CN111709048A - Data security sharing method based on private chain - Google Patents

Data security sharing method based on private chain Download PDF

Info

Publication number
CN111709048A
CN111709048A CN202010409745.9A CN202010409745A CN111709048A CN 111709048 A CN111709048 A CN 111709048A CN 202010409745 A CN202010409745 A CN 202010409745A CN 111709048 A CN111709048 A CN 111709048A
Authority
CN
China
Prior art keywords
node
request
data
information
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010409745.9A
Other languages
Chinese (zh)
Inventor
朱飑凯
贾亚楠
刘三满
吴昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanxi Police College
Original Assignee
Shanxi Police College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanxi Police College filed Critical Shanxi Police College
Priority to CN202010409745.9A priority Critical patent/CN111709048A/en
Publication of CN111709048A publication Critical patent/CN111709048A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a data security sharing method based on a private chain, and belongs to the field of block chains and the Internet. The invention discloses a method for safely sharing data based on a private chain, which connects data blocks into a data network to form a complete database with data storage and sharing functions. By utilizing the safety characteristic of the block chain and the distributed management of the root zone data, the method can be applied to the management of a large amount of private data and ensure the authenticity of the data. The method can timely and effectively process huge and fragmented data, and better guarantee privacy of the authority and communication management of the Internet of things equipment. In addition, the block chain technology is combined with an off-chain database, data and data storage permission is separated, so that a central mechanism cannot lose or leak data due to management loss or equipment failure, a decentralized management system is realized, DDoS attack can be resisted, and self-protection is realized.

Description

Data security sharing method based on private chain
Technical Field
The invention relates to a data security sharing method based on a private chain, and belongs to the field of block chains and the Internet.
Background
With the development of the internet, the data explosion of the public security is increased, and the security and privacy of the data are more and more emphasized by the public security department. The block chain technology becomes a new network security technology by virtue of the characteristics of decentralization, tamper resistance, traceability and trustiness. At present, block chains in China are in the early stage of high-speed development, and industrial chains are formed preliminarily. The police industry is also applying blockchain technology, but also needs to invest in research in conjunction with mining. In foreign countries, the block chain receives much attention, governments invest a lot, enterprises invest and cooperate, and related industries are also developing. The block chain technology is continuously developed and perfected and becomes an important component of the internet. The block chain is an important breakthrough in technical innovation, the establishment of a safety guarantee system of the block chain is accelerated, and the block chain is applied to the field of public security as early as possible, so that the efficiency of the public security is improved, and the stability of the society is maintained.
In public security work, privacy protection and data sharing are contradictory and interdependent. Sharing is an inherent requirement of big data development. In the big data era, data disclosure for sharing necessarily causes serious privacy infringement, and how to solve the contradiction between data sharing and privacy protection is a big problem. In order to solve the problem, the invention provides a method for safely sharing data based on a private chain, which realizes the aim of fusing data sharing and privacy protection.
Disclosure of Invention
The invention aims to provide a method for safely sharing data based on a private chain, which realizes the compatibility of data sharing and privacy protection by utilizing a KSI signature authentication system and a private block chain.
The invention is realized by adopting the following technical scheme: a method for data secure sharing based on private chain includes the following steps:
(1) establishing a private chain: combining the relationship between the node and the instruction node at the upper level, analyzing the private chain structure, and constructing a private block chain comprising the node and the instruction node;
(2) signing the node data by using a KSI signature authentication system: in each time slot, a KSI signature authentication system collects hash values of node data files needing signature currently, constructs a Merkle tree, calculates a root node value, discloses and records the root node value in a private block chain, and stores the root node value on each node in a distributed mode;
(3) node multiple control: when a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node of the node, and if the agreed associated node is more than the objected associated node, the request is agreed; the request is objected to if there are more association nodes objected to than there are agreement nodes.
In the method for safely sharing data based on the private chain, the operation of exceeding the authority comprises a data sharing request and a safe transmission request;
wherein the shared data request: when a request node needs an opposite node to share data, a request is sent to a related node of the request node, if the related node agrees, request information is sent to the opposite node, the opposite node feeds the request information back to the related node, and the related node agrees to the request and shares the information; if the associated node objectes to the request, rejecting the request;
and (4) safe transmission request: when a request node needs to receive data transmitted by a node, a request is sent to a related node of the request node, if the related node agrees, the request node signs the request information, and when the request is sent, the request information and the signature are sent at the same time; receiving a node authentication signature, wherein the receiving node calculates a signature information root node value, compares the signature information root node value with a request node root node value stored in a block chain, verifies the integrity, if the signature information root node value is equal to the request node root node value stored in the block chain, the request node requests the information to be complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node approves the request and transmits the information safely; if the associated node objectes to the request, rejecting the request; and if the comparison result is not equal, the request information of the request node is incomplete, and the receiving node returns the request information.
The method for safely sharing data based on the private chain records all operations of the nodes and access records of the data by using the timestamp, and ensures the transparency of the operations.
In the method for sharing data safely based on the private chain, after the associated node of the node objectes to the request, the associated node confirms whether the node is suspicious, if the suspicious confirmation information is more, the node stops working as the suspicious node and receives the check, and the working state of the request node is recovered after the confirmation is correct.
In the method for data secure sharing based on the private chain, the request information includes the requester, the request reason and the required duration.
In the above method for secure data sharing based on the private chain, the process of verifying and calculating the signature information root node value by the receiving node is as follows: and extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information.
As an important field of Internet application, the invention relates to a method for safely sharing data based on a private chain, which connects data blocks into a data network to form a complete database with data storage and sharing functions. By utilizing the safety characteristic of the block chain and the distributed management of the root zone data, the method can be applied to the management of a large amount of private data and ensure the authenticity of the data. The method can timely and effectively process huge and fragmented data, and better guarantee privacy of the authority and communication management of the Internet of things equipment. In addition, the block chain technology is combined with an off-chain database, data and data storage permission is separated, so that a central mechanism cannot lose or leak data due to management loss or equipment failure, a decentralized management system is realized, DDoS attack can be resisted, and self-protection is realized. The method mainly utilizes a private chain and a signature authentication system based on KSI to establish a private block chain in a public security private network, and performs signature authentication on each node and node data of the block chain to ensure that the node data is not tampered. And strengthen the contact among every node, send the request before sharing the data among the nodes, the other side node can share the data after confirming. And recording all accesses and operations built by the nodes by using the time stamps, and ensuring clear responsibility tracing when data is leaked.
Drawings
FIG. 1 is a block flow diagram of the present method.
FIG. 2 is a schematic diagram of a private blockchain of components of the present invention.
FIG. 3 is a diagram illustrating multiple node control.
FIG. 4 is a diagram illustrating a data sharing request.
Detailed Description
The invention aims to provide a method for safely sharing data based on a private chain, which realizes the compatibility of data sharing and privacy protection by utilizing a KSI signature authentication system and a private block chain.
The invention provides a method for safely sharing data based on a private chain, which comprises the following steps:
(1) a private chain is established. In a public security intranet, a node a, a node B and a node C are data nodes, associated nodes 1 to 8 are upper-level instruction nodes of the data nodes, a public security internal structure (an upper-level relation between the data node A, B, C and the instruction nodes 1 to 8) is analyzed, a private chain structure is analyzed, a private block chain is constructed by using a python language and an HTTP request, the constructed private block chain is shown in fig. 2, and next operation is performed based on the private chain.
(2) The data in node A, B, C is signed. The signature authentication system based on KSI is an authentication system based on block chain security technology and using keyless signature. The KSI may sign multiple data files simultaneously within each time slot. And in each time slot, operating a hash algorithm to calculate the hash values of all data files in the nodes needing to be signed, taking the obtained hash values as leaf nodes to construct a Merkle tree, and calculating to obtain a root node value. And disclosing and recording the root node value obtained by calculating each time slot in a private block chain, and storing the root node value in each corresponding node in a distributed manner. And ensuring the root node to be not tampered by using the non-tampering property of the blockchain.
(3) And controlling nodes in a multiple mode. The selective correlation among the nodes is realized, and the multiple control of the nodes is realized. When a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node. If the agreed associated node is more than the objected associated node, agreeing to the request; if the number of the objected associated nodes is more than that of the agreed associated nodes, the request is objected to, the associated nodes confirm the suspicious node (whether the node is suspicious), if the suspicious confirmation information is more (the associated nodes analyze the request information, artificially analyze whether the request information of the node is suspicious, and if the node is attacked, an unreasonable request is made), the node stops working as the suspicious node and is checked. And recovering the working state after the confirmation of no error.
(31) A data sharing request. When the node A needs to share the data of the node B, request information comprising a requester, a request reason and required time is sent to the associated node of the node A, and if the associated node of the node A agrees, the request information is sent to the node B. The node B feeds back the request information to the associated node of the node B, if the associated node agrees to the request, the node B replies the agreement information of the node A and shares the time-limited data with the node A; if the associated node rejects the request, the request is rejected to node A.
(32) The request is transmitted securely. When a requesting node needs to receive data transmitted by a node, a request is sent to an associated node of the requesting node, and if the associated node agrees, the requesting node calculates request information (including a requester, a request reason and required time) and information such as a root node value and a time stamp of the request information to obtain a signature. When a request is sent, the request information and the signature are sent at the same time. And after receiving the request information and the signature, the receiving node authenticates the signature. And extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information. Comparing the calculated root node value with a root node value of a request node on a block chain, if the calculated root node value is equal to the root node value of the request node on the block chain, the request node request information is complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node agrees to the request and then safely transmits the information; if the associated node objectes to the request, rejecting the request; if the request information is not equal, the request information of the request node is incomplete, and the receiving node returns the request information. In the KSI system, due to the unidirectionality of the hash function and the non-tamper-resistance of the block chain, the computed signature is reliable, and the file signed by the KSI can prevent tampering and ensure the integrity of the request.
(4) And (6) operating and recording. All operations of the nodes and the access records of the data are recorded by the time stamps, and the transparency of the operations is ensured.

Claims (6)

1. A method for data security sharing based on private chain is characterized by comprising the following steps:
(1) establishing a private chain: combining the relationship between the node and the instruction node at the upper level, analyzing the private chain structure, and constructing a private block chain of the node and the instruction node;
(2) signing the node data by using a KSI signature authentication system: in each time slot, a KSI signature authentication system collects hash values of node data files needing signature currently, constructs a Merkle tree, calculates a root node value, discloses and records the root node value in a private block chain, and stores the root node value on each node in a distributed mode;
(3) node multiple control: when a certain node needs to carry out the operation of exceeding the authority, a request is sent to the associated node of the node, and if the agreed associated node is more than the objected associated node, the request is agreed; the request is objected to if there are more association nodes objected to than there are agreement nodes.
2. The method for secure sharing of data based on private chain according to claim 1, wherein the operation of overriding the authority includes a request for sharing data and a request for secure transmission;
wherein the shared data request: when a request node needs an opposite node to share data, a request is sent to a related node of the request node, if the related node agrees, request information is sent to the opposite node, the opposite node feeds the request information back to the related node, and the related node agrees to the request and shares the information; if the associated node objectes to the request, rejecting the request;
and (4) safe transmission request: when a request node needs to receive data transmitted by a node, a request is sent to a related node of the request node, if the related node agrees, the request node constructs request information into a corresponding signature, and when the request is sent, the request information and the signature are sent at the same time; receiving a node authentication signature, wherein the receiving node calculates a signature information root node value, compares the signature information root node value with a request node root node value stored in a block chain, verifies the integrity, if the signature information root node value is equal to the request node root node value stored in the block chain, the request node requests the information to be complete, the receiving node feeds the request information back to an associated node of the receiving node, and the associated node approves the request and transmits the information safely; if the associated node objectes to the request, rejecting the request; and if the comparison result is not equal, the request information of the request node is incomplete, and the receiving node returns the request information.
3. The method for secure sharing of data based on private chain as claimed in claim 2, wherein the timestamp is used to record all operations of the node and access records of the data, so as to ensure transparency of the operations.
4. The method according to claim 2 or 3, wherein the associated node of the node, after having rejected the request, confirms whether the node is suspicious, and if the suspicious confirmation information is more, the node stops working as the suspicious node and receives a check, and after having confirmed that there is no error, restores the working state of the requesting node.
5. The method for secure sharing of data based on private chain according to claim 2 or 3, wherein the request information includes the requester, the reason for the request and the required duration.
6. The method for secure data sharing based on private chain according to claim 2 or 3, wherein the process of the receiving node calculating the signature information root node value is as follows: and extracting information in the signature, operating a hash algorithm according to the signature process to obtain a hash value, constructing a Merkle tree by using the hash value, and calculating to obtain a root node value of the information.
CN202010409745.9A 2020-05-15 2020-05-15 Data security sharing method based on private chain Pending CN111709048A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010409745.9A CN111709048A (en) 2020-05-15 2020-05-15 Data security sharing method based on private chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010409745.9A CN111709048A (en) 2020-05-15 2020-05-15 Data security sharing method based on private chain

Publications (1)

Publication Number Publication Date
CN111709048A true CN111709048A (en) 2020-09-25

Family

ID=72537936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010409745.9A Pending CN111709048A (en) 2020-05-15 2020-05-15 Data security sharing method based on private chain

Country Status (1)

Country Link
CN (1) CN111709048A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN108632381A (en) * 2018-05-14 2018-10-09 济南浪潮高新科技投资发展有限公司 A kind of environment measure of supervision and system based on block chain
CN109040077A (en) * 2018-08-09 2018-12-18 清华大学 The method and system of data sharing and secret protection
CN109639753A (en) * 2018-10-26 2019-04-16 众安信息技术服务有限公司 A kind of data sharing method and system based on block chain
CN110019235A (en) * 2017-12-29 2019-07-16 百度在线网络技术(北京)有限公司 Data storage, restoration methods, device, equipment and medium based on block chain
CN110275887A (en) * 2019-06-20 2019-09-24 深圳前海微众银行股份有限公司 A kind of data processing method based on block catenary system, system and device
CN110414203A (en) * 2019-07-26 2019-11-05 郑州大学 A kind of internet medical treatment identity identifying method based on block chain technology

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN110019235A (en) * 2017-12-29 2019-07-16 百度在线网络技术(北京)有限公司 Data storage, restoration methods, device, equipment and medium based on block chain
CN108632381A (en) * 2018-05-14 2018-10-09 济南浪潮高新科技投资发展有限公司 A kind of environment measure of supervision and system based on block chain
CN109040077A (en) * 2018-08-09 2018-12-18 清华大学 The method and system of data sharing and secret protection
CN109639753A (en) * 2018-10-26 2019-04-16 众安信息技术服务有限公司 A kind of data sharing method and system based on block chain
CN110275887A (en) * 2019-06-20 2019-09-24 深圳前海微众银行股份有限公司 A kind of data processing method based on block catenary system, system and device
CN110414203A (en) * 2019-07-26 2019-11-05 郑州大学 A kind of internet medical treatment identity identifying method based on block chain technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈烨等: "基于区块链的网络安全技术综述" *

Similar Documents

Publication Publication Date Title
CN109409122B (en) File storage method, electronic device and storage medium
CN106972931B (en) Method for transparentizing certificate in PKI
CN112055025B (en) Privacy data protection method based on block chain
CN110032545A (en) File memory method, system and electronic equipment based on block chain
WO2019227602A1 (en) Blockchain-based sleeve grouting quality tracing method and system, and collection terminal
CN111930723B (en) Scientific and technological achievement data fusion method based on big data
CN109687965A (en) The real name identification method of subscriber identity information in a kind of protection network
CN109815748A (en) A kind of centre data source method for monitoring based on block chain
CN109951490A (en) Webpage integrity assurance, system and electronic equipment based on block chain
CN112131309A (en) Data evidence storing method and system based on block chain technology
CN115982764A (en) Method, system, device and medium for storing electronic file based on block chain
CN117040896A (en) Internet of things management method and Internet of things management platform
Qiang et al. Mine consortium blockchain: the application research of coal mine safety production based on blockchain
CN112015111B (en) Industrial control equipment safety protection system and method based on active immunity mechanism
Feng et al. Autonomous vehicles' forensics in smart cities
CN111709048A (en) Data security sharing method based on private chain
CN113570321B (en) Hydrogen energy data management system
CN112016119B (en) Autonomous identity management method based on block chain
Zou et al. ArchivesChain: Distributed PKI Archives System
CN110443616B (en) Byzantine fault-tolerant consensus method based on random threshold signature mechanism
CN111931248A (en) Block chain technology-based power distribution terminal tamper-proof technology and system
CN112822195B (en) Electronic intelligent signing method based on block chain technology
CN110191108B (en) Block chain based right verification method
CN112671787B (en) Rule execution verification method and device, electronic equipment and storage medium
CN117527359A (en) Attack traceability saving and restoring method based on blockchain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination