CN112651052A - Data right confirming method and system based on block chain technology - Google Patents
Data right confirming method and system based on block chain technology Download PDFInfo
- Publication number
- CN112651052A CN112651052A CN202011549974.7A CN202011549974A CN112651052A CN 112651052 A CN112651052 A CN 112651052A CN 202011549974 A CN202011549974 A CN 202011549974A CN 112651052 A CN112651052 A CN 112651052A
- Authority
- CN
- China
- Prior art keywords
- data
- certificate
- hash value
- digital certificate
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000005516 engineering process Methods 0.000 title claims abstract description 18
- 238000012790 confirmation Methods 0.000 claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 35
- 238000013475 authorization Methods 0.000 claims description 12
- 230000001172 regenerating effect Effects 0.000 claims 1
- 230000000694 effects Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000638 stimulation Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a data right confirming method and system based on a block chain technology, which comprises initializing and verifying a digital certificate; generating a user DID and a data DID and uplink; calculating a hash value of the data to be authenticated and signing to obtain the hash value and a signature; applying an authority timestamp according to the hash value of the data to be determined; generating a data certificate of the data to be authenticated according to the user DID, the data DID, the timestamp, the hash value and the signature of the uplink, verifying the data certificate, calculating the hash value of the data certificate, and signing the hash value of the data certificate to obtain a signature certificate; and chaining the verified data certificate and the signature certificate to obtain a confirmation record uplink hash and returning the confirmation record uplink hash to the client. The method adopts decentralized digital identity DID, and stores the data authority confirming information of the data to be confirmed in the block chain in the form of a verifiable certificate, so that the authority confirming function of the data to be confirmed is realized, and the verifiability, traceability, tamper resistance and other characteristics of the data authority confirming information are ensured.
Description
Technical Field
The present application relates to the field of block chain technologies, and in particular, to a method and a system for determining right of data based on a block chain technology.
Background
Nowadays, data becomes a national basic strategic resource, and the data is more and more like commodities and can be bought, sold and used, but with the improvement of cloud computing and data related processing technology, problems are exposed. At present, the biggest problem is that "seen, copied and owned", for example, when a piece of data is published to the network, other people can also transfer and copy, so that the data can be repeatedly circulated on the network, and a person who wrote the data for the first time cannot be found, that is, the problem of unclear ownership occurs, and it is obvious that the attribution of the data is very important.
The data is to become digital assets, and the most important is to confirm the right of ownership/ownership of certain data, namely to determine who the ownership/ownership of certain data belongs to, the data right is one of the core problems which must be solved in the development of big data application and data industry.
Although the Internet-based information network facilitates data sharing, it cannot realize data authentication and data value recording and transfer, and thus cannot become an asset based on Internet data. Along with the stimulation of the contradiction, the generation of the block chain technology effectively solves the problem of data right confirmation, each piece of data generated on the block chain network can be defined with a right relationship, the data right confirmation has real value, and the circulation and transaction of data assets can be realized on the block chain network.
Disclosure of Invention
Based on the above technical problem, an object of the present invention is to provide a method and a system for data right determination based on a block chain technique.
In a first aspect, the present application provides a method for data right determination based on a block chain technique, where the method includes:
initializing a digital certificate;
verifying the digital certificate, wherein if the digital certificate passes the verification, the digital certificate is valid;
generating a user DID and a data DID of the data to be confirmed, and linking the user DID and the data DID;
calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value of the data to be authenticated and a signature thereof;
applying an authority timestamp according to the hash value of the data to be determined;
issuing a time stamp of the data to be confirmed;
generating a data certificate of the data to be confirmed according to the user DID, the data DID, the timestamp and the hash value and signature of the data to be confirmed, and sending the data certificate to a data confirmation server;
verifying the received data certificate, and if the received data certificate passes the verification, calculating a hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
signing and chaining the verified data certificate and the certificate to obtain a confirmation record chaining transaction hash;
and returning the uplink hash of the confirmation record to the client.
In a second aspect, the present application further provides a data right confirming system based on the blockchain technique corresponding to the first aspect, including: the system comprises a client with data to be confirmed, a data confirmation server providing confirmation service for the data to be confirmed, a CA server providing an authoritative digital certificate for the client, a TSA server issuing an authoritative timestamp for the data to be confirmed, and a block chain, wherein:
the client is configured to perform the steps of:
initializing a digital certificate;
the CA server is configured to perform the steps of:
verifying the digital certificate, wherein if the digital certificate passes the verification, the digital certificate is valid;
the client is further configured to perform the steps of:
generating a user DID and a data DID of the data to be confirmed, and linking the user DID and the data DID;
calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value and the signature of the data to be authenticated;
applying an authority timestamp according to the hash value of the data to be determined;
the TSA server is configured to perform the following steps:
issuing a time stamp of the data to be confirmed;
the client is further configured to perform the steps of:
generating a data certificate of the data to be confirmed according to the user DID, the data DID, the timestamp, the hash value of the data to be confirmed and the signature of the hash value, and sending the data certificate to a data confirmation server;
the data authority server is configured to perform the following steps:
verifying the received data certificate, and if the received data certificate passes the verification, calculating a hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
signing and chaining the verified data certificate and the certificate to obtain a confirmation record chaining transaction hash;
and returning the uplink transaction hash of the authorization record to the client.
According to the technical scheme, the application provides a data right confirming method based on a block chain technology, which comprises the following steps: initializing and verifying a digital certificate; generating a user DID and a data DID of the data to be authenticated and chaining; calculating the hash value of the data to be authenticated and signing to obtain the hash value and the signature of the data to be authenticated; applying an authority timestamp according to the hash value of the data to be determined; generating a data certificate of the to-be-confirmed right data according to the user DID, the data DID, the timestamp, the hash value of the to-be-confirmed right data and the signature of the to-be-confirmed right data, verifying the data certificate, calculating the hash value of the data certificate, and signing the hash value of the data certificate to obtain a certificate signature; and chaining the verified data certificate and the certificate signature to obtain a permission record uplink transaction hash and returning the permission record uplink transaction hash to the client. The method and the system adopt decentralized digital identity DID to store the data authority confirming information of the data to be confirmed in the block chain in the form of a verifiable certificate, so that the authority confirming function of the data to be confirmed is realized, the verifiability, traceability, tamper resistance and other characteristics of the data authority confirming information are ensured, and the authenticity and credibility of the data authority confirming information are improved. Meanwhile, the digital certificate issued by the authority CA and the timestamp generated by the authority TSA are combined, so that the authority and the credibility of the data on the chain are further ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic flow chart illustrating the generation of a data certificate in an embodiment of a data authorization method based on a block chain technique;
fig. 2 is a schematic diagram illustrating a possible data credential verification method in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
To facilitate further understanding of the present embodiment, first, the execution subject and the summary related to the present application are described, and in the present application, the following execution subjects are mainly involved in the entire data right confirmation process:
1. the client is a party having data to be authenticated, namely a data owner having the data to be authenticated;
2. the data right confirming server is a data right confirming service party for providing right confirming service for the data to be confirmed;
3. a CA (authorized authority) server, which refers to an authorized CA authority that provides an authorized digital certificate for a client, issues an authorized digital certificate with legal effect to an applicant according to an application of the applicant (for example, in the present application, the applicant may be an owner who has data to be authenticated, i.e., the client), where the certificate includes a signature of a root certificate of the authorized CA authority, and the validity of the digital certificate may be verified through a verification service provided by the CA authority, and if the verification is passed, the certificate is proved to have legal effect. Meanwhile, the digital certificate contains a public key which can be used for verifying the electronic signature of an applicant, and the electronic signature can be proved to have legal effect after verification is passed and protected by law, so that the signature party can not repudiate the content of the signature.
4. The TSA (time Stamp authority) server is an authority TSA authority which issues an authority time Stamp for the data to be authenticated, the authority issues the authority time Stamp with legal effect to the applicant according to the application of the applicant, and the authority TSA authority time Stamp authority signs the time Stamp according to the root certificate of the authority TSA authority. The validity of the timestamp can be verified by the TSA authority and if the verification is passed, the timestamp is proved to have a legal effect, i.e. the timestamp is legally recognized to be legitimate, so that the time for guaranteeing the data right is legally and truly valid.
For convenience of description and more intuitive understanding, in the embodiment of the present application, the client is sometimes described as a data owner, the data authority server is sometimes described as a data authority server, the CA server is sometimes described as an authoritative CA authority, and the TSA server is sometimes described as an authoritative TSA authority, which are the same according to the introduction of the execution subject, that is, the client is a data owner, the data authority server is a data authority server, the CA server is an authoritative CA authority, and the TSA server is an authoritative TSA authority.
The method is based on a block chain technology, wherein each execution main body can be connected with the block chain in a communication mode, the block chain is a technology which can realize decentralized distributed data storage on a network, and through an intelligent contract, when a term in the contract is triggered, the content of the term is automatically executed. The method is based on the block chain technology, namely, the characteristics of decentralized block chain, distributed accounting and the like are utilized, so that the stored electronic data are effectively prevented from being tampered, and the authenticity and the originality of the authorized data are guaranteed. The application provides a data right confirming method based on a block chain technology, which specifically comprises the following steps:
s1, initializing the digital certificate;
in the initial stage of data right determination, firstly, a data owner needs to check whether an authoritative digital certificate exists, and if the authoritative digital certificate does not exist, the data owner applies for the digital certificate from an authoritative CA mechanism; if so, it is verified whether the digital certificate is available. If the digital certificate is not available, the public-private key pair needs to be regenerated, and the digital certificate needs to be applied to an authoritative CA organization again.
The use of a digital certificate aims at signing the Hash value of the data to be authenticated using the private key of the digital certificate, which, in addition to ensuring that the signature is not forgeable or repudiatable, ensures that the signature has a legal effect, i.e. the signer acknowledges the legally owned right of the content of the signature (e.g. may include the data to be authenticated and its Hash value).
S2, verifying the digital certificate, if the digital certificate passes the verification, the digital certificate is valid;
after the data owner determines that the data owner owns the digital certificate in step S1, the digital certificate needs to be verified, where the digital certificate carries the signature of the root certificate of the CA server, and the CA server can verify the validity of the digital certificate, where a specific verification manner may be preset.
S3, generating user DID and data DID of the data to be confirmed, and linking the user DID and the data DID;
DID (decentralized ID), namely decentralized digital identity, is generated by a block chain account address, so that cross-department, cross-region and cross-platform identity authentication can be realized, and dependence on single center ID registration in a traditional mode is eliminated. In the embodiment of the present application, the DID is classified into two categories according to the attribute and the purpose, that is, the user DID and the data DID, which both have corresponding DID documents, and the contents of the DID documents are different.
The user DID is a decentralized digital identity of a data owner, and the user DID document comprises a public key of the user DID and digital certificate information, wherein the digital certificate information comprises a digital certificate serial number, a digital certificate public key, a public key encryption algorithm, a digital certificate validity period and a digital certificate issuing authority.
The data DID is a decentralized identity of the data, and the data DID document comprises a public key of the DID to-be-confirmed right data, a user DID of a data owner, a Hash value of the DID to-be-confirmed right data, a corresponding Hash algorithm, a keyword and a ul Hash of the confirmation record. Here, the Hash algorithm may be selected from the SHA-256 algorithm, the MD5 algorithm, the SM3 algorithm, or the like, and the present application is not limited in particular.
When the data owner has no blockchain address, the blockchain account address can be directly generated at the client, then the user DID of the client is registered at the data authorization server according to the blockchain account address, and simultaneously, the user DID document is generated and the user DID document is linked. And then calculating a Hash value of the data to be authenticated, generating a block chain address for the data to be authenticated, generating data DID according to the block chain address, simultaneously generating a data DID document, and chaining the data DID document.
S4, calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value and the signature of the data to be authenticated;
the data owner signs the hash value of the to-be-confirmed right data by using the private key of the verified digital certificate to obtain the signature of the to-be-confirmed right data.
S5, applying an authority time stamp according to the hash value of the data to be authenticated;
and the data owner applies an authority time stamp to the authority TSA according to the hash value of the data to be confirmed, and the authority time stamp is bound with the hash value of the data to be confirmed.
S6, issuing the time stamp of the data to be confirmed;
after receiving a request for applying a timestamp from a data owner, the authoritative TSA entity may approve the request, for example, check whether the requested data is complete, whether the requested data meets the request conditions, and issue an authoritative timestamp of the data to be confirmed for the data after approval. Meanwhile, the timestamp carries the signature of the root certificate of the authoritative TSA, the validity of the timestamp can be verified through the authoritative TSA, and if the timestamp passes the verification, the timestamp is proved to have legal effectiveness.
S7, generating data certificate of the data to be confirmed according to the user DID, the data DID, the timestamp, the hash value and the signature of the uplink, and sending the data certificate to the data confirmation server;
referring to fig. 1, fig. 1 is a schematic diagram illustrating a flow of generating a data certificate in an embodiment of a data authorization method based on a block chain technology, and as shown in fig. 1, a data owner generates a data certificate of data to be authorized according to a user DID generated in step S3, the data DID, a hash value and a signature of data to be authorized generated in step S4, and a timestamp applied and issued in steps S5 and S6, the data certificate can be verified, so the data certificate of the present application is a verifiable certificate, a specific generation manner of the data certificate can be preset, after the data certificate is generated, the data owner sends the data certificate to a data authorization server, and the data authorization server performs authorization on the data to be authorized.
S8, verifying the received data certificate, if the verification is passed, calculating the hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
before actually authorizing the data to be authorized, the data authorization server needs to verify the received data certificate, and correspondingly, needs to verify 4 factors, namely, the user DID, the data DID, the signature of the data to be authorized, and the timestamp, which form the data certificate, see fig. 2, where fig. 2 is a schematic diagram of a feasible data certificate verification method in the embodiment of the present application, as can be seen from fig. 2, the verification of the data certificate may include the following steps:
firstly, inquiring a corresponding data DID document from a block chain according to the data DID of the data to be authenticated, and reading user DID of all data parties through the data DID document;
secondly, inquiring a corresponding user DID document from the block chain through the user DID, and reading the digital certificate information in the user DID document, wherein the digital certificate information comprises the serial number of the digital certificate and the public key of the digital certificate. Whether the digital certificate exists and whether the signature of the data to be authenticated is correct are verified according to the serial number of the digital certificate and the public key of the digital certificate respectively, and the method specifically comprises the following steps:
verification of the presence of a digital certificate: with reference to fig. 2, inquiring and verifying whether the digital certificate exists from the authority CA according to the serial number of the digital certificate, and if not, failing to verify the data certificate and failing to determine the right of the data; if so, continuing to inquire the validity period of the digital certificate. Generally, the valid period of the digital certificate is set to a time range, for example, the valid period is from 10 months in 2005 to 10 months in 2021, and according to the valid period, it is determined whether the timestamp in the data certificate is within the valid period of the digital certificate, if the timestamp is within 3 months in 2005, the data certificate fails to be verified, and accordingly, the data authentication fails; if the time stamp is 2006-5 month, it can be determined that the digital certificate is within the valid period, and then downward verification is continued, that is, whether the signature of the pending right data is correct is verified.
And (3) verifying whether the signature of the right to be confirmed data is correct: continuing to combine with fig. 2, verifying whether the signature of the data to be authenticated in the data certificate is correct according to the public key of the digital certificate, wherein the specific verification mode is not limited in the present application, and if the signature is wrong after verification, the data certificate fails to be verified, and the data authentication fails; if the signature is correct after verification (meanwhile, the existence of the digital certificate which is verified before is combined, and the time stamp is within the valid period of the digital certificate), the data certificate verification is successful.
The above is the data certificate verification process of the data to be authenticated, and the data certificate is verified successfully only when the digital certificate exists, the authority timestamp in the data certificate is within the certificate validity period, and the three conditions that the signature of the data to be authenticated is verified correctly are all satisfied. The information in the data certificate comprises the data owner of the data to be authenticated and the authoritative timestamp, so that the ownership problem of the data to be authenticated can be embodied. After the data certificate is successfully verified, the data authority server calculates the Hash value of the data certificate, and then signs the Hash value of the verified data certificate by using the private key of the digital certificate of the data certificate to obtain a certificate signature.
S9, the verified data certificate and the certificate signature are linked to obtain a permission record linked transaction hash;
the verified data certificate and the certificate signature obtained in step S8 are linked to obtain a authorization record link transaction hash. By utilizing the characteristics of block chain decentralization, traceability, tamper resistance and the like, the authenticity and the credibility of the data right confirming information are improved.
S10, the ul hash is returned to the ue with the acknowledgement record.
And returning the ownership record uplink transaction hash generated in the step S9 to the client, that is, to the data owner, where the data owner owns the data ownership certificate that the authorization data to be confirmed is not falsifiable, and after receiving the ownership record uplink transaction hash, updating the original ownership record uplink transaction hash in the data DID document to the received ownership record uplink transaction hash, that is, receiving and updating the ownership record uplink transaction hash in the data DID document, and then re-uplink the data DID document, where the data authentication is completed.
According to the above technical solution, the present application provides a method for determining right of data based on a block chain technique, including: initializing and verifying a digital certificate; generating a user DID and a data DID of the data to be authenticated and chaining; calculating a hash value of the data to be authenticated and signing to obtain the hash value and the signature of the data to be authenticated; applying an authority timestamp according to the hash value of the data to be determined; generating a data certificate of the data to be authenticated according to the user DID, the data DID, the timestamp and the hash value and signature of the data to be authenticated of the uplink, verifying the data certificate, calculating the hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature; and chaining the verified data certificate and the certificate signature to obtain a permission record uplink transaction hash and returning the permission record uplink transaction hash to the client. The method and the system adopt decentralized digital identity DID to store the data authority confirming information of the data to be confirmed in the block chain in the form of a verifiable certificate, so that the authority confirming function of the data to be confirmed is realized, the verifiability, traceability, tamper resistance and other characteristics of the data authority confirming information are ensured, and the authenticity and credibility of the data authority confirming information are improved. Meanwhile, the digital certificate issued by the authority CA and the timestamp generated by the authority TSA are combined, so that the authority and the credibility of the data on the chain are further ensured.
In addition, the present application also provides a data right confirming system based on the blockchain technology corresponding to the above method, a data right confirming system based on the blockchain technology, comprising a client having data to be right confirmed, a data right confirming server providing right confirming service for the data to be right confirmed, a CA server providing an authoritative digital certificate for the client, a TSA server issuing an authoritative timestamp for the data to be right, and a blockchain, wherein:
the client is configured to perform the following steps:
initializing a digital certificate;
the CA server is configured to perform the steps of:
verifying the digital certificate, wherein if the digital certificate passes the verification, the digital certificate is valid;
the client is further configured to perform the steps of:
generating a user DID and a data DID of the data to be confirmed, and linking the user DID and the data DID;
calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value and the signature of the data to be authenticated;
applying an authority timestamp according to the hash value of the data to be determined;
the TSA server is configured to perform the following steps:
issuing a time stamp of the data to be confirmed;
the client is further configured to perform the steps of:
generating a data certificate of the data to be authenticated according to the user DID, the data DID, the timestamp of the uplink and the hash value and the signature of the data to be authenticated, and sending the data certificate to a data authentication server;
the data authority server is configured to perform the following steps:
verifying the received data certificate, if the received data certificate passes the verification, calculating a hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
chaining the verified data certificate and the certificate signature to obtain a permission record chaining transaction hash;
and returning the uplink transaction hash of the confirmation record to the client.
Further, initializing the digital certificate is performed according to the following steps;
the client checks whether the authoritative digital certificate exists;
if the digital certificate does not exist, the client applies for the digital certificate from the CA server;
if so, verifying whether the digital certificate is available;
if not, the public-private key pair is regenerated, and the digital certificate is applied to the CA server again.
Further, the user DID and the data DID are generated from the blockchain account address.
Further, the client is further configured to perform the steps of:
and generating a user DID document when the data authority server registers the user DID according to the blockchain account address, and chaining the user DID document.
Further, the client is further configured to perform the steps of:
generating a block chain address for the data to be authenticated, generating a data DID document when generating the data DID according to the block chain address, and chaining the data DID document.
Further, the client is further configured to perform the steps of:
and receiving and updating the authorized record uplink hash in the data DID document, and re-uplink the updated data DID document.
Further, the client is further configured to: and verifying the data certificate of the data to be authenticated according to the user DID, the data DID, the timestamp and the hash value and signature of the data to be authenticated.
Further, the digital certificate carries the signature of the CA server certificate, the validity of the digital certificate is verified by the CA server, and if the digital certificate passes the verification, the digital certificate has legal effectiveness.
Further, the timestamp carries a signature of the TSA server certificate, the validity of the timestamp is verified through the TSA server, and if the timestamp is verified, the timestamp has legal effectiveness.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (10)
1. A method for data right determination based on block chain technology is characterized by comprising the following steps:
initializing a digital certificate;
verifying the digital certificate, wherein if the digital certificate passes the verification, the digital certificate is valid;
generating a user DID and a data DID of the data to be confirmed, and linking the user DID and the data DID;
calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value and the signature of the data to be authenticated;
applying an authority timestamp according to the hash value of the data to be determined;
issuing a time stamp of the data to be confirmed;
generating a data certificate of the data to be authenticated according to the user DID, the data DID, the timestamp, the hash value and the signature of the uplink, and sending the data certificate to a data authentication server;
verifying the received data certificate, and if the received data certificate passes the verification, calculating a hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
signing and chaining the verified data certificate and the certificate to obtain a confirmation record chaining transaction hash;
and returning the uplink hash of the confirmation record to the client.
2. A data right-confirming system based on block chain technology is characterized by comprising a client side with data to be confirmed, a data right-confirming server for providing right-confirming service for the data to be confirmed, a CA server for providing an authoritative digital certificate for the client side, a TSA server for issuing an authoritative time stamp for the data to be confirmed and a block chain, wherein:
the client is configured to perform the steps of:
initializing a digital certificate;
the CA server is configured to perform the steps of:
verifying the digital certificate, wherein if the digital certificate passes the verification, the digital certificate is valid;
the client is further configured to perform the steps of:
generating a user DID and a data DID of the data to be confirmed, and linking the user DID and the data DID;
calculating the hash value of the data to be authenticated, and signing the hash value of the data to be authenticated according to the private key of the digital certificate passing the verification to obtain the hash value of the data to be authenticated and a signature thereof;
applying an authority timestamp according to the hash value of the data to be determined;
the TSA server is configured to perform the following steps:
issuing a time stamp of the data to be confirmed;
the client is further configured to perform the steps of:
generating a data certificate of the data to be confirmed according to the user DID, the data DID, the timestamp, the hash value of the data to be confirmed and the signature of the hash value, and sending the data certificate to a data confirmation server;
the data authority server is configured to perform the following steps:
verifying the received data certificate, and if the received data certificate passes the verification, calculating a hash value of the data certificate and signing the hash value of the data certificate to obtain a certificate signature;
signing and chaining the verified data certificate and the certificate to obtain a confirmation record chaining transaction hash;
and returning the uplink transaction hash of the authorization record to the client.
3. A system for data authentication based on blockchain technology according to claim 2, wherein initializing the digital certificate is performed according to the following steps;
the client checks whether an authoritative digital certificate exists;
if not, the client applies for a digital certificate to the CA server;
if so, verifying whether the digital certificate is available;
and if the key pair is not available, regenerating the public and private key pair and reapplying the digital certificate to the CA server.
4. A system according to claim 2, wherein the user DID and the data DID are generated from a blockchain account address.
5. The system according to claim 4, wherein the client is further configured to perform the following steps:
and generating a user DID document when the data authority server registers the user DID according to the block chain account address, and chaining the user DID document.
6. The system according to claim 5, wherein the client is further configured to perform the following steps:
generating a block chain address for the data to be authenticated, generating a data DID document when generating data DID according to the block chain address, and chaining the data DID document.
7. The system according to claim 6, wherein the client is further configured to perform the following steps:
and receiving and updating the authorization record uplink transaction hash in the data DID document, and re-uplink the updated data DID document.
8. The system according to claim 2, wherein the client is further configured to: and verifying the data certificate of the data to be confirmed according to the user DID, the data DID, the timestamp, the hash value of the data to be confirmed and the signature thereof.
9. The system of claim 2, wherein the digital certificate carries a signature of the CA server certificate, the CA server verifies the validity of the digital certificate, and if the digital certificate is verified, the digital certificate is legally valid.
10. The system of claim 2, wherein said timestamp carries a signature of said TSA server certificate, and wherein said TSA server verifies the validity of said timestamp, and wherein said timestamp is legally valid if said timestamp is verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011549974.7A CN112651052A (en) | 2020-12-24 | 2020-12-24 | Data right confirming method and system based on block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011549974.7A CN112651052A (en) | 2020-12-24 | 2020-12-24 | Data right confirming method and system based on block chain technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112651052A true CN112651052A (en) | 2021-04-13 |
Family
ID=75359959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011549974.7A Pending CN112651052A (en) | 2020-12-24 | 2020-12-24 | Data right confirming method and system based on block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112651052A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113282966A (en) * | 2021-06-07 | 2021-08-20 | 中国电子科技集团公司第三十研究所 | Data right confirming method based on block chain |
| CN113297632A (en) * | 2021-05-31 | 2021-08-24 | 中检集团溯源技术服务有限公司 | Block chain-based system and method for managing retrospective field-verification paper report certificate |
| CN113326527A (en) * | 2021-06-24 | 2021-08-31 | 北京八分量信息科技有限公司 | Credible digital signature system and method based on block chain |
| CN113378239A (en) * | 2021-06-16 | 2021-09-10 | 浪潮卓数大数据产业发展有限公司 | Data content right confirming method and system |
| CN113377852A (en) * | 2021-06-18 | 2021-09-10 | 虎彩印艺股份有限公司 | Block chain-based method for tracing data source in wind control report |
| CN113468549A (en) * | 2021-04-29 | 2021-10-01 | 深圳前海移联科技有限公司 | Retrieval method and system for encrypted information evidence based on block chain and electronic equipment |
| CN113724080A (en) * | 2021-08-10 | 2021-11-30 | 内蒙古电力(集团)有限责任公司电力调度控制分公司 | Structured data right confirming method for electric power system transaction platform |
| CN114254269A (en) * | 2021-12-24 | 2022-03-29 | 北京航空航天大学云南创新研究院 | System and method for determining rights of biological digital assets based on block chain technology |
| CN114338232A (en) * | 2022-02-25 | 2022-04-12 | 中国人民解放军国防科技大学 | Edge data sharing method and device and computer equipment |
| CN114723465A (en) * | 2022-06-08 | 2022-07-08 | 深圳市易初推因科技有限公司 | Method, device and storage medium for anti-counterfeiting right confirmation of commodities |
| CN115438320A (en) * | 2022-07-25 | 2022-12-06 | 云海链控股股份有限公司 | Hidden data right confirming method based on block chain and digital fingerprint |
| CN116011028A (en) * | 2022-12-21 | 2023-04-25 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
| CN116170801A (en) * | 2023-04-25 | 2023-05-26 | 深圳市壹通道科技有限公司 | 5G message-based evidence-preserving and evidence-fixing application method |
| TWI810106B (en) * | 2022-11-03 | 2023-07-21 | 國立臺灣科技大學 | Dynamic consent management platform and personal information management method thereof |
| WO2023178941A1 (en) * | 2022-03-21 | 2023-09-28 | 南京大学 | Digital-asset confirmation method based on hash algorithm, and digital asset tracing method based on hash algorithm |
| WO2023184858A1 (en) * | 2022-03-31 | 2023-10-05 | 南方电网科学研究院有限责任公司 | Timestamp generation method and apparatus, and electronic device and storage medium |
| WO2024021785A1 (en) * | 2022-07-29 | 2024-02-01 | 腾讯科技(深圳)有限公司 | Digital entity processing method and apparatus, device, medium, and program product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566116A (en) * | 2017-06-15 | 2018-01-09 | ***股份有限公司 | The method and device of registration is really weighed for digital asset |
| CN109033789A (en) * | 2018-06-15 | 2018-12-18 | 北京文创园投资管理有限公司 | A kind of generation method, the device and system of true warrant book |
| CN109063426A (en) * | 2018-09-20 | 2018-12-21 | 新华智云科技有限公司 | A kind of copyright based on alliance's block chain deposits card sharing method and system |
| CN110866222A (en) * | 2019-05-17 | 2020-03-06 | 北京安妮全版权科技发展有限公司 | Digital content asset right confirming system and method |
| CN111046346A (en) * | 2019-11-21 | 2020-04-21 | 山东爱城市网信息技术有限公司 | Book copyright protection platform based on block chain, equipment and medium |
| CN111970129A (en) * | 2020-10-21 | 2020-11-20 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and readable storage medium |
-
2020
- 2020-12-24 CN CN202011549974.7A patent/CN112651052A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566116A (en) * | 2017-06-15 | 2018-01-09 | ***股份有限公司 | The method and device of registration is really weighed for digital asset |
| CN109033789A (en) * | 2018-06-15 | 2018-12-18 | 北京文创园投资管理有限公司 | A kind of generation method, the device and system of true warrant book |
| CN109063426A (en) * | 2018-09-20 | 2018-12-21 | 新华智云科技有限公司 | A kind of copyright based on alliance's block chain deposits card sharing method and system |
| CN110866222A (en) * | 2019-05-17 | 2020-03-06 | 北京安妮全版权科技发展有限公司 | Digital content asset right confirming system and method |
| CN111046346A (en) * | 2019-11-21 | 2020-04-21 | 山东爱城市网信息技术有限公司 | Book copyright protection platform based on block chain, equipment and medium |
| CN111970129A (en) * | 2020-10-21 | 2020-11-20 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and readable storage medium |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468549A (en) * | 2021-04-29 | 2021-10-01 | 深圳前海移联科技有限公司 | Retrieval method and system for encrypted information evidence based on block chain and electronic equipment |
| CN113297632A (en) * | 2021-05-31 | 2021-08-24 | 中检集团溯源技术服务有限公司 | Block chain-based system and method for managing retrospective field-verification paper report certificate |
| CN113297632B (en) * | 2021-05-31 | 2023-09-08 | 中检集团溯源技术服务有限公司 | System and method for managing traceable and field-verified paper report certificates based on blockchain |
| CN113282966A (en) * | 2021-06-07 | 2021-08-20 | 中国电子科技集团公司第三十研究所 | Data right confirming method based on block chain |
| CN113378239B (en) * | 2021-06-16 | 2022-07-26 | 浪潮卓数大数据产业发展有限公司 | Data content right confirming method and system |
| CN113378239A (en) * | 2021-06-16 | 2021-09-10 | 浪潮卓数大数据产业发展有限公司 | Data content right confirming method and system |
| CN113377852A (en) * | 2021-06-18 | 2021-09-10 | 虎彩印艺股份有限公司 | Block chain-based method for tracing data source in wind control report |
| CN113326527A (en) * | 2021-06-24 | 2021-08-31 | 北京八分量信息科技有限公司 | Credible digital signature system and method based on block chain |
| CN113724080A (en) * | 2021-08-10 | 2021-11-30 | 内蒙古电力(集团)有限责任公司电力调度控制分公司 | Structured data right confirming method for electric power system transaction platform |
| CN113724080B (en) * | 2021-08-10 | 2024-01-30 | 内蒙古电力(集团)有限责任公司电力调度控制分公司 | Structured data right-determining method for electric power system trading platform |
| CN114254269B (en) * | 2021-12-24 | 2022-10-04 | 北京航空航天大学云南创新研究院 | System and method for determining rights of biological digital assets based on block chain technology |
| CN114254269A (en) * | 2021-12-24 | 2022-03-29 | 北京航空航天大学云南创新研究院 | System and method for determining rights of biological digital assets based on block chain technology |
| CN114338232A (en) * | 2022-02-25 | 2022-04-12 | 中国人民解放军国防科技大学 | Edge data sharing method and device and computer equipment |
| WO2023178941A1 (en) * | 2022-03-21 | 2023-09-28 | 南京大学 | Digital-asset confirmation method based on hash algorithm, and digital asset tracing method based on hash algorithm |
| WO2023184858A1 (en) * | 2022-03-31 | 2023-10-05 | 南方电网科学研究院有限责任公司 | Timestamp generation method and apparatus, and electronic device and storage medium |
| CN114723465A (en) * | 2022-06-08 | 2022-07-08 | 深圳市易初推因科技有限公司 | Method, device and storage medium for anti-counterfeiting right confirmation of commodities |
| CN114723465B (en) * | 2022-06-08 | 2022-09-09 | 深圳市易初推因科技有限公司 | Method, device and storage medium for anti-counterfeiting right confirmation of commodities |
| CN115438320A (en) * | 2022-07-25 | 2022-12-06 | 云海链控股股份有限公司 | Hidden data right confirming method based on block chain and digital fingerprint |
| CN115438320B (en) * | 2022-07-25 | 2023-08-11 | 云海链控股股份有限公司 | Hidden data right determining method based on blockchain and digital fingerprint |
| WO2024021785A1 (en) * | 2022-07-29 | 2024-02-01 | 腾讯科技(深圳)有限公司 | Digital entity processing method and apparatus, device, medium, and program product |
| TWI810106B (en) * | 2022-11-03 | 2023-07-21 | 國立臺灣科技大學 | Dynamic consent management platform and personal information management method thereof |
| CN116011028B (en) * | 2022-12-21 | 2023-10-20 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
| CN116011028A (en) * | 2022-12-21 | 2023-04-25 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
| CN116170801B (en) * | 2023-04-25 | 2023-06-20 | 深圳市壹通道科技有限公司 | 5G message-based evidence-preserving and evidence-fixing application method |
| CN116170801A (en) * | 2023-04-25 | 2023-05-26 | 深圳市壹通道科技有限公司 | 5G message-based evidence-preserving and evidence-fixing application method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112651052A (en) | Data right confirming method and system based on block chain technology | |
| CN110785760B (en) | Method and system for registering digital documents | |
| US8589442B2 (en) | Intersystem single sign-on | |
| CN107660293B (en) | Distributed management method and system for electronic voucher for property right (EDT) | |
| US6367013B1 (en) | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents | |
| US6189097B1 (en) | Digital Certificate | |
| AU2003259136B2 (en) | A remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components | |
| CN111133435B (en) | Method and server for validating electronic documents | |
| JPH10504150A (en) | A method for securely using digital signatures in commercial cryptosystems | |
| WO2020143318A1 (en) | Data verification method and terminal device | |
| US7660981B1 (en) | Verifiable chain of transfer for digital documents | |
| CN111612456A (en) | Expired digital certificate management and control method, system, device and storage medium | |
| CN112789642A (en) | Association of identities in a distributed database | |
| CN113204744A (en) | Software authorization system and method based on distributed identity | |
| JP2023503607A (en) | Method and device for automatic digital certificate verification | |
| CN111915308A (en) | Transaction processing method of blockchain network and blockchain network | |
| JP2003150735A (en) | Digital certificate system | |
| CN111566647A (en) | Identity recognition system based on block chain | |
| US11301823B2 (en) | System and method for electronic deposit and authentication of original electronic information objects | |
| CN112104463B (en) | Electronic seal application method based on alliance block chain | |
| WO2004012415A1 (en) | Electronic sealing for electronic transactions | |
| US11971929B2 (en) | Secure signing method, device and system | |
| CN114189341A (en) | Digital certificate hierarchical processing method and device based on block chain identification | |
| TWI776590B (en) | System, method and computer readable medium for authenticaion and transfer traceability of digital documents | |
| Chan et al. | Towards a unified PKI Framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |