WO2020181845A1 - Procédé et dispositif de chiffrement de données de chaîne de blocs, appareil informatique et support d'informations - Google Patents

Procédé et dispositif de chiffrement de données de chaîne de blocs, appareil informatique et support d'informations Download PDF

Info

Publication number
WO2020181845A1
WO2020181845A1 PCT/CN2019/123142 CN2019123142W WO2020181845A1 WO 2020181845 A1 WO2020181845 A1 WO 2020181845A1 CN 2019123142 W CN2019123142 W CN 2019123142W WO 2020181845 A1 WO2020181845 A1 WO 2020181845A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
blockchain
ciphertext
data
encrypted
Prior art date
Application number
PCT/CN2019/123142
Other languages
English (en)
Chinese (zh)
Inventor
谢丹力
张文明
贾牧
陆一凡
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020181845A1 publication Critical patent/WO2020181845A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • This application relates to the field of blockchain encryption technology, and in particular to a blockchain data encryption method, device, computer equipment, and computer-readable storage medium.
  • the blockchain network can realize information sharing between industries, but large companies regard data as life and are unwilling to share data. For this reason, all sensitive data uploaded to the blockchain must be encrypted to solve the problem of large companies Concerns about data sharing will not make data sharing a data welfare.
  • the encrypted data authorization method is encrypted by using a key. Once the encrypted data is authorized to any authorized party, the authorized party has all rights to the data. However, in actual business needs, this method Reduce the efficiency of data management on the blockchain.
  • the embodiments of the present application provide a blockchain data encryption method, device, computer equipment, and computer-readable storage medium, which can solve the problem of low efficiency of data management on the blockchain in the traditional technology.
  • an embodiment of the present application provides a blockchain data encryption method, the method includes: obtaining data to be encrypted; generating a first key corresponding to a read permission and a second key corresponding to a write permission; The first key encrypts the data to obtain a ciphertext; uses the second key to sign the ciphertext; uploads the signed ciphertext to the blockchain so that the blockchain can verify the ciphertext Store the ciphertext in the blockchain after the document verification is passed.
  • an embodiment of the present application also provides a block chain data encryption device, including: a first obtaining unit for obtaining data to be encrypted; a first generating unit for generating a first key corresponding to the read permission And a second key corresponding to the write authority; an encryption unit, used to encrypt the data using the first key to obtain a ciphertext; a signature unit, used to perform an encryption on the ciphertext using the second key Signature; upload unit for uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext.
  • an embodiment of the present application also provides a computer device, which includes a memory and a processor, the memory stores computer-readable instructions, and the processor implements the area when the computer-readable instructions are executed.
  • Block chain data encryption method is provided.
  • an embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes The block chain data encryption method.
  • Figure 1 is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application
  • FIG. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application
  • FIG. 3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 4 is a schematic diagram of digital signature flow interaction of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 5 is another flowchart of the blockchain data encryption method provided by an embodiment of the application.
  • FIG. 6 is an interactive schematic diagram of a specific embodiment of a blockchain data encryption method provided by an embodiment of the application.
  • FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • FIG. 8 is another schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • FIG. 9 is a schematic block diagram of a computer device provided by an embodiment of the application.
  • FIG. 1 is a schematic diagram of an application scenario of a blockchain data encryption method provided by an embodiment of the application.
  • the application scenarios include:
  • the blockchain shown in Figure 1 contains 6 terminals. If there are encrypted data on terminal 1 that needs to be uploaded to the blockchain, so that other terminals in the blockchain can share the encrypted data, the data on terminal 1 passes through
  • the data encryption method in the embodiment of this application is encrypted and uploaded to the chain. After obtaining the corresponding authorization authority such as read authorization or write authorization, other terminals in the blockchain can obtain encrypted data from the chain to achieve access to the encrypted data.
  • the terminal 1 that needs to upload encrypted data executes the steps of the data encryption method in the embodiment of the present application.
  • the terminal may be an electronic device such as a notebook computer, a tablet computer, a smart phone, or a desktop computer.
  • the working process of each subject in Fig. 1 is as follows: obtaining the data to be encrypted; generating A first key corresponding to the read permission and a second key corresponding to the write permission; encrypt the data using the first key to obtain a ciphertext; use the second key to sign the ciphertext; Upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • the terminal 5 obtains the first key provided by the terminal 1, it obtains the read permission for the encrypted data.
  • the terminal 5 obtains the second key provided by the terminal 1, it obtains the write permission for the encrypted data.
  • the terminal 5 obtains the read permission and write permission of the encrypted data to obtain full authorization.
  • FIG. 1 only shows a desktop computer as a terminal.
  • the type of the terminal is not limited to that shown in FIG. 1.
  • the terminal may also be an electronic device such as a mobile phone, a notebook computer, or a tablet computer.
  • the application scenarios of the above-mentioned blockchain data encryption method are only used to illustrate the technical solutions of this application, and are not used to limit the technical solutions of this application.
  • the above-mentioned connection relationship may also have other forms.
  • Fig. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the application.
  • the blockchain data encryption method is applied to the terminal in FIG. 1 to complete all or part of the functions of the blockchain data encryption method.
  • FIG. 2 is a schematic flowchart of a blockchain data encryption method provided by an embodiment of the present application. As shown in Figure 2, the method includes the following steps S210-S290:
  • S220 Generate a first key corresponding to the read permission and a second key corresponding to the write permission.
  • the read permission refers to the permission to view or access encrypted data
  • the write permission refers to the permission to modify or delete the encrypted data
  • the first key corresponding to the read permission and the second key corresponding to the write permission are respectively generated.
  • the key, the first key is used to control the read authority of the encrypted data
  • the second key is used to control the write authority of the encrypted data, so that the first key is used to obtain authorization to view the encrypted data.
  • the second key obtains authorization to modify or delete the encrypted data.
  • the node that uploads the encrypted data in the blockchain will generate two keys for the data to be encrypted. One key is the first key, which is the read permission key, the English is Read Key, and the other is the first key.
  • the second key is the write authority key, and the English is WriteKey.
  • the step of generating the first key corresponding to the read permission and the second key corresponding to the write permission includes:
  • the first key of the symmetric key and the second key of the asymmetric key are generated.
  • the symmetric key refers to the use of symmetric cryptographic encoding technology, and the use of the same key for file encryption and decryption. Since the symmetric encryption algorithm is simple and quick to use, the key is short, and it is difficult to decipher, the symmetric key is used for the corresponding read permission.
  • An asymmetric key means that the encryption algorithm requires two keys, one of which is a public key, English is Publickey, the other is a private key, and English is Privatekey.
  • the public key and the private key are a pair. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt; if the private key is used to encrypt the data, only the corresponding public key can be used Decrypt. Because encryption and decryption use two different keys, this key is called an asymmetric encryption key. Since the typical application of asymmetric encryption is a digital signature, the second key corresponding to the write permission uses an asymmetric key.
  • the node uploading the encrypted data in the blockchain will generate two keys for the data to be encrypted, one of which is the first key, which is the read authority key, and the English is Read Key, which adopts the symmetric key.
  • the other key is the second key, which is the write authority key, and the English is WriteKey, which is an asymmetric key.
  • FIG. 3 is a schematic diagram of the encryption process interaction of the blockchain data encryption method provided by an embodiment of the application. As shown in Figure 3, the process is as follows:
  • the first subject generates a pair of public key and private key, and sends the public key to the second subject;
  • the second subject uses the public key to encrypt the data, the encryption process is: public key + plaintext -> ciphertext, and the second subject sends the ciphertext to the first subject;
  • the node in the blockchain uses the first key to encrypt the data to obtain the ciphertext.
  • Public and private keys are equivalent to keys and locks. Locks can be used to lock things, and keys can be used to open corresponding locks. One key can only open one lock. Of course, both keys and locks can be copied. Signing is equivalent to generating a lock and a key by myself, then locking the content I want to publish with my lock to form a signature, publishing the content and signature together, and telling everyone what my key is. People can get the key to open the content in the signature to verify that it is consistent with the published content. Everyone in the world can get the key to verify the consistency between the signature and the content, but only I have the signature lock.
  • Figure 4 is a schematic diagram of the digital signature process interaction of the blockchain data encryption method provided by an embodiment of the application.
  • the digital signature involves four or three processes:
  • the first subject generates a pair of public key and private key
  • the first subject uses the private key to sign the encrypted data, and the signing process is: private key + content -> signature;
  • the first subject publishes the encrypted data and signature together, and publishes the public key
  • the second subject uses the published public key to verify the signature.
  • the verification process is: public key + signature + content -> whether the content has changed, so as to determine whether the encrypted data published by the first subject has changed or has been tampered with.
  • the node in the blockchain uses the second key to sign the ciphertext to obtain a signature code.
  • the method further includes:
  • the step of using the second key to sign the ciphertext includes:
  • the step of uploading the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and storing the ciphertext in the blockchain includes:
  • the blockchain secondary node will generate two cryptographically secure keys for this piece of data.
  • the first key is the read authority key
  • the English is Read Key
  • the second key is the write authority key
  • the English is WriteKey.
  • the ciphertext is signed using the write authority key, and the ciphertext is sent to the blockchain, so that different subjects obtain the corresponding authority of the data according to the obtained key.
  • the blockchain node processes the data to be encrypted as follows:
  • the blockchain secondary node will generate two cryptographically secure keys for this piece of data.
  • the first key is the read authority key
  • the English is Read Key
  • the second key is the write authority key
  • the English is WriteKey.
  • the block link After the block link receives the encrypted data EncyptData+PublicKey+S sent by the secondary node of the blockchain, it verifies the encrypted data.
  • the verification process on the blockchain is as follows:
  • FIG. 5 is another flowchart of a blockchain data encryption method provided by an embodiment of the application.
  • the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • it also includes:
  • S260 Send an authorization key to a node in the blockchain so that the node uses the authorization key to access the encrypted data uploaded to the blockchain, where the authorization key includes the first key, The second key or the first key and the second key.
  • the authorizing party since the encrypted data authorization method with separation of read and write permissions is adopted, the authorizing party, that is, the party encrypting the data, uses two keys when encrypting the data.
  • the first key is a symmetric key, which is used to encrypt data
  • the second key is an asymmetric key, which is used to sign the encrypted result.
  • this method also supports reading the secret
  • the key and the write key are authorized to the authorized party at the same time, and the authorized party has both the read permission and the write permission. This method is called full authorization.
  • the authorized party performs corresponding operations on encrypted data according to the obtained authorization, which can be divided into the following types:
  • the authorized party obtains the first key of the read permission.
  • the process of the authorized party to access encrypted data is as follows:
  • the secondary node of the data reader uses ReadKey to decrypt EncyptData to obtain the original data.
  • the authorized party since the authorized party has obtained the second key of the write authority, the authorized party has the authority to modify the data, that is, the authorized party can modify the data. Assuming that the operator has been authorized for ReadKey and WriteKey, at this time, follow Proceed as follows:
  • the operator uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2; the operator uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2; the operator sends EncyptData2+TimeStamp2+S2 To the blockchain.
  • the PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the S2 of the current data on the chain. If the verification is passed, the data is allowed to be modified. If the verification fails, the modification of the data is refused, and the operation fails. .
  • the PublicKey of the original data will be obtained on the blockchain, and the PublicKey will be used to verify the current S3 of the data on the chain. If the verification is passed, the data is allowed to be deleted. If the verification fails, the data is refused to be deleted, and the operation fails. .
  • the ciphertext after the signature is uploaded to the blockchain so that the ciphertext is stored after the blockchain passes the verification of the ciphertext After the steps to the blockchain, it also includes:
  • S270 Send the first key through a key exchange algorithm, so that nodes in the blockchain can view the data to be encrypted.
  • the step of sending the first key through a key exchange algorithm to enable nodes in the blockchain to view the data to be encrypted includes:
  • the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key.
  • the first key may also be sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted, for example, when implementing penetrating supervision,
  • the supervising unit can obtain the first key through the key exchange algorithm to view the encrypted data, that is, the embodiment of the present application can support transparent supervision at the same time, where the transparent supervision refers to adopting the key agreement algorithm to
  • the data uploading unit and the supervisory unit exchange information securely through the blockchain and the third party cannot obtain the information.
  • the key agreement algorithm includes ECDH and ECDHE.
  • ECDH is a DH (Diffie-Hellman) key exchange algorithm based on ECC (Elliptic Curve Cryptosystems, elliptic curve cryptosystems), and both parties can negotiate a key without sharing any secrets.
  • the ECC algorithm is used in conjunction with DH for key negotiation.
  • This key exchange algorithm is called ECDH.
  • Diffie-Hellman algorithm referred to as DH algorithm, is a key agreement algorithm.
  • the algorithm is a method of establishing a key, not an encryption method, but the generated key can be used for encryption, key management or any other Encryption method.
  • the purpose of this key exchange technology is to enable two users to exchange keys (KEY) securely for future message encryption.
  • the supervisory unit node in the blockchain can obtain the read permission key through the key exchange algorithm to view the data to be encrypted.
  • the node uploading the data in the blockchain obtains the second public key sent by the supervisory node in the blockchain, and uses all The second key and the second public key are exchanged to obtain the third key of the symmetric key, and the first key is encrypted using the third key to obtain the encrypted first key, and then Send the encrypted first key to the blockchain so that the supervisory node in the blockchain uses the private key corresponding to the second public key to decrypt the first key to view the encrypted data in the blockchain.
  • the use of the second key and the second public key for key exchange to obtain the third key of the symmetric key refers to the use of the second key and the second public key for ECDH Get the third key of the symmetric key.
  • the node uploading data in the blockchain uses WriteKey and the public key SupervisePubKey (supervised public key) provided by the supervision to perform ECDH, and obtain both parties
  • SymKey symmetric key
  • the supervisory node can use its own private key to solve the ReadKey to view the content of the encrypted data.
  • FIG. 6 is an interactive schematic diagram of a specific embodiment of the blockchain data encryption method provided by the embodiment of the application. As shown in FIG. 6, the process of the blockchain data encryption method provided by the embodiment of the application is as follows :
  • the authorized party node in the blockchain obtains the data that needs to be encrypted
  • the authorized party node in the blockchain uses the ReadKey to encrypt the data to obtain the ciphertext EncyptData;
  • the authorizing party node in the blockchain uses WriteKey as the private key to generate the corresponding public key PublicKey;
  • the authorized party node in the blockchain uses the current private key WriteKey to sign EncyptData+PublicKey+TimeStamp to obtain the signature code S;
  • the authorized party node in the blockchain sends EncyptData+PublicKey+S to the blockchain;
  • the blockchain obtains the public key PublicKey, and verifies the S code in the data. If the verification is passed, the data storage is agreed;
  • the authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
  • the authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data
  • the authorized party node in the blockchain sends the authorized ReadKey and WriteKey
  • the authorized party node in the blockchain obtains data EncyptData directly from the blockchain by query (query);
  • the authorized party node in the blockchain uses ReadKey to decrypt EncyptData to obtain the original data
  • the authorized party node in the blockchain modifies the original data and uses ReadKey to encrypt the modified data to obtain the encrypted data EncyptData2;
  • the authorized party node in the blockchain uses WriteKey as the private key to sign the new EncyptData2+TimeStamp2 to obtain the signature code S2;
  • the authorized party node in the blockchain sends EncyptData2+TimeStamp2+S2 to the blockchain;
  • the blockchain obtains the PublicKey of the original data, and uses the PublicKey to verify the S2 of the current data on the chain. After the verification is passed, the data is allowed to be modified, the verification fails, and the data is refused to be modified, and the operation fails.
  • the encrypted data authorization method with separation of read and write permissions uses two keys when encrypting data.
  • the first key can be a symmetric key for encrypting data
  • the second The key can be an asymmetric key, which is used to sign the encrypted result; in the authorization process, if only the first key is authorized to the other party, the other party only has the right to view the data, and if the other party is authorized the second Key, the other party has the authority to modify and delete data; at the same time, this method also supports to authorize the read and write key to the other party at the same time, so the other party has the read and write authority at the same time.
  • This method is called full authorization.
  • This scheme is an important supplement and enhancement to the traditional encryption data authorization method, and makes up for the shortcomings of the traditional encryption authorization method.
  • This method allows the authorized party to flexibly choose to grant the other party view permissions, modify permissions, or delete permissions. It is a comparison to the traditional authorization method. An improvement that improves the flexibility of nodes in the blockchain to authorize encrypted data and the management efficiency of encrypted data.
  • FIG. 7 is a schematic block diagram of a block chain data encryption device provided by an embodiment of the application.
  • an embodiment of the present application also provides a blockchain data encryption device.
  • the block chain data encryption device includes a unit for executing the above block chain data encryption method, and the device can be configured in computer equipment such as a server.
  • the blockchain data encryption device 700 includes a first acquisition unit 701, a first generation unit 702, an encryption unit 703, a signature unit 704 and an upload unit 705.
  • the first obtaining unit 701 obtains data to be encrypted
  • the first generating unit 702 is configured to generate a first key corresponding to the read permission and a second key corresponding to the write permission;
  • the encryption unit 703 is configured to use the first key to encrypt the data to obtain a ciphertext
  • the signature unit 704 is configured to use the second key to sign the ciphertext
  • the uploading unit 705 is configured to upload the signed ciphertext to the blockchain so that the ciphertext is stored in the blockchain after the blockchain passes the verification of the ciphertext.
  • the first generating unit 702. The first key used to generate the symmetric key and the second key of the asymmetric key.
  • FIG. 8 is another schematic block diagram of the block chain data encryption device provided by an embodiment of the application. As shown in FIG. 8, in this embodiment, the block chain data encryption device 700 further includes:
  • the second generating unit 706 is configured to use the second key as a private key to generate a first public key
  • the second obtaining unit 707 is configured to obtain the current timestamp
  • the signature unit 704 is configured to use the second key to sign the ciphertext, the first public key, and the timestamp to obtain a signature code;
  • the uploading unit 705 is configured to upload the signed ciphertext, the first public key, and the signature code to the blockchain so that the blockchain uses the public key to verify the signature code after passing Store the ciphertext in the blockchain.
  • the block chain data encryption device 700 further includes:
  • the sending unit 708 is configured to send an authorization key to a node in the blockchain so that the node can use the authorization key to access the encrypted data uploaded to the blockchain, wherein the authorization key includes the first A key, the second key, or the first key and the second key.
  • the block chain data encryption device 700 further includes:
  • the exchange unit 709 is configured to send the first key through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted;
  • the switching unit 709 includes:
  • the obtaining subunit 7091 is used to obtain the second public key sent by the node in the blockchain;
  • An exchange subunit 7092 configured to perform key exchange using the second key and the second public key to obtain a third key of the symmetric key
  • An encryption subunit 7093 configured to use the third key to encrypt the first key to obtain an encrypted first key
  • the sending subunit 7094 is configured to send the encrypted first key to the blockchain so that the node uses the private key corresponding to the second public key to decrypt the first key.
  • the exchange subunit 7092 is configured to perform ECDH using the second key and the second public key to obtain the third key of the symmetric key.
  • the division and connection of the various units in the above-mentioned blockchain data encryption device are only used for illustration.
  • the blockchain data encryption device can be divided into different units as needed, or the block Each unit in the chain data encryption device adopts different connection sequences and methods to complete all or part of the functions of the block chain data encryption device.
  • the above-mentioned block chain data encryption device may be implemented in a form of computer-readable instructions, and the computer-readable instructions may run on the computer device as shown in FIG. 9.
  • the computer device 900 may be a computer device such as a desktop computer or a server, or may be a component or component in other devices.
  • the computer device 900 includes a processor 902, a memory, and a network interface 905 connected through a system bus 901, where the memory may include a non-volatile storage medium 903 and an internal memory 904.
  • the non-volatile storage medium 903 can store an operating system 9031 and computer-readable instructions 9032.
  • the computer-readable instruction 9032 When executed, it can cause the processor 902 to execute one of the aforementioned blockchain data encryption methods.
  • the processor 902 is used to provide calculation and control capabilities to support the operation of the entire computer device 900.
  • the internal memory 904 provides an environment for the operation of the computer-readable instructions 9032 in the non-volatile storage medium 903.
  • the processor 902 can execute the above-mentioned blockchain data. Encryption method.
  • the network interface 905 is used for network communication with other devices.
  • the structure shown in FIG. 9 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 900 to which the solution of the present application is applied.
  • the specific computer device 900 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
  • the computer device may only include a memory and a processor. In such embodiments, the structures and functions of the memory and the processor are consistent with the embodiment shown in FIG. 9 and will not be repeated here.
  • the processor 902 is configured to run computer-readable instructions 9032 stored in the memory to implement the following steps: obtain the data to be encrypted; generate a first key corresponding to the read permission and a second key corresponding to the write permission; Use the first key to encrypt the data to obtain a cipher text; use the second key to sign the cipher text; upload the signed cipher text to the blockchain so that the blockchain can After the ciphertext is verified and signed, the ciphertext is stored in the blockchain.
  • the processor 902 specifically implements the following steps when implementing the steps of generating the first key corresponding to the read permission and the second key corresponding to the write permission:
  • the first key of the symmetric key and the second key of the asymmetric key are generated.
  • the processor 902 further implements the following steps before implementing the step of signing the ciphertext using the second key:
  • the processor 902 implements the step of using the second key to sign the ciphertext, it specifically implements the following steps:
  • the processor 902 implements the step of uploading the signed ciphertext to the blockchain so that the blockchain will store the ciphertext in the blockchain after passing the verification of the ciphertext, it specifically implements The following steps:
  • the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
  • the processor 902 uploads the signed ciphertext to the blockchain to enable the blockchain to verify the ciphertext and store the ciphertext in the blockchain. After the steps, the following steps are also implemented:
  • the first key is sent through a key exchange algorithm so that nodes in the blockchain can view the data to be encrypted.
  • step of sending the first key through a key exchange algorithm so that the nodes in the blockchain can view the data to be encrypted the following specifically implements step:
  • the processor 902 when the processor 902 implements the step of using the second key and the second public key to perform key exchange to obtain the third key of the symmetric key, the processor 902 specifically implements the following steps :
  • the processor 902 may be a central processing unit (Central Processing Unit, CPU), and the processor 902 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the processor executes the following steps:
  • the present application also provides a computer-readable instruction product, which when running on a computer, causes the computer to execute the steps of the blockchain data encryption method described in the above embodiments.
  • the computer-readable storage medium may be an internal storage unit of the aforementioned device, such as a hard disk or memory of the device.
  • the computer-readable storage medium may also be an external storage device of the device, such as a plug-in hard disk equipped on the device, a Smart Media Card (SMC), or a Secure Digital (SD) card. , Flash Card, etc.
  • the computer-readable storage medium may also include both an internal storage unit of the device and an external storage device.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • ROM read only memory
  • PROM programmable ROM
  • EPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
  • the disclosed device and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of each unit is only a logical function division, and there may be other division methods in actual implementation.
  • multiple units or components can be combined or integrated into another system, or some features can be omitted or not implemented.
  • the steps in the method of the embodiment of the present application can be adjusted, merged, and deleted in order according to actual needs.
  • the units in the devices in the embodiments of the present application may be combined, divided, and deleted according to actual needs.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a storage medium.
  • the technical solution of this application is essentially or the part that contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium It includes several instructions to make an electronic device (which may be a personal computer, a terminal, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

Des modes de réalisation de la présente invention concernent un procédé et un dispositif de chiffrement de données de chaîne de blocs, un appareil informatique et un support d'informations lisible par ordinateur. Dans un mode de réalisation de la présente invention, le procédé de chiffrement de données de chaîne de blocs consiste : à acquérir des données à chiffrer ; à générer une première clé correspondant à une autorisation de lecture et une seconde clé correspondant à une autorisation d'écriture ; à utiliser la première clé pour chiffrer les données afin d'obtenir un texte chiffré ; à utiliser la seconde clé pour fixer une signature sur le texte chiffré ; et à télécharger le texte chiffré signé vers une chaîne de blocs, et à stocker le texte chiffré dans la chaîne de blocs après que le texte chiffré a réussi l'authentification effectuée par la chaîne de blocs. L'invention réalise une commande séparée sur une autorisation de lecture et une autorisation d'écriture par rapport à des données chiffrées dans une chaîne de blocs, de telle sorte qu'une partie d'autorisation peut sélectionner de manière flexible une autorisation par rapport à des données chiffrées à accorder à une partie autorisée, ce qui permet d'améliorer l'efficacité de la gestion des données chiffrées dans une chaîne de blocs.
PCT/CN2019/123142 2019-03-14 2019-12-05 Procédé et dispositif de chiffrement de données de chaîne de blocs, appareil informatique et support d'informations WO2020181845A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910192718.8 2019-03-14
CN201910192718.8A CN110061845A (zh) 2019-03-14 2019-03-14 区块链数据加密方法、装置、计算机设备及存储介质

Publications (1)

Publication Number Publication Date
WO2020181845A1 true WO2020181845A1 (fr) 2020-09-17

Family

ID=67316987

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/123142 WO2020181845A1 (fr) 2019-03-14 2019-12-05 Procédé et dispositif de chiffrement de données de chaîne de blocs, appareil informatique et support d'informations

Country Status (2)

Country Link
CN (1) CN110061845A (fr)
WO (1) WO2020181845A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532393A (zh) * 2020-11-20 2021-03-19 杭州趣链科技有限公司 一种跨链交易的验证方法、中继链节点设备及介质
CN112702354A (zh) * 2020-12-29 2021-04-23 国家电网有限公司大数据中心 一种基于区块链技术的数据资源共享追溯方法及装置
CN112925850A (zh) * 2021-02-25 2021-06-08 京信数据科技有限公司 一种区块链数据加密上链方法、上链共享方法及装置
CN113949552A (zh) * 2021-10-13 2022-01-18 广州广电运通金融电子股份有限公司 一种大文件加解密系统、方法、存储介质和设备
CN114095165A (zh) * 2021-11-22 2022-02-25 中国建设银行股份有限公司 密钥更新方法、服务端设备、客户端设备及存储介质
CN114095214A (zh) * 2021-10-29 2022-02-25 上海热线信息网络有限公司 一种基于区块链nft技术的加、解密方法及装置、设备及介质
CN114124402A (zh) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 一种资源受限环境下的分布式数据安全交换共享方法
CN114465778A (zh) * 2022-01-07 2022-05-10 上海佰贝网络工程技术有限公司 基于历史数据默契的信息传输方法、装置、设备及介质
CN114629901A (zh) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 一种基于BaaS的区块链上数据共享方法、装置及设备
CN114760111A (zh) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 基于区块链的文件保密方法及文件保密装置

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061845A (zh) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 区块链数据加密方法、装置、计算机设备及存储介质
CN110661790A (zh) * 2019-09-10 2020-01-07 连连银通电子支付有限公司 一种区块链隐私数据的保护方法、装置、设备和介质
CN112787976B (zh) * 2019-11-06 2023-04-07 阿里巴巴集团控股有限公司 数据加密、解密和共享方法、设备、系统及存储介质
CN112948894A (zh) * 2019-12-10 2021-06-11 中远海运科技股份有限公司 基于区块链的理货检验报告防伪方法、装置、设备和介质
CN111368333A (zh) * 2020-03-26 2020-07-03 国金公用通链(海南)信息科技有限公司 一种通用区块链密钥封装技术
CN113468545A (zh) * 2020-03-31 2021-10-01 北京梆梆安全科技有限公司 文件加解密方法、装置及系统
CN113536388B (zh) * 2020-04-16 2023-02-28 中移物联网有限公司 一种基于区块链的数据共享方法及系统
CN113572715B (zh) * 2020-04-29 2023-01-31 青岛海尔洗涤电器有限公司 基于区块链的数据传输方法和系统
CN111556174B (zh) * 2020-06-28 2021-07-20 江苏恒宝智能系统技术有限公司 一种信息交互方法、装置及系统
CN112184441B (zh) * 2020-09-29 2024-01-19 平安科技(深圳)有限公司 数据处理方法、装置、节点设备及存储介质
CN112231404A (zh) * 2020-10-15 2021-01-15 深圳壹账通智能科技有限公司 基于区块链的数据共享方法、计算机设备和存储介质
CN112908442A (zh) * 2021-03-05 2021-06-04 京东数科海益信息科技有限公司 医疗数据共享方法、装置、设备及计算机可读介质
CN113067704B (zh) * 2021-03-29 2022-08-30 安徽慧可科技有限公司 一种基于区块链的数据确权方法、系统和设备
CN112953974B (zh) * 2021-04-16 2022-06-10 平安科技(深圳)有限公司 数据碰撞方法、装置、设备及计算机可读存储介质
CN113496041A (zh) * 2021-07-23 2021-10-12 永旗(北京)科技有限公司 一种基于区块链的数据加密方法
CN113612616A (zh) * 2021-07-27 2021-11-05 北京沃东天骏信息技术有限公司 一种基于区块链的车辆通信方法和装置
CN113779599A (zh) * 2021-08-31 2021-12-10 深圳市众诚品业科技有限公司 交谈信息保护方法、服务器、终端及存储介质
CN114124515B (zh) * 2021-11-19 2024-05-28 西部安全认证中心有限责任公司 标书传输方法、密钥管理方法、用户验证方法及对应装置
CN114285632B (zh) * 2021-12-23 2023-07-28 成都质数斯达克科技有限公司 一种区块链数据传输方法、装置和设备及可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180019879A1 (en) * 2016-07-12 2018-01-18 International Business Machines Corporation Token identity and attribute management
CN108681966A (zh) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 一种基于区块链的信息监管方法及装置
CN108681853A (zh) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 基于区块链的物流信息传输方法、系统和装置
CN110061845A (zh) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 区块链数据加密方法、装置、计算机设备及存储介质

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150379510A1 (en) * 2012-07-10 2015-12-31 Stanley Benjamin Smith Method and system to use a block chain infrastructure and Smart Contracts to monetize data transactions involving changes to data included into a data supply chain.
CN107294709A (zh) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 一种区块链数据处理方法、装置及系统
CN109462472A (zh) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 数据加密和解密的方法、装置和系统
CN108964903B (zh) * 2018-07-12 2021-12-14 腾讯科技(深圳)有限公司 密码存储方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180019879A1 (en) * 2016-07-12 2018-01-18 International Business Machines Corporation Token identity and attribute management
CN108681966A (zh) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 一种基于区块链的信息监管方法及装置
CN108681853A (zh) * 2018-05-11 2018-10-19 阿里巴巴集团控股有限公司 基于区块链的物流信息传输方法、系统和装置
CN110061845A (zh) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 区块链数据加密方法、装置、计算机设备及存储介质

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532393A (zh) * 2020-11-20 2021-03-19 杭州趣链科技有限公司 一种跨链交易的验证方法、中继链节点设备及介质
CN114629901A (zh) * 2020-12-14 2022-06-14 北京金山云网络技术有限公司 一种基于BaaS的区块链上数据共享方法、装置及设备
CN112702354A (zh) * 2020-12-29 2021-04-23 国家电网有限公司大数据中心 一种基于区块链技术的数据资源共享追溯方法及装置
CN112702354B (zh) * 2020-12-29 2023-08-11 国家电网有限公司大数据中心 一种基于区块链技术的数据资源共享追溯方法及装置
CN112925850A (zh) * 2021-02-25 2021-06-08 京信数据科技有限公司 一种区块链数据加密上链方法、上链共享方法及装置
CN112925850B (zh) * 2021-02-25 2022-07-08 京信数据科技有限公司 一种区块链数据加密上链共享方法及装置
CN113949552A (zh) * 2021-10-13 2022-01-18 广州广电运通金融电子股份有限公司 一种大文件加解密系统、方法、存储介质和设备
CN114095214A (zh) * 2021-10-29 2022-02-25 上海热线信息网络有限公司 一种基于区块链nft技术的加、解密方法及装置、设备及介质
CN114095214B (zh) * 2021-10-29 2023-12-12 上海热线信息网络有限公司 一种基于区块链nft技术的加、解密方法及装置、设备及介质
CN114124402A (zh) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 一种资源受限环境下的分布式数据安全交换共享方法
CN114124402B (zh) * 2021-11-03 2024-05-14 国家工业信息安全发展研究中心 一种资源受限环境下的分布式数据安全交换共享方法
CN114095165A (zh) * 2021-11-22 2022-02-25 中国建设银行股份有限公司 密钥更新方法、服务端设备、客户端设备及存储介质
CN114095165B (zh) * 2021-11-22 2024-04-26 中国建设银行股份有限公司 密钥更新方法、服务端设备、客户端设备及存储介质
CN114465778A (zh) * 2022-01-07 2022-05-10 上海佰贝网络工程技术有限公司 基于历史数据默契的信息传输方法、装置、设备及介质
CN114760111A (zh) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 基于区块链的文件保密方法及文件保密装置

Also Published As

Publication number Publication date
CN110061845A (zh) 2019-07-26

Similar Documents

Publication Publication Date Title
WO2020181845A1 (fr) Procédé et dispositif de chiffrement de données de chaîne de blocs, appareil informatique et support d'informations
KR102263325B1 (ko) 신뢰 실행 환경에서 스마트 계약 동작을 안전하게 실행하는 방법
US9609024B2 (en) Method and system for policy based authentication
WO2019214070A1 (fr) Procédé de chiffrement pour communication d'utilisateur sur une chaîne de blocs, appareil, dispositif de terminal et support de stockage
US8059818B2 (en) Accessing protected data on network storage from multiple devices
WO2019136959A1 (fr) Dispositif et procédé de traitement de données, dispositif informatique et support d'informations
JP2020524421A (ja) トラステッド実行環境のための分散型鍵管理
CN101102180B (zh) 基于硬件安全单元的系统间绑定及平台完整性验证方法
JP2023500570A (ja) コールドウォレットを用いたデジタルシグニチャ生成
US11616643B2 (en) System and method of management of a shared cryptographic account
WO2020252611A1 (fr) Procédé d'interaction de données et équipements associés
CN112383391A (zh) 基于数据属性授权的数据安全保护方法、存储介质及终端
CN114584307A (zh) 一种可信密钥管理方法、装置、电子设备和存储介质
WO2022134812A1 (fr) Procédé de traitement de données multi-institutionnelles à base de chaîne de blocs de consortium, appareil et dispositif associé
CN107066885A (zh) 跨平台可信中间件的实现系统及实现方法
CN114500069A (zh) 一种电子合同的存储及共享的方法与系统
CN113726772B (zh) 实现在线问诊会话的方法、装置、设备及存储介质
CN112187767A (zh) 基于区块链的多方合同共识系统、方法及介质
US20230028854A1 (en) System and method of cryptographic key management in a plurality of blockchain based computer networks
CN114553557B (zh) 密钥调用方法、装置、计算机设备和存储介质
CN111460463A (zh) 电子存证保存和公证方法、装置、设备及存储介质
US11700251B1 (en) Modification of device behavior for use in secure networking
CN113328860A (zh) 一种基于区块链的用户隐私数据安全提供方法
Priya et al. A survey: attribute based encryption for secure cloud
US20240048361A1 (en) Key Management for Cryptography-as-a-service and Data Governance Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19918991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03.11.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19918991

Country of ref document: EP

Kind code of ref document: A1