CN114826766B - Block chain cross-chain based security verifiable service providing method and system - Google Patents

Block chain cross-chain based security verifiable service providing method and system Download PDF

Info

Publication number
CN114826766B
CN114826766B CN202210541951.4A CN202210541951A CN114826766B CN 114826766 B CN114826766 B CN 114826766B CN 202210541951 A CN202210541951 A CN 202210541951A CN 114826766 B CN114826766 B CN 114826766B
Authority
CN
China
Prior art keywords
service
block chain
authentication center
verification
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210541951.4A
Other languages
Chinese (zh)
Other versions
CN114826766A (en
Inventor
段莉
解宇航
胥文耀
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN202210541951.4A priority Critical patent/CN114826766B/en
Publication of CN114826766A publication Critical patent/CN114826766A/en
Application granted granted Critical
Publication of CN114826766B publication Critical patent/CN114826766B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a block chain cross-chain based security verifiable service providing method and a system, which belong to the technical field of network communication, and are used for acquiring registration requests of a service provider and a service requester, respectively issuing digital certificates to the service provider after successful verification and receiving a service data ciphertext of the service provider; acquiring a service request of a service requester, and calling a matching contract to perform service matching after the service request passes verification; performing key conversion on a public key of a service requester to obtain a re-encryption key, and re-encrypting service data by using the re-encryption key; and issuing the service data ciphertext subjected to re-encryption on the proxy chain, decrypting by the service requester to obtain a service data plaintext, and performing data consistency verification by combining a verification contract. The invention adopts proxy re-encryption, uses the intelligent contract to match the request and the service, and ensures the data consistency and the safety through the intelligent contract and the hash function; the method can be extended to interconnection and intercommunication of a plurality of application chains, and requests and services can be carried out in two directions.

Description

Block chain cross-chain based security verifiable service providing method and system
Technical Field
The invention relates to the technical field of network communication, in particular to a safety verifiable service providing method and a safety verifiable service providing system based on block chain crossing.
Background
With the rapid development of information technology, the intelligent level and the deployment scale of the internet of things are continuously increased. In recent years, a block chain technology is widely used in various industries and obtains great economic and social benefits, however, in the current service scene of the internet of things, due to the bottom layer heterogeneity of the internet of things, different authentication modes and differences in geographic distribution exist among different trust domains, so that data isolation is caused, different trust domains of the internet of things are difficult to interact like a seat 'information island', however, resources in a single trust domain cannot meet the requirements of users, complex tasks require cross-domain cooperation of multiple entities and mutual operation of internet of things services, and at the moment, a cross-domain interaction method of the internet of things is needed to communicate service providers and service requesters in different trust domains, so that cross-domain provision of the internet of things services is realized.
The existing solution usually deploys a block chain independently for each internet of things trust domain or deploys a block chain in the whole internet of things application system hierarchical structure, and the architecture, data format and the like of various block chains are different and difficult to interconnect and intercommunicate. The block chain cross-chain technology refers to a technology for realizing interconnection and intercommunication of data assets among different block chain systems. Each block chain can correspond to each trust domain in the scene of the internet of things, and a cross-chain technology provides a feasible solution for cross-domain transmission of data of the internet of things.
The Internet of things brings some security risks such as wide attack range, fuzzy security boundary, poor node controllability and the like while providing convenience for users. In addition, due to the characteristics of mass and high real-time performance of data of the internet of things, unattended operation and mobility of equipment of the internet of things and the like, the service of the internet of things is more easily attacked than a traditional information system.
The existing security service providing method of the lightweight client based on the block chain also provides an incentive mechanism based on the reputation, but the method is based on a single block chain, the problem of data island is not solved, and the service instruction is provided under the chain, so that the security of the service instruction is not ensured. Aiming at the situation that a plurality of service providers provide services, a method for crossing a alliance chain and a public chain connects the service providers in the alliance chain and the terminal users in the public chain for providing services, but the method is in a chain-to-chain crossing mode, if the intercommunication of a plurality of application chains is realized, the complexity of a system is increased sharply, services can be provided only by a public chain initiating request and a alliance chain responding request in a single direction, and service matching is not performed.
Disclosure of Invention
The invention aims to provide a safe verifiable service providing method and system based on block chain cross-chain, which utilize a cross-chain technology to communicate different trust domains to realize cross-domain data interaction of the Internet of things, adopt technologies such as proxy re-encryption and the like to protect the safety of service data, adopt a comparative hash value to verify the consistency of the data to ensure the availability of the system, and add a punishment mechanism to carry out bidirectional constraint on a service requester and a service provider, so as to solve at least one technical problem in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme:
in one aspect, the present invention provides a block chain cross-chain based method for providing a secure verifiable service, including:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification is successful, a service provider encrypts service data and issues the service data to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification is passed;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to an agent chain, and then transfers the re-encrypted ciphertext to a second block chain, a service requester acquires the re-encrypted ciphertext from an account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues a service data plaintext Hash value to the second block chain, a second agent node acquires the service data plaintext Hash value from the account book and sends the service data plaintext Hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
Optionally, the step S1 includes:
the agent chain is initialized, the first block chain authentication center and the second block chain authentication center are required to respectively control a Peer node and join the same channel for data sharing, and the common identification node can join or quit the cluster according to the strategy configured in the created block;
the proxy node sends a registration request to the blockchain authentication center, the blockchain authentication center verifies whether the blockchain authentication center is legal or not, verifies the validity of the random number and the signature, if the blockchain authentication center passes the verification, the blockchain authentication center determines that the registration is successful, generates a digital certificate for the blockchain authentication center, writes the hash value of the digital certificate into the blockchain, and the blockchain authentication center returns the hash value to the proxy node.
The service provider encrypts service data plaintext by using a self public key and calls a first block chain to release a contract to be released, the first proxy node acquires the service data plaintext from an account book and sends the service data plaintext to a first block chain authentication center, and the first block chain authentication center calls the proxy chain to release the contract to be released after verification is passed and stores the contract in a service list on the proxy chain.
Optionally, the step S2 includes:
the service requester calls a service request contract on a second block chain to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain verification center, and the second block chain verification center calls a matching contract on the proxy chain after verification is passed; firstly, judging whether the user frequently initiates a request according to service request data, and calling a penalty contract to penalty a service requester if the user frequently initiates the request according to the service request data; if the service item does not exceed the threshold value, quickly searching the service item which accords with the service request Sid according to the bloom filter storage table of the Sid; then, sequentially verifying whether the catg meets the policy requirement in the service items successfully matched with the Sid, and if so, issuing the successfully matched service items on the agent chain; and if the matching fails, returning prompt information and notifying the service requester through the second blockchain authentication center and the second proxy node.
Optionally, the step S3 includes:
if the attribute of the requester meets the service policy, the requester is a legal user, the public key of the service requester is encrypted by the first block chain authentication center through the public key of the service provider and is sent to the first proxy node, the first proxy node issues the public key to the first block chain, the service provider obtains the public key from the account book, decrypts the public key through the private key of the service provider, then performs key conversion, and sends the re-encryption key to the first block chain authentication center through the first proxy node;
the first blockchain authentication center performs proxy re-encryption on the C1= Enc (PKp, m) of the service provider by using a re-encryption key to obtain C3= Enc (PK (p- > r), m), and then releases C3 to a proxy chain; PKp denotes a public key of the service provider, and m denotes a service instruction provided by the service provider.
Optionally, the step S4 includes:
and the second blockchain authentication center acquires the C3 from the account book and then sends the C3 to the second proxy node, the second proxy node issues the C3 to the second blockchain, the service requester acquires a service data plaintext by decrypting the service data plaintext by using a self private key after acquiring the service data plaintext, and the service data plaintext is marked as m' = Dec (Skr, C3), and then the processed hash value is obtained by processing through a hash function.
Optionally, the service requester sends a processed hash value call request contract to initiate a verification request, where the request is sent to the second blockchain authentication center through the second proxy node, and the second blockchain authentication center calls a verification contract to check whether a processing result of the Keccak256 hash function of the service instruction is equal to the processed hash value, and if not, calls a penalty contract to penalize the service provider, and notifies the service requester and the service provider of the verification and penalty results.
In a second aspect, the present invention provides a block chain cross-chain based security verifiable service providing system, including:
the system comprises an initialization module, a first block chain authentication center, a second block chain authentication center, a service provider and a second block chain authentication center, wherein the initialization module is used for sending registration requests to the first block chain authentication center and the second block chain authentication center respectively by a first proxy node and the second proxy node;
the matching module is used for calling a request contract by a service requester to issue a service request, the second proxy node acquires the service request from the account book and then sends the service request to the second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
the re-encryption module is used for carrying out key conversion on the service provider through a private key of the service provider and a public key of the service requester after the matching is successful to obtain a re-encryption key, and the first block chain authentication center carries out re-encryption on the service data by using the re-encryption key to obtain a re-encryption ciphertext;
and the decryption verification module is used for issuing the re-encrypted ciphertext on the agent chain and further transferring the re-encrypted ciphertext to a second block chain, the service requester acquires the re-encrypted ciphertext from the account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues the service data plaintext hash value to the second block chain, the second agent node acquires the service data plaintext hash value from the account book and then sends the service data plaintext hash value to a second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
In a third aspect, the present invention provides a computer device comprising a memory and a processor, the processor and the memory being in communication with each other, the memory storing program instructions executable by the processor, the processor calling the program instructions to perform the block chain cross-chain based secure verifiable service provisioning method as described above.
In a fourth aspect, the present invention provides an electronic device, comprising a memory and a processor, the processor and the memory being in communication with each other, the memory storing program instructions executable by the processor, the processor calling the program instructions to execute the block chain cross-chain based secure verifiable service providing method as described above.
In a fifth aspect, the present invention provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the block chain cross-chain based secure verifiable service providing method as described above.
The invention has the beneficial effects that: the agent re-encryption is adopted to carry out encryption protection on service data, an intelligent contract is used for matching the request and the service, the data consistency is ensured through the intelligent contract and a hash function, and the data security is ensured through the agent re-encryption; the relay chain cross-chain scheme is adopted, the interconnection and intercommunication of a plurality of application chains can be expanded, the request and the service can be carried out in two directions, the service requester and the service provider are subjected to two-way constraint by adopting a punishment contract, and the service which can be safely verified is provided for the service requester in a cross-domain mode.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a functional block diagram of a block chain-based cross-chain security verifiable service providing system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method of a system initialization phase according to an embodiment of the present invention.
Fig. 3 is a flowchart of a service request and matching phase method according to an embodiment of the invention.
Fig. 4 is a flow chart of a service data preparation phase according to an embodiment of the present invention.
Fig. 5 is a flowchart of a service data acquisition and verification stage according to an embodiment of the present invention.
Fig. 6 is a schematic flowchart of an overall method for providing a block chain-based inter-chain secure verifiable service according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
For the convenience of understanding, the present invention will be further explained by the following embodiments with reference to the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
It should be understood by those skilled in the art that the drawings are merely schematic representations of embodiments and that the elements shown in the drawings are not necessarily required to practice the invention.
Example 1
This embodiment 1 provides a block chain cross-chain based security verifiable service providing system, which includes:
the initialization module is used for the first proxy node and the second proxy node to send registration requests on a first block chain authentication center and a second block chain authentication center respectively, the first block chain authentication center and the second block chain authentication center issue digital certificates for the first proxy node and the second proxy node respectively after verification succeeds, a service provider encrypts service data and issues the service data to the first block chain, the first proxy node obtains a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification passes;
the matching module is used for calling a request contract to issue a service request by a service requester, the second proxy node acquires the service request from the account book and then sends the service request to the second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
the re-encryption module is used for carrying out key conversion by a service provider through a private key of the service provider and a public key of a service requester after matching is successful to obtain a re-encryption key, and the first block chain authentication center carries out re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and the decryption verification module is used for issuing the re-encrypted ciphertext on the agent chain and further transferring the re-encrypted ciphertext to a second block chain, the service requester acquires the re-encrypted ciphertext from the account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues the service data plaintext hash value to the second block chain, the second agent node acquires the service data plaintext hash value from the account book and then sends the service data plaintext hash value to a second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
In this embodiment 1, a block chain-based cross-chain secure verifiable service providing method is implemented based on the above system, and includes:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification is successful, a service provider encrypts service data and issues the service data to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification is passed;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to an agent chain, and then transfers the re-encrypted ciphertext to a second block chain, a service requester acquires the re-encrypted ciphertext from an account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues a service data plaintext Hash value to the second block chain, a second agent node acquires the service data plaintext Hash value from the account book and sends the service data plaintext Hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification. The step S1 includes:
initializing the agent chain, requiring the first block chain authentication center and the second block chain authentication center to respectively control a Peer node and join the same channel for data sharing, wherein the common identification node can join or quit the cluster according to the strategy configured in the created block;
the proxy node sends a registration request to the blockchain authentication center, the blockchain authentication center verifies whether the blockchain authentication center is legal or not, verifies the validity of the random number and the signature, if the blockchain authentication center passes the verification, the blockchain authentication center generates a digital certificate for the blockchain authentication center, the hash value of the digital certificate is written into the blockchain, and the blockchain authentication center returns the hash value to the proxy node.
The service provider encrypts service data plaintext by using a self public key and calls a first block chain to release a contract to be released, the first proxy node acquires the service data plaintext from an account book and sends the service data plaintext to a first block chain authentication center, and the first block chain authentication center calls the proxy chain to release the contract to be released after verification is passed and stores the contract in a service list on the proxy chain.
The step S2 includes:
the service requester calls a service request contract on a second block chain to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain verification center, and the second block chain verification center calls a matching contract on the proxy chain after verification is passed; firstly, judging whether the user frequently initiates a request according to service request data, and calling a punishment contract to punish a service requester if the service request data exceeds a set threshold; if the service item does not exceed the threshold value, quickly searching the service item which accords with the service request Sid according to the bloom filter storage table of Sid; then, sequentially verifying whether the catg meets the policy requirement in the service items successfully matched with the Sid, and if so, releasing the successfully matched service items on the agent chain; and if the matching fails, returning prompt information and notifying the service requester through the second blockchain authentication center and the second proxy node.
The step S3 includes:
if the attribute of the requester meets the service policy, the requester is a legal user, the public key of the service requester is encrypted by the first block chain authentication center through the public key of the service provider and is sent to the first proxy node, the first proxy node issues the public key to the first block chain, the service provider obtains the public key from the account book, decrypts the public key through the private key of the service provider, then performs key conversion, and sends the re-encryption key to the first block chain authentication center through the first proxy node;
the first blockchain authentication center performs proxy re-encryption on the C1= Enc (PKp, m) of the service provider by using a re-encryption key to obtain C3= Enc (PK (p- > r), m), and then releases C3 to the proxy chain; PKp denotes a public key of the service provider, and m denotes a service instruction provided by the service provider.
The step S4 includes:
and the second blockchain authentication center acquires C3 from the account book and then sends the C3 to the second proxy node, the second proxy node issues the C3 to the second blockchain, the service requester acquires the service data plaintext by using a private key of the service requester after acquiring the service data plaintext from the account book, the service data plaintext is marked as m' = Dec (Skr, C3), and then the processed Hash value is obtained through Hash function processing.
The service requester sends a processed hash value calling request contract to initiate a verification request, the request is sent to a second block chain authentication center through a second proxy node, the second block chain authentication center calls a verification contract to check whether a Keccak256 hash function processing result of the service instruction is equal to the processed hash value or not, if the processing result is not equal to the processed hash value, a penalty contract is called to punish a service provider, and the service requester and the service provider are notified of the verification and penalty results.
In summary, in this embodiment 1, a block chain cross-link technology is used to design a security verifiable service providing method, and a relay chain mode is used in the cross-link scheme, in which an intelligent contract on a relay chain is used to match a request and a service sent by a proxy node, and a proxy re-encryption and hash algorithm are used to ensure that the service data is securely verifiable. The functions of four aspects are realized, firstly, a service provider provides service to a service requester in a cross-chain manner, cross-chain data sharing is realized, and the problem of data island is solved; secondly, the service data is transmitted in a ciphertext mode, so that the safety and the privacy of the service data are protected; thirdly, the intelligent contract verifies whether the service data is tampered through the hash value, and consistency of cross-link data is guaranteed; and fourthly, adding a punishment mechanism to restrict the service requester and the service provider, and ensuring the service quality of the cross-chain service providing method.
Example 2
This embodiment 2 provides a system and a method for providing a verifiable security service based on blockchain cross-linking, which use a blockchain cross-linking technology to solve the problem of data isolation between different trust domains of the conventional internet of things, perform security protection on service data through proxy re-encryption, verify data consistency according to the hash value of the service data finally obtained by a service requester and the original hash value provided by a service provider, and add a punishment mechanism.
With reference to fig. 1 and fig. 6, in the cross-chain system and method provided in this embodiment, any application chain except the proxy chain in the system is in an equal position, and can request a service or provide a service, that is, a data flow is bidirectional, and here, a description is given by using only a flow in which a first blockchain provides a service to a second blockchain in a unidirectional manner, where the model includes three entities: a first block chain, a second block chain and a relay agent chain (referred to as agent chain). Description of the symbols: IDa is the identity of the first proxy node, PKa is the public key of the first proxy node, SKa is the private key of the first proxy node, sig is the signature function, N1 is a random number 1, cert1 is a digital certificate issued by the first blockchain certification authority for the first proxy node, T1 is the validity period of the digital certificate Cert1, PKp is the public key of the service provider, SKp is the private key of the service provider, sid is the unique identification number of the service S, m is the service instruction provided by the service provider, policy is the service policy of the service provider, PKr is the public key of the service requester, SKr is the private key of the service requester, and catg is the attribute of the service requester. The first block chain and the second block chain adopt a public chain, and the agent chain adopts a union chain. The main flow of the system can be divided into the following four stages:
s1, system initialization: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification succeeds, service data are encrypted by a service provider and are issued to a first block chain, the first proxy node acquires a service data ciphertext from an account book and then sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification passes.
S2, service request and matching: and the service requester on the second blockchain can call a contract request on the second blockchain to initiate a service request at any time, the second proxy node acquires the request from the account book and then sends the request to a second blockchain authentication center, and the second blockchain authentication center calls a matching contract on the proxy chain to perform service matching after verification passes.
S3, service data preparation: after the matching is successful, the first block chain authentication center sends the PKr to the first proxy node in a ciphertext mode, the first proxy node can obtain the PKr in an account book after being issued on the first block chain, the service provider sends a re-encryption key to the first block chain authentication center through the first proxy node after carrying out key conversion, and the first block chain authentication center carries out re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext.
S4, service data acquisition and verification: the first blockchain authentication center issues the re-encrypted ciphertext on the agent chain, the second blockchain authentication center acquires the re-encrypted ciphertext from the account book and sends the re-encrypted ciphertext to the second agent node, the second agent node issues the re-encrypted ciphertext on the second blockchain, the service requester can acquire the re-encrypted ciphertext in the account book and decrypt the re-encrypted ciphertext by using a private key of the second agent node to acquire the service data plaintext, then the service data plaintext hash value is issued on the second blockchain, the second agent node acquires the service data plaintext hash value from the account book and sends the service data plaintext hash value to the second blockchain authentication center, and the second blockchain authentication center calls contract authentication to perform data consistency authentication after passing authentication.
Each stage is described in detail as follows:
the system initialization stage of step S1 specifically includes the following steps, and the specific flow is shown in fig. 2:
s11: the agent chain is initialized, taking Hyperridge Fabric alliance chain as an example, wherein a first block chain authentication center and a second block chain authentication center are required to respectively control a Peer node and join the same channel for data sharing, a common identification node can join or quit the cluster according to a strategy configured in the created block, and a record is left on the chain after updating. If the blockchain certificate authority exits, the previously issued proxy node is still available on the chain, so that the continued use is not influenced, but the update needs to be registered again. If some of the blockchain authentication centers consider that some blockchain authentication center no longer has the capability of providing verification services, the consensus can be achieved to force it to exit. The difference with the active exit of the blockchain certificate authority from the cluster is that this case requires the expiration of all certificates issued by the blockchain certificate authority since untrusted.
S12: the first proxy node and the second proxy node are respectively registered in the first blockchain authentication center and the second blockchain authentication center, taking the registration of the first proxy node as an example: (1) the first proxy node sends a registration request Reg = (IDa, PKa, sig (SKa, N1) to a first blockchain authentication center, wherein IDa is (2) whether the first blockchain authentication center is legal or not through IDa verification after receiving the registration request, the validity of a random number and a signature is verified, if the verification is successful, a digital certificate Cert1= (IDa, PKa, T1) is generated for the first blockchain authentication center, a Hash (Cert 1) of the digital certificate is written into a blockchain (3), the first blockchain authentication center returns Hash (Cert 1) to the first proxy node, and then the Hash (Cert 1) is presented every time the first proxy node sends a message to the first blockchain authentication center, the first blockchain authentication center can verify the first blockchain authentication center, and the second proxy node obtains the Hash (Cert 2) after registering to the second blockchain authentication center.
S13: the service provider calls a release contract on a first block chain to release uplink, namely { Pkp, sid, C1, hash (m) and policy }, of 5 items of information including a public key PKp of the service provider, a unique service identification number Sid, C1= Enc (PKp, m), a Keccak256 Hash function processing result Hash (m) of a service plaintext m and policy.
The service request and matching stage of step S2 specifically includes the following steps, and the specific flow is shown in fig. 3:
s21: the service requester calls a request contract on the second block chain to issue the 3 items of information, namely the service request { PKr, sid, catg }, of the public keys PKr, sid and the attribute catg of the service requester, the second proxy node sends { PKr, sid, catg, hash (Cert 2) } to a second block chain authentication center after acquiring from the account book, and the second block chain authentication center calls a matching contract on the proxy chain after verifying that the Hash (Cert 2) passes through.
S22: the matching process is as follows: firstly, judging whether the user frequently initiates a request according to service request data, and calling a penalty contract to penalty a service requester if the service request data exceeds a set threshold; if the threshold value is not exceeded, the service item meeting the service request Sid is quickly searched according to the bloom filter storage table of Sid. Then, sequentially verifying whether the catg meets the policy requirement in the service items successfully matched with the Sid, and if so, issuing the successfully matched service items on the agent chain; and if the matching fails, returning a prompt message to prompt the second block chain authentication center.
The step S3 of preparing service data specifically includes the following steps, and a specific flow is shown in fig. 4:
s31: if the attribute of the requester meets the service policy, the requester is a legal user, the first block chain authentication center encrypts PKr by using PKp to resist public key replacement attack which may be initiated by a first proxy node, namely C2= Enc (PKp, PKr), sends C2 to the first proxy node, the first proxy node issues C2 to the first block chain, a service provider obtains the PKr from an account book and decrypts the PKp by using a private key of the service provider, then performs key conversion by using the SKp and the PKr, and sends a re-encryption key PK (p- > r) to the first block chain authentication center through the first proxy node.
S32: the first blockchain certificate authority performs proxy re-encryption on C1= Enc (PKp, m) by using the re-encryption key PK (p- > r) to obtain C3= Enc (PK (p- > r), m), and then releases C3 to the proxy chain.
The step S4 of acquiring and verifying the service data includes the following steps, and the specific flow is shown in fig. 5:
s41: and the second block chain authentication center acquires C3 from the account book and then sends the C3 to the second proxy node, the second proxy node issues the C3 to the second block chain, the service requester acquires the C3 from the account book and then decrypts the C3 by using a private key of the service requester to acquire a service data plaintext, the service data plaintext is recorded as m '= Dec (Skr, C3), and the service data plaintext is processed by the same Keccak256 Hash function to acquire Hash (m').
S42: the service requester sends a Hash (m ') calling request contract to initiate a verification request, the request is sent to a second blockchain authentication center through a second proxy node, the second blockchain authentication center calls a verification contract to check whether the Hash (m) is equal to the Hash (m '), if the Hash (m) is not equal to the Hash (m '), a penalty contract is called to punish the service provider, and the verification and punishment results are notified to the service requester and the service provider.
The application chain of the system such as the first block chain and the second block chain adopts a public chain, and the agent chain adopts a alliance chain. To achieve 51% attack, an attacker needs to control at least 51% of the total network in PoW public chain consensus protocol, at least 51% of the total network tokens in PoS public chain consensus protocol, and at least 1/3 of the alliance chain network nodes in PBFT alliance chain consensus protocol, so 51% attack is not feasible.
The service provider encrypts and releases locally prepared service data to a first block chain by using a private key at the system initialization stage, a first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to a first block chain authentication center, the first block chain authentication center issues the service data ciphertext to a proxy chain after passing verification, a service requester calls a request contract to issue a service request, a second proxy node acquires the service data ciphertext from the account book and sends the service data ciphertext to a second block chain authentication center, the second block chain authentication center calls a matching contract to perform service matching after passing verification, after the matching is successful, the first block chain authentication center encrypts a service requester public key by using a service provider public key and sends the service requester public key to a first proxy node, the first proxy node issues the service data to a first block chain, the service provider decrypts the service requester public key after acquiring the service requester public key by using the private key after the account book acquires the service requester public key, the service requester public key is generated locally by using the service requester and the private key, and finally the service requester private key is calculated by using a plaintext encryption key in the service provider encryption and a complete service protection process, and the service data encryption is infeasible.
In addition to the ciphertext-only attack, in the proxy re-encryption process, if the first proxy node successfully replaces the public key of the service requester with the public key of the first proxy node, re-encrypted service data can be acquired and decrypted, but the public key of the service requester is encrypted by the first block chain authentication center by using the public key of the service provider, so that the first proxy node is infeasible to maliciously initiate the public key replacement attack.
If the service requester frequently initiates requests, the requests are detected by the matching contract in the service matching stage, and then a punishment contract is called to punish the service requester; if the service provider frequently issues useless or malicious services, the services are detected by the verification contract in the service verification stage, and then the service provider is punished by invoking the punishment contract. Therefore, the system can resist DoS attacks to a certain extent.
The system time overhead mainly depends on two parts of service matching and proxy re-encryption: the service matching part comprises Sid matching and attribute strategy matching, a high-efficiency bloom filter is adopted for storage matching, secondary matching is set, and only the service matched through Sid enters attribute strategy matching, so that the time overhead of the service matching part is low. Although the proxy re-encryption has a larger time overhead compared with the ordinary symmetric or asymmetric encryption, the embodiment adopts a public algorithm, and the first blockchain authentication center re-encrypts only C1= Enc (PKp, m) after acquiring the re-encryption key, so that the data volume is small, and the system time overhead is effectively reduced.
Example 3
An embodiment 3 of the present invention provides an electronic device, including a memory and a processor, where the processor and the memory are in communication with each other, the memory stores a program instruction executable by the processor, and the processor invokes the program instruction to execute a block chain-based cross-chain security verifiable service providing method, where the method includes the following steps:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification succeeds, service data are encrypted by a service provider and are issued to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification passes;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to an agent chain, and then transfers the re-encrypted ciphertext to a second block chain, a service requester acquires the re-encrypted ciphertext from an account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues a service data plaintext Hash value to the second block chain, a second agent node acquires the service data plaintext Hash value from the account book and sends the service data plaintext Hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
Example 4
An embodiment 4 of the present invention provides a computer-readable storage medium, in which a computer program is stored, where the computer program, when executed by a processor, implements a block chain-based security verifiable service providing method, where the method includes the following steps:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification succeeds, service data are encrypted by a service provider and are issued to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification passes;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to the agent chain and then transfers the re-encrypted ciphertext to the second block chain, the service requester acquires the re-encrypted ciphertext from the account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then the service data plaintext hash value is issued to the second block chain, the second agent node acquires the service data plaintext hash value from the account book and then sends the service data plaintext hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
Example 5
An embodiment 5 of the present invention provides a computer device, including a memory and a processor, where the processor and the memory are in communication with each other, the memory stores a program instruction executable by the processor, and the processor invokes the program instruction to execute a block chain-based cross-chain security verifiable service providing method, where the method includes:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification is successful, a service provider encrypts service data and issues the service data to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification is passed;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to an agent chain, and then transfers the re-encrypted ciphertext to a second block chain, a service requester acquires the re-encrypted ciphertext from an account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues a service data plaintext Hash value to the second block chain, a second agent node acquires the service data plaintext Hash value from the account book and sends the service data plaintext Hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification. In summary, the block chain-crossing based security verifiable service providing method and system in the embodiments of the present invention implement a chain-crossing service through a relay chain, implement heterogeneous and cross-domain service provision of the internet of things, and ensure security and consistency of service data; registering to the agent chain through the agent node on each application chain and acquiring a certificate to obtain the qualification of transmission request and service information, and storing service data, matching service, implementing punishment and the like by adopting a relay chain and an intelligent contract; the block chain cross-chain technology is utilized to realize cross-heterogeneous trust domain service provision, proxy re-encryption is adopted to perform encryption protection on service data, intelligent contracts are used to match requests and services, and a punishment mechanism is added. Data consistency is guaranteed through intelligent contracts and hash functions, and data safety is guaranteed through proxy re-encryption. The invention adopts a relay chain cross-link scheme, can be expanded to the interconnection and intercommunication of a plurality of application chains, can carry out request and service in two directions, and carries out two-way constraint on a service requester and a service provider by adopting a punishment contract. Focusing on a particular service provider provides a secure, verifiable service for a service requester across domains.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts based on the technical solutions disclosed in the present invention.

Claims (10)

1. A block chain cross-chain based secure verifiable service providing method is characterized by comprising the following steps:
step S1: the method comprises the steps that a first proxy node and a second proxy node respectively send registration requests to a first block chain authentication center and a second block chain authentication center, the first block chain authentication center and the second block chain authentication center respectively issue digital certificates for the first proxy node and the second proxy node after verification is successful, a service provider encrypts service data and issues the service data to a first block chain, the first proxy node acquires a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification is passed;
step S2: the service requester calls a request contract to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
and step S3: after matching is successful, the service provider performs key conversion through a private key of the service provider and a public key of a service requester to obtain a re-encryption key, and the first block chain authentication center performs re-encryption on service data by using the re-encryption key to obtain a re-encryption ciphertext;
and step S4: the first block chain authentication center issues the re-encrypted ciphertext to an agent chain, and then transfers the re-encrypted ciphertext to a second block chain, a service requester acquires the re-encrypted ciphertext from an account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues a service data plaintext Hash value to the second block chain, a second agent node acquires the service data plaintext Hash value from the account book and sends the service data plaintext Hash value to the second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
2. The block chain cross-chain based secure verifiable service providing method according to claim 1, wherein the step S1 comprises:
the agent chain is initialized, the first block chain authentication center and the second block chain authentication center are required to respectively control a Peer node and join the same channel for data sharing, and the common identification node can join or quit the cluster according to the strategy configured in the created block;
the proxy node sends a registration request to a blockchain authentication center, the blockchain authentication center verifies whether the blockchain authentication center is legal or not, verifies the validity of the random number and the signature, if the blockchain authentication center passes the verification, the blockchain authentication center determines that the registration is successful, generates a digital certificate for the blockchain authentication center, writes a hash value of the digital certificate into the blockchain, and returns the hash value to the proxy node;
the service provider encrypts service data plaintext by using a self public key and calls a first block chain to release a contract to be released, the first proxy node acquires the service data plaintext from an account book and sends the service data plaintext to a first block chain authentication center, and the first block chain authentication center calls the proxy chain to release the contract to be released after verification is passed and stores the contract in a service list on the proxy chain.
3. The block chain cross-chain based secure verifiable service providing method according to claim 1, wherein said step S2 comprises:
the service requester calls a service request contract on a second block chain to issue a service request, the second proxy node acquires the service request from the account book and sends the service request to a second block chain verification center, and the second block chain verification center calls a matching contract on the proxy chain after verification is passed; firstly, judging whether the user frequently initiates a request according to service request data, and calling a punishment contract to punish a service requester if the service request data exceeds a set threshold; if the service item does not exceed the threshold value, quickly searching the service item which accords with the service request Sid according to the bloom filter storage table of Sid; then, sequentially verifying whether the catg meets the policy requirement in the service items successfully matched with the Sid, and if so, issuing the successfully matched service items on the agent chain; and if the matching fails, returning prompt information and notifying the service requester through the second blockchain authentication center and the second proxy node.
4. The block chain cross-chain based secure verifiable service providing method according to claim 1, wherein said step S3 comprises:
if the attribute of the requester meets the service policy, the requester is a legal user, the public key of the service requester is encrypted by the first blockchain authentication center through the public key of the service provider and is sent to the first proxy node, the first proxy node issues the public key to the first blockchain, the service provider obtains the public key from the account book and decrypts the public key through the private key of the service provider, then key conversion is carried out, and the re-encryption key is sent to the first blockchain authentication center through the first proxy node;
the first blockchain authentication center performs proxy re-encryption on the C1= Enc (PKp, m) of the service provider by using a re-encryption key to obtain C3= Enc (PK (p- > r), m), and then releases C3 to a proxy chain; PKp denotes a public key of the service provider, and m denotes a service instruction provided by the service provider.
5. The block chain cross-chain based secure verifiable service providing method according to claim 1, wherein said step S4 comprises:
the second blockchain authentication center acquires C3 from the account book and then sends the C3 to the second proxy node, the second proxy node issues the C3 to the second blockchain, the service requester acquires the service data plaintext by decrypting the service data plaintext by using a private key of the service requester after acquiring the service data plaintext, the service data plaintext is marked as m' = Dec (Skr, C3), and then the processed Hash value is obtained by processing through a Hash function, wherein the SKr represents the private key of the service requester;
the service requester sends a processed hash value calling request contract to initiate a verification request, the request is sent to a second block chain authentication center through a second proxy node, the second block chain authentication center calls a verification contract to check whether a Keccak256 hash function processing result of the service instruction is equal to the processed hash value or not, if the processing result is not equal to the processed hash value, a penalty contract is called to punish a service provider, and the service requester and the service provider are notified of the verification and penalty results.
6. The method for providing a security verifiable service based on block chain crossing chain as claimed in claim 5, wherein the service requester sends a processed hash value call request contract to initiate a verification request, the request is sent to the second blockchain authentication center through the second proxy node, the second blockchain authentication center calls a verification contract to check whether the processing result of the Keccak256 hash function of the service command is equal to the processed hash value, if not equal, a penalty contract is called to penalize the service provider, and the service requester and the service provider are informed of the verification and penalty result.
7. A block chain cross-chain based secure verifiable service providing system based on the method of any of claims 1-6, comprising:
the initialization module is used for the first proxy node and the second proxy node to send registration requests on a first block chain authentication center and a second block chain authentication center respectively, the first block chain authentication center and the second block chain authentication center issue digital certificates for the first proxy node and the second proxy node respectively after verification succeeds, a service provider encrypts service data and issues the service data to the first block chain, the first proxy node obtains a service data ciphertext from an account book and sends the service data ciphertext to the first block chain authentication center, and the first block chain authentication center issues the service data ciphertext to a proxy chain after verification passes;
the matching module is used for calling a request contract to issue a service request by a service requester, the second proxy node acquires the service request from the account book and then sends the service request to the second block chain authentication center, and the second block chain authentication center calls a matching contract to perform service matching after passing the verification;
the re-encryption module is used for carrying out key conversion on the service provider through a private key of the service provider and a public key of the service requester after the matching is successful to obtain a re-encryption key, and the first block chain authentication center carries out re-encryption on the service data by using the re-encryption key to obtain a re-encryption ciphertext;
and the decryption verification module is used for issuing the re-encrypted ciphertext on the agent chain and further transferring the re-encrypted ciphertext to a second block chain, the service requester acquires the re-encrypted ciphertext from the account book and decrypts the re-encrypted ciphertext by using a private key of the service requester to obtain a service data plaintext, then issues the service data plaintext hash value to the second block chain, the second agent node acquires the service data plaintext hash value from the account book and then sends the service data plaintext hash value to a second block chain authentication center, and the second block chain authentication center calls a verification contract to perform data consistency verification after passing the verification.
8. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the method for providing secure verifiable services based on block chain crossing of any of claims 1-6.
9. A computer device comprising a memory and a processor, the processor and the memory being in communication with each other, the memory storing program instructions executable by the processor, the processor invoking the program instructions to perform the blockchain cross-chain based secure verifiable service provisioning method of any of claims 1-6.
10. An electronic device comprising a memory and a processor, the processor and the memory being in communication with each other, the memory storing program instructions executable by the processor, the processor invoking the program instructions to perform the blockchain cross-chain based secure verifiable service provisioning method of any of claims 1-6.
CN202210541951.4A 2022-05-18 2022-05-18 Block chain cross-chain based security verifiable service providing method and system Active CN114826766B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210541951.4A CN114826766B (en) 2022-05-18 2022-05-18 Block chain cross-chain based security verifiable service providing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210541951.4A CN114826766B (en) 2022-05-18 2022-05-18 Block chain cross-chain based security verifiable service providing method and system

Publications (2)

Publication Number Publication Date
CN114826766A CN114826766A (en) 2022-07-29
CN114826766B true CN114826766B (en) 2022-11-18

Family

ID=82515990

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210541951.4A Active CN114826766B (en) 2022-05-18 2022-05-18 Block chain cross-chain based security verifiable service providing method and system

Country Status (1)

Country Link
CN (1) CN114826766B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174277B (en) * 2022-09-07 2022-12-06 浙江省邮电工程建设有限公司 Data communication and file exchange method based on block chain
CN115378942B (en) * 2022-10-10 2022-12-20 北京理工大学 Information cross-chain interaction method and interaction device for block chain
CN117294447B (en) * 2023-10-18 2024-03-19 河北省科学院应用数学研究所 Trusted authentication method and device based on blockchain, terminal equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170017954A1 (en) * 2015-07-14 2017-01-19 Fmr Llc Point-to-Point Transaction Guidance Apparatuses, Methods and Systems
US10657261B2 (en) * 2017-11-30 2020-05-19 Mocana Corporation System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service
US10949557B2 (en) * 2018-08-20 2021-03-16 Cisco Technology, Inc. Blockchain-based auditing, instantiation and maintenance of 5G network slices
CN109559227A (en) * 2018-11-29 2019-04-02 咪咕文化科技有限公司 A kind of method of commerce, device and the storage medium of transregional piece of chain network
CN110213263B (en) * 2019-05-30 2021-10-22 全链通有限公司 Identity authentication method, equipment and storage medium based on alliance block chain

Also Published As

Publication number Publication date
CN114826766A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN113221169B (en) Method and device for inquiring block chain private data
CN109918878B (en) Industrial Internet of things equipment identity authentication and safe interaction method based on block chain
CN112329041B (en) Method and device for deploying contracts
CN114826766B (en) Block chain cross-chain based security verifiable service providing method and system
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
CN111095899B (en) Distributed key management for trusted execution environments
CN110580413B (en) Private data query method and device based on down-link authorization
TWI701929B (en) Cryptographic calculation, method for creating working key, cryptographic service platform and equipment
JP5977292B2 (en) Digital rights management using trusted processing technology
JP4993733B2 (en) Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN111095256A (en) Securely executing intelligent contract operations in a trusted execution environment
Miao et al. Optimized verifiable fine-grained keyword search in dynamic multi-owner settings
CN110580245B (en) Private data sharing method and device
CN110580262A (en) Private data query method and device based on intelligent contract
CN111523110A (en) Permission query configuration method and device based on chain codes
WO2021088543A1 (en) Smart contract-based permission query configuration method and apparatus
CN111079191A (en) CP-ABE access control scheme based on block chain
WO2014114080A1 (en) Method and system for data encryption protection
KR20240011878A (en) Secure and reliable bridge for asset transfer between different networks with updated watcher pools
CN113326541A (en) Cloud edge collaborative multi-mode private data transfer method based on intelligent contract
CN114362993A (en) Block chain assisted Internet of vehicles security authentication method
Xue et al. A blockchain based user subscription data management and access control scheme in mobile communication networks
CN113901432A (en) Block chain identity authentication method, equipment, storage medium and computer program product
CN113726733B (en) Encryption intelligent contract privacy protection method based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant