CN113722749A - Data processing method and device for block chain BAAS service based on encryption algorithm - Google Patents
Data processing method and device for block chain BAAS service based on encryption algorithm Download PDFInfo
- Publication number
- CN113722749A CN113722749A CN202010452112.6A CN202010452112A CN113722749A CN 113722749 A CN113722749 A CN 113722749A CN 202010452112 A CN202010452112 A CN 202010452112A CN 113722749 A CN113722749 A CN 113722749A
- Authority
- CN
- China
- Prior art keywords
- file
- information
- client
- block
- storage position
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 67
- 238000003672 processing method Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims abstract description 20
- 238000012545 processing Methods 0.000 claims abstract description 8
- 238000004891 communication Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 5
- 238000000034 method Methods 0.000 abstract description 29
- 238000005516 engineering process Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 6
- 238000012795 verification Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 229910052739 hydrogen Inorganic materials 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 238000007792 addition Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009792 diffusion process Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a data processing method and a data processing device of a block chain BAAS service based on an encryption algorithm, wherein the method comprises the following steps: acquiring file characteristic information and a public key uploaded by a first client; storing the file characteristic information in the corresponding first block; acquiring a file acquisition request initiated by a second client for acquiring a file to be transmitted; sending the file characteristic information to a second client according to the file acquisition request so that the second client decrypts the storage position encryption information according to a second private key to obtain storage position information, and obtaining an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key. According to the method and the system, only the public key is stored on the platform, so that the private key of the user can be stored in the local client in an encrypted manner, even if an attacker obtains the public key of the user and deduces the block address of related information, the information obtained by inquiry is still in a ciphertext state, the user information cannot be cracked, and the safety of the information can be effectively guaranteed.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a data processing method and apparatus for a blockchain BAAS service based on an encryption algorithm.
Background
The blockchain is a distributed application, decentralized and multi-node, even if there is spv authentication mode, it still requires a part of nodes to download complete data records, taking bitcoin as an example, at present, several hundreds of G of data are challenging for local computing resources and storage resources along with the continuous increase of data volume. The BAAS service platform with large stock is formed by combining the block chains with the cloud computing storage platform.
Block chain service: the method has the advantages that the broad understanding is realized, the block chain application, such as public chains of bitcoin, ether house and the like, the nodes are directly deployed on a cloud platform, the nodes provide operations of inquiry, transaction, block generation and the like, the bottom layer uses cloud computing resources and cloud storage space, the simple understanding is block chain service, the public chain extension application, such as storage certificate type factor, digital identity type uPort and the like, the fault tolerance of the cloud platform, the multilink load of a network and the dynamic adjustment of computing resources, the service of the nodes in the block chain can be better realized, the operation cost of the nodes is saved from a certain angle, and the interaction efficiency between the whole systems is improved. Certainly, the word of the blockchain service is understood to be that a blockchain application is built on a cloud platform, and business directly accesses the blockchain application platform on the cloud platform, and in combination with the figure, a blockchain browser, a digital currency transaction platform and some existing blockchain systems provide open services.
For blockchain technology services: block chain technology is colloquially said to be: the combination of technologies such as encryption technology, consensus mechanism, P2P network, distributed system, etc., so that the blockchain technology in the cloud platform refers to a blockchain architecture framework or a blockchain operating system after the combination of these technologies, mainly to multiple frameworks such as hyper leader, multichain, etherhouse private chain, etc., and these frameworks are used to combine the application service requirements to develop applications suitable for services, even these application requirements are superior to the existing internet technology, and this way is called blockchain technical service.
The baas (blockchain as a service) refers to a blockchain open platform which embeds a blockchain frame into a cloud computing platform, provides a convenient and high-performance blockchain ecological environment and ecological matching service for developers by using the deployment and management advantages of cloud service infrastructure, and supports the business expansion and operation support of the developers. Typically, a complete BAAS solution includes four major links, namely device access, access control, service monitoring, and a blockchain platform.
Currently, blockchain service systems are used in a variety of industries, such as information sharing, copyright protection, logistics chain, supply chain finance, cross-border payments, asset digitization, tokens, and so forth. In many important application fields, the blockchain BAAS service platform needs to have high security and credibility to ensure the practicability of the BAAS service platform.
The domestic cryptographic algorithm (national cryptographic algorithm) is a domestic commercial cryptographic algorithm identified by the national crypto authority, and at present, three types of algorithms, namely an asymmetric algorithm, a hash algorithm and a symmetric algorithm, which are published by SM2, SM3 and SM4 are mainly used, and the key length and the packet length are both 128 bits.
The national cipher algorithm is a series of algorithms which are set by the national cipher bureau. The method comprises a symmetric encryption algorithm, an elliptic curve asymmetric encryption algorithm and a hash algorithm. Specifically include SM1, SM2, SM3 etc. wherein:
SM2 is a public key algorithm published by the national crypto authority with an encryption strength of 256 bits. Several other important commercial cryptographic algorithms include:
SM1, symmetric encryption algorithm, encryption intensity is 128 bits, and hardware is adopted for realization;
SM3, cryptographic hash algorithm, hash value length 32 bytes, published contemporaneously with SM2 algorithm, see "national crypto authority bulletin (No. 22)";
SM4, a symmetric encryption algorithm, published with the WAPI standard, can be implemented using software with an encryption strength of 128 bits.
The commercial cipher is a technology capable of realizing functions such as encryption, decryption, authentication, and the like of a commercial cipher algorithm. (including cryptographic algorithm programming technology and cryptographic algorithm chip, encryption card and other implementation technology). The commercial cryptography is the core of the commercial cryptography, the country puts the commercial cryptography into the national secret, and any unit and person have responsibility and obligation to protect the secret of the commercial cryptography.
The application field of the commercial password is very wide, and the commercial password is mainly used for carrying out encryption protection on sensitive internal information, administrative affair information, economic information and the like which do not relate to national secret content. Such as: the commercial password can be used for enterprise access control management, transmission encryption and storage encryption of various sensitive information in an enterprise, and an illegal third party is prevented from obtaining information content; and the method can also be used for various safety certifications, online banking, digital signatures and the like.
For example: in the entrance guard application, the SM1 algorithm is adopted for identity authentication and data encryption communication, so that the card validity verification is realized, and the identity identification authenticity is ensured. Safety is a key problem in relation to the interests of countries, city information, industry users and common people. The national password administration also provides guidance suggestions aiming at the construction, upgrading and reconstruction application of the existing important access control system, and strengthens the standardized construction of chips, cards and systems. At present, cases of upgrading the national secret access control system are gradually increased, and the CPU card, the CPU card read-write device and the key management system based on the independent domestic intellectual property are widely concerned. Some manufacturers like Ruilan introduced the CPU card security entrance guard series in 2009, and in Beijing Anbo in 2010, the manufacturers again showed mainstream products and systems such as "Imperial" series CPU card entrance guard system, TF-DF6000 series security entrance guard card reader, and one-card system based on CPU card technology to the industry. These manufacturers are pioneers of national secret access control products popularized in China, so that the imperial series CPU card access control system is widely applied to high-safety fields such as governments, prisons, judicial laws, military enterprises, large-scale public intelligent buildings and the like.
Security is the core of smart cards, and algorithms are the basis for security.
The national cryptographic algorithm is issued by the national cryptographic bureau and comprises an SM1\ SM2\ SM3\ SM4\ SSF33 algorithm; international algorithms are promulgated by the security agency in the united states and are the most commonly used commercial algorithms today. We take packet cipher algorithms (DES and SM4), public key cipher algorithms (RSA and SM2), digest algorithms (SM3) as examples, and talk about the differences between international and national cipher algorithms.
The block cipher algorithm is international DES and domestic SM 4.
Block cipher is a cipher in which plaintext data is grouped according to a fixed length and then encrypted group by group under the control of the same key, so that each plaintext block is converted into a ciphertext block with the same length. Where the length of the binary plaintext block is referred to as the block size of the block cipher.
The implementation principle of the block cipher is as follows:
(1) the method has to be simple to implement, is easy to encrypt and decrypt when a secret key is known, and is suitable for hardware and/or software implementation.
(2) The encryption and decryption speed, the consumed resources and the cost are lower, and the requirements of a specific application range can be met.
The design of block ciphers basically follows the principle of confusion and the principle of diffusion.
The confusion principle is to make the statistical relationship and algebraic relationship among the ciphertext, the plaintext and the key as complicated as possible, so that even if an adversary obtains the ciphertext and the plaintext, the adversary cannot obtain any information of the key, and even if the statistical regularity of the ciphertext and the plaintext is obtained, the adversary cannot obtain any information of the plaintext.
The diffusion principle is to scatter the statistical and structural rules of the plaintext into a long statistical segment. That is, each bit in the plaintext affects as many bits as possible in the ciphertext, or each bit in the ciphertext is affected by as many bits as possible in the plaintext.
In view of the technical problems in the related art, no effective solution is provided at present.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, the present application provides a data processing method and apparatus for a blockchain BAAS service based on an encryption algorithm.
In a first aspect, the present application provides a data processing method for a blockchain BAAS service based on an encryption algorithm, including:
acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in a first local end corresponding to a first client by the public key;
storing the file characteristic information in a corresponding first block;
acquiring a file acquisition request initiated by a second client for acquiring the file to be transmitted;
sending the file characteristic information to a second client according to the file acquisition request so that the second client decrypts the storage position encryption information according to a second private key to obtain the storage position information, and obtaining an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
Optionally, as in the foregoing data processing method, storing the file characteristic information in the corresponding first block includes:
receiving and obtaining the public key, the file hash value, the timestamp and the data signature value sent by the first client; the public key is generated for the first client, the file hash value is obtained by the first client performing hash operation on the file to be transmitted through a preset hash algorithm, the timestamp is obtained by the first client according to the time information of the file to be transmitted, and the data signature value is obtained by the first client performing signature on the file hash value and the timestamp through a preset public key algorithm;
obtaining a corresponding block address according to the public key;
and obtaining the first block according to the block address, wherein the file hash value, the timestamp and the data signature value are stored in a block body of the first block.
Optionally, as in the foregoing data processing method, the method further includes:
acquiring a registration request and registration information sent by the first client; the registration information comprises account information and a login password;
after the registration information is verified according to the registration request, generating a public key and a first private key corresponding to the registration information; the public key and the first private key are arranged correspondingly;
and sending the private key to the first client.
Optionally, as in the foregoing data processing method, before obtaining the file feature information and the public key uploaded by the first client, the method further includes:
acquiring account login information sent by the first client; the account login information comprises account information and a login password;
and when the account information and the login password corresponding to the account information are obtained by inquiring in a preset database, receiving an access request of the first client.
Optionally, as in the foregoing data processing method, storing the file feature information in a corresponding block includes:
determining block storage location information for storing the file hash value and storage location encryption information into at least one second block;
encrypting the block storage position information through a public key to obtain encrypted block storage position information;
and generating a third block corresponding to the file to be transmitted according to the storage position information of the encrypted block, and storing the storage position information of the encrypted block in the third block.
Optionally, as in the foregoing data processing method, the sending the file feature information to the second client according to the file obtaining request includes:
inquiring in a block chain to obtain the third block corresponding to the file to be transmitted;
acquiring the storage position information of the encrypted block in the third block;
sending the encryption block storage location information to the second client; and the second client decrypts the encrypted block storage location information according to the second private key to obtain the block storage location information, and acquires the file feature information from the second block according to the block storage location information.
Optionally, as in the foregoing data processing method, the method further includes:
and acquiring a file hash value acquisition request of the second client so that the second client judges whether the actual transmission file and the file to be transmitted are the same file or not according to the file hash value and the hash value of the actual transmission file.
In a second aspect, the present application provides a data processing apparatus for a blockchain BAAS service based on an encryption algorithm, including:
the first acquisition module is used for acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in a first local end corresponding to a first client by the public key;
the storage module is used for storing the file characteristic information in the corresponding first block;
the second acquisition module is used for acquiring a file acquisition request which is initiated by a second client and used for acquiring the file to be transmitted;
the transmission module is used for sending the file characteristic information to a second client according to the file acquisition request so as to enable the second client to decrypt the storage position encryption information according to a second private key to obtain the storage position information and obtain an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
In a third aspect, the present application provides an electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor is configured to implement the processing method according to any one of the preceding claims when executing the computer program.
In a fourth aspect, the present application provides a non-transitory computer-readable storage medium, characterized in that the non-transitory computer-readable storage medium stores computer instructions that cause the computer to perform the processing method according to any one of the preceding claims.
The embodiment of the application provides a data processing method and a data processing device for a block chain BAAS service based on an encryption algorithm, wherein the method comprises the following steps: acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in a first local end corresponding to a first client by the public key; storing the file characteristic information in a corresponding first block; acquiring a file acquisition request initiated by a second client for acquiring the file to be transmitted; sending the file characteristic information to a second client according to the file acquisition request so that the second client decrypts the storage position encryption information according to a second private key to obtain the storage position information, and obtaining an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key. Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages: only the public key is stored on the platform, so that the private key of the user can be stored in the local client in an encrypted manner, even if an attacker obtains the public key of the user and deduces the block address of related information, the information obtained by inquiry is still in a ciphertext state, the user information cannot be cracked, and the safety of the information can be effectively guaranteed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a flowchart of a data processing method for a blockchain BAAS service based on an encryption algorithm according to an embodiment of the present application;
fig. 2 is a block diagram of a data processing apparatus for a blockchain BAAS service based on an encryption algorithm according to an embodiment of the present disclosure; .
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a data processing method for a blockchain BAAS service based on an encryption algorithm according to an embodiment of the present application, including the following steps S1 to S4:
step S1, acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in the first local end corresponding to the first client by the public key;
step S2, storing the file characteristic information in the corresponding first block;
step S3, a file acquisition request which is initiated by the second client and used for acquiring the file to be transmitted is acquired;
step S4, sending the file characteristic information to the second client according to the file acquisition request, so that the second client decrypts the storage position encryption information according to the second private key to obtain storage position information, and obtains an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
By adopting the method in the embodiment, only the public key is stored on the platform, so that the private key of the user can be stored in the local client in an encrypted manner, even if an attacker obtains the public key of the user and deduces the block address of related information, the information obtained by inquiry is still in a ciphertext state, the user information cannot be cracked, and the safety of the information can be effectively guaranteed.
In some embodiments, as the aforementioned data processing method, in storing the file feature information in the corresponding first block, the method includes:
receiving a public key, a file hash value, a timestamp and a data signature value sent by a first client; the method comprises the steps that a public key is generated for a first client, a file hash value is obtained by the first client through hash operation on a file to be transmitted through a preset hash algorithm, a timestamp is obtained by the first client according to time information of the file to be transmitted, and a data signature value is obtained by the first client through signature on the file hash value and the timestamp through the preset public key algorithm;
obtaining a corresponding block address according to the public key;
and obtaining a first block according to the block address, wherein a file hash value, a timestamp and a data signature value are stored in the block body of the first block.
In particular, the private key S may be generated by the SM2 algorithmaAnd a public key PaWill SaThe encryption is stored locally. And carrying out hash operation on the data uploaded by the user through an SM3 algorithm to obtain an information hash value H. Signature algorithm pair H and time stamp T using SM2rSigning is carried out, and M = { H, T is arrangedrGet the data signature value SIGr. Message M = { P = { (P)a,M,SIGrAnd sending the data to a server side.
The server system calculates the hash value H of the data, verifies SIG by calculationr. If the verification passes, the P is verified through algorithms such as SM3, RIPEMD160, BASE5 and the likeaA calculation is performed to obtain the block address Add as the block identification of the data, H, T of the user is recorded in the blockrAnd SIGr. Each data block has a unique corresponding block. The internal computing resource of the service system completes the generation of the block through a consensus mechanism.
In some embodiments, the data processing method as described above, further includes:
acquiring a registration request and registration information sent by a first client; the registration information comprises account information and a login password;
after the registration information is verified according to the registration request, generating a public key and a first private key corresponding to the registration information; the public key and the first private key are arranged correspondingly;
and sending the private key to the first client.
Specifically, in the platform for implementing the method of the embodiment, the user a firstly needs to register for identity authentication, the authenticity and the validity of the mobile phone number need to be verified through the dynamic verification code during registration, then basic identity information is filled in, and the ID of the login user name is setaAnd a login password PWa。
Generating a private key S by the SM2 algorithmaAnd a public key PaWill SaThe encryption is stored locally.
In some embodiments, as the foregoing data processing method, before obtaining the file feature information and the public key uploaded by the first client, the method further includes:
acquiring account login information sent by a first client; the account login information comprises account information and a login password;
and when the account information and the login password corresponding to the account information are obtained by inquiring in a preset database, receiving an access request of the first client.
In some embodiments, as the aforementioned data processing method, storing the file feature information in the corresponding block includes:
determining block storage location information for storing the file hash value and the storage location encryption information into at least one second block;
encrypting the block storage position information through a public key to obtain encrypted block storage position information;
and generating a third block corresponding to the file to be transmitted according to the storage position information of the encrypted block, and storing the storage position information of the encrypted block in the third block.
In some embodiments, as the foregoing data processing method, sending the file feature information to the second client according to the file obtaining request includes:
inquiring in a block chain to obtain a third block corresponding to the file to be transmitted;
acquiring the storage position information of the encryption block in the third block;
sending the storage position information of the encryption block to a second client; and the second client decrypts the encrypted block storage location information according to the second private key to obtain the block storage location information, and acquires the file characteristic information from the second block according to the block storage location information.
In some embodiments, the data processing method as described above, further includes:
and acquiring a file hash value acquisition request of the second client so that the second client judges whether the actual transmission file and the file to be transmitted are the same file or not according to the file hash value and the hash value of the actual transmission file.
Application example:
by adopting the method, one specific application mode can be as follows: the BAAS service platform based on the SM2 algorithm and the blockchain is provided, and mainly provides information security service for an information interaction system or an information storage system. The system framework of the traditional service platform comprises user registration login, information addition, deletion, modification, check, information interaction and information uploading and downloading.
The user registration login can be optimized, the user also has a private key, the problem that a user name and a password are stolen due to the fact that a database is attacked in the past is solved, information addition, deletion, modification and check are optimized, and the problems that the data are easy to tamper and are unsafe and reliable in the past are solved. And the advantages of decentralization and anonymization of the block chain are utilized to replace the traditional service platform. Meanwhile, a domestic encryption algorithm is used for providing a safe and controllable service application system for government departments, merchants and the like, and important information is prevented from being leaked.
The block chain BAAS service platform framework supporting the state cipher algorithm, which is realized by the application, can comprise a block chain, an information system of a server side and a service system of a client side.
1 registration phase
In the platform, a user a firstly needs to register for identity authentication, the authenticity and the validity of a mobile phone number need to be verified through a dynamic verification code during registration, then basic identity information is filled in, and a login user name ID is setaAnd a login password PWa。
2 Login phase
After the successful registration, the user passes the user name IDaAnd a login password PWaAnd logging in to obtain the right of using the BAAS service platform.
3 stage of use
After entering the service platform, the user can interact with other people according to the content of the own project, such as mutual message sending and mutual file transmission.
4 Block Generation stage
Generating a private key S by the SM2 algorithmaAnd a public key PaWill SaThe encryption is stored locally. And carrying out hash operation on the data uploaded by the user through an SM3 algorithm to obtain an information hash value H. Signature algorithm pair H and time stamp T using SM2rSigning is carried out, and M = { H, T is arrangedrGet the data signature value SIGr. Message M = { P = { (P)a,M,SIGrAnd sending the data to a server side.
The server system calculates the hash value H of the data, verifies SIG by calculationr. If the verification passes, the P is verified through algorithms such as SM3, RIPEMD160, BASE5 and the likeaA calculation is performed to obtain the block address Add as the block identification of the data, H, T of the user is recorded in the blockrAnd SIGr. Each data block has a unique corresponding block. The internal computing resource of the service system completes the generation of the block through a consensus mechanism.
5 data uploading and downloading phase
5.1 data upload
And uploading the public key of the user I, the encrypted file sequence and the hash file sequence to an information system of a server side.
The information system of the server stores the hash files and the corresponding encrypted files in a plurality of different nodes, encrypts the storage address by using a user public key, and decrypts the encrypted address only by using a private key (for example, a private key of a user I) corresponding to the public key, thereby ensuring the absolute security of the data file.
And the storage nodes in the platform use the encrypted addresses of the storage nodes to construct block blocks, and after the block blocks are linked to the starting block according to the sequence of the time stamps, a block chain corresponding to the data is formed.
5.2 data download
When a user II needs to acquire the file of the user I, the user II acquires the encrypted address sequence of the data needing to be downloaded from the system after logging in the information system. And the user II analyzes the encrypted address sequence by using the private key of the user II to obtain the storage node corresponding to the encrypted data.
And the user II encrypts the node address by using the public key and transmits the node address to the information system. And then decrypting the group of data by using a private key to obtain a node address corresponding to the encrypted data, retrieving the data according to the address information, and constructing a data object.
The platform encrypts the data object with the public key of user I and returns all object information to user II. And the user side performs hash processing on the obtained data, compares the obtained data with the data objects returned together, and if the obtained data are consistent with the data objects returned together, indicates that the file is not tampered, otherwise, returns error data to the information system. And if the data is proved not to be tampered, the user decrypts the encrypted data by using the private key and restores the decrypted data into the original data according to the sequence of the time stamps.
In the method in the embodiment, the SM2 algorithm is adopted to generate the public and private key pair and sign the information, and the SM3 algorithm is used to perform hash operation on the information, so that the operation speed of the block chain BAAS service platform is higher, and the operation efficiency is higher. The advantages of the invention are embodied in the following points:
(1) decentralized dense state storage
According to the invention, the queryable information is encrypted through a national secret algorithm and then is stored on the identity authentication block chain in a secret manner, and the block chain decentralized storage mode effectively avoids the problems of single point failure and multi-CA (certificate Authority) trust difficulty in a centralized authentication mode.
(2) User authentication
The invention adopts the mode of registering and logging before using the platform, reduces the interference of irrelevant personnel to the system, and ensures that the BAAS service platform is safer than the traditional platform.
(3) Replay attack resistance
The time stamp and the random number contained in the block header of each block can effectively prevent replay attack during the process of creating the blocks. In the authentication process, a time stamp is added to each transmitted message, so that the intercepted message cannot be reused.
(4) Preventing attackers from cracking information off-line
The private key of the user is stored in the local client in an encrypted manner, even if an attacker obtains the public key of the user and deduces the block address of the related information, the inquired information is still in a ciphertext state, and the user information cannot be cracked.
(5) Efficiently protecting information
And the authentication mode of the dynamic two-dimensional code and the block chain is adopted, so that the information can not be directly transmitted on the network. The secret two-dimensional code can not reveal individual privacy, and has a stronger privacy protection function compared with information in a plaintext. According to the minimum information exposure principle, the IP address of the information instead of the information is uploaded by the platform uploading information through the block chain, and the information protection performance is better than that of a traditional information transmission mode.
As shown in fig. 2, according to an embodiment of another aspect of the present application, there is also provided a data processing apparatus for a blockchain BAAS service based on an encryption algorithm, including:
the first acquisition module 1 is used for acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in the first local end corresponding to the first client by the public key;
the storage module 2 is used for storing the file characteristic information in the corresponding first block;
a second obtaining module 3, configured to obtain a file obtaining request initiated by a second client and used for obtaining a file to be transmitted;
the transmission module 4 is used for sending the file characteristic information to the second client according to the file acquisition request so that the second client decrypts the storage position encryption information according to the second private key to obtain storage position information, and obtains an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
Specifically, the specific process of implementing the functions of each module in the apparatus according to the embodiment of the present invention may refer to the related description in the method embodiment, and is not described herein again.
According to another embodiment of the present application, there is also provided an electronic apparatus including: as shown in fig. 3, the electronic device may include: the system comprises a processor 1501, a communication interface 1502, a memory 1503 and a communication bus 1504, wherein the processor 1501, the communication interface 1502 and the memory 1503 complete communication with each other through the communication bus 1504.
A memory 1503 for storing a computer program;
the processor 1501 is configured to implement the steps of the above-described method embodiments when executing the program stored in the memory 1503.
The bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
Embodiments of the present application also provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the steps of the above-described method embodiments.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data processing method of a block chain BAAS service based on an encryption algorithm is characterized by comprising the following steps:
acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in a first local end corresponding to a first client by the public key;
storing the file characteristic information in a corresponding first block;
acquiring a file acquisition request initiated by a second client for acquiring the file to be transmitted;
sending the file characteristic information to a second client according to the file acquisition request so that the second client decrypts the storage position encryption information according to a second private key to obtain the storage position information, and obtaining an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
2. The data processing method according to claim 1, wherein storing the file characteristic information in the corresponding first block comprises:
receiving and obtaining the public key, the file hash value, the timestamp and the data signature value sent by the first client; the public key is generated for the first client, the file hash value is obtained by the first client performing hash operation on the file to be transmitted through a preset hash algorithm, the timestamp is obtained by the first client according to the time information of the file to be transmitted, and the data signature value is obtained by the first client performing signature on the file hash value and the timestamp through a preset public key algorithm;
obtaining a corresponding block address according to the public key;
and obtaining the first block according to the block address, wherein the file hash value, the timestamp and the data signature value are stored in a block body of the first block.
3. The data processing method of claim 1, further comprising:
acquiring a registration request and registration information sent by the first client; the registration information comprises account information and a login password;
after the registration information is verified according to the registration request, generating a public key and a first private key corresponding to the registration information; the public key and the first private key are arranged correspondingly;
and sending the private key to the first client.
4. The data processing method according to claim 1, further comprising, before obtaining the file feature information and the public key uploaded by the first client:
acquiring account login information sent by the first client; the account login information comprises account information and a login password;
and when the account information and the login password corresponding to the account information are obtained by inquiring in a preset database, receiving an access request of the first client.
5. The data processing method of claim 1, wherein storing the file characteristic information in a corresponding block comprises:
determining block storage location information for storing the file hash value and storage location encryption information into at least one second block;
encrypting the block storage position information through a public key to obtain encrypted block storage position information;
and generating a third block corresponding to the file to be transmitted according to the storage position information of the encrypted block, and storing the storage position information of the encrypted block in the third block.
6. The data processing method according to claim 5, wherein the sending the file feature information to the second client according to the file obtaining request includes:
inquiring in a block chain to obtain the third block corresponding to the file to be transmitted;
acquiring the storage position information of the encrypted block in the third block;
sending the encryption block storage location information to the second client; and the second client decrypts the encrypted block storage location information according to the second private key to obtain the block storage location information, and acquires the file feature information from the second block according to the block storage location information.
7. The data processing method of claim 1, further comprising:
and acquiring a file hash value acquisition request of the second client so that the second client judges whether the actual transmission file and the file to be transmitted are the same file or not according to the file hash value and the hash value of the actual transmission file.
8. A data processing apparatus for a blockchain BAAS service based on an encryption algorithm, comprising:
the first acquisition module is used for acquiring file characteristic information and a public key uploaded by a first client; the file characteristic information includes: the file hash value and storage position encryption information corresponding to the file to be transmitted are obtained; the storage position encryption information is obtained by encrypting the storage position information of the file to be transmitted in a first local end corresponding to a first client by the public key;
the storage module is used for storing the file characteristic information in the corresponding first block;
the second acquisition module is used for acquiring a file acquisition request which is initiated by a second client and used for acquiring the file to be transmitted;
the transmission module is used for sending the file characteristic information to a second client according to the file acquisition request so as to enable the second client to decrypt the storage position encryption information according to a second private key to obtain the storage position information and obtain an actual transmission file according to the storage position information; the second private key is arranged corresponding to the public key.
9. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor, when executing the computer program, implementing the data processing method of any of claims 1-7.
10. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the data processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010452112.6A CN113722749A (en) | 2020-05-26 | 2020-05-26 | Data processing method and device for block chain BAAS service based on encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010452112.6A CN113722749A (en) | 2020-05-26 | 2020-05-26 | Data processing method and device for block chain BAAS service based on encryption algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113722749A true CN113722749A (en) | 2021-11-30 |
Family
ID=78671213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010452112.6A Withdrawn CN113722749A (en) | 2020-05-26 | 2020-05-26 | Data processing method and device for block chain BAAS service based on encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113722749A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114417391A (en) * | 2022-03-31 | 2022-04-29 | 浙江数秦科技有限公司 | Laboratory thesis certificate storage system based on block chain |
| CN114422237A (en) * | 2022-01-18 | 2022-04-29 | 百度在线网络技术(北京)有限公司 | Data transmission method and device, electronic equipment and medium |
| CN114945170A (en) * | 2022-05-24 | 2022-08-26 | 福建金密网络安全测评技术有限公司 | Mobile terminal file transmission method based on commercial cipher algorithm |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109447631A (en) * | 2018-09-19 | 2019-03-08 | 平安科技(深圳)有限公司 | Client, server, method of commerce and storage medium based on block chain |
| CN109978543A (en) * | 2019-04-03 | 2019-07-05 | 浙江鲸腾网络科技有限公司 | A kind of method, apparatus, electronic equipment and the storage medium of contract signature |
| CN110414203A (en) * | 2019-07-26 | 2019-11-05 | 郑州大学 | A kind of internet medical treatment identity identifying method based on block chain technology |
-
2020
- 2020-05-26 CN CN202010452112.6A patent/CN113722749A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109447631A (en) * | 2018-09-19 | 2019-03-08 | 平安科技(深圳)有限公司 | Client, server, method of commerce and storage medium based on block chain |
| CN109978543A (en) * | 2019-04-03 | 2019-07-05 | 浙江鲸腾网络科技有限公司 | A kind of method, apparatus, electronic equipment and the storage medium of contract signature |
| CN110414203A (en) * | 2019-07-26 | 2019-11-05 | 郑州大学 | A kind of internet medical treatment identity identifying method based on block chain technology |
Non-Patent Citations (1)
| Title |
|---|
| 吴邱涵 等: "基于SM2算法和区块链的移动端身份认证协议设计", 网络与信息安全学报, vol. 4, no. 9, 30 September 2018 (2018-09-30), pages 61 - 65 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422237A (en) * | 2022-01-18 | 2022-04-29 | 百度在线网络技术(北京)有限公司 | Data transmission method and device, electronic equipment and medium |
| CN114422237B (en) * | 2022-01-18 | 2023-08-18 | 百度在线网络技术(北京)有限公司 | Data transmission method and device, electronic equipment and medium |
| CN114417391A (en) * | 2022-03-31 | 2022-04-29 | 浙江数秦科技有限公司 | Laboratory thesis certificate storage system based on block chain |
| CN114417391B (en) * | 2022-03-31 | 2022-07-15 | 浙江数秦科技有限公司 | Laboratory thesis certificate storage system based on block chain |
| CN114945170A (en) * | 2022-05-24 | 2022-08-26 | 福建金密网络安全测评技术有限公司 | Mobile terminal file transmission method based on commercial cipher algorithm |
| CN114945170B (en) * | 2022-05-24 | 2024-10-22 | 福建金密网络安全测评技术有限公司 | Mobile terminal file transmission method based on commercial cryptographic algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3619889B1 (en) | Retrieving public data for blockchain networks using highly available trusted execution environments | |
| CN109478223B (en) | Method and system for realizing block chain | |
| JP6556370B2 (en) | Method and system for verifying integrity of digital assets using distributed hash table and peer-to-peer distributed ledger | |
| KR20210040078A (en) | Systems and methods for safe storage services | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| JP2009529832A (en) | Undiscoverable, ie secure data communication using black data | |
| JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
| JP5944437B2 (en) | Efficient technology to achieve secure transactions using tamper resistant tokens | |
| CN109492424B (en) | Data asset management method, data asset management device, and computer-readable medium | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm | |
| CN110020869B (en) | Method, device and system for generating block chain authorization information | |
| JP6533542B2 (en) | Secret key replication system, terminal and secret key replication method | |
| CN115883154A (en) | Access certificate issuing method, block chain-based data access method and device | |
| CN114091009B (en) | Method for establishing safety link by using distributed identity mark | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
| CN114338091A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN114268447B (en) | File transmission method and device, electronic equipment and computer readable medium | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| CN106257859A (en) | A kind of password using method | |
| US10015143B1 (en) | Methods for securing one or more license entitlement grants and devices thereof | |
| CN104820807B (en) | A kind of intelligent card data processing method | |
| CN113342802A (en) | Method and device for storing block chain data | |
| CN114978698B (en) | Network access method, target terminal, credential management network element and verification network element | |
| CN114666064B (en) | Digital asset management method, device, storage medium and equipment based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211130 |