CN112434109A - Data sharing and secret query method and system based on block chain technology - Google Patents
Data sharing and secret query method and system based on block chain technology Download PDFInfo
- Publication number
- CN112434109A CN112434109A CN202011319571.3A CN202011319571A CN112434109A CN 112434109 A CN112434109 A CN 112434109A CN 202011319571 A CN202011319571 A CN 202011319571A CN 112434109 A CN112434109 A CN 112434109A
- Authority
- CN
- China
- Prior art keywords
- data
- query
- list
- generalization
- contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data sharing and secret query method and a system based on a block chain technology, wherein the method comprises the following steps: building a block chain data platform; the data demand side issues a data demand contract; a data provider issues a data issuing contract, a data generalization contract and a certificate management contract, wherein the data generalization contract comprises a data serial number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in OT query; a data demand side synchronizes a data numbering generalization list and a public key certificate list; a data demand party applies for authorization based on a data release contract, and after authorization, performs query target generalization based on a data number generalization list and a public key certificate list and initiates OT query; the data provider receives OT query and returns data; the data demander receives the return data and decrypts it. Compared with the prior art, the method and the system ensure the privacy of both data supply and demand parties, solve the trust and safety problems of the parties and realize the safe circulation and sharing of the data among the entities.
Description
Technical Field
The invention relates to a data sharing and secret query method and system, in particular to a data sharing and secret query method and system based on a block chain technology.
Background
Under the background of the information era, the realization of automation and intellectualization of business handling through data driving is the current trend of the whole industry, all organizations and enterprises pay attention to data value, and all types of data in the organizations are communicated, so that users are depicted to realize automatic decision and examination and approval of business processes, but the business automation degree is relatively low according to the current industry condition, a plurality of businesses still need to be collected by office workers in an offline mode, and the reasons are analyzed, and the pain points are as follows:
1. the difficulty of data interaction between mechanisms is high, a large amount of external data is needed for business development except for data inside the mechanisms, the obtained data volume is large, the data types are rich, the portrayed customer portraits are accurate, partial businesses can be developed orderly only under accurate portraits, but the data sharing of multiple mechanisms is not unified, and the difficulty and the cost of data acquisition are high, so that the promotion of data sharing is hindered.
2. Data security problems are also one of reasons for hindering data sharing among organizations, a data provider worrys about data exposure risks, a data demander worrys about data use exposure, and based on data exchange in the situation, protocol constraints are basically adopted, limited data are provided under a constraint framework, and the expansion of data sharing is not facilitated.
In the prior art, the way of implementing data interaction and sharing includes:
firstly, it is one of the existing technical solutions to develop a data docking module by a business application system. The data demand side initiates a data docking request to a data provider through a line-down mode, the two sides negotiate a docking protocol, a docking mode and a docking range, a special module or system is generally constructed by the data demand side to bear data query service, docking interface elements are determined according to multiple negotiation, corresponding query interfaces are developed to be called by a service system, a special data docking platform is generally developed for a system with more data demands, and docking with the multiple data providers can be achieved through a platform development basis. The method can meet the inquiry and access requirements of data providers to a certain extent, but with the continuous and deep development of services, the range and types of data are gradually increased, more and more external data providers need to be docked by the application system, and the application system needs to be adapted to various data inquiry services without service standards and different protocols, so that the inquiry services become complicated. Meanwhile, for each data docking, docking items related to data are required to be communicated offline, including but not limited to data protocols, security protocols, legal constraints and the like, technical standards and data formats of each docking are not uniform, time cost and labor cost of the docking are greatly increased, and therefore the mode is only suitable for small-range docking.
And secondly, a data platform is constructed by a data supply and demand party or a trusted third party, the data provider provides data to the data platform by a standard protocol, all data demand parties query the data platform by the standard protocol to acquire the data, and the data supply and demand parties are docked with the data in a relatively standardized way due to the specificity and the professional line of the data platform, so that data sharing among different entities is realized. Firstly, the platform needs strong security measures to ensure the storage security and the circulation security of the data to ensure the credible and reliable storage and application of the data; meanwhile, the man-in-the-middle needs to keep business neutrality among all data supply and demand parties, otherwise, the trust of the data platform will be collapsed, and the platform data will suffer from huge trust risk; the stability and reliability of the centralized data platform system directly reflect the safe operation of all data supply and demand parties.
Therefore, at present, data between each organization and each enterprise can not be interacted smoothly basically, in the service development process, key data is basically input offline or docked between systems, and the offline input basically avoids service risks through service operation specifications and multi-level auditing, but cannot improve the data accuracy essentially; for intersystem access, the calling cost is high, the efficiency is low, and meanwhile, the trust problem of service calling exists.
Disclosure of Invention
The present invention provides a method and system for data sharing and security query based on the block chain technique to overcome the above-mentioned drawbacks of the prior art.
The purpose of the invention can be realized by the following technical scheme:
a data sharing and secret query method based on block chain technology includes:
building a block chain data platform;
the data demand side issues a data demand contract to the block chain data platform;
a data provider issues a data issuing contract, a data generalization contract and a certificate management contract to a blockchain data platform based on a data demand contract, wherein the data generalization contract comprises a data serial number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in OT query;
a data demand side synchronizes a data numbering generalization list and a public key certificate list;
a data demand party applies for authorization based on a data release contract, after authorization, carries out query target generalization based on a data number generalization list and a public key certificate list, initiates OT query, and simultaneously carries out query registration on a block chain platform;
the data provider receives OT inquiry and returns data, and meanwhile, result fingerprint registration is carried out on the block chain platform;
the data demander receives the return data and decrypts it.
Preferably, the generalization content in the data numbering generalization list is a data numbering hash value of the data to be shared.
Preferably, the specific steps of the data demander for query target generalization are as follows: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
Preferably, the specific steps of the data demand side performing OT query are as follows:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
Preferably, the specific way for the data demander to receive the return data and decrypt is as follows: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
A data sharing and security query system based on block chain technology, the system comprising:
the block chain data platform and the confidential query APIs which are respectively deployed on the data demander and the data provider are respectively used for information interaction between the data demander and the data provider and the block chain data platform, and meanwhile, the confidential query APIs of the data demander and the data provider are also mutually communicated for transmission of query data;
the block chain data platform comprises a data issuing module used for issuing a data demand contract, a data issuing contract, a data generalization contract and a certificate management contract by a data demand party and a data provider, and further comprises an inquiry registering module used for registering inquiry flow information in an OT inquiry process, wherein the data generalization contract comprises a data number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in the OT inquiry;
the secret query API comprises a generalization synchronization module and an OT query module: for a data provider, the generalization synchronization module is used for generalizing a data number generalization list of data to be shared, and the OT query module is used for receiving an OT query request of a data requester, returning the data and simultaneously performing query registration on a block chain platform; for a data demand party, the generalization synchronization module is used for synchronizing a data number generalization list and a public key certificate list and simultaneously carrying out query target generalization, and the OT query module is used for initiating OT query, simultaneously carrying out query registration on a block chain platform, receiving return data and decrypting.
Preferably, the generalization content in the data numbering generalization list is a data numbering hash value of the data to be shared.
Preferably, the generalization synchronization module of the data demand side performs query target generalization specifically by the following steps: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
Preferably, the specific steps of the OT query module of the data demand side performing OT query are as follows:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the specific steps of receiving the OT query request of the data requester and returning data by the OT query module of the data provider are as follows:
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
Preferably, the specific way for the OT query module of the data demand side to receive the return data and decrypt the return data is as follows: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
Compared with the prior art, the invention has the following advantages:
(1) the method and the system have the advantages that both the data supply and demand parties are deployed on the block chain, the safe and feasible query between the data supply and demand parties is realized through generalization and OT query based on the block chain, the privacy of the both the data supply and demand parties is guaranteed, the trust and safety problems of the parties are solved, and the safe circulation and sharing of the data between the entities are realized;
(2) the invention has good generalization, can be applied to data suppliers providing related data inquiry and data demanders needing more data to realize business processes, the data form can be business data of suppliers, limited financial data, even related data of the Internet of things, more perfect data sharing is realized, more accurate customer portrait and business portrait can be realized, cost reduction and efficiency improvement of business are realized, and a business beneficiary is promoted.
Drawings
FIG. 1 is a block diagram of a method for sharing and securely querying data based on a block chain technique according to the present invention;
FIG. 2 is a flowchart illustrating the interaction between the blockchain data platform and the data supplier and demander according to the present invention;
FIG. 3 is a block diagram of a data sharing and security query system based on blockchain technology according to the present invention.
In the figure, 1 is a block chain data platform, 11 is a data publishing module, 12 is a query registering module, 2 is a secret query API, 21 is a generalization synchronization module, and 22 is an OT query module.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. Note that the following description of the embodiments is merely a substantial example, and the present invention is not intended to be limited to the application or the use thereof, and is not limited to the following embodiments.
Example 1
The present embodiment provides a data sharing and security query method based on a block chain technique, as shown in fig. 1, the method includes:
building a block chain data platform;
the data demand side issues a data demand contract to the block chain data platform;
a data provider issues a data issuing contract, a data generalization contract and a certificate management contract to a blockchain data platform based on a data demand contract, wherein the data generalization contract comprises a data number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in OT query;
a data demand side synchronizes a data numbering generalization list and a public key certificate list;
a data demand party applies for authorization based on a data release contract, after authorization, carries out query target generalization based on a data number generalization list and a public key certificate list, initiates OT query, and simultaneously carries out query registration on a block chain platform;
the data provider receives OT inquiry and returns data, and meanwhile, result fingerprint registration is carried out on the block chain platform;
the data demander receives the return data and decrypts it.
And the generalization content in the data numbering generalization list is the data numbering hash value of the data to be shared.
The specific steps of the data demander for query target generalization are as follows: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
The specific steps of the data demand side for OT query are as follows:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
The specific way for the data demand side to receive the return data and decrypt is as follows: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
The invention discloses a method for realizing data generalization and OT query, which is key for realizing confidential query and comprises the following principles and steps:
1) data provider hashes data number
Taking the price query according to the bar number of the article as an example, the bar number of the article is public data, and the data demander can perform any query according to the bar number, so that the data provider needs to hash the number data, the hash is calculated through SHA256 (bar number), the data provider issues the hash of part of the data to the blockchain, and virtual data can also be issued for privacy protection.
2) Data requestor provides certificate manifest
The data provider generates a certificate list through a national cryptographic algorithm and issues public key certificates to the blockchain data platform, for example, 20 certificates are generated, KS 1-KS 20 represent 20 private key certificates, KP 1-KP 20 represent 20 corresponding public key certificates, and the public key certificates are issued to the blockchain platform.
3) Data demander request numbering generalization
After the data demand side confirms the number value of the target to be inquired, the data demand side submits the API to carry out generalization, the API combines a generalization list result similar to the number value according to the existing generalization list, and the number of the list result is consistent with that of the certificate list.
4) Generalized queries
And the data demand party requests the data provider for inquiry of the generalized numbering result, the data provider returns the numbering sequence capable of acquiring data according to the numbers, and the numbers are hashed values.
5) Data demand side assembling OT inquiry message
The data supplier locates the data position according to the result after generalization inquiry, uses k to represent the position of the target data, and randomly generates 128 bits of symmetric key R used for the SM4 algorithm, the key is encrypted by using the public key certificate corresponding to k, namely R ═ KP [ k ] (R), and sends the generalization result and the R value to the data supplier, wherein the data supplier can not know the value of k, so that the data supplier can not guess the corresponding data really wanted.
6) Data provider query return data
The data provider obtains the generalization result, then queries corresponding real price data, decrypts R by using private key lists KS 1-KS 20 to obtain s, namely s 1-s 20 ═ KS [ 1-20 ] (R), encrypts the corresponding real price data by using s 1-s 20 as symmetric keys and returns the encrypted data to the data demand side, wherein only s [ k ] ═ R exists in s 1-s 20, so that only the k-th data encrypted by the key corresponding to k can be correctly decrypted by the data demand side, and other returned data still keep secret to the data demand side.
7) Data demander decryption
The data demand party acquires the encrypted data according to the offset position, the price data can be acquired by using the random key for decryption, and the price data at other positions cannot be decrypted by using the random key.
The privacy of both the data supply and demand parties is ensured through the method.
The main steps of the data supply and demand parties are as follows:
1. data provider data number hashing
The data provider arranges the data to be issued into a form convenient for query, can be in any form such as a database table and a file, and performs hash calculation on the number corresponding to the data.
2. Data provider API deployment and data publishing
And (3) issuing the data form to be described to the block chain in a contract mode by calling the API, randomly generating a key pair, issuing a public key to a key management contract, and synchronizing the generalized data to the generalized contract.
3. Data demand side deploys secret query API to initiate data request
The data demand side needs to deploy a secret query API for secret query of data, and the target data is acquired through the existing contract.
Through the steps, mutual access between data supply and demand can be realized, the mutual access flow is shown in fig. 2, and according to the description of fig. 2, after data is issued from a demand provider, a data demander carries out secret query on the data within an authorization range, and finally the data wanted by the demander is obtained in a safe and reliable manner.
The technical scheme of the invention is elaborated above, and through the above mode, the mutual credible access between the block chain-based data supply and demand can be realized, the data barrier is broken, and the interconnection and the intercommunication are further realized.
Example 2
The present embodiment provides a data sharing and security query system based on a block chain technique, the system comprising:
the system comprises a blockchain data platform 1 and a secret query API2 which is respectively deployed on a data demander and a data provider, wherein the secret query API2 is respectively used for information interaction between the data demander and the data provider and the blockchain data platform 1, and meanwhile, the secret query API2 of the data demander and the data provider are also mutually communicated for transmission of query data;
the blockchain data platform 1 comprises a data issuing module 11 used for issuing a data demand contract, a data issuing contract, a data generalization contract and a certificate management contract by a data demand party and a data provider, the blockchain data platform 1 further comprises an inquiry registering module 12 used for registering inquiry pipelining information in an OT inquiry process, the data generalization contract comprises a data number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in the OT inquiry;
the secure query API2 includes a generalization synchronization module 21 and an OT query module 22: for a data provider, the generalization synchronization module 21 is configured to generalize a data number generalization list of data to be shared, and the OT query module 22 is configured to receive an OT query request from a data requester, return the data, and perform query registration on a block chain platform; for the data demand side, the generalization synchronization module 21 is configured to synchronize the data number generalization list and the public key certificate list and perform query target generalization simultaneously, and the OT query module 22 is configured to initiate OT query, perform query registration on the blockchain platform simultaneously, receive return data, and perform decryption.
And the generalization content in the data numbering generalization list is the data numbering hash value of the data to be shared.
The generalization synchronization module 21 of the data demander generalizes the query target by the specific steps of: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
The specific steps of the OT query module 22 of the data demand side for performing OT query are as follows:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the specific steps of receiving the OT query request of the data requester and returning data by the OT query module 22 of the data provider are as follows:
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
The specific way for the OT query module 22 of the data demander to receive the returned data and decrypt it is: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
As can be seen from fig. 3, the present invention includes a data publishing module 11, a query registration module 12 in the blockchain data platform 1, a generalization synchronization module 21 and an OT query module 22 in the privacy query API2, where a data publishing contract and a data query contract are deployed directly on the blockchain, and the privacy query API2 needs to be deployed on the data supply and demand side. The four modules are described as follows:
1. data publishing module 11 on block chain data platform 1
The data distribution contract module of the blockchain data platform 1 mainly undertakes data distribution of both data supply and demand parties, and for a data distribution contract, a data provider distributes the type, value, format, paradigm, acquisition mode, authorization form, pricing mode and the like of data on a blockchain in an intelligent contract mode, and meanwhile, the data provider needs to provide a data generalization list to update the data generalization list into a generalization contract and simultaneously publishes a public key certificate list (more than 20 parts) required in OT query. The data demand party can issue a data request transaction by calling the contract, and fills a security public key in the contract, wherein the public key is used for acquiring the query authorization code. The data demand side needs to synchronize a generalization list of data and an OT inquiry public key certificate list for subsequent data inquiry. The data demand contract is issued to the blockchain by the data demand party in an intelligent contract mode according to information such as the type, format, paradigm, data quality and even authorized quotation of data required by the data demand party, and the data supply party provides the data issue contract to the data demand party according to the demand contract.
2. Block chain data platform 1 query registration module 12
The module bears the function of data generalization query and is used for data offset positioning. The data demand side generalizes the inquiry target to the data quantity with the same quantity of the certificate list according to the synchronized generalization list and the OT required certificate list, initiates inquiry to the data inquiry contract by combining the data inquiry authorization code issued by the data provider side, and the data provider side returns an inquiry number value according to the generalized data list, wherein the inquiry number value is a hash value of the target data number and has no any business element, so that data leakage cannot be caused, and the data entity number cannot be reversely deduced through the hash value.
3. Generalization synchronization module 21 of secure query API2
The module is mainly used for carrying out data generalization synchronization, and comprises the steps that a data provider generalizes data and then synchronizes the data to a block chain data platform 1 generalization contract, generalized content is a hash value of a data number, generally 1/3-1/2 of target query data volume, and a data demand side needs to synchronize generalized data on a block chain for generalization in a data query process. The generalization of the data protects the leakage of the data number of the data provider, so that the data demand side cannot directly guess the data number to cause the data overuse.
4. OT query module 22 of secure query API2
The OT query in the module is the key of the secret query in the invention, which can not only protect the data provider from revealing data except for the demander, but also protect the data query target of the data requester, namely, the data provider can not know the queried data ID accurately. And the data requester queries the returned data and locates the offset position of the data according to the generalization result, meanwhile, the data requester randomly generates a 128-bit secret key, acquires a certificate corresponding to the offset position from a public key certificate list to encrypt the random secret key, and provides the encrypted data and the generalization query result to the data provider. The data provider decrypts the encrypted random key by using all private key certificate lists, the data which are subjected to generalized inquiry are encrypted by using the decrypted key, the data demander acquires the encrypted data according to the offset position, and the data demander can acquire the inquiry data by using the random key for decryption.
The above embodiments are merely examples and do not limit the scope of the present invention. These embodiments may be implemented in other various manners, and various omissions, substitutions, and changes may be made without departing from the technical spirit of the present invention.
Claims (10)
1. A data sharing and secret query method based on block chain technology is characterized by comprising the following steps:
building a block chain data platform;
the data demand side issues a data demand contract to the block chain data platform;
a data provider issues a data issuing contract, a data generalization contract and a certificate management contract to a blockchain data platform based on a data demand contract, wherein the data generalization contract comprises a data serial number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in OT query;
a data demand side synchronizes a data numbering generalization list and a public key certificate list;
a data demand party applies for authorization based on a data release contract, after authorization, carries out query target generalization based on a data number generalization list and a public key certificate list, initiates OT query, and simultaneously carries out query registration on a block chain platform;
the data provider receives OT inquiry and returns data, and meanwhile, result fingerprint registration is carried out on the block chain platform;
the data demander receives the return data and decrypts it.
2. The system according to claim 1, wherein the generalization content in the generalization list of data numbers is a hash of the data number of the data to be shared.
3. The system of claim 1, wherein the step of generalizing the query target from the data requester comprises: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
4. The system of claim 3, wherein the OT query is performed by a data consumer in the following steps:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
5. The system of claim 4, wherein the data requesting party receives the returned data and decrypts the returned data by: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
6. A system for sharing and securely querying data based on a block chain technique, the system comprising:
the block chain data platform and the confidential query APIs which are respectively deployed on the data demander and the data provider are respectively used for information interaction between the data demander and the data provider and the block chain data platform, and meanwhile, the confidential query APIs of the data demander and the data provider are also mutually communicated for transmission of query data;
the block chain data platform comprises a data issuing module used for issuing a data demand contract, a data issuing contract, a data generalization contract and a certificate management contract by a data demand party and a data provider, and further comprises an inquiry registering module used for registering inquiry flow information in an OT inquiry process, wherein the data generalization contract comprises a data number generalization list of data to be shared, and the certificate management contract comprises a public key certificate list required in the OT inquiry;
the secret query API comprises a generalization synchronization module and an OT query module: for a data provider, the generalization synchronization module is used for generalizing a data number generalization list of data to be shared, and the OT query module is used for receiving an OT query request of a data requester, returning the data and simultaneously performing query registration on a block chain platform; for a data demand party, the generalization synchronization module is used for synchronizing a data number generalization list and a public key certificate list and simultaneously carrying out query target generalization, and the OT query module is used for initiating OT query, simultaneously carrying out query registration on a block chain platform, receiving return data and decrypting.
7. The system according to claim 6, wherein the generalization content in the generalization list of data numbers is a hash of the data number of the data to be shared.
8. The system of claim 6, wherein the generalization synchronization module of the data consumer generalizes the query objectives by: and the data demand party confirms the number value of the query target, and combines a query target generalized list similar to the number value of the query target based on the data number generalized list, wherein the number of the data numbers in the query target generalized list is consistent with the number of the public key certificates in the public key certificate list.
9. A system for data sharing and security query based on block chain technique as claimed in claim 6,
the specific steps of the OT query module of the data demand side for OT query are as follows:
the data demand side requests the data provider side to inquire based on the inquiry target generalization list, and the data provider side returns the data number sequence of the acquired data according to the data number;
the data demand side determines the position k of the query target according to the returned data number sequence, simultaneously randomly generates a symmetric key R, encrypts the symmetric key R by using the kth public key certificate in the public key certificate list to obtain R, and sends the query target generalization list and the R to the data supply side;
the specific steps of receiving the OT query request of the data requester and returning data by the OT query module of the data provider are as follows:
the data provider acquires corresponding real data according to the data numbers in the query target generalized list, decrypts R by using the private key certificate corresponding to the convention certificate in the public key certificate list to obtain s1, s2 and … …, sn and si respectively represent the key obtained by decrypting R by using the ith private key certificate, i is 1,2 … …, n is the number of the private key certificates, and the data provider encrypts the real data corresponding to the data numbers in the query target generalized list in a one-to-one correspondence manner according to the sequence by using s1, s2 and … … and sn and returns the encrypted data to the data demander.
10. The system of claim 9, wherein the OT query module of the data consumer receives the returned data and decrypts the returned data in the following specific manner: and decrypting the returned data by using the symmetric key r to obtain the real data at the position k of the query target, wherein the rest data cannot be decrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011319571.3A CN112434109B (en) | 2020-11-23 | 2020-11-23 | Data sharing and secret query method and system based on block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011319571.3A CN112434109B (en) | 2020-11-23 | 2020-11-23 | Data sharing and secret query method and system based on block chain technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112434109A true CN112434109A (en) | 2021-03-02 |
| CN112434109B CN112434109B (en) | 2021-11-16 |
Family
ID=74693531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011319571.3A Active CN112434109B (en) | 2020-11-23 | 2020-11-23 | Data sharing and secret query method and system based on block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112434109B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112966022A (en) * | 2021-03-10 | 2021-06-15 | 安徽航天信息科技有限公司 | Information query method, device and system for data transaction platform |
| CN113242139A (en) * | 2021-03-24 | 2021-08-10 | 江铃汽车股份有限公司 | Vehicle network signal platform design method |
| CN113301035A (en) * | 2021-05-18 | 2021-08-24 | 重庆川仪自动化股份有限公司 | Method and system for transmitting data between untrusted objects |
| CN113726767A (en) * | 2021-08-27 | 2021-11-30 | 交通银行股份有限公司 | Block chain based distributed multi-party privacy computing system and method |
| CN113779623A (en) * | 2021-08-27 | 2021-12-10 | 浙江数秦科技有限公司 | Thermal data fusion method based on block chain |
| TWI812366B (en) * | 2021-11-22 | 2023-08-11 | 大陸商中國銀聯股份有限公司 | A data sharing method, device, equipment and storage medium |
| CN117610892A (en) * | 2024-01-23 | 2024-02-27 | 中国电子科技集团公司第二十八研究所 | Data demand decomposition and matching method and system based on ontology for task |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241360A (en) * | 2017-08-04 | 2017-10-10 | 北京明朝万达科技股份有限公司 | A kind of data safety shares exchange method and data safety shares switching plane system |
| CN107659429A (en) * | 2017-08-11 | 2018-02-02 | 四川大学 | Data sharing method based on block chain |
| CN107947940A (en) * | 2017-11-29 | 2018-04-20 | 树根互联技术有限公司 | A kind of method and device of data exchange |
| CN109472699A (en) * | 2018-11-05 | 2019-03-15 | 陕西优米数据技术有限公司 | Automation artificial intelligence data sharing method and device on the basis of block chain |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110298190A (en) * | 2019-04-19 | 2019-10-01 | 矩阵元技术(深圳)有限公司 | Decentralization Secure data processing method, device and storage medium |
| CN110535627A (en) * | 2019-08-07 | 2019-12-03 | 中国联合网络通信集团有限公司 | A kind of data query method and block platform chain |
| CN110826096A (en) * | 2019-10-29 | 2020-02-21 | 杭州趣链科技有限公司 | Data source sharing method based on block chain |
| CN110851530A (en) * | 2019-11-06 | 2020-02-28 | 四川长虹电器股份有限公司 | Block chain based shared economic credible transaction method |
| US20200213331A1 (en) * | 2018-12-27 | 2020-07-02 | Silver Rocket Data Technology (Shanghai) Co., Ltd | Data service system |
| CN111416704A (en) * | 2020-03-17 | 2020-07-14 | 中国建设银行股份有限公司 | Data processing method, device and system based on block chain |
| CN111506928A (en) * | 2020-04-16 | 2020-08-07 | 江苏荣泽信息科技股份有限公司 | Just information sharing system based on block chain |
| CN111597273A (en) * | 2020-05-26 | 2020-08-28 | 牛津(海南)区块链研究院有限公司 | Data sharing method and supply chain financial system |
| CN111797415A (en) * | 2020-06-30 | 2020-10-20 | 远光软件股份有限公司 | Block chain based data sharing method, electronic device and storage medium |
| CN111885153A (en) * | 2020-07-22 | 2020-11-03 | 东莞市盟大塑化科技有限公司 | Block chain-based data acquisition method and device, computer equipment and storage medium |
-
2020
- 2020-11-23 CN CN202011319571.3A patent/CN112434109B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241360A (en) * | 2017-08-04 | 2017-10-10 | 北京明朝万达科技股份有限公司 | A kind of data safety shares exchange method and data safety shares switching plane system |
| CN107659429A (en) * | 2017-08-11 | 2018-02-02 | 四川大学 | Data sharing method based on block chain |
| CN107947940A (en) * | 2017-11-29 | 2018-04-20 | 树根互联技术有限公司 | A kind of method and device of data exchange |
| CN109472699A (en) * | 2018-11-05 | 2019-03-15 | 陕西优米数据技术有限公司 | Automation artificial intelligence data sharing method and device on the basis of block chain |
| US20200213331A1 (en) * | 2018-12-27 | 2020-07-02 | Silver Rocket Data Technology (Shanghai) Co., Ltd | Data service system |
| CN110298190A (en) * | 2019-04-19 | 2019-10-01 | 矩阵元技术(深圳)有限公司 | Decentralization Secure data processing method, device and storage medium |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110535627A (en) * | 2019-08-07 | 2019-12-03 | 中国联合网络通信集团有限公司 | A kind of data query method and block platform chain |
| CN110826096A (en) * | 2019-10-29 | 2020-02-21 | 杭州趣链科技有限公司 | Data source sharing method based on block chain |
| CN110851530A (en) * | 2019-11-06 | 2020-02-28 | 四川长虹电器股份有限公司 | Block chain based shared economic credible transaction method |
| CN111416704A (en) * | 2020-03-17 | 2020-07-14 | 中国建设银行股份有限公司 | Data processing method, device and system based on block chain |
| CN111506928A (en) * | 2020-04-16 | 2020-08-07 | 江苏荣泽信息科技股份有限公司 | Just information sharing system based on block chain |
| CN111597273A (en) * | 2020-05-26 | 2020-08-28 | 牛津(海南)区块链研究院有限公司 | Data sharing method and supply chain financial system |
| CN111797415A (en) * | 2020-06-30 | 2020-10-20 | 远光软件股份有限公司 | Block chain based data sharing method, electronic device and storage medium |
| CN111885153A (en) * | 2020-07-22 | 2020-11-03 | 东莞市盟大塑化科技有限公司 | Block chain-based data acquisition method and device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 范吉立等: "基于区块链的去中心化物品共享交易服务***", 《计算机应用》 * |
| 董祥等: "一种高效安全的去中心化数据共享模型", 《计算机学报》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112966022A (en) * | 2021-03-10 | 2021-06-15 | 安徽航天信息科技有限公司 | Information query method, device and system for data transaction platform |
| CN112966022B (en) * | 2021-03-10 | 2024-04-05 | 安徽航天信息科技有限公司 | Information query method, device and system of data transaction platform |
| CN113242139A (en) * | 2021-03-24 | 2021-08-10 | 江铃汽车股份有限公司 | Vehicle network signal platform design method |
| CN113301035A (en) * | 2021-05-18 | 2021-08-24 | 重庆川仪自动化股份有限公司 | Method and system for transmitting data between untrusted objects |
| CN113726767A (en) * | 2021-08-27 | 2021-11-30 | 交通银行股份有限公司 | Block chain based distributed multi-party privacy computing system and method |
| CN113779623A (en) * | 2021-08-27 | 2021-12-10 | 浙江数秦科技有限公司 | Thermal data fusion method based on block chain |
| CN113779623B (en) * | 2021-08-27 | 2023-08-08 | 浙江数秦科技有限公司 | Thermal data fusion method based on blockchain |
| CN113726767B (en) * | 2021-08-27 | 2023-09-12 | 交通银行股份有限公司 | Distributed multi-party privacy computing system and method based on blockchain |
| TWI812366B (en) * | 2021-11-22 | 2023-08-11 | 大陸商中國銀聯股份有限公司 | A data sharing method, device, equipment and storage medium |
| CN117610892A (en) * | 2024-01-23 | 2024-02-27 | 中国电子科技集团公司第二十八研究所 | Data demand decomposition and matching method and system based on ontology for task |
| CN117610892B (en) * | 2024-01-23 | 2024-04-02 | 中国电子科技集团公司第二十八研究所 | Data demand decomposition and matching method and system based on ontology for task |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112434109B (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112434109B (en) | Data sharing and secret query method and system based on block chain technology | |
| CN111371561B (en) | Alliance block chain data access control method based on CP-ABE algorithm | |
| US11677569B1 (en) | Systems and methods for notary agent for public key infrastructure names | |
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| Yu et al. | A blockchain-based shamir’s threshold cryptography scheme for data protection in industrial internet of things settings | |
| CN111292041B (en) | Electronic contract generation method, device, equipment and storage medium | |
| US9059856B2 (en) | Providing security services on the cloud | |
| CN101247232B (en) | Encryption technique method based on digital signature in data communication transmission | |
| US20210211468A1 (en) | Systems and methods for service compliance via blockchain | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| CN110601816B (en) | Lightweight node control method and device in block chain system | |
| Yasin et al. | Cryptography based e-commerce security: a review | |
| CN101883100A (en) | Digital content distributed authorization method | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| Yialelis et al. | A Security Framework Supporting Domain Based Access Control in Distributed Systems. | |
| CN115567312B (en) | Alliance chain data authority management system and method capable of meeting various scenes | |
| CN110851865A (en) | Resource data processing method, device, system and storage medium | |
| Martinez Jurado et al. | Applying assurance levels when issuing and verifying credentials using Trust Frameworks | |
| CN117094825A (en) | Cross-chain trusted land transaction system and method based on blockchain | |
| CN109614767B (en) | Decentralized O2O resource evidence exchange method and device | |
| CN107547570B (en) | Data security service platform and data security transmission method | |
| CN116015619A (en) | Blockchain data sharing protocol with privacy protection and data availability | |
| Park et al. | Traceable anonymous certificate | |
| CN113746621A (en) | Multi-chain architecture information sharing system based on block chain technology | |
| CA2237441C (en) | A mechanism for secure tendering in an open electronic network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |