WO2021179743A1 - Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs - Google Patents

Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs Download PDF

Info

Publication number
WO2021179743A1
WO2021179743A1 PCT/CN2020/139745 CN2020139745W WO2021179743A1 WO 2021179743 A1 WO2021179743 A1 WO 2021179743A1 CN 2020139745 W CN2020139745 W CN 2020139745W WO 2021179743 A1 WO2021179743 A1 WO 2021179743A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
blockchain node
authority
transaction
blockchain
Prior art date
Application number
PCT/CN2020/139745
Other languages
English (en)
Chinese (zh)
Inventor
刘琦
闫莺
魏长征
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021179743A1 publication Critical patent/WO2021179743A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and more particularly to a method and device for querying account privacy information in a blockchain.
  • Blockchain technology is built on a transmission network (such as a peer-to-peer network).
  • the network nodes in the transmission network use chained data structures to verify and store data, and use distributed node consensus algorithms to generate and update data. Nodes in these blockchain networks sometimes need to be increased.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption. There is no loss of efficiency in the calculation process. Therefore, the combination with TEE can achieve less performance loss. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about the TEE solution.
  • TEE solutions including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor).
  • one or more embodiments of this specification provide a method and device for querying account privacy information in a blockchain.
  • a method for querying account privacy information in a blockchain which includes: a blockchain node receives a transaction initiated by a querying party, and the transaction is used to obtain a target account
  • the private information contained in the privacy field in the private information is encrypted and stored at the blockchain node; the blockchain node determines the query according to the authority management information recorded in the authority field in the target account Whether the party has query authority; when the judgment result is that the blockchain node has query authority, the private information in ciphertext form is read into the trusted execution environment for decryption, so as to obtain all the information in plaintext form.
  • the private information is provided to the inquiring party.
  • a device for querying account privacy information in a blockchain which includes: a receiving unit that enables blockchain nodes to receive transactions initiated by the querying party, and the transaction is used To obtain the privacy information contained in the privacy field in the target account, the privacy information is encrypted and stored at the blockchain node; Authority management information to determine whether the query party has query authority; the decryption unit enables the blockchain node to read the private information in the form of cipher text into the trusted execution environment when the result of the determination is that it has query authority Decryption is performed in the process, so as to provide the obtained private information in the plaintext form to the inquiring party.
  • an electronic device including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable instructions To achieve the method as described in the first aspect.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
  • Fig. 1 is a flowchart of a method for querying account privacy information in a blockchain according to an exemplary embodiment.
  • Fig. 2 is a schematic diagram of a key version evolution provided by an exemplary embodiment.
  • Fig. 3 is a schematic diagram of a data structure of private information in ciphertext form provided by an exemplary embodiment.
  • Fig. 4 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • Fig. 5 is a block diagram of a device for querying account privacy information in a blockchain according to an exemplary embodiment.
  • the steps of the corresponding method may not be executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
  • Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks. Moreover, each participant (ie, node) can freely join and exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • the private chain can be a weakly centralized system with strict restrictions and few participating nodes.
  • This type of blockchain is more suitable for internal use by specific institutions.
  • Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization; participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • blockchain networks such as Ethereum can implement relatively complex processing logic by running virtual machines (such as the Ethereum virtual machine EVM used in the Ethereum network) on the blockchain nodes, and combining with smart contracts. , Such as conditional transfer logic, conditional query logic, etc. It can be seen that for a blockchain network that supports smart contracts, functions such as privacy protection and secure query of account information can be conveniently implemented based on complex processing logic, but simple processing logic is difficult to achieve in the same way.
  • the method may include the following steps 102 to 106.
  • Step 102 The blockchain node receives the transaction initiated by the querying party, the transaction is used to obtain the private information contained in the private field in the target account, and the private information is encrypted and stored at the blockchain node.
  • the above-mentioned blockchain nodes can obtain the above-mentioned transactions in a variety of ways.
  • the inquirer can submit the transaction to the aforementioned blockchain node through the client after generating the transaction on the client.
  • the client can submit the transaction to another blockchain node, and the other blockchain node can further forward the transaction to the aforementioned blockchain node.
  • the inquiring party can generate the transaction at the aforementioned blockchain node.
  • the blockchain node can determine the target account and privacy fields corresponding to the transaction.
  • the transaction content may include the account address of the target account, so that the above-mentioned blockchain node can determine the target account accordingly; and the transaction content may include the field name of the privacy field, so that the above-mentioned blockchain node can determine accordingly Out the privacy field.
  • the privacy field can include any one or more fields in the target account, and this specification does not limit this.
  • the account in the Ethereum blockchain, the account can contain the Balance field, Nonce field, etc., and the Balance field is used to record the account balance. If the Balance field is a privacy field, the account balance recorded in the Balance field can be encrypted and stored. To protect the value of the account balance from being leaked.
  • the above-mentioned blockchain node can first determine which field the querying party wants to query, and further determine whether the field is a private field. For example, for a field in all accounts, the above-mentioned blockchain node encrypts and stores the content of the corresponding field. Then, when the blockchain node knows that the querying party needs to query the field, the blockchain node can determine the query The field that the party needs to query must be a private field. For another example, if the blockchain node encrypts and stores the field content of a certain field in some accounts, and stores the field content of the certain field in the remaining accounts in plaintext, then the account can include a status field and pass the status field.
  • the status indication information contained in the corresponding account indicates that the field content of the above-mentioned certain field in the corresponding account is encrypted storage or plaintext storage.
  • the status indication information can have multiple values: the first value indicates that the field content is encrypted storage, and the second The value indicates that the content of the field is stored in plain text; for another example, the value of the highest bit of the status indication information can be used to indicate the use of encrypted storage or plain text storage.
  • the status field of the target account may contain the above-mentioned status indication information, which is used to indicate that the above-mentioned private information is stored in plaintext or encrypted and stored at the blockchain node : If stored encrypted, it indicates that the field where the private information is located is a private field, and the blockchain node needs to implement secure information query based on the following steps 104-106; if stored in plain text, it indicates the field where the private information is located It is not a private field, and the blockchain node can directly read the private information for returning to the inquiring party without performing the following steps 104-106.
  • the transaction submitted by the query party to the blockchain node can be a regular transaction in related technologies, that is, the transaction needs to be agreed by all blockchain nodes in the blockchain network and linked to the chain, so that the query party’s query can be traced back afterwards. operate.
  • a blockchain network that uses Proof of Work (POW), Proof of Stake (POS), Delegated Proof of Stake (DPOS) and other consensus algorithms that compete for the right to bookkeeping
  • POW Proof of Work
  • POS Proof of Stake
  • DPOS Delegated Proof of Stake
  • the blockchain node will immediately spread (such as broadcast) to other blockchain nodes in the blockchain network; then, if the above blockchain nodes compete for the right to keep accounts , And the blockchain node confirms that the above transaction submitted by the client is packaged into a new block, then all blockchain nodes in the blockchain network can execute the above transaction, and by adding a new block containing the transaction To the end of the blockchain and make the transaction on the chain.
  • the above-mentioned transaction submitted by the client can also be received, or after the client submits to another blockchain node, the other blockchain node forwards it to the above-mentioned A blockchain node, and the blockchain node can package and send the above-mentioned transactions (or other transactions) to each verification node in the consensus phase.
  • this manual can also support new transactions that do not require consensus.
  • this specification can provide a new transaction type, such as a query type, based on related technologies; accordingly, the blockchain node can identify the above transaction type, and when the transaction belongs to a predefined query type, The blockchain node executes the transaction without consensus. In other words, after the blockchain node obtains the above transaction, it does not need the accounting node (whether it is a node competing for accounting rights or an agreed accounting node) to determine whether to add the transaction to a new block.
  • the node can directly execute the transaction, and in fact the transaction will not be added to the new block and will not be on the chain. On the one hand, it can realize that query-type transactions are efficiently executed by the blockchain node, and on the other hand, it can be avoided Take up valuable block space.
  • the transaction in this specification can include a type field, and by setting the value of the type field, the blockchain node can identify whether the above transaction is a query type or other types (such as Transfer type, deposit type, etc.).
  • Step 104 The blockchain node determines whether the query party has query authority according to the authority management information recorded in the authority field in the target account.
  • the account maintained on the blockchain node can include a permission field, and the permission management information contained in the permission field can be used to determine whether a query party has query permission.
  • the blockchain node in response to the querying party’s query requirements for the above-mentioned target account, can determine whether the querying party has query authority based on the authority management information contained in the authority field in the target account: if it has query authority, then The blockchain node can provide the decrypted private information to the querying party, otherwise it will not provide it.
  • the authority management information recorded in the authority field can exist in various forms, so that the blockchain node can determine whether the querying party has query authority in a variety of ways.
  • the authority management information may include the public key of the authority owner, that is, a predetermined set of public keys of all users with query authority; at the same time, the transaction submitted by the querying party contains a transaction signature, and the transaction signature is passed by the querying party. Therefore, the blockchain node can verify the transaction signature with the public key of the above-mentioned authority owner: if the public key of a authority owner is successfully verified, it indicates that the inquiring party is the authority owner , And the blockchain node can determine that the inquiring party has the inquiry authority; and if all the public keys fail to verify, it indicates that the inquiry party is not the authority owner, that is, the inquiry party does not have the inquiry authority.
  • the above-mentioned authority owner may include the owner of the target account, or the above-mentioned authority owner may include the owner of the target account and at least one other user.
  • the owner of the target account can be the permission owner by default, and the owner can control adding the public key of at least one other user to the permission field to set the at least one other user as the permission owner.
  • the above-mentioned authority owner can also be set by administrators or other users in the blockchain network, and this manual does not limit this.
  • the target account Take the target account as an example.
  • the authority owner of the target account includes both the owner and at least one other user, it is equivalent to the owner and other users jointly managing the target account, that is, the target account belongs to a co-managed account of the owner and other users.
  • All accounts in the blockchain can contain an authmap field.
  • the authmap field of a non-shared account (or ordinary account) only contains the public key of the account owner, while the authmap field of a shared account contains all co-managers (as mentioned above).
  • the public key of the owner and at least one other user Based on the authority judgment method described above, only the account owner has the query authority for non-co-managed accounts, and all co-managers have the query authority for co-managed accounts.
  • the authority management information may include the authority scope or authority type of one or more users. For example, each user has corresponding specific authority management information to indicate what operations the corresponding user can perform on the target account.
  • the blockchain node can determine the specific authority management information corresponding to the querying party recorded in the authority field, and the specific authority management information may include authority information owned by the querying party, such as query authority, edit authority, delete authority, etc.; Then, in the case that the specific authority management information contains the query authority, the blockchain node can determine that the query party has the query authority, otherwise it is determined that the query party does not have the query authority.
  • the owner of the target account can default to having all the permissions for the target account, and the owner can control adding specific permission management information for at least one user to the permission field to set the permissions of the at least one user.
  • the above-mentioned specific authority management information can also be set by the administrator or other users in the blockchain network, and this manual does not limit this.
  • the above-mentioned specific authority management information adopts a positive description method to define which authority the corresponding user has; similarly, the specific authority management information can adopt a negative description method to define which authority the corresponding user does not have.
  • the target account Take the target account as an example.
  • specific authority management information By adding the above-mentioned specific authority management information to the target account, it is equivalent to establishing ACL (Access Control Lists) information for these users, for example, identifying whether the querying party has query authority according to the ACL information corresponding to the querying party.
  • ACL Access Control Lists
  • the account can be divided into non-ACL accounts (or ordinary accounts) and ACL accounts.
  • the authmap field of all accounts records the public key of the corresponding account owner to give the account all The person’s management authority for the corresponding account (including all permissions such as query permissions); at the same time, all accounts can also contain ACLmap fields, and the ACLmap field in ACL accounts can be used to record specific authority management information as described above, thereby recording relevant The permissions that the user has (such as query permissions or others), and the ACLmap field in the non-ACL account can be empty.
  • authmap field In addition to adding the ACLmap field on the basis of related technologies, you can also record specific authority management information in the authmap field, which can avoid field expansion of the account; for example, the authmap field of a non-ACL account only records the public key of the account owner , And the authmap account of the ACL account records the public key of the account owner and specific authority management information for each user at the same time.
  • Step 106 When the judgment result is that the blockchain node has the query authority, read the private information in cipher text into a trusted execution environment for decryption, so as to obtain the private information in plain text. Provided to the inquiring party.
  • TEE Trusted Execution Environment
  • Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications.
  • ARM's Trust Zone technology is the first to realize the real commercial TEE technology.
  • TEE TEE
  • server chip manufacturers Intel, AMD, etc. have successively introduced hardware-assisted TEE and enriched the concept and characteristics of TEE, which has been widely recognized in the industry.
  • the TEE mentioned now usually refers more to this kind of hardware-assisted TEE technology.
  • cloud access requires remote access, and the end user is invisible to the hardware platform. Therefore, the first step in using TEE is to confirm the authenticity of TEE.
  • TEE technology has introduced a remote certification mechanism, which is endorsed by hardware vendors (mainly CPU vendors) and digital signature technology ensures that users can verify the state of the TEE.
  • security needs that cannot be met by only secure resource isolation, further data privacy protection has also been proposed.
  • Commercial TEEs including Intel SGX and AMD SEV also provide memory encryption technology to limit the trusted hardware to the CPU, and the data on the bus and memory are ciphertexts to prevent malicious users from snooping.
  • TEE technologies such as Intel’s Software Protection Extensions (SGX) isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution.
  • the applications running in the TEE are protected by security and are almost impossible to be accessed by third parties.
  • SGX provides an enclave (also called an enclave), which is an encrypted trusted execution area in the memory, and the CPU protects data from being stolen.
  • enclave also called an enclave
  • the CPU protects data from being stolen.
  • a part of the area EPC Enclave Page Cache, enclave page cache or enclave page cache
  • the encryption engine MEE Memory Encryption Engine
  • SGX users can distrust the operating system, VMM (Virtual Machine Monitor), and even BIOS (Basic Input Output System). They only need to trust the CPU to ensure that private data will not leakage.
  • the private data can be encrypted and transmitted to the circle in cipher text, and the corresponding key can also be transmitted to the circle through remote attestation. Then, use the data to perform operations under the encryption protection of the CPU, and the result will be returned in the form of ciphertext. Therefore, encrypting and decrypting the above-mentioned private information based on TEE can ensure sufficient security without worrying about data leakage.
  • the privacy information outside the TEE is in the form of ciphertext, and can only be decrypted after being read into the TEE It is in plain text and is based on the characteristics of TEE to ensure that the private information in plain text will not be stolen.
  • the blockchain node encrypts the private information in the plaintext form in the TEE to obtain the above-mentioned private information in the ciphertext form.
  • Blockchain nodes can use symmetric encryption or asymmetric encryption to implement the above encryption and decryption process, which is not limited in this specification.
  • the encryption algorithm used by symmetric encryption such as DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, etc.
  • the encryption algorithm used in asymmetric encryption is, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.
  • a key can be maintained in the TEE on the blockchain node, the key is a symmetric key, and the private information in plaintext form can be encrypted in the TEE by this key to obtain the above-mentioned private information in ciphertext form .
  • the blockchain node reads the private information in the cipher text form into the TEE, and decrypts the private information in the cipher text form with the above key, to obtain the above private information in the plain text form. Since the key is maintained in the TEE, it has sufficient security to avoid the key from leaking.
  • the blockchain node can generate the above-mentioned key based on a security key maintained in the TEE.
  • the above-mentioned key used by the blockchain node is the security key itself, so that the blockchain node uses the same key when encrypting and decrypting private information of all accounts.
  • the above-mentioned key used by the blockchain node is generated by the security key and the impact factor, so that different impact factors can form a differentiated key, and the corresponding account can use different keys Realize the encryption and decryption of private information. Due to the addition of the influence factor, different keys can be used for the privacy information of different accounts.
  • the encrypted ciphertext can also have different values. Then when a user knows When the plaintext of the private information of the account Qa is Ua and the ciphertext is Um, even if the user knows that the ciphertext of the private information of another account Qb is Um, it cannot be inferred that the plaintext of the private information of the account Qb must be Ua( If the keys used in accounts Qa and Qb are different, the same ciphertext corresponds to different plaintext), which helps to improve security.
  • the blockchain node can maintain all the keys generated by the security key and the impact factor in the TEE, since the frequency of use of the key may not be high, it can only be maintained in the TEE
  • the security key does not maintain the key generated by the security key and the impact factor, but temporarily generates the required key based on the security key and the impact factor when it needs to be used.
  • account-level privacy protection can be achieved, that is, different accounts use different keys, and all private fields in the same account use the same key; for another example, by using field-related
  • the impact factor can achieve field-level privacy protection, that is, different privacy fields in the same account use different keys, and the same privacy fields in different accounts (such as the Balance field in different accounts) use the same keys; for example,
  • field-level privacy protection that is, different privacy fields in the same account use different keys, and the same privacy fields in different accounts (such as the Balance field in different accounts) use the same keys; for example,
  • impact factors related to accounts and fields at the same time privacy protection at the account and field levels can be achieved, that is, different accounts use different keys, and different privacy fields in the same account use different keys.
  • the impact factor related to the target account can include at least one of the following: the block height of the block where the account creation transaction corresponds to the target account, the position offset of the account creation transaction in the block, and the target account in all accounts The creation sequence number in, the account address of the target account, etc.
  • the impact factor may include the block height of the block at which the account creation exchange corresponds to the target account.
  • the account creation transaction can refer to the transaction used to create the target account, and the blockchain node creates the target account by executing the transaction. Then, the blockchain node can determine the block height of the block in the blockchain where the account creation transaction is located, and use it as one of the influencing factors related to the target account. Therefore, when the account creation transactions corresponding to different accounts are in blocks of different heights, it can be ensured that the impact factors corresponding to these accounts are different, so that these accounts correspond to different keys, and therefore the privacy information contained in the privacy fields in these accounts Different keys can be used for encryption and storage, so that the same plaintext corresponds to ciphertext with different values to improve security.
  • the impact factor may include the position offset of the account creation transaction in the block.
  • Each block on the blockchain contains a number of transactions, which are arranged in sequence in the block, and the position offset can be regarded as the sequence number or index number of each transaction in the block, which is used to perform the transaction. position.
  • the position offset of the transaction in the first position is 0, the position offset of the transaction in the second position is 1, and so on. It can be seen that different transactions in the same block have different position offsets. After a certain block is specified, each transaction can be uniquely located by the position offset.
  • the position offsets of different account creation transactions are different, it can be ensured that the corresponding accounts have different impact factors, so that these accounts correspond to different keys, so the privacy information contained in the privacy fields in these accounts can be different.
  • the key is encrypted and stored so that the same plaintext corresponds to the ciphertext of different values to improve security.
  • the impact factor may include the creation sequence number of the target account in all accounts. All accounts on the blockchain are created sequentially, and the blockchain node can set the creation sequence number for these accounts according to the creation sequence, so that each account can be distinguished based on the creation sequence number, that is, the creation sequence corresponding to all accounts The numbers are all different. Therefore, based on the difference in the creation sequence number, it can be ensured that the impact factors corresponding to each account are not the same, so that these accounts correspond to different keys, so the privacy information contained in the privacy fields in these accounts can be processed using different keys. Encrypted storage, so that the same plaintext corresponds to ciphertext with different values, to improve security.
  • the impact factor may include the account address of the target account.
  • the account address is generated when the corresponding account is created, and each account has a unique corresponding account address, that is, the account address corresponding to all accounts is different. Therefore, based on the difference of account addresses, it can be ensured that the corresponding impact factors of each account are not the same, so that these accounts correspond to different keys, so the private information contained in the privacy fields in these accounts can be encrypted with different keys Storage, so that the same plaintext corresponds to ciphertext with different values, to improve security.
  • impact factors are not unique to each account, such as the block height and position offset mentioned above, when keys are generated based on these impact factors, the probability that different accounts use the same key can still be greatly reduced to improve safety.
  • by combining multiple types of impact factors with each other it can further reduce the probability of different accounts using the same key, and even ensure that all accounts use different keys, thereby completely preventing the same plaintext from being encrypted to generate the same secret.
  • Text to prevent the value of the plain text can be inferred by comparing the cipher text.
  • All blockchain nodes in the blockchain network maintain the same security key mentioned above, and all blockchain nodes use the same impact factor for the target account, so that all blockchain nodes generate the same
  • the key ensures that all blockchain nodes obtain the same ciphertext after encrypting the private information contained in the private field in the target account, so that all blockchain nodes can maintain the same state.
  • Blockchain nodes can obtain the above-mentioned security keys in a variety of ways. For example, after confirming that the blockchain node has passed the remote certification, the key management (KMS) server can issue the security key to the blockchain node, and the blockchain node will maintain the obtained security key In TEE. Then, the KMS server issues the same security key to all blockchain nodes that have passed remote certification, which can ensure that the security keys maintained by all blockchain nodes are consistent. For another example, a security key can be negotiated between blockchain nodes, and all blockchain nodes maintain the negotiated security key in the TEE.
  • KMS key management
  • the security key maintained by the blockchain node may have a version update, so that the blockchain node can update the version of the security key used regularly or irregularly.
  • a blockchain node can obtain an updated version of the security key through the method described above, that is, a new version of the security key is issued through the KMS server, or a new version of the security key is negotiated between the blockchain nodes.
  • blockchain nodes can implement the version update of the security key by themselves, so as long as the version update logic adopted by all blockchain nodes is consistent, it can ensure that the updated security key is maintained at all blockchain nodes Unanimous.
  • the security key initially obtained by the blockchain node is the root key, and the version of the root key is the highest.
  • the blockchain node can calculate the security key of the lower version based on the security key of the higher version, thereby obtaining the security key of several versions arranged in sequence.
  • the calculation method adopted by the blockchain node can be irreversible calculation, that is, the security key of the higher version can be calculated to obtain the security key of the lower version, but the security key of the lower version can be calculated irreversibly to obtain the security key of the higher version. .
  • the above-mentioned root key can be used as the highest version of the security key, and based on the root key, other lower versions of the security key can be generated in turn, such as 256 versions with version numbers ranging from 0 to 255. Security key.
  • the security key key-0 can be calculated from the security key key-1 and the version factor 0x00, but it cannot pass the security
  • the key key-0 and version factor 0x00 deduces the security key key-1.
  • All blockchain nodes in the blockchain network use the same version of the security key to ensure that all blockchain nodes maintain the same world state.
  • Each blockchain node can generate all versions of the security key in advance, and then select the corresponding version of the security key when it needs to update the version of the security key, or it can temporarily generate it when the version of the security key needs to be updated The security key of the corresponding version is not restricted in this manual.
  • Each blockchain node can negotiate to implement the version update of the security key; or, the update logic for the security key can be added to the chain code of the blockchain network, for example, the update logic can be used to determine where Which version of the security key is updated at any time, so that the blockchain node can automatically update the security key based on the update logic.
  • the high version of the key can be calculated to obtain the low version of the security key, and the low version of the security key cannot reverse the high version of the security key, so each blockchain node can start from the low version of the security key.
  • the security key is used, and only the security key of the lower version is allowed to be updated to the security key of the higher version.
  • the security key of the lower version cannot be changed from the lower version. If the security key is reversed, you only need to upgrade the version of the key to stop the loss in time.
  • the security key of the higher version can be calculated at any time from the security key of the lower version.
  • the encrypted data of the version of the security key is compatible.
  • the blockchain node can associate each encrypted account with the description of the generation method of the corresponding key.
  • the key generation method description information may include: the version information of the security key and the value of the impact factor related to the target account.
  • the blockchain node can write the version information of the security key in the Info field, the value of the impact factor in the Nounce field, and the encrypted private information (such as Balance) in the Cipher field.
  • the value of the field), and the Tag field is used to verify the integrity of the Cipher field.
  • the length of the Info field can be 4Bytes, of which 2Bytes is used to write the key version number, and the remaining 2Bytes are reserved bytes.
  • the length of the Nounce field can be 12Bytes, of which 4Bytes is used to write the height of the historical block, 4Bytes is used to write the position offset of the transaction in the block, and 4Bytes is used to write other information.
  • the length of the Cipher field can be 8Bytes.
  • the length of the Tag field can be 16Bytes. Of course, other field lengths, field combinations, etc. can also be used, which are not limited in this specification.
  • the blockchain node can also encrypt the description information of the key generation method, for example, the above-mentioned lowest version key-0 can be used for encryption to improve security.
  • the blockchain node when the blockchain node encrypts and stores the private information contained in the private field in the target account, it can be stored in the form of key-value pairs, where the value can adopt the structure shown in Figure 3.
  • the processing operations adopted include: indexing to the value according to the key, and the structure of the value is shown in Figure 3; using the key key-0 Decrypt the Info and Nounce fields, determine the key version number, historical block height, offset and other information, generate the corresponding key based on the security key, and use the key to decrypt the content of the Cipher field.
  • the data integrity can be verified through the Tag field (if the Tag is generated based on plain text, the decrypted data is verified; if the tag is generated based on cipher text, the data before decryption is verified), so as to obtain privacy in the form of plain text information.
  • the blockchain node After the blockchain node determines that the querying party has the query authority for the target account, it can obtain the stored private information in the form of ciphertext, and decrypt the private information in the form of ciphertext in the TEE to obtain the corresponding private information in the form of plaintext . Then, the blockchain node can provide the private information in plaintext to the querying party.
  • blockchain nodes can encrypt the plaintext private information before transmitting it to the querying party, and ensure that only the querying party can decrypt the plaintext private information again.
  • the inquiring party can maintain a symmetric key, and share the symmetric key with the blockchain node in some way, so that the blockchain node can use the symmetric key to encrypt private information in plaintext in the TEE Then it is sent to the inquiring party, and the inquiring party can decrypt the private information in plaintext based on the symmetric key.
  • the inquirer can maintain a private key of the inquirer, and the blockchain node can learn the corresponding public key of the inquirer, so that the blockchain node can use the inquirer's public key to encrypt private information in plaintext in the TEE Then it is sent to the inquiring party, and the inquiring party can decrypt the private information based on the private key of the inquiring party to obtain the private information in plain text.
  • the symmetric key maintained by the inquiring party can be negotiated between the inquiring party and the blockchain node.
  • the inquiring party can generate (such as randomly generated) the symmetric key, and then share it with the blockchain node in the following way:
  • the querying party When the querying party wants to query the private information in the private field in the target account, it can generate the corresponding plaintext transaction content, encrypt the plaintext transaction content with the above-mentioned symmetric key, and obtain the corresponding ciphertext transaction content.
  • the node private key is maintained in the TEE by the blockchain node, and the node public key is disclosed.
  • the query party can learn the node public key, and the node private key can be in After the blockchain node passes the remote certification, it is distributed to the blockchain node by the KMS server. Then the query party can encrypt the above symmetric key with the node public key to obtain the encrypted key, and the transaction submitted by the query party to the blockchain node as mentioned above contains both the ciphertext transaction content and the encrypted key .
  • the blockchain node when the blockchain node receives the transaction submitted by the querying party, it can read the transaction into the TEE, and use the node private key to decrypt the encrypted key contained in the transaction in the TEE to obtain the above-mentioned symmetric Then use the symmetric key to decrypt the ciphertext transaction content contained in the exchange in the TEE to obtain the above-mentioned plaintext transaction content, and then execute the plaintext transaction content to realize the query scheme based on this specification.
  • the blockchain node can obtain the symmetric key maintained by the inquiring party.
  • the symmetric key is in an encrypted state during transmission and the node private key used for encryption is maintained in the TEE of the blockchain node.
  • the blockchain node decrypts the symmetric key in the TEE, that is, when the symmetric key is at the blockchain node, it only exists in plain text in the TEE, which can avoid the occurrence of leakage.
  • the query scheme in this manual can be applied to blockchain networks that only support simple processing logic, such as Bitcoin blockchain, etc.; at the same time, the query scheme in this manual can also be applied to blocks that support complex processing logic.
  • the chain network does not conflict with the complex processing logic based on smart contracts implemented by the blockchain network, and can be compatible.
  • Fig. 4 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • the device can be configured as a blockchain node in this specification. 4, at the hardware level, the device includes a processor 402, an internal bus 404, a network interface 406, a memory 408, and a non-volatile memory 410. Of course, it may also include hardware required for other services.
  • the processor 402 reads the corresponding computer program from the non-volatile memory 410 to the memory 408 and then runs it to form a query device for account privacy information in the blockchain on a logical level.
  • one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, and so on. That is to say, the execution subject of the following processing flow is not limited to each
  • the logic unit can also be a hardware or a logic device.
  • the device for querying account privacy information in the blockchain may include the following units.
  • the receiving unit 51 enables the blockchain node to receive the transaction initiated by the inquiring party, the transaction is used to obtain the private information contained in the private field in the target account, and the private information is encrypted and stored at the blockchain node; judge Unit 52 enables the blockchain node to determine whether the inquiring party has the inquiry authority according to the authority management information recorded in the authority field in the target account; the information decryption unit 53 makes the blockchain node to determine whether the result In the case of having the query authority, the private information in the form of cipher text is read into a trusted execution environment for decryption, so as to provide the obtained private information in the form of plain text to the inquiring party.
  • the judging unit 52 is specifically configured to: enable the blockchain node to read the public key of the authority owner contained in the authority management information; and enable the blockchain node to pass the authority owner's public key
  • the public key of the exchange verifies the transaction signature contained in the transaction, and the transaction signature is generated by the private key of the querying party; if the blockchain node passes the verification, it is determined that the querying party has the query Authority; otherwise, it is determined that the inquiring party does not have inquiry authority.
  • the authority owner includes the owner of the target account; or, the authority owner includes the owner of the target account and at least one other user.
  • the judging unit 52 is specifically configured to: enable the blockchain node to determine the specific permission management information corresponding to the inquiring party recorded in the permission field; and enable the blockchain node to be in the In the case that the specific authority management information contains the query authority, it is determined that the query party has the query authority; otherwise, it is determined that the query party does not have the query authority.
  • the status field of the target account includes status indication information, and the status indication information is used to indicate that the private information is stored in plaintext or encrypted and stored at the blockchain node.
  • it further includes: an identification unit 54 to enable the blockchain node to identify the type of the transaction; an execution unit 55 to enable the blockchain node to be free when the transaction belongs to a predefined query type The transaction is executed in the case of consensus.
  • the transaction includes ciphertext transaction content and an encrypted key
  • the ciphertext transaction content is obtained by encrypting the plaintext transaction content with a symmetric key maintained by the querying party
  • the encrypted key is obtained by the node
  • the public key is obtained by encrypting the symmetric key
  • the node public key corresponds to the node private key maintained by the blockchain node in the trusted execution environment
  • the device further includes: a key decryption unit 56 , Enable the blockchain node to read the transaction into the trusted execution environment, and decrypt the encrypted key through the node's private key to obtain the symmetric key
  • the content decryption unit 57 makes The blockchain node decrypts the ciphertext transaction content through the symmetric key in the trusted execution environment to obtain the plaintext transaction content
  • the encryption unit 58 makes the blockchain node available in the In the letter execution environment, the symmetric key is used to encrypt the private information in plain text, so as to provide the obtained encrypted information to the querying party.
  • the private information is stored after being encrypted by the blockchain node in the trusted execution environment using a key, and the key is based on a security key maintained in the trusted execution environment. generate.
  • the key is generated based on the security key and at least one influence factor related to the target account.
  • the impact factor related to the target account includes at least one of the following: the block height of the block where the account creation transaction corresponding to the target account is located, and the position of the account creation transaction in the block where the account creation transaction is located. The offset, the creation sequence number of the target account in all accounts, and the account address of the target account.
  • the security key has a version update
  • the security key of the lower version is irreversibly calculated from the security key of the higher version.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Medical Informatics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé et un appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs. Le procédé peut comprendre les étapes suivantes : un nœud de chaîne de blocs reçoit une transaction initiée par une partie d'interrogation, la transaction étant utilisée pour acquérir des informations de confidentialité contenues dans un champ de confidentialité dans un compte cible, et les informations de confidentialité étant chiffrées et mémorisées dans le nœud de chaîne de blocs ; le nœud de chaîne de blocs détermine, en fonction d'informations de gestion d'autorisation enregistrées dans un champ d'autorisation dans le compte cible, si la partie d'interrogation a une permission d'interrogation ; et dans la mesure où un résultat de détermination indique que la partie d'interrogation a une permission d'interrogation, le nœud de chaîne de blocs lit les informations de confidentialité, qui se présentent sous la forme d'un texte chiffré, dans un environnement d'exécution de confiance pour le déchiffrement, de façon à fournir des informations de confidentialité obtenues sous la forme d'un texte en clair à la partie d'interrogation.
PCT/CN2020/139745 2020-03-09 2020-12-26 Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs WO2021179743A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010157174.4A CN111008228A (zh) 2020-03-09 2020-03-09 区块链中账户隐私信息的查询方法及装置
CN202010157174.4 2020-03-09

Publications (1)

Publication Number Publication Date
WO2021179743A1 true WO2021179743A1 (fr) 2021-09-16

Family

ID=70121003

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/139745 WO2021179743A1 (fr) 2020-03-09 2020-12-26 Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs

Country Status (2)

Country Link
CN (1) CN111008228A (fr)
WO (1) WO2021179743A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779637A (zh) * 2021-11-10 2021-12-10 腾讯科技(深圳)有限公司 一种属性数据处理方法、装置、设备以及介质
CN113849797A (zh) * 2021-09-29 2021-12-28 深圳市电子商务安全证书管理有限公司 数据安全漏洞的修复方法、装置、设备及存储介质
CN114003938A (zh) * 2021-11-11 2022-02-01 蓝象智联(杭州)科技有限公司 一种基于多头联盟的安全隐匿数据查询方法
CN114117522A (zh) * 2021-11-23 2022-03-01 上海交通大学 基于区块链和可信执行环境的车联网数据共享实现方法
CN114826695A (zh) * 2022-04-07 2022-07-29 广州腾粤信息科技有限公司 一种基于区块链的交易数据的隐私保护系统
CN115208630A (zh) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 基于区块链的数据获取方法、系统及区块链系统
CN115314502A (zh) * 2022-07-12 2022-11-08 地心引力(武汉)科技有限公司 一种基于区块链技术的数据溯源与加密的方法与系统
CN115758396A (zh) * 2022-08-31 2023-03-07 兰州大学 基于可信执行环境的数据库安全访问控制技术
CN115965388A (zh) * 2022-12-30 2023-04-14 国网数字科技控股有限公司 基于区块链的产业链金融密态溯源方法、装置及相关设备
CN117521149A (zh) * 2024-01-03 2024-02-06 中电信量子科技有限公司 基于量子密码设备的文件系统流加解密方法及系统
CN117709947A (zh) * 2024-02-05 2024-03-15 广东通莞科技股份有限公司 基于区块链的pos机结算权限管理方法

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111008228A (zh) * 2020-03-09 2020-04-14 支付宝(杭州)信息技术有限公司 区块链中账户隐私信息的查询方法及装置
CN111552982B (zh) * 2020-04-27 2023-03-10 支付宝(杭州)信息技术有限公司 保护隐私的账户关联关系识别方法及装置
CN111526167A (zh) * 2020-07-06 2020-08-11 南京可信区块链与算法经济研究院有限公司 一种应用于区块链的数据传输方法及装置
CN111914230B (zh) * 2020-07-17 2023-06-23 中国联合网络通信集团有限公司 基于区块链的身份验证方法、系统、终端设备及存储介质
CN111737323B (zh) * 2020-08-14 2021-03-16 支付宝(杭州)信息技术有限公司 基于区块链的信息查询方法、装置及电子设备
CN112019549B (zh) * 2020-08-28 2022-07-19 长沙理工大学 基于区块链的电力交易系统以及交易方法和账单查询方法
CN112087439B (zh) * 2020-09-02 2022-05-17 杭州趣链科技有限公司 区块链交易查询方法、系统、计算机设备和存储介质
CN111814156B (zh) 2020-09-04 2022-04-29 支付宝(杭州)信息技术有限公司 一种基于可信设备的数据获取方法、装置及设备
CN114679258A (zh) * 2020-12-24 2022-06-28 上海图灵加佳网络科技有限公司 银行间风险客户信息的共享方法、存储介质及电子设备
CN112581135A (zh) * 2020-12-28 2021-03-30 中国建设银行股份有限公司 区块链交易数据的访问与生成方法、装置及电子设备
CN113034136A (zh) * 2021-03-10 2021-06-25 全球能源互联网研究院有限公司 一种基于区块链的数据管理方法、装置及电子设备
CN112861102B (zh) * 2021-03-12 2024-02-06 杭州溪塔科技有限公司 基于区块链对电子文件的处理方法和系统
CN113658005A (zh) * 2021-04-28 2021-11-16 支付宝(杭州)信息技术有限公司 在区块链中执行交易的方法和区块链系统
CN113326250B (zh) * 2021-05-28 2024-02-09 中国科学技术大学 一种数据处理方法及系统
CN114172667A (zh) * 2021-06-15 2022-03-11 支付宝(杭州)信息技术有限公司 基于合约的隐私存证方法及装置
CN113553615A (zh) * 2021-07-07 2021-10-26 深圳前海新心数字科技有限公司 一种隐私数据共享系统的匹配查询方法
CN113449293A (zh) * 2021-07-14 2021-09-28 上海交通大学 基于可信执行环境的密文搜索系统与方法
CN114066637A (zh) * 2021-11-15 2022-02-18 深圳前海鸿泰源兴科技发展有限公司 一种基于物联网的金融分析系统与操作方法
CN114547704B (zh) * 2022-04-28 2022-08-02 恒生电子股份有限公司 基于分布式账本的数据处理方法以及装置
CN114785527B (zh) * 2022-06-17 2022-09-16 深圳市深圳通有限公司 数据传输方法、装置、设备及存储介质
CN117540430A (zh) * 2023-12-07 2024-02-09 北方工业大学 隐私数据的安全共享方法和系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616539A (zh) * 2018-05-03 2018-10-02 东莞市翔实信息科技有限公司 一种区块链交易记录访问的方法及系统
CN109831298A (zh) * 2019-01-31 2019-05-31 阿里巴巴集团控股有限公司 区块链中安全更新密钥的方法及节点、存储介质
CN110046521A (zh) * 2019-04-24 2019-07-23 成都派沃特科技股份有限公司 去中心化隐私保护方法
CN110580418A (zh) * 2019-11-08 2019-12-17 支付宝(杭州)信息技术有限公司 基于区块链账户的隐私数据查询方法及装置
US20200026834A1 (en) * 2018-07-23 2020-01-23 One Kosmos Inc. Blockchain identity safe and authentication system
CN111008228A (zh) * 2020-03-09 2020-04-14 支付宝(杭州)信息技术有限公司 区块链中账户隐私信息的查询方法及装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10013573B2 (en) * 2015-12-16 2018-07-03 International Business Machines Corporation Personal ledger blockchain
CN108537549A (zh) * 2018-04-18 2018-09-14 四川众之金科技有限公司 一种权限认证方法及装置
CN108712251A (zh) * 2018-05-28 2018-10-26 江苏众享金联科技有限公司 一种不同信任域下向区块链写入用户隐私信息的方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616539A (zh) * 2018-05-03 2018-10-02 东莞市翔实信息科技有限公司 一种区块链交易记录访问的方法及系统
US20200026834A1 (en) * 2018-07-23 2020-01-23 One Kosmos Inc. Blockchain identity safe and authentication system
CN109831298A (zh) * 2019-01-31 2019-05-31 阿里巴巴集团控股有限公司 区块链中安全更新密钥的方法及节点、存储介质
CN110046521A (zh) * 2019-04-24 2019-07-23 成都派沃特科技股份有限公司 去中心化隐私保护方法
CN110580418A (zh) * 2019-11-08 2019-12-17 支付宝(杭州)信息技术有限公司 基于区块链账户的隐私数据查询方法及装置
CN111008228A (zh) * 2020-03-09 2020-04-14 支付宝(杭州)信息技术有限公司 区块链中账户隐私信息的查询方法及装置

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113849797A (zh) * 2021-09-29 2021-12-28 深圳市电子商务安全证书管理有限公司 数据安全漏洞的修复方法、装置、设备及存储介质
CN113779637A (zh) * 2021-11-10 2021-12-10 腾讯科技(深圳)有限公司 一种属性数据处理方法、装置、设备以及介质
CN114003938A (zh) * 2021-11-11 2022-02-01 蓝象智联(杭州)科技有限公司 一种基于多头联盟的安全隐匿数据查询方法
CN114003938B (zh) * 2021-11-11 2022-05-31 蓝象智联(杭州)科技有限公司 一种基于多头联盟的安全隐匿数据查询方法
CN114117522A (zh) * 2021-11-23 2022-03-01 上海交通大学 基于区块链和可信执行环境的车联网数据共享实现方法
CN114117522B (zh) * 2021-11-23 2024-05-28 上海交通大学 基于区块链和可信执行环境的车联网数据共享实现方法
CN114826695A (zh) * 2022-04-07 2022-07-29 广州腾粤信息科技有限公司 一种基于区块链的交易数据的隐私保护系统
CN115208630B (zh) * 2022-06-15 2024-04-09 网易(杭州)网络有限公司 基于区块链的数据获取方法、系统及区块链系统
CN115208630A (zh) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 基于区块链的数据获取方法、系统及区块链系统
CN115314502A (zh) * 2022-07-12 2022-11-08 地心引力(武汉)科技有限公司 一种基于区块链技术的数据溯源与加密的方法与系统
CN115758396A (zh) * 2022-08-31 2023-03-07 兰州大学 基于可信执行环境的数据库安全访问控制技术
CN115965388B (zh) * 2022-12-30 2023-12-22 国网数字科技控股有限公司 基于区块链的产业链金融密态溯源方法、装置及相关设备
CN115965388A (zh) * 2022-12-30 2023-04-14 国网数字科技控股有限公司 基于区块链的产业链金融密态溯源方法、装置及相关设备
CN117521149A (zh) * 2024-01-03 2024-02-06 中电信量子科技有限公司 基于量子密码设备的文件系统流加解密方法及系统
CN117521149B (zh) * 2024-01-03 2024-03-19 中电信量子科技有限公司 基于量子密码设备的文件系统流加解密方法及系统
CN117709947A (zh) * 2024-02-05 2024-03-15 广东通莞科技股份有限公司 基于区块链的pos机结算权限管理方法
CN117709947B (zh) * 2024-02-05 2024-04-19 广东通莞科技股份有限公司 基于区块链的pos机结算权限管理方法

Also Published As

Publication number Publication date
CN111008228A (zh) 2020-04-14

Similar Documents

Publication Publication Date Title
WO2021179743A1 (fr) Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs
WO2021088548A1 (fr) Procédé et appareil d'interrogation de données de confidentialité sur la base d'un contrat intelligent
WO2021088547A1 (fr) Procédé et appareil d'interrogation de données privées de compte basés sur une chaîne de blocs
WO2021088546A1 (fr) Procédé et dispositif d'interrogation de données de confidentialité basés sur un compte de chaîne de blocs
WO2021088536A1 (fr) Procédé et appareil d'interrogation de données privées basés sur une autorisation hors chaîne
WO2021103794A1 (fr) Procédé permettant de réaliser une transaction de préservation de la vie privée hautement efficace dans une chaîne de blocs, et dispositif
WO2021082664A1 (fr) Procédé et appareil d'interrogation de données de confidentialité de chaîne de blocs
WO2020238255A1 (fr) Procédé et appareil de gestion de contrat intelligent en fonction d'une chaîne de blocs et dispositif électronique
WO2021184963A1 (fr) Procédé et appareil d'appel de contrat
WO2021088549A1 (fr) Procédé et appareil de configuration de requête d'autorisation basés sur un code de chaîne
WO2020233623A1 (fr) Procédé de stockage de reçu et nœud combinant un type de transaction et un état d'évaluation
WO2021088535A1 (fr) Procédé et dispositif d'interrogation de données privées basés sur un contrat intelligent
WO2021088533A1 (fr) Procédé et dispositif de partage de données privées
WO2020238959A1 (fr) Procédé et dispositif pour réaliser un chiffrement dynamique en fonction d'une hauteur de bloc
WO2020233631A1 (fr) Procédé et nœud de stockage de reçu basés sur le type de transaction
WO2020233630A1 (fr) Procédé et nœud de mémorisation de reçus en fonction du type d'utilisateur
WO2020233626A1 (fr) Procédé et nœud de stockage de reçu combinés à une limitation conditionnelle de types de transactions et d'utilisateurs
WO2020233635A1 (fr) Procédé de stockage de reçu combinant des restrictions conditionnelles de multiples types de dimensions et nœud
WO2020233625A1 (fr) Procédé de stockage de reçus combinant un type d'utilisateur, des conditions de détermination et un nœud
WO2021088543A1 (fr) Procédé et appareil de configuration d'interrogation d'autorisation basée sur un contrat intelligent
WO2020233615A1 (fr) Procédé de stockage de reçu combinant un type d'utilisateur et un type de fonction d'événement et nœud
WO2020233628A1 (fr) Procédé et nœud de stockage de reçu basés sur une combinaison d'un type de fonction d'événement et d'une condition d'évaluation
WO2020233619A1 (fr) Procédé et nœud de stockage de reçu en combinaison avec un type d'utilisateur et un type de transaction
WO2020233624A1 (fr) Procédé de mémorisation de reçus et nœud utilisant un type de transaction en combinaison avec un type de fonction d'événement
WO2020233632A1 (fr) Procédé et nœud de stockage de reçu basés sur un type de fonction d'événement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20924808

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20924808

Country of ref document: EP

Kind code of ref document: A1