CN112637278A - Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium - Google Patents

Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium Download PDF

Info

Publication number
CN112637278A
CN112637278A CN202011430847.5A CN202011430847A CN112637278A CN 112637278 A CN112637278 A CN 112637278A CN 202011430847 A CN202011430847 A CN 202011430847A CN 112637278 A CN112637278 A CN 112637278A
Authority
CN
China
Prior art keywords
data
document
attribute
certificate
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011430847.5A
Other languages
Chinese (zh)
Other versions
CN112637278B (en
Inventor
陈韬伟
余益民
高建
段正泰
兰琨
孔庆雯
宋智明
宋俊蓉
吴海虹
翟登
张翼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunnan Provincial Academy Of Science And Technology
Yunnan University of Finance and Economics
Original Assignee
Yunnan Provincial Academy Of Science And Technology
Yunnan University of Finance and Economics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunnan Provincial Academy Of Science And Technology, Yunnan University of Finance and Economics filed Critical Yunnan Provincial Academy Of Science And Technology
Priority to CN202011430847.5A priority Critical patent/CN112637278B/en
Publication of CN112637278A publication Critical patent/CN112637278A/en
Application granted granted Critical
Publication of CN112637278B publication Critical patent/CN112637278B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data sharing method, a system and a computer readable storage medium based on block chain and attribute-based encryption, wherein the method comprises the following steps: registration, authentication, encryption, decryption and document data verification; the method and the system perform identity authentication on each participant of cross-border trade, perform ownership verification, authenticity verification and privacy protection on the trade documents, ensure the safety of the cross-border trade documents, use IPFS/Cloud to store attribute-based encryption parameters, run an attribute encryption process, reduce the storage amount and height of block chain nodes, and improve the operation efficiency of the algorithm.

Description

Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium
Technical Field
The invention belongs to the technical field of information sharing of a block chain, and particularly relates to a data sharing method and system based on block chain and attribute-based encryption and a computer-readable storage medium.
Background
The cross-border trade ecology comprises business processes, logistics, finance, services, supervision and the like, is an important component for promoting economic growth and reflecting national economic strength, and has the core of cross-border flow and sharing of data.
At present, cross-border G2G, G2B, B2G and B2B services of various countries are all based on EDI/XML/ebXML framework systems, cross-border data sharing and exchange are realized through a security gateway under a centralized architecture, however, the VAN/EDI technology based on UN/EDIFACT standards is influenced by the sealing technical environment and the realization complexity when being applied, the operation cost is high, the EDI standard flexibility is poor, the data exchange is difficult, and the cross-border data sharing and exchange system is not used by a plurality of small and medium-sized enterprises; when the XML/EDI fusion technology is actually applied, the problems of lack of business process and management, low integration level, non-uniform deployment standard, high use threshold and the like exist, and although the XML/EDI fusion technology has a certain academic theoretical value, the XML/EDI fusion technology is difficult to widely apply and popularize in the market; when the ebXML/XML technology under the PKI system is used, under the background that the regional/global economic cooperation demand is continuously increased, the realization of the secure sharing of cross-border trade document data with the goals of 'mutual recognition and trust, interconnection and intercommunication, information exchange and supervision and mutual recognition' is still a difficult point, and the progress of global integrated paperless trade development is restricted.
The cross-border data sharing and exchange mainly has the following problems: trusting island, data ownership, centralized platform trust bottleneck, trade document privacy protection and data source authenticity, if the cross-border trade platform is concentrated on the level of national or regional alliance, a common database type centralized mode initiated and operated by a certain organization or organization is difficult to eliminate the worry of participants on data leakage and ownership, and also lacks enough governing and mandatory measures to carry out cross-border information exchange and large-scale popularization; the customs inspection is focused on the authenticity and legal compliance of transactions as a supervision department, data is transmitted layer by layer, data sources are lost, data are difficult to integrate, a large amount of time and labor cost are required to be invested in cross-border trade for information verification, and the service flow coordination efficiency is low.
The block chain is a brand new distributed infrastructure and computing paradigm which utilizes a block chain type data structure to verify and store data, utilizes a distributed node consensus algorithm to generate and update data, utilizes a cryptography mode to ensure data transmission and access security, and utilizes intelligent contract coding and operation data consisting of automatic script codes, in the peer-to-peer P2P environment, the block chain is concerned by academic circles, industrial circles and government departments with the characteristics of decentralization, transparent and traceable transaction, non-falsification of data and automatic execution in recent years, international organizations such as UN/CEFACT, WCO, WTO, UNCTAD/UNECE and the like successively issue research reports for applying the block chain to cross-border trade, and the block chain technology is considered to be closely combined with international trade services, promote international trade transformation, reduce international trade barriers and improve the operation efficiency of the relevant customs services, new opportunities are brought to the development of small and medium-sized micro enterprises; however, the cross-border trade domestic and foreign block chains are really landed and popularized for use, so that the number of the cross-border trade domestic and foreign block chains is very small, most of the cross-border trade domestic and foreign block chains are in the stages of proof of concept, pilot test and research and pilot test, all the added alliance nodes in most cases in China are domestic enterprises and banks, and some cross-border trade business collaboration in the real sense is not realized.
According to the tracing algorithm based on the block chain, privacy protection is carried out through homomorphic encryption and zero knowledge proof, so that the tracing information is difficult to realize dynamic sharing, an improved scheme of CP-ABE attribute-based encryption suitable for the block chain is provided, and dynamic protection of transaction privacy is completed.
Disclosure of Invention
The invention aims to provide a data sharing method, a data sharing system and a computer readable storage medium based on a block chain and attribute-based encryption.
The technical scheme adopted by the invention is that the data sharing method based on block chain and attribute-based encryption comprises the following steps:
the method comprises the steps of registering and authenticating, wherein each participant of cross-border trade is used as a block chain node, a message bus is used for connecting each node to construct a data sharing system, a document owner and a document user acquire the authority of entering the data sharing system through registration, the digital certificate of the document owner and the document user is input into a unified identity authentication and management module to verify the authenticity of the signature of the digital certificate, a public and private key, a DID identifier and an X.509V3 certificate are generated, the Hash of the public key, a DID pointer and the X.509V3 certificate is stored in a data layer, the X.509V3 certificate and a DID document are stored in an IPFS/Cloud, and the private key is stored locally in a user;
in the encryption process, a document owner stores document data in the uppermost layer, a CP-ABE module acquires and encrypts the document data, the encrypted document data and a ciphertext related to document verification are stored in an IPFS/Cloud, and a public key, a main secret key and a Hash of the encrypted document data are stored in a data layer;
in the decryption process, a document user applies for authorization to obtain encrypted document data and a ciphertext related to document verification, entrusts the whole network to generate an attribute key based on a public key, a master secret key, attribute data and a DID (digital information device) identifier, decrypts the encrypted document data to obtain document data, and the attribute data are stored in an IPFS/Cloud;
and in the document data verification process, the document using party calls an intelligent contract to verify the digital certificate, the X.509V3 certificate and the document data of the document owning party, and the document data sharing is completed.
Further, the document data includes export enterprises, sales contracts, commercial invoices, packing slips, export country bank letters of credit, insurance policy, export country customs origin certificate, customs declaration form, export approval, logistics warehouse receipt, delivery slip, intermodal slip, import country customs clearance ticket, import approval, import country bank letters of credit, insurance policy, import enterprises, and order contracts.
Further, when the attribute key is generated, the nodes participating in the key generation respectively upload the DID identifier and the X.509V3 certificate of the node, after the identity authentication is performed by the unified identity authentication and management module, the document user entrusts the node to generate the attribute key and returns the attribute key to the document user, and the document user sums the attribute keys to obtain the final attribute key.
Further, the verification of the digital certificate and the X.509V3 certificate of the document owner comprises an electronic signature verification service and a digital certificate verification service, and the verification of the document data is an electronic signature verification service;
the electronic signature verification service comprises a data message signature verification service and a visual data message verification service; the digital certificate verification service comprises certificate integrity verification, certificate credibility verification, certificate validity verification, certificate strategy verification and other value-added services of the digital certificate; the electronic signature verification service includes integrity and non-repudiation verification of the document data.
Further, other value-added services of the digital certificate include an identity information verification service of a certificate user and an electronic certificate authority information verification service.
Further, the data layer stores transaction information and state information, the transaction information is a process of writing the document data into the block chain by the trade participant, and the state information is public parameters of application, issuance, revocation information and document data encryption of the self-established digital certificate.
Further, the attribute data includes credentials, identity information, and entity-specific attribute data.
The data sharing system based on the block chain and the attribute-based encryption comprises a memory and a processor;
the memory is used for storing computer programs;
the processor is configured to execute a computer program stored in the memory to implement the method steps of any one of claims 1 to 7.
The computer-readable storage medium has stored therein a computer program which is executable by a processor to perform the method steps of any of claims 1 to 7.
The invention has the beneficial effects that: according to the invention, by means of the characteristics of block chain decentralization, traceability, transaction transparency and the like, a block chain attribute-based encryption system is constructed, which is beneficial to strengthening the dynamic property, flexibility and high efficiency of attribute-based encryption, and improving the data security sharing and privacy protection of cross-border paperless trade.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a working framework diagram of the present invention.
FIG. 2 is a contract call graph of the present invention.
Fig. 3 is a data transfer flow diagram.
Fig. 4 is a flow chart of an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Many cross-border trade participants belong to different countries, regions and industries, and the identity authentication technology based on the relatively mature public key infrastructure is generally adopted to ensure the information security, namely, the identity authentication is completed by using digital certificates issued by different CA, but because a mutual trust and mutual authentication mechanism is not established between distributed certificate authentication systems, a plurality of independent trust domains are formed in the cross-border trade system, and the exchange and sharing of cross-border trade document data are hindered.
The invention provides a data sharing method based on block chain and attribute-based encryption for realizing the document data exchange and sharing of cross-border trade participants of a plurality of different trust domains, which comprises the following steps:
the method comprises the steps of registering and authenticating, wherein each participant of cross-border trade is used as a blockchain node, a message bus is used for connecting each node to construct a data sharing system, a document owner and a document user acquire the authority of entering the data sharing system through registration, a digital certificate of the document owner and the document user is input into a unified identity authentication and management module, the unified identity authentication and management module retrieves the Hash value of a root CA according to the identity certificate of the unified identity authentication and management module to acquire a trust source point, verifies the signature authenticity of the digital certificate, generates a public key, a DID (digital identity) and an X.509V3 certificate, stores the X.509V3 certificate and a DID document in IPFS/Cloud, stores the private key in a local user, is kept by a user wallet or a client, and stores the Hash values of the public key, a DID pointer and the X.50V3 certificate in a;
in the encryption process, a document owner stores document data in the uppermost layer, a CP-ABE module acquires and encrypts the document data, the encrypted document data and a ciphertext related to document verification are stored in an IPFS/Cloud, and a public key, a main secret key and a Hash of the encrypted document data are stored in a data layer;
the document data comprises export enterprises, sales contracts, commercial invoices, packing lists, export country bank credit cards, insurance slips, export country customs origin certificates, customs declaration forms, export permits, logistics warehouse lists, delivery lists, shipping lists, import country customs clearance forms, import permits, import country bank credit cards, insurance lists, import enterprises and order contracts;
in the decryption process, a document user applies for authorization to obtain encrypted document data and a ciphertext related to document verification, entrusts the whole network to generate an attribute key based on a public key, a main secret key, attribute data and a DID (digital information device) identifier, decrypts the encrypted document data to obtain document data, and the attribute data are stored in an IPFS/Cloud and comprise a certificate Credentials, identity information and entity specific attribute data;
and in the document data verification process, the document using party calls an intelligent contract to verify the digital certificate, the X.509V3 certificate and the document data of the document owning party, and the document data sharing is completed.
The IPFS/Cloud allows the intelligent contract of the unified identity authentication and management module to perform read/write operation according to the access authority, is used for registration of trade participants and updating/canceling operation of attributes, and allows the intelligent contract of an application program to perform read operation.
The data layer is also stored with transaction information and state information, the transaction information is a process of writing data into a block chain by cross-border trade participants through an intelligent contract, and the state information is public parameter data used for applying, issuing and canceling self-built digital certificates and encrypting; the middle layer is used as a block chain core layer for cross-border trade document sharing and exchange, provides identity authentication for cross-border trade participants, and provides ownership verification, authenticity verification and privacy protection of data for safe sharing and exchange of trade documents.
As shown in fig. 1, the citia block chain basic module of the middle layer stores intelligent contracts related to identity authentication and document data verification of cross-border trade participants, cryptographic algorithms and consensus algorithms related to encryption-decryption, the unified identity authentication and management module completes operations such as identity authentication and self-established digital certificate generation by calling corresponding intelligent contracts and algorithms, and the CP-ABE module completes operations such as document data encryption, document data verification and attribute key generation by calling corresponding intelligent contracts and algorithms.
1. CITA Block chain base Module
The CITA block chain foundation module uses an open source tool chain CITA Toolchain perfection foundation setting, and comprises a P2P network architecture, a consensus algorithm and an intelligent contract deployment tool, wherein the bottom layer supports DHT, Gossip, a flooding algorithm and the like, and the consensus algorithm supports Raft, POX, PBFT and the like; the CITA SDK and the CITA CLI can be used by operators, developers and terminal users conveniently and quickly, and carry out data interaction with the CITA directly, and 4 tools are constructed on the basis of the CITA SDK: ReBirth, CITA IDE, CITA Truffle Box and CITA Web Debuger, and also provides 3 tools aiming at specific service requirements and development scenes: microscope, Cyton Wallet, CITA CLI and a first-forever-demo, by developing or running this demo, it is possible to familiarize most of the subcomponents of CITA Toolchain and basically master the operational flow of developing DApp on CITA.
As shown in fig. 2, the intelligent contract comprises: the method comprises the following steps of unifying identity management intelligent contracts, agent contracts and application intelligent contracts, wherein the unifying identity management intelligent contracts comprise access control contracts, cross-domain authentication contracts, registration contracts, certificate signing contracts and identity revocation recovery contracts, and the application intelligent contracts comprise electronic signature verification service intelligent contracts, digital certificate verification service intelligent contracts, electronic signature verification service intelligent contracts, party attribute management contracts and party attribute relationship management contracts; the cryptographic algorithm includes: a national cryptographic algorithm (SM2/SM3/SM4), an asymmetric encryption algorithm (RSA/ECC), a Hash algorithm (MD5/SHA256), a symmetric encryption algorithm (DES/AES), and an attribute-based encryption algorithm, with the consensus algorithm being a POI identity consensus and reward mechanism.
The proxy contract is used for contacting a trading participant (a user wallet or a client program) and an application program, the application program regards the address of the proxy contract as an interactive entity and a core identifier in the process of document data exchange and sharing, a permanent identifier in the data sharing system is maintained, and meanwhile when a private key is lost, the data sharing system replaces the private key of the trading participant by calling an identity revocation recovery contract to reserve the control of the identifier.
The method comprises the steps that the verification of a digital certificate and document data of a document owner comprises an electronic signature verification service, a digital certificate verification service and an electronic signature verification service, wherein the electronic signature verification service comprises a data telegraph text signature verification service and a visual data telegraph text verification service, and intelligent contract signed verification and non-national secret algorithm signed verification which provide the data telegraph text signature verification service; the intelligent contract for providing the visual data message verification service comprises PDF visual signature verification conforming to the PDF 32000-1:2008 standard and OFD visual signature verification conforming to the GB/T38540 and 2020 secure electronic signature password technical specification.
The digital certificate verification services comprise certificate integrity verification, certificate credibility verification, certificate validity verification, certificate strategy verification and other value-added services of the digital certificate, and the verification of the certificate integrity is to ensure that content options of the certificate are complete and are not tampered by people; verifying the credibility of the certificate is to perform upward inquiry layer by layer from the bottom layer of the CA trust domain of the trade counterpart through a certificate verification chain, trace back to the end point of the trust chain, namely a root CA, find an authoritative root CA signature, verify the authenticity of the signature, and determine whether the root CA has related qualification, can provide an electronic authentication service matched with an electronic authentication service, can normally operate and other information; the verification of the validity of the certificate is to verify the instant validity of the digital certificate through the CRL service, the OCSP service and the SCVP service, and provide the online certificate validity verification service with multiple modes, rapidness, high efficiency and safety; the certificate verification strategy is that the current use of the certificate verification has contents such as whether the current use of the certificate verification exceeds the policy limit specified by the certificate or not; other value added services for digital certificates include verifying identity information of the certificate user, electronic certificate authority information, and the like.
The electronic signature verification service is used to verify the integrity and non-repudiation of data.
Calling a participant attribute management contract to manage the identity and attributes of a main body of a trade participant, wherein the identity, role, position, capability, position, administrative relationship, certificate, CA certificate and the like of the main body are defined and stored in a standardized way; the invention adopts a management method based on BloomFilter to realize the rapid retrieval and controllable access of the main attribute, and the attribute management contract of the participant also comprises the functions of user revocation and attribute revocation.
The trade document data owner calls a participant attribute relationship management contract, establishes a document data sharing and verification relationship attribute policy access control tree containing AND, OR and threshold operations based on the trade participant attribute data, calculates an access matrix from the access control tree to linear secret sharing (LSSS) by adopting a monotone expansion scheme, realizes formulation of an access policy, and writes in the access control contract.
2. Unified identity authentication and management module
The invention utilizes the characteristics of a block chain distributed center, collective maintenance and difficult tampering, stores root CA certificates of a plurality of trust domains in an IPFS/Cloud as a trust source point of identity verification, stores a Hash value of the root CA certificate in a data layer, obtains the authority of entering a system by registering cross-border trading participants in the identity authentication process, initiates an online block chain cross-border authentication transaction in a client digital wallet or a block chain browser according to the self service requirement, calls a cross-domain authentication contract by a unified identity authentication and management module, obtains the trust source point according to the Hash value of the root CA certificate of the trust domain in which the cross-border trading participants are positioned, and calls a cryptographic algorithm to verify the signature authenticity of the CA certificate held by each participant, wherein the cryptographic algorithm is a cryptographic algorithm, an asymmetric encryption algorithm, a Hash algorithm, a symmetric encryption algorithm or an attribute-based encryption algorithm.
After the cross-border trade participant passes the verification of the CA certificate, the unified identity authentication and management module calls a certificate signing and issuing contract to generate a public key and a private key and a DID (binary identifier) which accords with the W3C standard, and simultaneously initiates and generates an X.509V3 certificate transaction TxiBroadcasting requests distributed blockchain CA nodes to issue certificates, blockchain CA nodes verifying TxiGenerating a certificate Cert, producing an issued transaction Txi+1Full network broadcast issue transaction Txi+1And returning the certificate issuing result to the cross-border trade participant, storing the Hash of the public key, the DID pointer and the X.509V3 certificate in a data layer, storing the X.509V3 certificate and the DID document in the IPFS/Cloud, and storing the private key in the local part of the user.
3. CP-ABE module
Due to the fact that cross-border trade participants have strong diversity and irregularity, the consistency consensus of complete switch sharing cannot be achieved by using a method similar to a local protocol or alliance, data sharing and exchanging among cross-border governments, other organizations and enterprises are prevented, a block chain is used as a decentralized distributed peer-to-peer trusted data network technology, the modern cryptography theory is fused, and a technical basis is provided for establishing trusted and point-to-point data security sharing.
The CP-ABE module regards each block chain link point as an authoritative node in the CP-ABE module according to the credible authentication identity of a trade participant in a block chain, a multi-authoritative CP-ABE mechanism is established, a trade document owner uploads a public key pk and a main private key msk to the block chain for storage, a ciphertext related to trade document verification is stored in IPFS/Cloud, a secret key encapsulation mechanism KEM is established through a document user request, the mechanism meets the testable semantic security under the assumption of q-DPBDHE, two trade parties can safely transmit a random session key, and the encryption and decryption process of the trade document is shown in figure 3 and comprises the following steps:
1) initialization phase of data sharing system
Setup(1λ) → (pk, msk), the trade document owner inputs the security parameter λ, let p be the prime number, G1、G2Is that
Figure BDA0002826566910000081
Two multiplication cyclic groups with order p, defining h and G as cyclic group G1The bilinear map e: g1×G1→G2The security parameters determine the size of the cyclic group, the attribute is generally denoted as U, the size is denoted as | U |, two random numbers alpha are selected,
Figure BDA0002826566910000082
inputting access matrix M of LSSS, distributing random index according to access matrix M
Figure BDA0002826566910000083
s is the shared key, and the data sharing system outputs a key pair (pk, mk), pk ═ g, e (g, g)α,gβ,h1,h2,…,h|U|},msk=gα,hUHash of the Uth attribute, e (g, g)αFor encrypting the master key, gβ、gαTo save these parametersThe operation of the structure;
2) trade document encryption stage
Enc ({ pk }, (A, rho), m, delta) → CT, and setting a trade document owner to take the document data m, the public key pk and the tension scheme (A, rho) for LSSS as access strategies, and input the DID identification as an identity key delta and output an encrypted ciphertext CT of the trade document;
in the encryption process, M is an access matrix of l multiplied by n, the line of which the function rho is M makes attributes, and random vectors are selected
Figure BDA0002826566910000091
Splitting a shared secret s, λi(i ═ 1,2, …, l) is the ith shared key share obtained by splitting shared key s, since the split of shared key s is based on attributes of the trading participants, the ith shared key share corresponds to the ith attribute, C is assigned to the ith attributei(i-1, 2, …, l) is associated with the rho (i) th line to establish an attribute, and the finally created trade document encryption ciphertext
Figure BDA0002826566910000096
Where C is the cipher text encrypted by the master key, the shared key associated with the attribute, and the identity key, e (g, g)αsδFor encrypting the public key, C' is an operation constructed for storing s and delta and is used for eliminating parameters during decryption,
Figure BDA0002826566910000093
formulating an attribute-dependent ciphertext, g, for the ρ (i) -th lineAnd
Figure BDA0002826566910000097
all operations constructed for storing these parameters during key generation can be used for construction of decryption functions, riFor generating random numbers of ciphertexts, for preventing collusion of block chain nodes, CiAnd DiOperation can eliminate ri
3) Uploading the trade document encrypted ciphertext to IPFS/Cloud storage, and storing the Hash of the encrypted document data as an index in a data layer;
4) the trade document owner writes pk and msk into the block chain node, identifies the uplink and stores the uplink in a CITA block chain basic module, and the cross-border trade participant calls a key encapsulation mechanism to obtain parameters pk and msk;
5) calculation and generation phase of key
KeyComp(pk,msk,DID,(ei,di))→ski', the participants of cross-border trade can participate in the generation process of the key, the cross-border trade participants input the public key pk and the master private key msk to obtain the private key sk associated with the DID identification and the attributes of the trade participantsiTriplet: K. l and attribute hash value hx, K ═ gαgβt,L=(L′)d=gt,gβt、gtAll operations are operations constructed by storing the parameters;
taking random numbers
Figure BDA0002826566910000094
Using asymmetric cryptographic algorithm pair (e)i,di) Performing key protection, i.e. Ei=enc(ei,t),EiFor the random number t to pass through eiEncrypted parameter, hxiFor the hash value of the ith attribute of the trade participant, EiAnd hxiSending to Node in networkiNode generates Key K 'of ith attribute of trade participant'iAttribute key generated by all attributes of cross-border trade participants
Figure BDA0002826566910000095
Encrypted attribute key sk'x=(K,L′,K′x(x∈S));
KeyGen({sk′xF, d) → sk to find eiModulo inverse element sk 'for r'x,sk′xWarp diDecryption into the Attribute Key skxCalculating the sk obtained by each block chain nodexThe summation obtains the attribute key sk, sk ═ K, L, Kx(x∈S)),KxIs decrypted K'x
6) The trade document user applies for authorization to obtain Hash of encrypted document data through the unified identity authentication and management module, downloads document data encrypted ciphertext CT from IPFS/Cloud under the link, decrypts the CT by using an attribute key generated by the CP-ABE attribute encryption module, and the decryption process is as follows:
dec (CT, sk, δ) → m, where the input of the decryption algorithm is a document data encryption ciphertext CT and a key sk corresponding to the attribute set S, and the decryption is successful if the attribute set S satisfies an access policy of an access control contract;
definition of
Figure BDA0002826566910000101
Order to
Figure BDA0002826566910000102
If λiIs the random exponent s corresponds to the significant fraction of M, then
Figure BDA0002826566910000103
iIs not unique), the decryption computation equation is:
Figure BDA0002826566910000104
finally, plaintext information of document data is obtained
Figure BDA0002826566910000105
Kρ(i)An attribute key generated by the attribute is formulated for the rho (i) th line and is used as one mapping in the bilinear mapping and C when being decryptediPairing for attribute comparison, if matching, cross-border trade participants can recover lambdaiAnd then obtaining a shared secret key;
7) the trade document using party calls the application intelligent contract to complete the digital certificate verification, the X.509V3 certificate verification and the trade document data verification of the document owning party, records the transaction process in a data layer and completes the sharing and exchange of the trade document data.
The invention takes root CA of a plurality of trust domains as a trust source point for verifying the identity of the trade participant, the trade participant initiates an online block chain cross-domain authentication transaction through a client digital wallet or a block chain browser, the unified identity authentication and management module calls the root CA of each trade participant, cross-domain identity verification is carried out on trade users belonging to different trust domains, and a unified X.509V3 certificate is issued, thereby ensuring the honesty and reliability of each trade participant, avoiding identity forgery and ensuring the safety of data transaction.
Inputting the certificate data into a CP-ABE module for encryption after the identity authentication of the trade document owner is completed, writing the Hash of transaction records and encrypted certificate data into a data layer of each node of a block chain for storing the certificate, inputting the encrypted certificate data into IPFS/Cloud, establishing an access strategy of the trade document user according to participant attribute data, and storing the access strategy in the local place of the trade document owner to prevent the access strategy from being leaked; a document user entrusts the whole network to carry out POI common identification after identity authentication, the document user sums up attribute keys of all block chain nodes to obtain a final attribute key, the obtained encrypted document data is decrypted to obtain document data plaintext information, the trade document user calls an application intelligent contract to verify the digital certificate signature of the trade document owner and the integrity of the document data, and therefore data sharing and exchange are carried out, and the digital certificate comprises a digital certificate signed by a CA (certificate Authority) of the trade document owner and a self-established digital certificate signed and issued by a block chain system.
The block chain link points participating in key generation in the POI consensus process respectively upload own identity identification DID and attribute data, unified identity authentication is carried out by a unified identity authentication and management module, different Token rewards are distributed to the block chain link points according to the uploading time of the block chain link points during each transaction, a user with the highest assigned point serves as a Leader when the attribute key is generated, and if the block chain link points participating in key generation except the Leader meet the requirement of more than 2/3 of the total node, a CP-ABE module of each trade participant generates the attribute key and sends the attribute key to a trade document user to finish trade document decryption.
In the CP-ABE key generation stage, different leader nodes are selected, a centralized or multi-center authority mode is converted into each block chain which can be used as an authority node to participate in the calculation of key generation, the reliability of key calculation is ensured, the risk of collusion among the nodes is avoided, the initialization, encryption and decryption processes except the key calculation are finished by each trade participant under the chain, only the generated public parameters and transaction state information are input into a data layer for storage, the storage amount and height of the blocks are reduced, and the operation efficiency of the algorithm is improved.
Examples
As shown in fig. 4, country a is used as an exporter, country B is used as an importer, country B issues a purchase order to country a, the importer and the exporter respectively access the unified identity authentication and management module through the Dapp client, the unified identity authentication and management module calls the cross-domain authentication contract to perform cross-domain identity authentication on the importer and the exporter, and calls the registration contract and the certificate signing contract to generate respective identity identifiers DID and self-established digital certificates, the importer and the exporter both enter the data sharing system through the identity identifiers DID, the importer calls the participant attribute relationship management contract to establish a corresponding access policy, inputs the access policy into the access control contract, inputs the purchase order into the CP-ABE module for encryption, stores Hash of the encrypted file in the data layer, and stores the encrypted purchase order in the IPFS/Cloud of the importer.
The export applies for authorization to obtain the Hash of the encrypted file and the encrypted purchase order through the unified identity authentication and management module, POI consensus is carried out in the data sharing system to obtain an attribute key, the encrypted purchase order is decrypted, then an intelligent contract is called to verify all parties and authenticity of the purchase order, a sales order is made in an internal information system of an enterprise, the shipment is completed, a business invoice and a packing list are made, the export calls a participant attribute relation management contract to establish a corresponding access strategy, the Hash of the encrypted business invoice and the packing list is stored in a data layer, and the encrypted business invoice and the packing list are stored in an IPFS/Cloud.
The local businessman or the single window platform enters the data sharing system, the agent contract is called, the agent contract then calls the application intelligent contract to decrypt the encrypted invoice and the packing list, the signature and the authenticity of the digital certificate of the exporter are verified, the checked invoice and the packing list are authorized to the customs to be checked and checked, the origin certification signed by the customs and the unique number of the origin certification are obtained, the customs enters the data sharing system to call the agent contract and the application intelligent contract to complete the encryption and the storage of the origin certification, the exporter decrypts the ciphertext to obtain the origin certification, and the whole data sharing process is stored on a chain.
The exporter encrypts all materials (origin certificate, invoice and packing list) and authorizes the materials to a single window platform of an importer (B country), the encryption algorithm electronic signature verification is carried out, the importer obtains the authorization of the electronic trade list and then signs and authorizes the materials to a customs agency customs, the agency automatically generates an export customs declaration list uplink chain for storage based on the authorized invoice, the packing list, the origin certificate and the shipping list, the declaration is completed through the authorized single window platform, all the document information is authorized to the customs of the B country, the customs of the B country requests the customs of the A country to check the origin certificate of the exporter, and the nation authorizes the nation B to audit the origin certificate and complete the cross-border data transmission.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (9)

1. The data sharing method based on block chain and attribute-based encryption is characterized by comprising the following steps of:
the method comprises the steps of registering and authenticating, wherein each participant of cross-border trade is used as a block chain node, a message bus is used for connecting each node to construct a data sharing system, a document owner and a document user acquire the authority of entering the data sharing system through registration, the digital certificate of the document owner and the document user is input into a unified identity authentication and management module to verify the authenticity of the signature of the digital certificate, a public and private key, a DID identifier and an X.509V3 certificate are generated, the Hash of the public key, a DID pointer and the X.509V3 certificate is stored in a data layer, the X.509V3 certificate and a DID document are stored in an IPFS/Cloud, and the private key is stored locally in a user;
in the encryption process, a document owner stores document data in the uppermost layer, a CP-ABE module acquires and encrypts the document data, the encrypted document data and a ciphertext related to document verification are stored in an IPFS/Cloud, and a public key, a main secret key and a Hash of the encrypted document data are stored in a data layer;
in the decryption process, a document user applies for authorization to obtain encrypted document data and a ciphertext related to document verification, entrusts the whole network to generate an attribute key based on a public key, a master secret key, attribute data and a DID (digital information device) identifier, decrypts the encrypted document data to obtain document data, and the attribute data are stored in an IPFS/Cloud;
and in the document data verification process, the document using party calls an intelligent contract to verify the digital certificate, the X.509V3 certificate and the document data of the document owning party, and the document data sharing is completed.
2. The block chain and attribute-based encryption based data sharing method according to claim 1, wherein the document data includes export enterprises, sales contracts, commercial invoices, packing slips, export country bank letters, insurance policies, export country customs origin certificates, customs declaration forms, export permits, logistics warehouse notes, bills of lading, intermodal notes, import country customs clearance notes, import permits, import country bank letters, insurance policies, import enterprises and order contracts.
3. The data sharing method based on the block chain and the attribute-based encryption as claimed in claim 1, wherein when the attribute key is generated, the nodes participating in the key generation respectively upload their own DID identifier and x.509v3 certificate, after the identity authentication is performed by the unified identity authentication and management module, the document user delegates the nodes to generate the attribute key and return the attribute key to the document user, and the document user sums up the attribute keys to obtain the final attribute key.
4. The data sharing method based on blockchain and attribute-based encryption according to claim 1, wherein the verifying of the digital certificate of the document owner and the x.509v3 certificate includes an electronic signature verification service and a digital certificate verification service, and the verifying of the document data is an electronic signature verification service;
the electronic signature verification service comprises a data message signature verification service and a visual data message verification service; the digital certificate verification service comprises certificate integrity verification, certificate credibility verification, certificate validity verification, certificate strategy verification and other value-added services of the digital certificate; the electronic signature verification service includes integrity and non-repudiation verification of the document data.
5. The blockchain and attribute-based encryption based data sharing method according to claim 4, wherein the other value added services of the digital certificate include an identity information verification service and an electronic certificate authority information verification service of a certificate user.
6. The data sharing method based on blockchain and attribute-based encryption according to claim 1, wherein the data layer further stores transaction information and status information, the transaction information is a process of writing the voucher data into the blockchain by a trading participant, and the status information is public parameters of application, issuance, revocation information and voucher data encryption of a self-established digital certificate.
7. The blockchain and attribute-based encryption based data sharing method according to claim 1, wherein the attribute data includes credentials, identity information and entity specific attribute data.
8. The data sharing system based on the block chain and the attribute-based encryption is characterized by comprising a memory and a processor;
the memory is used for storing computer programs;
the processor is configured to execute a computer program stored in the memory to implement the method steps of any one of claims 1 to 7.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the method steps of any one of claims 1 to 7.
CN202011430847.5A 2020-12-09 2020-12-09 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium Active CN112637278B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011430847.5A CN112637278B (en) 2020-12-09 2020-12-09 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011430847.5A CN112637278B (en) 2020-12-09 2020-12-09 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN112637278A true CN112637278A (en) 2021-04-09
CN112637278B CN112637278B (en) 2021-10-08

Family

ID=75309043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011430847.5A Active CN112637278B (en) 2020-12-09 2020-12-09 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112637278B (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN113411384A (en) * 2021-06-10 2021-09-17 华中科技大学 System and method for privacy protection in data security sharing process of Internet of things
CN113556393A (en) * 2021-07-20 2021-10-26 江苏运联信息股份有限公司 Multi-type intermodal data exchange system and method based on block chain
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113592509A (en) * 2021-06-22 2021-11-02 北京农业信息技术研究中心 Data tracing supervision method and system based on supply chain
CN113642027A (en) * 2021-09-01 2021-11-12 卫宁健康科技集团股份有限公司 Medical information integration method, device, computer equipment, medium and system
CN113761492A (en) * 2021-08-17 2021-12-07 国网山东省电力公司信息通信公司 Trusted data storage method and system, computer equipment and terminal
CN113837760A (en) * 2021-11-25 2021-12-24 腾讯科技(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN113904854A (en) * 2021-10-13 2022-01-07 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient secret algorithm
CN114024686A (en) * 2021-11-03 2022-02-08 北京邮电大学 Intelligent community Internet of things information sharing model based on block chain
CN114244838A (en) * 2021-12-17 2022-03-25 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data
CN114358764A (en) * 2021-11-15 2022-04-15 深圳众联数字科技有限公司 Privacy calculation method based on intelligent contracts in block chain and related equipment
CN114553440A (en) * 2022-04-22 2022-05-27 山东省计算中心(国家超级计算济南中心) Cross-data center identity authentication method and system based on block chain and attribute signature
CN114760111A (en) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 File security method and file security device based on block chain
CN114826618A (en) * 2022-05-06 2022-07-29 珠海复旦创新研究院 Certificate distribution and access control integrated system
CN115022039A (en) * 2022-06-02 2022-09-06 中国工商银行股份有限公司 Information processing method, apparatus, device, storage medium, and computer program product
CN115065679A (en) * 2022-06-02 2022-09-16 湖南天河国云科技有限公司 Block chain based electronic health profile sharing model, method, system, and medium
CN115086049A (en) * 2022-06-21 2022-09-20 天津理工大学 System and method for sharing block chain medical data based on verifiable delay function
CN115277171A (en) * 2022-07-25 2022-11-01 北京邮电大学 Data circulation control method based on purchasable attribute encryption in cloud environment
CN115296918A (en) * 2022-08-10 2022-11-04 杭州电子科技大学 Decentralized financial strategy sharing method based on chain uplink as contribution certification
CN115423457A (en) * 2022-11-03 2022-12-02 长通智能(深圳)有限公司 Cross-border financial payment settlement method and system based on block chain
CN115643233A (en) * 2022-09-19 2023-01-24 云南财经大学 Block chain identification analysis system
CN115714669A (en) * 2022-10-20 2023-02-24 云南师范大学 Private data cross-domain sharing method based on PURH-CP-ABE under block chain
CN117614618A (en) * 2023-11-15 2024-02-27 北京邮电大学 Cross-domain multi-authority collaborative attribute-based encryption access control method
CN118013559A (en) * 2024-04-09 2024-05-10 南京邮电大学 Seal data encryption security system based on blockchain data user character model

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000015266U (en) * 1998-12-31 2000-07-25 서평원 Pseudo Noise Code Control Circuit of CDM Receiver
CN107995197A (en) * 2017-12-04 2018-05-04 中国电子科技集团公司第三十研究所 A kind of method for realizing across management domain identity and authority information is shared
CN110033363A (en) * 2018-12-14 2019-07-19 阿里巴巴集团控股有限公司 Event-handling method and device, electronic equipment based on block chain
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
US10810314B1 (en) * 2017-12-22 2020-10-20 Architecture Technology Corporation Database connector using attribute-based encryption
CN111935080A (en) * 2020-06-24 2020-11-13 布比(北京)网络技术有限公司 Data sharing method and device for block chain, computer equipment and storage medium
CN111986755A (en) * 2020-08-24 2020-11-24 中国人民解放军战略支援部队信息工程大学 Data sharing system based on block chain and attribute-based encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102088218B1 (en) * 2018-08-03 2020-03-16 서강대학교 산학협력단 Online examination management system and method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000015266U (en) * 1998-12-31 2000-07-25 서평원 Pseudo Noise Code Control Circuit of CDM Receiver
CN107995197A (en) * 2017-12-04 2018-05-04 中国电子科技集团公司第三十研究所 A kind of method for realizing across management domain identity and authority information is shared
US10810314B1 (en) * 2017-12-22 2020-10-20 Architecture Technology Corporation Database connector using attribute-based encryption
CN110033363A (en) * 2018-12-14 2019-07-19 阿里巴巴集团控股有限公司 Event-handling method and device, electronic equipment based on block chain
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
CN111935080A (en) * 2020-06-24 2020-11-13 布比(北京)网络技术有限公司 Data sharing method and device for block chain, computer equipment and storage medium
CN111986755A (en) * 2020-08-24 2020-11-24 中国人民解放军战略支援部队信息工程大学 Data sharing system based on block chain and attribute-based encryption

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
TAOWEI CHEN等: ""Data Access & Sharing Approach for Trade Documentations Based on Blockchain Technology"", 《2019 3RD INTERNATIONAL CONFERENCE ON ELECTRONIC INFORMATION TECHNOLOGY AND COMPUTER ENGINEERING (EITCE)》 *
VAN-DUY PHAM等: ""B-Box - A Decentralized Storage System Using IPFS, Attributed-based Encryption, and Blockchain"", 《 2020 RIVF INTERNATIONAL CONFERENCE ON COMPUTING AND COMMUNICATION TECHNOLOGIES (RIVF)》 *
丁晟: ""物联网中数据安全高效共享控制机制研究"", 《中国博士学位论文全文数据库信息科技辑》 *
余益民等: ""基于区块链的跨境物流数据共享及交换研究"", 《电子商务》 *

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN113254410B (en) * 2021-05-29 2024-02-02 陕西师范大学 Publicly verifiable multi-level multi-secret sharing method and system capable of proving safety
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113411384A (en) * 2021-06-10 2021-09-17 华中科技大学 System and method for privacy protection in data security sharing process of Internet of things
CN113592509A (en) * 2021-06-22 2021-11-02 北京农业信息技术研究中心 Data tracing supervision method and system based on supply chain
CN113592509B (en) * 2021-06-22 2023-09-12 北京农业信息技术研究中心 Data tracing supervision method and system based on supply chain
CN113556393A (en) * 2021-07-20 2021-10-26 江苏运联信息股份有限公司 Multi-type intermodal data exchange system and method based on block chain
CN113761492A (en) * 2021-08-17 2021-12-07 国网山东省电力公司信息通信公司 Trusted data storage method and system, computer equipment and terminal
CN113642027B (en) * 2021-09-01 2024-04-16 卫宁健康科技集团股份有限公司 Medical information integration method, device, computer equipment, medium and system
CN113642027A (en) * 2021-09-01 2021-11-12 卫宁健康科技集团股份有限公司 Medical information integration method, device, computer equipment, medium and system
CN113904854A (en) * 2021-10-13 2022-01-07 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient secret algorithm
CN113904854B (en) * 2021-10-13 2024-01-02 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient algorithm
CN114024686A (en) * 2021-11-03 2022-02-08 北京邮电大学 Intelligent community Internet of things information sharing model based on block chain
CN114024686B (en) * 2021-11-03 2023-09-26 北京邮电大学 Intelligent community Internet of things information sharing model based on block chain
CN114358764A (en) * 2021-11-15 2022-04-15 深圳众联数字科技有限公司 Privacy calculation method based on intelligent contracts in block chain and related equipment
CN113837760A (en) * 2021-11-25 2021-12-24 腾讯科技(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN113837760B (en) * 2021-11-25 2022-08-26 腾讯科技(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN114244838A (en) * 2021-12-17 2022-03-25 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data
CN114244838B (en) * 2021-12-17 2024-06-04 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data
CN114760111A (en) * 2022-03-24 2022-07-15 标信智链(杭州)科技发展有限公司 File security method and file security device based on block chain
CN114553440B (en) * 2022-04-22 2022-10-04 山东省计算中心(国家超级计算济南中心) Cross-data center identity authentication method and system based on block chain and attribute signature
CN114553440A (en) * 2022-04-22 2022-05-27 山东省计算中心(国家超级计算济南中心) Cross-data center identity authentication method and system based on block chain and attribute signature
CN114826618A (en) * 2022-05-06 2022-07-29 珠海复旦创新研究院 Certificate distribution and access control integrated system
CN115065679A (en) * 2022-06-02 2022-09-16 湖南天河国云科技有限公司 Block chain based electronic health profile sharing model, method, system, and medium
CN115065679B (en) * 2022-06-02 2024-06-07 湖南天河国云科技有限公司 Electronic health record sharing model, method, system and medium based on blockchain
CN115022039B (en) * 2022-06-02 2024-03-15 中国工商银行股份有限公司 Information processing method, apparatus, device and storage medium
CN115022039A (en) * 2022-06-02 2022-09-06 中国工商银行股份有限公司 Information processing method, apparatus, device, storage medium, and computer program product
CN115086049A (en) * 2022-06-21 2022-09-20 天津理工大学 System and method for sharing block chain medical data based on verifiable delay function
CN115086049B (en) * 2022-06-21 2023-09-08 天津理工大学 Block chain medical data sharing system and method based on verifiable delay function
CN115277171B (en) * 2022-07-25 2023-09-29 北京邮电大学 Data circulation control method based on cleanable attribute encryption in cloud environment
CN115277171A (en) * 2022-07-25 2022-11-01 北京邮电大学 Data circulation control method based on purchasable attribute encryption in cloud environment
CN115296918A (en) * 2022-08-10 2022-11-04 杭州电子科技大学 Decentralized financial strategy sharing method based on chain uplink as contribution certification
CN115643233A (en) * 2022-09-19 2023-01-24 云南财经大学 Block chain identification analysis system
CN115643233B (en) * 2022-09-19 2023-09-08 云南财经大学 Block chain identification analysis system
CN115714669B (en) * 2022-10-20 2024-02-06 云南师范大学 Private data cross-domain sharing method based on PURH-CP-ABE under blockchain
CN115714669A (en) * 2022-10-20 2023-02-24 云南师范大学 Private data cross-domain sharing method based on PURH-CP-ABE under block chain
CN115423457A (en) * 2022-11-03 2022-12-02 长通智能(深圳)有限公司 Cross-border financial payment settlement method and system based on block chain
CN117614618A (en) * 2023-11-15 2024-02-27 北京邮电大学 Cross-domain multi-authority collaborative attribute-based encryption access control method
CN117614618B (en) * 2023-11-15 2024-06-28 北京邮电大学 Cross-domain multi-authority collaborative attribute-based encryption access control method
CN118013559A (en) * 2024-04-09 2024-05-10 南京邮电大学 Seal data encryption security system based on blockchain data user character model

Also Published As

Publication number Publication date
CN112637278B (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN112637278B (en) Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium
US11349645B2 (en) Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
US20210126916A1 (en) System and method for decentralized-identifier authentication
Lesavre et al. A taxonomic approach to understanding emerging blockchain identity management systems
CN113014392B (en) Block chain-based digital certificate management method, system, equipment and storage medium
US9397839B2 (en) Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (IGCP/PKI)
Adams et al. Understanding PKI: concepts, standards, and deployment considerations
US20190058595A1 (en) Platform for generating authenticated data objects
CN103856477B (en) A kind of credible accounting system and corresponding authentication method and equipment
US20190295069A1 (en) Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates
AU2017225928A1 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
CN109450843B (en) SSL certificate management method and system based on block chain
Buccafurri et al. Integrating digital identity and blockchain
CN114266069B (en) House transaction electronic data sharing system and method based on blockchain technology
Gulati et al. Self-sovereign dynamic digital identities based on blockchain technology
Hatefi et al. A conditional privacy-preserving fair electronic payment scheme based on blockchain without trusted third party
US20240187256A1 (en) Systems and methods for enforcing cryptographically secure actions in public, non-permissioned blockchains using bifurcated self-executing programs comprising shared digital signature requirements
CN117094825A (en) Cross-chain trusted land transaction system and method based on blockchain
CN112950356B (en) Personal loan processing method, system, equipment and medium based on digital identity
CN115760124A (en) Contract trust digital signature method and device based on block chain
CN115883102A (en) Cross-domain identity authentication method and system based on identity credibility and electronic equipment
CN111585756B (en) Certificate-free cloud auditing method suitable for multi-copy-multi-cloud situation
Bai et al. Decentralized Identity Management: Prerequisiteof Web3 Identity Model
Yang et al. Enhancing SCF with Privacy-Preserving and Splitting-Enabled E-Bills on Blockchain
Herath et al. Task based Interdisciplinary E-Commerce Course with UML Sequence Diagrams, Algorithm Transformations and Spatial Circuits to Boost Learning Information Security Concepts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant