device provided by an embodiment of the application.
发明实施例Invention embodiment
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as a specific system structure and technology are proposed for a thorough understanding of the embodiments of the present application. However, it should be clear to those skilled in the art that the present application can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to avoid unnecessary details from obstructing the description of this application.
为了说明本申请所述的技术方案,下面通过具体实施例来进行说明。In order to illustrate the technical solutions described in the present application, specific embodiments are used for description below.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in this specification and the appended claims, the terms "including" and "including" indicate the existence of the described features, wholes, steps, operations, elements and/or components, but do not exclude one or The existence or addition of multiple other features, wholes, steps, operations, elements, components, and/or collections thereof.
还应当理解,在此本申请说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本申请。如在本申请说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should also be understood that the terms used in the specification of this application are only for the purpose of describing specific embodiments and are not intended to limit the application. As used in the specification of this application and the appended claims, unless the context clearly indicates other circumstances, the singular forms "a", "an" and "the" are intended to include plural forms.
还应当进一步理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should be further understood that the term "and/or" used in the specification and appended claims of this application refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations .
请参阅图1,图1为本申请实施例提供的区块链数据加密方法的应用场景示意图。所述应用场景包括:Please refer to FIG. 1, which is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application. The application scenarios include:
(1)区块链及区块链中的多个终端。图1所示的区块链中包含有6个终端,假如终端1上有加密数据需要上传到区块链中,以供区块链中的其它终端共享加密数据,终端1上的数据经通过本申请实施例中的数据加密方法加密后上传到链上,区块链中的其它终端在得到读授权或者写授权等对应授权权限后可以从链上获取加密数据以实现对加密数据的访问,其中需要上传加密数据的终端1执行本申请实施例中的数据加密方法的步骤,所述终端可以为笔记本电脑、平板电脑 ,智能手机或者台式电脑等电子设备。(1) Blockchain and multiple terminals in the blockchain. The blockchain shown in Figure 1 contains 6 terminals. If there are encrypted data on terminal 1 that needs to be uploaded to the blockchain, so that other terminals in the blockchain can share the encrypted data, the data on terminal 1 passes through The data encryption method in the embodiment of this application is encrypted and uploaded to the chain. After obtaining the corresponding authorization authority such as read authorization or write authorization, other terminals in the blockchain can obtain encrypted data from the chain to achieve access to the encrypted data. The terminal 1 that needs to upload encrypted data executes the steps of the data encryption method in the embodiment of the present application. The terminal may be an electronic device such as a notebook computer, a tablet computer, a smart phone, or a desktop computer.
以终端1执行本申请实施例中的区块链加密数据方法和以终端5访问终端1上传区块链中的加密数据为例,图1中的各个主体工作过程如下:获取待加密数据;生成对应读权限的第一密钥和对应写权限的第二密钥;使用所述第一密钥对所述数据进行加密得到密文;使用所述第二密钥对所述密文进行签名;将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。终端5获得终端1提供的第一密钥后,取得对加密数据的读权限,终端5获得终端1提供的第二密钥后,取得对加密数据的写权限,若终端5取得终端1提供的第一密钥和第二密钥,终端5获得加密数据的读权限和写权限以取得全授权。Taking the terminal 1 executing the blockchain encryption data method in the embodiment of the application and the terminal 5 accessing the terminal 1 to upload the encrypted data in the blockchain as an example, the working process of each subject in Fig. 1 is as follows: obtaining the data to be encrypted; generating A first key corresponding to the read permission and a second key corresponding to the write permission; encrypt the data using the first key to obtain a ciphertext; use the second key to sign the ciphertext; Upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext. After the terminal 5 obtains the first key provided by the terminal 1, it obtains the read permission for the encrypted data. After the terminal 5 obtains the second key provided by the terminal 1, it obtains the write permission for the encrypted data. With the first key and the second key, the terminal 5 obtains the read permission and write permission of the encrypted data to obtain full authorization.
需要说明的是,图1中仅仅示意出台式电脑作为终端,在实际操作过程中,终端的类型不限于图1中所示,所述终端还可以为手机、笔记本电脑或者平板电脑等电子设备,上述区块链数据加密方法的应用场景仅仅用于说明本申请技术方案,并不用于限定本申请技术方案,上述连接关系还可以有其他形式。It should be noted that FIG. 1 only shows a desktop computer as a terminal. In actual operation, the type of the terminal is not limited to that shown in FIG. 1. The terminal may also be an electronic device such as a mobile phone, a notebook computer, or a tablet computer. The application scenarios of the above-mentioned blockchain data encryption method are only used to illustrate the technical solutions of this application, and are not used to limit the technical solutions of this application. The above-mentioned connection relationship may also have other forms.
图2为本申请实施例提供的区块链数据加密方法的示意性流程图。该区块链数据加密方法应用于图1中的终端中,以完成区块链数据加密方法的全部或者部分功能。Fig. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application. The blockchain data encryption method is applied to the terminal in FIG. 1 to complete all or part of the functions of the blockchain data encryption method.
请参阅图2,图2是本申请实施例提供的区块链数据加密方法的流程示意图。如图2所示,该方法包括以下步骤S210-S290:Please refer to FIG. 2, which is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the present application. As shown in Figure 2, the method includes the following steps S210-S290:
S210、获取待加密数据;S210. Obtain the data to be encrypted;
S220、生成对应读权限的第一密钥和对应写权限的第二密钥。S220: Generate a first key corresponding to the read permission and a second key corresponding to the write permission.
其中,读权限是指查看或者访问加密数据的权限,写权限是指修改或者删除等对加密数据进行操作的权限。Among them, the read permission refers to the permission to view or access encrypted data, and the write permission refers to the permission to modify or delete the encrypted data.
具体地,为了对待加密数据的读权限和写权限进行分离以实现读权限和写权限的分别授权,在本申请实施例中,分别生成对应读权限的第一密钥和对应写权限的第二密钥,用第一密钥控制现对加密数据的读权限,用第二密钥控制现对加密数据的写权限,从而使用第一密钥获得对所述加密数据进行查看的授权,使用第二密钥获得对所述加密数据修改或者删除等进行操作的授权。区块链中上传加密数据的节点会针对该条待加密数据生成两个密钥,其中,一个密钥为第 一密钥,为读权限密钥,英文为Read Key,另一个密钥为第二密钥,为写权限密钥,英文为WriteKey。Specifically, in order to separate the read permission and the write permission of the encrypted data to realize the separate authorization of the read permission and the write permission, in this embodiment of the application, the first key corresponding to the read permission and the second key corresponding to the write permission are respectively generated. The key, the first key is used to control the read authority of the encrypted data, and the second key is used to control the write authority of the encrypted data, so that the first key is used to obtain authorization to view the encrypted data. The second key obtains authorization to modify or delete the encrypted data. The node that uploads the encrypted data in the blockchain will generate two keys for the data to be encrypted. One key is the first key, which is the read permission key, the English is Read Key, and the other is the first key. The second key is the write authority key, and the English is WriteKey.
进一步地,所述生成对应读权限的第一密钥和对应写权限的第二密钥的步骤包括:Further, the step of generating the first key corresponding to the read permission and the second key corresponding to the write permission includes:
生成对称密钥的所述第一密钥和非对称密钥的所述第二密钥。The first key of the symmetric key and the second key of the asymmetric key are generated.
其中,对称密钥是指采用了对称密码编码技术,采用文件加密和解密使用相同的密钥。由于对称加密算法使用起来简单快捷,密钥较短,且破译困难,因此对应读权限使用对称密钥。Among them, the symmetric key refers to the use of symmetric cryptographic encoding technology, and the use of the same key for file encryption and decryption. Since the symmetric encryption algorithm is simple and quick to use, the key is short, and it is difficult to decipher, the symmetric key is used for the corresponding read permission.
非对称密钥是指加密算法需要两个密钥,其中一个公开密钥,英文为Publickey,另一个为私有密钥,英文为Privatekey。公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密;如果用私有密钥对数据进行加密,那么只有用对应的公开密钥才能解密。因为加密和解密使用的是两个不同的密钥,所以这种密钥叫作非对称加密密钥。由于非对称加密的典型应用是数字签名,因此对应写权限的第二密钥采用非对称密钥。An asymmetric key means that the encryption algorithm requires two keys, one of which is a public key, English is Publickey, the other is a private key, and English is Privatekey. The public key and the private key are a pair. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt; if the private key is used to encrypt the data, only the corresponding public key can be used Decrypt. Because encryption and decryption use two different keys, this key is called an asymmetric encryption key. Since the typical application of asymmetric encryption is a digital signature, the second key corresponding to the write permission uses an asymmetric key.
具体地,区块链中上传加密数据的节点会针对该条待加密数据生成两个密钥,其中一个密钥为第一密钥,为读权限密钥,英文为Read Key,采取对称密钥,另一个密钥为第二密钥,为写权限密钥,英文为WriteKey,采取非对称密钥。Specifically, the node uploading the encrypted data in the blockchain will generate two keys for the data to be encrypted, one of which is the first key, which is the read authority key, and the English is Read Key, which adopts the symmetric key. , The other key is the second key, which is the write authority key, and the English is WriteKey, which is an asymmetric key.
S230、使用所述第一密钥对所述数据进行加密得到密文。S230: Use the first key to encrypt the data to obtain a ciphertext.
其中,加密涉及公钥和私钥的概念。公钥和私钥相当于钥匙和锁,锁可以用来锁住东西,钥匙可以用来打开对应的锁,一把钥匙只能开一把锁,当然钥匙和锁都可以复制。加密相当于我自己生成一把锁和一把钥匙,然后把锁发给你,你用我的锁把想发给我的东西锁上再发给我,我收到之后用钥匙打开锁。天下人都能拿到我的锁,但只有我有这把锁的钥匙。钥匙相当于私钥,锁相当于公钥。数字加密涉及三个过程,具体地,请参阅图3,图3为本申请实施例提供的区块链数据加密方法的加密流程交互示意图。如图3所示,所述过程如下:Among them, encryption involves the concept of public key and private key. Public and private keys are equivalent to keys and locks. Locks can be used to lock things, and keys can be used to open corresponding locks. One key can only open one lock. Of course, both keys and locks can be copied. Encryption is equivalent to generating a lock and a key by myself, and then sending the lock to you. You use my lock to lock what you want to send to me and then send it to me. After I receive it, I open the lock with the key. Everyone in the world can get my lock, but only I have the key to this lock. The key is equivalent to the private key, and the lock is equivalent to the public key. Digital encryption involves three processes. Specifically, please refer to FIG. 3. FIG. 3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application. As shown in Figure 3, the process is as follows:
1)第一主体生成一对公钥和私钥,并将公钥发给第二主体;1) The first subject generates a pair of public key and private key, and sends the public key to the second subject;
2)第二主体使用公钥对数据进行加密,加密过程为:公钥+明文->密文,第二主体将密文发送至第一主体;2) The second subject uses the public key to encrypt the data, the encryption process is: public key + plaintext -> ciphertext, and the second subject sends the ciphertext to the first subject;
3)第一主体接收到密文后,使用自己保存的私钥进行解密,解密过程为:私钥+密文->明文,从而获得加密数据。3) After the first subject receives the ciphertext, it uses its own private key to decrypt, and the decryption process is: private key+ciphertext->plaintext, thereby obtaining encrypted data.
具体地,在本申请实施例中,区块链中的节点使用所述第一密钥对所述数据进行加密得到密文。Specifically, in the embodiment of the present application, the node in the blockchain uses the first key to encrypt the data to obtain the ciphertext.
S240、使用所述第二密钥对所述密文进行签名。S240. Use the second key to sign the ciphertext.
其中,签名和加密是两个不同的概念,又都涉及公钥和私钥的概念。公钥和私钥相当于钥匙和锁,锁可以用来锁住东西,钥匙可以用来打开对应的锁,一把钥匙只能开一把锁,当然钥匙和锁都可以复制。签名相当于我自己生成一把锁和一把钥匙,然后把我想发布的内容用我的锁锁起来形成一个签名,把内容和签名一起发布,并且告诉大家我的钥匙是什么。人们可以拿到钥匙来打开签名里的内容来验证是不是跟发布的内容一致。天下人都能拿到钥匙来验证签名与内容的一致性,但只有我有签名的锁。这个例子中,钥匙相当于公钥,锁相当于私钥。请参阅图4,图4为本申请实施例提供的区块链数据加密方法的数字签名流程交互示意图,数字签名涉及四三个过程:Among them, signature and encryption are two different concepts, and both involve the concepts of public key and private key. Public and private keys are equivalent to keys and locks. Locks can be used to lock things, and keys can be used to open corresponding locks. One key can only open one lock. Of course, both keys and locks can be copied. Signing is equivalent to generating a lock and a key by myself, then locking the content I want to publish with my lock to form a signature, publishing the content and signature together, and telling everyone what my key is. People can get the key to open the content in the signature to verify that it is consistent with the published content. Everyone in the world can get the key to verify the consistency between the signature and the content, but only I have the signature lock. In this example, the key is equivalent to the public key, and the lock is equivalent to the private key. Please refer to Figure 4. Figure 4 is a schematic diagram of the digital signature process interaction of the blockchain data encryption method provided by an embodiment of the application. The digital signature involves four or three processes:
1)第一主体生成一对公钥和私钥;1) The first subject generates a pair of public key and private key;
2)第一主体使用私钥对待加密数据进行签名,签名过程为:私钥+内容->签名;2) The first subject uses the private key to sign the encrypted data, and the signing process is: private key + content -> signature;
3)第一主体将加密数据和签名一起发布,并公布公钥;3) The first subject publishes the encrypted data and signature together, and publishes the public key;
4)第二主体使用公布的公钥对签名进行验证,验证过程为:公钥+签名+内容->内容有没有改变,从而判断第一主体发布的加密数据是否发生改变或者被篡改。4) The second subject uses the published public key to verify the signature. The verification process is: public key + signature + content -> whether the content has changed, so as to determine whether the encrypted data published by the first subject has changed or has been tampered with.
具体地,在本申请实施例中,区块链中的节点使用使用所述第二密钥对所述密文进行签名以得到签名码。Specifically, in the embodiment of the present application, the node in the blockchain uses the second key to sign the ciphertext to obtain a signature code.
进一步地,所述使用所述第二密钥对所述密文进行签名的步骤之前,还包括:Further, before the step of using the second key to sign the ciphertext, the method further includes:
使用所述第二密钥作为私钥生成第一公钥;Generating a first public key using the second key as a private key;
获取当前时间戳;Get the current timestamp;
所述使用所述第二密钥对所述密文进行签名的步骤包括:The step of using the second key to sign the ciphertext includes:
使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名 码;Use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤包括:The step of uploading the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and storing the ciphertext in the blockchain includes:
将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。Upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code and stores the ciphertext in the district Block chain.
具体地,区块链中的节点往区块链中新增数据时,由于此时区块链上没有当前数据,需要往区块链上添加数据,在本申请实施例中称为区块链二级节点,此时按照如下步骤进行:Specifically, when a node in the block chain adds data to the block chain, since there is no current data on the block chain at this time, data needs to be added to the block chain, which is referred to as the second block chain in the embodiment of the application. At this time, follow the steps below:
1)区块链二级节点会针对该条数据生成两个密码学安全的密钥,第一密钥为读权限密钥,英文为Read Key,第二密钥为写权限密钥,英文为WriteKey。1) The blockchain secondary node will generate two cryptographically secure keys for this piece of data. The first key is the read authority key, the English is Read Key, and the second key is the write authority key, and the English is WriteKey.
2)然后使用ReadKey对数据进行加密得到密文EncyptData,然后使用WriteKey作为私钥生成其对应的公钥Public Key;并得到当前时间戳TimeStamp;同时使用当前二级节点自身的私钥WriteKey,对EncyptData+PublicKey+TimeStamp进行签名,得到签名码S。2) Then use ReadKey to encrypt the data to get the ciphertext EncyptData, and then use WriteKey as the private key to generate its corresponding public key Public Key; and get the current timestamp TimeStamp; at the same time, use the current secondary node's own private key WriteKey, to EncyptData +PublicKey+TimeStamp to sign, get signature code S.
3)将EncyptData+PublicKey+S发送给区块链,区块链接收到EncyptData+PublicKey+S后,会使用公钥PublicKey对签名码S进行验签,若验签通过,将所述EncyptData+PublicKey+S存储至区块链的各个节点中,也就是将加密数据进行上链。3) Send EncyptData+PublicKey+S to the blockchain. After the block link receives EncyptData+PublicKey+S, it will use the public key PublicKey to verify the signature code S. If the verification passes, the EncyptData+PublicKey +S is stored in each node of the blockchain, that is, the encrypted data is uploaded to the chain.
S250、将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。S250. Upload the signed ciphertext to the blockchain, so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
具体地,对所述密文使用所述写权限密钥进行签名,并将所述密文发送至区块链,以使不同主体根据获取的密钥取得所述数据的对应权限。具体地,区块链节点将所述待加密数据进行如下处理:Specifically, the ciphertext is signed using the write authority key, and the ciphertext is sent to the blockchain, so that different subjects obtain the corresponding authority of the data according to the obtained key. Specifically, the blockchain node processes the data to be encrypted as follows:
区块链的节点对加密数据进行加密的过程如下:The process for nodes of the blockchain to encrypt encrypted data is as follows:
1)区块链二级节点会针对该条数据生成两个密码学安全的密钥,第一密钥为读权限密钥,英文为Read Key,第二密钥为写权限密钥,英文为WriteKey。1) The blockchain secondary node will generate two cryptographically secure keys for this piece of data. The first key is the read authority key, the English is Read Key, and the second key is the write authority key, and the English is WriteKey.
2)然后使用ReadKey对数据进行加密得到密文EncyptData,然后使用WriteKey作为私钥生成其对应的公钥Public Key;并得到当前时间戳TimeStamp;同时使用 当前二级节点自身的私钥WriteKey,对EncyptData+PublicKey+TimeStamp进行签名,得到签名码S。2) Then use ReadKey to encrypt the data to get the ciphertext EncyptData, and then use WriteKey as the private key to generate its corresponding public key Public Key; and get the current timestamp TimeStamp; at the same time, use the current secondary node's own private key WriteKey, to EncyptData +PublicKey+TimeStamp to sign, get signature code S.
3)将EncyptData+PublicKey+S发送给区块链。3) Send EncyptData+PublicKey+S to the blockchain.
区块链接收到区块链二级节点发送过来的加密数据EncyptData+PublicKey+S后,对所述加密数据进行验签,区块链上验签的的检测过程如下:After the block link receives the encrypted data EncyptData+PublicKey+S sent by the secondary node of the blockchain, it verifies the encrypted data. The verification process on the blockchain is as follows:
1)验证发送上来的时间戳TimeStamp为当前时间,防止重放攻击;1) Verify that the sent time stamp TimeStamp is the current time to prevent replay attacks;
2)区块链上会获取到发送数据的区块链二级节点的公钥PublicKey,对数据中的S码进行验签,验签通过,则同意数据存储。2) The public key PublicKey of the secondary node of the blockchain sending the data will be obtained on the blockchain, and the S code in the data will be verified. If the verification is passed, the data storage is agreed.
请参阅图5,图5为本申请实施例提供的区块链数据加密方法的另一个流程示意图。如图5所示,在该实施例中,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还包括:Please refer to FIG. 5. FIG. 5 is another flowchart of a blockchain data encryption method provided by an embodiment of the application. As shown in FIG. 5, in this embodiment, the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext. After the steps, it also includes:
S260、发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述第一密钥、所述第二密钥或者所述第一密钥及第二密钥。S260. Send an authorization key to a node in the blockchain so that the node uses the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, The second key or the first key and the second key.
具体地,在本申请实施例中,由于采取了读写权限分离的加密数据授权方式,授权方,也就是对数据进行加密的一方,授权方在对数据加密的时候,使用了两个密钥,第一个密钥为对称密钥,用于对数据加密,第二个密钥为非对称密钥,用于对加密的结果进行签名,在授权的过程中,如果仅授权给被授权方第一个密钥,则被授权方仅有查看数据的权限,而如果授权对方第二个密钥,则被授权方拥有了修改数据和删除数据的权限;同时,该方法也支持将读密钥和写密钥同时授权给被授权方,则被授权方同时拥有了读权限和写权限,这样的方式被称为全授权。被授权方根据获得的授权,对加密数据进行对应的操作,可以分为以下几种:Specifically, in this embodiment of the application, since the encrypted data authorization method with separation of read and write permissions is adopted, the authorizing party, that is, the party encrypting the data, uses two keys when encrypting the data. , The first key is a symmetric key, which is used to encrypt data, and the second key is an asymmetric key, which is used to sign the encrypted result. In the authorization process, if only authorized to the authorized party The first key, the authorized party only has the right to view the data, and if the second key is authorized, the authorized party has the right to modify and delete data; at the same time, this method also supports reading the secret The key and the write key are authorized to the authorized party at the same time, and the authorized party has both the read permission and the write permission. This method is called full authorization. The authorized party performs corresponding operations on encrypted data according to the obtained authorization, which can be divided into the following types:
(1)被授权方获得了读权限的第一密钥。(1) The authorized party obtains the first key of the read permission.
具体地,假如被授权方获得了第一密钥,也就是读取方已被授权ReadKey,被授权方访问加密数据的过程如下:Specifically, if the authorized party obtains the first key, that is, the reader has been authorized to ReadKey, the process of the authorized party to access encrypted data is as follows:
1)数据读取方从区块链直接查询,查询英文为Query,获取数据EncyptData;1) The data reader directly queries from the blockchain, and the query is Query in English to obtain the data EncyptData;
2)数据读取方的二级节点利用ReadKey解密EncyptData,得到原始数据。2) The secondary node of the data reader uses ReadKey to decrypt EncyptData to obtain the original data.
(2)被授权方获得了读权限的第一密钥和写权限的第二密钥。(2) The authorized party obtains the first key of read permission and the second key of write permission.
具体地,由于被授权方获得了写权限的第二密钥,被授权方拥有了修改数据的权限,也就是被授权方可以修改数据,假设操作方已被授权ReadKey和WriteKey,此时,按照如下步骤进行:Specifically, since the authorized party has obtained the second key of the write authority, the authorized party has the authority to modify the data, that is, the authorized party can modify the data. Assuming that the operator has been authorized for ReadKey and WriteKey, at this time, follow Proceed as follows:
1)操作方使用ReadKey对修改后的数据进行加密,得到加密数据EncyptData2;操作方使用WriteKey作为私钥,对新的EncyptData2+TimeStamp2进行签名,得到签名码S2;操作方将EncyptData2+TimeStamp2+S2发送到区块链上。1) The operator uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2; the operator uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2; the operator sends EncyptData2+TimeStamp2+S2 To the blockchain.
2)区块链上的检测:2) Detection on the blockchain:
①验证被授权方发送上来的时间戳TimeStamp2为当前时间,防止重放攻击;① Verify that the timestamp TimeStamp2 sent by the authorized party is the current time to prevent replay attacks;
②区块链上会获取原始数据的PublicKey,并使用该PublicKey对当前上链数据的S2进行验签,如果验签通过,则允许修改数据,如果验签失败,拒绝修改数据,该次操作失败。②The PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the S2 of the current data on the chain. If the verification is passed, the data is allowed to be modified. If the verification fails, the modification of the data is refused, and the operation fails. .
(3)被授权方获得了写权限的第二密钥。(3) The authorized party obtains the second key of the write authority.
删除数据:假设操作方已被授权WriteKey;此时,按照如下步骤进行:Delete data: Assume that the operator has been authorized to WriteKey; at this time, follow the steps below:
1)操作方使用WriteKey作为私钥,对新的EncyptData3进行签名,对TimeStamp3进行签名,得到签名码S3;操作方将TimeStamp3+S3发送到区块链上。1) The operator uses WriteKey as the private key to sign the new EncyptData3 and TimeStamp3 to obtain the signature code S3; the operator sends TimeStamp3+S3 to the blockchain.
2)区块链上的检测:2) Detection on the blockchain:
①验证被授权方发送上来的时间戳TimeStamp3为当前时间,防止重放攻击;①Verify that the timestamp TimeStamp3 sent by the authorized party is the current time to prevent replay attacks;
②区块链上会获取原始数据的PublicKey,并使用该PublicKey对当前上链数据的S3进行验签,如果验签通过,则允许删除数据,如果验签失败,拒绝删除数据,该次操作失败。②The PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the current S3 of the data on the chain. If the verification is passed, the data is allowed to be deleted. If the verification fails, the data is refused to be deleted, and the operation fails. .
请参阅图5,如图5所示,在该实施例中,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还包括:Please refer to FIG. 5, as shown in FIG. 5, in this embodiment, the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored after the blockchain passes the verification of the ciphertext After the steps to the blockchain, it also includes:
S270、通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看。S270: Send the first key through a key exchange algorithm, so that nodes in the blockchain can view the data to be encrypted.
所述通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看的步骤包括:The step of sending the first key through a key exchange algorithm to enable nodes in the blockchain to view the data to be encrypted includes:
获取区块链中的节点发送的第二公钥;Obtain the second public key sent by the node in the blockchain;
使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;Use the second key and the second public key to perform key exchange to obtain a third key of the symmetric key;
使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;Encrypting the first key using the third key to obtain the encrypted first key;
发送所述加密第一密钥至区块链以使所述节点使用所述第二公钥对应的私钥解密出所述第一密钥。Send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
其中,所述使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥,是指使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥。Wherein, the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key.
具体地,本申请实施例中,还可以通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看,比如,在实施穿透式监管时,可以使监管单位通过密钥交换算法获得所述第一密钥对加密数据进行查看,也就是本申请实施例可同时支持穿透式监管,其中,穿透式监管是指采取密钥协商算法使上传数据的单位和监管单位通过区块链安全的交换信息并且第三方不能获取到该信息。其中,密钥协商算法包括ECDH和ECDHE等。其中,ECDH是基于ECC(Elliptic Curve Cryptosystems,椭圆曲线密码体制)的DH(Diffie-Hellman)密钥交换算法,交换双方可以在不共享任何秘密的情况下协商出一个密钥。ECC算法和DH结合使用,用于密钥磋商,这个密钥交换算法称为ECDH。Diffie-Hellman算法,简称DH算法,是一种密钥一致性算法,该算法是一种建立密钥的方法,并非加密方法,但其产生的密钥可用于加密、密钥管理或任何其它的加密方式,这种密钥交换技术的目的在于使两个用户间能安全地交换密钥(KEY)以便用于今后的报文加密。Specifically, in the embodiment of the present application, the first key may also be sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted, for example, when implementing penetrating supervision, The supervising unit can obtain the first key through the key exchange algorithm to view the encrypted data, that is, the embodiment of the present application can support transparent supervision at the same time, where the transparent supervision refers to adopting the key agreement algorithm to The data uploading unit and the supervisory unit exchange information securely through the blockchain and the third party cannot obtain the information. Among them, the key agreement algorithm includes ECDH and ECDHE. Among them, ECDH is a DH (Diffie-Hellman) key exchange algorithm based on ECC (Elliptic Curve Cryptosystems, elliptic curve cryptosystems), and both parties can negotiate a key without sharing any secrets. The ECC algorithm is used in conjunction with DH for key negotiation. This key exchange algorithm is called ECDH. Diffie-Hellman algorithm, referred to as DH algorithm, is a key agreement algorithm. The algorithm is a method of establishing a key, not an encryption method, but the generated key can be used for encryption, key management or any other Encryption method. The purpose of this key exchange technology is to enable two users to exchange keys (KEY) securely for future message encryption.
本申请实施例可以使区块链中的监管单位节点通过密钥交换算法获得读权限密钥对所述待加密数据进行查看。通过密钥交换算法以使区块链中的监管单位节点对所述待加密数据进行查看时,区块链中上传数据的节点获取区块链中的监管节点发送的第二公钥,使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥,使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥,然后发送所述加密第一密钥至区块链以使区块链中的监管节点使用所述第二公钥对应的私钥解密出所述第一密钥以查看区块链中的加密数据。其中 ,所述使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥,是指使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥。比如,若读权限的第一密钥为ReadKey,写权限的第二密钥为WriteKey,区块链中上传数据的节点使用WriteKey和监管提供的公钥SupervisePubKey(监管公钥)进行ECDH,得到双方同时拥有的对称密钥SymKey(对称密钥),然后使用SymKey对ReadKey进行加密,并附在数据的最后,当新增数据的时候,将该加密的ReadKey一并发送到区块链上,由此,监管节点可以使用自己的私钥解出ReadKey查看加密数据的内容。In the embodiment of the application, the supervisory unit node in the blockchain can obtain the read permission key through the key exchange algorithm to view the data to be encrypted. When a key exchange algorithm is used to enable the supervisory unit node in the blockchain to view the data to be encrypted, the node uploading the data in the blockchain obtains the second public key sent by the supervisory node in the blockchain, and uses all The second key and the second public key are exchanged to obtain the third key of the symmetric key, and the first key is encrypted using the third key to obtain the encrypted first key, and then Send the encrypted first key to the blockchain so that the supervisory node in the blockchain uses the private key corresponding to the second public key to decrypt the first key to view the encrypted data in the blockchain. Wherein, the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key. For example, if the first key of the read permission is ReadKey and the second key of the write permission is WriteKey, the node uploading data in the blockchain uses WriteKey and the public key SupervisePubKey (supervised public key) provided by the supervision to perform ECDH, and obtain both parties At the same time have the symmetric key SymKey (symmetric key), and then use SymKey to encrypt the ReadKey and attach it to the end of the data. When adding data, the encrypted ReadKey is sent to the blockchain together. Therefore, the supervisory node can use its own private key to solve the ReadKey to view the content of the encrypted data.
请参阅图6,图6为本申请实施例提供的区块链数据加密方法的一个具体实施例的交互示意图,如图6所示,本申请实施例提供的区块链数据加密方法的过程如下:Please refer to FIG. 6. FIG. 6 is an interactive schematic diagram of a specific embodiment of the blockchain data encryption method provided by the embodiment of the application. As shown in FIG. 6, the process of the blockchain data encryption method provided by the embodiment of the application is as follows :
1)区块链中授权方节点获取需要加密的数据;1) The authorized party node in the blockchain obtains the data that needs to be encrypted;
2)区块链中授权方节点生成读权限密钥Read Key和写权限密钥WriteKey;2) The authorized party node in the blockchain generates the read key Read Key and the write key WriteKey;
3)区块链中授权方节点使用所述ReadKey对所述数据进行加密,获取密文EncyptData;3) The authorized party node in the blockchain uses the ReadKey to encrypt the data to obtain the ciphertext EncyptData;
4)区块链中授权方节点使用WriteKey作为私钥,生成对应的公钥PublicKey;4) The authorizing party node in the blockchain uses WriteKey as the private key to generate the corresponding public key PublicKey;
5)区块链中授权方节点获取当前时间戳TimeStamp;5) The authorized party node in the blockchain obtains the current timestamp TimeStamp;
6)区块链中授权方节点使用当前私钥WriteKey,对EncyptData+PublicKey+TimeStamp进行签名,得到签名码S;6) The authorized party node in the blockchain uses the current private key WriteKey to sign EncyptData+PublicKey+TimeStamp to obtain the signature code S;
7)区块链中授权方节点发送EncyptData+PublicKey+S至区块链;7) The authorized party node in the blockchain sends EncyptData+PublicKey+S to the blockchain;
8)区块链验证发送上来的时间戳TimeStamp为当前时间,防止重放攻击;8) The blockchain verifies that the sent time stamp TimeStamp is the current time to prevent replay attacks;
9)区块链获取公钥PublicKey,对数据中的S码进行验签,验签通过,则同意数据存储;9) The blockchain obtains the public key PublicKey, and verifies the S code in the data. If the verification is passed, the data storage is agreed;
10)区块链中授权方节点发送授权ReadKey;10) The authorized party node in the blockchain sends the authorized ReadKey;
11)区块链中被授权方节点从区块链直接query(query,查询)获取数据EncyptData;11) The authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
12)区块链中被授权方节点利用ReadKey解密EncyptData,得到原始数据;12) The authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data;
13)区块链中授权方节点发送授权ReadKey和WriteKey;13) The authorized party node in the blockchain sends the authorized ReadKey and WriteKey;
14)区块链中被授权方节点从区块链直接query(query,查询)获取数据EncyptData;14) The authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
15)区块链中被授权方节点利用ReadKey解密EncyptData,得到原始数据;15) The authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data;
16)区块链中被授权方节点修改原始数据,使用ReadKey对修改后的数据进行加密,得到加密数据EncyptData2;16) The authorized party node in the blockchain modifies the original data and uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2;
17)区块链中被授权方节点使用WriteKey作为私钥,对新的EncyptData2+TimeStamp2进行签名,得到签名码S2;17) The authorized party node in the blockchain uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2;
18)区块链中被授权方节点将EncyptData2+TimeStamp2+S2发送到区块链上;18) The authorized party node in the blockchain sends EncyptData2+TimeStamp2+S2 to the blockchain;
19)区块链验证发送上来的时间戳TimeStamp2为当前时间,防止重放攻击;19) The blockchain verifies that the time stamp TimeStamp2 sent up is the current time to prevent replay attacks;
20)区块链获取原始数据的PublicKey,使用该PublicKey对当前上链数据的S2进行验签,验签通过,允许修改数据,验签失败,拒绝修改数据,该次操作失败。20) The blockchain obtains the PublicKey of the original data, and uses the PublicKey to verify the S2 of the current data on the chain. After the verification is passed, the data is allowed to be modified, the verification fails, and the data is refused to be modified, and the operation fails.
在大量的业务需求中,需要更细粒度的授权方式,比如,使得被授权用户仅能查看数据,却不能修改和删除数据,为了提高数据的安全性和管理效率,也可以仅使被授权用户删除数据而不查看数据及修改数据等。本申请实施例提供的读写权限分离的加密数据授权方式,在对数据加密的时候,使用了两个密钥,第一个密钥可以为对称密钥,用于对数据加密,第二个密钥可以为非对称密钥,用于对加密的结果进行签名;在授权的过程中,如果仅授权对方第一个密钥,则对方仅有查看数据的权限,而如果授权对方第二个密钥,则对方拥有了修改数据和删除数据的权限;同时,该方法也支持将读写密钥同时授权给对方,则对方同时拥有了读写权限,这样的方式被称为全授权。该方案是对传统加密数据授权方式的重要补充和增强,弥补了传统加密授权方式的不足,该方法使得授权方可以灵活的选择授予对方查看权限、修改权限或者删除权限,是对传统授权方式的一种改进,提高了区块链中节点对加密数据授权的灵活性和对加密数据的管理效率。In a large number of business requirements, more fine-grained authorization methods are required. For example, authorized users can only view data, but cannot modify or delete data. In order to improve data security and management efficiency, only authorized users can be Delete data without viewing data and modifying data, etc. The encrypted data authorization method with separation of read and write permissions provided in the embodiment of this application uses two keys when encrypting data. The first key can be a symmetric key for encrypting data, and the second The key can be an asymmetric key, which is used to sign the encrypted result; in the authorization process, if only the first key is authorized to the other party, the other party only has the right to view the data, and if the other party is authorized the second Key, the other party has the authority to modify and delete data; at the same time, this method also supports to authorize the read and write key to the other party at the same time, so the other party has the read and write authority at the same time. This method is called full authorization. This scheme is an important supplement and enhancement to the traditional encryption data authorization method, and makes up for the shortcomings of the traditional encryption authorization method. This method allows the authorized party to flexibly choose to grant the other party view permissions, modify permissions, or delete permissions. It is a comparison to the traditional authorization method. An improvement that improves the flexibility of nodes in the blockchain to authorize encrypted data and the management efficiency of encrypted data.
需要说明的是,上述各个实施例所述的区块链数据加密方法,可以根据需要将不同实施例中包含的技术特征重新进行组合,以获取组合后的实施方案,但都在本申请要求的保护范围之内。It should be noted that the blockchain data encryption methods described in the above embodiments can recombine the technical features contained in different embodiments as needed to obtain a combined implementation plan, but they are all required by this application. Within the scope of protection.
请参阅图7,图7为本申请实施例提供的区块链数据加密装置的示意性框图。对应于上述区块链数据加密方法,本申请实施例还提供一种区块链数据加密装置 。如图7所示,该区块链数据加密装置包括用于执行上述区块链数据加密方法的单元,该装置可以被配置于服务器等计算机设备中。具体地,请参阅图7,该区块链数据加密装置700包括第一获取单元701、第一生成单元702、加密单元703、签名单元704及上传单元705。Please refer to FIG. 7. FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application. Corresponding to the foregoing blockchain data encryption method, an embodiment of the present application also provides a blockchain data encryption device. As shown in FIG. 7, the block chain data encryption device includes a unit for executing the above block chain data encryption method, and the device can be configured in computer equipment such as a server. Specifically, referring to FIG. 7, the blockchain data encryption device 700 includes a first acquisition unit 701, a first generation unit 702, an encryption unit 703, a signature unit 704 and an upload unit 705.
其中,第一获取单元701,获取待加密数据;Wherein, the first obtaining unit 701 obtains data to be encrypted;
第一生成单元702,用于生成对应读权限的第一密钥和对应写权限的第二密钥;The first generating unit 702 is configured to generate a first key corresponding to the read permission and a second key corresponding to the write permission;
加密单元703,用于使用所述第一密钥对所述数据进行加密得到密文;The encryption unit 703 is configured to use the first key to encrypt the data to obtain a ciphertext;
签名单元704,用于使用所述第二密钥对所述密文进行签名;The signature unit 704 is configured to use the second key to sign the ciphertext;
上传单元705,用于将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。The uploading unit 705 is configured to upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
在一个实施例中,所述第一生成单元702。用于生成对称密钥的所述第一密钥和非对称密钥的所述第二密钥。In an embodiment, the first generating unit 702. The first key used to generate the symmetric key and the second key of the asymmetric key.
请参阅图8,图8为本申请实施例提供的区块链数据加密装置的另一个示意性框图。如图8所示,在该实施例中,所述区块链数据加密装置700还包括:Please refer to FIG. 8. FIG. 8 is another schematic block diagram of the block chain data encryption device provided by an embodiment of the application. As shown in FIG. 8, in this embodiment, the block chain data encryption device 700 further includes:
第二生成单元706,用于使用所述第二密钥作为私钥生成第一公钥;The second generating unit 706 is configured to use the second key as a private key to generate a first public key;
第二获取单元707,用于获取当前时间戳;The second obtaining unit 707 is configured to obtain the current timestamp;
所述签名单元704,用于使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名码;The signature unit 704 is configured to use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
所述上传单元705,用于将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。The uploading unit 705 is configured to upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code after passing Store the ciphertext in the blockchain.
请继续参阅图8,如图8所示,在该实施例中,所述区块链数据加密装置700还包括:Please continue to refer to FIG. 8. As shown in FIG. 8, in this embodiment, the block chain data encryption device 700 further includes:
发送单元708,用于发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述第一密钥、所述第二密钥或者所述第一密钥及第二密钥。The sending unit 708 is configured to send an authorization key to a node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, wherein the authorization key includes the first A key, the second key, or the first key and the second key.
请继续参阅图8,如图8所示,在该实施例中,所述区块链数据加密装置700还 包括:Please continue to refer to FIG. 8. As shown in FIG. 8, in this embodiment, the block chain data encryption device 700 further includes:
交换单元709,用于通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看;The exchange unit 709 is configured to send the first key through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted;
所述交换单元709包括:The switching unit 709 includes:
获取子单元7091,用于获取区块链中的节点发送的第二公钥;The obtaining subunit 7091 is used to obtain the second public key sent by the node in the blockchain;
交换子单元7092,用于使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;An exchange subunit 7092, configured to perform key exchange using the second key and the second public key to obtain a third key of the symmetric key;
加密子单元7093,用于使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;An encryption subunit 7093, configured to use the third key to encrypt the first key to obtain an encrypted first key;
发送子单元7094,用于发送所述加密第一密钥至区块链以使所述节点使用所述第二公钥对应的私钥解密出所述第一密钥。The sending subunit 7094 is configured to send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
在一个实施例中,所述交换子单元7092,用于使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥。In one embodiment, the exchange subunit 7092 is configured to perform ECDH using the second key and the second public key to obtain the third key of the symmetric key.
需要说明的是,所属领域的技术人员可以清楚地了解到,上述区块链数据加密装置和各单元的具体实现过程,可以参考前述方法实施例中的相应描述,为了描述的方便和简洁,在此不再赘述。It should be noted that those skilled in the art can clearly understand that the specific implementation process of the above-mentioned blockchain data encryption device and each unit can refer to the corresponding description in the foregoing method embodiment. For the convenience and brevity of the description, This will not be repeated here.
同时,上述区块链数据加密装置中各个单元的划分和连接方式仅用于举例说明,在其他实施例中,可将区块链数据加密装置按照需要划分为不同的单元,也可将区块链数据加密装置中各单元采取不同的连接顺序和方式,以完成上述区块链数据加密装置的全部或部分功能。At the same time, the division and connection of the various units in the above-mentioned blockchain data encryption device are only used for illustration. In other embodiments, the blockchain data encryption device can be divided into different units as needed, or the block Each unit in the chain data encryption device adopts different connection sequences and methods to complete all or part of the functions of the block chain data encryption device.
上述区块链数据加密装置可以实现为一种计算机可读指令的形式,该计算机可读指令可以在如图9所示的计算机设备上运行。The above-mentioned block chain data encryption device may be implemented in a form of computer-readable instructions, and the computer-readable instructions may run on the computer device as shown in FIG. 9.
请参阅图9,图9是本申请实施例提供的一种计算机设备的示意性框图。该计算机设备900可以是台式机电脑或者服务器等计算机设备,也可以是其他设备中的组件或者部件。Please refer to FIG. 9, which is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 900 may be a computer device such as a desktop computer or a server, or may be a component or component in other devices.
参阅图9,该计算机设备900包括通过系统总线901连接的处理器902、存储器和网络接口905,其中,存储器可以包括非易失性存储介质903和内存储器904。Referring to FIG. 9, the computer device 900 includes a processor 902, a memory, and a network interface 905 connected through a system bus 901, where the memory may include a non-volatile storage medium 903 and an internal memory 904.
该非易失性存储介质903可存储操作系统9031和计算机可读指令9032。该计算 机可读指令9032被执行时,可使得处理器902执行一种上述区块链数据加密方法。The non-volatile storage medium 903 can store an operating system 9031 and computer-readable instructions 9032. When the computer-readable instruction 9032 is executed, it can cause the processor 902 to execute one of the aforementioned blockchain data encryption methods.
该处理器902用于提供计算和控制能力,以支撑整个计算机设备900的运行。The processor 902 is used to provide calculation and control capabilities to support the operation of the entire computer device 900.
该内存储器904为非易失性存储介质903中的计算机可读指令9032的运行提供环境,该计算机可读指令9032被处理器902执行时,可使得处理器902执行一种上述区块链数据加密方法。The internal memory 904 provides an environment for the operation of the computer-readable instructions 9032 in the non-volatile storage medium 903. When the computer-readable instructions 9032 are executed by the processor 902, the processor 902 can execute the above-mentioned blockchain data. Encryption method.
该网络接口905用于与其它设备进行网络通信。本领域技术人员可以理解,图9中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备900的限定,具体的计算机设备900可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。例如,在一些实施例中,计算机设备可以仅包括存储器及处理器,在这样的实施例中,存储器及处理器的结构及功能与图9所示实施例一致,在此不再赘述。The network interface 905 is used for network communication with other devices. Those skilled in the art can understand that the structure shown in FIG. 9 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 900 to which the solution of the present application is applied. The specific computer device 900 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement. For example, in some embodiments, the computer device may only include a memory and a processor. In such embodiments, the structures and functions of the memory and the processor are consistent with the embodiment shown in FIG. 9 and will not be repeated here.
其中,所述处理器902用于运行存储在存储器中的计算机可读指令9032,以实现如下步骤:获取待加密数据;生成对应读权限的第一密钥和对应写权限的第二密钥;使用所述第一密钥对所述数据进行加密得到密文;使用所述第二密钥对所述密文进行签名;将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。Wherein, the processor 902 is configured to run computer-readable instructions 9032 stored in the memory to implement the following steps: obtain the data to be encrypted; generate a first key corresponding to the read permission and a second key corresponding to the write permission; Use the first key to encrypt the data to obtain a cipher text; use the second key to sign the cipher text; upload the signed cipher text to the blockchain so that the blockchain can After the ciphertext is verified and signed, the ciphertext is stored in the blockchain.
在一实施例中,所述处理器902在实现所述生成对应读权限的第一密钥和对应写权限的第二密钥的步骤时,具体实现以下步骤:In an embodiment, the processor 902 specifically implements the following steps when implementing the steps of generating the first key corresponding to the read permission and the second key corresponding to the write permission:
生成对称密钥的所述第一密钥和非对称密钥的所述第二密钥。The first key of the symmetric key and the second key of the asymmetric key are generated.
在一实施例中,所述处理器902在实现所述使用所述第二密钥对所述密文进行签名的步骤之前,还实现以下步骤:In an embodiment, the processor 902 further implements the following steps before implementing the step of signing the ciphertext using the second key:
使用所述第二密钥作为私钥生成第一公钥;Generating a first public key using the second key as a private key;
获取当前时间戳;Get the current timestamp;
所述处理器902在实现所述使用所述第二密钥对所述密文进行签名的步骤时,具体实现以下步骤:When the processor 902 implements the step of using the second key to sign the ciphertext, it specifically implements the following steps:
使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名 码;Use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
所述处理器902在实现所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤时,具体实现以下步骤:When the processor 902 implements the step of uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext, it specifically implements The following steps:
将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。Upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code and stores the ciphertext in the district Block chain.
在一实施例中,所述处理器902在实现所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还实现以下步骤:In an embodiment, the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述第一密钥、所述第二密钥或者所述第一密钥及第二密钥。Send the authorization key to the node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, the The second key or the first key and the second key.
在一实施例中,所述处理器902在实现所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还实现以下步骤:In an embodiment, the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看。The first key is sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted.
在一实施例中,所述处理器902在实现所述通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看的步骤时,具体实现以下步骤:In an embodiment, when the processor 902 implements the step of sending the first key through a key exchange algorithm so that the nodes in the blockchain can view the data to be encrypted, the following specifically implements step:
获取区块链中的节点发送的第二公钥;Obtain the second public key sent by the node in the blockchain;
使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;Use the second key and the second public key to perform key exchange to obtain a third key of the symmetric key;
使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;Encrypting the first key using the third key to obtain the encrypted first key;
发送所述加密第一密钥至区块链以使所述节点使用所述第二公钥对应的私钥解密出所述第一密钥。Send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
在一实施例中,所述处理器902在实现所述使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥的步骤时,具体实现以下步骤:In an embodiment, when the processor 902 implements the step of using the second key and the second public key to perform key exchange to obtain the third key of the symmetric key, the processor 902 specifically implements the following steps :
使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥。应当理解,在本申请实施例中,处理器902可以是中央处理单元(Central Processing  Unit,CPU),该处理器902还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中,通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Use the second key and the second public key to perform ECDH to obtain a third key of the symmetric key. It should be understood that in this embodiment of the application, the processor 902 may be a central processing unit (Central Processing Unit, CPU), and the processor 902 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Among them, the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.
本领域普通技术人员可以理解的是实现上述实施例的方法中的全部或部分流程,是可以通过计算机可读指令来完成,该计算机可读指令可存储于一计算机可读存储介质。该计算机可读指令被该计算机系统中的至少一个处理器执行,以实现上述方法的实施例的流程步骤。A person of ordinary skill in the art can understand that all or part of the processes in the methods of the foregoing embodiments can be implemented by computer-readable instructions, which can be stored in a computer-readable storage medium. The computer-readable instructions are executed by at least one processor in the computer system to implement the process steps of the foregoing method embodiments.
因此,本申请还提供一种计算机可读存储介质。该计算机可读存储介质可以为非易失性的计算机可读存储介质,该计算机可读存储介质存储有计算机可读指令,该计算机可读指令被处理器执行时使处理器执行如下步骤:Therefore, this application also provides a computer-readable storage medium. The computer-readable storage medium may be a non-volatile computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes the following steps:
本申请还提供一种计算机可读指令产品,当其在计算机上运行时,使得计算机执行以上各实施例中所描述的区块链数据加密方法的步骤。The present application also provides a computer-readable instruction product, which when running on a computer, causes the computer to execute the steps of the blockchain data encryption method described in the above embodiments.
所述计算机可读存储介质可以是前述设备的内部存储单元,例如设备的硬盘或内存。所述计算机可读存储介质也可以是所述设备的外部存储设备,例如所述设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述计算机可读存储介质还可以既包括所述设备的内部存储单元也包括外部存储设备。The computer-readable storage medium may be an internal storage unit of the aforementioned device, such as a hard disk or memory of the device. The computer-readable storage medium may also be an external storage device of the device, such as a plug-in hard disk equipped on the device, a Smart Media Card (SMC), or a Secure Digital (SD) card. , Flash Card, etc. Further, the computer-readable storage medium may also include both an internal storage unit of the device and an external storage device.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM( DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through computer-readable instructions, which can be stored in a non-volatile computer. In a readable storage medium, when the computer-readable instructions are executed, they may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的设备、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the equipment, device and unit described above can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may realize that the units and algorithm steps of the examples described in the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two, in order to clearly illustrate the hardware and software Interchangeability. In the above description, the composition and steps of each example have been generally described in terms of function. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的。例如,各个单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。In the several embodiments provided in this application, it should be understood that the disclosed device and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of each unit is only a logical function division, and there may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be omitted or not implemented.
本申请实施例方法中的步骤可以根据实际需要进行顺序调整、合并和删减。本申请实施例装置中的单元可以根据实际需要进行合并、划分和删减。另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。The steps in the method of the embodiment of the present application can be adjusted, merged, and deleted in order according to actual needs. The units in the devices in the embodiments of the present application may be combined, divided, and deleted according to actual needs. In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
该集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台电子设备(可以是个人计算机,终端,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a storage medium. Based on this understanding, the technical solution of this application is essentially or the part that contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium It includes several instructions to make an electronic device (which may be a personal computer, a terminal, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
以上所述,仅为本申请的具体实施方式,但本申请明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above are only specific implementations of this application, but the scope of protection stated in this application is not limited to this. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in this application. Modifications or replacements, these modifications or replacements shall be covered within the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种区块链数据加密方法,其特征在于,所述方法包括:A blockchain data encryption method, characterized in that the method includes:
    获取待加密数据;Obtain the data to be encrypted;
    生成对应读权限的第一密钥和对应写权限的第二密钥;Generate a first key corresponding to the read permission and a second key corresponding to the write permission;
    使用所述第一密钥对所述数据进行加密得到密文;Encrypting the data using the first key to obtain a ciphertext;
    使用所述第二密钥对所述密文进行签名;Use the second key to sign the ciphertext;
    将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。Upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  2. 根据权利要求1所述区块链数据加密方法,其特征在于,所述生成对应读权限的第一密钥和对应写权限的第二密钥的步骤包括:The blockchain data encryption method according to claim 1, wherein the step of generating the first key corresponding to the read permission and the second key corresponding to the write permission comprises:
    生成对称密钥的所述第一密钥和非对称密钥的所述第二密钥。The first key of the symmetric key and the second key of the asymmetric key are generated.
  3. 根据权利要求2所述区块链数据加密方法,其特征在于,所述使用所述第二密钥对所述密文进行签名的步骤之前,还包括:The blockchain data encryption method according to claim 2, wherein before the step of using the second key to sign the ciphertext, it further comprises:
    使用所述第二密钥作为私钥生成第一公钥;Generating a first public key using the second key as a private key;
    获取当前时间戳;Get the current timestamp;
    所述使用所述第二密钥对所述密文进行签名的步骤包括:The step of using the second key to sign the ciphertext includes:
    使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名码;Use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
    所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤包括:The step of uploading the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and storing the ciphertext in the blockchain includes:
    将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。Upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code and stores the ciphertext in the district Block chain.
  4. 根据权利要求2或3所述区块链数据加密方法,其特征在于,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还包括:The blockchain data encryption method according to claim 2 or 3, wherein the signed cipher text is uploaded to the blockchain so that the blockchain will verify the cipher text after passing the cipher text. After storing the document on the blockchain, it also includes:
    发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述 第一密钥、所述第二密钥或者所述第一密钥及第二密钥。Send the authorization key to the node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, the The second key or the first key and the second key.
  5. 根据权利要求1所述区块链数据加密方法,其特征在于,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还包括:The blockchain data encryption method according to claim 1, wherein the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored after the blockchain passes the verification of the ciphertext After the steps to the blockchain, it also includes:
    通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看。The first key is sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted.
  6. 根据权利要求5所述区块链数据加密方法,其特征在于,所述通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看的步骤包括:The blockchain data encryption method according to claim 5, wherein the step of sending the first key through a key exchange algorithm to enable nodes in the blockchain to view the data to be encrypted comprises :
    获取区块链中的节点发送的第二公钥;Obtain the second public key sent by the node in the blockchain;
    使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;Use the second key and the second public key to perform key exchange to obtain a third key of the symmetric key;
    使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;Encrypting the first key using the third key to obtain the encrypted first key;
    发送所述加密第一密钥至区块链以使所述节点使用所述第二公钥对应的私钥解密出所述第一密钥。Send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
  7. 根据权利要求6所述区块链数据加密方法,其特征在于,所述使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥的步骤包括:The blockchain data encryption method according to claim 6, wherein the step of using the second key and the second public key to perform key exchange to obtain the third key of the symmetric key comprises:
    使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥。Use the second key and the second public key to perform ECDH to obtain a third key of the symmetric key.
  8. 一种区块链数据加密装置,其特征在于,包括:A block chain data encryption device is characterized in that it comprises:
    第一获取单元,用于获取待加密数据;The first obtaining unit is used to obtain the data to be encrypted;
    第一生成单元,用于生成对应读权限的第一密钥和对应写权限的第二密钥;The first generating unit is configured to generate a first key corresponding to the read permission and a second key corresponding to the write permission;
    加密单元,用于使用所述第一密钥对所述数据进行加密得到密文;An encryption unit, configured to encrypt the data using the first key to obtain a ciphertext;
    签名单元,用于使用所述第二密钥对所述密文进行签名;A signature unit, configured to use the second key to sign the ciphertext;
    上传单元,用于将签名后的密文上传至区块链以使区块链对所述 密文验签通过后将所述密文存储至区块链。The uploading unit is configured to upload the signed ciphertext to the blockchain so that the ciphertext will be stored in the blockchain after the blockchain passes the verification of the ciphertext.
  9. 根据权利要求8所述的区块链数据加密装置,其特征在于,还包括:The block chain data encryption device according to claim 8, characterized in that it further comprises:
    第二生成单元,用于使用所述第二密钥作为私钥生成第一公钥;A second generating unit, configured to use the second key as a private key to generate a first public key;
    第二获取单元,用于获取当前时间戳;The second acquiring unit is used to acquire the current timestamp;
    相应的,所述签名单元,用于使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名码;Correspondingly, the signature unit is configured to use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
    所述上传单元,用于将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。The uploading unit is configured to upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain will verify the signature code using the public key and pass it The ciphertext is stored in the blockchain.
  10. 根据权利要求8或9所述的区块链数据加密装置,其特征在于,还包括:The block chain data encryption device according to claim 8 or 9, characterized in that it further comprises:
    发送单元,用于发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述第一密钥、所述第二密钥或者所述第一密钥及第二密钥。The sending unit is configured to send an authorization key to a node in the blockchain so that the node uses the authorization key to access the encrypted data uploaded to the blockchain, wherein the authorization key includes the first A key, the second key, or the first key and the second key.
  11. 根据权利要求8或9所述的区块链数据加密装置,其特征在于,还包括:The block chain data encryption device according to claim 8 or 9, characterized in that it further comprises:
    交换单元,用于通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看。The exchange unit is configured to send the first key through a key exchange algorithm so that the nodes in the blockchain can view the data to be encrypted.
  12. 根据权利要求11所述的区块链数据加密装置,其特征在于,所述交换单元包括:The block chain data encryption device according to claim 11, wherein the exchange unit comprises:
    获取子单元,用于获取区块链中的节点发送的第二公钥;The obtaining subunit is used to obtain the second public key sent by the node in the blockchain;
    交换子单元,用于使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;An exchange subunit, configured to use the second key and the second public key to perform key exchange to obtain the third key of the symmetric key;
    加密子单元,用于使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;An encryption subunit, configured to use the third key to encrypt the first key to obtain an encrypted first key;
    发送子单元,用于发送所述加密第一密钥至区块链以使所述节点 使用所述第二公钥对应的私钥解密出所述第一密钥。The sending subunit is configured to send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
  13. 一种计算机设备,其特征在于,所述计算机设备包括存储器以及与所述存储器相连的处理器;所述存储器用于存储计算机可读指令;所述处理器用于运行所述存储器中存储的计算机可读指令,以执行如下步骤:A computer device, wherein the computer device includes a memory and a processor connected to the memory; the memory is used to store computer-readable instructions; the processor is used to run the computer stored in the memory Read the command to perform the following steps:
    获取待加密数据;Obtain the data to be encrypted;
    生成对应读权限的第一密钥和对应写权限的第二密钥;Generate a first key corresponding to the read permission and a second key corresponding to the write permission;
    使用所述第一密钥对所述数据进行加密得到密文;Encrypting the data using the first key to obtain a ciphertext;
    使用所述第二密钥对所述密文进行签名;Use the second key to sign the ciphertext;
    将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链。Upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  14. 根据权利要求13所述计算机设备,其特征在于,所述生成对应读权限的第一密钥和对应写权限的第二密钥的步骤包括:The computer device according to claim 13, wherein the step of generating the first key corresponding to the read permission and the second key corresponding to the write permission comprises:
    生成对称密钥的所述第一密钥和非对称密钥的所述第二密钥。The first key of the symmetric key and the second key of the asymmetric key are generated.
  15. 根据权利要求14所述计算机设备,其特征在于,所述使用所述第二密钥对所述密文进行签名的步骤之前,还包括:15. The computer device according to claim 14, wherein before the step of signing the ciphertext using the second key, the method further comprises:
    使用所述第二密钥作为私钥生成第一公钥;Generating a first public key using the second key as a private key;
    获取当前时间戳;Get the current timestamp;
    所述使用所述第二密钥对所述密文进行签名的步骤包括:The step of using the second key to sign the ciphertext includes:
    使用所述第二密钥对所述密文、所述第一公钥和所述时间戳进行签名得到签名码;Use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
    所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤包括:The step of uploading the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and storing the ciphertext in the blockchain includes:
    将签名后的密文、所述第一公钥和所述签名码上传至区块链以使区块链对所述签名码使用所述公钥验签通过后将所述密文存储至区块链。Upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code and stores the ciphertext in the district Block chain.
  16. 根据权利要求14或15所述计算机设备,其特征在于,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述 密文存储至区块链的步骤之后,还包括:The computer equipment according to claim 14 or 15, wherein the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored in the district after the blockchain passes the verification of the ciphertext. After the block chain steps, it also includes:
    发送授权密钥至区块链中的节点以使所述节点使用所述授权密钥访问上传至区块链中的加密数据,其中,所述授权密钥包括所述第一密钥、所述第二密钥或者所述第一密钥及第二密钥。Send the authorization key to the node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, the The second key or the first key and the second key.
  17. 根据权利要求13所述计算机设备,其特征在于,所述将签名后的密文上传至区块链以使区块链对所述密文验签通过后将所述密文存储至区块链的步骤之后,还包括:The computer device according to claim 13, wherein the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext After the steps, it also includes:
    通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看。The first key is sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted.
  18. 根据权利要求17所述计算机设备,其特征在于,所述通过密钥交换算法发送所述第一密钥以使区块链中的节点对所述待加密数据进行查看的步骤包括:18. The computer device according to claim 17, wherein the step of sending the first key through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted comprises:
    获取区块链中的节点发送的第二公钥;使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥;Obtaining a second public key sent by a node in the blockchain; performing key exchange using the second key and the second public key to obtain the third key of the symmetric key;
    使用所述第三密钥对所述第一密钥进行加密得到加密第一密钥;Encrypting the first key using the third key to obtain the encrypted first key;
    发送所述加密第一密钥至区块链以使所述节点使用所述第二公钥对应的私钥解密出所述第一密钥。Send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
  19. 根据权利要求18所述计算机设备,其特征在于,所述使用所述第二密钥和所述第二公钥进行密钥交换得到对称密钥的第三密钥的步骤包括:The computer device according to claim 18, wherein the step of using the second key and the second public key to perform key exchange to obtain the third key of the symmetric key comprises:
    使用所述第二密钥和所述第二公钥进行ECDH得到对称密钥的第三密钥Use the second key and the second public key to perform ECDH to obtain the third key of the symmetric key
  20. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时使所述处理器执行如权利要求1-7中任一项所述区块链数据加密方法的步骤。A computer-readable storage medium, characterized in that, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes as described in claims 1-7. Any of the steps of the blockchain data encryption method.
PCT/CN2019/123142 2019-03-14 2019-12-05 Method and device for encrypting blockchain data, computer apparatus, and storage medium WO2020181845A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910192718.8 2019-03-14
CN201910192718.8A CN110061845A (en) 2019-03-14 2019-03-14 Block chain data ciphering method, device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020181845A1 true WO2020181845A1 (en) 2020-09-17

Family

ID=67316987

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/123142 WO2020181845A1 (en) 2019-03-14 2019-12-05 Method and device for encrypting blockchain data, computer apparatus, and storage medium

Country Status (2)

Country Link
CN (1) CN110061845A (en)
WO (1) WO2020181845A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532393A (en) * 2020-11-20 2021-03-19 杭州趣链科技有限公司 Verification method of cross-link transaction, relay link node equipment and medium
CN112702354A (en) * 2020-12-29 2021-04-23 国家电网有限公司大数据中心 Data resource sharing tracing method and device based on block chain technology
CN112925850A (en) * 2021-02-25 2021-06-08 京信数据科技有限公司 Block chain data encryption uplink method, uplink sharing method and device
CN113949552A (en) * 2021-10-13 2022-01-18 广州广电运通金融电子股份有限公司 Large file encryption and decryption system, method, storage medium and equipment
CN114095214A (en) * 2021-10-29 2022-02-25 上海热线信息网络有限公司 Encryption and decryption method, device, equipment and medium based on block chain NFT technology
CN114095165A (en) * 2021-11-22 2022-02-25 中国建设银行股份有限公司 Key updating method, server device, client device and storage medium
CN114124402A (en) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 Distributed data secure exchange sharing method under resource-constrained environment
CN114465778A (en) * 2022-01-07 2022-05-10 上海佰贝网络工程技术有限公司 Information transmission method, device, equipment and medium based on historical data tacit
CN114629901A (en) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 BaaS-based block chain data sharing method, device and equipment
CN114760111A (en) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 File security method and file security device based on block chain

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061845A (en) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 Block chain data ciphering method, device, computer equipment and storage medium
CN110661790A (en) * 2019-09-10 2020-01-07 连连银通电子支付有限公司 Block chain private data protection method, device, equipment and medium
CN112787976B (en) * 2019-11-06 2023-04-07 阿里巴巴集团控股有限公司 Data encryption, decryption and sharing method, device, system and storage medium
CN112948894A (en) * 2019-12-10 2021-06-11 中远海运科技股份有限公司 Block chain-based anti-counterfeiting method, device, equipment and medium for tally inspection report
CN111368333A (en) * 2020-03-26 2020-07-03 国金公用通链(海南)信息科技有限公司 Universal block chain key encapsulation technology
CN113468545A (en) * 2020-03-31 2021-10-01 北京梆梆安全科技有限公司 File encryption and decryption method, device and system
CN113536388B (en) * 2020-04-16 2023-02-28 中移物联网有限公司 Data sharing method and system based on block chain
CN113572715B (en) * 2020-04-29 2023-01-31 青岛海尔洗涤电器有限公司 Data transmission method and system based on block chain
CN111556174B (en) * 2020-06-28 2021-07-20 江苏恒宝智能系统技术有限公司 Information interaction method, device and system
CN112184441B (en) * 2020-09-29 2024-01-19 平安科技(深圳)有限公司 Data processing method, device, node equipment and storage medium
CN112100688A (en) * 2020-09-29 2020-12-18 深圳壹账通智能科技有限公司 Data verification method, device, equipment and storage medium
CN112231404A (en) * 2020-10-15 2021-01-15 深圳壹账通智能科技有限公司 Block chain-based data sharing method, computer device and storage medium
CN112908442A (en) * 2021-03-05 2021-06-04 京东数科海益信息科技有限公司 Medical data sharing method, device, equipment and computer readable medium
CN113067704B (en) * 2021-03-29 2022-08-30 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN112953974B (en) * 2021-04-16 2022-06-10 平安科技(深圳)有限公司 Data collision method, device, equipment and computer readable storage medium
CN113496041A (en) * 2021-07-23 2021-10-12 永旗(北京)科技有限公司 Data encryption method based on block chain
CN113612616A (en) * 2021-07-27 2021-11-05 北京沃东天骏信息技术有限公司 Vehicle communication method and device based on block chain
CN113779599A (en) * 2021-08-31 2021-12-10 深圳市众诚品业科技有限公司 Conversation information protection method, server, terminal, and storage medium
CN114124515B (en) * 2021-11-19 2024-05-28 西部安全认证中心有限责任公司 Bidding transmission method, key management method, user verification method and corresponding devices
CN114285632B (en) * 2021-12-23 2023-07-28 成都质数斯达克科技有限公司 Block chain data transmission method, device and equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180019879A1 (en) * 2016-07-12 2018-01-18 International Business Machines Corporation Token identity and attribute management
CN108681853A (en) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 Logistics information transmission method, system and device based on block chain
CN108681966A (en) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 A kind of information monitoring method and device based on block chain
CN110061845A (en) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 Block chain data ciphering method, device, computer equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150379510A1 (en) * 2012-07-10 2015-12-31 Stanley Benjamin Smith Method and system to use a block chain infrastructure and Smart Contracts to monetize data transactions involving changes to data included into a data supply chain.
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN108964903B (en) * 2018-07-12 2021-12-14 腾讯科技(深圳)有限公司 Password storage method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180019879A1 (en) * 2016-07-12 2018-01-18 International Business Machines Corporation Token identity and attribute management
CN108681853A (en) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 Logistics information transmission method, system and device based on block chain
CN108681966A (en) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 A kind of information monitoring method and device based on block chain
CN110061845A (en) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 Block chain data ciphering method, device, computer equipment and storage medium

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532393A (en) * 2020-11-20 2021-03-19 杭州趣链科技有限公司 Verification method of cross-link transaction, relay link node equipment and medium
CN114629901A (en) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 BaaS-based block chain data sharing method, device and equipment
CN112702354A (en) * 2020-12-29 2021-04-23 国家电网有限公司大数据中心 Data resource sharing tracing method and device based on block chain technology
CN112702354B (en) * 2020-12-29 2023-08-11 国家电网有限公司大数据中心 Data resource sharing traceability method and device based on blockchain technology
CN112925850A (en) * 2021-02-25 2021-06-08 京信数据科技有限公司 Block chain data encryption uplink method, uplink sharing method and device
CN112925850B (en) * 2021-02-25 2022-07-08 京信数据科技有限公司 Block chain data encryption uplink sharing method and device
CN113949552A (en) * 2021-10-13 2022-01-18 广州广电运通金融电子股份有限公司 Large file encryption and decryption system, method, storage medium and equipment
CN114095214A (en) * 2021-10-29 2022-02-25 上海热线信息网络有限公司 Encryption and decryption method, device, equipment and medium based on block chain NFT technology
CN114095214B (en) * 2021-10-29 2023-12-12 上海热线信息网络有限公司 Encryption and decryption method, device, equipment and medium based on block chain NFT technology
CN114124402A (en) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 Distributed data secure exchange sharing method under resource-constrained environment
CN114124402B (en) * 2021-11-03 2024-05-14 国家工业信息安全发展研究中心 Distributed data security exchange sharing method under resource-limited environment
CN114095165A (en) * 2021-11-22 2022-02-25 中国建设银行股份有限公司 Key updating method, server device, client device and storage medium
CN114095165B (en) * 2021-11-22 2024-04-26 中国建设银行股份有限公司 Key updating method, server device, client device and storage medium
CN114465778A (en) * 2022-01-07 2022-05-10 上海佰贝网络工程技术有限公司 Information transmission method, device, equipment and medium based on historical data tacit
CN114760111A (en) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 File security method and file security device based on block chain

Also Published As

Publication number Publication date
CN110061845A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
WO2020181845A1 (en) Method and device for encrypting blockchain data, computer apparatus, and storage medium
KR102263325B1 (en) How to securely execute smart contract actions in a trusted execution environment
CN109120639B (en) Data cloud storage encryption method and system based on block chain
US9609024B2 (en) Method and system for policy based authentication
WO2019214070A1 (en) Encryption method for user communication on block chain, apparatus, terminal device and storage medium
US8059818B2 (en) Accessing protected data on network storage from multiple devices
WO2019136959A1 (en) Data processing method and device, computer device and storage medium
JP2020524421A (en) Distributed Key Management for Trusted Execution Environment
CN101102180B (en) Inter-system binding and platform integrity verification method based on hardware security unit
JP2023500570A (en) Digital signature generation using cold wallet
WO2020252611A1 (en) Data interaction method and related equipments
US11616643B2 (en) System and method of management of a shared cryptographic account
CN114584307A (en) Trusted key management method and device, electronic equipment and storage medium
CN112383391A (en) Data security protection method based on data attribute authorization, storage medium and terminal
WO2022134812A1 (en) Consortium blockchain-based multi-institution data processing method, apparatus, and related device
CN114500069A (en) Method and system for storing and sharing electronic contract
CN113726772B (en) Method, device, equipment and storage medium for realizing online inquiry session
CN113328860A (en) Block chain-based user privacy data security providing method
CN112187767A (en) Multi-party contract consensus system, method and medium based on block chain
US20240048361A1 (en) Key Management for Cryptography-as-a-service and Data Governance Systems
US20230028854A1 (en) System and method of cryptographic key management in a plurality of blockchain based computer networks
CN114553557B (en) Key calling method, device, computer equipment and storage medium
US12058257B2 (en) Data storage method, data read method, electronic device, and program product
CN111460463A (en) Electronic deposit certificate storage and notarization method, device, equipment and storage medium
CN114844695A (en) Service data circulation method, system and related equipment based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19918991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03.11.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19918991

Country of ref document: EP

Kind code of ref document: A1