CN111709048A - Data security sharing method based on private chain - Google Patents
Data security sharing method based on private chain Download PDFInfo
- Publication number
- CN111709048A CN111709048A CN202010409745.9A CN202010409745A CN111709048A CN 111709048 A CN111709048 A CN 111709048A CN 202010409745 A CN202010409745 A CN 202010409745A CN 111709048 A CN111709048 A CN 111709048A
- Authority
- CN
- China
- Prior art keywords
- node
- request
- data
- information
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data security sharing method based on a private chain, and belongs to the field of block chains and the Internet. The invention discloses a method for safely sharing data based on a private chain, which connects data blocks into a data network to form a complete database with data storage and sharing functions. By utilizing the safety characteristic of the block chain and the distributed management of the root zone data, the method can be applied to the management of a large amount of private data and ensure the authenticity of the data. The method can timely and effectively process huge and fragmented data, and better guarantee privacy of the authority and communication management of the Internet of things equipment. In addition, the block chain technology is combined with an off-chain database, data and data storage permission is separated, so that a central mechanism cannot lose or leak data due to management loss or equipment failure, a decentralized management system is realized, DDoS attack can be resisted, and self-protection is realized.
Description
Technical Field
The invention relates to a data security sharing method based on a private chain, and belongs to the field of block chains and the Internet.
Background
With the development of the internet, the data explosion of the public security is increased, and the security and privacy of the data are more and more emphasized by the public security department. The block chain technology becomes a new network security technology by virtue of the characteristics of decentralization, tamper resistance, traceability and trustiness. At present, block chains in China are in the early stage of high-speed development, and industrial chains are formed preliminarily. The police industry is also applying blockchain technology, but also needs to invest in research in conjunction with mining. In foreign countries, the block chain receives much attention, governments invest a lot, enterprises invest and cooperate, and related industries are also developing. The block chain technology is continuously developed and perfected and becomes an important component of the internet. The block chain is an important breakthrough in technical innovation, the establishment of a safety guarantee system of the block chain is accelerated, and the block chain is applied to the field of public security as early as possible, so that the efficiency of the public security is improved, and the stability of the society is maintained.
In public security work, privacy protection and data sharing are contradictory and interdependent. Sharing is an inherent requirement of big data development. In the big data era, data disclosure for sharing necessarily causes serious privacy infringement, and how to solve the contradiction between data sharing and privacy protection is a big problem. In order to solve the problem, the invention provides a method for safely sharing data based on a private chain, which realizes the aim of fusing data sharing and privacy protection.
Disclosure of Invention
The invention aims to provide a method for safely sharing data based on a private chain, which realizes the compatibility of data sharing and privacy protection by utilizing a KSI signature authentication system and a private block chain.
The invention is realized by adopting the following technical scheme: a method for data secure sharing based on private chain includes the following steps:
(1) establishing a private chain: combining the relationship between the node and the instruction node at the upper level, analyzing the private chain structure, and constructing a private block chain comprising the node and the instruction node;
(2) signing the node data by using a KSI signature authentication system: in each time slot, a KSI signature authentication system collects hash values of node data files needing signature currently, constructs a Merkle tree, calculates a root node value, discloses and records the root node value in a private block chain, and stores the root node value on each node in a distributed mode;
(3) node multiple control: when a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node of the node, and if the agreed associated node is more than the objected associated node, the request is agreed; the request is objected to if there are more association nodes objected to than there are agreement nodes.
In the method for safely sharing data based on the private chain, the operation of exceeding the authority comprises a data sharing request and a safe transmission request;
wherein the shared data request: when a request node needs an opposite node to share data, a request is sent to a related node of the request node, if the related node agrees, request information is sent to the opposite node, the opposite node feeds the request information back to the related node, and the related node agrees to the request and shares the information; if the associated node objectes to the request, rejecting the request;
and (4) safe transmission request: when a request node needs to receive data transmitted by a node, a request is sent to a related node of the request node, if the related node agrees, the request node signs the request information, and when the request is sent, the request information and the signature are sent at the same time; receiving a node authentication signature, wherein the receiving node calculates a signature information root node value, compares the signature information root node value with a request node root node value stored in a block chain, verifies the integrity, if the signature information root node value is equal to the request node root node value stored in the block chain, the request node requests the information to be complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node approves the request and transmits the information safely; if the associated node objectes to the request, rejecting the request; and if the comparison result is not equal, the request information of the request node is incomplete, and the receiving node returns the request information.
The method for safely sharing data based on the private chain records all operations of the nodes and access records of the data by using the timestamp, and ensures the transparency of the operations.
In the method for sharing data safely based on the private chain, after the associated node of the node objectes to the request, the associated node confirms whether the node is suspicious, if the suspicious confirmation information is more, the node stops working as the suspicious node and receives the check, and the working state of the request node is recovered after the confirmation is correct.
In the method for data secure sharing based on the private chain, the request information includes the requester, the request reason and the required duration.
In the above method for secure data sharing based on the private chain, the process of verifying and calculating the signature information root node value by the receiving node is as follows: and extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information.
As an important field of Internet application, the invention relates to a method for safely sharing data based on a private chain, which connects data blocks into a data network to form a complete database with data storage and sharing functions. By utilizing the safety characteristic of the block chain and the distributed management of the root zone data, the method can be applied to the management of a large amount of private data and ensure the authenticity of the data. The method can timely and effectively process huge and fragmented data, and better guarantee privacy of the authority and communication management of the Internet of things equipment. In addition, the block chain technology is combined with an off-chain database, data and data storage permission is separated, so that a central mechanism cannot lose or leak data due to management loss or equipment failure, a decentralized management system is realized, DDoS attack can be resisted, and self-protection is realized. The method mainly utilizes a private chain and a signature authentication system based on KSI to establish a private block chain in a public security private network, and performs signature authentication on each node and node data of the block chain to ensure that the node data is not tampered. And strengthen the contact among every node, send the request before sharing the data among the nodes, the other side node can share the data after confirming. And recording all accesses and operations built by the nodes by using the time stamps, and ensuring clear responsibility tracing when data is leaked.
Drawings
FIG. 1 is a block flow diagram of the present method.
FIG. 2 is a schematic diagram of a private blockchain of components of the present invention.
FIG. 3 is a diagram illustrating multiple node control.
FIG. 4 is a diagram illustrating a data sharing request.
Detailed Description
The invention aims to provide a method for safely sharing data based on a private chain, which realizes the compatibility of data sharing and privacy protection by utilizing a KSI signature authentication system and a private block chain.
The invention provides a method for safely sharing data based on a private chain, which comprises the following steps:
(1) a private chain is established. In a public security intranet, a node a, a node B and a node C are data nodes, associated nodes 1 to 8 are upper-level instruction nodes of the data nodes, a public security internal structure (an upper-level relation between the data node A, B, C and the instruction nodes 1 to 8) is analyzed, a private chain structure is analyzed, a private block chain is constructed by using a python language and an HTTP request, the constructed private block chain is shown in fig. 2, and next operation is performed based on the private chain.
(2) The data in node A, B, C is signed. The signature authentication system based on KSI is an authentication system based on block chain security technology and using keyless signature. The KSI may sign multiple data files simultaneously within each time slot. And in each time slot, operating a hash algorithm to calculate the hash values of all data files in the nodes needing to be signed, taking the obtained hash values as leaf nodes to construct a Merkle tree, and calculating to obtain a root node value. And disclosing and recording the root node value obtained by calculating each time slot in a private block chain, and storing the root node value in each corresponding node in a distributed manner. And ensuring the root node to be not tampered by using the non-tampering property of the blockchain.
(3) And controlling nodes in a multiple mode. The selective correlation among the nodes is realized, and the multiple control of the nodes is realized. When a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node. If the agreed associated node is more than the objected associated node, agreeing to the request; if the number of the objected associated nodes is more than that of the agreed associated nodes, the request is objected to, the associated nodes confirm the suspicious node (whether the node is suspicious), if the suspicious confirmation information is more (the associated nodes analyze the request information, artificially analyze whether the request information of the node is suspicious, and if the node is attacked, an unreasonable request is made), the node stops working as the suspicious node and is checked. And recovering the working state after the confirmation of no error.
(31) A data sharing request. When the node A needs to share the data of the node B, request information comprising a requester, a request reason and required time is sent to the associated node of the node A, and if the associated node of the node A agrees, the request information is sent to the node B. The node B feeds back the request information to the associated node of the node B, if the associated node agrees to the request, the node B replies the agreement information of the node A and shares the time-limited data with the node A; if the associated node rejects the request, the request is rejected to node A.
(32) The request is transmitted securely. When a requesting node needs to receive data transmitted by a node, a request is sent to an associated node of the requesting node, and if the associated node agrees, the requesting node calculates request information (including a requester, a request reason and required time) and information such as a root node value and a time stamp of the request information to obtain a signature. When a request is sent, the request information and the signature are sent at the same time. And after receiving the request information and the signature, the receiving node authenticates the signature. And extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information. Comparing the calculated root node value with a root node value of a request node on a block chain, if the calculated root node value is equal to the root node value of the request node on the block chain, the request node request information is complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node agrees to the request and then safely transmits the information; if the associated node objectes to the request, rejecting the request; if the request information is not equal, the request information of the request node is incomplete, and the receiving node returns the request information. In the KSI system, due to the unidirectionality of the hash function and the non-tamper-resistance of the block chain, the computed signature is reliable, and the file signed by the KSI can prevent tampering and ensure the integrity of the request.
(4) And (6) operating and recording. All operations of the nodes and the access records of the data are recorded by the time stamps, and the transparency of the operations is ensured.
Claims (6)
1. A method for data security sharing based on private chain is characterized by comprising the following steps:
(1) establishing a private chain: combining the relationship between the node and the instruction node at the upper level, analyzing the private chain structure, and constructing a private block chain of the node and the instruction node;
(2) signing the node data by using a KSI signature authentication system: in each time slot, a KSI signature authentication system collects hash values of node data files needing signature currently, constructs a Merkle tree, calculates a root node value, discloses and records the root node value in a private block chain, and stores the root node value on each node in a distributed mode;
(3) node multiple control: when a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node of the node, and if the agreed associated node is more than the objected associated node, the request is agreed; the request is objected to if there are more association nodes objected to than there are agreement nodes.
2. The method for secure sharing of data based on private chain according to claim 1, wherein the operation of overriding the authority includes a request for sharing data and a request for secure transmission;
wherein the shared data request: when a request node needs an opposite node to share data, a request is sent to a related node of the request node, if the related node agrees, request information is sent to the opposite node, the opposite node feeds the request information back to the related node, and the related node agrees to the request and shares the information; if the associated node objectes to the request, rejecting the request;
and (4) safe transmission request: when a request node needs to receive data transmitted by a node, a request is sent to a related node of the request node, if the related node agrees, the request node constructs request information into a corresponding signature, and when the request is sent, the request information and the signature are sent at the same time; receiving a node authentication signature, wherein the receiving node calculates a signature information root node value, compares the signature information root node value with a request node root node value stored in a block chain, verifies the integrity, if the signature information root node value is equal to the request node root node value stored in the block chain, the request node requests the information to be complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node approves the request and transmits the information safely; if the associated node objectes to the request, rejecting the request; and if the comparison result is not equal, the request information of the request node is incomplete, and the receiving node returns the request information.
3. The method for secure sharing of data based on private chain as claimed in claim 2, wherein the timestamp is used to record all operations of the node and access records of the data, so as to ensure transparency of the operations.
4. The method according to claim 2 or 3, wherein the associated node of the node, after having rejected the request, confirms whether the node is suspicious, and if the suspicious confirmation information is more, the node stops working as the suspicious node and receives a check, and after having confirmed that there is no error, restores the working state of the requesting node.
5. The method for secure sharing of data based on private chain according to claim 2 or 3, wherein the request information includes the requester, the reason for the request and the required duration.
6. The method for secure data sharing based on private chain according to claim 2 or 3, wherein the process of the receiving node calculating the signature information root node value is as follows: and extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010409745.9A CN111709048A (en) | 2020-05-15 | 2020-05-15 | Data security sharing method based on private chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010409745.9A CN111709048A (en) | 2020-05-15 | 2020-05-15 | Data security sharing method based on private chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111709048A true CN111709048A (en) | 2020-09-25 |
Family
ID=72537936
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010409745.9A Pending CN111709048A (en) | 2020-05-15 | 2020-05-15 | Data security sharing method based on private chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111709048A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN108632381A (en) * | 2018-05-14 | 2018-10-09 | 济南浪潮高新科技投资发展有限公司 | A kind of environment measure of supervision and system based on block chain |
CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
CN109639753A (en) * | 2018-10-26 | 2019-04-16 | 众安信息技术服务有限公司 | A kind of data sharing method and system based on block chain |
CN110019235A (en) * | 2017-12-29 | 2019-07-16 | 百度在线网络技术(北京)有限公司 | Data storage, restoration methods, device, equipment and medium based on block chain |
CN110275887A (en) * | 2019-06-20 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of data processing method based on block catenary system, system and device |
CN110414203A (en) * | 2019-07-26 | 2019-11-05 | 郑州大学 | A kind of internet medical treatment identity identifying method based on block chain technology |
-
2020
- 2020-05-15 CN CN202010409745.9A patent/CN111709048A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN110019235A (en) * | 2017-12-29 | 2019-07-16 | 百度在线网络技术(北京)有限公司 | Data storage, restoration methods, device, equipment and medium based on block chain |
CN108632381A (en) * | 2018-05-14 | 2018-10-09 | 济南浪潮高新科技投资发展有限公司 | A kind of environment measure of supervision and system based on block chain |
CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
CN109639753A (en) * | 2018-10-26 | 2019-04-16 | 众安信息技术服务有限公司 | A kind of data sharing method and system based on block chain |
CN110275887A (en) * | 2019-06-20 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of data processing method based on block catenary system, system and device |
CN110414203A (en) * | 2019-07-26 | 2019-11-05 | 郑州大学 | A kind of internet medical treatment identity identifying method based on block chain technology |
Non-Patent Citations (1)
Title |
---|
陈烨等: "基于区块链的网络安全技术综述" * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109409122B (en) | File storage method, electronic device and storage medium | |
CN106972931B (en) | Method for transparentizing certificate in PKI | |
CN112055025B (en) | Privacy data protection method based on block chain | |
CN110032545A (en) | File memory method, system and electronic equipment based on block chain | |
WO2019227602A1 (en) | Blockchain-based sleeve grouting quality tracing method and system, and collection terminal | |
CN111930723B (en) | Scientific and technological achievement data fusion method based on big data | |
CN109687965A (en) | The real name identification method of subscriber identity information in a kind of protection network | |
CN109815748A (en) | A kind of centre data source method for monitoring based on block chain | |
CN109951490A (en) | Webpage integrity assurance, system and electronic equipment based on block chain | |
CN112131309A (en) | Data evidence storing method and system based on block chain technology | |
CN115982764A (en) | Method, system, device and medium for storing electronic file based on block chain | |
CN117040896A (en) | Internet of things management method and Internet of things management platform | |
Qiang et al. | Mine consortium blockchain: the application research of coal mine safety production based on blockchain | |
CN112015111B (en) | Industrial control equipment safety protection system and method based on active immunity mechanism | |
Feng et al. | Autonomous vehicles' forensics in smart cities | |
CN111709048A (en) | Data security sharing method based on private chain | |
CN113570321B (en) | Hydrogen energy data management system | |
CN112016119B (en) | Autonomous identity management method based on block chain | |
Zou et al. | ArchivesChain: Distributed PKI Archives System | |
CN110443616B (en) | Byzantine fault-tolerant consensus method based on random threshold signature mechanism | |
CN111931248A (en) | Block chain technology-based power distribution terminal tamper-proof technology and system | |
CN112822195B (en) | Electronic intelligent signing method based on block chain technology | |
CN110191108B (en) | Block chain based right verification method | |
CN112671787B (en) | Rule execution verification method and device, electronic equipment and storage medium | |
CN117527359A (en) | Attack traceability saving and restoring method based on blockchain technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |