WO2021012746A1 - 基于区块链的数据加密方法、装置、电子设备和存储介质 - Google Patents
基于区块链的数据加密方法、装置、电子设备和存储介质 Download PDFInfo
- Publication number
- WO2021012746A1 WO2021012746A1 PCT/CN2020/088432 CN2020088432W WO2021012746A1 WO 2021012746 A1 WO2021012746 A1 WO 2021012746A1 CN 2020088432 W CN2020088432 W CN 2020088432W WO 2021012746 A1 WO2021012746 A1 WO 2021012746A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- field
- document
- target
- type
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- This application relates to the technical field of blockchain, and in particular to blockchain-based data encryption methods, devices, electronic equipment and storage media.
- Banks and enterprises generally need to maintain relevant business relationships through document data.
- banks send document data to enterprises, they generally use the advantages of blockchain technology to supervise and have a high degree of trust to upload the document data to the blockchain , So that the corresponding company can view the document data.
- the inventor realized that there are many companies that cooperate with banks. If the document data for a certain company is uploaded to the chain, the document data for that company can be used by any other blockchain node of the company that cooperates with the bank.
- this application provides a method based on Blockchain data encryption methods, devices, electronic equipment and storage media.
- a blockchain-based data encryption method includes:
- the key for encrypting the field data corresponding to the target field type for which the target enterprise node has access rights in the document data is sent to the target enterprise node, so that the target enterprise node is based on the target enterprise node
- the key for encrypting the field data corresponding to the target field type with the access authority in the bill data decrypts the encrypted data.
- an electronic device including a memory and a processor, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the processor executes the above-mentioned The steps of the blockchain data encryption method.
- a storage medium storing computer-readable instructions.
- the one or more processors execute the above-mentioned blockchain-based data encryption A step of.
- the server side corresponding to the bank node encrypts the field data corresponding to all the field types contained in the document data with a specific key to obtain the encrypted encrypted data, and corresponds to the target field type that the enterprise node has access rights in the document data
- the key to encrypt the field data is sent to the enterprise node, so that the enterprise node decrypts the encrypted encrypted data based on the key, so that the enterprise corresponding to the enterprise node that receives the receipt data can view the bank node pair receipt
- the field type for key authorization in the data satisfies the more complex data transmission requirements between the bank and the enterprise; in addition, the enterprise nodes corresponding to other enterprises cooperating with the bank do not have the key, so they can only consult the encrypted document data , And then realize that when the document data is chained, the leakage of the document data can be avoided.
- Fig. 1 is an implementation flowchart of a block chain-based data encryption method shown in an exemplary embodiment of the present application.
- Fig. 2 is a specific implementation flowchart of step S120 in the block chain-based data encryption method shown in an exemplary embodiment of the present application.
- FIG. 3 is a specific implementation flow chart of step S130 in the block chain-based data encryption method shown in an exemplary embodiment of the present application.
- Fig. 4 is a specific implementation flowchart of step S170 in the block chain-based data encryption method shown in an exemplary embodiment of the present application.
- Fig. 5 is a block diagram of a block chain-based data encryption device according to an exemplary embodiment of the present application.
- Fig. 6 is an exemplary block diagram of an electronic device used to implement the above-mentioned blockchain-based data encryption method according to an exemplary embodiment of the present application.
- Fig. 7 shows a computer-readable storage medium for implementing the above-mentioned blockchain-based data encryption method according to an exemplary embodiment of the present application.
- Fig. 1 shows a flowchart of the implementation of a blockchain-based data encryption method according to an exemplary embodiment of the present application.
- the execution subject of the blockchain-based data encryption method in this embodiment is an electronic device, which The device may specifically be the server side corresponding to the bank node in the data blockchain.
- the blockchain-based data encryption method shown in FIG. 1 may include the following steps S110 to S170, which are described in detail as follows:
- Step S110 in response to the upload request for uploading the document data entered by the employee account, obtain the document data in the upload request and the document type corresponding to the document data, and respond from the employee account accordingly.
- the employee level is obtained from the employee information.
- the upload request is a request received by the server corresponding to the bank node in the data blockchain to upload the document data to the data blockchain.
- This request can be manually performed by the bank’s employees. Operate the physical buttons or virtual controls provided by the client device corresponding to the bank node to trigger, wherein when the request is triggered, the bill data and the bill type of the bill data are required.
- the bank employee needs to log in the employee account registered on the server side corresponding to the bank node in the client device in order to trigger the chain request.
- the employee information includes at least the employee level.
- the employee level can be the job level of the employee, such as different job levels such as manager and employee.
- Employee information can also include information such as name, age, and job number.
- the server side corresponding to the bank node associates the employee account and the employee information corresponding to the employee account to the employee information database.
- the server side corresponding to the bank node obtains the document data in the chain request and the document type corresponding to the document data in response to the upload request entered by the employee account for uploading the document data.
- the server side corresponding to the bank node finds the employee information corresponding to the employee account from the employee information database according to the logged-in employee account, and obtains the employee level from the employee information corresponding to the employee account.
- Step S120 based on the field data corresponding to the field type of the enterprise name in the document data, determine the target enterprise node having access rights to the document data, and obtain the industry type corresponding to the target enterprise node.
- the documents may specifically be different types of documents such as purchase orders or invoices.
- the data contained in the document is a data set that contains field data of multiple different field types.
- the field types contained in the data set can include "company name”, “Payment terms”, “product name”, “quantity” and “unit price”, etc.
- the server side corresponding to the bank node can determine the target enterprise node that has access rights to the document data based on the information contained in the field data corresponding to the field type of the enterprise name in the document data.
- the server also obtains the industry type of the enterprise from the enterprise information corresponding to the target enterprise node based on the determined target enterprise node that has access rights to the document data.
- Figure 2 is a specific implementation flow chart of step S120 in the blockchain-based data encryption method shown in an exemplary embodiment of the present application.
- the document-based data is the name of the company
- the step S120 of determining the target enterprise node that has access rights to the document data by the field data corresponding to the field type of, includes:
- Step S1201 Obtain the enterprise name information contained in the field data corresponding to the field type of the enterprise name in the document data.
- the server side corresponding to the bank node obtains the enterprise name information contained in the field data corresponding to the field type of the enterprise name in the document data, for example, the field data of the field type of the enterprise name in the document data includes If the company name information is "XX Express Company", then "XX Express Company" is an enterprise that can view the document data.
- Step S1202 based on the enterprise name information, the relationship table between the enterprise name and the enterprise node, determine the target enterprise node for which the document data has access rights.
- the server side corresponding to the bank node prestores the relationship table between the enterprise name and the enterprise node in the local database, where the relationship table between the enterprise name and the enterprise node contains the enterprises corresponding to all the enterprises that cooperate with the bank Correspondence between node and company name.
- step S130 the field data corresponding to all the field types included in the document data are respectively encrypted with a specific key to obtain encrypted encrypted data.
- the document data is a data set containing field data of multiple different field types
- the field data corresponding to all the field types contained in the document data can be passed through Encrypted with a specific key to obtain the encrypted encrypted data.
- the server corresponding to the bank node By encrypting all the field types contained in the document data with a specific key, it is convenient for the server corresponding to the bank node to adaptively adjust some field types in the document data according to data transmission requirements The corresponding field data is authorized for the key.
- the above-mentioned specific keys are preset keys for different field types, and the keys corresponding to different field types are generally different.
- Figure 3 is a specific implementation flow chart of step S130 in the block chain-based data encryption method shown in an exemplary embodiment of the present application.
- the document data includes The field data corresponding to all the field types of are respectively encrypted with a specific key to obtain encrypted data in step S130, including:
- Step S1301 Obtain all the field types included in the bill data.
- the server side corresponding to the bank node obtains all the field types contained in the document data based on the document data of all document types and the relationship table of the field types contained in the document data of the document type.
- Step S1302 Determine a specific key for respectively encrypting field data corresponding to all field types based on a preset relationship table between field types and keys.
- the server side corresponding to the bank node pre-stores in the local database a relationship table of all field types and the key to encrypt the field data corresponding to the field type.
- the server side uses the relationship table and all the field types contained in the obtained document data. Determine the specific key used to encrypt the field data corresponding to all field types.
- step S1303 field data corresponding to all field types are respectively encrypted based on the specific key to obtain encrypted encrypted data.
- the server corresponding to the bank node separately encrypts the field data corresponding to all field types in the singular data based on the determined specific key to obtain the encrypted encrypted data, which is to obtain the encrypted data set in the document data. Encrypted document data.
- step S140 the document type, the industry type, and the employee level are input into a preset machine learning model to determine that the target enterprise node is included in the document data.
- the target field type of the access permission is input into a preset machine learning model to determine that the target enterprise node is included in the document data.
- the server side corresponding to the bank node needs to adaptively determine the target field type in the document data that has access rights based on the document type, industry type, and employee level.
- the server side corresponding to the bank node inputs the document type, industry type, and employee level into the preset machine learning model to obtain the target field type of the enterprise node with the query authority in the document data.
- the machine learning model needs to be trained.
- the machine learning model determines the enterprise node with the access permission according to the input document type, industry type and employee level.
- the field type in the document data that has the access permission can be realized according to the bank and enterprise.
- the data transmission requirements between the documents adaptively determine which field types in the document are the field types that require key authorization to meet the more complex data transmission requirements between banks and enterprises.
- the machine learning model is obtained by training through training sample data.
- the machine learning model may be a CNN (Convolutional Neural Network, convolutional neural network) model or a deep neural network model.
- the feature vector can be generated according to the document type of the existing document data, the industry type of the enterprise corresponding to the enterprise node receiving the document data, and the employee level corresponding to the bank employee, and the target field type with the access permission in the known document data is used as the feature
- the label of the vector is used to generate the training sample data.
- the machine learning model is trained through the generated training sample data, and the trained machine learning model is obtained. After the trained machine learning model is obtained, the trained machine learning model can be used to predict how bank employees of different employee levels will be When a certain document data is uploaded to the chain, the target field type in the document data that has the access permission.
- step S150 the encrypted encrypted data is uploaded to the chain.
- the encrypted data after encryption is specifically a data set obtained by encrypting field data corresponding to all field types contained in the document data through a specific key, and the server corresponding to the bank node uses the data
- the set is uploaded to the data blockchain as a whole.
- Step S160 Obtain a key for encrypting field data corresponding to the target field type for which the target enterprise node has access rights in the document data.
- the server side corresponding to the bank node obtains the key for encrypting the field data corresponding to the target field type for which the target enterprise node with the access permission has access permission in the document data, so as to facilitate the access
- the key for encrypting the field data corresponding to the target field type of the permission is sent to the target enterprise node.
- Step S170 Send the key for encrypting the field data corresponding to the target field type for which the target enterprise node has access rights in the document data to the target enterprise node, so that the target enterprise node is based on the target
- the key for encrypting the field data corresponding to the target field type for which the enterprise node has access rights in the document data decrypts the encrypted data.
- the server side corresponding to the bank node sends the key that encrypts the field data corresponding to the target field type for which the enterprise node receiving the document data has access rights in the document data to the enterprise node, so that the enterprise node is based on
- the key decrypts the encrypted encrypted data, so that the enterprise corresponding to the enterprise node that receives the document data can view the field type that the bank node performs key authorization in the document data, which meets the complexity of the relationship between the bank and the enterprise.
- the corresponding enterprise nodes of other enterprises do not have the key, they can only access the encrypted document data, which realizes that the document data can be linked to the chain, and the leakage of the document data can be avoided.
- FIG. 4 is a specific implementation flowchart of step S170 in a block chain-based data encryption method shown in an exemplary embodiment of the present application.
- the target enterprise The step S170 of sending the encryption key of the field data corresponding to the target field type for which the node has access permission in the document data to the target enterprise node includes:
- Step S1702 It is judged whether the time for winding up the encrypted data after encryption is within a preset time range for winding up.
- the key to encrypt the field data corresponding to the target field type for which the target enterprise node has access rights in the document data needs to be sent to the target enterprise node , You can compare the chain time of the encrypted encrypted data with the preset chain time range.
- the encrypted data is valid data, and key authorization can be performed; when the chain time of the encrypted data is not in the preset chain time range When the time range of the chain is on, the encrypted data after encryption is invalid data, and key authorization cannot be performed
- step S1703 if the time for the encrypted data after the encryption is within the preset time range for the time, then perform field data corresponding to the target field type for which the target enterprise node has access rights in the document data The encrypted key is sent to the target enterprise node.
- the encrypted data when the chain time of the encrypted encrypted data is within the preset chain time range, the encrypted data is valid data, and the server corresponding to the bank node sets the target enterprise node in the receipt data
- the key for encrypting the field data corresponding to the target field type with access rights is sent to the target enterprise node, so that the enterprise node decrypts the encrypted encrypted data based on the key, so that the enterprise node that receives the document data corresponds to Of enterprises can view the field types that the bank node performs key authorization in the document data, which meets the more complex data transmission requirements between the bank and the enterprise.
- the method before the step S1702 of judging whether the chain time of the encrypted encrypted data is within the preset chain time range, the method further includes:
- Step S1701 Determine the preset chain time range based on the document type, the industry type, and the relationship table between the document type, the industry type, and the chain time range.
- the server side corresponding to the bank node determines whether the uploading time of the encrypted encrypted data uploaded to the data blockchain is within the preset effective uploading time range, it can be based on the document type and industry.
- the relationship table between the type and document type, industry type, and chain time range determines the preset chain time range, and then compares the chain time of the encrypted encrypted data with the preset chain time range to determine the encrypted data Whether the encrypted data of is valid data.
- FIG. 5 shows a block chain-based data encryption device according to an exemplary embodiment of the present application.
- the block chain-based data encryption device may be integrated into the above-mentioned electronic equipment, and may specifically include a first An acquisition unit 110, a first processing unit 120, an encryption unit 130, a second processing unit 140, an uplink unit 150, a second acquisition unit 160, and a sending unit 170.
- the first obtaining unit 110 is configured to respond to an upload request for uploading document data entered by an employee account to obtain the receipt data in the upload request and the document type corresponding to the receipt data, and obtain the receipt
- the employee level is obtained from the employee information corresponding to the employee account.
- the first processing unit 120 is configured to determine, based on the field data corresponding to the field type of the enterprise name in the document data, a target enterprise node having access rights to the document data, and obtain the industry type corresponding to the target enterprise node.
- the encryption unit 130 is configured to encrypt the field data corresponding to all the field types included in the document data with a specific key to obtain encrypted encrypted data.
- the second processing unit 140 is configured to input the document type, the industry type, and the employee level into a preset machine learning model to determine a target for which the target enterprise node has access rights in the document data Field Type.
- the on-chain unit 150 is configured to input the document type, the industry type, and the employee level into a preset machine learning model to determine the target field for which the target enterprise node has access rights in the document data Types of.
- the second obtaining unit 160 is configured to obtain a key for encrypting the field data corresponding to the target field type for which the target enterprise node has access permission in the document data;
- the sending unit 170 is configured to send the key for encrypting the field data corresponding to the target field type for which the target enterprise node has access rights in the document data to the target enterprise node, so that the target enterprise node is based on
- the key for encrypting the field data corresponding to the target field type for which the target enterprise node has access rights in the document data decrypts the encrypted data.
- the encryption unit includes:
- the first obtaining subunit is used to obtain all the field types included in the document data
- the first processing subunit is configured to determine a specific key for respectively encrypting field data corresponding to all field types based on a preset relationship table between field types and keys;
- the encryption subunit is used for separately encrypting field data corresponding to all field types based on the specific key to obtain encrypted encrypted data.
- the first processing unit includes:
- the second obtaining subunit is used to obtain the enterprise name information contained in the field data corresponding to the field type of the enterprise name in the document data;
- the second processing subunit is configured to determine the target enterprise node for which the document data has the access authority based on the enterprise name information, the relationship table between the enterprise name and the enterprise node.
- the sending unit includes:
- the judging subunit is used for judging whether the chain time of the encrypted encrypted data is within the preset chain time range
- the sending subunit is configured to correspond to the target field type for which the target enterprise node has access rights in the document data if the chain time of the encrypted encrypted data is within the preset chain time range
- the key for encrypting the field data is sent to the target enterprise node. If the chain time of the encrypted encrypted data is within the preset chain time range, the target enterprise node is included in the document data
- the key for encrypting the field data corresponding to the target field type of the reference authority is sent to the target enterprise node.
- the sending unit further includes.
- the third processing sub-unit is configured to determine the preset time range for uploading based on the document type, the industry type, and the relationship table between the document type, the industry type, and the uploading time range.
- modules or units of the device for action execution are mentioned in the above detailed description, this division is not mandatory.
- the features and functions of two or more modules or units described above may be embodied in one module or unit.
- the features and functions of a module or unit described above can be further divided into multiple modules or units to be embodied.
- the exemplary embodiments described herein can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiment of the present disclosure.
- a non-volatile storage medium which can be a CD-ROM, U disk, mobile hard disk, etc.
- Including several instructions to make a computing device which may be a personal computer, a server, a mobile terminal, or a network device, etc.
- a computer device capable of implementing the above method is also provided.
- Fig. 6 shows an exemplary block diagram of an electronic device for implementing the above-mentioned blockchain-based data encryption method.
- the computer device 400 takes the form of a general-purpose computing device.
- the components of the computer device 400 may include, but are not limited to: the aforementioned at least one processing unit 410, the aforementioned at least one storage unit 420, and a bus 430 connecting different system components (including the storage unit 420 and the processing unit 410).
- the storage unit stores program code, and the program code can be executed by the processing unit 410, so that the processing unit 410 executes the various exemplary methods described in the "Exemplary Method" section of this specification. Implementation steps.
- the processing unit 410 may execute the steps of the blockchain data encryption method as shown in FIG. 1.
- the storage unit 420 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 4201 and/or a cache storage unit 4202, and may further include a read-only storage unit (ROM) 4203.
- RAM random access storage unit
- ROM read-only storage unit
- the storage unit 420 may also include a program/utility tool 4204 having a set of (at least one) program module 4205.
- program module 4205 includes but is not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples or some combination may include the implementation of a network environment.
- the bus 430 may represent one or more of several types of bus structures, including a storage unit bus or a storage unit controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any bus structure among multiple bus structures. bus.
- the computer device 400 can also communicate with one or more external devices 600 (such as keyboards, pointing devices, Bluetooth devices, etc.), and can also communicate with one or more devices that enable users to interact with the computer device 400, and/or communicate with Any device (such as a router, modem, etc.) that enables the computer device 400 to communicate with one or more other computing devices. Such communication may be performed through an input/output (I/O) interface 440.
- the computer device 400 may also communicate with one or more networks (such as a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 460. As shown in the figure, the network adapter 460 communicates with other modules of the computer device 400 through the bus 430.
- FIG. 7 is a computer-readable storage medium used to implement the above-mentioned blockchain-based data encryption method according to an exemplary embodiment of the present application.
- the computer-readable storage medium may be non-volatile. , It can also be volatile.
- FIG. 7 depicts a program product 500 for implementing the above-mentioned method according to an embodiment of the present application, which may adopt a portable compact disk read-only memory (CD-ROM) and include program code, and may be on a computer device, such as a personal computer run.
- CD-ROM portable compact disk read-only memory
- the program product of this application is not limited to this.
- the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or combined with an instruction execution system, device, or device.
- the program product can use any combination of one or more readable media.
- the readable medium may be a readable signal medium or a readable storage medium.
- the readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or a combination of any of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (20)
- 一种基于区块链的数据加密方法,其中,所述方法包括:响应于员工账号输入的用于将单据数据上链的上链请求,获取所述上链请求中的所述单据数据以及所述单据数据对应的单据类型,并从所述员工账号相应的员工信息中获取员工等级;基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点,以及获取所述目标企业节点对应的行业类型;对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据;将所述单据类型、所述行业类型、所述员工等级输入至预设的机器学习模型中确定得到所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型;将所述加密后的加密数据上链;获取所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥;将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点,以使得所述目标企业节点基于所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥对所述加密后的加密数据进行解密。
- 根据权利要求1所述的方法,其中,所述对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据的步骤,包括:获取所述单据数据中包含的所有字段类型;基于预设的字段类型与密钥的关系表确定用于对所有字段类型对应的字段数据分别进行加密的特定密钥;基于所述特定密钥对所有字段类型对应的字段数据分别进行加密 得到加密后的加密数据。
- 根据权利要求1所述的方法,其中,所述基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点的步骤,包括:获取所述单据数据中为企业名称的字段类型对应的字段数据中包含的企业名信息;基于所述企业名信息、企业名与企业节点的关系表确定所述单据数据具备查阅权限的目标企业节点。
- 根据权利要求1所述的方法,其中,所述将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点的步骤,包括:判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围;若所述加密后的加密数据的上链时间处于预设的上链时间范围内,则将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点。
- 根据权利要求4所述的方法,其中,所述判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围的步骤之前,包括:基于所述单据类型、所述行业类型以及单据类型、行业类型和上链时间范围的关系表确定所述预设的上链时间范围。
- 一种基于区块链的数据加密装置,其中,所述装置包括:第一获取单元,用于响应于员工账号输入的用于将单据数据上链的上链请求,获取所述上链请求中的所述单据数据以及所述单据数据对应的单据类型,并从所述员工账号相应的员工信息中获取员工等级;第一处理单元,用于基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节 点,以及获取所述目标企业节点对应的行业类型;加密单元,用于对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据;第二处理单元,用于将所述单据类型、所述行业类型、所述员工等级输入至预设的机器学习模型中确定得到所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型;上链单元,用于将所述加密后的加密数据上链;第二获取单元,用于获取所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥;发送单元,用于将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点,以使得所述目标企业节点基于所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥对所述加密后的加密数据进行解密。
- 根据权利要求6所述的装置,其中,所述加密单元,包括:第一获取子单元,用于获取所述单据数据中包含的所有字段类型;第一处理子单元,用于基于预设的字段类型与密钥的关系表确定用于对所有字段类型对应的字段数据分别进行加密的特定密钥;加密子单元,用于基于所述特定密钥对所有字段类型对应的字段数据分别进行加密得到加密后的加密数据。
- 根据权利要求6所述的装置,其中,所述第一处理单元,包括:第二获取子单元,用于获取所述单据数据中为企业名称的字段类型对应的字段数据中包含的企业名信息;第二处理子单元,用于基于所述企业名信息、企业名与企业节点的关系表确定所述单据数据具备查阅权限的目标企业节点。
- 根据权利要求6所述的装置,其中,所述发送单元,包括:判断子单元,具体用于判断所述加密后的加密数据的上链时间是 否处于预设的上链时间范围;发送子单元,用于若所述加密后的加密数据的上链时间处于预设的上链时间范围内,则将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点。
- 根据权利要求6所述的装置,所述发送单元,还包括;第三处理子单元,用于基于所述单据类型、所述行业类型以及单据类型、行业类型和上链时间范围的关系表确定所述预设的上链时间范围。
- 一种电子设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行基于区块链的数据加密方法,所述基于区块链的数据加密方法,具体包括如下步骤:响应于员工账号输入的用于将单据数据上链的上链请求,获取所述上链请求中的所述单据数据以及所述单据数据对应的单据类型,并从所述员工账号相应的员工信息中获取员工等级;基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点,以及获取所述目标企业节点对应的行业类型;对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据;将所述单据类型、所述行业类型、所述员工等级输入至预设的机器学习模型中确定得到所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型;将所述加密后的加密数据上链;获取所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥;将所述目标企业节点在所述单据数据中具备查阅权限的目标字段 类型对应的字段数据进行加密的密钥发送至所述目标企业节点,以使得所述目标企业节点基于所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥对所述加密后的加密数据进行解密。
- 根据权利要求11所述的电子设备,其中,所述对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据的步骤,包括:获取所述单据数据中包含的所有字段类型;基于预设的字段类型与密钥的关系表确定用于对所有字段类型对应的字段数据分别进行加密的特定密钥;基于所述特定密钥对所有字段类型对应的字段数据分别进行加密得到加密后的加密数据。
- 根据权利要求11所述的电子设备,其中,所述基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点的步骤,包括:获取所述单据数据中为企业名称的字段类型对应的字段数据中包含的企业名信息;基于所述企业名信息、企业名与企业节点的关系表确定所述单据数据具备查阅权限的目标企业节点。
- 根据权利要求11所述的电子设备,其中,所述将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点的步骤,包括:判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围;若所述加密后的加密数据的上链时间处于预设的上链时间范围内,则将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点。
- 根据权利要求14所述的电子设备,其中,所述判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围的步骤之前,包括:基于所述单据类型、所述行业类型以及单据类型、行业类型和上链时间范围的关系表确定所述预设的上链时间范围。
- 一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行基于区块链的数据加密方法,所述基于区块链的数据加密方法,具体包括如下步骤:响应于员工账号输入的用于将单据数据上链的上链请求,获取所述上链请求中的所述单据数据以及所述单据数据对应的单据类型,并从所述员工账号相应的员工信息中获取员工等级;基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点,以及获取所述目标企业节点对应的行业类型;对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据;将所述单据类型、所述行业类型、所述员工等级输入至预设的机器学习模型中确定得到所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型;将所述加密后的加密数据上链;获取所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥;将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点,以使得所述目标企业节点基于所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥对所述加密后的加密数据进行解密。
- 根据权利要求16所述的存储介质,其中,所述对所述单据数据中包含的所有字段类型对应的字段数据分别通过特定密钥进行加密得到加密后的加密数据的步骤,包括:获取所述单据数据中包含的所有字段类型;基于预设的字段类型与密钥的关系表确定用于对所有字段类型对应的字段数据分别进行加密的特定密钥;基于所述特定密钥对所有字段类型对应的字段数据分别进行加密得到加密后的加密数据。
- 根据权利要求16所述的存储介质,其中,所述基于所述单据数据中为企业名称的字段类型对应的字段数据确定对所述单据数据具备查阅权限的目标企业节点的步骤,包括:获取所述单据数据中为企业名称的字段类型对应的字段数据中包含的企业名信息;基于所述企业名信息、企业名与企业节点的关系表确定所述单据数据具备查阅权限的目标企业节点。
- 根据权利要求16所述的存储介质,其中,所述将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点的步骤,包括:判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围;若所述加密后的加密数据的上链时间处于预设的上链时间范围内,则将所述目标企业节点在所述单据数据中具备查阅权限的目标字段类型对应的字段数据进行加密的密钥发送至所述目标企业节点。
- 根据权利要求16所述的存储介质,其中,所述判断所述加密后的加密数据的上链时间是否处于预设的上链时间范围的步骤之前,包括:基于所述单据类型、所述行业类型以及单据类型、行业类型和上 链时间范围的关系表确定所述预设的上链时间范围。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910671757.6A CN110474886B (zh) | 2019-07-24 | 2019-07-24 | 基于区块链的数据加密方法、装置、电子设备和存储介质 |
CN201910671757.6 | 2019-07-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021012746A1 true WO2021012746A1 (zh) | 2021-01-28 |
Family
ID=68508844
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/088432 WO2021012746A1 (zh) | 2019-07-24 | 2020-04-30 | 基于区块链的数据加密方法、装置、电子设备和存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110474886B (zh) |
WO (1) | WO2021012746A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114511392A (zh) * | 2022-01-25 | 2022-05-17 | 北京中友金审科技有限公司 | 一种财务数据采集标准方法 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474886B (zh) * | 2019-07-24 | 2022-04-05 | 深圳壹账通智能科技有限公司 | 基于区块链的数据加密方法、装置、电子设备和存储介质 |
CN110943982B (zh) * | 2019-11-21 | 2021-07-30 | 深圳壹账通智能科技有限公司 | 单据数据加密的方法、装置、电子设备和存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107169371A (zh) * | 2017-04-27 | 2017-09-15 | 北京众享比特科技有限公司 | 一种基于区块链的数据库操作方法和*** |
US20180322587A1 (en) * | 2017-05-06 | 2018-11-08 | Adp, Llc | Payroll based blockchain identity |
CN109670321A (zh) * | 2018-11-30 | 2019-04-23 | 深圳灵图慧视科技有限公司 | 数据存储方法、数据查询方法及装置 |
CN109977697A (zh) * | 2019-04-03 | 2019-07-05 | 陕西医链区块链集团有限公司 | 一种区块链的数据授权方法 |
CN110474886A (zh) * | 2019-07-24 | 2019-11-19 | 深圳壹账通智能科技有限公司 | 基于区块链的数据加密方法、装置、电子设备和存储介质 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11132451B2 (en) * | 2017-08-31 | 2021-09-28 | Parity Technologies Ltd. | Secret data access control systems and methods |
CN109462472A (zh) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | 数据加密和解密的方法、装置和*** |
CN108200079A (zh) * | 2018-01-19 | 2018-06-22 | 深圳四方精创资讯股份有限公司 | 基于对称和非对称混合加密的区块链隐私保护方法及装置 |
CN108563788B (zh) * | 2018-04-27 | 2023-05-23 | 腾讯科技(深圳)有限公司 | 基于区块链的数据查询方法、装置、服务器及存储介质 |
CN108833385A (zh) * | 2018-06-01 | 2018-11-16 | 深圳崀途科技有限公司 | 基于联盟链加密的用户数据匿名共享方法 |
CN109033855B (zh) * | 2018-07-18 | 2020-02-11 | 腾讯科技(深圳)有限公司 | 一种基于区块链的数据传输方法、装置及存储介质 |
CN109995781B (zh) * | 2019-03-29 | 2021-06-22 | 腾讯科技(深圳)有限公司 | 数据的传输方法、装置、介质以及设备 |
-
2019
- 2019-07-24 CN CN201910671757.6A patent/CN110474886B/zh active Active
-
2020
- 2020-04-30 WO PCT/CN2020/088432 patent/WO2021012746A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107169371A (zh) * | 2017-04-27 | 2017-09-15 | 北京众享比特科技有限公司 | 一种基于区块链的数据库操作方法和*** |
US20180322587A1 (en) * | 2017-05-06 | 2018-11-08 | Adp, Llc | Payroll based blockchain identity |
CN109670321A (zh) * | 2018-11-30 | 2019-04-23 | 深圳灵图慧视科技有限公司 | 数据存储方法、数据查询方法及装置 |
CN109977697A (zh) * | 2019-04-03 | 2019-07-05 | 陕西医链区块链集团有限公司 | 一种区块链的数据授权方法 |
CN110474886A (zh) * | 2019-07-24 | 2019-11-19 | 深圳壹账通智能科技有限公司 | 基于区块链的数据加密方法、装置、电子设备和存储介质 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114511392A (zh) * | 2022-01-25 | 2022-05-17 | 北京中友金审科技有限公司 | 一种财务数据采集标准方法 |
CN114511392B (zh) * | 2022-01-25 | 2022-08-16 | 北京中友金审科技有限公司 | 一种财务数据采集标准方法 |
Also Published As
Publication number | Publication date |
---|---|
CN110474886A (zh) | 2019-11-19 |
CN110474886B (zh) | 2022-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021012746A1 (zh) | 基于区块链的数据加密方法、装置、电子设备和存储介质 | |
US11403413B2 (en) | Avoiding user session misclassification using configuration and activity fingerprints | |
US10769287B2 (en) | Forced data transformation policy | |
JP7175550B2 (ja) | 鍵を有するリソースロケーター | |
US9965645B2 (en) | Field level data protection for cloud services using asymmetric cryptography | |
US10521595B2 (en) | Intelligent storage devices with cryptographic functionality | |
US20180198627A1 (en) | Cryptographic operations in an isolated collection | |
US11431757B2 (en) | Access control using impersonization | |
US11290446B2 (en) | Access to data stored in a cloud | |
US10503917B2 (en) | Performing operations on intelligent storage with hardened interfaces | |
US10091201B2 (en) | Mobile device identify factor for access control policies | |
US9009469B2 (en) | Systems and methods for securing data in a cloud computing environment using in-memory techniques and secret key encryption | |
US10635828B2 (en) | Tokenized links with granular permissions | |
US9998439B2 (en) | Mobile device identify factor for access control policies | |
US10142100B2 (en) | Managing user-controlled security keys in cloud-based scenarios | |
CN107528830B (zh) | 账号登陆方法、***及存储介质 | |
US8897451B1 (en) | Storing secure information using hash techniques | |
US11695561B2 (en) | Decentralized authorization of user access requests in a multi-tenant distributed service architecture | |
CN113765767A (zh) | 企业微信监管方法及其*** | |
Epishkina et al. | On Attribute-Based Encryption for Access Control to Multidimensional Data Structures | |
CN116974790A (zh) | 一种自主可控桌面终端的安全行为画像构建方法 | |
JP2014215884A (ja) | 複数のネットワーク・プラットフォームの秘密鍵管理方法 | |
Bamane et al. | Rigorouspublic Auditing Supporton Shared Data Stored In The Cloud By Privacy-preserving Mechanism |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20844731 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20844731 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 18/03/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20844731 Country of ref document: EP Kind code of ref document: A1 |