CN112685776A - Privacy data credibility verification method based on block chain and privacy security calculation - Google Patents
Privacy data credibility verification method based on block chain and privacy security calculation Download PDFInfo
- Publication number
- CN112685776A CN112685776A CN202011610784.1A CN202011610784A CN112685776A CN 112685776 A CN112685776 A CN 112685776A CN 202011610784 A CN202011610784 A CN 202011610784A CN 112685776 A CN112685776 A CN 112685776A
- Authority
- CN
- China
- Prior art keywords
- data
- private
- information
- verification
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a privacy data credibility verification method based on a block chain and privacy security calculation. The method can ensure that an authority department is willing to provide a credible data source on one hand, and can ensure that the three links of data transmission, data calculation and calculation conclusion can not be falsified on the other hand, thereby really ensuring that the electronic data has the anti-counterfeiting performance comparable to that of paper documents. The invention creates a safer, more reliable and more automatic information credibility verification mode, which is particularly important for large commodity transaction scenes such as house products and the like which relate to a large amount of citizen privacy data. The application of the invention can make the credibility verification scene of the private data in various commercial activities to make real, credible and efficient business judgment based on the invention, and avoid the possibility of cheating the house purchasing qualification through data counterfeiting.
Description
Technical Field
The invention relates to a privacy data credibility verification method based on a block chain and privacy security calculation.
Background
In the internet era, the verification of information credibility is gradually changing from the traditional verification method based on paper documents. However, in the digital world, how to define the credibility of a datum is a very complicated matter, and a plurality of links such as a credible data source, a credible data transmission environment, a credible data calculation and environment thereof, a credible calculation conclusion and the like need to be simultaneously satisfied. Even though an authority department can ensure a trusted data source by virtue of public credibility, in the current internet environment, once data is transmitted on a public network, the data can be stolen to assign values; the data computation process may also be attacked due to insufficient security of its environment; even the conclusion of data calculation is difficult to avoid being tampered by the outside world. Therefore, even though internet technology has been developed, many industries have not completely abandoned the information authentication method based on the physical anti-counterfeiting performance of paper materials.
In the trusted data source link, because the trusted data source link depends on public trust endorsement, when some business scenes in commercial activities relate to private data, the government basically considers the safety, the data verification service cannot be directly opened, and at most, a post-casual inspection mode is adopted to penalize checked data counterfeiters. This leads to data falsification frequently occurring in the ring in the relevant business scenario in the business.
Taking a house-purchasing qualification inspection scene of house property transaction as an example, although registration of house-purchasing qualification information is in charge of a real estate development enterprise, citizen house property information, talent qualification information and the like related to the scene belong to private data, a residential building office and a human-social office managing the data do not directly open data credibility verification service like the real estate development enterprise, so that the situation that house property information and talent qualification information submitted by house purchasers are counterfeited frequently occurs in the scene, the normal order of the market is disturbed, and the rights and interests of consumers normally submitting house-purchasing data are infringed; and the residential and construction bureau as a real estate supervision department has to rely on passive supervision modes such as spot check or mass report, and the supervision difficulty is greatly increased.
Disclosure of Invention
In order to solve the problems, the invention provides a trusted verification method for private data based on a block chain and a private security computing technology. The privacy security computing environment guarantees verifiability of a data privacy computing process based on a cryptographic algorithm and a trusted execution engine, and can also guarantee storage of a computing result on a block chain, so that traceable and auditable data are realized on the basis of data privacy security protection.
The technical scheme for solving the existing problems is as follows: a private data credibility verification method based on block chain and privacy security calculation comprises the following steps,
step one, a system service platform is established, a user inputs corresponding information to be verified on the system service platform, the system service platform locally establishes an encrypted corresponding information verification request of the user according to the information to be verified, and the system service platform simultaneously sends the verification request to a corresponding end of an authority party of information verification.
And step two, after the corresponding end of the authority party of the information verification receives the verification request data in the step one, the ciphertext is decrypted firstly, the content of the information verification request is obtained, and the real information corresponding to the request information verification is encrypted and returned to the system service platform.
And step three, the system service platform transmits the verification information returned by the corresponding end of the authority party and the two groups of encrypted information of the corresponding information of the user as parameters to a Java interface which is responsible for calling the private computing environment.
And step four, the Java interface in charge of calling the private computing environment can safely transmit the related data into the private computing environment.
And step five, after the private computing environment receives the two groups of encrypted information related data in the step three, decrypting and computing the multiple groups of encrypted private data in a Trusted Execution Environment (TEE) based on a previously predefined service processing algorithm which is compiled and deployed by a related SDK, and after computing, encrypting a computing result by the private computing environment and returning the computing result to the system service platform.
And step six, the system service platform decrypts the ciphertext locally to obtain a calculated verification result, and links the calculation verification result with a chain storage certificate.
As a further improvement, the encrypted algorithm is an ECIES algorithm.
As a further improvement, the private computing environment described will ensure that decryption and computation of the ciphertext will be done within a secure, trusted execution environment that is fully encrypted and that no party, including the service platform, can obtain the relevant private data.
As a further improvement, the private computing environment is based on the final conclusion generated by the pre-written computing logic, and there is hardware signature protection that can verify that the computing logic has not been tampered with.
As a further improvement, in the third step, the Java interface responsible for invoking the private computing environment securely transmits the relevant data to the private computing environment through the SSL/TLS channel.
As a further improvement, in the third step, the system service platform transmits the two sets of encrypted information of the verification information and the corresponding information of the user, which are respectively returned from the corresponding end of the authority party, and the service request channel ID and the customized service request ID as parameters to the Java interface which is responsible for invoking the private computing environment.
As a further improvement, in the third step, the service request channel ID is used to distinguish different channels accessing privacy computation, the customized service request ID marks a single request, and when the privacy computation method is subsequently invoked, the customized service request ID is used as a part of the data returned by the privacy security computation environment.
The invention integrates two technologies of block chain and privacy security calculation to form a two-layer architecture. The privacy security calculation is used as a lower chain credible layer to perform scenes such as privacy operation, complex operation, high-frequency operation and the like; the block chain is communicated with the privacy security calculation under the chain through the service layer, and is used for storing and certifying the operation result generated by the privacy security calculation and endowing the operation result with non-tamper property.
The method adopts a privacy security calculation technology to perform down-link big data batch calculation, and links the calculation verification result into the chain storage certificate.
Further, by utilizing a privacy security computing technology, when a scene that the credibility of information submitted by a user needs to be verified by using privacy data and core data mastered by an authority department appears, firstly, the privacy data to be computed is encrypted by a digital envelope at a client, and is protected by an SSL/TLS channel in the process of being sent to a privacy security computing environment, so that the data transmission link is ensured not to be falsified. Secondly, after the private data are transmitted into a private safe computing environment, decryption and computation are carried out in a safe and credible execution environment 'black box', and the execution environment is fully encrypted, so that the data plaintext and the computation process are prevented from being contacted and sensed by the outside.
The black box only throws out a final conclusion generated based on the pre-programmed computing logic, and the hardware signature protects the verifiable computing logic from being tampered, so that safe and credible private computing is realized. The technology enables the privacy data to carry out credibility verification on the information submitted by the user on the premise of 'data available and invisible', and solves the problem that an authority department is unwilling to provide a credible data source due to fear of privacy disclosure.
The calculation result generated by the privacy security calculation technology is immediately linked with the chain storage certificate, permanently stored and cannot be tampered, so that the business judgment generated by the information credibility verification is more transparent, real and credible, the public credibility of the information verification service can be enhanced, and the supervision difficulty of an authority department can be greatly reduced.
The invention realizes the credibility verification of safe and credible private data by creating a novel combined use block chain and a privacy safety calculation technology. The method can ensure that an authority department is willing to provide a credible data source on one hand, and can ensure that the three links of data transmission, data calculation and calculation conclusion can not be falsified on the other hand, thereby really ensuring that the electronic data has the anti-counterfeiting performance comparable to that of paper documents.
The invention creates a safer, more reliable and more automatic information credibility verification mode, which is particularly important for large commodity transaction scenes such as house products and the like which relate to a large amount of citizen privacy data. The application of the invention enables the privacy data credibility verification scene in various commercial activities to be changed from passive treatment and post treatment to active prevention and pre-treatment, such as the verification links of the citizen property information and the talent qualification information mentioned in the background technology, real, credible and efficient business judgment can be made based on the invention, and the possibility of deceiving the house purchasing qualification through data counterfeiting is avoided.
Drawings
Fig. 1 is a flowchart illustrating a first embodiment (property information verification) according to the present invention;
Detailed Description
A private data credibility verification method based on block chains and private security calculation comprises the following steps:
step one, a system service platform is established, a user inputs corresponding information to be verified on the system service platform, the system service platform locally establishes an encrypted corresponding information verification request of the user according to the information to be verified, and the system service platform simultaneously sends the verification request to a corresponding end of an authority party of information verification.
And step two, after the corresponding end of the authority party of the information verification receives the verification request data in the step one, the ciphertext is decrypted firstly, the content of the information verification request is obtained, and the real information corresponding to the request information verification is encrypted and returned to the system service platform.
And step three, the system service platform transmits the verification information returned by the corresponding end of the authority party and the two groups of encrypted information of the corresponding information of the user as parameters to a Java interface which is responsible for calling the private computing environment.
And step four, the Java interface in charge of calling the private computing environment can safely transmit the related data into the private computing environment.
And step five, after the private computing environment receives the two groups of encrypted information related data in the step three, decrypting and computing the multiple groups of encrypted private data in a Trusted Execution Environment (TEE) based on a previously predefined service processing algorithm which is compiled and deployed by a related SDK, and after computing, encrypting a computing result by the private computing environment and returning the computing result to the system service platform.
And step six, the system service platform decrypts the ciphertext locally to obtain a calculated verification result, and links the calculation verification result with a chain storage certificate.
The encryption algorithm is an ECIES algorithm.
The private computing environment will ensure that decryption and computation of the ciphertext will be done in a secure, trusted execution environment that is fully encrypted and that no party, including the service platform, can obtain the relevant private data.
The private computing environment is based on the final conclusion generated by the pre-written computing logic, and the hardware signature protection can verify that the computing logic is not tampered.
In the third step, the Java interface responsible for invoking the private computing environment securely transmits the relevant data to the private computing environment through the SSL/TLS channel.
And in the third step, the system service platform transmits the verification information returned from the corresponding end of the authority party and two groups of encrypted information of the corresponding information of the user, the service request channel ID and the user-defined service request ID as parameters into a Java interface which is responsible for calling the private computing environment.
In the third step, the service request channel ID is used for distinguishing different channels for accessing privacy calculation, the user-defined service request ID marks a single request, and the single request is used as a part of returned data of the privacy safety calculation environment when a privacy calculation method is subsequently called.
The following describes embodiments of the present invention in more detail by taking the verification of property information as an example with reference to the accompanying drawings. As shown in fig. 1, the steps include:
step 101: and (4) the house buyer who has finished the real-name authentication logs in the constructed system service platform, and fills and submits the personal property information. The property information is one of the privacy data of the citizen involved in the house purchasing qualification test, and records the number of commodity residences owned by the citizen in a certain city.
Step 102: the system locally constructs an encrypted request, and encrypts the name and the identity card number provided by the purchaser when registering the account, and the property information submitted in the step 101 through an ECIES algorithm.
Step 103: the system sends a verification request to an authority port for information verification, wherein the request comprises the name and the identity card number of the house buyer encrypted by an ECIES algorithm. After receiving the request, the system end corresponding to the authority party of the information verification decrypts the ciphertext to obtain the name and the identity card number, encrypts the real property information of the house buyer corresponding to the name and the identity card number through an ECIES algorithm, and then sends the encrypted real property information to the service platform. In this embodiment, the authority is a system port of the residential building department,
step 104: the system takes two groups of encrypted property information from a user and an information verification authority as parameters and transmits the two groups of encrypted property information, a service request channel ID and a self-defined service request ID into a Java interface which is responsible for calling a private computing environment. The service request channel ID is used for distinguishing different channels for accessing privacy calculation, the user-defined service request ID marks a single request, and the single request is used as a part of returned data of the privacy safety calculation environment when a privacy calculation method is called subsequently. The service request channel ID as in figure 1 is derived from a property channel. Of course the service requests a channel ID.
Step 105: step 104, calling a Java interface of the private computing environment will securely transmit the relevant data to the private computing environment through the SSL/TLS channel, thereby ensuring the credibility of the data transmission process.
Step 106: after the private computing environment receives the relevant data, the two groups of encrypted property information are decrypted and computed in a Trusted Execution Environment (TEE) based on a service processing algorithm which is predefined before and is compiled and deployed through a relevant SDK. The environment ensures that the decryption and calculation of the ciphertext are completed in a 'black box', and any party including the service platform cannot acquire related private data, so that the credibility of the data calculation process is realized.
For example, deploying a predefined business process algorithm
Request.builder()
.newTapp(“businessID”,“privateID”,bytecodes)
.setTappDescription(“describe”)
.build();
For example, construct a privacy computation request
Request.builder()
.defaultRequest(“businessID”,“privateID”,"methodName")
.addString(“your business content”)
.build();
Step 107: after the calculation is completed, the private computing environment will return the calculation result, in this embodiment, whether the property information provided by the user is consistent with the property information provided by the building department, to the service platform after being encrypted by the ECIES algorithm.
Step 108: and the service platform decrypts the ciphertext locally to obtain a calculation result. In this embodiment, if the calculation result indicates that the two sets of property information are consistent, the property information submitted by the user will pass the audit; otherwise, the property information submitted by the user is rejected and needs to be submitted again.
For example, local decryption
request=Request.builder()
.defaultRequest(“businessID”,“privateID”,"methodName")
.addBytes(“ciphertext”)
.build();
Response=Client.call(request);
Step 109: and finally, the service platform links and stores the calculation result permanently, so that the credibility of the calculation result is ensured.
According to the invention, block chains and privacy security computing technologies are innovatively combined, so that full-link privacy protection of privacy data credibility verification is realized. The method ensures the safety and credibility of three links of data transmission, data calculation and calculation results, and meets the requirement of an authority on the safety of private data based on the characteristic of invisible data availability of a private calculation technology, thereby ensuring a credible data source. The invention can meet the requirement of verifying the credibility of the private data in various commercial activity scenes, can provide efficient, fair and transparent information verification service for citizens and society, enables supervision departments to adopt more active preventive supervision and greatly reduces the supervision difficulty.
Claims (7)
1. A private data credibility verification method based on block chains and private security calculation is characterized in that: the method comprises the following steps that firstly, a system service platform is built, a user inputs corresponding information to be verified on the system service platform, the system service platform locally builds an encrypted corresponding information verification request of the user according to the information to be verified, and the system service platform simultaneously sends the verification request to a corresponding end of an authority party of information verification; step two, after receiving the verification request data in the step one, the corresponding end of the authority party of the information verification firstly decrypts the ciphertext to obtain the content of the information verification request, encrypts the real information corresponding to the request information verification and transmits the encrypted real information back to the system service platform; step three, the system service platform transmits verification information returned by the corresponding end of the authority party and two groups of encrypted information of the corresponding information of the user as parameters to a Java interface which is responsible for calling the private computing environment; step four, the Java interface in charge of calling the private computing environment can safely transmit the related data into the private computing environment; after receiving the two groups of encrypted information related data in the third step, the private computing environment decrypts and computes a plurality of groups of encrypted private data in a Trusted Execution Environment (TEE) based on a service processing algorithm which is predefined in advance and compiled and deployed through related SDKs, and after the computation is completed, the private computing environment encrypts a computation result and returns the computation result to the system service platform; and step six, the system service platform decrypts the ciphertext locally to obtain a calculated verification result, and links the calculation verification result with a chain storage certificate.
2. The trusted verification method of private data based on blockchain and privacy security computing according to claim 1, wherein: the encryption algorithm is an ECIES algorithm.
3. The trusted verification method of private data based on blockchain and privacy security computing according to claim 1, wherein: the private computing environment will ensure that decryption and computation of the ciphertext will be done in a secure, trusted execution environment that is fully encrypted and that no party, including the service platform, can obtain the relevant private data.
4. The trusted verification method of private data based on blockchain and privacy security computation according to claim 1 or 3, characterized by: the private computing environment is based on the final conclusion generated by the pre-written computing logic, and the hardware signature protection can verify that the computing logic is not tampered.
5. The trusted verification method of private data based on blockchain and privacy security computing according to claim 1, wherein: in the third step, the Java interface responsible for invoking the private computing environment securely transmits the relevant data to the private computing environment through the SSL/TLS channel.
6. The trusted verification method of private data based on blockchain and privacy security computing according to claim 1, wherein: and in the third step, the system service platform transmits the verification information returned from the corresponding end of the authority party and two groups of encrypted information of the corresponding information of the user, the service request channel ID and the user-defined service request ID as parameters into a Java interface which is responsible for calling the private computing environment.
7. The trusted verification method of private data based on blockchain and privacy security computing according to claim 6, wherein: in the third step, the service request channel ID is used for distinguishing different channels for accessing privacy calculation, the user-defined service request ID marks a single request, and the single request is used as a part of returned data of the privacy safety calculation environment when a privacy calculation method is subsequently called.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011610784.1A CN112685776A (en) | 2020-12-30 | 2020-12-30 | Privacy data credibility verification method based on block chain and privacy security calculation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011610784.1A CN112685776A (en) | 2020-12-30 | 2020-12-30 | Privacy data credibility verification method based on block chain and privacy security calculation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112685776A true CN112685776A (en) | 2021-04-20 |
Family
ID=75455102
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011610784.1A Pending CN112685776A (en) | 2020-12-30 | 2020-12-30 | Privacy data credibility verification method based on block chain and privacy security calculation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112685776A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113781245A (en) * | 2021-09-10 | 2021-12-10 | 杭州宇链科技有限公司 | Privacy computing system and method enabling safe production insurance |
| CN114186266A (en) * | 2022-02-16 | 2022-03-15 | 国家超级计算天津中心 | Big data security and privacy computing control method in super computing and cloud computing environment |
| CN114499895A (en) * | 2022-04-06 | 2022-05-13 | 国网浙江省电力有限公司电力科学研究院 | Data trusted processing method and system fusing trusted computing and block chain |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107423973A (en) * | 2017-08-04 | 2017-12-01 | 现在(北京)支付股份有限公司 | The method of payment of passive barcode scanning on customer mobile terminal based on block chain technology |
| CN107423981A (en) * | 2017-08-04 | 2017-12-01 | 现在(北京)支付股份有限公司 | Browser of mobile terminal method of payment based on block chain technology |
| CN108960832A (en) * | 2018-08-09 | 2018-12-07 | 全链通有限公司 | The method for secret protection and system of block chain real name communication |
| CN111709745A (en) * | 2020-06-09 | 2020-09-25 | 浙江大学 | SGX-based block chain transaction security protection system and method thereof |
| CN111770199A (en) * | 2020-08-31 | 2020-10-13 | 支付宝(杭州)信息技术有限公司 | Information sharing method, device and equipment |
| CN111770200A (en) * | 2020-08-31 | 2020-10-13 | 支付宝(杭州)信息技术有限公司 | Information sharing method and system |
-
2020
- 2020-12-30 CN CN202011610784.1A patent/CN112685776A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107423973A (en) * | 2017-08-04 | 2017-12-01 | 现在(北京)支付股份有限公司 | The method of payment of passive barcode scanning on customer mobile terminal based on block chain technology |
| CN107423981A (en) * | 2017-08-04 | 2017-12-01 | 现在(北京)支付股份有限公司 | Browser of mobile terminal method of payment based on block chain technology |
| CN108960832A (en) * | 2018-08-09 | 2018-12-07 | 全链通有限公司 | The method for secret protection and system of block chain real name communication |
| CN111709745A (en) * | 2020-06-09 | 2020-09-25 | 浙江大学 | SGX-based block chain transaction security protection system and method thereof |
| CN111770199A (en) * | 2020-08-31 | 2020-10-13 | 支付宝(杭州)信息技术有限公司 | Information sharing method, device and equipment |
| CN111770200A (en) * | 2020-08-31 | 2020-10-13 | 支付宝(杭州)信息技术有限公司 | Information sharing method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113781245A (en) * | 2021-09-10 | 2021-12-10 | 杭州宇链科技有限公司 | Privacy computing system and method enabling safe production insurance |
| CN113781245B (en) * | 2021-09-10 | 2023-10-13 | 杭州宇链科技有限公司 | Privacy computing system and method for enabling safe production insurance |
| CN114186266A (en) * | 2022-02-16 | 2022-03-15 | 国家超级计算天津中心 | Big data security and privacy computing control method in super computing and cloud computing environment |
| CN114499895A (en) * | 2022-04-06 | 2022-05-13 | 国网浙江省电力有限公司电力科学研究院 | Data trusted processing method and system fusing trusted computing and block chain |
| CN114499895B (en) * | 2022-04-06 | 2022-07-29 | 国网浙江省电力有限公司电力科学研究院 | Data trusted processing method and system fusing trusted computing and block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109889504B (en) | Decentralized data access right transaction method and system | |
| CN109194708B (en) | Distributed storage system based on block chain technology and identity authentication method thereof | |
| US11481768B2 (en) | System and method of generating and validating encapsulated cryptographic tokens based on multiple digital signatures | |
| CN113094730B (en) | Medical data safety management platform based on internet | |
| WO2019007396A1 (en) | Method and device for conducting encrypted transaction based on smart contract, and blockchain | |
| CN112685776A (en) | Privacy data credibility verification method based on block chain and privacy security calculation | |
| CZ197896A3 (en) | Encryption method with safekeeping of a key in a third person and a cryptographic system for making the same | |
| CN111444273B (en) | Data authorization method and device based on block chain | |
| US20130318619A1 (en) | Encapsulated security tokens for electronic transactions | |
| KR20010043332A (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
| JPH10504150A (en) | A method for securely using digital signatures in commercial cryptosystems | |
| KR19990044692A (en) | Document authentication system and method | |
| US11356258B2 (en) | Methods and systems for distributed cryptographically secured data validation | |
| Sengupta et al. | e-Commerce security—A life cycle approach | |
| US11250423B2 (en) | Encapsulated security tokens for electronic transactions | |
| Mogos et al. | Study on security risks of e-banking system | |
| Mohammed et al. | Secure Smart Contract Based on Blockchain to Prevent the Non-Repudiation Phenomenon | |
| CN114254269A (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| US20220188836A1 (en) | Anti-Money Laundering Blockchain Technology | |
| Balenson et al. | A new approach to software key escrow encryption | |
| CN112632014A (en) | Private data sharing method based on block chain and private security calculation | |
| Jyothi et al. | Protection and Saving of Delicate Data by using Cloud Computing | |
| CN111626535B (en) | Quality authentication system and method based on block chain | |
| Li et al. | Accountable Decryption made Formal and Practical | |
| Srivastava et al. | Blockchain Risk and Uncertainty in Automated Applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |