CN107103252A - Data access control method based on block chain - Google Patents

Data access control method based on block chain Download PDF

Info

Publication number
CN107103252A
CN107103252A CN201710287859.9A CN201710287859A CN107103252A CN 107103252 A CN107103252 A CN 107103252A CN 201710287859 A CN201710287859 A CN 201710287859A CN 107103252 A CN107103252 A CN 107103252A
Authority
CN
China
Prior art keywords
user
public key
access
agent
proxy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710287859.9A
Other languages
Chinese (zh)
Inventor
张小松
陈永丰
夏琦
黄可
陈瑞东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710287859.9A priority Critical patent/CN107103252A/en
Publication of CN107103252A publication Critical patent/CN107103252A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开基于区块链的数据访问控制方法,涉及区块链数据管控技术领域,解决现有技术由于控制权限设计局限性和区块数据存储结构而导致的数据访问可控性较差和区块庞大等技术问题。本发明主要包括所有用户的数据只能由用户和代理访问,任何第三方想要访问用户数据必须通过代理发出请求,以代理的身份进行;所有用户数据的访问日志只能由代理和用户访问,任何第三方想要访问日志必须通过代理发出请求,以代理的身份进行。本发明用于设计大数据环境下数据的共享和访问控制系统。

The invention discloses a block chain-based data access control method, relates to the technical field of block chain data management and control, and solves the problem of poor controllability of data access and areas in the prior art due to the limitations of control authority design and block data storage structure. Block size and other technical issues. The present invention mainly includes that all user data can only be accessed by the user and the agent, any third party who wants to access the user data must send a request through the agent, and proceed as an agent; the access log of all user data can only be accessed by the agent and the user, Any third party wishing to access the logs must make the request through the proxy, acting as the proxy. The invention is used to design a data sharing and access control system in a big data environment.

Description

基于区块链的数据访问控制方法Blockchain-based data access control method

技术领域technical field

本发明涉及区块链数据管控技术领域,具体涉及基于区块链的数据访问控制方法。The invention relates to the technical field of block chain data management and control, in particular to a data access control method based on block chain.

背景技术Background technique

大数据时代对数据共享和数据安全提出了更高的要求,传统模式下要么因为共享而基本没有什么附带保护措施,要么将数据管得太紧而限制了共享。此外,现有技术的区块链数据存在冗余。The era of big data puts forward higher requirements for data sharing and data security. In the traditional mode, there are basically no accompanying protection measures because of sharing, or the data is too tightly managed to limit sharing. In addition, there is redundancy in the blockchain data of the prior art.

发明内容Contents of the invention

针对上述现有技术,本发明目的在于提供基于区块链的数据访问控制方法,解决现有技术由于控制权限设计局限性和区块数据存储结构而导致的数据访问可控性较差和区块庞大等技术问题。In view of the above prior art, the purpose of the present invention is to provide a data access control method based on block chain, which solves the problem of poor controllability of data access and block Huge and other technical issues.

为达到上述目的,本发明采用的技术方案如下:In order to achieve the above object, the technical scheme adopted in the present invention is as follows:

基于区块链的用户数据访问控制方法,包括Blockchain-based user data access control methods, including

在区块链中注册信息处理后,设置每个用户数据访问请求的限制条件为只接收用户本身访问请求或满足用户设置权限的代理访问请求,同时设置第三方用户(机构或其他用户)只通过代理发出用户数据访问请求且只以代理身份进行用户数据访问。After registering information processing in the blockchain, set the restriction conditions for each user's data access request to only receive the user's own access request or the proxy access request that meets the user's set permissions, and set the third-party user (organization or other user) only through Proxies issue user data access requests and access user data only as a proxy.

上述方法中,所述区块链中注册信息处理包括以下步骤:In the above method, the registration information processing in the blockchain includes the following steps:

步骤1、用户和第三方用户在区块链注册成功后,生成用户的公钥、私钥、共享密钥和预定义访问权限列表且生成第三方用户的公钥、私钥、共享密钥和预定义访问权限列表,同时还生成代理的公钥、私钥、共享密钥和预定义访问权限列表,接着用户与代理对应交换各自的公钥和共享密钥、第三方用户与代理对应交互各自的公钥和共享密钥;Step 1. After the user and the third-party user successfully register in the blockchain, the user's public key, private key, shared key and predefined access rights list are generated, and the third-party user's public key, private key, shared key and Pre-defined access rights list, and also generate the agent's public key, private key, shared key and predefined access rights list, then the user and the agent exchange their respective public keys and shared keys, and third-party users interact with the agent correspondingly public key and shared secret;

步骤2、由代理结合代理、用户和第三方用户的公钥和预定义访问权限列表进行计算,得到第三方用户公钥、用户公钥和代理公钥的哈希值,再Step 2. The agent calculates the public key of the agent, the user and the third-party user and the predefined access list to obtain the hash value of the third-party user public key, the user public key and the agent public key, and then

将用户公钥和代理公钥顺序取哈希值后作为顺序包含用户公钥、代理公钥、用户预定义访问权限列表和第一指针的第一存储元组的第一索引,The hash value of the user public key and the proxy public key is sequentially taken as the first index of the first storage tuple that sequentially includes the user public key, the proxy public key, the user's predefined access permission list and the first pointer,

将代理公钥和用户公钥顺序取哈希值后作为顺序包含代理公钥、用户公钥、代理预定义访问权限列表和第二指针的第二存储元组的第二索引,Taking the hash value of the proxy public key and the user public key sequentially as the second index of the second storage tuple that sequentially includes the proxy public key, the user public key, the proxy predefined access permission list and the second pointer,

将第三方用户公钥和代理公钥顺序取哈希值后作为顺序包含第三方用户公钥、代理公钥、第三方用户预定义访问权限列表和第三指针的第三存储元组的第三索引,Take the hash value of the third-party user public key and proxy public key sequentially as the third storage tuple that sequentially contains the third-party user public key, proxy public key, third-party user predefined access permission list and third pointer index,

同时,将代理公钥和第三方用户公钥顺序取哈希值后作为顺序包含代理公钥、第三方用户公钥、代理预定义访问权限列表和第四指针的第四存储元组的第四索引;At the same time, take the hash value of the proxy public key and the third-party user public key sequentially as the fourth element of the fourth storage tuple containing the proxy public key, the third-party user public key, the proxy predefined access permission list and the fourth pointer. index;

步骤3、发起信息存储请求至请求池,在阈值数量的共识与处理节点均达成共识时将所有存储元组及其对应索引存储至区块链中。Step 3. Initiate an information storage request to the request pool, and store all storage tuples and their corresponding indexes in the blockchain when a threshold number of consensus and processing nodes reach a consensus.

上述方法中,还包括用户通过满足用户设置权限的代理进行共享数据,其包括以下步骤:In the above method, it also includes that the user shares data through an agent that satisfies the authority set by the user, which includes the following steps:

步骤1、用户将数据使用用户的共享密钥加密并附上所设置的用户预定义访问权限列表,签名后得到加密数据,将加密数据发往代理;Step 1. The user encrypts the data with the user's shared key and attaches the user's predefined access rights list. After signing, the encrypted data is obtained, and the encrypted data is sent to the agent;

步骤2、代理核对用户身份成功后,根据第一索引生成加密数据共享请求并将加密数据共享请求发送到请求池;Step 2. After the agent successfully checks the user's identity, it generates an encrypted data sharing request according to the first index and sends the encrypted data sharing request to the request pool;

步骤3、通过共识与处理节点按第一索引找出区块链所存储的第一存储元组,再根据用户和代理的注册信息进行第一类投票共识验证,在阈值数量的共识与处理节点均达成共识时,将加密数据存储至区块链下的分布式哈希表网络,再更新步骤1中用户预定义访问权限列表,并同时存储指向加密数据的指针。Step 3. Use the consensus and processing nodes to find out the first storage tuple stored in the blockchain according to the first index, and then perform the first type of voting consensus verification according to the registration information of users and agents. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted data is stored in the distributed hash table network under the blockchain, and then the user's predefined access permission list in step 1 is updated, and a pointer to the encrypted data is stored at the same time.

上述方法中,所述第三方用户以代理身份进行用户数据访问,包括以下步骤:In the above method, the third-party user accesses user data as a proxy, including the following steps:

步骤1、由代理在用户数据的访问请求中写入第三方用户的签名数据和预定义访问权限列表,并以代理的签名数据结尾,再将访问请求发送到请求池;Step 1. The agent writes the third-party user's signature data and predefined access permission list in the user data access request, ends with the agent's signature data, and then sends the access request to the request pool;

步骤2、通过共识与处理节点按第一索引找出区块链所存储的第一存储元组,再根据用户和代理的注册信息进行第二类投票共识验证,在阈值数量的共识与处理节点均达成共识时,向代理返回存储于区块链下分布式哈希表网络的加密数据;Step 2. Use the consensus and processing nodes to find out the first storage tuple stored in the blockchain according to the first index, and then perform the second type of voting consensus verification according to the registration information of users and agents. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted data stored in the distributed hash table network under the blockchain is returned to the agent;

步骤3、通过代理将加密数据通过用户共享密钥解密,然后利用第三方用户共享密钥对解密后的数据再加密,签名后将再加密数据发送至第三方用户。Step 3. The encrypted data is decrypted by the proxy through the user's shared key, and then the decrypted data is re-encrypted using the third-party user's shared key, and the re-encrypted data is sent to the third-party user after signing.

上述方法中,所述加密数据的指针为指向用户加密数据的哈希值,指向区块链下分布式哈希表网络中的一个键-值对。In the above method, the pointer of the encrypted data points to the hash value of the encrypted data of the user, and points to a key-value pair in the distributed hash table network under the block chain.

基于区块链的日志访问控制方法,包括Blockchain-based log access control methods, including

在区块链中注册信息处理后,设置每个用户数据访问日志访问请求的限制条件为只接收代理访问日志访问请求或满足代理设置权限的用户访问日志访问请求,同时设置第三方用户(区块链存储机构)只通过代理发出用户数据访问日志的访问请求且只以代理身份进行用户数据访问日志的访问。After registering the information processing in the blockchain, set the restriction condition of each user data access log access request to only accept the proxy access log access request or the user access log access request that meets the proxy setting authority, and set the third-party user (block Chain storage organization) only issues access requests for user data access logs through agents and only accesses user data access logs as an agent.

上述方法中,所述区块链中注册信息处理包括以下步骤:In the above method, the registration information processing in the blockchain includes the following steps:

步骤1、用户和第三方用户在区块链注册成功后,生成用户的公钥、私钥、共享密钥和预定义访问权限列表且生成第三方用户的公钥、私钥、共享密钥和预定义访问权限列表,同时还生成代理的公钥、私钥、共享密钥和预定义访问权限列表,接着用户与代理对应交换各自的公钥和共享密钥、第三方用户与代理对应交互各自的公钥和共享密钥;Step 1. After the user and the third-party user successfully register in the blockchain, the user's public key, private key, shared key and predefined access rights list are generated, and the third-party user's public key, private key, shared key and Pre-defined access rights list, and also generate the agent's public key, private key, shared key and predefined access rights list, then the user and the agent exchange their respective public keys and shared keys, and third-party users interact with the agent correspondingly public key and shared secret;

步骤2、由代理结合代理、用户和第三方用户的公钥和预定义访问权限列表进行计算,得到第三方用户公钥、用户公钥和代理公钥的哈希值,再Step 2. The agent calculates the public key of the agent, the user and the third-party user and the predefined access list to obtain the hash value of the third-party user public key, the user public key and the agent public key, and then

将用户公钥和代理公钥顺序取哈希值后作为顺序包含用户公钥、代理公钥、用户预定义访问权限列表和第一指针的第一存储元组的第一索引,The hash value of the user public key and the proxy public key is sequentially taken as the first index of the first storage tuple that sequentially includes the user public key, the proxy public key, the user's predefined access permission list and the first pointer,

将代理公钥和用户公钥顺序取哈希值后作为顺序包含代理公钥、用户公钥、代理预定义访问权限列表和第二指针的第二存储元组的第二索引,Taking the hash value of the proxy public key and the user public key sequentially as the second index of the second storage tuple that sequentially includes the proxy public key, the user public key, the proxy predefined access permission list and the second pointer,

将第三方用户公钥和代理公钥顺序取哈希值后作为顺序包含第三方用户公钥、代理公钥、第三方用户预定义访问权限列表和第三指针的第三存储元组的第三索引,Take the hash value of the third-party user public key and proxy public key sequentially as the third storage tuple that sequentially contains the third-party user public key, proxy public key, third-party user predefined access permission list and third pointer index,

同时,将代理公钥和第三方用户公钥顺序取哈希值后作为顺序包含代理公钥、第三方用户公钥、代理预定义访问权限列表和第四指针的第四存储元组的第四索引;At the same time, take the hash value of the proxy public key and the third-party user public key sequentially as the fourth element of the fourth storage tuple containing the proxy public key, the third-party user public key, the proxy predefined access permission list and the fourth pointer. index;

步骤3、发起信息存储请求至请求池,在阈值数量的共识与处理节点均达成共识时将所有存储元组及其对应索引存储至区块链中。Step 3. Initiate an information storage request to the request pool, and store all storage tuples and their corresponding indexes in the blockchain when a threshold number of consensus and processing nodes reach a consensus.

上述方法中,所述第三方用户通过代理对访问日志进行访问,包括以下步骤:In the above method, the third-party user accesses the access log through a proxy, including the following steps:

步骤1、由代理将访问日志通过代理共享密钥加密、附加上代理预定义访问权限列表再以代理签名数据结尾,得到加密访问日志并生成访问日志访问请求并将访问日志访问请求发送至请求池;Step 1. The agent encrypts the access log with the agent's shared key, appends the agent's predefined access permission list, and ends with the agent's signature data to obtain the encrypted access log, generate an access log access request, and send the access log access request to the request pool ;

步骤2、通过共识与处理节点按第二索引找出区块链所存储的第二存储元组,再根据代理和用户的注册信息进行第三类投票共识验证,在阈值数量的共识与处理节点均达成共识时,将加密访问日志存储至区块链下的分布式哈希表网络,再更新步骤1中代理预定义访问权限列表,并同时存储指向加密访问日志的指针。Step 2. Use the consensus and processing nodes to find out the second storage tuple stored in the blockchain according to the second index, and then perform the third type of voting consensus verification according to the registration information of the agent and the user. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted access log is stored in the distributed hash table network under the blockchain, and then the agent's predefined access permission list in step 1 is updated, and a pointer to the encrypted access log is stored at the same time.

上述方法中,还包括用户通过代理对访问日志进行访问,其包括以下步骤:In the above method, it also includes that the user accesses the access log through an agent, which includes the following steps:

步骤1、由代理在访问日志的访问请求中写入用户预定义访问权限列表,并以代理的签名数据结尾,再将访问请求发送到请求池;Step 1. The agent writes the user's predefined access permission list in the access request of the access log, ends with the agent's signature data, and then sends the access request to the request pool;

步骤2、通过共识与处理节点按第二索引找出区块链所存储的第二存储元组,再根据代理和用户的注册信息进行第四类投票共识验证,在阈值数量的共识与处理节点均达成共识时,向代理返回存储于区块链下分布式哈希表网络的加密访问日志;Step 2. Use the consensus and processing nodes to find out the second storage tuple stored in the blockchain according to the second index, and then perform the fourth type of voting consensus verification according to the registration information of the agent and the user. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted access log stored in the distributed hash table network under the blockchain is returned to the agent;

步骤3、由代理将加密访问日志返回给用户。Step 3: The agent returns the encrypted access log to the user.

上述方案中,还包括用户更改数据访问权限,其包括以下步骤:In the above solution, it also includes the user changing the data access permission, which includes the following steps:

步骤1、由代理在访问日志的访问请求中写入用户的再定义访问权限列表,并以代理的签名数据结尾,再将访问请求发送到请求池;Step 1. The agent writes the user's redefined access permission list in the access request of the access log, ends with the agent's signature data, and then sends the access request to the request pool;

步骤2、通过共识与处理节点按第一索引找出区块链所存储的第一存储元组,再根据用户和代理的注册信息进行第五类投票共识验证,在阈值数量的共识与处理节点均达成共识时,把预定义访问权限列表更新为再定义访问权限列表后存入区块链中。Step 2. Use the consensus and processing nodes to find out the first storage tuple stored in the blockchain according to the first index, and then perform the fifth type of voting consensus verification according to the registration information of users and agents. When the threshold number of consensus and processing nodes When consensus is reached, the predefined access rights list is updated to a redefined access rights list and stored in the blockchain.

上述方法中,所述加密访问日志的指针为指向用户加密访问日志的哈希值,指向区块链下分布式哈希表网络中的一个键-值对。In the above method, the pointer of the encrypted access log is a hash value pointing to the encrypted access log of the user, pointing to a key-value pair in the distributed hash table network under the block chain.

与现有技术相比,本发明的有益效果:Compared with prior art, the beneficial effect of the present invention:

通过将访问控制权限和指向访问日志的指针记录在区块链上,使得数据的拥有者自身不仅可以控制其他方对数据的访问,追踪谁在使用数据还可以随时更改数据的访问权限;By recording the access control authority and the pointer to the access log on the blockchain, the data owner can not only control other parties' access to the data, track who is using the data, but also change the access authority of the data at any time;

本发明还将数据和对数据的访问记录加密存储到链下的分布式哈希表存储设施中,在区块中只记录指向该加密数据的指针,以达到减少区块链中区块的大小和提高效率的目的。The present invention also encrypts and stores the data and access records to the data in the distributed hash table storage facility under the chain, and only records the pointer to the encrypted data in the block, so as to reduce the size of the block in the block chain and to improve efficiency.

附图说明Description of drawings

图1为本发明的模块示意图。Fig. 1 is a schematic diagram of a module of the present invention.

具体实施方式detailed description

本说明书中公开的所有特征,或公开的所有方法或过程中的步骤,除了互相排斥的特征和/或步骤以外,均可以以任何方式组合。All features disclosed in this specification, or steps in all methods or processes disclosed, may be combined in any manner, except for mutually exclusive features and/or steps.

下面结合附图对本发明做进一步说明:The present invention will be further described below in conjunction with accompanying drawing:

基于区块链的数据访问控制方法中,需要在区块链中存储用于访问用户数据所需的权限列表,还需要存储用于访问用户数据日志的权限列表。用户共享数据时,通过验证以后,将用户的公钥、代理的公钥、用户设置的访问权限、指向用户数据的指针记录到区块链中,作为其他方访问用户数据时的验证依据和索引,而用户数据将加密存储于链下的分布式哈希表中。其他方如机构访问用户数据时,必须通过代理发出请求,代理取得数据后先解密再加密发送给该机构。代理还需要将这次访问的机构名、时间、执行的操作等记录记录在日志中,将被访问用户的公钥、代理的公钥、代理设置的访问权限、指向访问日志的指针以及时间记录到区块链中,作为访问日志时的验证依据和索引,而日志记录也被加密存储到链下的分布式哈希表中。In the block chain-based data access control method, it is necessary to store the permission list for accessing user data in the block chain, and also need to store the permission list for accessing user data logs. When a user shares data, after passing the verification, the user's public key, the agent's public key, the access rights set by the user, and the pointer to the user's data are recorded in the blockchain as the verification basis and index when other parties access the user's data , and user data will be encrypted and stored in the distributed hash table under the chain. When other parties, such as institutions, access user data, they must send a request through a proxy. After the proxy obtains the data, it first decrypts it and then encrypts it and sends it to the institution. The agent also needs to record the organization name, time, and operations performed during this visit in the log, and record the public key of the accessed user, the public key of the agent, the access rights set by the agent, the pointer to the access log, and the time Into the blockchain, as the verification basis and index when accessing the log, and the log records are also encrypted and stored in the distributed hash table under the chain.

基于区块链的数据访问控制方法,所有用户的数据只能由用户和代理访问(代理需要满足用户设置的权限),任何第三方想要访问用户数据必须通过代理发出请求,以代理的身份进行;Based on the blockchain data access control method, all user data can only be accessed by the user and the agent (the agent needs to meet the permissions set by the user), any third party who wants to access user data must send a request through the agent, and proceed as an agent ;

所有用户数据的访问日志只能由代理和用户访问(用户需要满足代理设置的权限),任何第三方想要访问日志必须通过代理发出请求,以代理的身份进行;All user data access logs can only be accessed by agents and users (users need to meet the permissions set by the agent), any third party who wants to access the logs must send a request through the agent, and proceed as an agent;

区块链上用于存储验证和控制的信息的索引由用户的公钥、代理的公钥和其它元数据联合做哈希运算产生;The index used to store verification and control information on the blockchain is generated by the joint hash operation of the user's public key, the agent's public key and other metadata;

区块链上存储的验证和控制的信息包括但不限于(用户的公钥、代理的公钥、用户设置的访问权限、指向用户数据指针)元组以及(被访问用户的公钥、代理的公钥、代理设置的访问权限、指向访问日志的指针)元组;The verification and control information stored on the blockchain includes but is not limited to (user's public key, agent's public key, user-set access rights, pointer to user data) tuples and (accessed user's public key, agent's public key, access permissions set by proxy, pointer to access log) tuple;

指针为指向加密用户数据或加密日志数据的哈希值,它指向链下分布式哈希表中的一个键-值对;The pointer is a hash value pointing to encrypted user data or encrypted log data, which points to a key-value pair in the off-chain distributed hash table;

分布式哈希表中存储的数据,包括用户数据和访问日志,具体为经共享密钥加密并由用户签名的用户数据或经共享密钥加密并由代理签名的访问日志。The data stored in the distributed hash table includes user data and access logs, specifically user data encrypted by a shared key and signed by a user or access logs encrypted by a shared key and signed by an agent.

实施例1Example 1

1.用户注册。用户注册成功以后,生成公钥PUKu、私钥PRKu、共享密钥SKu和预定义访问权限列表Alu;代理生成生成公钥PUKa、私钥PRKa、共享密钥SKa和预定义访问权限列表Ala;其它机构或用户注册成功以后,生成公钥PUKo、私钥PRKo、共享密钥SKo和预定义访问权限列表ALo。用户与代理交换公钥和共享密钥;机构与代理交换公钥和共享密钥。1. User registration. After the user registers successfully, generate the public key PUKu, private key PRKu, shared key SKu and predefined access rights list Alu; agent generation generates public key PUKa, private key PRKa, shared key SKa and predefined access rights list Ala; other After the institution or user registers successfully, generate public key PUKo, private key PRKo, shared key SKo and predefined access authority list ALo. Users exchange public keys and shared secrets with agents; organizations exchange public keys and shared secrets with agents.

2.共识与处理节点处理用户注册信息。代理根据自己的信息PUKa、Ala用户注册信息PUKu、Alu,机构注册信息PUKo、Alo进行计算,2. Consensus and processing nodes process user registration information. The agent calculates according to its own information PUKa, Ala user registration information PUKu, Alu, institution registration information PUKo, Alo,

将(PUKu、PUKa)取哈希值后作为存储元组(PUKu、PUKa、ALu、Pu)的索引Iu(P代表加密后用户数据的哈希值,此时为空);Take the hash value of (PUKu, PUKa) as the index Iu of the storage tuple (PUKu, PUKa, ALu, Pu) (P represents the hash value of encrypted user data, which is empty at this time);

将(PUKa、PUKu)取哈希值后作为存储元组(PUKa、PUKu、ALa、Pa)的索引Ia;Take the hash value of (PUKa, PUKu) as the index Ia of the storage tuple (PUKa, PUKu, ALa, Pa);

将(PUKo、PUKa)取哈希值后作为存储元组(PUKo、PUKa、ALo、Po)的索引Io;Take the hash value of (PUKo, PUKa) as the index Io of the storage tuple (PUKo, PUKa, ALo, Po);

将(PUKa、PUKo)取哈希值后作为存储元组(PUKa、PUKo、ALa、Pa)的索引Ia。随后将存储请求发送到请求池中,在有3个及以上的共识节点达成共识后将信息存储到区块中。Take the hash value of (PUKa, PUKo) as the index Ia of the storage tuple (PUKa, PUKo, ALa, Pa). Then the storage request is sent to the request pool, and the information is stored in the block after 3 or more consensus nodes reach a consensus.

3.用户共享数据。用户将数据使用共享密钥SKu加密并附加上访问权限列表alu后签名发往代理,代理核对用户身份成功后,根据索引Iu生成请求发送到请求池中。共识与处理节点根据索引Iu查找区块链存储元组(PUKu、PUKa、ALu、Pu),并依据PKUu、PKUa是否相同进行投票,在有3个及以上的共识节点达成同意共识后,将加密数据存储到链下DHT网络D(Pu)处,在区块中更新访问权限列表alu并存储指向该加密数据的指针Pu(Pu也是加密后用户数据的哈希值)。3. Users share data. The user encrypts the data with the shared key SKu and attaches the access list alu to the signature and sends it to the agent. After the agent checks the user's identity successfully, it generates a request according to the index Iu and sends it to the request pool. The consensus and processing nodes look up the blockchain storage tuples (PUKu, PUKa, ALu, Pu) according to the index Iu, and vote based on whether PKUu and PKUa are the same. After 3 or more consensus nodes reach a consensus, the encrypted The data is stored in the off-chain DHT network D(Pu), the access permission list alu is updated in the block and the pointer Pu pointing to the encrypted data is stored (Pu is also the hash value of encrypted user data).

4.机构或其他用户访问数据。代理代表机构请求数据,代理在请求中包含机构的签名数据、机构申请的访问权限Alo,末尾附加上代理自己的数字签名,并将请求发送到请求池中共识与处理节点根据索引Iu查找区块链存储的元组(PUKu、PUKa、ALu、Pu),并依据PKUu、PKUa是否相同以及Alo是否属于ALu进行投票,在有3个及以上的共识与处理节点达成同意共识后,则向代理返回存储于DHT网络中的加密数据D(Pu)。代理将数据使用共享密钥SKu解密,然后再使用共享密钥SKo加密并签名后发回机构。4. Access to data by institutions or other users. The agent requests data on behalf of the institution, and the agent includes the signature data of the institution, the access authority Alo applied by the institution in the request, appends the digital signature of the agent itself at the end, and sends the request to the consensus and processing node in the request pool to find the block according to the index Iu The tuples (PUKu, PUKa, ALu, Pu) stored in the chain, and vote according to whether PKUu, PKUa are the same and whether Alo belongs to ALu. After 3 or more consensus and processing nodes reach a consensus, they will return to the agent Encrypted data D(Pu) stored in the DHT network. The agent decrypts the data with the shared key SKu, and then encrypts and signs the data with the shared key SKo and sends it back to the agency.

5.区块链存储机构访问记录。代理将访问记录使用共享密钥SKa加密,加上代理设置的访问权限列表Ala,末尾加上自己的数字签名后发送到请求池中。共识与处理节点依据据索引Ia查找区块链存储的元组(PUKa、PUKu、ALa、Pa),依据PUKa、PUKu是否相同进行投票,在有3个及以上的共识与处理节点达成同意共识后,将加密访问记录存储到链下DHT网络D(Pl)处.在区块中更新访问权限列表Ala以及指向该加密日志的指针Pl(Pl也是加密后日志的哈希值)。5. Blockchain storage institution access records. The agent encrypts the access record with the shared key SKa, adds the access permission list Ala set by the agent, adds its own digital signature at the end, and sends it to the request pool. The consensus and processing nodes look up the tuples (PUKa, PUKu, ALa, Pa) stored in the blockchain according to the index Ia, and vote based on whether PUKa and PUKu are the same. After 3 or more consensus and processing nodes reach a consensus , store the encrypted access records in the off-chain DHT network D(Pl). Update the access authority list Ala and the pointer Pl pointing to the encrypted log in the block (Pl is also the hash value of the encrypted log).

6.用户跟踪数据的使用。代理代表用户发出请求,包含用户申请的访问权限Alu,并在末尾加上自己的数字签名后发送到请求池中。共识与处理节点依据请求中索引Ia,查找区块链存储的元组(PUKa、PUKu、ALa、Pa),并依据PKUa、PKUu是否相同以及Alu是否属于ALa进行投票,在有3个及以上的共识与处理节点达成同意共识后,则向代理返回存储于DHT网络中的加密日志D(Pl)。代理随后将加密日志返回给用户。6. Use of User Tracking Data. The agent sends a request on behalf of the user, including the access permission Alu applied by the user, and sends it to the request pool after adding its own digital signature at the end. The consensus and processing node looks up the tuples (PUKa, PUKu, ALa, Pa) stored in the blockchain according to the index Ia in the request, and votes based on whether PKUa, PKUu are the same and whether Alu belongs to ALa. After the consensus and processing nodes reach a consensus, the encrypted log D(Pl) stored in the DHT network is returned to the agent. The agent then returns encrypted logs to the user.

7.用户更改数据访问权限。代理代表用户发出请求,包含用户要更改的访问权限Alu,并在末尾加上自己的数字签名后发送到请求池中。共识与处理节点根据请求中索引Iu查找区块链存储的元组(PUKu、PUKa、ALu、Pu),并依据PKUu、PKUa是否相同进行投票,在有3个及以上的共识节点达成同意共识后,将新的Alu存入到区块中。7. User changes data access rights. The agent sends out a request on behalf of the user, including the access right Alu that the user wants to change, and adds its own digital signature at the end and sends it to the request pool. The consensus and processing nodes look up the tuples (PUKu, PUKa, ALu, Pu) stored in the blockchain according to the index Iu in the request, and vote based on whether PKUu and PKUa are the same. After 3 or more consensus nodes reach a consensus , deposit the new Alu into the block.

8.区块链与链下分布式哈希表存储设施间的加密通信可以混合采用公私钥体系、对称密钥体系实现。8. The encrypted communication between the blockchain and the distributed hash table storage facility under the chain can be realized by mixing public and private key systems and symmetric key systems.

9.图中的代理为一个逻辑实体,可以分布式的存在于网络上,为进一步保证数据安全,其提供的服务的实现基于安全多方计算技术。9. The agent in the figure is a logical entity that can exist in a distributed manner on the network. In order to further ensure data security, the realization of the services it provides is based on secure multi-party computing technology.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何属于本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, any changes or substitutions that can be easily imagined by those skilled in the art within the technical scope disclosed in the present invention, All should be covered within the protection scope of the present invention.

Claims (10)

1.基于区块链的用户数据访问控制方法,其特征在于,包括1. The user data access control method based on block chain, it is characterized in that, comprising 在区块链中注册信息处理后,设置每个用户数据访问请求的限制条件为只接收用户本身访问请求或满足用户设置权限的代理访问请求,同时设置第三方用户只通过代理发出用户数据访问请求且只以代理身份进行用户数据访问。After registering information processing in the blockchain, set the restriction conditions for each user data access request to only receive the user's own access request or proxy access request that meets the user's set permissions, and set third-party users to only issue user data access requests through the proxy And only access user data as a proxy. 2.根据权利要求1所述的基于区块链的用户数据访问控制方法,其特征在于,所述区块链中注册信息处理包括以下步骤:2. the block chain-based user data access control method according to claim 1, is characterized in that, in the block chain, registration information processing comprises the following steps: 步骤1、用户和第三方用户在区块链注册成功后,生成用户的公钥、私钥、共享密钥和预定义访问权限列表且生成第三方用户的公钥、私钥、共享密钥和预定义访问权限列表,同时还生成代理的公钥、私钥、共享密钥和预定义访问权限列表,接着用户与代理对应交换各自的公钥和共享密钥、第三方用户与代理对应交互各自的公钥和共享密钥;Step 1. After the user and the third-party user successfully register in the blockchain, the user's public key, private key, shared key and predefined access rights list are generated, and the third-party user's public key, private key, shared key and Pre-defined access rights list, and also generate the agent's public key, private key, shared key and predefined access rights list, then the user and the agent exchange their respective public keys and shared keys, and third-party users interact with the agent correspondingly public key and shared secret; 步骤2、由代理结合代理、用户和第三方用户的公钥和预定义访问权限列表进行计算,得到第三方用户公钥、用户公钥和代理公钥的哈希值,再Step 2. The agent calculates the public key of the agent, the user and the third-party user and the predefined access list to obtain the hash value of the third-party user public key, the user public key and the agent public key, and then 将用户公钥和代理公钥顺序取哈希值后作为顺序包含用户公钥、代理公钥、用户预定义访问权限列表和第一指针的第一存储元组的第一索引,The hash value of the user public key and the proxy public key is sequentially taken as the first index of the first storage tuple that sequentially includes the user public key, the proxy public key, the user's predefined access permission list and the first pointer, 将代理公钥和用户公钥顺序取哈希值后作为顺序包含代理公钥、用户公钥、代理预定义访问权限列表和第二指针的第二存储元组的第二索引,Taking the hash value of the proxy public key and the user public key sequentially as the second index of the second storage tuple that sequentially includes the proxy public key, the user public key, the proxy predefined access permission list and the second pointer, 将第三方用户公钥和代理公钥顺序取哈希值后作为顺序包含第三方用户公钥、代理公钥、第三方用户预定义访问权限列表和第三指针的第三存储元组的第三索引,Take the hash value of the third-party user public key and proxy public key sequentially as the third storage tuple that sequentially contains the third-party user public key, proxy public key, third-party user predefined access permission list and third pointer index, 同时,将代理公钥和第三方用户公钥顺序取哈希值后作为顺序包含代理公钥、第三方用户公钥、代理预定义访问权限列表和第四指针的第四存储元组的第四索引;At the same time, take the hash value of the proxy public key and the third-party user public key sequentially as the fourth element of the fourth storage tuple containing the proxy public key, the third-party user public key, the proxy predefined access permission list and the fourth pointer. index; 步骤3、发起信息存储请求至请求池,在阈值数量的共识与处理节点均达成共识时将所有存储元组及其对应索引存储至区块链中。Step 3. Initiate an information storage request to the request pool, and store all storage tuples and their corresponding indexes in the blockchain when a threshold number of consensus and processing nodes reach a consensus. 3.根据权利要求2所述的基于区块链的用户数据访问控制方法,其特征在于,还包括用户通过满足用户设置权限的代理进行共享数据,其包括以下步骤:3. The block chain-based user data access control method according to claim 2, further comprising the user sharing data through an agent that satisfies the user's set authority, which includes the following steps: 步骤1、用户将数据使用用户的共享密钥加密并附上所设置的用户预定义访问权限列表,签名后得到加密数据,将加密数据发往代理;Step 1. The user encrypts the data with the user's shared key and attaches the user's predefined access rights list. After signing, the encrypted data is obtained, and the encrypted data is sent to the agent; 步骤2、代理核对用户身份成功后,根据第一索引生成加密数据共享请求并将加密数据共享请求发送到请求池;Step 2. After the agent successfully checks the user's identity, it generates an encrypted data sharing request according to the first index and sends the encrypted data sharing request to the request pool; 步骤3、通过共识与处理节点按第一索引找出区块链所存储的第一存储元组,再根据用户和代理的注册信息进行第一类投票共识验证,在阈值数量的共识与处理节点均达成共识时,将加密数据存储至区块链下的分布式哈希表网络,再更新步骤1中用户预定义访问权限列表,并同时存储指向加密数据的指针。Step 3. Use the consensus and processing nodes to find out the first storage tuple stored in the blockchain according to the first index, and then perform the first type of voting consensus verification according to the registration information of users and agents. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted data is stored in the distributed hash table network under the blockchain, and then the user's predefined access permission list in step 1 is updated, and a pointer to the encrypted data is stored at the same time. 4.根据权利要求3所述的基于区块链的用户数据访问控制方法,其特征在于,所述第三方用户以代理身份进行用户数据访问,包括以下步骤:4. The block chain-based user data access control method according to claim 3, wherein the third-party user performs user data access as an agent, comprising the following steps: 步骤1、由代理在用户数据的访问请求中写入第三方用户的签名数据和预定义访问权限列表,并以代理的签名数据结尾,再将访问请求发送到请求池;Step 1. The agent writes the third-party user's signature data and predefined access permission list in the user data access request, ends with the agent's signature data, and then sends the access request to the request pool; 步骤2、通过共识与处理节点按第一索引找出区块链所存储的第一存储元组,再根据用户和代理的注册信息进行第二类投票共识验证,在阈值数量的共识与处理节点均达成共识时,向代理返回存储于区块链下分布式哈希表网络的加密数据;Step 2. Use the consensus and processing nodes to find out the first storage tuple stored in the blockchain according to the first index, and then perform the second type of voting consensus verification according to the registration information of users and agents. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted data stored in the distributed hash table network under the blockchain is returned to the agent; 步骤3、通过代理将加密数据通过用户共享密钥解密,然后利用第三方用户共享密钥对解密后的数据再加密,签名后将再加密数据发送至第三方用户。Step 3. The encrypted data is decrypted by the proxy through the user's shared key, and then the decrypted data is re-encrypted using the third-party user's shared key, and the re-encrypted data is sent to the third-party user after signing. 5.根据权利要求3或4所述的基于区块链的用户数据访问控制方法,其特征在于,所述加密数据的指针为指向用户加密数据的哈希值,指向区块链下分布式哈希表网络中的一个键-值对。5. The block chain-based user data access control method according to claim 3 or 4, wherein the pointer of the encrypted data is a hash value pointing to the encrypted data of the user, pointing to a distributed hash value under the block chain. A key-value pair in a Greek table network. 6.基于区块链的日志访问控制方法,其特征在于,包括6. The log access control method based on block chain, it is characterized in that, comprising 在区块链中注册信息处理后,设置每个用户数据访问日志访问请求的限制条件为只接收代理访问日志访问请求或满足代理设置权限的用户访问日志访问请求,同时设置第三方用户只通过代理发出用户数据访问日志的访问请求且只以代理身份进行用户数据访问日志的访问。After registering information processing in the blockchain, set the restriction condition of each user data access log access request to only receive proxy access log access requests or user access log access requests that meet the proxy setting permissions, and set third-party users to only pass through the proxy Issue an access request to the user data access log and access the user data access log only as a proxy. 7.根据权利要求6所述的基于区块链的日志访问控制方法,其特征在于,所述区块链中注册信息处理包括以下步骤:7. The log access control method based on block chain according to claim 6, wherein the registration information processing in the block chain comprises the following steps: 步骤1、用户和第三方用户在区块链注册成功后,生成用户的公钥、私钥、共享密钥和预定义访问权限列表且生成第三方用户的公钥、私钥、共享密钥和预定义访问权限列表,同时还生成代理的公钥、私钥、共享密钥和预定义访问权限列表,接着用户与代理对应交换各自的公钥和共享密钥、第三方用户与代理对应交互各自的公钥和共享密钥;Step 1. After the user and the third-party user successfully register in the blockchain, the user's public key, private key, shared key and predefined access rights list are generated, and the third-party user's public key, private key, shared key and Pre-defined access rights list, and also generate the agent's public key, private key, shared key and predefined access rights list, then the user and the agent exchange their respective public keys and shared keys, and third-party users interact with the agent correspondingly public key and shared secret; 步骤2、由代理结合代理、用户和第三方用户的公钥和预定义访问权限列表进行计算,得到第三方用户公钥、用户公钥和代理公钥的哈希值,再Step 2. The agent calculates the public key of the agent, the user and the third-party user and the predefined access list to obtain the hash value of the third-party user public key, the user public key and the agent public key, and then 将用户公钥和代理公钥顺序取哈希值后作为顺序包含用户公钥、代理公钥、用户预定义访问权限列表和第一指针的第一存储元组的第一索引,The hash value of the user public key and the proxy public key is sequentially taken as the first index of the first storage tuple that sequentially includes the user public key, the proxy public key, the user's predefined access permission list and the first pointer, 将代理公钥和用户公钥顺序取哈希值后作为顺序包含代理公钥、用户公钥、代理预定义访问权限列表和第二指针的第二存储元组的第二索引,Taking the hash value of the proxy public key and the user public key sequentially as the second index of the second storage tuple that sequentially includes the proxy public key, the user public key, the proxy predefined access permission list and the second pointer, 将第三方用户公钥和代理公钥顺序取哈希值后作为顺序包含第三方用户公钥、代理公钥、第三方用户预定义访问权限列表和第三指针的第三存储元组的第三索引,Take the hash value of the third-party user public key and proxy public key sequentially as the third storage tuple that sequentially contains the third-party user public key, proxy public key, third-party user predefined access permission list and third pointer index, 同时,将代理公钥和第三方用户公钥顺序取哈希值后作为顺序包含代理公钥、第三方用户公钥、代理预定义访问权限列表和第四指针的第四存储元组的第四索引;At the same time, take the hash value of the proxy public key and the third-party user public key sequentially as the fourth element of the fourth storage tuple containing the proxy public key, the third-party user public key, the proxy predefined access permission list and the fourth pointer. index; 步骤3、发起信息存储请求至请求池,在阈值数量的共识与处理节点均达成共识时将所有存储元组及其对应索引存储至区块链中。Step 3. Initiate an information storage request to the request pool, and store all storage tuples and their corresponding indexes in the blockchain when a threshold number of consensus and processing nodes reach a consensus. 8.根据权利要求7所述的基于区块链的日志访问控制方法,其特征在于,所述第三方用户通过代理对访问日志进行访问,包括以下步骤:8. The block chain-based log access control method according to claim 7, wherein the third-party user accesses the access log through an agent, comprising the following steps: 步骤1、由代理将访问日志通过代理共享密钥加密、附加上代理预定义访问权限列表再以代理签名数据结尾,得到加密访问日志并生成访问日志访问请求并将访问日志访问请求发送至请求池;Step 1. The agent encrypts the access log with the agent's shared key, appends the agent's predefined access permission list, and ends with the agent's signature data to obtain the encrypted access log, generate an access log access request, and send the access log access request to the request pool ; 步骤2、通过共识与处理节点按第二索引找出区块链所存储的第二存储元组,再根据代理和用户的注册信息进行第三类投票共识验证,在阈值数量的共识与处理节点均达成共识时,将加密访问日志存储至区块链下的分布式哈希表网络,再更新步骤1中代理预定义访问权限列表,并同时存储指向加密访问日志的指针。Step 2. Use the consensus and processing nodes to find out the second storage tuple stored in the blockchain according to the second index, and then perform the third type of voting consensus verification according to the registration information of the agent and the user. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted access log is stored in the distributed hash table network under the blockchain, and then the agent's predefined access permission list in step 1 is updated, and a pointer to the encrypted access log is stored at the same time. 9.根据权利要求8所述的基于区块链的日志访问控制方法,其特征在于,还包括用户通过代理对访问日志进行访问,其包括以下步骤:9. The block chain-based log access control method according to claim 8, further comprising the user accessing the access log by an agent, comprising the following steps: 步骤1、由代理在访问日志的访问请求中写入用户预定义访问权限列表,并以代理的签名数据结尾,再将访问请求发送到请求池;Step 1. The agent writes the user's predefined access permission list in the access request of the access log, ends with the agent's signature data, and then sends the access request to the request pool; 步骤2、通过共识与处理节点按第二索引找出区块链所存储的第二存储元组,再根据代理和用户的注册信息进行第四类投票共识验证,在阈值数量的共识与处理节点均达成共识时,向代理返回存储于区块链下分布式哈希表网络的加密访问日志;Step 2. Use the consensus and processing nodes to find out the second storage tuple stored in the blockchain according to the second index, and then perform the fourth type of voting consensus verification according to the registration information of the agent and the user. When the threshold number of consensus and processing nodes When a consensus is reached, the encrypted access log stored in the distributed hash table network under the blockchain is returned to the agent; 步骤3、由代理将加密访问日志返回给用户。Step 3: The agent returns the encrypted access log to the user. 10.根据权利要求8或9所述的基于区块链的日志访问控制方法,其特征在于,所述加密访问日志的指针为指向用户加密访问日志的哈希值,指向区块链下分布式哈希表网络中的一个键-值对。10. The block chain-based log access control method according to claim 8 or 9, wherein the pointer of the encrypted access log is a hash value pointing to the encrypted access log of the user, and points to the distributed access log under the block chain. A key-value pair in a hashtable network.
CN201710287859.9A 2017-04-27 2017-04-27 Data access control method based on block chain Pending CN107103252A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710287859.9A CN107103252A (en) 2017-04-27 2017-04-27 Data access control method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710287859.9A CN107103252A (en) 2017-04-27 2017-04-27 Data access control method based on block chain

Publications (1)

Publication Number Publication Date
CN107103252A true CN107103252A (en) 2017-08-29

Family

ID=59656988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710287859.9A Pending CN107103252A (en) 2017-04-27 2017-04-27 Data access control method based on block chain

Country Status (1)

Country Link
CN (1) CN107103252A (en)

Cited By (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682337A (en) * 2017-10-11 2018-02-09 深圳市轱辘车联数据技术有限公司 The processing method and system of a kind of vehicle data
CN107833052A (en) * 2017-10-27 2018-03-23 南京物联传感技术有限公司 A kind of polymerization payment system and method for work based on block chain
CN107886006A (en) * 2017-11-28 2018-04-06 北京博晨技术有限公司 Data manipulation method, device and electronic equipment
CN108023794A (en) * 2017-12-04 2018-05-11 四川长虹电器股份有限公司 A kind of equipment access control method and device
CN108123936A (en) * 2017-12-13 2018-06-05 北京科技大学 A kind of access control method and system based on block chain technology
CN108197959A (en) * 2018-01-23 2018-06-22 华南理工大学 A kind of fast verification pond based on block chain, fast verification system and operating method
CN108364223A (en) * 2017-12-29 2018-08-03 阿里巴巴集团控股有限公司 A kind of method and device of Data Audit
CN108449336A (en) * 2018-03-16 2018-08-24 浙江创邻科技有限公司 Data traceability based on block chain and strong encryption method, apparatus, medium and system
CN108566420A (en) * 2018-03-29 2018-09-21 上海点融信息科技有限责任公司 Data processing method, equipment and computer readable storage medium for block chain
CN108712380A (en) * 2018-04-12 2018-10-26 三维通信股份有限公司 A kind of mixing identity identifying method based on strategy
CN108718341A (en) * 2018-05-30 2018-10-30 北京阿尔山金融科技有限公司 Shared and search the method for data
CN108737374A (en) * 2018-04-12 2018-11-02 三维通信股份有限公司 The method for secret protection that data store in a kind of block chain
CN108989022A (en) * 2018-06-08 2018-12-11 中国科学院计算技术研究所 A kind of smart item shared key method for building up and system based on block chain
CN109087214A (en) * 2018-07-23 2018-12-25 江苏恒宝智能系统技术有限公司 A kind of natural gas life payment management system based on block chain
CN109102849A (en) * 2018-07-18 2018-12-28 郑州云海信息技术有限公司 A kind of health account application method and device based on block chain
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109274481A (en) * 2018-08-01 2019-01-25 中国科学院数据与通信保护研究教育中心 Data tracking method for blockchain
CN109302281A (en) * 2018-11-05 2019-02-01 陈德辉 Method and system for implementing a social network
CN109309650A (en) * 2017-07-27 2019-02-05 华为技术有限公司 Method, terminal device and network device for processing data
CN109345404A (en) * 2018-06-04 2019-02-15 山东省农业可持续发展研究所 A kind of sharing method based on block chain agricultural data
CN109359223A (en) * 2018-09-17 2019-02-19 重庆邮电大学 Distributed storage technology of blockchain ledger based on erasure code
CN109376172A (en) * 2018-09-27 2019-02-22 精硕科技(北京)股份有限公司 Data capture method and system based on block chain
CN109408523A (en) * 2018-10-10 2019-03-01 罗克佳华科技集团股份有限公司 Data sharing method, device, data sharing platform, electronic equipment
CN109600366A (en) * 2018-12-06 2019-04-09 中链科技有限公司 The method and device of protection user data privacy based on block chain
CN109753817A (en) * 2018-12-28 2019-05-14 全链通有限公司 Medical information secure storage scheme based on block chain
CN109803015A (en) * 2019-01-21 2019-05-24 韩雪松 A kind of decentralization shared memory systems and its control method based on D2D
CN109902074A (en) * 2019-04-17 2019-06-18 江苏全链通信息科技有限公司 Log storing method and system based on data center
CN110019490A (en) * 2019-04-01 2019-07-16 北京柏链基石科技有限公司 Blockchain-based information query method, device and equipment
CN110019235A (en) * 2017-12-29 2019-07-16 百度在线网络技术(北京)有限公司 Data storage, restoration methods, device, equipment and medium based on block chain
CN110086755A (en) * 2018-01-26 2019-08-02 巍乾全球技术有限责任公司 Realize method, application server, internet of things equipment and the medium of Internet of Things service
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN110336813A (en) * 2019-07-02 2019-10-15 北京启迪区块链科技发展有限公司 A kind of access control method, device, equipment and storage medium
CN110417750A (en) * 2019-07-09 2019-11-05 北京健网未来科技有限公司 File based on block chain technology is read and method, terminal device and the storage medium of storage
CN110414268A (en) * 2019-07-23 2019-11-05 北京启迪区块链科技发展有限公司 Access control method, device, equipment and storage medium
CN110490741A (en) * 2019-08-13 2019-11-22 山大地纬软件股份有限公司 Device and method for data validity and controllability management in blockchain
CN110611641A (en) * 2018-06-15 2019-12-24 成都高新信息技术研究院 Block chain mobile user terminal system
CN110785981A (en) * 2018-05-29 2020-02-11 甲骨文国际公司 Securing access to confidential data using blockchain ledgers
CN110830428A (en) * 2018-08-13 2020-02-21 上海诺亚投资管理有限公司 Block chain financial big data processing method and system
CN110855760A (en) * 2019-10-29 2020-02-28 上海海加网络科技有限公司 Block chain-based distributed secure storage system deployment method
CN110909073A (en) * 2018-09-14 2020-03-24 宏达国际电子股份有限公司 Method and system for sharing private data based on intelligent contracts
CN111177695A (en) * 2019-12-20 2020-05-19 杭州甘道智能科技有限公司 Intelligent household equipment access control method based on block chain
CN111199044A (en) * 2018-11-20 2020-05-26 中国电信股份有限公司 Data storage method, device and storage medium
CN111327618A (en) * 2020-02-25 2020-06-23 青岛万民科技有限公司 A blockchain-based precise access control method, device and system
CN111444530A (en) * 2020-04-30 2020-07-24 中国银行股份有限公司 System data access authority control method and device based on block chain and modules
CN111488347A (en) * 2020-04-08 2020-08-04 北京瑞策科技有限公司 Data query method and device based on service data block chain
JP2020524434A (en) * 2017-06-20 2020-08-13 エヌチェーン ホールディングス リミテッドNchain Holdings Limited Method and special network node for high speed propagation in blockchain networks
CN111740989A (en) * 2020-06-19 2020-10-02 大连理工大学 A blockchain-oriented lightweight data encryption method for IoT chips
CN111917761A (en) * 2020-07-28 2020-11-10 安徽高山科技有限公司 Data security protection method based on block chain cloud computing
CN112328984A (en) * 2020-11-24 2021-02-05 深圳市鹰硕技术有限公司 Data security management method and system applied to big data
CN112364366A (en) * 2020-11-26 2021-02-12 中国人民解放军国防科技大学 Block chain-based alliance data sharing access control method and system
CN112765603A (en) * 2021-01-28 2021-05-07 电子科技大学 Abnormity tracing method combining system log and origin graph
CN112788107A (en) * 2020-12-29 2021-05-11 长威信息科技发展股份有限公司 Method and system for secure multi-party computing and data sharing
CN113589904A (en) * 2021-08-13 2021-11-02 永旗(北京)科技有限公司 Data access system and method based on block chain
CN114679330A (en) * 2022-03-31 2022-06-28 广西玉林链向千禧大数据有限公司 Block chain-based universal object interconnection data access control method
CN114938278A (en) * 2022-04-11 2022-08-23 北京邮电大学 Zero trust access control method and device
CN115335842A (en) * 2020-01-21 2022-11-11 格特奇科德股份有限公司 System and method for protecting and sharing data using distributed ledger technology
WO2022252912A1 (en) * 2021-06-04 2022-12-08 华为技术有限公司 User data management method and related device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system
WO2016128491A1 (en) * 2015-02-11 2016-08-18 British Telecommunications Public Limited Company Validating computer resource usage

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016128491A1 (en) * 2015-02-11 2016-08-18 British Telecommunications Public Limited Company Validating computer resource usage
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XIA Q 等: "BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments", 《INFORMATION》 *

Cited By (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7154234B6 (en) 2017-06-20 2022-11-28 エヌチェーン ライセンシング アーゲー Methods and specialized network nodes for fast propagation in blockchain networks
JP7154234B2 (en) 2017-06-20 2022-10-17 エヌチェーン ホールディングス リミテッド Methods and specialized network nodes for fast propagation in blockchain networks
JP2020524434A (en) * 2017-06-20 2020-08-13 エヌチェーン ホールディングス リミテッドNchain Holdings Limited Method and special network node for high speed propagation in blockchain networks
CN109309650A (en) * 2017-07-27 2019-02-05 华为技术有限公司 Method, terminal device and network device for processing data
CN107682337A (en) * 2017-10-11 2018-02-09 深圳市轱辘车联数据技术有限公司 The processing method and system of a kind of vehicle data
CN107833052B (en) * 2017-10-27 2021-02-02 南京物联传感技术有限公司 Block chain-based aggregated payment system and working method
CN107833052A (en) * 2017-10-27 2018-03-23 南京物联传感技术有限公司 A kind of polymerization payment system and method for work based on block chain
CN107886006A (en) * 2017-11-28 2018-04-06 北京博晨技术有限公司 Data manipulation method, device and electronic equipment
CN107886006B (en) * 2017-11-28 2020-06-02 北京博晨技术有限公司 Data operation method and device and electronic equipment
CN108023794A (en) * 2017-12-04 2018-05-11 四川长虹电器股份有限公司 A kind of equipment access control method and device
CN108123936A (en) * 2017-12-13 2018-06-05 北京科技大学 A kind of access control method and system based on block chain technology
CN108364223A (en) * 2017-12-29 2018-08-03 阿里巴巴集团控股有限公司 A kind of method and device of Data Audit
CN110019235A (en) * 2017-12-29 2019-07-16 百度在线网络技术(北京)有限公司 Data storage, restoration methods, device, equipment and medium based on block chain
CN110019235B (en) * 2017-12-29 2021-08-17 百度在线网络技术(北京)有限公司 Block chain based data storage and recovery method, device, equipment and medium
US11295381B2 (en) 2017-12-29 2022-04-05 Advanced New Technologies Co., Ltd. Data auditing method and device
CN108197959A (en) * 2018-01-23 2018-06-22 华南理工大学 A kind of fast verification pond based on block chain, fast verification system and operating method
CN108197959B (en) * 2018-01-23 2020-11-27 华南理工大学 A blockchain-based fast verification pool, fast verification system and operation method
CN110086755B (en) * 2018-01-26 2022-06-21 巍乾全球技术有限责任公司 Method for realizing service of Internet of things, application server, Internet of things equipment and medium
US11546173B2 (en) 2018-01-26 2023-01-03 Vechain Global Technology Sarl Methods, application server, IoT device and media for implementing IoT services
CN110086755A (en) * 2018-01-26 2019-08-02 巍乾全球技术有限责任公司 Realize method, application server, internet of things equipment and the medium of Internet of Things service
CN108449336A (en) * 2018-03-16 2018-08-24 浙江创邻科技有限公司 Data traceability based on block chain and strong encryption method, apparatus, medium and system
US12058253B2 (en) 2018-03-19 2024-08-06 Huawei Technologies Co., Ltd Method and apparatus for controlling data access right to data stored on a blockchain
CN110290094B (en) * 2018-03-19 2022-03-11 华为技术有限公司 A method and device for controlling data access authority
CN110290094A (en) * 2018-03-19 2019-09-27 华为技术有限公司 A method and device for controlling data access authority
US11563569B2 (en) 2018-03-19 2023-01-24 Huawei Technologies Co., Ltd. Method and apparatus for controlling data access right to data stored on a blockchain
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN108566420A (en) * 2018-03-29 2018-09-21 上海点融信息科技有限责任公司 Data processing method, equipment and computer readable storage medium for block chain
CN108737374B (en) * 2018-04-12 2021-11-09 三维通信股份有限公司 Privacy protection method for data storage in block chain
CN108737374A (en) * 2018-04-12 2018-11-02 三维通信股份有限公司 The method for secret protection that data store in a kind of block chain
CN108712380A (en) * 2018-04-12 2018-10-26 三维通信股份有限公司 A kind of mixing identity identifying method based on strategy
US11599668B2 (en) 2018-05-29 2023-03-07 Oracle International Corporation Securing access to confidential data using a blockchain ledger
US12045372B2 (en) 2018-05-29 2024-07-23 Oracle International Corporation Securing access to confidential data using a blockchain ledger
CN110785981B (en) * 2018-05-29 2023-01-17 甲骨文国际公司 Securing Access to Confidential Data Using a Blockchain Ledger
CN110785981A (en) * 2018-05-29 2020-02-11 甲骨文国际公司 Securing access to confidential data using blockchain ledgers
CN108718341A (en) * 2018-05-30 2018-10-30 北京阿尔山金融科技有限公司 Shared and search the method for data
CN109345404A (en) * 2018-06-04 2019-02-15 山东省农业可持续发展研究所 A kind of sharing method based on block chain agricultural data
CN108989022B (en) * 2018-06-08 2021-11-09 中国科学院计算技术研究所 Intelligent object shared key establishment method and system based on block chain
CN108989022A (en) * 2018-06-08 2018-12-11 中国科学院计算技术研究所 A kind of smart item shared key method for building up and system based on block chain
CN110611641A (en) * 2018-06-15 2019-12-24 成都高新信息技术研究院 Block chain mobile user terminal system
CN110611641B (en) * 2018-06-15 2021-11-02 成都高新信息技术研究院 Block chain mobile user terminal system
CN109102849A (en) * 2018-07-18 2018-12-28 郑州云海信息技术有限公司 A kind of health account application method and device based on block chain
CN109087214A (en) * 2018-07-23 2018-12-25 江苏恒宝智能系统技术有限公司 A kind of natural gas life payment management system based on block chain
CN109274481B (en) * 2018-08-01 2020-03-27 中国科学院数据与通信保护研究教育中心 A blockchain-based data traceability method
WO2020024465A1 (en) * 2018-08-01 2020-02-06 中国科学院数据与通信保护研究教育中心 Block chain data traceability method
CN109274481A (en) * 2018-08-01 2019-01-25 中国科学院数据与通信保护研究教育中心 Data tracking method for blockchain
CN110830428A (en) * 2018-08-13 2020-02-21 上海诺亚投资管理有限公司 Block chain financial big data processing method and system
CN110909073A (en) * 2018-09-14 2020-03-24 宏达国际电子股份有限公司 Method and system for sharing private data based on intelligent contracts
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109359223A (en) * 2018-09-17 2019-02-19 重庆邮电大学 Distributed storage technology of blockchain ledger based on erasure code
CN109376172A (en) * 2018-09-27 2019-02-22 精硕科技(北京)股份有限公司 Data capture method and system based on block chain
CN109376172B (en) * 2018-09-27 2020-09-29 精硕科技(北京)股份有限公司 Data acquisition method and system based on block chain
CN109408523B (en) * 2018-10-10 2020-06-02 罗克佳华科技集团股份有限公司 Data sharing method and device, data sharing platform and electronic equipment
CN109408523A (en) * 2018-10-10 2019-03-01 罗克佳华科技集团股份有限公司 Data sharing method, device, data sharing platform, electronic equipment
CN109302281A (en) * 2018-11-05 2019-02-01 陈德辉 Method and system for implementing a social network
CN109302281B (en) * 2018-11-05 2021-12-14 陈德辉 Method and system for implementing a social network
CN111199044A (en) * 2018-11-20 2020-05-26 中国电信股份有限公司 Data storage method, device and storage medium
CN111199044B (en) * 2018-11-20 2022-06-17 中国电信股份有限公司 Data storage method, device and storage medium
CN109600366A (en) * 2018-12-06 2019-04-09 中链科技有限公司 The method and device of protection user data privacy based on block chain
CN109753817A (en) * 2018-12-28 2019-05-14 全链通有限公司 Medical information secure storage scheme based on block chain
CN109803015A (en) * 2019-01-21 2019-05-24 韩雪松 A kind of decentralization shared memory systems and its control method based on D2D
CN109803015B (en) * 2019-01-21 2021-10-12 韩雪松 Decentralized shared storage system based on D2D and control method thereof
CN110019490A (en) * 2019-04-01 2019-07-16 北京柏链基石科技有限公司 Blockchain-based information query method, device and equipment
CN109902074A (en) * 2019-04-17 2019-06-18 江苏全链通信息科技有限公司 Log storing method and system based on data center
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
CN110109930B (en) * 2019-05-15 2020-07-03 山东省计算中心(国家超级计算济南中心) Government data storage, query method and system based on blockchain double-chain structure
CN110336813A (en) * 2019-07-02 2019-10-15 北京启迪区块链科技发展有限公司 A kind of access control method, device, equipment and storage medium
CN110336813B (en) * 2019-07-02 2021-08-17 北京启迪区块链科技发展有限公司 Access control method, device, equipment and storage medium
CN110417750A (en) * 2019-07-09 2019-11-05 北京健网未来科技有限公司 File based on block chain technology is read and method, terminal device and the storage medium of storage
CN110417750B (en) * 2019-07-09 2020-07-03 北京健网未来科技有限公司 Block chain technology-based file reading and storing method, terminal device and storage medium
CN110414268A (en) * 2019-07-23 2019-11-05 北京启迪区块链科技发展有限公司 Access control method, device, equipment and storage medium
CN110490741A (en) * 2019-08-13 2019-11-22 山大地纬软件股份有限公司 Device and method for data validity and controllability management in blockchain
CN110855760A (en) * 2019-10-29 2020-02-28 上海海加网络科技有限公司 Block chain-based distributed secure storage system deployment method
CN111177695A (en) * 2019-12-20 2020-05-19 杭州甘道智能科技有限公司 Intelligent household equipment access control method based on block chain
CN115335842A (en) * 2020-01-21 2022-11-11 格特奇科德股份有限公司 System and method for protecting and sharing data using distributed ledger technology
CN111327618A (en) * 2020-02-25 2020-06-23 青岛万民科技有限公司 A blockchain-based precise access control method, device and system
CN111488347A (en) * 2020-04-08 2020-08-04 北京瑞策科技有限公司 Data query method and device based on service data block chain
CN111444530A (en) * 2020-04-30 2020-07-24 中国银行股份有限公司 System data access authority control method and device based on block chain and modules
CN111444530B (en) * 2020-04-30 2023-08-18 中国银行股份有限公司 System data access authority control method and device based on block chain and modules
CN111740989A (en) * 2020-06-19 2020-10-02 大连理工大学 A blockchain-oriented lightweight data encryption method for IoT chips
CN111917761A (en) * 2020-07-28 2020-11-10 安徽高山科技有限公司 Data security protection method based on block chain cloud computing
CN112328984A (en) * 2020-11-24 2021-02-05 深圳市鹰硕技术有限公司 Data security management method and system applied to big data
CN112328984B (en) * 2020-11-24 2024-02-09 深圳市鹰硕技术有限公司 Data security management method and system applied to big data
CN112364366B (en) * 2020-11-26 2024-04-16 中国人民解放军国防科技大学 Block chain-based alliance data sharing access control method and system
CN112364366A (en) * 2020-11-26 2021-02-12 中国人民解放军国防科技大学 Block chain-based alliance data sharing access control method and system
CN112788107A (en) * 2020-12-29 2021-05-11 长威信息科技发展股份有限公司 Method and system for secure multi-party computing and data sharing
CN112765603A (en) * 2021-01-28 2021-05-07 电子科技大学 Abnormity tracing method combining system log and origin graph
WO2022252912A1 (en) * 2021-06-04 2022-12-08 华为技术有限公司 User data management method and related device
CN113589904A (en) * 2021-08-13 2021-11-02 永旗(北京)科技有限公司 Data access system and method based on block chain
CN114679330B (en) * 2022-03-31 2024-05-17 四川链向科技集团有限公司 Block chain-based everything interconnection data access control method
CN114679330A (en) * 2022-03-31 2022-06-28 广西玉林链向千禧大数据有限公司 Block chain-based universal object interconnection data access control method
CN114938278B (en) * 2022-04-11 2023-10-31 北京邮电大学 A zero-trust access control method and device
CN114938278A (en) * 2022-04-11 2022-08-23 北京邮电大学 Zero trust access control method and device

Similar Documents

Publication Publication Date Title
CN107103252A (en) Data access control method based on block chain
CN114172735B (en) Smart contract-based dual-chain hybrid blockchain data sharing method and system
Ma et al. Integrating blockchain and ZK-ROLLUP for efficient healthcare data privacy protection system via IPFS
Peng et al. A peer-to-peer file storage and sharing system based on consortium blockchain
CN113067857B (en) Electronic medical record cross-hospital sharing method based on double-chain structure
Xia et al. MeDShare: Trust-less medical data sharing among cloud service providers via blockchain
US20190028277A1 (en) Anonymous consent and data sharing on a blockchain
Zhang et al. Secure and Efficient Data Storage and Sharing Scheme Based on Double Blockchain.
Xiong et al. RSE-PoW: A role symmetric encryption PoW scheme with authorized deduplication for multimedia data
Bodur et al. An Improved blockchain-based secure medical record sharing scheme
CN116168820A (en) Medical data interoperability method based on virtual integration and blockchain fusion
CN112732829B (en) A data trading system and method
CN111008855B (en) A retroactive data access control method based on improved proxy re-encryption
Cong et al. Individual-initiated auditable access control for privacy-preserved IoT data sharing with blockchain
Liang et al. A dual-chain digital copyright registration and transaction system based on blockchain technology
Yu et al. Blockchain-based multi-role healthcare data sharing system
Ziar et al. Privacy preservation for on-chain data in the permissionless blockchain using symmetric key encryption and smart contract
Shah et al. M-DPS: a blockchain-based efficient and cost-effective architecture for medical applications
Hasan et al. Blockchain for authorized access of health insurance IoT system
Goel et al. Security Concerns and Data Breaches for Data Deduplication Techniques in Cloud Storage: A Brief Meta-Analysis.
Yang et al. A personalized and efficient EMR sharing and management scheme based on smart contracts
Duggegowda et al. Medaccess hbpf: a privacy-preserving hybrid-blockchain framework for secure and efficient cloud-based electronic health record sharing
Venkatesan et al. Secure and decentralized management of health records
Yuan et al. B‐SSMD: A Fine‐Grained Secure Sharing Scheme of Medical Data Based on Blockchain
Ding et al. Enabling efficient multi-keyword search over fine-grained authorized healthcare blockchain system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170829