CN114338034B - Block chain-based dam bank monitoring data safe sharing method and system - Google Patents
Block chain-based dam bank monitoring data safe sharing method and system Download PDFInfo
- Publication number
- CN114338034B CN114338034B CN202111496771.0A CN202111496771A CN114338034B CN 114338034 B CN114338034 B CN 114338034B CN 202111496771 A CN202111496771 A CN 202111496771A CN 114338034 B CN114338034 B CN 114338034B
- Authority
- CN
- China
- Prior art keywords
- responsible person
- key
- resource file
- signature
- dam bank
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012795 verification Methods 0.000 claims abstract description 36
- 238000006243 chemical reaction Methods 0.000 claims abstract description 30
- 230000008569 process Effects 0.000 claims abstract description 16
- 238000004364 calculation method Methods 0.000 claims description 17
- 239000011159 matrix material Substances 0.000 claims description 10
- 238000013507 mapping Methods 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000001556 precipitation Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02A—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
- Y02A10/00—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE at coastal zones; at river basins
- Y02A10/40—Controlling or monitoring, e.g. of flood or hurricane; Forecasting, e.g. risk assessment or mapping
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field, in particular to a dam bank monitoring data safe sharing method and system based on a block chain, comprising the following steps: initializing a signature process of the dam bank monitoring data security sharing system; generating signature public and private keys of all responsible persons; signature verification is carried out on the dam bank monitoring resource files by each responsible person according to the sequence; initializing an encryption uploading process of a dam bank monitoring resource file; encrypting the dam bank monitoring resource file according to the set access strategy, and storing the encrypted dam bank monitoring resource file; generating a conversion key and a signature key of a data access party; and the data access party sends out a dam bank monitoring resource file request and acquires the dam bank monitoring resource file. By carrying out encryption sharing and signature verification on the dangerous case resource file, the invention solves the problem of key escrow existing in the single-attribute authorization center, and improves the safety and performance of the system.
Description
Technical Field
The invention relates to the technical field of dam bank dangerous case monitoring, in particular to a dam bank monitoring data safe sharing method and system based on a block chain.
Background
In recent years, the climate in China is complex and changeable, and extreme weather disasters frequently occur. In the flood season, the precipitation of the yellow river basin also shows a tendency of more, so that the water level of the river possibly exceeds a warning line, and once the water level is too high, dam bank collapse is caused, extra flood can be caused, and great loss is caused to lives and properties of people in the coastal region of the yellow river. In the face of such severe situations, if the dangerous situations of the yellow river can be found early and treated in time, the occurrence of disasters can be greatly reduced, and safety guarantee is provided for people along the coast of the yellow river. Huang Heba bank dangerous situation early warning and alarming system is developed, the system monitors the condition of the dam bank in real time mainly through monitoring points deployed on the dam bank, once the monitoring points give an alarm, the dangerous situation is indicated, a camera deployed on the dam can be turned to the dangerous situation point to shoot, and a shot video file is uploaded to a cloud server. Because these dam bank dangerous case video files have important meaning and value, in order to protect privacy and confidentiality therein, it is necessary to implement access control in order to prevent illegal messages from being tampered with or stolen maliciously.
However, existing storage sharing for files is generally implemented based on a third party mechanism such as a cloud server, and once the third party fails, the stored resources are inevitably damaged. Blockchain technology can effectively solve this problem by its de-centering nature. However, in the conventional blockchain technology, access control is not realized, so that the problem of access control in the blockchain needs to be solved in the background, so that safe and effective sharing of the dam bank dangerous case video file is realized.
Disclosure of Invention
The invention aims to provide a dam bank monitoring data safe sharing method and system based on a block chain, which are used for solving the problem that safe and effective sharing of a dam bank dangerous case video file cannot be realized in the prior art.
In order to solve the technical problems, the invention provides a dam bank monitoring data safe sharing method based on a block chain, which comprises the following steps:
initializing a signature process of the dam bank monitoring data security sharing system;
generating signature public and private keys of all responsible persons;
signature verification is carried out on the dam bank monitoring resource files by each responsible person according to the sequence;
initializing an encryption uploading process of a dam bank monitoring resource file;
encrypting the dam bank monitoring resource file according to the set access strategy, and storing the encrypted dam bank monitoring resource file;
generating a conversion key and a signature key of a data access party;
and the data access party sends out a dam bank monitoring resource file request and acquires the dam bank monitoring resource file.
Further, the step of initializing the signature flow of the dam bank monitoring data security sharing system includes:
generating unique identity id of uploading responsible person and each responsible person j Wherein id j The unique identity mark of the jth responsible person is represented;
the uploading responsible person DOP selects two large prime numbers p and q, wherein q is a prime factor of p-1, and q is more than or equal to 2 140 ,p≥2 512 Then, a random number g (g.noteq.1) is selected to satisfy g q Identical to 1mod p, and then selecting a one-way hash functionZ p ×Z→ {0,1,…,2 t-1 -wherein t ranges from a parameter greater than 72, the subscript p denotes the order of the group, Z p Representing a non-negative integer which is not more than p, Z represents an integer, and meanwhile, initializing an empty table T by a DOP (uploading responsible person);
uploading the signature parameters by responsible person DOPDisclosed in a dam bank monitoring data security sharing system.
Further, the step of generating the public and private signature keys of the responsible persons comprises the following steps:
each responsible person generates a random number x j And d j ,1≤x j ≤q-1,d j ∈Z p Calculation ofy′ j =d j Deriving a signed public key component first portion y j With the second part y 'of the signed public key component' j The signature public key SPK is set to spk= (y) j ,y′ j ) The signature private key SSK is set to x j And public the signature public key SPKDevelop the cloth.
Further, each responsible person sequentially performs signature verification on the dam bank monitoring resource file, and the step of obtaining a multiple signature result comprises the following steps:
according to the set signature sequence, the uploading responsible person sends the resource file h (m) to be signed to the 1 st responsible person, and the 1 st responsible person selects the random number a 1 ,0<a 1 <q, and performing the following calculation to obtain a signature message { h (m), s) corresponding to the 1 st responsible person 1 ,r 1 ,id 1 }:
r 1 =(a 1 +x 1 e 1 )mod q
Wherein m is a dam bank dangerous case resource file, h (m) is a hash value of the dam bank dangerous case resource file obtained by using SHA256 algorithm, s 1 E, as a first intermediate result signed by the 1 st responsible person 1 R is the second intermediate result signed by the 1 st responsible person 1 A signature result after being signed by a first responsible person;
signature message { h (m), s to be obtained by the 1 st responsible person 1 ,r 1 ,id 1 The method comprises the steps that a2 nd responsible person is sent to, the 2 nd responsible person performs signature verification on the 1 st responsible person, if the verification is passed, the 2 nd responsible person obtains corresponding signature information and sends the corresponding signature information to a 3 rd responsible person, if the verification is not passed, abnormal information is sent to an upward responsible person, and the like until the last responsible person obtains the corresponding signature information;
the calculation formula corresponding to the j-1 th responsible person for signature verification is as follows:
wherein s' j-1 Verifying the value, e, for the first intermediate result signed by the j-1 th responsible person j-1 A second intermediate result signed by the j-1 th responsible person, r j-1 The signature result is signed by the j-1 th responsible person;
if passing the verification, the jth responsible person selects the random number a j ,0<a j <p, the following calculation is carried out to obtain signature messages { h (m), s corresponding to the jth responsible person j ,r j ,id j }:
r j =r j-1 +(a j +x j e j )mod q
Wherein s is j A first intermediate result, e, signed by the jth responsible person j For the second intermediate result signed by the jth responsible person, r j The signature result is signed by the jth responsible person;
each responsible person calculates the calculated tuple (s j ,id j ) Is sent to the uploading responsible person, and the uploading responsible person receives the tuple(s) sent by the responsible person each time j ,id j ) Sequentially storing the data in a table T;
the last responsible person will correspond to the signed message { h (m), s } J ,r J ,id J The final multiple signature result r is obtained by the uploading responsible person carrying out signature verification on the last responsible person and sending back the final multiple signature result r J 。
Further, the step of initializing the encryption uploading process of the dam bank monitoring resource file comprises the following steps:
the trusted center generates a prime order K 0 Cycle group G 0 Cycle group G 0 The magnitude of (g) is determined by a safety parameter lambda, g 1 For cycle group G 0 Is a generator of (1); selecting an anti-collision hash functionAnd the random numbers alpha, beta, a, b, c,then select the random element h 0 ∈G 0 Attribute hash element h 1 ,h 2 ,…h U ∈G 0 The method comprises the steps of carrying out a first treatment on the surface of the According to the parameters, a public key PK and a master key MSK are generated, and the corresponding calculation formula is as follows:
PK=(g 1 ,e(g 1 ,g 1 ) α ,h 1 ,h 2 ,…h U )
MSK=(a,β,g 1 α )
wherein,,representing not more than K 0 E represents the cyclic group G 0 Bilinear mapping relation on: e (G) 0 ,G 0 )→G 1 , G 0 ,G 1 Are all cyclic groups.
Further, the steps of encrypting the dam bank monitoring resource file according to the set access strategy and storing the encrypted dam bank monitoring resource file include:
the uploading responsible person selects an access policy filepolicy (A, ρ) which is desired to be set, wherein A represents a l×n shared matrix, ρ represents a mapping function for mapping each row of matrix A to a corresponding attribute, and ρ is limited to a single-shot function;
the uploading responsible person encrypts a dam bank dangerous case resource file m to be uploaded by using an AES key encryption algorithm, and the resource file encrypted by the AESkey encryption algorithm is Encfile;
the uploading responsible person calls an IPFS storage algorithm to store the encrypted resource file Encfile in the IPFS distributed storage network; after the encrypted resource file Encfile is stored in the IPFS distributed storage network, returning a hash value ipfsfile which can be queried into a ciphertext of the resource file;
the uploading responsible person calls and stores an intelligent contract algorithm to enable a resource file hash value h (m), a resource file ciphertext hash value ipfsfile, a resource file access strategy filepolicy (A, ρ) and a multiple signature result r to be achieved J The table T encrypted using the encryption key AESkey is stored in the blockchain;
the uploading responsible person uses the access policy filepolicy (A, ρ), public key PK, key AESkey and signcryption key to be setObtaining a key ciphertext encaeskey= (e) 1 ,e 2 ,e 3 ,E 3 ,σ 1 ,σ 2 ) And stored in an access control system, wherein e 1 For the first component of the key ciphertext, e 2 For the second component, e 3 A third component, E, is a key ciphertext 3 For the key ciphertext fourth component, σ 1 As the key ciphertext fifth component, sigma 2 And a sixth component for key ciphertext.
Further, the calculation formula corresponding to each component of the key ciphertext encAESkey is as follows:
e 1 =m AESkey e(g 1 ,g 1 ) αs
e 2 =g 1 s
wherein e 1 For the first component of the key ciphertext, e 2 For the second component, e 3 A third component, E, is a key ciphertext 3 For the key ciphertext fourth component, σ 1 As the key ciphertext fifth component, sigma 2 And a sixth component for key ciphertext.
Further, the step of generating the conversion key and the signature key of the data access party includes:
the data access party obtains the element set according to the public key PK and the master key MSKThen a random number z is selected and,the first component K of the conversion key, the second component L of the conversion key and the third component of the conversion key are calculated by the following formula>
Wherein AS d Attributes possessed by the user for access;
conversion key of data access side DU isAnd sending it from the secret channel to the computing node, the data access party storing the secret coefficient sc=z;
for generating a signing key, first the attribute authority is from the recurring group G 0 Selecting one generation elementComputing signing key component K 0 :
The signing key of the data access side DU is
Further, the step of the data access party sending a request for the dam bank monitoring resource file and obtaining the dam bank monitoring resource file includes:
the data access direction access control system requests to access the resource file m and sets an attribute set AS according to the attribute of the data access direction access control system d ;
After receiving a file access request of a data access party, an access control system inquires an intelligent contract, acquires h (m) of an accessed file, accesses a hash value ipfsfile of the resource file and a table T encrypted by a key AESkey in an IPFS distributed storage network, then calls an IPFS inquiry algorithm to request to inquire an encrypted resource file Encfile stored in the IPFS distributed storage network, and returns an inquiry result Encfile after the IPFS distributed storage network inquires successfully;
the access control system reads the secret key ciphertext encAESkey stored in the system at the moment and sends the secret key ciphertext encAESkey to the data access party;
after the data access party obtains the key ciphertext encAESkey, firstly, the accuracy of the verification key ciphertext component is calculated according to the following formula:
e(σ 2 ,h 0 b )=e(σ 1 ,h 0 )
if verification is successful, the key ciphertext component is not tampered in the uploading and acquiring process, and then the data access party sends the key ciphertext to a computing node in the blockchain network to enable the computing node to convert the key ciphertext, so that the local computing burden is reduced;
the computing node in the block chain network converts the cipher key ciphertext according to the conversion key, firstly, the computing node makes the key ciphertextDefined AS i= { I: ρ (I) ∈as d If the attribute is set AS d Meets the access policy filepolicy (A, ρ) and λ i For the share of the shared key s with respect to the access matrix a, the algorithm can then calculate the value +_ in polynomial time>Satisfy Sigma i∈I ω i λ i =s, then perform the conversion ciphertext operation with the following formula, calculate the conversion ciphertext first component R:
will convert ciphertext (R, e 1 ) Is returned to the accessing user;
the data access party obtains the conversion ciphertext (R, e 1 ) And a secret coefficient SC, the secret key plaintext m is obtained by calculating and decrypting in the following way AESkey :
The data access side encrypts the table T and the key plaintext m by the key AESkey according to the encrypted resource file Encfile AESkey Invoking an AES decryption algorithm to decrypt the resource file and the table T to obtain a dangerous situation resource file m and table T content, and knowing the signature authentication condition of each responsible person of the resource file according to the table T content;
and the data access party calls the SHA256 algorithm to carry out hash operation on the dangerous resource file m, and if the hash operation is consistent with the h (m) result of the accessed file obtained by inquiring the intelligent contract, the resource file is not tampered in the whole process.
The invention also provides a dam bank monitoring data safe sharing system based on the block chain, which comprises a processor and a memory, wherein the processor is used for processing instructions stored in the memory to realize the dam bank monitoring data safe sharing method based on the block chain.
The invention has the following beneficial effects: by carrying out encryption sharing and signature verification on dangerous case resource files, safe sharing of yellow river dam bank monitoring resources is realized, safety of sharing of the resource files in river service offices in Henan province is guaranteed, information leakage caused by malicious theft and unclassified information release is avoided, panic problem is caused, and safe sharing of the dangerous case resource files in river service offices in Henan province is ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a block chain based dam bank monitoring data secure sharing method of the present invention.
Detailed Description
In order to further describe the technical means and effects adopted by the present invention to achieve the preset purpose, the following detailed description is given below of the specific implementation, structure, features and effects of the technical solution according to the present invention with reference to the accompanying drawings and preferred embodiments. In the following description, different "one embodiment" or "another embodiment" means that the embodiments are not necessarily the same. Furthermore, the particular features, structures, or characteristics of one or more embodiments may be combined in any suitable manner.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
In the river service bureau of each area, there are a plurality of department personnel, and some attributes can be clearly divided, so that access control based on the attributes can be used. Only the user who satisfies the access structure set by the encryptor personally can decrypt the data, so that more flexible access control can be realized. In addition, the method can meet the requirement of multi-user data sharing, so that one-to-many fine-grained communication can be performed. In order to enable dam bank dangerous case resources monitored by river service bureaus in regions of Henan province to be safely and effectively shared, signature authentication is needed to be carried out on dangerous case video files uploaded to a blockchain by related departments of each bureau, and the files signed by authentication of all responsible persons in the bureau are uploaded to the blockchain, so that the method is very helpful for follow-up problem responsibility following. The multiple signatures can solve the problem that multiple units perform identity authentication and signature validity verification on the same file.
Based on the above analysis, the present embodiment provides a dam bank monitoring data security sharing system based on blockchain, as shown in fig. 1, which includes 7 components, respectively: the system comprises an Ethernet block chain, a data access party DU, a responsible person DO, an uploading responsible person DOP, an IPFS distributed storage network, a trusted center CA and an attribute authorization center AAC. The Ethernet block chain is used for storing files with smaller capacity such as access control strategies, signature forms and the like. The data access party DU is a dam bank dangerous case resource access downloader. The responsible person DO is the leader responsible person at each level in the river bureau and is responsible for signing the unique identification of each resource file for dangerous cases. The uploading responsible person DOP is mainly responsible for integrating signature files submitted by all the leading responsible persons DO, and the formed files are encrypted and uploaded to the IPFS distributed storage network. The trust center CA is a trusted third party authority for generating key section components for data access parties. The attribute authorization center AAC is a mechanism for specially maintaining attributes, is also used for generating a key part component for a data access party, and combines a plurality of attribute authorization centers to form multi-attribute authorization, so that the problem of key escrow existing in a single attribute authorization center is solved, and the system safety and the system performance are improved.
Based on the block chain-based dam bank monitoring data secure sharing system, the embodiment provides a block chain-based dam bank monitoring data secure sharing method, which realizes the secure sharing of yellow river dam bank monitoring resources by carrying out encryption sharing and signature verification on dangerous case resource files, ensures the security of sharing the resource files in river service offices in Henan province, avoids information leakage caused by malicious theft and issuing of unreasonable messages, and causes the problem of panic, so that the dangerous case resource files are more secure to share in the river service offices in Henan province.
Specifically, a flow chart corresponding to the block chain-based dam bank monitoring data secure sharing method is shown in fig. 1, and includes the following steps:
(1) Initializing a dam bank monitoring data security sharing system signature process, mainly generating identity identifiers of all the participants, and specifically comprising the following steps:
(1-1) uploading responsible person DOP and responsible person DO j Generating respective identity unique identifiers by means of RFID cards or user passwords and the like, and uploading the identity unique identifiers of responsible person DOP as id DOP Responsible person DO j The identity unique identifier of (2) is id j J is the sequencing mark of the responsible person, the value range is 1 to J, and J is the maximum number of the responsible person.
(1-2) uploading responsible person DOP selecting two large prime numbers p and q, wherein q is prime factor of p-1, q is more than or equal to 2 140 ,p≥ 2 512 Then, a random number g (g.noteq.1) is selected to satisfy g q Identical to 1mod p, and then selecting a one-way hash functionZ p ×Z→{0,1,…,2 t-1 -wherein t ranges from a parameter greater than 72, the subscript p denotes the order of the group, Z p Represents a non-negative integer not greater than p, Z represents an integer. In addition, the uploading responsible person DOP initiates an empty table T.
(1-3) uploading the signature parameters by the responsible person DOPDisclosed in a yellow river dam bank monitoring data safety sharing system.
(2) Each responsible person generates own public and private signature keys for subsequent signatures of the resource files under the chain.
Each responsible person generates a random number x j And d j ,1≤x j ≤q-1,d j ∈Z p Calculated by a formulaDeriving a signed public key component first portion y j With the second part y 'of the signed public key component' j . The signature public key SPK is set to spk= (y) j ,y′ j ) The signature private key SSK is set to x j The signature public key SPK is then published publicly.
(3) Each responsible person sequentially performs signature verification on the resource files.
In this embodiment, the signature order is ordered. The uploading responsible person sends the dangerous case resource file which needs to be signed and authenticated to the first responsible person for signing, the dangerous case resource file transmits the signature among all responsible persons in sequence, and the signed resource file is transmitted back to the uploading responsible person, and the method specifically comprises the following steps:
(3-1) the uploading responsible person DOP sends the resource file h (m) to be signed to the responsible person DO according to the set signature sequence 1 Then responsible person DO 1 Selecting a random number a 1 (0<a 1 <q) according to the following formula:
r 1 =(a 1 +x 1 e 1 )mod q
wherein m is a dam bank dangerous case resource file, h (m) is a hash value of the resource file obtained by using SHA256 algorithm, s 1 For passing through responsible person DO 1 A signed first intermediate result, e 1 For passing through responsible person DO 1 After signingR 1 For passing through responsible person DO 1 And signing the signed result.
(3-2) responsible person DO 1 Will sign the message { h (m), s 1 ,r 1 ,id 1 Send to responsible person DO 2 Then responsible person DO 2 For responsible person DO 1 Is verified as to the identity and signature validity of the same. And so on, responsible person DO j Receiving responsible person DO j-1 Sent signature message { h (m), s j-1 ,r j-1 ,id j-1 After } DO for responsible person j-1 And (3) carrying out related verification on the identity and the validity of the signature, and carrying out calculation verification through the following formula:
wherein s' j-1 For passing through responsible person DO j-1 Verifying the value, e, of the signed first intermediate result j-1 For passing through responsible person DO j-1 A second intermediate result after signature, r j-1 For passing through responsible person DO j-1 And signing the signed result.
If the verification is not passed, abnormal information is sent to the DOP of the uploading responsible person, and the signature is stopped; if the verification is passed, a random number a is selected j (0<a j <p) is calculated by the following formula:
r j =r j-1 +(a j +x j e j )mod q
wherein s is j For passing through responsible person DO j A signed first intermediate result, e j For passing through responsible person DO j A second intermediate result after signature, r j For passing through responsible person DO j And signing the signed result.
(3-3) each responsible person calculates the calculated tuple (s j ,id j ) Is sent to the uploading responsible person DOP, and each time the uploading responsible person DOP receives the tuple (s j ,id j ) It is sequentially stored in the table T and so on, the last responsible person DO J Will { h (m), s J ,r J ,id J The data are sent back to the uploading responsible person DOP, and the uploading responsible person DOP is opposite to the responsible person DO J And (3) carrying out related verification on the identity and the validity of the signature, and carrying out calculation verification through the following formula:
wherein s' J For passing through responsible person DO J Verifying the value, e, of the signed first intermediate result J For passing through responsible person DO J A second intermediate result after signature, r J For passing through responsible person DO J And signing the signed result.
(3-4) uploading the responsible person DOP to obtain the final multiple signature result r J 。
(4) And initializing a process of encrypting and uploading the dam bank dangerous case resource file by an uploading responsible person.
The trusted center CA executes an algorithm with input parameters of a security parameter λ, an attribute set U, an output public key PK and a master key MSK, the algorithm comprising the following specific steps:
the trusted center CA generates a prime order K 0 Cycle group G 0 Cycle group G 0 The magnitude of (g) is determined by a safety parameter lambda, g 1 For cycle group G 0 Is a generator of (1). Then select an anti-collision hash functionAnd the random numbers α, β, a, b, c,> then select the random element h 0 ∈G 0 Attribute hash element h 1 ,h 2 ,…h U ∈G 0 . Finally, a public key PK and a master key MSK are generated according to the parameters, and the corresponding calculation formula is as follows:
PK=(g 1 ,e(g 1 ,g 1 ) α ,h 1 ,h 2 ,…h U )
MSK=(a,β,g 1 α )
wherein,,representing not more than K 0 E represents the cyclic group G 0 Bilinear mapping relation on: e (G) 0 ,G 0 )→G 1 , G 0 ,G 1 Are all cyclic groups.
(5) The uploading responsible person selects the access strategy to be set, encrypts the dangerous case resource file to be uploaded, and then uploads the dangerous case resource file to the IPFS distributed storage network, and uploads the information to be disclosed to the blockchain, comprising the following specific steps:
(5-1) the uploading responsible person selecting an access policy filepolicy (a, ρ) to be set, wherein a represents a shared matrix of lxn, ρ represents a mapping function mapping each row of matrix a to a corresponding attribute, and ρ is limited to a single shot function.
And (5-2) encrypting the dam bank dangerous case resource file m to be uploaded by an uploading responsible person by using an AES key encryption algorithm, wherein the resource file encrypted by the AESkey encryption algorithm is Encfile.
And (5-3) the uploading responsible person calls the IPFS storage algorithm to store the encrypted resource file Encfile in the IPFS distributed storage network. After the encrypted resource file Encfile is stored in the IPFS distributed storage network, the hash value ipfsfile which can be queried for the ciphertext of the resource file is returned.
(5-4) the uploading responsible person calls and stores the intelligent contract algorithm to enable the resource file hash value h (m), the resource file ciphertext hash value ipfsfile, the resource file access strategy filepolicy (A, ρ) and the multiple signature result r to be achieved J The table T encrypted using the encryption key AESkey is stored in the blockchain.
(5-5) uploading the public key PK generated in the step (4) and the key AESkey, the signcryption key by the principal inputting the access policy filepolicy (A, ρ) to be setOutput key ciphertext encaeskey= (e) 1 ,e 2 ,e 3 ,E 3 ,σ 1 ,σ 2 ) Stored in the access control system. Encrypting the key is operated mainly by the following steps:
(5-5-1) upload responsible person first selects a random vectorWhere s is an encryption parameter, K p Prime number->Representing not more than K p Is an integer of n.
(5-5-2) then selecting a random numberRepresenting not more than K p For each row a of matrix a in the access policy filepolicy (a, p) i Calculate inner product +.>The key ciphertext first component e is calculated by the following formula 1 Key ciphertext second component e 2 Key ciphertext third component e 3 Key ciphertext fourth component E 3 Key ciphertext fifth component sigma 1 Key ciphertext sixth groupPiece sigma 2 :
e 1 =m AESkey e(g 1 ,g 1 ) αs
e 2 =g 1 s
(6) A decryption key and a signing key for the data access party are generated.
The attribute authority AAC interacts with the data access party DU to generate a data access party decryption key. The trusted center CA generates a signature key required by the uploading responsible person, and the method comprises the following specific steps of:
(6-1) first, the data Access side DU obtains the element set from the public key PK and the Master Key MSK generated in (4)Then select the random number z +.>The first component K of the conversion key, the second component L of the conversion key and the third component of the conversion key are calculated by the following formula>
Wherein AS d For accessing attributes possessed by the user.
Conversion key of data access side DU isAnd sends it over a secret channel to the computing node, the data access party storing the secret coefficient sc=z.
(6-2) for generating a signing key, first the attribute authority is from the round group G 0 Selecting one generation elementComputing signing key component K 0 :
Therefore, the signing key of the data access side DU is
(7) The data access party puts forward an access request, decrypts the dangerous case resource file according to the attribute set, and can obtain the real file if the attribute set meets the set access strategy.
(7-1) the data Access party DU first requests the access control System to access the resource File m and sets the Attribute set AS according to its own Attribute d 。
And (7-2) after receiving the file access request of the data access party, the access control system inquires about the intelligent contract, acquires h (m) of the accessed file, accesses the hash value ipfsfile of the resource file and the table T encrypted by using the key AESkey in the IPFS distributed storage network, and then calls the IPFS inquiry algorithm to request to inquire about the encrypted resource file Encfile stored in the IPFS distributed storage network. And after the IPFS distributed storage network is queried successfully, returning a query result Encfile.
(7-3) the access control system re-reads the key ciphertext encAESkey stored in the system at this time and transmits it to the data access party.
(7-4) after the data access party obtains the key ciphertext encAESkey, firstly, calculating the accuracy of the verification key ciphertext component according to the following formula:
e(σ 2 ,h 0 b )=e(σ 1 ,h 0 )
if the verification is successful, the key ciphertext component is not tampered in the uploading and acquiring process. And then the data access party sends the key ciphertext to a computing node in the blockchain network to enable the computing node to convert the key ciphertext, so that the local computing burden is reduced.
(7-5) the computing nodes in the blockchain network converting the key ciphertext according to the conversion key derived in step (6-1). First orderDefined AS i= { I: ρ (I) ∈as d If the attribute is set AS d Meets the access policy filepolicy (A, ρ) and λ i For the share of the shared key s with respect to the access matrix a, the algorithm can then calculate the value +_ in polynomial time>Satisfy Sigma i∈I ω i λ i =s. Then, the ciphertext conversion operation is performed according to the following formula, and a first ciphertext conversion component R is calculated:
conversion ciphertext (R, e) 1 ) Is returned to the accessing user.
The data access party obtains the conversion ciphertext (R, e 1 ) The secret coefficient SC obtained in the step (6-1) is used for calculating and decrypting the secret key plaintext m in the following way AESkey :
(7-6) the data access side based on the encrypted resource file Encfile obtained in the step (7-2), the table T encrypted by the key AESkey, and the key plaintext m obtained in the step (7-5) AESkey And (3) invoking an AES decryption algorithm to decrypt the resource file and the table T to obtain dangerous situation resource file m and table T contents, and knowing the signature authentication condition of each responsible person of the resource file according to the table T contents.
And (7-7) the data access party calls the SHA256 algorithm to carry out hash operation on the dangerous case resource file m, and if the hash operation is consistent with the h (m) result in the step (7-2), the resource file is not tampered in the whole process.
The embodiment also provides a block chain-based dam bank monitoring data safe sharing system, which comprises a processor and a memory, wherein the processor is used for processing instructions stored in the memory to realize the block chain-based dam bank monitoring data safe sharing method. Since the method for securely sharing the dam bank monitoring data based on the blockchain is described in detail in the above, the description is omitted here.
Before uploading and sharing the yellow river basin dangerous resource files, signature authentication is carried out on the files to be shared in Henan province in each river bureau, multiple signatures and verification are mainly realized through a Schnorr signature algorithm, the resource files are prevented from being modified in the interior, and security verification of the files in a transmission process is realized; storing large files, such as resource files, using an IPFS distributed storage network; when decrypting, the data access party only stores the secret coefficient, and can obtain the plaintext by only carrying out a simple calculation, thereby reducing the local calculation pressure. The invention has good security and decryption efficiency, can realize confidentiality, avoid the defects caused by single storage, and can carry out authority filtering on the data access party, and only users meeting access strategies can have authority to access, thereby improving the security of the whole system.
It should be noted that: the sequence of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (7)
1. The dam bank monitoring data safety sharing method based on the block chain is characterized by comprising the following steps of:
initializing a signature process of the dam bank monitoring data security sharing system;
generating signature public and private keys of all responsible persons;
signature verification is carried out on the dam bank monitoring resource files by each responsible person according to the sequence;
initializing an encryption uploading process of a dam bank monitoring resource file;
encrypting the dam bank monitoring resource file according to the set access strategy, and storing the encrypted dam bank monitoring resource file;
generating a conversion key and a signature key of a data access party;
the data access party sends a dam bank monitoring resource file request and acquires a dam bank monitoring resource file;
each responsible person sequentially performs signature verification on the dam bank monitoring resource files, and the step of obtaining a multiple signature result comprises the following steps:
according to the set signature sequence, the uploading responsible person sends the resource file h (m) to be signed to the 1 st responsible person, and the 1 st responsible person selects the random number a 1 ,0<a 1 <q, and performing the following calculation to obtain a signature message { h (m), s) corresponding to the 1 st responsible person 1 ,r 1 ,id 1 }:
r 1 =(a 1 +x 1 e 1 )mod q
Wherein m is a dam bank dangerous case resource file, h (m) is a hash value of the dam bank dangerous case resource file obtained by using SHA256 algorithm, s 1 E, as a first intermediate result signed by the 1 st responsible person 1 R is the second intermediate result signed by the 1 st responsible person 1 A signature result after being signed by a first responsible person;
signature message { h (m), s to be obtained by the 1 st responsible person 1 ,r 1 ,id 1 The method comprises the steps that a2 nd responsible person is sent to, the 2 nd responsible person performs signature verification on the 1 st responsible person, if the verification is passed, the 2 nd responsible person obtains corresponding signature information and sends the corresponding signature information to a 3 rd responsible person, if the verification is not passed, abnormal information is sent to an upward responsible person, and the like until the last responsible person obtains the corresponding signature information;
the calculation formula corresponding to the j-1 th responsible person for signature verification is as follows:
wherein s' j-1 Verifying the value, e, for the first intermediate result signed by the j-1 th responsible person j-1 A second intermediate result signed by the j-1 th responsible person, r j-1 The signature result is signed by the j-1 th responsible person;
if passing the verification, the jth responsible person selects the random number a j ,0<a j <p, the following calculation is carried out to obtain signature messages { h (m), s corresponding to the jth responsible person j ,r j ,id j }:
r j =r j-1 +(a j +x j e j )mod q
Wherein s is j A first intermediate result, e, signed by the jth responsible person j For the second intermediate result signed by the jth responsible person, r j The signature result is signed by the jth responsible person;
each responsible person calculates the calculated tuple (s j ,id j ) Is sent to the uploading responsible person, and the uploading responsible person receives the tuple(s) sent by the responsible person each time j ,id j ) Sequentially storing the data in a table T;
the last responsible person will correspond to the signed message { h (m), s } J ,r J ,id J The final multi-signature is obtained by the uploading responsible person carrying out signature verification on the last responsible person and sending back the final multi-signature to the uploading responsible personName result r J ;
The method comprises the steps of encrypting the dam bank monitoring resource file according to the set access strategy, and storing the encrypted dam bank monitoring resource file, wherein the steps comprise:
the uploading responsible person selects an access policy filepolicy (A, ρ) which is desired to be set, wherein A represents a l×n shared matrix, ρ represents a mapping function for mapping each row of matrix A to a corresponding attribute, and ρ is limited to a single-shot function;
the uploading responsible person encrypts a dam bank dangerous case resource file m to be uploaded by using an AES key encryption algorithm, and the resource file encrypted by the AESkey encryption algorithm is Encfile;
the uploading responsible person calls an IPFS storage algorithm to store the encrypted resource file Encfile in the IPFS distributed storage network; after the encrypted resource file Encfile is stored in the IPFS distributed storage network, returning a hash value ipfsfile which can be queried into a ciphertext of the resource file;
the uploading responsible person calls and stores an intelligent contract algorithm to enable a resource file hash value h (m), a resource file ciphertext hash value ipfsfile, a resource file access strategy filepolicy (A, ρ) and a multiple signature result r to be achieved J The table T encrypted using the encryption key AESkey is stored in the blockchain;
the uploading responsible person uses the access policy filepolicy (A, ρ), public key PK, key AESkey and signcryption key to be setObtaining a key ciphertext encaeskey= (e) 1 ,e 2 ,e 3 ,E 3 ,σ 1 ,σ 2 ) And stored in an access control system, wherein e 1 For the first component of the key ciphertext, e 2 For the second component, e 3 A third component, E, is a key ciphertext 3 For the key ciphertext fourth component, σ 1 As the key ciphertext fifth component, sigma 2 A sixth component which is a key ciphertext;
the calculation formula corresponding to each component of the key ciphertext encAESkey is as follows:
e 1 =m AESkey e(g 1 ,g 1 ) αs
e 2 =g 1 s
wherein e 1 For the first component of the key ciphertext, e 2 For the second component, e 3 A third component, E, is a key ciphertext 3 For the key ciphertext fourth component, σ 1 As the key ciphertext fifth component, sigma 2 And a sixth component for key ciphertext.
2. The blockchain-based dam bank monitoring data security sharing method of claim 1, wherein the step of initializing a signature flow of the dam bank monitoring data security sharing system comprises:
generating unique identity id of uploading responsible person and each responsible person j Wherein id j The unique identity mark of the jth responsible person is represented;
the uploading responsible person DOP selects two large prime numbers p and q, wherein q is a prime factor of p-1, and q is more than or equal to 2 140 ,p≥2 512 Then, a random number g (g.noteq.1) is selected to satisfy g q Identical to 1mod p, and then selecting a one-way hash functionZ p ×Z→{0,1,…,2 t-1 -wherein t ranges from a parameter greater than 72, the subscript p denotes the order of the group, Z p Representing a non-negative integer which is not more than p, Z represents an integer, and meanwhile, initializing an empty table T by a DOP (uploading responsible person);
uploading the signature parameters by responsible person DOPDisclosed in a dam bank monitoring data security sharing system.
3. The blockchain-based dam bank monitoring data security sharing method of claim 2, wherein the step of generating the signature public-private key of each responsible person comprises:
each responsible person generates a random number x j And d j ,1≤x j ≤q-1,d j ∈Z p Calculation ofy′ j =d j Deriving a signed public key component first portion y j With the second part y 'of the signed public key component' j The signature public key SPK is set to spk= (y) j ,y′ j ) The signature private key SSK is set to x j And publishing the signature public key SPK in a public way.
4. The blockchain-based dam monitoring data security sharing method of claim 1, wherein the step of initializing an encryption upload flow of the dam monitoring resource file comprises:
the trusted center generates a prime order K 0 Cycle group G 0 Cycle group G 0 The magnitude of (g) is determined by a safety parameter lambda, g 1 For cycle group G 0 Is a generator of (1); selecting an anti-collision hash functionRandom number->Then select the random element h 0 ∈G 0 Attribute hash element h 1 ,h 2 ,…h U ∈G 0 The method comprises the steps of carrying out a first treatment on the surface of the According to the parameters, a public key PK and a master key MSK are generated, and the corresponding calculation formula is as follows:
PK=(g 1 ,e(g 1 ,g 1 ) α ,h 1 ,h 2 ,…h U )
MSK=(a,β,g 1 α )
wherein,,representing not more than K 0 E represents the cyclic group G 0 Bilinear mapping relation on: e (G) 0 ,G 0 )→G 1 ,G 0 ,G 1 Are all cyclic groups.
5. The blockchain-based dam bank monitoring data security sharing method of claim 1, wherein the step of generating the conversion key and the signing key of the data access party comprises:
the data access party obtains the element set according to the public key PK and the master key MSKThen select the random number +.>The first component K of the conversion key, the second component L of the conversion key and the third component of the conversion key are calculated by the following formula>
Wherein AS d Attributes possessed by the user for access;
conversion key of data access side DU isAnd sending it from the secret channel to the computing node, the data access party storing the secret coefficient sc=z;
for generating a signing key, first the attribute authority is from the recurring group G 0 Selecting one generation element Computing signing key component K 0 :
The signing key of the data access side DU is
6. The blockchain-based dam monitoring data security sharing method of claim 5, wherein the step of the data access party sending a dam monitoring resource file request and obtaining the dam monitoring resource file comprises:
the data access direction access control system requests to access the resource file m and sets an attribute set AS according to the attribute of the data access direction access control system d ;
After receiving a file access request of a data access party, an access control system inquires an intelligent contract, acquires h (m) of an accessed file, accesses a hash value ipfsfile of the resource file and a table T encrypted by a key AESkey in an IPFS distributed storage network, then calls an IPFS inquiry algorithm to request to inquire an encrypted resource file Encfile stored in the IPFS distributed storage network, and returns an inquiry result Encfile after the IPFS distributed storage network inquires successfully;
the access control system reads the secret key ciphertext encAESkey stored in the system at the moment and sends the secret key ciphertext encAESkey to the data access party;
after the data access party obtains the key ciphertext encAESkey, firstly, the accuracy of the verification key ciphertext component is calculated according to the following formula:
e(σ 2 ,h 0 b )=e(σ 1 ,h 0 )
if verification is successful, the key ciphertext component is not tampered in the uploading and acquiring process, and then the data access party sends the key ciphertext to a computing node in the blockchain network to enable the computing node to convert the key ciphertext, so that the local computing burden is reduced;
the computing node in the block chain network converts the cipher key ciphertext according to the conversion key, firstly, the computing node makes the key ciphertextDefined AS i= { I: ρ (I) ∈as d If the attribute is set AS d Meets the access policy filepolicy (A, ρ) and λ i For the share of the shared key s with respect to the access matrix a, the algorithm can then calculate the value +_ in polynomial time>Satisfy Sigma i∈I ω i λ i =s, then perform the conversion ciphertext operation with the following formula, calculate the conversion ciphertext first component R:
will convert ciphertext (R, e 1 ) Is returned to the accessing user;
the data access party obtains the conversion ciphertext (R, e 1 ) And a secret coefficient SC, the secret key plaintext m is obtained by calculating and decrypting in the following way AESkey :
The data access side encrypts the table T and the key plaintext m by the key AESkey according to the encrypted resource file Encfile AESkey Invoking an AES decryption algorithm to decrypt the resource file and the table T to obtain a dangerous situation resource file m and table T content, and knowing the signature authentication condition of each responsible person of the resource file according to the table T content;
and the data access party calls the SHA256 algorithm to carry out hash operation on the dangerous resource file m, and if the hash operation is consistent with the h (m) result of the accessed file obtained by inquiring the intelligent contract, the resource file is not tampered in the whole process.
7. A blockchain-based dam monitoring data secure sharing system comprising a processor and a memory, the processor for processing instructions stored in the memory to implement the blockchain-based dam monitoring data secure sharing method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111496771.0A CN114338034B (en) | 2021-12-09 | 2021-12-09 | Block chain-based dam bank monitoring data safe sharing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111496771.0A CN114338034B (en) | 2021-12-09 | 2021-12-09 | Block chain-based dam bank monitoring data safe sharing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338034A CN114338034A (en) | 2022-04-12 |
| CN114338034B true CN114338034B (en) | 2023-07-18 |
Family
ID=81050009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111496771.0A Active CN114338034B (en) | 2021-12-09 | 2021-12-09 | Block chain-based dam bank monitoring data safe sharing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338034B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113193953A (en) * | 2021-04-16 | 2021-07-30 | 南通大学 | Multi-authority attribute-based encryption method based on block chain |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10530577B1 (en) * | 2019-02-08 | 2020-01-07 | Talenting, Inc. | Systems and methods for biometric key generation in data access control, data verification, and path selection in block chain-linked workforce data management |
| US11341261B2 (en) * | 2019-04-05 | 2022-05-24 | Spideroak, Inc. | Integration of a block chain, managing group authority and access in an enterprise environment |
| CN111639361B (en) * | 2020-05-15 | 2023-06-20 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN111988147B (en) * | 2020-08-20 | 2022-06-03 | 上海万向区块链股份公司 | Combined signature and signature verification method, system and storage medium |
| CN112910840B (en) * | 2021-01-14 | 2022-04-05 | 重庆邮电大学 | Medical data storage and sharing method and system based on alliance blockchain |
-
2021
- 2021-12-09 CN CN202111496771.0A patent/CN114338034B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113193953A (en) * | 2021-04-16 | 2021-07-30 | 南通大学 | Multi-authority attribute-based encryption method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338034A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835500B (en) | Searchable encryption data secure sharing method based on homomorphic encryption and block chain | |
| Odelu et al. | Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment | |
| CN109768858B (en) | Multi-authorization-based attribute encryption access control system in cloud environment and design method | |
| CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
| Zhou et al. | TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems | |
| CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
| US20200007318A1 (en) | Leakage-deterring encryption for message communication | |
| CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| WO2018201730A1 (en) | Lattice-based cloud storage data security audit method supporting uploading of data via proxy | |
| CN109831430A (en) | Safely controllable efficient data sharing method and system under a kind of cloud computing environment | |
| CN112187798B (en) | Bidirectional access control method and system applied to cloud-side data sharing | |
| Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
| CN105978695A (en) | Batch self-auditing method for cloud storage data | |
| CN110851845A (en) | Light-weight single-user multi-data all-homomorphic data packaging method | |
| Chatterjee et al. | Cryptography in cloud computing: a basic approach to ensure security in cloud | |
| CN114143094A (en) | Multi-authorization attribute-based verifiable encryption method based on block chain | |
| CN117201132A (en) | Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method | |
| CN109740383B (en) | Privacy protection control method for fog computing-oriented medical system | |
| Suveetha et al. | Ensuring confidentiality of cloud data using homomorphic encryption | |
| Zhang et al. | Data owner based attribute based encryption | |
| Abo-Alian et al. | Auditing-as-a-service for cloud storage | |
| Zhang et al. | A lattice-based designated verifier signature for cloud computing | |
| CN114362912A (en) | Identification password generation method based on distributed key center, electronic device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |