WO2022001960A1 - 代理方法、设备及计算机可读存储介质 - Google Patents
代理方法、设备及计算机可读存储介质 Download PDFInfo
- Publication number
- WO2022001960A1 WO2022001960A1 PCT/CN2021/102766 CN2021102766W WO2022001960A1 WO 2022001960 A1 WO2022001960 A1 WO 2022001960A1 CN 2021102766 W CN2021102766 W CN 2021102766W WO 2022001960 A1 WO2022001960 A1 WO 2022001960A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- private data
- transaction
- proxy
- agent
- data
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000012795 verification Methods 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 33
- 238000005516 engineering process Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 10
- 230000006978 adaptation Effects 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 239000004744 fabric Substances 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1045—Proxies, e.g. for session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/4061—Push-to services, e.g. push-to-talk or push-to-video
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- Embodiments of the present application provide a proxy method, device, and computer-readable storage medium.
- an agent method provided by an embodiment of the present application which is used for a first agent, includes: acquiring transaction data of a user, where the transaction data includes a transaction request and private data; storing the private data locally, and Send the transaction request to the blockchain platform, so that the blockchain platform completes the transaction according to the transaction request; after completing the transaction, the private data is sent to the peer agent for transaction verification.
- a proxy method provided by an embodiment of the present application is used for a second proxy, including: acquiring private data sent by a peer proxy, the private data being stored in the peer proxy, and used for retrieving data sent by the peer proxy The transaction is verified by sending a transaction request to the blockchain platform; the transaction verification is performed on the private data.
- a computer-readable storage medium provided by an embodiment of the present application stores computer-executable instructions, where the computer-executable instructions are used to execute the first aspect embodiment or the second aspect embodiment. proxy method.
- FIG. 1 is a schematic diagram of a system architecture platform provided by an embodiment of the present application.
- FIG. 3 is a flowchart of a proxy method provided by another embodiment of the present application.
- FIG. 6 is a flowchart of a proxy method provided by another embodiment of the present application.
- FIG. 8 is a flow chart of the transaction process of Embodiment 1 of the present application.
- FIG. 9 is a flowchart of a data acquisition process in Embodiment 1 of the present application.
- This application provides a proxy method, proxy node, device and computer-readable storage medium proposed in this application.
- the transaction data includes transaction request and private data, and then sending the transaction request to the blockchain platform,
- the blockchain platform completes the transaction according to the transaction request, stores the private data locally, and sends the private data to the peer agent for transaction verification after the transaction is completed.
- FIG. 1 is a schematic diagram of a system architecture platform 100 for executing a proxy method provided by an embodiment of the present application.
- the system architecture platform 100 includes a business layer 120, a communication layer 150 and a storage layer 160, wherein the business layer 120 is used to submit a transaction request to the blockchain platform and notify the storage of private data; communication The layer 150 is used to establish a communication connection between the agent modules; the database is used to store the user's private data.
- the business layer 120 is used to send the transaction request to the blockchain platform, and the blockchain platform completes the transaction according to the transaction request, and passes The storage layer 160 stores the private data locally.
- the communication layer 150 is used to establish a communication connection with the peer agent, and the private data is sent to the peer agent for transaction verification, thereby completing the transaction.
- the system architecture platform 100 can be understood as an agent module that executes the agent method, and the agent module is deployed on the accounting node of the blockchain platform, that is, both parties to the transaction are connected to the blockchain platform through the agent module to conduct transactions, thus utilizing the blockchain
- the non-tampering characteristics of the technology ensure the credibility and traceability of the transaction.
- the private data is only traded between the local agents of both parties to the transaction, and the private data is stored in the agent mode for local storage. It will be uploaded on the blockchain platform, and the private data is only completed between the agent modules of both parties of the transaction, which effectively solves the problem that the private data of the blockchain platform is easily leaked.
- the transaction security is high, and the private data is effectively protected. function, and private data does not need to be on the chain, which can reduce the occupation of a large amount of storage space.
- the proxy module is responsible for connecting the blockchain platform and the local database for users, helping users to safely complete private data transactions.
- the proxy module includes an adaptation layer 110, a business layer 120, a model layer 130, an access layer 140, a communication layer 150 and a storage layer 160, wherein the adaptation layer 110 is used to adapt different blockchains through a unified interface of encapsulation
- the difference in platform interface supports different alliance chains, public and private blockchain platforms such as Hyperledger Fabric, Fisco Bcos, and Ethereum.
- the business layer 120 is mainly responsible for submitting transactions to the blockchain platform, and notifying the data management module to store and synchronize private data.
- the model layer 130 is used for unified modeling of smart contracts, transactions, private data, and configurations to provide support for storage and transactions.
- the access layer 140 is used to perform human-computer interaction with the transaction user through the Cli command line to complete the transaction agency and data synchronization functions.
- the communication layer 150 uses the gossip protocol to communicate with the proxy modules of other nodes, and uses a message queue to buffer messages sent by other proxy modules.
- the storage layer 160 is used to store the configuration information and private data of the agent module, wherein the configuration initialization information is used to configure the blockchain platform type, address, port, channel information, and access certificates that need to be connected; the private data is encrypted by the local database Storage, supports common databases such as couchDB and RocksDB.
- a smart contract is a computer protocol designed to disseminate, verify or execute contracts in an information-based manner
- blockchain can provide a decentralized and trusted environment, so smart contracts can be compatible with blockchain , that is, smart contracts can be implemented based on blockchain technology.
- the proxy module can provide a unified interface through the adaptation layer 110, which can support different blockchain platforms, make the system architecture platform 100 suitable for cross-blockchain platforms, and can solve the problem of privacy leakage in most blockchain platforms. question of risk.
- the system architecture platform 100 and the application scenarios described in the embodiments of the present application are for the purpose of illustrating the technical solutions of the embodiments of the present application more clearly, and do not constitute limitations on the technical solutions provided by the embodiments of the present application.
- the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.
- system architecture platform 100 shown in FIG. 1 does not constitute a limitation to the embodiments of the present application, and may include more or less components than those shown in the figure, or combine certain components, or different component layout.
- the adaptation layer 110 the service layer 120 , the model layer 130 , the access layer 140 , the communication layer 150 and the storage layer 160 can cooperate to execute the proxy method.
- FIG. 2 is a flowchart of a proxy method provided by an embodiment of the present application.
- the proxy method includes but is not limited to step S100, step S200, and step S300.
- Step S100 acquiring transaction data of the user, where the transaction data includes a transaction request and private data.
- the transaction process is implemented based on blockchain technology. It can be understood that transaction data needs to be generated according to the user's transaction content before the transaction, and then the transaction data is sent online, where the transaction content can be understood as the two parties to the transaction. The transaction details agreed in the offline, the two parties of the transaction can exchange account numbers and public keys with each other to produce transaction data and encrypt and decrypt the transaction data.
- step S200 the private data is stored locally, and a transaction request is sent to the blockchain platform, so that the blockchain platform completes the transaction according to the transaction request.
- the local storage of private data can be understood as using the local proxy module to store the private data, specifically using the storage layer of the local proxy module to store the private data; at the same time, the transaction request is sent to the blockchain platform, It can be understood that only the transaction request is sent to the blockchain platform, and the private data does not need to be sent to the blockchain platform, that is, the private data will not be uploaded to the chain.
- the blockchain platform will execute the corresponding transaction after receiving the transaction request.
- the transaction request includes the data that can be used by the blockchain platform to complete the transaction.
- the blockchain platform completes the transaction according to the transaction request on the premise that the two parties to the transaction can be identified.
- the private data will not be sent to the blockchain platform. Therefore, It can effectively avoid the leakage of private data, which is beneficial to improve the security of transactions.
- Step S300 after the transaction is completed, the private data is sent to the counterparty agent for transaction verification.
- the private data is stored in the local agent module, and after the transaction is completed on the blockchain platform, the private data is sent to the peer agent, and the peer agent can be understood as the corresponding transaction counterparty.
- Agent for example, the buyer is the data provider, the buyer's agent is the first agent, the seller is the data demander, and the seller's agent is the second agent.
- the first agent sends a transaction request to the blockchain platform and stores the private data Locally, after the transaction is completed, the first agent sends private data to the second agent for transaction verification, where the second agent can be understood as the opposite-end agent of the first agent.
- the private data will not be uploaded through the blockchain platform, and the private data will be directly traded between the agents, which effectively solves the problem that the private data of the blockchain platform is easily leaked.
- the problem is that the transaction security is high, and it can effectively protect the private data; and the private data does not need to be on the chain, that is, the on-chain data is isolated from the private data, which can not only ensure the traceability of the transaction, but also solve the problem caused by the private data on the chain. It takes up a lot of storage space and has the problem of privacy leakage, which effectively solves the problem of poor data privacy protection across blockchain platforms.
- step S100, step S200 and step S300 are the execution flow of the first agent, which belong to the execution steps on the data provider side in the transaction body, wherein the transaction verification step in step S300 is executed on the opposite end agent.
- step S100 before acquiring the user's transaction data, the following steps are also included but not limited to:
- Step S110 generating a digest according to the private data, encrypting the private data, and signing the encrypted private data;
- Step S120 Generate a transaction request according to the digest and the signature.
- a summary is generated according to the private data, and the summary may be understood as a content summary of the private data.
- the provider of the transaction data uses its own private key to sign the private data, and the use of the signature can facilitate the verification of the identity of the data provider.
- the locally stored private data is encrypted and signed data to ensure the security of the private data.
- Generate a transaction request according to the digest and signature that is, the transaction request includes the digest and signature, but is not limited to only the digest and signature.
- the transaction request can also include the accounts of both parties to the transaction, etc.
- the local agent sends the transaction request including the digest and signature to the Blockchain platform, the blockchain platform initiates the transaction and completes the transaction accounting between the two agents through the smart contract.
- the transaction accounting contains the summary of private data and the signature information, which ensures that the transaction can be traced and secured. higher.
- step S300 after completing the transaction, the private data is sent to the counterparty agent for transaction verification, which further includes but is not limited to the following steps:
- Step S310 Send a push request to the peer proxy
- Step S320 Receive the response information sent by the peer agent according to the push request
- Step S330 Send private data to the opposite-end proxy according to the response information, so that the opposite-end proxy performs transaction verification according to the private data.
- the proxy module of the data provider initiates the push process of private data to the proxy module of the data demander.
- the first agent acts as the sending side of private data and acts as an agent for the data provider;
- the second agent acts as the receiving side of private data and acts as an agent for the data demander.
- Step S311 the first agent establishes a Transport Layer Security (TLS) link to the second agent, and initiates a push request, so that the second agent returns an agree response according to the push request, and returns the requested random number;
- TLS Transport Layer Security
- Step S321 the first agent receives the response information of the second agent, and pushes the private data to the second agent, including the push flow and summary information;
- Step S331 After completing the private data push, the first agent sends an end message to the second agent.
- the parameters of the push request include the ID of the first agent, the channel number, the account number of the recipient, the transaction ID and the random number. If the private data to be pushed is large, it can be sent in sub-packages. In addition, after the push of the private data is completed, the second agent verifies the private data and stores it locally, thereby completing the sending of the private data.
- the first agent sends private data to the second agent through the Gossip protocol.
- the Gossip protocol is a widely used protocol in distributed systems and is mainly used to realize information exchange between distributed nodes or processes. Meet the requirements of low load, high reliability and scalability required by application layer multicast protocols.
- the proxy method further includes but is not limited to the following steps:
- Step S400 Receive a synchronization request from the peer agent, and return a summary list of private data according to the synchronization request, so that the peer agent compares with the private data stored by itself according to the summary list, and returns the request list when it is determined that the private data is missing;
- Step S500 Send private data to the peer proxy according to the request list.
- the synchronization request can be understood as the synchronization request of private data. Since there is data loss or failure in the sending process of private data, in order to ensure the consistency of private data in the proxy storage of both parties of the transaction and meet the requirements of transaction verification, After the private data is sent, the peer proxy will initiate a synchronization request.
- Step S410 the first agent receives the synchronization request from the second agent
- Step S420 The first agent returns the summary list of private data that meets the conditions and the requested random number according to the synchronization request, so that the second agent determines the missing private data after comparing it with the summary of the private data stored by itself, and makes the second agent sending a request list to the first agent;
- Step S510 the first agent sequentially pushes private data to the second agent according to the request list
- Step S520 After completing the push of all private data, the first agent sends a push end message to the second agent.
- the information of the synchronization request includes the agent ID, the range filtering parameters of the synchronization data (for example, time, account number, transaction ID, etc.) and a random number (marking this request).
- the second agent sends a synchronization request for private data to the first agent through the TLS link.
- the second agent verifies the private data and stores it locally.
- the synchronization process of private data is performed periodically by all agents, that is, in the embodiment, the first agent periodically receives synchronization requests from the second agent, thereby effectively solving the problem of loss of private data.
- Step S600 when the storage time of the private data exceeds the preset storage time, delete the private data.
- the private data is stored on the local proxy module, for example, the private data of the first proxy is stored on the proxy module of the first proxy, the private data of the second proxy is stored on the proxy module of the second proxy, and the proxy module Periodically clear the locally stored private data to ensure that the agent module has enough storage space.
- the proxy method is an execution step on the side of the data demander in a transaction subject, and the subject executing the steps of the proxy method is the peer in step S300 of the embodiment. acting.
- the proxy method includes but is not limited to the following steps:
- Step S101 obtaining private data sent by the peer agent, the private data is stored in the peer agent, and used to verify the transaction performed by the peer agent by sending a transaction request to the blockchain platform;
- Step S201 Perform transaction verification on the private data.
- the peer proxy in this embodiment is the first proxy
- the second proxy obtains the private data sent by the first proxy, And perform transaction verification on private data.
- the process of sending private data from the first agent to the second agent reference may be made to the process of the embodiment shown in FIG. 2 , and details are not repeated here.
- step S201 the transaction verification is performed on the private data, which further includes but is not limited to the following steps:
- Step S211 Perform signature verification on the private data to confirm the user who provides the private data
- Step S212 Decrypt the private data, and generate a comparison summary from the decrypted private data, so as to compare the comparison summary with the summary of the private data of the peer agent to confirm whether the private data is valid.
- the second agent stores the received private data locally, and the data demander obtains the private data through the second agent, and uses the public key to perform signature verification on the private data to confirm the identity of the user who provided the private data. For example, if the verified signatures are consistent, it is confirmed that the data provider of the private data is the object of the transaction.
- the second agent decrypts the private data with the private key, and generates a comparison summary of the decrypted private data, and the comparison summary can be compared with the summary of the private data sent by the first agent to determine the private data. Whether it has been tampered with, if the comparison summary is inconsistent with the sent summary, it can be considered that the private data has been tampered with, and the transaction process can be traced to ensure the security of data transactions.
- the proxy method further includes but is not limited to the following steps:
- Step S301 Send a synchronization request to the peer agent
- Step S302 Receive a summary list of private data returned by the peer agent according to the synchronization request, and compare the summary list with the private data stored by itself;
- the peer agent is the first agent
- the second agent sends a synchronization request to the peer agent
- the first agent returns a summary list of private data according to the synchronization request
- the second agent returns a summary list of private data according to the summary list and the private data stored by itself. Compare to see if private data is missing.
- the second agent determines the missing private data, it returns a request list to the first agent, and the first agent sends the private data according to the request list, thereby completing the synchronization operation of the private data.
- the synchronization process of private data is performed by all agents periodically, and the second agent periodically requests synchronization to the first agent, thereby ensuring the consistency of the private data stored in the first agent and the second agent.
- the deployment process includes the following steps:
- Step S701 Deploy the agent program to the environment where the local blockchain node is located, place the certificate in the cert certificate directory, and place the smart contract to be installed in the corresponding language in the contracts directory;
- Step S703 Modify the config/config.yaml configuration file to complete the relevant configuration of the locally connected blockchain platform;
- Step S705 the deployment process ends.
- the fabric platform includes the organization name, peer and orderer addresses, and certificate configuration.
- the transaction process includes the following steps:
- Step S708 the first agent uploads the encrypted private data to the local accounting node and stores it in the local database;
- Step S709 The first agent pushes the private data to the second agent of the accounting node where the user B is located, and the second agent receives the private data and stores it in the local database to complete the private data transaction.
- the transaction accounting includes summary information of private data to ensure that the transaction can be traced back, and the smart contract can automatically complete the deduction of user B's points and the increase of user A's points.
- the data acquisition process includes the following steps:
- Step S710 User B obtains private data from the second agent, and provides the transaction account number and transaction ID;
- Step S711 the second agent confirms that the private data belongs to user B according to the transaction account number and transaction ID, and returns the address for obtaining the private data to user B;
- Step S712 User B obtains the private data through the address, and uses the public key of User A to verify the signature of the private data, confirming that the data is the data provided by User A;
- Step S713 User B decrypts the private data with the private key, and generates a comparison summary for the private data, and compares it with the summary provided by User A to confirm that the data has not been tampered with;
- Step S714 End the private data acquisition process.
- Embodiment 2 is a diagrammatic representation of Embodiment 1:
- the deployment process includes the following steps:
- Step S803 Modify the config/config.yaml configuration file to complete the relevant configuration of the locally connected blockchain platform;
- Step S804 Execute the proxy start command to start the proxy service program
- Step S805 the deployment process ends.
- the Fabric platform includes the organization name, peer, orderer address, encryption algorithm and certificate configuration.
- the transaction process includes the following steps:
- Step S806 User A submits a transaction through the first agent, including encrypted private data, digest, signature, transaction party B's affiliation organization and account number;
- Step S807 The first agent initiates a transaction to the blockchain platform, and completes transaction accounting through a smart contract;
- Step S808 the first agent uploads the encrypted data to the local blockchain accounting node and stores it in the local database
- Step S809 The first agent pushes the private data to the second agent of the billing node where the user B is located, and the second agent receives the data and stores it in the local database to complete the private data transaction.
- the transaction accounting includes summary information of private data to ensure that the transaction can be traced back, and the smart contract can automatically complete the deduction of user B's points and the increase of user A's points.
- the data acquisition process includes the following steps:
- Step S810 User B obtains private data from the second agent, and provides the transaction account number and transaction ID;
- Step S811 the second agent confirms that the private data belongs to user B according to the transaction account number and transaction ID, and returns the address for obtaining the private data to user B;
- Step S812 User B obtains the private data through the address, and uses the public key of User A to verify the signature of the private data, confirming that the data is the data provided by User A;
- Step S813 User B decrypts the private data with the private key, generates a comparison summary for the private data, and compares it with the summary provided by User A to confirm that the data has not been tampered with;
- Step S814 End the private data acquisition process.
- an embodiment of the present application also provides a device, the device includes: a memory, a processor, and a computer program stored on the memory and executable on the processor.
- the processor and memory may be connected by a bus or otherwise.
- the memory can be used to store non-transitory software programs and non-transitory computer-executable programs.
- the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device.
- the memory may include memory located remotely from the processor, which may be connected to the processor through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
- the terminal in this embodiment may include the system architecture platform 100 in the embodiment shown in FIG. 1 , and the terminal in this embodiment and the system architecture platform 100 in the embodiment shown in FIG. 1 belong to the same Therefore, these embodiments have the same realization principle and technical effect, and will not be described in detail here.
- the non-transitory software programs and instructions required to implement the proxy method of the above embodiment are stored in the memory, and when executed by the processor, the proxy method in the above embodiment is executed, for example, the method steps in FIG. 2 described above are executed S100 to S300, method steps S110 to S120 in FIG. 3, method steps S310 to S330 in FIG. 4, method steps S400 to S500 in FIG. 5, method steps S100 to S102 in FIG. Method steps S701 to S705 , method steps S706 to S709 in FIG. 8 , and method steps S710 to S714 in FIG. 9 .
- an embodiment of the present application also provides a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are executed by a processor or controller, for example, by the above-mentioned
- the execution of a processor in the terminal embodiment can cause the above-mentioned processor to execute the proxy method in the above-mentioned embodiment, for example, to execute the above-described method steps S100 to S300 in FIG. 2 , method steps S110 to S120 in FIG. 3 , Method steps S310 to S330 in FIG. 4 , method steps S400 to S500 in FIG. 5 , method steps S100 to S102 in FIG. 6 , method steps S701 to S705 in FIG. 7 , method steps S706 in FIG. 8 Go to step S709, and step S710 to step S714 of the method in FIG. 9 .
- the embodiments of the present application include: by acquiring the user's transaction data, the transaction data includes transaction requests and private data, and then sending the transaction request to the blockchain platform, the blockchain platform completes the transaction according to the transaction request, and locally stores the private data. , after the transaction is completed, the private data is sent to the peer agent for transaction verification.
- the non-tamperable feature of blockchain technology is used to ensure the credibility and traceability of the transaction, and the private data is only between the local agents of both parties to the transaction.
- Conduct transactions, and store private data locally that is, private data will not be uploaded through the blockchain platform, effectively solving the problem of easy leakage of private data on the blockchain platform, high transaction security, and effective for private data. Protection, suitable for cross-blockchain platforms, and private data does not need to be on the chain, which can reduce the occupation of a large amount of storage space.
- Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
- communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Multimedia (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Hardware Redundancy (AREA)
Abstract
Description
Claims (13)
- 一种代理方法,用于第一代理,包括:获取用户的交易数据,所述交易数据包括交易请求和私有数据;将所述私有数据进行本地存储,并向区块链平台发送所述交易请求,以使区块链平台根据所述交易请求完成交易;在完成交易后将所述私有数据发送至对端代理进行交易核验。
- 根据权利要求1所述的代理方法,其中,所述获取用户的交易数据前,还包括:根据所述私有数据生成摘要,并对所述私有数据进行加密,并对加密后的所述私有数据进行签名;根据所述摘要和所述签名生成所述交易请求。
- 根据权利要求1所述的代理方法,其中,所述在完成交易后将所述私有数据发送至对端代理进行交易核验,包括:向对端代理发送推送请求;接收对端代理根据所述推送请求发出的响应信息;根据所述响应信息向对端代理发送所述私有数据,以使对端代理根据所述私有数据进行交易核验。
- 根据权利要求3所述的代理方法,其中,所述根据所述响应信息向对端代理发送所述私有数据,包括:根据所述响应信息通过Gossip协议向对端代理发送所述私有数据。
- 根据权利要求1至4任一项所述的代理方法,其中,还包括:当所述私有数据的存储时间超过预设保存时间,删除所述私有数据。
- 根据权利要求1所述的代理方法,还包括:接收对端代理的同步请求,并根据所述同步请求返回所述私有数据的摘要列表,以使对端代理根据所述摘要列表与自身存储的所述私有数据进行对比,并当确定缺失私有数据,返回请求列表;根据所述请求列表向对端代理发送所述私有数据。
- 根据权利要求6所述的代理方法,其中,所述接收对端代理的同步请求,包括:定期执行接收对端代理的同步请求。
- 一种代理方法,用于第二代理,包括:获取对端代理发送的私有数据,所述私有数据保存于对端代理,且用于对由对端代理通过向区块链平台发送交易请求而进行的交易进行核验;对所述私有数据进行交易核验。
- 根据权利要求8所述的代理方法,其中,所述对所述私有数据进行交易核验,包括:对所述私有数据进行签名验证,以确认提供所述私有数据的用户;对所述私有数据进行解密,并将解密的所述私有数据生成对比摘要,以将所述对比摘要与对端代理的私有数据的摘要进行对比,确认所述私有数据是否有效。
- 根据权利要求8所述的代理方法,还包括:向对端代理发送同步请求;接收对端代理根据同步请求返回所述私有数据的摘要列表,并根据所述摘要列表与自 身存储的所述私有数据进行对比;当确定缺失私有数据,向对端代理返回请求列表,以使对端代理根据请求列表发送所述私有数据。
- 根据权利要求10所述的代理方法,其中,所述向对端代理发送同步请求,包括:定期执行向对端代理发送同步请求。
- 一种设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现如权利要求1至11中任意一项所述的代理方法。
- 一种计算机可读存储介质,存储有计算机可执行指令,其中,所述计算机可执行指令用于执行如权利要求1至11中任意一项所述的代理方法。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022581656A JP7488379B2 (ja) | 2020-06-28 | 2021-06-28 | プロキシ方法、装置及びコンピュータ可読記憶媒体 |
KR1020237002756A KR20230027284A (ko) | 2020-06-28 | 2021-06-28 | 프록시 방법, 디바이스 및 컴퓨터 판독 가능한 저장 매체 |
AU2021300461A AU2021300461A1 (en) | 2020-06-28 | 2021-06-28 | Proxy method, device, and computer-readable storage medium |
US18/003,393 US20230247106A1 (en) | 2020-06-28 | 2021-06-28 | Proxy method, device, and computer-readable storage medium |
EP21832546.2A EP4174702A4 (en) | 2020-06-28 | 2021-06-28 | PROXY METHOD, APPARATUS AND COMPUTER READABLE STORAGE MEDIUM |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010599762.3 | 2020-06-28 | ||
CN202010599762.3A CN113849851A (zh) | 2020-06-28 | 2020-06-28 | 代理方法、设备及计算机可读存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022001960A1 true WO2022001960A1 (zh) | 2022-01-06 |
Family
ID=78972607
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/102766 WO2022001960A1 (zh) | 2020-06-28 | 2021-06-28 | 代理方法、设备及计算机可读存储介质 |
Country Status (7)
Country | Link |
---|---|
US (1) | US20230247106A1 (zh) |
EP (1) | EP4174702A4 (zh) |
JP (1) | JP7488379B2 (zh) |
KR (1) | KR20230027284A (zh) |
CN (1) | CN113849851A (zh) |
AU (1) | AU2021300461A1 (zh) |
WO (1) | WO2022001960A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4344154A1 (en) * | 2022-09-21 | 2024-03-27 | Sandvine Corporation | System and method for managing network traffic in a distributed environment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737374A (zh) * | 2018-04-12 | 2018-11-02 | 三维通信股份有限公司 | 一种区块链中数据存储的隐私保护方法 |
CN109033426A (zh) * | 2018-08-10 | 2018-12-18 | 杭州数澜科技有限公司 | 基于私有区块链网络的保存数据操作信息的方法及系统 |
CN109313753A (zh) * | 2016-04-01 | 2019-02-05 | 摩根大通国家银行 | 用于在私有分布式账本中提供数据隐私的系统和方法 |
US20190349203A1 (en) * | 2018-05-08 | 2019-11-14 | Sap Se | Mediated anonymity for permissioned, distributed-ledger networks |
CN110502905A (zh) * | 2019-07-10 | 2019-11-26 | 布比(北京)网络技术有限公司 | 一种隐私保护的分布式账本交易方法和系统 |
CN111294379A (zh) * | 2018-12-10 | 2020-06-16 | 北京沃东天骏信息技术有限公司 | 区块链网络服务平台及其权限托管方法、存储介质 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100319061A1 (en) | 2007-02-06 | 2010-12-16 | Makoto Hatakeyama | Personal information managing device, service providing device, program, personal information managing method, checking method and personal information checking system for falsification prevention of personal information and non repudiation of personal information circulation |
JP6413792B2 (ja) | 2015-01-22 | 2018-10-31 | 日本電気株式会社 | ストレージシステム |
EP3292484B1 (en) | 2015-05-05 | 2021-07-07 | Ping Identity Corporation | Identity management service using a block chain |
US10255342B2 (en) * | 2017-04-12 | 2019-04-09 | Vijay K. Madisetti | Method and system for tuning blockchain scalability, decentralization, and security for fast and low-cost payment and transaction processing |
GB201721021D0 (en) | 2017-12-15 | 2018-01-31 | Nchain Holdings Ltd | Computer-implemented methods and systems |
US10878429B2 (en) | 2018-03-28 | 2020-12-29 | Konstantinos Bakalis | Systems and methods for using codes and images within a blockchain |
WO2019237126A1 (en) | 2018-06-08 | 2019-12-12 | Gcp Ip Holdings I, Llc | Blockchain overwatch |
US10853353B2 (en) * | 2018-08-03 | 2020-12-01 | American Express Travel Related Services Company, Inc. | Blockchain-enabled datasets shared across different database systems |
JP6566278B1 (ja) | 2018-08-08 | 2019-08-28 | 株式会社DataSign | パーソナルデータ管理システム |
US11651365B2 (en) * | 2018-09-05 | 2023-05-16 | Atrium Separate Ip Holdings Number 4, Llc | Blockchain architecture, system, method and device for automated cybersecurity and data privacy law compliance with proprietary off-chain storage mechanism |
CN109377221B (zh) | 2018-10-16 | 2021-09-03 | 杭州趣链科技有限公司 | 一种基于联盟区块链的隐私交易保护的方法 |
CN110059495B (zh) * | 2018-12-14 | 2020-11-17 | 创新先进技术有限公司 | 数据共享方法、装置及系统、电子设备 |
US11106659B2 (en) | 2019-04-28 | 2021-08-31 | Advanced New Technologies Co., Ltd. | Blockchain-based recording and querying operations |
-
2020
- 2020-06-28 CN CN202010599762.3A patent/CN113849851A/zh active Pending
-
2021
- 2021-06-28 WO PCT/CN2021/102766 patent/WO2022001960A1/zh unknown
- 2021-06-28 KR KR1020237002756A patent/KR20230027284A/ko unknown
- 2021-06-28 US US18/003,393 patent/US20230247106A1/en active Pending
- 2021-06-28 AU AU2021300461A patent/AU2021300461A1/en active Pending
- 2021-06-28 JP JP2022581656A patent/JP7488379B2/ja active Active
- 2021-06-28 EP EP21832546.2A patent/EP4174702A4/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109313753A (zh) * | 2016-04-01 | 2019-02-05 | 摩根大通国家银行 | 用于在私有分布式账本中提供数据隐私的系统和方法 |
CN108737374A (zh) * | 2018-04-12 | 2018-11-02 | 三维通信股份有限公司 | 一种区块链中数据存储的隐私保护方法 |
US20190349203A1 (en) * | 2018-05-08 | 2019-11-14 | Sap Se | Mediated anonymity for permissioned, distributed-ledger networks |
CN109033426A (zh) * | 2018-08-10 | 2018-12-18 | 杭州数澜科技有限公司 | 基于私有区块链网络的保存数据操作信息的方法及系统 |
CN111294379A (zh) * | 2018-12-10 | 2020-06-16 | 北京沃东天骏信息技术有限公司 | 区块链网络服务平台及其权限托管方法、存储介质 |
CN110502905A (zh) * | 2019-07-10 | 2019-11-26 | 布比(北京)网络技术有限公司 | 一种隐私保护的分布式账本交易方法和系统 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4174702A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4344154A1 (en) * | 2022-09-21 | 2024-03-27 | Sandvine Corporation | System and method for managing network traffic in a distributed environment |
Also Published As
Publication number | Publication date |
---|---|
CN113849851A (zh) | 2021-12-28 |
US20230247106A1 (en) | 2023-08-03 |
KR20230027284A (ko) | 2023-02-27 |
EP4174702A1 (en) | 2023-05-03 |
EP4174702A4 (en) | 2023-11-22 |
JP7488379B2 (ja) | 2024-05-21 |
AU2021300461A1 (en) | 2023-03-09 |
JP2023532356A (ja) | 2023-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110912937B (zh) | 一种基于区块链的数字存证平台和存证方法 | |
KR102065315B1 (ko) | 블록체인 기반 파일 보관 및 공유 시스템 및 방법 | |
CN112491847B (zh) | 区块链一体机及其自动建链方法、装置 | |
CN112686668B (zh) | 联盟链跨链系统及方法 | |
CN111541724B (zh) | 区块链一体机及其节点自动加入方法、装置 | |
US20160261690A1 (en) | Computing device configuration and management using a secure decentralized transaction ledger | |
CN111541552B (zh) | 区块链一体机及其节点自动加入方法、装置 | |
TW202030656A (zh) | 跨鏈用權系統及方法、裝置、電子設備、儲存媒體 | |
WO2021203853A1 (zh) | 密钥生成方法、装置、设备及介质 | |
KR20220006623A (ko) | 블록체인 합의 방법, 디바이스 및 시스템 | |
CN109241754B (zh) | 一种基于区块链的云文件重复数据删除方法 | |
US20130173747A1 (en) | System, method and apparatus providing address invisibility to content provider/subscriber | |
CN111740966B (zh) | 一种基于区块链网络的数据处理方法及相关设备 | |
US11582034B2 (en) | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology | |
CN112804354B (zh) | 跨链进行数据传输的方法、装置、计算机设备和存储介质 | |
CN112702402A (zh) | 基于区块链技术实现政务信息资源共享和交换的系统、方法、装置、处理器及其存储介质 | |
WO2020252611A1 (zh) | 一种数据交互方法及相关设备 | |
CN108829539A (zh) | 数据备份、数据恢复方法及设备 | |
CN114051031B (zh) | 基于分布式身份的加密通讯方法、系统、设备及存储介质 | |
TW202007115A (zh) | 基於跨鏈架構的身分識別管理系統及其方法 | |
WO2022001960A1 (zh) | 代理方法、设备及计算机可读存储介质 | |
CN117319412A (zh) | 一种区块链网络的管理方法及相关设备 | |
CN114172730A (zh) | 面向链上链下结合文件区块链的跨链方法及中间系统 | |
CN110784318B (zh) | 群密钥更新方法、装置、电子设备、存储介质及通信系统 | |
CN111709053A (zh) | 基于松散耦合交易网络的作业方法及作业装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21832546 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022581656 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2021832546 Country of ref document: EP Effective date: 20230124 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021300461 Country of ref document: AU Date of ref document: 20210628 Kind code of ref document: A |