WO2021012548A1 - Blockchain-based data processing method and system, and electronic apparatus and storage medium - Google Patents

Blockchain-based data processing method and system, and electronic apparatus and storage medium Download PDF

Info

Publication number
WO2021012548A1
WO2021012548A1 PCT/CN2019/120890 CN2019120890W WO2021012548A1 WO 2021012548 A1 WO2021012548 A1 WO 2021012548A1 CN 2019120890 W CN2019120890 W CN 2019120890W WO 2021012548 A1 WO2021012548 A1 WO 2021012548A1
Authority
WO
WIPO (PCT)
Prior art keywords
field
independent
key
data
blockchain
Prior art date
Application number
PCT/CN2019/120890
Other languages
French (fr)
Chinese (zh)
Inventor
何万涛
杨扬
谢丹力
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021012548A1 publication Critical patent/WO2021012548A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present application relates to blockchain technology. Provided are a blockchain-based data processing method and system, and an electronic device and a storage medium. The method comprises: acquiring original data to be uploaded, identifying each independent field in the original data, and converting each independent field into key-value pair format data, wherein a pre-set field mark corresponding to each independent field in the key-value pair format data is a key, and a field value corresponding thereto is a value; performing hash calculation on the pre-set field mark corresponding to each independent field to obtain a corresponding confusion mark; performing calculation according to a pre-set calculation rule and by means of the confusion mark corresponding to each independent field so as to obtain a corresponding field encryption key; encrypting the field value of each independent field by means of a pre-set encryption algorithm and on the basis of the field encryption key corresponding to each independent field so as to obtain an encrypted field; and uploading, to a blockchain, the confusion mark and the encrypted field corresponding to each independent field in the original data. The present application realizes authorized access to part of fields of data in a blockchain.

Description

基于区块链的数据处理方法、系统、电子装置及存储介质Block chain-based data processing method, system, electronic device and storage medium
本申请要求于2019年7月25日提交中国专利局、申请号为201910674033.7,申请名称为“基于区块链的数据处理方法、电子装置及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on July 25, 2019, the application number is 201910674033.7, and the application name is "Blockchain-based data processing methods, electronic devices and readable storage media". The entire content is incorporated in the application by reference.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种基于区块链的数据处理方法、系统、电子装置及存储介质。This application relates to the field of blockchain technology, and in particular to a data processing method, system, electronic device, and storage medium based on blockchain.
背景技术Background technique
在区块链联盟链的场景下,企业数据上链,都是利用一个统一的密钥对整条数据进行加密后以密文方式保存的。而有的数据中包含有多项内容,例如,将一个单据作为一条上链内容,一个单据中通常又包含有很多项内容。企业在把一个单据授权给业务相关方时,有时候不希望业务相关方看到单据的所有内容。发明人意识到现有技术中将数据授权给业务相关方时,业务相关方都能看到数据的所有内容,无法使业务相关方只能看到企业授权给其查看的数据中的部分字段信息。In the scenario of the blockchain alliance chain, the enterprise data is stored in ciphertext after the entire data is encrypted with a unified key when it is uploaded to the chain. And some data contains multiple contents. For example, if a document is used as a piece of content on the chain, a document usually contains many items. When an enterprise authorizes a document to a business related party, sometimes it does not want the business related party to see all the contents of the document. The inventor realizes that when data is authorized to business related parties in the prior art, the business related parties can see all the content of the data, and it is impossible for the business related parties to see only part of the field information in the data authorized by the enterprise to view. .
发明内容Summary of the invention
本申请的目的在于提供一种基于区块链的数据处理方法、系统、电子装置及存储介质,旨在实现对区块链中数据的部分字段授权访问。The purpose of this application is to provide a blockchain-based data processing method, system, electronic device, and storage medium, aiming to achieve authorized access to some fields of data in the blockchain.
为实现上述目的,本发明提供一种电子装置,所述电子装置包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的基于区块链的数据处理系统,所述基于区块链的数据处理系统被所述处理器执行时实现如下步骤:To achieve the above objective, the present invention provides an electronic device, the electronic device includes a memory and a processor, the memory stores a blockchain-based data processing system that can run on the processor, and the When the data processing system of the blockchain is executed by the processor, the following steps are implemented:
获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Perform hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
此外,为实现上述目的,本申请还提供一种基于区块链的数据处理方法,所述基于区块链的数据处理方法包括:In addition, in order to achieve the above objective, this application also provides a blockchain-based data processing method. The blockchain-based data processing method includes:
获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预 设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Perform hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
进一步地,为实现上述目的,本申请还提供一种基于区块链的数据处理系统,所述基于区块链的数据处理系统包括:Further, in order to achieve the above objective, this application also provides a blockchain-based data processing system, and the blockchain-based data processing system includes:
转化模块,用于获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;The conversion module is used to obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, the key-value pair format data The preset field corresponding to each independent field is marked as a key and the field value is a value;
第一计算模块,用于对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;The first calculation module is configured to perform a hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
第二计算模块,用于根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;The second calculation module is configured to calculate the field encryption key corresponding to each independent field according to the preset calculation rule and using the confusion mark corresponding to each independent field;
加密模块,用于基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;The encryption module is used to encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
上传模块,用于将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。The upload module is used to upload the obfuscation mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that the business related parties can find out from the blockchain according to the obfuscation mark of the authorized field The corresponding encrypted field is decrypted to obtain the field value of the authorized field.
进一步地,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行上述基于区块链的数据处理方法。Further, in order to achieve the above-mentioned object, the present application also provides a computer-readable storage medium having computer instructions stored in the computer-readable storage medium. When the computer instructions run on the computer, the computer executes the above-mentioned area-based Block chain data processing method.
本申请提出的基于区块链的数据处理方法、系统、电子装置及存储介质,通过将原始数据中各个独立字段转化为以预设字段标示为键、字段值为值的键值对格式数据,对各个独立字段对应的预设字段标示进行哈希计算得到对应的混淆标示,并利用混淆标示计算得到各个独立字段对应的字段加密密钥;基于各个独立字段对应的字段加密密钥对各个独立字段的字段值进行加密,得到加密字段;将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中。由于能区分出数据中的各个独立字段,并对各个独立字段分别进行加密后再上传至区块链中,业务相关方可从所述区块链中找出部分授权字段对应的加密字段并进行解密获取部分授权字段的字段值,业务相关方对没有对其授权的部分字段则无法进行解密,也无法获取到未授权字段的字段值,从而实现控制业务相关方对区块链中数据的部分字段授权访问。而且,由于是利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥,因此,对各个独立字段的字段值进行加密的字段加密密钥均不相同,安全性更高。The blockchain-based data processing method, system, electronic device, and storage medium proposed in this application convert each independent field in the original data into key-value pair format data marked with a preset field as a key and field value. Perform hash calculation on the preset field label corresponding to each independent field to obtain the corresponding confusion label, and use the confusion label to calculate the field encryption key corresponding to each independent field; pair each independent field based on the field encryption key corresponding to each independent field The field value of is encrypted to obtain an encrypted field; the confusion mark and the encrypted field corresponding to each independent field in the original data are uploaded to the blockchain. Since each independent field in the data can be distinguished, and each independent field is encrypted before uploading to the blockchain, business parties can find out the encrypted fields corresponding to some authorized fields from the blockchain and perform Decrypt to obtain the field values of some authorized fields. The business-related parties cannot decrypt some of the fields that are not authorized to them, nor can they obtain the field values of the unauthorized fields, so as to control the part of the data in the blockchain by the business-related parties. Field authorization access. Moreover, since the field encryption key corresponding to each independent field is calculated by using the confusion indicator corresponding to each independent field, the field encryption key for encrypting the field value of each independent field is different, and the security is higher.
附图说明Description of the drawings
图1为本申请基于区块链的数据处理系统较佳实施例的运行环境示意图;Figure 1 is a schematic diagram of the operating environment of a preferred embodiment of a blockchain-based data processing system according to this application;
图2为本申请基于区块链的数据处理系统较佳实施例的程序模块图;FIG. 2 is a program module diagram of a preferred embodiment of a blockchain-based data processing system of this application;
图3为本申请基于区块链的数据处理方法较佳实施例的流程示意图。FIG. 3 is a schematic flowchart of a preferred embodiment of a data processing method based on blockchain in this application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of this application clearer, the following further describes this application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the application, and not used to limit the application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions related to "first", "second", etc. in this application are only for descriptive purposes, and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. . Therefore, the features defined with "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on what can be achieved by a person of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be achieved, it should be considered that such a combination of technical solutions does not exist. , Not within the scope of protection required by this application.
本申请提供一种基于区块链的数据处理系统。请参阅图1,是本申请基于区块链的数据处理系统10较佳实施例的运行环境示意图。This application provides a data processing system based on blockchain. Please refer to FIG. 1, which is a schematic diagram of the operating environment of the preferred embodiment of the blockchain-based data processing system 10 of the present application.
在本实施例中,所述的基于区块链的数据处理系统10安装并运行于电子装置1中。该电子装置1是一种能够按照事先设定或者存储的指令,自动进行数值计算和/或信息处理的设备。所述电子装置1可以是计算机、也可以是单个网络服务器、多个网络服务器组成的服务器组或者基于云计算的由大量主机或者网络服务器构成的云,其中云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个超级虚拟计算机。In this embodiment, the blockchain-based data processing system 10 is installed and operated in the electronic device 1. The electronic device 1 is a device capable of automatically performing numerical calculation and/or information processing in accordance with pre-set or stored instructions. The electronic device 1 may be a computer, a single web server, a server group composed of multiple web servers, or a cloud composed of a large number of hosts or web servers based on cloud computing, where cloud computing is a type of distributed computing, A super virtual computer composed of a group of loosely coupled computer sets.
在本实施例中,电子装置1可包括,但不仅限于,可通过系统总线相互通信连接的存储器11、处理器12、网络接口13,存储器11存储有可在处理器12上运行的基于区块链的数据处理系统10。需要指出的是,图1仅示出了具有组件11-13的电子装置1,但是应当理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。In this embodiment, the electronic device 1 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can be communicatively connected to each other through a system bus. The memory 11 stores block-based blocks that can run on the processor 12. Chain of data processing system 10. It should be pointed out that FIG. 1 only shows the electronic device 1 with the components 11-13, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
其中,存储器11包括内存及至少一种类型的可读存储介质。内存为电子装置1的运行提供缓存;可读存储介质可为如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等的非易失性存储介质。在一些实施例中,可读存储介质可以是电子装置1的内部存储单元,例如该电子装置1的硬盘;在另一些实施例中,该非易失性存储介质也可以是电子装置1的外部存储设备,例如电子装置1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。本实施例中,存储器11的可读存储介质通常用于存储安装于电子装置1的操作系统和各类应用软件,例如存储本申请一实施例中的基于区块链的数据处理系统10等。此外,存储器11还可以 用于暂时地存储已经输出或者将要输出的各类数据。Among them, the memory 11 includes a memory and at least one type of readable storage medium. The memory provides a cache for the operation of the electronic device 1; the readable storage medium can be, for example, flash memory, hard disk, multimedia card, card type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM) ), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disks, optical disks and other non-volatile storage media. In some embodiments, the readable storage medium may be an internal storage unit of the electronic device 1, such as the hard disk of the electronic device 1. In other embodiments, the non-volatile storage medium may also be an external storage unit of the electronic device 1. Storage devices, such as plug-in hard disks, Smart Media Card (SMC), Secure Digital (SD) cards, Flash Cards, etc., equipped on the electronic device 1. In this embodiment, the readable storage medium of the memory 11 is generally used to store the operating system and various application software installed in the electronic device 1, for example, to store the blockchain-based data processing system 10 in an embodiment of the present application. In addition, the memory 11 can also be used to temporarily store various types of data that have been output or will be output.
所述处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器12通常用于控制所述电子装置1的总体操作,例如执行与所述其他设备进行数据交互或者通信相关的控制和处理等。本实施例中,所述处理器12用于运行所述存储器11中存储的程序代码或者处理数据,例如基于区块链的数据处理系统10等。The processor 12 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 12 is generally used to control the overall operation of the electronic device 1, such as performing data interaction or communication-related control and processing with the other equipment. In this embodiment, the processor 12 is used to run program codes or process data stored in the memory 11, for example, a data processing system 10 based on a blockchain.
所述网络接口13可包括无线网络接口或有线网络接口,该网络接口13通常用于在所述电子装置1与其他电子设备之间建立通信连接。The network interface 13 may include a wireless network interface or a wired network interface. The network interface 13 is generally used to establish a communication connection between the electronic device 1 and other electronic devices.
基于区块链的数据处理系统10包括至少一个存储在所述存储器11中的计算机可读指令,该至少一个计算机可读指令可被所述处理器12执行,以实现本申请各实施例。The blockchain-based data processing system 10 includes at least one computer-readable instruction stored in the memory 11, and the at least one computer-readable instruction can be executed by the processor 12 to implement various embodiments of the present application.
其中,上述基于区块链的数据处理系统10被所述处理器12执行时实现如下步骤:Wherein, the aforementioned blockchain-based data processing system 10 implements the following steps when executed by the processor 12:
步骤S1,获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Step S1: Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein the key-value pair format data is The preset field corresponding to each independent field is marked as a key, and the field value is a value;
步骤S2,对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Step S2: Perform a hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
步骤S3,根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Step S3, calculating the field encryption key corresponding to each independent field according to the preset calculation rule and using the confusion mark corresponding to each independent field;
步骤S4,基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Step S4, encrypting the field value of each independent field based on the field encryption key corresponding to each independent field and using a preset encryption algorithm to obtain an encrypted field;
步骤S5,将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Step S5: Upload the obfuscation flag and encrypted field corresponding to each independent field in the original data to the blockchain, so that the business related parties can find the corresponding obfuscation flag from the blockchain according to the obfuscation flag of the authorized field Encrypt the field and decrypt the found encrypted field to obtain the field value of the authorized field.
本实施例中,首先获取待上传至区块链的原始数据,识别并区分出该原始数据中的各个独立字段,并将各个独立字段转化为键值对格式数据,其中,该键值对格式中以各个独立字段对应的字段标示为键、字段值为值。利用预设的各个独立字段对应的字段加密密钥使用预设加密算法对转化的各个键值对格式数据中的字段值进行加密,得到加密字段;同时,计算出各个独立字段的混淆标示。将该原始数据中各个独立字段对应的加密字段及其混淆标示上传至区块链中。当需要授权给业务相关方对该原始数据中某一字段的访问权限即读权限时,将该授权字段对应的字段加密密钥及其混淆标示发送至业务相关方。这样,业务相关方通过区块链获取到该原始数据中各个独立字段对应的加密字段及其混淆标示,并调取预先授权给业务相关方的该授权字段对应的字段加密密钥及其混淆标示,利用该授权字段对应的混淆标示找出从区块链上获取到的该原始数据中的独立字段即授权字段,并获取该授权字段对应的加密字段,利用该授权字段对应的字段加密密钥对获取的加密字段进行解密,即可解密得到该授权字段的数据内容即字段值。而由于业务相关方没有该原始数据中除了授权字段以外其他字段的字段加密密钥,因此,业务相关方无法解密获取到该原始数据中除了授权字段以外其他字段的数据内容。从而实现数据按字段加密,并可按字 段授权,在区块链上实现数据共享的同时,能够隐藏掉不希望业务相关方看到的字段信息。In this embodiment, first obtain the original data to be uploaded to the blockchain, identify and distinguish each independent field in the original data, and convert each independent field into key-value pair format data, where the key-value pair format The field corresponding to each independent field is marked as the key and the field value is the value. The field value in the format data is encrypted using the preset encryption algorithm using the preset field encryption key corresponding to each independent field to obtain the encrypted field; at the same time, the confusion mark of each independent field is calculated. Upload the encrypted fields and their confusion marks corresponding to each independent field in the original data to the blockchain. When it is necessary to authorize a business-related party to access a certain field in the original data, that is, read permission, the field encryption key corresponding to the authorized field and its confusion flag are sent to the business-related party. In this way, the business related party obtains the encrypted field and its confusion mark corresponding to each independent field in the original data through the blockchain, and retrieves the field encryption key and its confusion mark corresponding to the authorized field pre-authorized to the business related party Use the confusion mark corresponding to the authorized field to find out the independent field in the original data obtained from the blockchain, namely the authorized field, and obtain the encrypted field corresponding to the authorized field, and use the field encryption key corresponding to the authorized field Decrypt the obtained encrypted field to obtain the data content of the authorized field, that is, the field value. Since the business-related party does not have the field encryption keys of fields other than the authorized field in the original data, the business-related party cannot decrypt the data content of the fields other than the authorized field in the original data. In this way, data can be encrypted by field and can be authorized by field. While data sharing is realized on the blockchain, field information that is not expected to be seen by business related parties can be hidden.
本实施例中能够对独立的字段进行单独加密,这样在授权的时候,可以只授权部分字段的读权限。因此,需要先识别出待上传至区块链的原始数据中的各个独立字段。在一种可选的实施方式中,在获取到待上传至区块链的原始数据后,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。例如,可使用json格式传参,以在接口参数中能够区分出原始数据中各个独立的字段,并利用json格式将原始数据中各个独立字段转化为键值对格式数据。本实施例中使用json格式来区分原始数据中各个独立字段具有以下好处:(1)、这种方式使得底层实现不需要关心上层的数据结构或字段名称;(2)、区块链是一个{key,value}格式的共享数据库,json格式恰好也是key-value对格式,利用json格式区分出的各个独立字段能更方便的在区块链上流转。当然,除了json格式,本实施例中还可以利用其它类似数据结构为{key,value}键值对格式来区分原始数据中的独立字段,例如,可利用HashMap格式,传入一个HashMap<key,object>的数组。In this embodiment, independent fields can be individually encrypted, so that when authorizing, only partial fields can be authorized to read permissions. Therefore, it is necessary to first identify each independent field in the original data to be uploaded to the blockchain. In an optional implementation manner, after obtaining the original data to be uploaded to the blockchain, the original data is converted into json data, and the key-value pair in the converted json data is identified as the original data The key-value pair format data corresponding to each independent field in. For example, the json format can be used to pass parameters, so that each independent field in the original data can be distinguished in the interface parameters, and each independent field in the original data can be converted into key-value pair format data using the json format. In this embodiment, using the json format to distinguish the individual fields in the original data has the following advantages: (1) This approach makes the underlying implementation need not care about the upper data structure or field names; (2) the blockchain is a { For shared databases in the key, value} format, the json format is also a key-value pair format. The independent fields distinguished by the json format can be more conveniently transferred on the blockchain. Of course, in addition to the json format, in this embodiment, other similar data structures such as {key, value} key-value pair format can also be used to distinguish independent fields in the original data. For example, a HashMap format can be used to pass in a HashMap<key, object> array.
在将原始数据中的各个独立字段转化为键值对格式数据后,对转化的各个键值对格式数据中的字段值进行加密,得到加密字段;同时,计算出各个独立字段的混淆标示。首先,区块链是一个{key,value}格式的共享数据库,本实施例中由于是利用json格式将各个独立字段(如字段1、字段2、字段3……)转化为键值对格式数据,因此区块链的共享数据库的value是一个json格式,即:区块链的共享数据库的value={“字段1标示”:“字段1的value”,“字段2标示”:“字段2的value”,“字段3标示”:“字段3的value”,……}。本实施例中是将每个“字段1标示”:“字段1的value”作为一个整体进行处理;对各个独立字段的字段值如“字段1的value”进行加密,得到加密字段,同时,计算:字段1的混淆标示=hash(字段1标示),即对每个字段预设的标示进行哈希运算后得到的哈希值作为每个字段的混淆标示。因此,加密完后区块链上的存储结果为:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>。其中,加密时采用的加密算法包括但不限于AES128加密算法等。关于加密时每个字段的加密密钥的来源,在一种可选的实施方式中,首先,预设有整条数据的数据加密密钥x,x为密码学安全的随机数;其次,使用密钥衍生算法生成每个独立字段的密钥,本实施例中的密钥衍生算法包括但不限于:密钥派生函数KDF3(Key Derivation Function 3)算法。其中KDF3算法的公式为:衍生密钥=KDF(x,salt,y);在本实施例中,y为预先设置的迭代次数,例如可固定为10000,salt为独立字段对应的混淆标示,x为预设的整条数据的数据加密密钥x,最终计算得到的衍生密钥即为各个独立字段对应的字段加密密钥。After the individual fields in the original data are converted into key-value pair format data, the field values in the converted key-value pair format data are encrypted to obtain the encrypted field; at the same time, the confusion label of each independent field is calculated. First, the blockchain is a shared database in {key, value} format. In this embodiment, the json format is used to convert individual fields (such as field 1, field 2, field 3...) into key-value pair format data , So the value of the shared database of the blockchain is a json format, that is: the value of the shared database of the blockchain={"field 1 mark": "field 1 value", "field 2 mark": "field 2 value", "field 3 label": "field 3 value", ...}. In this embodiment, each "field 1 mark": "value of field 1" is processed as a whole; the field value of each independent field such as "value of field 1" is encrypted to obtain the encrypted field, and at the same time, calculate : Confusion mark of field 1=hash (field 1 mark), that is, the hash value obtained after hashing the preset mark of each field is used as the confusion mark of each field. Therefore, the storage result on the blockchain after encryption is: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]> . Among them, the encryption algorithm used during encryption includes but is not limited to the AES128 encryption algorithm. Regarding the source of the encryption key for each field during encryption, in an optional implementation, first, a data encryption key x for the entire piece of data is preset, where x is a cryptographically secure random number; secondly, use The key derivation algorithm generates a key for each independent field. The key derivation algorithm in this embodiment includes but is not limited to: the key derivation function KDF3 (Key Derivation Function 3) algorithm. The formula of the KDF3 algorithm is: derived key=KDF(x, salt, y); in this embodiment, y is the preset number of iterations, for example, can be fixed to 10000, salt is the confusion flag corresponding to the independent field, x It is the preset data encryption key x of the entire piece of data, and the finally calculated derived key is the field encryption key corresponding to each independent field.
在本实施例中,当用户希望授权相关业务方查看字段2的value的时候,用户可以仅仅授权字段2的加密密钥给业务方,而业务方,却依然不能查看除了字段2之外的其他字段,即业务方只能看到原始数据中被授权查看的字段的内容,而不能看到整条原始数据的内容,从而实现数据按字段加密,并可按字段授权。在进行解密时,区块链上的存储结果为:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>,当用户想要授权字段2的时候,用户需要将key,字段2对应的 加密密钥,以及字段2的混淆标示发送给被授权方;被授权方,通过key和字段2的混淆标示,找到加密字段2;并用字段2对应的加密密钥对加密字段2进行解密,拿到数据。In this embodiment, when the user wants to authorize the relevant business party to view the value of field 2, the user can only authorize the encryption key of field 2 to the business party, but the business party still cannot view anything other than field 2. Fields, that is, the business party can only see the contents of the fields that are authorized to be viewed in the original data, but cannot see the contents of the entire original data, so that the data can be encrypted by field and can be authorized by field. When decrypting, the storage result on the blockchain is: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]> , When the user wants to authorize field 2, the user needs to send the key, the encryption key corresponding to field 2, and the confusion mark of field 2 to the authorized party; the authorized party, through the confusion mark of key and field 2, find Encrypt field 2; and use the encryption key corresponding to field 2 to decrypt encrypted field 2 to get the data.
本实施例中,通过将原始数据中各个独立字段转化为以预设字段标示为键、字段值为值的键值对格式数据,对各个独立字段对应的预设字段标示进行哈希计算得到对应的混淆标示,并利用混淆标示计算得到各个独立字段对应的字段加密密钥;基于各个独立字段对应的字段加密密钥对各个独立字段的字段值进行加密,得到加密字段;将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中。由于能区分出数据中的各个独立字段,并对各个独立字段分别进行加密后再上传至区块链中,业务相关方可从所述区块链中找出部分授权字段对应的加密字段并进行解密获取部分授权字段的字段值,业务相关方对没有对其授权的部分字段则无法进行解密,也无法获取到未授权字段的字段值,从而实现控制业务相关方对区块链中数据的部分字段授权访问。而且,由于是利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥,因此,对各个独立字段的字段值进行加密的字段加密密钥均不相同,安全性更高。In this embodiment, by converting each independent field in the original data into key-value pair format data with a preset field marked as a key and field value, a hash calculation is performed on the preset field marking corresponding to each independent field to obtain the corresponding And calculate the field encryption key corresponding to each independent field by using the confusion sign; encrypt the field value of each independent field based on the field encryption key corresponding to each independent field to obtain the encrypted field; add the original data The confusion mark and the encrypted field corresponding to each independent field are uploaded to the blockchain. Since each independent field in the data can be distinguished, and each independent field is encrypted before uploading to the blockchain, business parties can find out the encrypted fields corresponding to some authorized fields from the blockchain and perform Decrypt to obtain the field values of some authorized fields. The business-related parties cannot decrypt some of the fields that are not authorized to them, nor can they obtain the field values of the unauthorized fields, so as to control the part of the data in the blockchain by the business-related parties. Field authorization access. Moreover, since the field encryption key corresponding to each independent field is calculated by using the confusion indicator corresponding to each independent field, the field encryption key for encrypting the field value of each independent field is different, and the security is higher.
进一步地,在一种可选的实施方式中,在进行字段分段加密存储后,若需要对整条数据中的所有字段进行解密,可通过聚合多个密钥,把整条数据信息解密。具体可通过整条数据的加密密钥x,推导出所有字段的密钥,然后用所有字段的密钥解出每个字段,再将每个字段合并,返回上层。具体步骤如下:Further, in an optional implementation manner, after field segmented encryption and storage, if all fields in the entire piece of data need to be decrypted, the entire piece of data information can be decrypted by aggregating multiple keys. Specifically, the encryption key x of the entire data can be used to derive the keys of all fields, and then use the keys of all fields to solve each field, and then merge each field to return to the upper layer. Specific steps are as follows:
(1)、从区块链上获取到数据:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>。(1). Obtain data from the blockchain: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]>.
(2)、通过加密密钥x计算出所有字段的密钥:(2) Calculate the keys of all fields through the encryption key x:
字段1密钥=KDF(x,字段1的混淆标示,迭代次数);Field 1 key=KDF (x, confusion mark of field 1, iteration number);
字段2密钥=KDF(x,字段2的混淆标示,迭代次数);Field 2 key=KDF (x, confusion mark of field 2, number of iterations);
字段3密钥=KDF(x,字段3的混淆标示,迭代次数);Field 3 key=KDF (x, confusion mark of field 3, iteration number);
…….…….
(3)、对所有的字段进行解密,得到:(3) Decrypt all fields to get:
字段1标示”:“字段1的value”;Field 1 label": "The value of field 1";
字段2标示”:“字段2的value”;Field 2 mark": "The value of field 2";
字段3标示”:“字段3的value”;Field 3 mark": "value of field 3";
…….…….
(4)、将上述的字段整合,最后得到:(4) Integrate the above fields, and finally get:
value={“字段1标示”:“字段1的value”,“字段2标示”:“字段2的value”,“字段3标示”:“字段3的value”,……},返回上层。value={"field 1 flag": "field 1 value", "field 2 flag": "field 2 value", "field 3 flag": "field 3 value", ...}, return to the upper layer.
参照图2所示,为图1中基于区块链的数据处理系统10较佳实施例的功能模块图。所述基于区块链的数据处理系统10被分割为一个或者多个功能模块,该一个或者多个功能模块被存储于存储器11中,并由处理器12执行以完成本申请。本申请所称的“模块”是指 能够完成特定功能的一系列计算机程序指令集。在本实施例中,所述基于区块链的数据处理系统10被分割为:转化模块100、第一计算模块110、第二计算模块120、加密模块130、上传模块140。应该理解的是:在本实施例中,将所述基于区块链的数据处理系统10分割成转化模块100、第一计算模块110、第二计算模块120、加密模块130、上传模块140,仅仅是为了更清楚的表达出所述基于区块链的数据处理系统10所能实现的功能,并不用于限定所述基于区块链的数据处理系统10仅能或者必须分割成转化模块100、第一计算模块110、第二计算模块120、加密模块130、上传模块140,对本领域的技术人员来说,可以在其它实施例中,轻易将所述基于区块链的数据处理系统10分割成与本实施例不同的功能模块,在此不做赘述。Referring to FIG. 2, it is a functional module diagram of a preferred embodiment of the blockchain-based data processing system 10 in FIG. 1. The blockchain-based data processing system 10 is divided into one or more functional modules, and the one or more functional modules are stored in the memory 11 and executed by the processor 12 to complete the application. The "module" referred to in this application refers to a series of computer program instruction sets capable of completing specific functions. In this embodiment, the blockchain-based data processing system 10 is divided into: a conversion module 100, a first calculation module 110, a second calculation module 120, an encryption module 130, and an upload module 140. It should be understood that: in this embodiment, the blockchain-based data processing system 10 is divided into a conversion module 100, a first calculation module 110, a second calculation module 120, an encryption module 130, and an upload module 140. It is to express more clearly the functions that the blockchain-based data processing system 10 can achieve, and is not used to limit that the blockchain-based data processing system 10 can only or must be divided into conversion modules 100 and A calculation module 110, a second calculation module 120, an encryption module 130, and an upload module 140. For those skilled in the art, in other embodiments, the blockchain-based data processing system 10 can be easily divided into and The different functional modules in this embodiment will not be repeated here.
所述转化模块100,用于:获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;The conversion module 100 is configured to: obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, the key In the value pair format data, the preset field corresponding to each independent field is marked as a key, and the field value is a value;
所述第一计算模块110,用于:对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;The first calculation module 110 is configured to: perform a hash calculation on the preset field indicator corresponding to each independent field, and use the obtained hash calculation result as the confusion indicator corresponding to each independent field;
所述第二计算模块120,用于:根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;The second calculation module 120 is configured to: calculate a field encryption key corresponding to each independent field according to a preset calculation rule and using the confusion mark corresponding to each independent field;
所述加密模块130,用于:基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;The encryption module 130 is configured to: encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain an encrypted field;
所述上传模块140,用于:将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。The upload module 140 is configured to: upload the obfuscation indicator and the encrypted field corresponding to each independent field in the original data to the block chain, so that the relevant business party can read from the block according to the obfuscation indicator of the authorized field Find the corresponding encrypted field in the chain and decrypt the found encrypted field to obtain the field value of the authorized field.
可选的,上述的第二计算模块120具体用于:获取预先设置的原始数据对应的数据加密密钥,采用预设的密钥衍生算法对各个独立字段对应的混淆标示以及数据加密密钥进行计算,得到各个独立字段对应的字段加密密钥。Optionally, the above-mentioned second calculation module 120 is specifically configured to: obtain a data encryption key corresponding to the original data set in advance, and use a preset key derivation algorithm to perform the confusion mark and data encryption key corresponding to each independent field. Calculate to obtain the field encryption key corresponding to each independent field.
可选的,上述的预设的密钥衍生算法为密钥派生函数KDF3算法,公式如下:z=KDF(x,salt,y),其中,x为数据加密密钥,salt为各个独立字段对应的混淆标示,y为预先设置的迭代次数,z为计算得到的各个独立字段对应的字段加密密钥。Optionally, the above-mentioned preset key derivation algorithm is the key derivation function KDF3 algorithm, and the formula is as follows: z=KDF(x, salt, y), where x is the data encryption key, and salt corresponds to each independent field The confusion mark of, y is the preset number of iterations, and z is the calculated field encryption key corresponding to each independent field.
可选的,上述的转化模块100具体用于:获取待上传至区块链的原始数据,将原始数据转化为json数据,将转化的json数据中的键值对识别为原始数据中各个独立字段对应的键值对格式数据。Optionally, the above-mentioned conversion module 100 is specifically used to: obtain the original data to be uploaded to the blockchain, convert the original data into json data, and identify key-value pairs in the converted json data as individual fields in the original data The corresponding key-value pair format data.
上述转化模块100、第一计算模块110、第二计算模块120、加密模块130、上传模块140等程序模块被执行时所实现的功能或操作步骤与上述实施例大体相同,在此不再赘述。The functions or operation steps realized by the program modules such as the conversion module 100, the first calculation module 110, the second calculation module 120, the encryption module 130, and the upload module 140 when executed are substantially the same as those in the foregoing embodiment, and will not be repeated here.
如图3所示,图3为本申请基于区块链的数据处理方法较佳实施例的流程示意图,该基于区块链的数据处理方法包括以下步骤:As shown in FIG. 3, FIG. 3 is a schematic flowchart of a preferred embodiment of a blockchain-based data processing method according to this application. The blockchain-based data processing method includes the following steps:
步骤S10,获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字 段对应的预设字段标示为键、字段值为值;Step S10: Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein the key-value pair format data is The preset field corresponding to each independent field is marked as a key, and the field value is a value;
步骤S20,对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Step S20: Perform a hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
步骤S30,根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Step S30, calculating the field encryption key corresponding to each independent field according to the preset calculation rule and using the confusion indicator corresponding to each independent field;
步骤S40,基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Step S40, encrypting the field value of each independent field based on the field encryption key corresponding to each independent field and using a preset encryption algorithm to obtain an encrypted field;
步骤S50,将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Step S50: Upload the obfuscation flag and encrypted field corresponding to each independent field in the original data to the blockchain, so that the business related parties can find the corresponding obfuscation flag and encrypted field from the blockchain according to the obfuscation flag of the authorized field. Encrypt the field and decrypt the found encrypted field to obtain the field value of the authorized field.
本实施例中,首先获取待上传至区块链的原始数据,识别并区分出该原始数据中的各个独立字段,并将各个独立字段转化为键值对格式数据,其中,该键值对格式中以各个独立字段对应的字段标示为键、字段值为值。利用预设的各个独立字段对应的字段加密密钥使用预设加密算法对转化的各个键值对格式数据中的字段值进行加密,得到加密字段;同时,计算出各个独立字段的混淆标示。将该原始数据中各个独立字段对应的加密字段及其混淆标示上传至区块链中。当需要授权给业务相关方对该原始数据中某一字段的访问权限即读权限时,将该授权字段对应的字段加密密钥及其混淆标示发送至业务相关方。这样,业务相关方通过区块链获取到该原始数据中各个独立字段对应的加密字段及其混淆标示,并调取预先授权给业务相关方的该授权字段对应的字段加密密钥及其混淆标示,利用该授权字段对应的混淆标示找出从区块链上获取到的该原始数据中的独立字段即授权字段,并获取该授权字段对应的加密字段,利用该授权字段对应的字段加密密钥对获取的加密字段进行解密,即可解密得到该授权字段的数据内容即字段值。而由于业务相关方没有该原始数据中除了授权字段以外其他字段的字段加密密钥,因此,业务相关方无法解密获取到该原始数据中除了授权字段以外其他字段的数据内容。从而实现数据按字段加密,并可按字段授权,在区块链上实现数据共享的同时,能够隐藏掉不希望业务相关方看到的字段信息。In this embodiment, first obtain the original data to be uploaded to the blockchain, identify and distinguish each independent field in the original data, and convert each independent field into key-value pair format data, where the key-value pair format The field corresponding to each independent field is marked as the key and the field value is the value. The field value in the format data is encrypted using the preset encryption algorithm using the preset field encryption key corresponding to each independent field to obtain the encrypted field; at the same time, the confusion mark of each independent field is calculated. Upload the encrypted fields and their confusion marks corresponding to each independent field in the original data to the blockchain. When it is necessary to authorize a business-related party to access a certain field in the original data, that is, read permission, the field encryption key corresponding to the authorized field and its confusion flag are sent to the business-related party. In this way, the business related party obtains the encrypted field and its confusion mark corresponding to each independent field in the original data through the blockchain, and retrieves the field encryption key and its confusion mark corresponding to the authorized field pre-authorized to the business related party Use the confusion mark corresponding to the authorized field to find out the independent field in the original data obtained from the blockchain, namely the authorized field, and obtain the encrypted field corresponding to the authorized field, and use the field encryption key corresponding to the authorized field Decrypt the obtained encrypted field to obtain the data content of the authorized field, that is, the field value. Since the business-related party does not have the field encryption keys of fields other than the authorized field in the original data, the business-related party cannot decrypt the data content of the fields other than the authorized field in the original data. In this way, data can be encrypted by field and authorized by field. While data sharing is realized on the blockchain, field information that is not expected to be seen by business related parties can be hidden.
本实施例中能够对独立的字段进行单独加密,这样在授权的时候,可以只授权部分字段的读权限。因此,需要先识别出待上传至区块链的原始数据中的各个独立字段。在一种可选的实施方式中,在获取到待上传至区块链的原始数据后,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。例如,可使用json格式传参,以在接口参数中能够区分出原始数据中各个独立的字段,并利用json格式将原始数据中各个独立字段转化为键值对格式数据。本实施例中使用json格式来区分原始数据中各个独立字段具有以下好处:(1)、这种方式使得底层实现不需要关心上层的数据结构或字段名称;(2)、区块链是一个{key,value}格式的共享数据库,json格式恰好也是key-value对格式,利用json格式区分出的各个独立字段能更方便的在区块链上流转。当然,除了json格式,本实施例中还可以利用其它类似数据结构为{key,value}键值对格式来区分原始数据中的独立字段,例如,可利用HashMap格式,传入一个HashMap<key,object>的数组。In this embodiment, independent fields can be individually encrypted, so that when authorizing, only partial fields can be authorized to read permissions. Therefore, it is necessary to first identify each independent field in the original data to be uploaded to the blockchain. In an optional implementation manner, after obtaining the original data to be uploaded to the blockchain, the original data is converted into json data, and the key-value pair in the converted json data is identified as the original data The key-value pair format data corresponding to each independent field in. For example, the json format can be used to pass parameters, so that each independent field in the original data can be distinguished in the interface parameters, and each independent field in the original data can be converted into key-value pair format data using the json format. In this embodiment, using the json format to distinguish the individual fields in the original data has the following advantages: (1) This approach makes the underlying implementation need not care about the upper data structure or field names; (2) the blockchain is a { For shared databases in the key, value} format, the json format is also a key-value pair format. The independent fields distinguished by the json format can be more conveniently transferred on the blockchain. Of course, in addition to the json format, in this embodiment, other similar data structures such as {key, value} key-value pair format can also be used to distinguish independent fields in the original data. For example, a HashMap format can be used to pass in a HashMap<key, object> array.
在将原始数据中的各个独立字段转化为键值对格式数据后,对转化的各个键值对格式数据中的字段值进行加密,得到加密字段;同时,计算出各个独立字段的混淆标示。首先,区块链是一个{key,value}格式的共享数据库,本实施例中由于是利用json格式将各个独立字段(如字段1、字段2、字段3……)转化为键值对格式数据,因此区块链的共享数据库的value是一个json格式,即:区块链的共享数据库的value={“字段1标示”:“字段1的value”,“字段2标示”:“字段2的value”,“字段3标示”:“字段3的value”,……}。本实施例中是将每个“字段1标示”:“字段1的value”作为一个整体进行处理;对各个独立字段的字段值如“字段1的value”进行加密,得到加密字段,同时,计算:字段1的混淆标示=hash(字段1标示),即对每个字段预设的标示进行哈希运算后得到的哈希值作为每个字段的混淆标示。因此,加密完后区块链上的存储结果为:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>。其中,加密时采用的加密算法包括但不限于AES128加密算法等。关于加密时每个字段的加密密钥的来源,在一种可选的实施方式中,首先,预设有整条数据的数据加密密钥x,x为密码学安全的随机数;其次,使用密钥衍生算法生成每个独立字段的密钥,本实施例中的密钥衍生算法包括但不限于:密钥派生函数KDF3(Key Derivation Function 3)算法。其中KDF3算法的公式为:衍生密钥=KDF(x,salt,y);在本实施例中,y为预先设置的迭代次数,例如可固定为10000,salt为独立字段对应的混淆标示,x为预设的整条数据的数据加密密钥x,最终计算得到的衍生密钥即为各个独立字段对应的字段加密密钥。After the individual fields in the original data are converted into key-value pair format data, the field values in the converted key-value pair format data are encrypted to obtain the encrypted field; at the same time, the confusion label of each independent field is calculated. First, the blockchain is a shared database in {key, value} format. In this embodiment, the json format is used to convert individual fields (such as field 1, field 2, field 3...) into key-value pair format data , So the value of the shared database of the blockchain is a json format, that is: the value of the shared database of the blockchain={"field 1 mark": "field 1 value", "field 2 mark": "field 2 value", "field 3 label": "field 3 value", ...}. In this embodiment, each "field 1 mark": "value of field 1" is processed as a whole; the field value of each independent field such as "value of field 1" is encrypted to obtain the encrypted field, and at the same time, calculate : Confusion mark of field 1=hash (field 1 mark), that is, the hash value obtained after hashing the preset mark of each field is used as the confusion mark of each field. Therefore, the storage result on the blockchain after encryption is: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]> . Among them, the encryption algorithm used during encryption includes but is not limited to the AES128 encryption algorithm. Regarding the source of the encryption key for each field during encryption, in an optional implementation, first, a data encryption key x for the entire piece of data is preset, where x is a cryptographically secure random number; secondly, use The key derivation algorithm generates a key for each independent field. The key derivation algorithm in this embodiment includes but is not limited to: the key derivation function KDF3 (Key Derivation Function 3) algorithm. The formula of the KDF3 algorithm is: derived key=KDF(x, salt, y); in this embodiment, y is the preset number of iterations, for example, can be fixed to 10000, salt is the confusion flag corresponding to the independent field, x It is the preset data encryption key x of the entire piece of data, and the finally calculated derived key is the field encryption key corresponding to each independent field.
在本实施例中,当用户希望授权相关业务方查看字段2的value的时候,用户可以仅仅授权字段2的加密密钥给业务方,而业务方,却依然不能查看除了字段2之外的其他字段,即业务方只能看到原始数据中被授权查看的字段的内容,而不能看到整条原始数据的内容,从而实现数据按字段加密,并可按字段授权。在进行解密时,区块链上的存储结果为:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>,当用户想要授权字段2的时候,用户需要将key,字段2对应的加密密钥,以及字段2的混淆标示发送给被授权方;被授权方,通过key和字段2的混淆标示,找到加密字段2;并用字段2对应的加密密钥对加密字段2进行解密,拿到数据。In this embodiment, when the user wants to authorize the relevant business party to view the value of field 2, the user can only authorize the encryption key of field 2 to the business party, but the business party still cannot view anything other than field 2. Fields, that is, the business party can only see the contents of the fields that are authorized to be viewed in the original data, but cannot see the contents of the entire original data, so that the data can be encrypted by field and can be authorized by field. When decrypting, the storage result on the blockchain is: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]> , When the user wants to authorize field 2, the user needs to send the key, the encryption key corresponding to field 2, and the confusion mark of field 2 to the authorized party; the authorized party, through the confusion mark of key and field 2, find Encrypt field 2; and use the encryption key corresponding to field 2 to decrypt encrypted field 2 to get the data.
本实施例中,通过将原始数据中各个独立字段转化为以预设字段标示为键、字段值为值的键值对格式数据,对各个独立字段对应的预设字段标示进行哈希计算得到对应的混淆标示,并利用混淆标示计算得到各个独立字段对应的字段加密密钥;基于各个独立字段对应的字段加密密钥对各个独立字段的字段值进行加密,得到加密字段;将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中。由于能区分出数据中的各个独立字段,并对各个独立字段分别进行加密后再上传至区块链中,业务相关方可从所述区块链中找出部分授权字段对应的加密字段并进行解密获取部分授权字段的字段值,业务相关方对没有对其授权的部分字段则无法进行解密,也无法获取到未授权字段的字段值,从而实现控制业务相关方对区块链中数据的部分字段授权访问。而且,由于是利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥,因此,对各个独立字段的字段值进行加密的字段加密密钥均不相同,安全性更高。In this embodiment, by converting each independent field in the original data into key-value pair format data with a preset field marked as a key and field value, a hash calculation is performed on the preset field marking corresponding to each independent field to obtain the corresponding And calculate the field encryption key corresponding to each independent field by using the confusion sign; encrypt the field value of each independent field based on the field encryption key corresponding to each independent field to obtain the encrypted field; add the original data The confusion mark and the encrypted field corresponding to each independent field are uploaded to the blockchain. Since each independent field in the data can be distinguished, and each independent field is encrypted before uploading to the blockchain, business parties can find out the encrypted fields corresponding to some authorized fields from the blockchain and perform Decrypt to obtain the field values of some authorized fields. The business-related parties cannot decrypt some of the fields that are not authorized to them, nor can they obtain the field values of the unauthorized fields, so as to control the part of the data in the blockchain by the business-related parties. Field authorization access. Moreover, since the field encryption key corresponding to each independent field is calculated by using the confusion indicator corresponding to each independent field, the field encryption key for encrypting the field value of each independent field is different, and the security is higher.
进一步地,在一种可选的实施方式中,在进行字段分段加密存储后,若需要对整条数据中的所有字段进行解密,可通过聚合多个密钥,把整条数据信息解密。具体可通过整条数据的加密密钥x,推导出所有字段的密钥,然后用所有字段的密钥解出每个字段,再将每个字段合并,返回上层。具体步骤如下:Further, in an optional implementation manner, after field segmentation encryption and storage, if all fields in the entire piece of data need to be decrypted, the entire piece of data information can be decrypted by aggregating multiple keys. Specifically, the encryption key x of the entire data can be used to derive the keys of all fields, and then use the keys of all fields to solve each field, and then merge each field to return to the upper layer. Specific steps are as follows:
(1)、从区块链上获取到数据:<key,[字段1的混淆标示:加密字段1,字段2的混淆标示:加密字段2,字段3的混淆标示:加密字段3…]>。(1). Obtain data from the blockchain: <key, [Confusion mark of field 1: Encrypted field 1, Confusion mark of field 2: Encrypted field 2, Confusion mark of field 3: Encrypted field 3...]>.
(2)、通过加密密钥x计算出所有字段的密钥:(2) Calculate the keys of all fields through the encryption key x:
字段1密钥=KDF(x,字段1的混淆标示,迭代次数);Field 1 key=KDF (x, confusion mark of field 1, iteration number);
字段2密钥=KDF(x,字段2的混淆标示,迭代次数);Field 2 key=KDF (x, confusion mark of field 2, number of iterations);
字段3密钥=KDF(x,字段3的混淆标示,迭代次数);Field 3 key=KDF (x, confusion mark of field 3, iteration number);
…….…….
(3)、对所有的字段进行解密,得到:(3) Decrypt all fields to get:
字段1标示”:“字段1的value”;Field 1 label": "The value of field 1";
字段2标示”:“字段2的value”;Field 2 mark": "The value of field 2";
字段3标示”:“字段3的value”;Field 3 mark": "value of field 3";
…….…….
(4)、将上述的字段整合,最后得到:(4) Integrate the above fields, and finally get:
value={“字段1标示”:“字段1的value”,“字段2标示”:“字段2的value”,“字段3标示”:“字段3的value”,……},返回上层。value={"field 1 flag": "field 1 value", "field 2 flag": "field 2 value", "field 3 flag": "field 3 value", ...}, return to the upper layer.
此外,本申请还提供一种计算机可读存储介质,该计算机可读存储介质可以为非易失性计算机可读存储介质,也可以为易失性计算机可读存储介质。计算机可读存储介质存储有计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:In addition, the present application also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium. The computer-readable storage medium stores computer instructions, and when the computer instructions are executed on the computer, the computer executes the following steps:
获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Perform hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
本申请计算机可读存储介质具体实施方式与上述电子装置1和方法各实施例基本相同,在此不再赘述。The specific implementation of the computer-readable storage medium of the present application is basically the same as the foregoing embodiments of the electronic device 1 and method, and will not be repeated here.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that in this article, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, It also includes other elements not explicitly listed, or elements inherent to the process, method, article, or device. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article or device that includes the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件来实现,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiments can be realized by means of software plus the necessary general hardware platform, and of course it can also be realized by hardware, but in many cases the former is Better implementation. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
以上参照附图说明了本申请的优选实施例,并非因此局限本申请的权利范围。上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。另外,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The preferred embodiments of the present application are described above with reference to the drawings, and the scope of rights of the present application is not limited thereby. The serial numbers of the foregoing embodiments of the present application are for description only, and do not represent the superiority of the embodiments. In addition, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.
本领域技术人员不脱离本申请的范围和实质,可以有多种变型方案实现本申请,比如作为一个实施例的特征可用于另一实施例而得到又一实施例。凡在运用本申请的技术构思之内所作的任何修改、等同替换和改进,均应在本申请的权利范围之内。Those skilled in the art can implement this application in a variety of variants without departing from the scope and essence of the application. For example, the features of one embodiment can be used in another embodiment to obtain another embodiment. Any modification, equivalent replacement and improvement made within the use of the technical concept of this application shall fall within the scope of rights of this application.

Claims (20)

  1. 一种电子装置,所述电子装置包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的基于区块链的数据处理系统,所述基于区块链的数据处理系统被所述处理器执行时实现如下步骤:An electronic device, the electronic device includes a memory and a processor, the memory stores a blockchain-based data processing system that can run on the processor, and the blockchain-based data processing system is The processor implements the following steps when executing:
    获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
    对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Perform hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
    根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
    基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
    将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
  2. 如权利要求1所述的电子装置,所述根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥的步骤包括:5. The electronic device according to claim 1, wherein the step of calculating the field encryption key corresponding to each independent field according to the preset calculation rule and using the confusion indicator corresponding to each independent field comprises:
    获取预先设置的所述原始数据对应的数据加密密钥,采用预设的密钥衍生算法对各个独立字段对应的混淆标示以及所述数据加密密钥进行计算,得到各个独立字段对应的字段加密密钥。Obtain the pre-set data encryption key corresponding to the original data, and use the preset key derivation algorithm to calculate the confusion mark corresponding to each independent field and the data encryption key to obtain the field encryption key corresponding to each independent field. key.
  3. 如权利要求2所述的电子装置,所述预设的密钥衍生算法为密钥派生函数KDF3算法,公式如下:3. The electronic device according to claim 2, wherein the preset key derivation algorithm is a key derivation function KDF3 algorithm, and the formula is as follows:
    z=KDF(x,salt,y),z=KDF(x, salt, y),
    其中,x为所述数据加密密钥,salt为各个独立字段对应的混淆标示,y为预先设置的迭代次数,z为计算得到的各个独立字段对应的字段加密密钥。Where x is the data encryption key, salt is the confusion indicator corresponding to each independent field, y is the preset number of iterations, and z is the calculated field encryption key corresponding to each independent field.
  4. 如权利要求1、2或3所述的电子装置,所述获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据的步骤包括:The electronic device according to claim 1, 2 or 3, said acquiring the original data to be uploaded to the blockchain, identifying each independent field in the original data, and converting each independent field into a key-value pair format The data steps include:
    获取待上传至区块链的原始数据,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。Obtain the original data to be uploaded to the blockchain, convert the original data into json data, and identify the key-value pair in the converted json data as the key-value pair format data corresponding to each independent field in the original data.
  5. 如权利要求1、2或3所述的电子装置,所述预设加密算法为AES128加密算法。The electronic device according to claim 1, 2 or 3, wherein the preset encryption algorithm is an AES128 encryption algorithm.
  6. 一种基于区块链的数据处理方法,所述基于区块链的数据处理方法包括:A data processing method based on blockchain, the data processing method based on blockchain includes:
    获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
    对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;Perform hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
    根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
    基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
    将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
  7. 如权利要求6所述的基于区块链的数据处理方法,所述根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥的步骤包括:8. The blockchain-based data processing method according to claim 6, wherein the step of calculating the field encryption key corresponding to each independent field according to a preset calculation rule and using the confusion mark corresponding to each independent field comprises:
    获取预先设置的所述原始数据对应的数据加密密钥,采用预设的密钥衍生算法对各个独立字段对应的混淆标示以及所述数据加密密钥进行计算,得到各个独立字段对应的字段加密密钥。Obtain the pre-set data encryption key corresponding to the original data, and use the preset key derivation algorithm to calculate the confusion mark corresponding to each independent field and the data encryption key to obtain the field encryption key corresponding to each independent field. key.
  8. 如权利要求7所述的基于区块链的数据处理方法,所述预设的密钥衍生算法为密钥派生函数KDF3算法,公式如下:According to the blockchain-based data processing method of claim 7, the preset key derivation algorithm is the key derivation function KDF3 algorithm, and the formula is as follows:
    z=KDF(x,salt,y),z=KDF(x, salt, y),
    其中,x为所述数据加密密钥,salt为各个独立字段对应的混淆标示,y为预先设置的迭代次数,z为计算得到的各个独立字段对应的字段加密密钥。Where x is the data encryption key, salt is the confusion indicator corresponding to each independent field, y is the preset number of iterations, and z is the calculated field encryption key corresponding to each independent field.
  9. 如权利要求6、7或8所述的基于区块链的数据处理方法,The blockchain-based data processing method according to claim 6, 7 or 8,
    所述获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据的步骤包括:The step of obtaining the original data to be uploaded to the blockchain, identifying each independent field in the original data, and converting each independent field into key-value pair format data includes:
    获取待上传至区块链的原始数据,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。Obtain the original data to be uploaded to the blockchain, convert the original data into json data, and identify the key-value pair in the converted json data as the key-value pair format data corresponding to each independent field in the original data.
  10. 如权利要求6、7或8所述的基于区块链的数据处理方法,所述预设加密算法为AES128加密算法。According to the blockchain-based data processing method of claim 6, 7 or 8, the preset encryption algorithm is an AES128 encryption algorithm.
  11. 一种基于区块链的数据处理系统,所述基于区块链的数据处理系统包括:A blockchain-based data processing system, the blockchain-based data processing system includes:
    转化模块,用于获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独 立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;The conversion module is used to obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, the key-value pair format data The preset field corresponding to each independent field is marked as a key and the field value is a value;
    第一计算模块,用于对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个独立字段对应的混淆标示;The first calculation module is configured to perform a hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
    第二计算模块,用于根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;The second calculation module is configured to calculate the field encryption key corresponding to each independent field according to the preset calculation rule and using the confusion mark corresponding to each independent field;
    加密模块,用于基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;The encryption module is used to encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
    上传模块,用于将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。The upload module is used to upload the obfuscation mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that the business related parties can find out from the blockchain according to the obfuscation mark of the authorized field The corresponding encrypted field is decrypted to obtain the field value of the authorized field.
  12. 如权利要求11所述的基于区块链的数据处理系统,所述第二计算模块具体用于:The blockchain-based data processing system according to claim 11, wherein the second calculation module is specifically configured to:
    获取预先设置的所述原始数据对应的数据加密密钥,采用预设的密钥衍生算法对各个独立字段对应的混淆标示以及所述数据加密密钥进行计算,得到各个独立字段对应的字段加密密钥。Obtain the pre-set data encryption key corresponding to the original data, and use the preset key derivation algorithm to calculate the confusion mark corresponding to each independent field and the data encryption key to obtain the field encryption key corresponding to each independent field. key.
  13. 如权利要求12所述的基于区块链的数据处理系统,所述预设的密钥衍生算法为密钥派生函数KDF3算法,公式如下:According to the blockchain-based data processing system of claim 12, the preset key derivation algorithm is the key derivation function KDF3 algorithm, and the formula is as follows:
    z=KDF(x,salt,y),z=KDF(x, salt, y),
    其中,x为所述数据加密密钥,salt为各个独立字段对应的混淆标示,y为预先设置的迭代次数,z为计算得到的各个独立字段对应的字段加密密钥。Where x is the data encryption key, salt is the confusion indicator corresponding to each independent field, y is the preset number of iterations, and z is the calculated field encryption key corresponding to each independent field.
  14. 如权利要求11、12或13所述的基于区块链的数据处理系统,所述转化模块具体用于:According to the blockchain-based data processing system of claim 11, 12 or 13, the conversion module is specifically used for:
    获取待上传至区块链的原始数据,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。Obtain the original data to be uploaded to the blockchain, convert the original data into json data, and identify the key-value pair in the converted json data as the key-value pair format data corresponding to each independent field in the original data.
  15. 如权利要求11、12或13所述的基于区块链的数据处理系统,所述预设加密算法为AES128加密算法。According to the blockchain-based data processing system of claim 11, 12 or 13, the preset encryption algorithm is an AES128 encryption algorithm.
  16. 一种计算机可读存储介质,所述计算机可读存储介质中存储计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:A computer-readable storage medium that stores computer instructions, and when the computer instructions are executed on a computer, the computer executes the following steps:
    获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据;其中,所述键值对格式数据中以各个独立字段对应的预设字段标示为键、字段值为值;Obtain the original data to be uploaded to the blockchain, identify each independent field in the original data, and convert each independent field into key-value pair format data; wherein, each independent field in the key-value pair format data The corresponding preset field is marked as a key, and the field value is a value;
    对各个独立字段对应的预设字段标示进行哈希计算,将得到的哈希计算结果作为各个 独立字段对应的混淆标示;Perform a hash calculation on the preset field label corresponding to each independent field, and use the obtained hash calculation result as the confusion label corresponding to each independent field;
    根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥;Calculate the field encryption key corresponding to each independent field according to preset calculation rules and using the confusion mark corresponding to each independent field;
    基于各个独立字段对应的字段加密密钥并利用预设加密算法对各个独立字段的字段值进行加密,得到加密字段;Encrypt the field value of each independent field based on the field encryption key corresponding to each independent field and use a preset encryption algorithm to obtain the encrypted field;
    将所述原始数据中各个独立字段对应的混淆标示及加密字段上传至所述区块链中,以供业务相关方根据授权字段的混淆标示从所述区块链中找出对应的加密字段并对找出的加密字段进行解密获取授权字段的字段值。Upload the confusion mark and encrypted field corresponding to each independent field in the original data to the blockchain, so that business parties can find the corresponding encrypted field from the blockchain according to the confusion mark of the authorized field. Decrypt the found encrypted field to obtain the field value of the authorized field.
  17. 如权利要求16所述的计算机可读存储介质,所述计算机可读存储介质执行所述根据预设计算规则并利用各个独立字段对应的混淆标示计算得到各个独立字段对应的字段加密密钥时,包括以下步骤:16. The computer-readable storage medium according to claim 16, when the computer-readable storage medium executes the calculation to obtain the field encryption key corresponding to each independent field according to a preset calculation rule and using the confusion mark corresponding to each independent field, It includes the following steps:
    获取预先设置的所述原始数据对应的数据加密密钥,采用预设的密钥衍生算法对各个独立字段对应的混淆标示以及所述数据加密密钥进行计算,得到各个独立字段对应的字段加密密钥。Obtain the pre-set data encryption key corresponding to the original data, and use the preset key derivation algorithm to calculate the confusion mark corresponding to each independent field and the data encryption key to obtain the field encryption key corresponding to each independent field. key.
  18. 如权利要求17所述的计算机可读存储介质,所述计算机可读存储介质执行所述计算机指令时实现所述预设的密钥衍生算法时,包括以下步骤:17. The computer-readable storage medium of claim 17, when the computer-readable storage medium implements the preset key derivation algorithm when the computer instruction is executed, the method comprises the following steps:
    预设的密钥衍生算法为密钥派生函数KDF3算法,公式如下:The preset key derivation algorithm is the key derivation function KDF3 algorithm, the formula is as follows:
    z=KDF(x,salt,y),z=KDF(x, salt, y),
    其中,x为所述数据加密密钥,salt为各个独立字段对应的混淆标示,y为预先设置的迭代次数,z为计算得到的各个独立字段对应的字段加密密钥。Where x is the data encryption key, salt is the confusion indicator corresponding to each independent field, y is the preset number of iterations, and z is the calculated field encryption key corresponding to each independent field.
  19. 如权利要求16、17或18所述的计算机可读存储介质,所述计算机可读存储介质执行所述获取待上传至区块链的原始数据,并识别出所述原始数据中的各个独立字段,将各个独立字段转化为键值对格式数据时,包括以下步骤:The computer-readable storage medium according to claim 16, 17 or 18, which executes the acquisition of the original data to be uploaded to the blockchain, and identifies each independent field in the original data , When converting each independent field into key-value pair format data, include the following steps:
    获取待上传至区块链的原始数据,将所述原始数据转化为json数据,将转化的json数据中的键值对识别为所述原始数据中各个独立字段对应的键值对格式数据。Obtain the original data to be uploaded to the blockchain, convert the original data into json data, and identify the key-value pair in the converted json data as the key-value pair format data corresponding to each independent field in the original data.
  20. 如权利要求16、17或18所述的计算机可读存储介质,所述计算机可读存储介质执行所述计算机指令时实现所述预设加密算法时,包括以下步骤:The computer-readable storage medium according to claim 16, 17 or 18, when the computer-readable storage medium implements the preset encryption algorithm when the computer instruction is executed, it comprises the following steps:
    所述预设加密算法为AES128加密算法。The preset encryption algorithm is AES128 encryption algorithm.
PCT/CN2019/120890 2019-07-25 2019-11-26 Blockchain-based data processing method and system, and electronic apparatus and storage medium WO2021012548A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910674033.7 2019-07-25
CN201910674033.7A CN110391906B (en) 2019-07-25 2019-07-25 Data processing method based on block chain, electronic device and readable storage medium

Publications (1)

Publication Number Publication Date
WO2021012548A1 true WO2021012548A1 (en) 2021-01-28

Family

ID=68287171

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/120890 WO2021012548A1 (en) 2019-07-25 2019-11-26 Blockchain-based data processing method and system, and electronic apparatus and storage medium

Country Status (2)

Country Link
CN (1) CN110391906B (en)
WO (1) WO2021012548A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110391906B (en) * 2019-07-25 2022-10-25 深圳壹账通智能科技有限公司 Data processing method based on block chain, electronic device and readable storage medium
CN110943982B (en) * 2019-11-21 2021-07-30 深圳壹账通智能科技有限公司 Document data encryption method and device, electronic equipment and storage medium
CN111046407A (en) * 2019-12-13 2020-04-21 山东众阳健康科技集团有限公司 Data storage system based on block chain
CN111079162B (en) * 2019-12-13 2022-10-28 山东众阳健康科技集团有限公司 Data encryption method, data decryption method and data encryption system based on block chain
CN111294203B (en) * 2020-01-22 2022-02-11 腾讯科技(深圳)有限公司 Information transmission method
CN111464500B (en) * 2020-03-06 2023-03-17 深圳壹账通智能科技有限公司 Method, device, equipment and storage medium for sharing protocol data
CN113762955B (en) * 2020-06-01 2024-04-02 菜鸟智能物流控股有限公司 Transaction processing method, device, equipment and machine-readable medium
CN111884795B (en) * 2020-07-21 2022-09-13 湖南创星科技股份有限公司 Medical information data desensitization secrecy and restoration method and system
CN112487446A (en) * 2020-11-26 2021-03-12 南京纯白矩阵科技有限公司 Hot plug method for block chain encryption algorithm
CN115529131B (en) * 2022-11-28 2023-03-14 广州万协通信息技术有限公司 Data encryption and decryption method and device based on dynamic key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942470A (en) * 2014-05-07 2014-07-23 华中师范大学 Electronic audio-visual product copyright management method with source tracing function
US20170330179A1 (en) * 2016-05-16 2017-11-16 Coinplug, Inc. Method for issuing authentication information and blockchain-based server using the same
CN109977697A (en) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 A kind of data grant method of block chain
CN110391906A (en) * 2019-07-25 2019-10-29 深圳壹账通智能科技有限公司 Data processing method, electronic device and readable storage medium storing program for executing based on block chain

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897402A (en) * 2016-04-05 2016-08-24 乐视控股(北京)有限公司 Parameter encryption method and parameter encryption device
US11249970B2 (en) * 2016-05-05 2022-02-15 Mastercard International Incorporated Method and system for distributed data storage with eternal integrity guarantees
CN109831298B (en) * 2019-01-31 2020-05-15 阿里巴巴集团控股有限公司 Method for safely updating key in block chain, node and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942470A (en) * 2014-05-07 2014-07-23 华中师范大学 Electronic audio-visual product copyright management method with source tracing function
US20170330179A1 (en) * 2016-05-16 2017-11-16 Coinplug, Inc. Method for issuing authentication information and blockchain-based server using the same
CN109977697A (en) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 A kind of data grant method of block chain
CN110391906A (en) * 2019-07-25 2019-10-29 深圳壹账通智能科技有限公司 Data processing method, electronic device and readable storage medium storing program for executing based on block chain

Also Published As

Publication number Publication date
CN110391906B (en) 2022-10-25
CN110391906A (en) 2019-10-29

Similar Documents

Publication Publication Date Title
WO2021012548A1 (en) Blockchain-based data processing method and system, and electronic apparatus and storage medium
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
CN107925660B (en) Data access and ownership management
EP3175575B1 (en) Secure content packaging using multiple trusted execution environments
US8850593B2 (en) Data management using a virtual machine-data image
US11379606B2 (en) Provision of risk information associated with compromised accounts
US9984238B1 (en) Intelligent storage devices with cryptographic functionality
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
US10320757B1 (en) Bounded access to critical data
US9596263B1 (en) Obfuscation and de-obfuscation of identifiers
US20150026462A1 (en) Method and system for access-controlled decryption in big data stores
US9882720B1 (en) Data loss prevention with key usage limit enforcement
CN106022155A (en) Method and server for security management in database
CN109034796A (en) Transaction monitoring and managing method, electronic device and readable storage medium storing program for executing based on alliance&#39;s chain
CN104657670A (en) Data encryption based safety use method of configuration file
CA3083722C (en) Re-encrypting data on a hash chain
CN109379360B (en) Auditing method, electronic device and computer-readable storage medium
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
US20160330022A1 (en) Cryptographic system, key generation apparatus, re-encryption apparatus and user terminal
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN113743955A (en) Food material traceability data security access control method based on intelligent contract
CN110889121A (en) Method, server and storage medium for preventing data leakage
WO2019114084A1 (en) Encrypting/decrypting method for multi-digit number and encrypting/decrypting server
CN114398623A (en) Method for determining security policy
CN111563268B (en) Data encryption method and device based on matrix operation and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19938638

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19938638

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/08/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19938638

Country of ref document: EP

Kind code of ref document: A1