CN110569666A - A method and device for data statistics based on blockchain - Google Patents
A method and device for data statistics based on blockchain Download PDFInfo
- Publication number
- CN110569666A CN110569666A CN201910828975.6A CN201910828975A CN110569666A CN 110569666 A CN110569666 A CN 110569666A CN 201910828975 A CN201910828975 A CN 201910828975A CN 110569666 A CN110569666 A CN 110569666A
- Authority
- CN
- China
- Prior art keywords
- data
- server
- public key
- statistical
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于区块链的数据统计的方法及装置,其中,方法包括:数据服务器使用第二私钥对待统计数据进行签名后生成签名信息,使用第一公钥对签名信息和待统计数据加密后生成加密数据,将加密数据发送至转发服务器,转发服务器将加密数据发送至统计服务器,统计服务器使用第一公钥对应的第一私钥解密加密数据,得到待统计数据和签名信息,使用第二私钥对应的第二公钥对签名信息验证通过后,统计待统计数据得到统计结果。该技术方案用于提供一种简单易用的数据统计方法,且保护各参与方隐私。
The present invention discloses a block chain-based data statistics method and device, wherein the method includes: the data server uses a second private key to sign the statistical data to be signed and then generates signature information, and uses the first public key to pair the signature information with the pending After the statistical data is encrypted, the encrypted data is generated, and the encrypted data is sent to the forwarding server, and the forwarding server sends the encrypted data to the statistical server, and the statistical server uses the first private key corresponding to the first public key to decrypt the encrypted data, and obtains the statistical data and signature information After using the second public key corresponding to the second private key to verify the signature information, count the data to be counted to obtain the statistical result. The technical solution is used to provide a simple and easy-to-use data statistics method and protect the privacy of each participant.
Description
技术领域technical field
本发明实施例涉及金融科技(Fintech)领域,尤其涉及一种基于区块链(BlockChain)的数据统计的方法及装置。Embodiments of the present invention relate to the field of financial technology (Fintech), and in particular to a method and device for data statistics based on a blockchain (BlockChain).
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技转变,数据统计也不例外,但由于金融、支付行业的安全性、实时性要求,也对数据统计技术提出的更高的要求。With the development of computer technology, more and more technologies are applied in the financial field. The traditional financial industry is gradually transforming into financial technology, and data statistics are no exception. However, due to the security and real-time requirements of the financial and payment industries, Higher requirements put forward by data statistics technology.
数据统计过程指的是汇总所有参与方的待统计数据,然后通过某种约定的统计函数形成聚合后的统计数据。例如,统计函数为确定所有待统计数据的分布曲线,在统计完成之后,通过该分布曲线,每个参与方和数据使用方都可以查询自己的在该分布曲线上的位置从而确定自己的排名。The process of data statistics refers to summarizing the statistical data of all participants, and then forming the aggregated statistical data through some agreed statistical function. For example, the statistical function is to determine the distribution curve of all the data to be counted. After the statistics are completed, through the distribution curve, each participant and data user can query its own position on the distribution curve to determine its own ranking.
数据统计过程中需要对各参与方的隐私进行保护,具体保护参与方和待统计数据的关联关系,即数据统计过程中,仅需要知道哪些参与方提供了数据,以及待统计数据有哪些,但无需知道是哪一个参与方提供了哪一个待统计数据。现有技术中,主要采用秘密共享方式实现各参与方的隐私保护,举例来说,当前有参与方1、参与方2、参与方3,统计三者的待统计数据之和,具体实现中,参与方1将数据A分为A1、A2、A3,将A2发送至参与方2,将A3发送至参与方3,A1本地保留;参与方2将数据B分为B1、B2、B3,将B1发送至参与方1,将B3发送至参与方3,B2本地保留;参与方3将数据C分为C1、C2、C3,将C1发送至参与方1,将C2发送至参与方2,C3本地保留;然后,参与方1将A1、B1、C1发送至统计方,参与方2将A2、B2、C2发送至统计方,参与方3将A3、B3、C3发送至统计方,所以统计方不能将各参与方的待统计数据关联起来,但可以确定出三者的待统计数据之和。In the process of data statistics, it is necessary to protect the privacy of each participant, and specifically protect the relationship between the participants and the data to be counted. It is not necessary to know which participant provided which data to be counted. In the existing technology, secret sharing is mainly used to realize the privacy protection of each participant. For example, there are currently participant 1, participant 2, and participant 3, and the sum of the pending statistical data of the three is counted. In the specific implementation, Participant 1 divides data A into A1, A2, A3, sends A2 to participant 2, sends A3 to participant 3, and A1 keeps it locally; participant 2 divides data B into B1, B2, B3, and divides B1 Send to participant 1, send B3 to participant 3, and B2 keeps it locally; participant 3 divides data C into C1, C2, and C3, sends C1 to participant 1, sends C2 to participant 2, and C3 locally Reserved; then, participant 1 sends A1, B1, and C1 to the statistical party, participant 2 sends A2, B2, and C2 to the statistical party, and participant 3 sends A3, B3, and C3 to the statistical party, so the statistical party cannot The pending statistical data of each participant is associated, but the sum of the pending statistical data of the three parties can be determined.
但现有技术中,参与方与参与方之间进行多次数据交互,参与方与统计方之间进行多次数据交互,该方式数据交互复杂,还需要各参与方和统计方一直在线。However, in the existing technology, there are multiple data interactions between participants, and multiple data interactions between participants and statistical parties. This method of data interaction is complicated, and each participant and statistical party needs to be online all the time.
发明内容Contents of the invention
本发明实施例提供一种基于区块链的数据统计的方法及装置,用于提供一种简单易用的数据统计方法,且保护各参与方隐私。Embodiments of the present invention provide a block chain-based data statistics method and device, which are used to provide a simple and easy-to-use data statistics method and protect the privacy of each participant.
本发明实施例提供的一种基于区块链的数据统计的方法,包括:A block chain-based data statistics method provided by an embodiment of the present invention includes:
统计服务器接收转发服务器转发的来自数据服务器的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据;所述第一公钥是所述统计服务器生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The statistical server receives the encrypted data from the data server forwarded by the forwarding server; the encrypted data is the data encrypted by the data server using the first public key to treat the statistical data and signature information; the first public key is the encrypted data of the statistical server Generated and sent to the data server; the signature information is the information after the data server signs the data to be counted using the second private key; the second private key is the The group public key and group private key of the statistical group are generated for the data server and sent to the data server;
所述统计服务器使用所述第一公钥对应的第一私钥解密所述加密数据,得到所述待统计数据和所述签名信息;The statistical server uses the first private key corresponding to the first public key to decrypt the encrypted data, and obtain the data to be counted and the signature information;
所述统计服务器使用所述第二私钥对应的第二公钥对所述签名信息验证通过后,统计所述待统计数据得到统计结果;所述第二公钥是所述监管服务器发送至所述统计服务器的所述数据服务器所在统计群的群公钥。After the statistical server uses the second public key corresponding to the second private key to verify the signature information, it counts the data to be counted to obtain a statistical result; the second public key is sent by the supervision server to the The group public key of the statistical group where the data server of the statistical server is located.
上述技术方案中,转发服务器接收各数据服务器发送的加密数据,并发送加密数据至统计服务器,通过该方式,统计服务器不能获取到发送数据的数据服务器的身份信息,同时统计服务器也不能根据各数据服务器发送数据的发送时间推断出数据服务器的身份信息,通过设置转发服务器,可以做到高效的隐藏数据服务器的身份信息。本发明实施例通过权限分离的方式实现数据服务器和待统计数据之间关联关系的隐私保护。In the above technical solution, the forwarding server receives the encrypted data sent by each data server, and sends the encrypted data to the statistical server. In this way, the statistical server cannot obtain the identity information of the data server that sends the data, and the statistical server cannot obtain the identity information of the data server according to each data. The sending time of the data sent by the server can infer the identity information of the data server. By setting the forwarding server, the identity information of the data server can be efficiently hidden. In the embodiment of the present invention, the privacy protection of the association relationship between the data server and the data to be counted is realized through the separation of rights.
可选的,所述统计服务器在得到所述待统计数据和所述签名信息之后,还包括:Optionally, after obtaining the data to be counted and the signature information, the statistics server further includes:
所述统计服务器将所述签名信息和所述待统计数据对应写入区块链中,以使所述监管服务器对所述数据服务器所提供的待统计数据进行验证。The statistics server correspondingly writes the signature information and the data to be counted into the block chain, so that the supervisory server can verify the data to be counted provided by the data server.
上述技术方案中,统计服务器将签名信息和待统计数据对应写入区块链中,利用区块链的不易篡改性,保障签名信息和待统计数据的准确性,为监管服务器提供未被篡改过的数据。In the above technical solution, the statistics server writes the signature information and the data to be counted into the block chain correspondingly, and uses the non-tamperable modification of the block chain to ensure the accuracy of the signature information and the data to be counted, and provides the monitoring server with untampered The data.
可选的,所述统计服务器在得到统计结果之后,还包括:Optionally, after obtaining the statistical results, the statistical server further includes:
所述统计服务器将所述统计结果写入区块链中,并在接收到查询服务器发送的数据查询请求后,根据所述查询请求从所述区块链中获取查询结果,将所述查询结果反馈至所述查询服务器。The statistical server writes the statistical results into the block chain, and after receiving the data query request sent by the query server, obtains the query result from the block chain according to the query request, and writes the query result Feedback to the query server.
上述技术方案中,统计服务器将统计结果写入区块链中,并为查询服务器提供查询服务,利用区块链的不易篡改性,保障统计结果的准确性,为查询服务器提供未被篡改过的数据。In the above technical solution, the statistical server writes the statistical results into the blockchain, and provides query services for the query server, and uses the non-tamperable modification of the blockchain to ensure the accuracy of the statistical results, and provides the query server with untampered data.
可选的,所述统计服务器使用所述第二私钥对应的第二公钥对所述签名信息验证,包括:Optionally, the statistics server uses the second public key corresponding to the second private key to verify the signature information, including:
所述统计服务器使用所述第二公钥验证所述数据服务器是否为所述统计群中的数据服务器,若是,则确定所述签名信息通过验证。The statistics server uses the second public key to verify whether the data server is a data server in the statistics group, and if so, determines that the signature information passes the verification.
上述技术方案中,统计服务器使用第二公钥验证签名信息,确定是否对该数据服务器所提供的待统计数据进行统计,保障数据统计的准确性,避免非统计群里的数据服务器提交错误的待统计数据污染统计结果。In the above technical solution, the statistical server uses the second public key to verify the signature information to determine whether to count the pending statistical data provided by the data server, so as to ensure the accuracy of data statistics and prevent the data server in the non-statistical group from submitting wrong pending data. Statistical data pollutes statistical results.
可选的,所述统计服务器在接收所述转发服务器转发的来自数据服务器的加密数据之前,还包括:Optionally, before receiving the encrypted data from the data server forwarded by the forwarding server, the statistics server further includes:
生成所述第一私钥和所述第一公钥,将所述第一公钥发送至所述数据服务器;以及接收所述监管服务器发送的所述第二公钥。generating the first private key and the first public key, sending the first public key to the data server; and receiving the second public key sent by the supervision server.
上述技术方案中,统计服务器将第一公钥发送至数据服务器,数据服务器可以使用第一公钥对待统计数据和签名信息加密,且该加密数据可以被统计服务器使用第一私钥解密但不能被转发服务器解密。统计服务器接收监管服务器发送的第二公钥,统计服务器可以使用第二公钥验证数据服务器是否属于待统计的统计群。In the above technical solution, the statistical server sends the first public key to the data server, and the data server can use the first public key to encrypt the statistical data and signature information to be encrypted, and the encrypted data can be decrypted by the statistical server using the first private key but cannot be The forwarding server decrypts. The statistical server receives the second public key sent by the supervisory server, and the statistical server can use the second public key to verify whether the data server belongs to the statistical group to be counted.
相应的,本发明实施例还提供了一种基于区块链的数据统计的方法,包括:Correspondingly, the embodiment of the present invention also provides a method for data statistics based on blockchain, including:
转发服务器接收数据服务器发送的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据,所述第一公钥是统计服务器生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The forwarding server receives the encrypted data sent by the data server; the encrypted data is data encrypted by the data server using the first public key to be statistical data and signature information, and the first public key is generated by the statistical server and sent to the of the data server; the signature information is the information after the data server signs the data to be counted using the second private key; the second private key is the group public key of the statistical group where the data server is located by the supervisory server and the group private key are generated for the data server and sent to the data server;
所述转发服务器将所述加密数据发送至所述统计服务器,以使所述统计服务器使用所述第一公钥对应的第一私钥,对所述加密数据解密,并在使用所述第二私钥对应的第二公钥对解密后的签名信息验证通过后,统计解密后的待统计数据;所述第二公钥是所述监管服务器发送至所述统计服务器的所述数据服务器所在统计群的群公钥。The forwarding server sends the encrypted data to the statistics server, so that the statistics server uses the first private key corresponding to the first public key to decrypt the encrypted data, and uses the second After the second public key corresponding to the private key passes the verification of the decrypted signature information, count the decrypted data to be counted; The group public key of the group.
上述技术方案中,转发服务器只可以知道发送数据的数据服务器的身份信息,但不知道加密数据中的待统计数据,转发服务器将该加密数据转发至统计服务器,统计服务器仅可以获取到转发服务器的身份信息,但不能获取到发送数据的数据服务器的身份信息,同时统计服务器也不能根据各数据服务器发送数据的发送时间推断出数据服务器的身份信息,通过设置转发服务器,可以做到高效的隐藏数据服务器的身份信息。本发明实施例通过权限分离的方式实现数据服务器和待统计数据之间关联关系的隐私保护。In the above technical solution, the forwarding server can only know the identity information of the data server that sends the data, but does not know the data to be counted in the encrypted data, and the forwarding server forwards the encrypted data to the statistical server, and the statistical server can only obtain the data of the forwarding server Identity information, but the identity information of the data server that sent the data cannot be obtained, and the statistics server cannot infer the identity information of the data server according to the sending time of the data sent by each data server. By setting the forwarding server, the data can be hidden efficiently Identity information of the server. In the embodiment of the present invention, the privacy protection of the association relationship between the data server and the data to be counted is realized through the separation of rights.
可选的,所述统计群中包括N个数据服务器,N大于等于1;所述数据服务器向所述转发服务器发送的加密数据有M个,M大于等于1,每一个加密数据对应一个数据属性;Optionally, the statistical group includes N data servers, and N is greater than or equal to 1; there are M encrypted data sent by the data server to the forwarding server, and M is greater than or equal to 1, and each encrypted data corresponds to a data attribute ;
所述转发服务器接收数据服务器发送的加密数据,包括:The forwarding server receives the encrypted data sent by the data server, including:
所述转发服务器接收所述N个数据服务器中各数据服务器发送的M个加密数据;The forwarding server receives M encrypted data sent by each data server in the N data servers;
所述转发服务器将所述加密数据发送至所述统计服务器,包括:The forwarding server sends the encrypted data to the statistics server, including:
所述转发服务器在确定接收完成所述N个数据服务器中各数据服务器发送的M个加密数据之后,确定出M组具有相同属性的加密数据,每组有N个加密数据;After the forwarding server determines that the M encrypted data sent by each data server in the N data servers has been received, M groups of encrypted data with the same attribute are determined, and each group has N encrypted data;
所述转发服务器在预设时间将M组加密数据发送至所述统计服务器。The forwarding server sends M sets of encrypted data to the statistics server at a preset time.
上述技术方案中,转发服务器可以接收预设时间段内的该统计群中各数据服务器发送的加密数据,且各数据服务器分别向该转发服务器发送多个数据属性的加密数据,转发服务器可以根据各待统计数据的数据属性将接收到的加密数据进行分组,且将分组后的待统计数据分别发送至统计服务器。In the above technical solution, the forwarding server can receive the encrypted data sent by each data server in the statistical group within a preset time period, and each data server sends encrypted data of multiple data attributes to the forwarding server respectively, and the forwarding server can according to each The data attributes of the data to be counted group the received encrypted data, and send the grouped data to be counted to the statistical server respectively.
相应的,本发明实施例还提供了一种基于区块链的数据统计的方法,包括:Correspondingly, the embodiment of the present invention also provides a method for data statistics based on blockchain, including:
所述数据服务器使用第二私钥对待统计数据进行签名后生成签名信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The data server uses the second private key to sign the statistical data to be signed to generate signature information; the second private key is generated by the supervisory server for the data server according to the group public key and group private key of the statistical group where the data server is located and sent to the data server;
所述数据服务器使用第一公钥对所述签名信息和所述待统计数据加密后生成加密数据;所述第一公钥是统计服务器生成并发送至所述数据服务器的;The data server uses the first public key to encrypt the signature information and the data to be counted to generate encrypted data; the first public key is generated by the statistical server and sent to the data server;
所述数据服务器将所述加密数据发送至所述转发服务器,以使所述转发服务器将所述加密数据转发至所述统计服务器进行数据统计。The data server sends the encrypted data to the forwarding server, so that the forwarding server forwards the encrypted data to the statistics server for data statistics.
上述技术方案中,数据服务器使用第二私钥对待统计数据进行签名后生成签名信息,使用第一公钥对签名信息和待统计数据加密后生成加密数据,转发服务器接收到该加密数据,但由于没有解密该加密数据的第一私钥,则只可以知道发送数据的数据服务器的身份信息,但不知道加密数据中的待统计数据,转发服务器将该加密数据转发至统计服务器,统计服务器仅可以获取到转发服务器的身份信息,但不能获取到发送数据的数据服务器的身份信息,同时统计服务器也不能根据各数据服务器发送数据的发送时间推断出数据服务器的身份信息,通过该方式,可以做到高效的隐藏数据服务器的身份信息。本发明实施例通过权限分离的方式实现数据服务器和待统计数据之间关联关系的隐私保护。In the above technical solution, the data server uses the second private key to sign the statistical data to be signed to generate signature information, uses the first public key to encrypt the signature information and the statistical data to generate encrypted data, and the forwarding server receives the encrypted data, but due to Without the first private key to decrypt the encrypted data, you can only know the identity information of the data server that sent the data, but you don’t know the data to be counted in the encrypted data. The forwarding server forwards the encrypted data to the statistics server, and the statistics server can only The identity information of the forwarding server is obtained, but the identity information of the data server that sends the data cannot be obtained. At the same time, the statistics server cannot infer the identity information of the data server according to the sending time of the data sent by each data server. In this way, it can be achieved Efficiently hide the identity information of the data server. In the embodiment of the present invention, the privacy protection of the association relationship between the data server and the data to be counted is realized through the separation of rights.
可选的,所述待统计数据为M个,M大于等于1;Optionally, there are M data to be counted, and M is greater than or equal to 1;
所述数据服务器使用第一公钥对所述签名信息和所述待统计数据加密后生成加密数据,包括:The data server generates encrypted data after encrypting the signature information and the data to be counted using the first public key, including:
所述数据服务器针对每一个待统计数据,使用所述第一公钥对所述签名信息和所述待统计数据加密后生成加密数据。For each data to be counted, the data server uses the first public key to encrypt the signature information and the data to be counted to generate encrypted data.
可选的,所述数据服务器在所述生成签名信息之前,还包括:Optionally, before the generation of the signature information, the data server further includes:
所述数据服务器接收所述监管服务器发送的第二私钥;The data server receives the second private key sent by the supervision server;
所述数据服务器在所述生成加密数据之前,还包括:Before the said data server generates the encrypted data, it also includes:
所述数据服务器接收所述统计服务器发送的第一公钥。The data server receives the first public key sent by the statistics server.
上述技术方案中,数据服务器接收监管服务器发送的第二私钥,用于对待统计数据进行签名从而生成签名信息,数据服务器接收统计服务器发送的第一公钥,用于对待统计数据和签名信息进行加密。In the above technical solution, the data server receives the second private key sent by the supervision server, which is used to sign the pending statistical data to generate signature information, and the data server receives the first public key sent by the statistical server, which is used to perform signature information on the pending statistical data and signature encryption.
相应的,本发明实施例还提供了一种基于区块链的数据统计的方法,包括:Correspondingly, the embodiment of the present invention also provides a method for data statistics based on blockchain, including:
监管服务器从区块链上获取待验证信息,所述待验证信息包括待统计数据和签名信息;所述签名信息是提供所述待统计数据的数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是所述监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The supervisory server obtains the information to be verified from the block chain, and the information to be verified includes data to be counted and signature information; the signature information is that the data server providing the data to be counted uses the second private key to verify Signed information; the second private key is generated by the supervisory server for the data server according to the group public key and group private key of the statistics group where the data server is located and sent to the data server;
所述监管服务器使用待验证数据服务器所在统计群的群私钥解密所述签名信息,确定所述待验证数据服务器的签名信息和对应的待统计数据;The supervision server uses the group private key of the statistics group where the data server to be verified is located to decrypt the signature information, and determines the signature information of the data server to be verified and the corresponding data to be counted;
所述监管服务器根据所述待验证数据服务器的签名信息和对应的待统计数据,对所述待验证数据服务器所提供的待统计数据进行验证。The supervisory server verifies the data to be counted provided by the data server to be verified according to the signature information of the data server to be verified and the corresponding data to be counted.
上述技术方案中,监管服务器可以采用统计群的群私钥解密各签名信息,从而可以从区块链中获取待验证数据服务器所提供的待统计数据,从而对待验证数据服务器提供数据的真实性和合理性进行验证,保证数据统计过程中的数据有效性。将签名信息和待统计数据对应写入区块链中,为监管服务器提供未被篡改过的数据。In the above technical solution, the supervisory server can use the group private key of the statistics group to decrypt each signature information, so that the statistical data to be provided by the data server to be verified can be obtained from the blockchain, so that the authenticity and authenticity of the data provided by the data server to be verified can be obtained. The rationality is verified to ensure the validity of the data in the process of data statistics. Write the signature information and the data to be counted into the blockchain correspondingly, and provide the supervisory server with data that has not been tampered with.
可选的,所述监管服务器在从区块链上获取待验证信息之前,还包括:Optionally, before the supervisory server obtains the information to be verified from the blockchain, it also includes:
监管服务器生成统计群的群私钥和群公钥;The supervision server generates the group private key and group public key of the statistical group;
所述监管服务器根据所述统计群的群私钥和群公钥,生成所述统计群中各数据服务器的第二私钥,并发送至各数据服务器,以使所述数据服务器使用所述第二私钥对待统计数据签名并生成签名信息;所述签名信息用于所述数据服务器使用第一公钥对所述签名信息和待统计数据加密;所述第一公钥是统计服务器生成并发送至所述数据服务器的;The supervisory server generates the second private key of each data server in the statistical group according to the group private key and group public key of the statistical group, and sends it to each data server, so that the data server uses the second private key. Two private keys to sign the statistical data to be counted and generate signature information; the signature information is used for the data server to use the first public key to encrypt the signature information and the data to be counted; the first public key is generated and sent by the statistics server to said data server;
所述监管服务器将所述群公钥作为所述第二私钥对应的第二公钥发送至所述统计服务器,以使所述统计服务器使用所述第二公钥对所述签名信息验证。The supervision server sends the group public key as a second public key corresponding to the second private key to the statistics server, so that the statistics server uses the second public key to verify the signature information.
上述技术方案中,数据服务器可以采用各自的私钥生成针对所在统计群的签名信息,其它数据服务器或者统计服务器仅能使用群公钥验证签名,将该签名信息定位至哪一个群,但不能定位至哪一个数据服务器,而仅有监管服务器可以使用群私钥将该签名信息定位至哪一个数据服务器,通过该方式,可以保证统计服务器对待统计数据的统计以及监管服务器对数据服务器提供待统计数据的验证。In the above technical solution, the data servers can use their own private keys to generate signature information for the statistical group they belong to, and other data servers or statistical servers can only use the group public key to verify the signature and locate the signature information to which group, but cannot locate the signature information. to which data server, and only the supervisory server can use the group private key to locate the signature information to which data server, in this way, it can be ensured that the statistics server treats statistical data and the supervisory server provides data to be counted by the data server verification.
相应的,本发明实施例还提供了一种基于区块链的数据统计的装置,包括:Correspondingly, the embodiment of the present invention also provides a block chain-based data statistics device, including:
收发单元、解密单元、处理单元;Transceiver unit, decryption unit, processing unit;
所述收发单元用于接收转发服务器转发的来自数据服务器的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据;所述第一公钥是所述处理单元生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The transceiver unit is used to receive the encrypted data from the data server forwarded by the forwarding server; the encrypted data is the data encrypted by the data server using the first public key to treat statistical data and signature information; the first public key is Generated by the processing unit and sent to the data server; the signature information is information after the data server signs the data to be counted using a second private key; the second private key is obtained by the supervisory server according to the The group public key and the group private key of the statistical group where the data server is located are generated for the data server and sent to the data server;
所述解密单元用于使用所述第一公钥对应的第一私钥解密所述加密数据,得到所述待统计数据和所述签名信息;The decryption unit is configured to use the first private key corresponding to the first public key to decrypt the encrypted data to obtain the data to be counted and the signature information;
所述处理单元用于使用所述第二私钥对应的第二公钥对所述签名信息验证通过后,统计所述待统计数据得到统计结果;所述第二公钥是所述监管服务器发送至所述处理单元的所述数据服务器所在统计群的群公钥。The processing unit is configured to use the second public key corresponding to the second private key to count the data to be counted to obtain a statistical result after the signature information is verified successfully; the second public key is sent by the supervision server to the group public key of the statistical group where the data server of the processing unit is located.
可选的,所述处理单元还用于:Optionally, the processing unit is also used for:
在得到所述待统计数据和所述签名信息之后,将所述签名信息和所述待统计数据对应写入区块链中,以使所述监管服务器对所述数据服务器所提供的待统计数据进行验证。After the data to be counted and the signature information are obtained, the signature information and the data to be counted are correspondingly written into the block chain, so that the supervisory server can provide the data to be counted by the data server authenticating.
可选的,所述处理单元还用于:Optionally, the processing unit is also used for:
在得到统计结果之后,将所述统计结果写入区块链中,并在接收到查询服务器发送的数据查询请求后,根据所述查询请求从所述区块链中获取查询结果,将所述查询结果反馈至所述查询服务器。After obtaining the statistical results, write the statistical results into the block chain, and after receiving the data query request sent by the query server, obtain the query results from the block chain according to the query request, and write the The query result is fed back to the query server.
可选的,所述处理单元具体用于:Optionally, the processing unit is specifically used for:
使用所述第二公钥验证所述数据服务器是否为所述统计群中的数据服务器,若是,则确定所述签名信息通过验证。Verifying whether the data server is a data server in the statistical group by using the second public key, and if so, determining that the signature information passes the verification.
可选的,所述处理单元还用于:Optionally, the processing unit is also used for:
在所述收发单元接收所述转发服务器转发的来自数据服务器的加密数据之前,生成所述第一私钥和所述第一公钥;generating the first private key and the first public key before the transceiving unit receives the encrypted data from the data server forwarded by the forwarding server;
所述收发单元还用于:The transceiver unit is also used for:
将所述第一公钥发送至所述数据服务器;以及接收所述监管服务器发送的所述第二公钥。sending the first public key to the data server; and receiving the second public key sent by the administration server.
相应的,本发明实施例还提供了一种基于区块链的数据统计的装置,包括:Correspondingly, the embodiment of the present invention also provides a block chain-based data statistics device, including:
接收单元和发送单元;receiving unit and sending unit;
所述接收单元用于接收数据服务器发送的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据,所述第一公钥是统计服务器生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The receiving unit is used to receive the encrypted data sent by the data server; the encrypted data is data encrypted by the data server using the first public key to be statistical data and signature information, the first public key is generated by the statistical server and sent to the data server; the signature information is the information after the data server signs the data to be counted using the second private key; The group public key and group private key are generated for the data server and sent to the data server;
所述发送单元用于将所述加密数据发送至所述统计服务器,以使所述统计服务器使用所述第一公钥对应的第一私钥,对所述加密数据解密,并在使用所述第二私钥对应的第二公钥对解密后的签名信息验证通过后,统计解密后的待统计数据;所述第二公钥是所述监管服务器发送至所述统计服务器的所述数据服务器所在统计群的群公钥。The sending unit is configured to send the encrypted data to the statistics server, so that the statistics server uses the first private key corresponding to the first public key to decrypt the encrypted data, and uses the After the second public key corresponding to the second private key passes the verification of the decrypted signature information, count the decrypted data to be counted; the second public key is the data server sent by the supervision server to the statistics server The group public key of the statistics group it belongs to.
可选的,所述统计群中包括N个数据服务器,N大于等于1;所述数据服务器向所述接收单元发送的加密数据有M个,M大于等于1,每一个加密数据对应一个数据属性;Optionally, the statistical group includes N data servers, where N is greater than or equal to 1; there are M encrypted data sent by the data server to the receiving unit, and M is greater than or equal to 1, and each encrypted data corresponds to a data attribute ;
所述接收单元具体用于:The receiving unit is specifically used for:
接收所述N个数据服务器中各数据服务器发送的M个加密数据;receiving M encrypted data sent by each data server in the N data servers;
所述发送单元具体用于:The sending unit is specifically used for:
在确定接收完成所述N个数据服务器中各数据服务器发送的M个加密数据之后,确定出M组具有相同属性的加密数据,每组有N个加密数据;After determining that the M encrypted data sent by each data server in the N data servers has been received, M groups of encrypted data with the same attribute are determined, and each group has N encrypted data;
在预设时间将M组加密数据发送至所述统计服务器。Send M sets of encrypted data to the statistical server at a preset time.
相应的,本发明实施例还提供了一种基于区块链的数据统计的装置,包括:Correspondingly, the embodiment of the present invention also provides a block chain-based data statistics device, including:
加密单元和收发单元;encryption unit and transceiver unit;
所述加密单元用于使用第二私钥对待统计数据进行签名后生成签名信息;所述第二私钥是监管服务器根据数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述收发单元;The encryption unit is used to use the second private key to sign the statistical data to be signed to generate signature information; the second private key is generated by the supervisory server for the data server according to the group public key and group private key of the statistical group where the data server is located and sent to the transceiver unit;
所述加密单元还用于使用第一公钥对所述签名信息和所述待统计数据加密后生成加密数据;所述第一公钥是统计服务器生成并发送至所述收发单元的;The encryption unit is further configured to use a first public key to encrypt the signature information and the data to be counted to generate encrypted data; the first public key is generated by the statistics server and sent to the transceiver unit;
所述收发单元用于将所述加密数据发送至所述转发服务器,以使所述转发服务器将所述加密数据转发至所述统计服务器进行数据统计。The transceiving unit is configured to send the encrypted data to the forwarding server, so that the forwarding server forwards the encrypted data to the statistics server for data statistics.
可选的,所述待统计数据为M个,M大于等于1;Optionally, there are M data to be counted, and M is greater than or equal to 1;
所述加密单元具体用于:The encryption unit is specifically used for:
针对每一个待统计数据,使用所述第一公钥对所述签名信息和所述待统计数据加密后生成加密数据。For each piece of data to be counted, use the first public key to encrypt the signature information and the data to be counted to generate encrypted data.
可选的,所述收发单元还用于:Optionally, the transceiver unit is also used for:
在所述加密单元生成签名信息之前,接收所述监管服务器发送的第二私钥;receiving the second private key sent by the supervisory server before the encryption unit generates the signature information;
所述收发单元还用于:The transceiver unit is also used for:
在所述加密单元生成加密数据之前,接收所述统计服务器发送的第一公钥。Before the encryption unit generates the encrypted data, the first public key sent by the statistics server is received.
相应的,本发明实施例还提供了一种基于区块链的数据统计的装置,包括:Correspondingly, the embodiment of the present invention also provides a block chain-based data statistics device, including:
获取单元、解密单元、验证单元;An acquisition unit, a decryption unit, and a verification unit;
所述获取单元用于从区块链上获取待验证信息,所述待验证信息包括待统计数据和签名信息;所述签名信息是提供所述待统计数据的数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The obtaining unit is used to obtain information to be verified from the block chain, and the information to be verified includes data to be counted and signature information; the signature information is obtained by the data server providing the data to be counted using the second private key Describe the information after the statistical data is signed; the second private key is generated by the supervisory server for the data server according to the group public key and group private key of the statistical group where the data server is located and sent to the data server;
所述解密单元用于使用待验证数据服务器所在统计群的群私钥解密所述签名信息,确定所述待验证数据服务器的签名信息和对应的待统计数据;The decryption unit is used to decrypt the signature information by using the group private key of the statistical group where the data server to be verified is located, and determine the signature information of the data server to be verified and the corresponding data to be counted;
所述验证单元用于根据所述待验证数据服务器的签名信息和对应的待统计数据,对所述待验证数据服务器所提供的待统计数据进行验证。The verification unit is configured to verify the data to be counted provided by the data server to be verified according to the signature information of the data server to be verified and the corresponding data to be counted.
可选的,所述装置还包括生成单元和收发单元;Optionally, the device further includes a generation unit and a transceiver unit;
所述生成单元用于:The generation unit is used for:
在从所述获取单元区块链上获取待验证信息之前,生成统计群的群私钥和群公钥;Before obtaining the information to be verified from the block chain of the acquisition unit, generate a group private key and a group public key of the statistical group;
根据所述统计群的群私钥和群公钥,生成所述统计群中各数据服务器的第二私钥;According to the group private key and group public key of the statistical group, generate the second private key of each data server in the statistical group;
所述收发单元用于:The transceiver unit is used for:
将所述各数据服务器的第二私钥发送至各数据服务器,以使所述数据服务器使用所述第二私钥对待统计数据签名并生成签名信息;所述签名信息用于所述数据服务器使用第一公钥对所述签名信息和待统计数据加密;所述第一公钥是统计服务器生成并发送至所述数据服务器的;Send the second private key of each data server to each data server, so that the data server uses the second private key to sign the statistical data to be signed and generate signature information; the signature information is used for the data server to use The first public key encrypts the signature information and the data to be counted; the first public key is generated by the statistics server and sent to the data server;
将所述群公钥作为所述第二私钥对应的第二公钥发送至所述统计服务器,以使所述统计服务器使用所述第二公钥对所述签名信息验证。Sending the group public key as a second public key corresponding to the second private key to the statistics server, so that the statistics server uses the second public key to verify the signature information.
相应的,本发明实施例还提供了一种计算设备,包括:Correspondingly, an embodiment of the present invention also provides a computing device, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述基于区块链的数据统计的方法。The processor is configured to call the program instructions stored in the memory, and execute the above-mentioned method of data statistics based on blockchain according to the obtained program.
相应的,本发明实施例还提供了一种计算机可读非易失性存储介质,包括计算机可读指令,当计算机读取并执行所述计算机可读指令时,使得计算机执行上述基于区块链的数据统计的方法。Correspondingly, an embodiment of the present invention also provides a computer-readable non-volatile storage medium, including computer-readable instructions. When the computer reads and executes the computer-readable instructions, the computer executes the above blockchain-based method of statistical data.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.
图1为本发明实施例提供的一种系统架构的示意图;FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种基于区块链的数据统计方法流程示意图;Fig. 2 is a schematic flow chart of a blockchain-based data statistics method provided by an embodiment of the present invention;
图3为本发明实施例提供的第一种基于区块链的数据统计装置结构示意图;FIG. 3 is a schematic structural diagram of the first block chain-based data statistics device provided by the embodiment of the present invention;
图4为本发明实施例提供的第二种基于区块链的数据统计装置结构示意图;FIG. 4 is a schematic structural diagram of a second blockchain-based data statistics device provided by an embodiment of the present invention;
图5为本发明实施例提供的第三种基于区块链的数据统计装置结构示意图;5 is a schematic structural diagram of a third blockchain-based data statistics device provided by an embodiment of the present invention;
图6为本发明实施例提供的第四种基于区块链的数据统计装置结构示意图。Fig. 6 is a schematic structural diagram of a fourth blockchain-based data statistics device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
图1示例性的示出了本发明实施例提供基于区块链的数据统计的方法所适用的系统架构,该系统架构可以包括数据服务器、转发服务器、统计服务器、监管服务器、区块链。多个数据服务器组成一个统计群,本发明实施例用于对一个统计群中多个数据服务器提供的待统计数据进行统计。Fig. 1 exemplarily shows a system architecture applicable to a method for providing blockchain-based data statistics according to an embodiment of the present invention, and the system architecture may include a data server, a forwarding server, a statistical server, a supervisory server, and a blockchain. A plurality of data servers form a statistical group, and the embodiment of the present invention is used to perform statistics on the data to be counted provided by the plurality of data servers in a statistical group.
数据服务器,也叫统计参与方、参与方,是参与统计标准计算并贡献待统计数据的主体,数据服务器将待统计数据发送至转发服务器。每个数据服务器都有一系列的原子属性,原子属性可以按事先约定的方式任意组合成新的复合属性,每个数据服务器发送的待统计数据可以是原子属性值或复合属性值。The data server, also called the statistical participant, is the subject that participates in the calculation of statistical standards and contributes the data to be counted. The data server sends the data to be counted to the forwarding server. Each data server has a series of atomic attributes, and the atomic attributes can be arbitrarily combined into new composite attributes in a pre-agreed manner. The data to be counted sent by each data server can be atomic attribute values or composite attribute values.
转发服务器,也叫数据转发方,用于在预设时段内接收统计群中各数据服务器发送的待统计数据,并将这些待统计数据汇总后,在一个特定时间点(预设时间)将汇总后的数据发送至统计服务器。The forwarding server, also called the data forwarding party, is used to receive the statistical data sent by each data server in the statistical group within a preset period of time, and after summarizing these pending statistical data, it will be aggregated at a specific time point (preset time). The final data is sent to the statistics server.
统计服务器,也叫标准发布方、统计方,用于接收转发服务器转发的数据,并将接收到的数据根据某种约定的统计函数进行统计,以及将该统计后的数据存储至区块链中。统计服务器还用于将接收到的数据存储至区块链中。此处,数据服务器的属性值的类型可以是任意类型,约定的统计函数也可以是任意可以通过聚合属性值获得的统计函数。The statistical server, also called the standard publisher and the statistical party, is used to receive the data forwarded by the forwarding server, make statistics on the received data according to a certain agreed statistical function, and store the statistical data in the blockchain . The statistics server is also used to store the received data into the blockchain. Here, the type of the attribute value of the data server can be any type, and the agreed statistical function can also be any statistical function that can be obtained by aggregating attribute values.
监管服务器,也叫监管方,用于读取统计服务器存储至区块链中的数据,并根据读取的数据对数据服务器提供的待统计数据进行验证。The supervision server, also called the supervisor, is used to read the data stored in the blockchain by the statistics server, and verify the statistical data provided by the data server according to the read data.
区块链,是由一系列区块组成的一条链,每个块上除了记录本块的数据还会记录上一块的哈希值,通过这种方式组成一条链。区块链用于存储数据,保障数据的防篡改性。The blockchain is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the hash value of the previous block. In this way, a chain is formed. Blockchain is used to store data to ensure data tamper-proof.
实际使用中,转发服务器、统计服务器和监管服务器是相互独立的实体,三者之间的数据传输仅限于本发明实施例中所涉及的数据,不会发送除本发明实施例以外的数据。其中,统计服务器可以是制定统计标准的行业协会所提供的服务器,转发服务器可以是协会和协会成员之外的第三方网络服务商所提供的服务器,监管服务器可以是监管部门所提供的服务器。In actual use, the forwarding server, statistics server and monitoring server are independent entities, and the data transmission between the three is limited to the data involved in the embodiment of the present invention, and no data other than the embodiment of the present invention will be sent. Among them, the statistical server may be a server provided by an industry association that formulates statistical standards, the forwarding server may be a server provided by a third-party network service provider other than the association and members of the association, and the regulatory server may be a server provided by a regulatory department.
需要说明的是,本发明实施例在实际使用中,可以同时对多个统计群进行数据统计。可以设置每个数据服务器提供的待统计数据中记录数据服务器所在统计群的标识(如统计群的ID(Identification,身份标识号)),以使得统计服务器在接收到待统计数据后,可以识别出该待统计数据是哪一个统计群中数据服务器发送的。It should be noted that, in the actual use of the embodiment of the present invention, data statistics can be performed on multiple statistical groups at the same time. The identification of the statistical group where the data server is recorded in the data to be counted provided by each data server (such as the ID (Identification, identification number) of the statistical group) can be set, so that the statistical server can identify the data to be counted after receiving the data to be counted. Which data server in the statistical group sent the data to be counted.
基于上述描述,图2示例性的示出了本发明实施例提供的一种基于区块链的数据统计的方法的流程,该流程可以由上述数据服务器、转发服务器、统计服务器共同执行。Based on the above description, FIG. 2 exemplarily shows the flow of a blockchain-based data statistics method provided by an embodiment of the present invention, and the flow can be jointly executed by the above-mentioned data server, forwarding server, and statistics server.
在描述图2示出的数据统计流程之前,先对数据统计流程中涉及的加密、解密详细说明如下。Before describing the data statistics flow shown in FIG. 2 , the encryption and decryption involved in the data statistics flow are described in detail as follows.
统计服务器生成用于加解密数据的密钥对,分别是第一公钥和第一私钥,统计服务器将第一公钥发送至数据服务器,数据服务器接收该第一公钥,并使用该第一公钥对数据(包括待统计数据和签名信息)进行加密,从而统计服务器在接收到转发服务器转发的数据服务器发送的加密数据后,统计服务器可以使用第一私钥对该加密数据进行解密。The statistical server generates a key pair for encrypting and decrypting data, which are the first public key and the first private key respectively. The statistical server sends the first public key to the data server, and the data server receives the first public key and uses the first public key. A public key encrypts data (including data to be counted and signature information), so that after the statistics server receives the encrypted data sent by the data server forwarded by the forwarding server, the statistics server can use the first private key to decrypt the encrypted data.
监管服务器(相当于统计群中的群管理员)针对一个统计群生成该统计群的群私钥和群公钥,并根据该统计群的群私钥和群公钥,生成该统计群中各数据服务器的第二私钥(每个数据服务器对应一个第二私钥),并发送至各数据服务器,各数据服务器接收到各自的第二私钥后,会根据各自的第二私钥对待统计数据签名并生成签名信息,从而各数据服务器会使用第一公钥对签名信息和待统计数据加密,以生成加密数据。监管服务器还会将该统计群的群公钥作为第二私钥对应的第二公钥发送至统计服务器或者其它数据服务器,其中,统计服务器可以使用第二公钥对签名信息验证,具体的,统计服务器可以使用第二公钥验证该签名信息对应的数据服务器是否属于当前正在统计的统计群。The supervisory server (equivalent to the group administrator in the statistical group) generates the group private key and group public key of the statistical group for a statistical group, and according to the group private key and group public key of the statistical group, generates the The second private key of the data server (each data server corresponds to a second private key), and send it to each data server. After each data server receives its own second private key, it will treat statistics according to its respective second private key Sign the data and generate signature information, so that each data server will use the first public key to encrypt the signature information and the data to be counted to generate encrypted data. The supervision server will also send the group public key of the statistics group as the second public key corresponding to the second private key to the statistics server or other data servers, wherein the statistics server can use the second public key to verify the signature information, specifically, The statistical server may use the second public key to verify whether the data server corresponding to the signature information belongs to the current statistical group.
本发明实施例中,数据服务器可以采用各自的私钥生成针对所在统计群的签名信息,其它数据服务器或者统计服务器仅能使用群公钥验证签名,将该签名信息定位至哪一个群,但不能定位至哪一个数据服务器,而仅有监管服务器可以使用群私钥将该签名信息定位至哪一个数据服务器,通过该方式,可以保证统计服务器对待统计数据的统计以及监管服务器对数据服务器提供待统计数据的验证。In the embodiment of the present invention, the data servers can use their own private keys to generate signature information for the statistical group they belong to. Other data servers or statistical servers can only use the group public key to verify the signature and locate the signature information to which group, but cannot Which data server to locate to, and only the supervision server can use the group private key to locate the signature information to which data server, in this way, it can be guaranteed that the statistics server treats the statistical data and the supervision server provides the data server with pending statistics Validation of data.
换个角度说,在数据统计流程之前,统计服务器会接收到监管服务器针对每一个统计群生成并发送的群公钥;数据服务器会接收到监管服务器针对该统计群中该数据服务器生成并发送的第二私钥;数据服务器还会接收到统计服务器生成并发送的第一公钥。From another perspective, before the data statistics process, the statistics server will receive the group public key generated and sent by the supervision server for each statistical group; the data server will receive the first public key generated and sent by the supervision server for the data server in the statistics group. Two private keys; the data server will also receive the first public key generated and sent by the statistics server.
如图2所示,该流程具体包括:As shown in Figure 2, the process specifically includes:
步骤201,数据服务器使用第二私钥对待统计数据进行签名后生成签名信息。In step 201, the data server uses the second private key to sign the statistical data to be signed and then generates signature information.
待统计数据即待统计的属性值,数据服务器使用自己的第二私钥对待统计数据进行签名,具体的,可以是计算待统计数据的字符串的哈希值,再根据第二私钥对该哈希值签名,以生成签名信息。The data to be counted is the attribute value to be counted. The data server uses its second private key to sign the data to be counted. Specifically, it can calculate the hash value of the string of the data to be counted, and then use the second private key to the Sign the hash value to generate the signature information.
一种实现方式中,数据服务器可以计算待统计数据、统计群标识等所组成字符串的哈希值,进而根据第二私钥对该哈希值签名,以生成签名信息。示例性的,数据服务器的第二私钥为sk_group_j(其中,group_j指的是该统计群中的第j个数据服务器),数据服务器使用sk_group_j对待统计数据v_i和统计群标识ID_stat的群签名为Sig_group_j_v_i=Sig_sk_group_j(Hash(v_i||ID_stat)。In an implementation manner, the data server may calculate a hash value of a character string composed of the data to be counted and the statistical group identifier, and then sign the hash value according to the second private key to generate signature information. Exemplarily, the second private key of the data server is sk_group_j (wherein, group_j refers to the jth data server in the statistical group), and the data server uses sk_group_j to treat the group signature of statistical data v_i and statistical group ID_stat as Sig_group_j_v_i =Sig_sk_group_j(Hash(v_i||ID_stat).
步骤202,数据服务器使用第一公钥对签名信息和待统计数据加密后生成加密数据。In step 202, the data server uses the first public key to encrypt the signature information and the data to be counted to generate encrypted data.
数据服务器可以有M个待统计数据,其中,M大于等于1,每个待统计数据对应一个数据属性,如数据服务器发送的待统计数据有总资产、负债资产、营业收入、净利润等。The data server can have M data to be counted, where M is greater than or equal to 1, and each data to be counted corresponds to a data attribute. For example, the data to be counted sent by the data server includes total assets, liabilities, operating income, and net profit.
数据服务器针对M个待统计数据中的每一个待统计数据,使用第一公钥对签名信息和该待统计数据进行加密后生成加密数据。以其中一个待统计数据v_i为例,数据服务器使用第一公钥pk_p对该签名信息Sig_group_j_v_i和待统计数据v_i加密生成加密数据为pk_p(v_i,Sig_group_j_v_i)。For each of the M data to be counted, the data server encrypts the signature information and the data to be counted using the first public key to generate encrypted data. Taking one of the data to be counted v_i as an example, the data server uses the first public key pk_p to encrypt the signature information Sig_group_j_v_i and the data to be counted v_i to generate encrypted data as pk_p(v_i, Sig_group_j_v_i).
步骤203,数据服务器将加密数据发送至转发服务器。Step 203, the data server sends the encrypted data to the forwarding server.
数据服务器向转发服务器发送加密数据,由于转发服务器并没有对该加密数据进行解密的第一私钥,也就是说,转发服务器不能对该加密数据进行解密,也不能获取到该加密数据中的待统计数据。虽然,转发服务器在接收到数据服务器发送的加密数据时,是可以根据接收到的加密数据确定出该发送数据的数据服务器的身份信息,如IP(InternetProtocol,网络之间互连的协议)地址,但并不能知道该加密数据的内容,也即,转发服务器不能将数据服务器和待统计数据关联起来。The data server sends the encrypted data to the forwarding server, because the forwarding server does not have the first private key to decrypt the encrypted data, that is to say, the forwarding server cannot decrypt the encrypted data, nor can it obtain the waiting key in the encrypted data. Statistical data. Although, when the forwarding server receives the encrypted data sent by the data server, it can determine the identity information of the data server sending the data according to the received encrypted data, such as IP (Internet Protocol, a protocol for interconnection between networks) address, But the content of the encrypted data cannot be known, that is, the forwarding server cannot associate the data server with the data to be counted.
步骤204,转发服务器将加密数据发送至统计服务器。Step 204, the forwarding server sends the encrypted data to the statistics server.
转发服务器将加密数据的数据服务器的身份信息进行隐藏处理后,将隐藏处理后的加密数据发送至统计服务器,本发明实施例中的隐藏处理可以理解如下,转发服务器在接收到加密数据后,只可以知道发送数据的数据服务器的身份信息,但不知道加密数据中的待统计数据,转发服务器将该加密数据转发至统计服务器,统计服务器仅可以获取到转发服务器的身份信息,但不能获取到发送数据的数据服务器的身份信息,从而达到转发服务器对数据服务器的身份信息的隐藏处理。After the forwarding server hides the identity information of the data server of the encrypted data, it sends the encrypted data after the hidden processing to the statistical server. The hidden processing in the embodiment of the present invention can be understood as follows. After the forwarding server receives the encrypted data, it only The identity information of the data server that sent the data can be known, but the data to be counted in the encrypted data is not known. The forwarding server forwards the encrypted data to the statistics server. The statistics server can only obtain the identity information of the forwarding server, but not the sending data. The identity information of the data server of the data, so as to achieve the hidden processing of the identity information of the data server by the forwarding server.
一种实现方式中,转发服务器可以接收预设时间段内的该统计群中各数据服务器发送的加密数据,且各数据服务器分别向该转发服务器发送多个数据属性的加密数据。具体的,统计群中包括N个数据服务器,N大于等于1,数据服务器向转发服务器发送的加密数据有M个,M大于等于1,每一个加密数据对应一个数据属性,转发服务器接收N个数据服务器中各数据服务器发送的M个加密数据,并在确定接收完成N个数据服务器中各数据服务器发送的M个加密数据之后,确定出M组具有相同属性的加密数据,每组有N个加密数据,在预设时间将M组加密数据发送至统计服务器。此处,转发服务器可以在上述预设时间段之后,即确定接收完成加密数据,也可以在确定N个数据服务器发送完成后,即确定接收完成加密数据,或者采用其他标准确定。转发服务器发送加密数据至统计服务器的预设时间可以是在确定接收完成加密数据之后的某个预先约定的时间点。In an implementation manner, the forwarding server may receive encrypted data sent by each data server in the statistical group within a preset time period, and each data server sends encrypted data of multiple data attributes to the forwarding server. Specifically, the statistical group includes N data servers, N is greater than or equal to 1, and the data server sends M encrypted data to the forwarding server, M is greater than or equal to 1, each encrypted data corresponds to a data attribute, and the forwarding server receives N data M encrypted data sent by each data server in the server, and after receiving M encrypted data sent by each data server in N data servers, determine M groups of encrypted data with the same attribute, and each group has N encrypted data Data, M groups of encrypted data are sent to the statistical server at a preset time. Here, the forwarding server may determine that the encrypted data has been received after the preset time period, or determine that the encrypted data has been received after the N data servers have completed sending, or determine by other criteria. The preset time for the forwarding server to send the encrypted data to the statistics server may be a pre-agreed time point after it is determined that the encrypted data has been received.
举个例子,统计群中包括5个数据服务器,每个数据服务器向转发服务器发送2个待统计数据,分别是总资产、负债资产,转发服务器规定可接受数据的预设时间段为2019/9/2 00:00至2019/9/2 23:59,则每个数据服务器可以在该时间段的任一个时间点发送其待统计数据至转发服务器,转发服务器可以在2019/9/3 00:00结束接收数据,并将接收到的数据进行隐藏处理,且将相同数据属性的待统计数据归为一组,具体的,将5个数据服务器分别发送总资产归为一组,将5个数据服务器分别发送负债资产归为一组,然后将该两组数据分别发送至统计服务器。For example, the statistical group includes 5 data servers, and each data server sends 2 data to be counted to the forwarding server, which are total assets and liability assets. The forwarding server stipulates that the preset time period for acceptable data is 2019/9 /2 00:00 to 2019/9/2 23:59, then each data server can send its data to be counted to the forwarding server at any point in the time period, and the forwarding server can send it to the forwarding server at 2019/9/3 00: 00 to end receiving data, and hide the received data, and group the data to be counted with the same data attribute into one group, specifically, group the total assets sent by 5 data servers into one group, and group The server sends the liabilities and assets into one group respectively, and then sends the two groups of data to the statistics server respectively.
本发明实施例中,转发服务器在预设时间段内接收各数据服务器发送的加密数据,并在预设时间发送加密数据,通过该方式,统计服务器不能获取到发送数据的数据服务器的身份信息,同时统计服务器也不能根据各数据服务器发送数据的发送时间推断出数据服务器的身份信息,通过设置转发服务器,可以做到高效的隐藏数据服务器的身份信息。本发明实施例通过权限分离的方式实现数据服务器和待统计数据之间关联关系的隐私保护。In the embodiment of the present invention, the forwarding server receives the encrypted data sent by each data server within a preset time period, and sends the encrypted data at a preset time. In this way, the statistics server cannot obtain the identity information of the data server that sends the data. At the same time, the statistical server cannot infer the identity information of the data server according to the sending time of the data sent by each data server. By setting the forwarding server, the identity information of the data server can be effectively hidden. In the embodiment of the present invention, the privacy protection of the association relationship between the data server and the data to be counted is realized through the separation of rights.
此外,通过转发服务器上述实现方式,转发服务器可以在预设时间段内接收各数据服务器发送的加密数据,整个过程中,仅需要转发服务器实时在线,无需各数据服务器实时在线,且转发服务器和各数据服务器只需要进行一次数据交互,无需进行多次数据交互,相比于现有技术中的多次数据交互和实时在线,更简单易用。In addition, through the above implementation of the forwarding server, the forwarding server can receive the encrypted data sent by each data server within a preset time period. The data server only needs to perform data interaction once, and does not need to perform multiple data interactions. Compared with multiple data interactions and real-time online in the prior art, it is simpler and easier to use.
步骤205,统计服务器使用第一公钥对应的第一私钥解密加密数据,得到待统计数据和签名信息。In step 205, the statistical server uses the first private key corresponding to the first public key to decrypt the encrypted data, and obtains the data to be counted and signature information.
例如,数据服务器使用第一私钥sk_p对加密数据pk_p(v_i,Sig_group_j_v_i)进行解密,分别解密出签名信息Sig_group_j_v_i和待统计数据v_i,其中,签名信息用于统计服务器对该数据服务器所在的统计群进行验证,相当于统计服务器验证是否需要对该数据服务器所提供的待统计数据进行统计;待统计数据即用于统计服务器进行数据统计。For example, the data server uses the first private key sk_p to decrypt the encrypted data pk_p(v_i, Sig_group_j_v_i), and decrypts the signature information Sig_group_j_v_i and the data to be counted v_i, respectively, where the signature information is used by the statistics server for the statistical group where the data server is located The verification is equivalent to the statistics server verifying whether it is necessary to perform statistics on the data to be counted provided by the data server; the data to be counted is used for the statistics server to perform data statistics.
步骤206,统计服务器使用第二私钥对应的第二公钥对签名信息验证通过后,统计待统计数据得到统计结果。Step 206: After the statistics server uses the second public key corresponding to the second private key to verify the signature information, it collects the data to be counted to obtain the statistics result.
统计服务器使用第二公钥验证数据服务器是否为统计群中的数据服务器,若是,则确定签名信息通过验证,对该数据服务器所提供的待统计数据进行统计,否则,确定签名信息不通过验证,不对该数据服务器所提供的待统计数据进行统计。例如,数据服务器使用第二公钥pk_group验证签名信息Sig_group_j_v_i所指示的数据服务器是否为该统计群中的数据服务器。The statistical server uses the second public key to verify whether the data server is a data server in the statistical group, if so, then determine that the signature information has passed the verification, and perform statistics on the data to be counted provided by the data server, otherwise, determine that the signature information has not passed the verification, The data to be counted provided by the data server is not counted. For example, the data server uses the second public key pk_group to verify whether the data server indicated by the signature information Sig_group_j_v_i is a data server in the statistics group.
统计服务器在确定签名信息验证通过后,可以进入数据统计阶段,对待统计数据按照预设的统计函数进行统计并确定统计结果,如确定待统计数据的分布曲线,确定待统计数据之和等。在确定统计结果之后,统计服务器可以将统计结果写入区块链中,用于查询服务器(数据使用方)对区块链中的数据查询。具体的,统计服务器可以在接收到查询服务器发送的数据查询请求后,根据查询请求从区块链中获取查询结果,将查询结果反馈至查询服务器,当然查询服务器也可以直接从区块链中获取查询结果,在此不做限制。After the statistics server confirms that the signature information has passed the verification, it can enter the data statistics stage, and perform statistics on the data to be counted according to the preset statistical function and determine the statistical results, such as determining the distribution curve of the data to be counted, determining the sum of the data to be counted, etc. After the statistical results are determined, the statistical server can write the statistical results into the block chain, which is used for the query server (data user) to query the data in the block chain. Specifically, after receiving the data query request sent by the query server, the statistics server can obtain the query result from the blockchain according to the query request, and feed back the query result to the query server. Of course, the query server can also obtain it directly from the blockchain. Query results are not limited here.
一种查询方式中,查询服务器可以将自己的属性值发送至统计服务器,统计服务器将接收到的属性值与对应的统计结果进行比对,并向查询服务器返回比对结果,如返回查询服务器的属性值在分布曲线中的排名。此处,若查询服务器所提供的属性值比较敏感,则统计服务器在结束比对后,应立即删除对应的中间数据和比对结果。In one query mode, the query server can send its attribute value to the statistics server, and the statistics server compares the received attribute value with the corresponding statistical result, and returns the comparison result to the query server, such as returning the query server’s The rank of the attribute value in the distribution curve. Here, if the attribute value provided by the query server is sensitive, the statistical server should delete the corresponding intermediate data and comparison result immediately after the comparison is completed.
此外,统计服务器在确定签名信息验证通过后,还可以对接收到的加密数据进一步验证,验证接收到的签名信息中是有重复,且接收到的加密数据的总数是否与期望的数据服务器总数相同,若验证通过,则可以进入数据统计阶段,否则需要确定验证未通过的原因。In addition, after the statistics server confirms that the signature information has been verified, it can further verify the received encrypted data to verify that there are repetitions in the received signature information, and whether the total number of received encrypted data is the same as the expected total number of data servers , if the verification is passed, you can enter the data statistics stage, otherwise you need to determine the reason for the verification failure.
统计服务器在得到待统计数据和签名信息之后,还可以将签名信息和待统计数据对应写入区块链中,用于监管服务器对数据服务器所提供的待统计数据进行验证。一种可实现方式中,待统计数据为非敏感数据,可以将待统计数据作为明文数据与签名信息对应存储至区块链中;另一种可实现方式中,待统计数据为敏感数据,可以将待统计数据转化为对应的区间值(例如,前30%)与签名信息对应存储至区块链中。示例性的,非敏感数据可以用于计算精确的分布曲线,敏感数据可以用于计算粗略的分布区间(前10%,前30%,前50%,其他)。After the statistical server obtains the data to be counted and the signature information, it can also write the signature information and the data to be counted into the blockchain correspondingly, which is used for the supervision server to verify the data to be counted provided by the data server. In one practicable way, the data to be counted is non-sensitive data, and the data to be counted can be stored in the blockchain as plaintext data and signature information correspondingly; in another practicable way, the data to be counted is sensitive data, which can The data to be counted is converted into a corresponding interval value (for example, the top 30%) and stored in the blockchain corresponding to the signature information. Exemplarily, non-sensitive data can be used to calculate a precise distribution curve, and sensitive data can be used to calculate a rough distribution interval (top 10%, top 30%, top 50%, others).
本发明实施例中,在统计服务器将数据写入区块链上时,可以调用用于数据存证的智能合约来实现链上数据与链下的数据交互。当然,也可以是其他用于提供数据存证功能的区块链组件。In the embodiment of the present invention, when the statistics server writes data into the block chain, it can call the smart contract for data storage to realize the interaction between the data on the chain and the data off the chain. Of course, it can also be other blockchain components used to provide data storage functions.
换个角度,在统计服务器将签名信息和待统计数据对应写入区块链之后,监管服务器可以从区块链上获取信息进行验证,具体的,监管服务器获取待验证信息,该待验证信息中包括多个一一对应的待统计数据和签名信息,监管服务器使用待验证数据服务器所在统计群的群私钥解密各签名信息,从而确定出待验证数据服务器的签名信息和对应的待统计数据,监管服务器根据待验证数据服务器的签名信息和对应的待统计数据,对待验证数据服务器所提供的待统计数据进行验证。此处,监管服务器可以采用公允的方式验证数据服务器所提供的待统计的真伪和合理性。From another perspective, after the statistical server writes the signature information and statistical data correspondingly into the blockchain, the supervisory server can obtain information from the blockchain for verification. Specifically, the supervisory server obtains the information to be verified, which includes Multiple one-to-one correspondence between the data to be counted and the signature information, the supervision server uses the group private key of the statistical group where the data server to be verified is located to decrypt each signature information, so as to determine the signature information of the data server to be verified and the corresponding data to be counted. The server verifies the data to be counted provided by the data server to be verified according to the signature information of the data server to be verified and the corresponding data to be counted. Here, the supervisory server can verify the authenticity and rationality of the statistics to be provided by the data server in a fair manner.
上述实施例中,监管服务器可以采用统计群的群私钥解密各签名信息,从而可以从区块链中获取待验证数据服务器所提供的待统计数据,从而对待验证数据服务器提供数据的真实性和合理性进行验证,保证数据统计过程中的数据有效性。将签名信息和待统计数据对应写入区块链中,为监管服务器提供未被篡改过的数据。In the above-mentioned embodiment, the supervisory server can use the group private key of the statistical group to decrypt each signature information, so that the statistical data to be provided by the data server to be verified can be obtained from the block chain, so that the data server to be verified can provide the authenticity and authenticity of the data. The rationality is verified to ensure the validity of the data in the process of data statistics. Write the signature information and the data to be counted into the blockchain correspondingly, and provide the supervisory server with data that has not been tampered with.
基于同一发明构思,图3示例性的示出了本发明实施例提供的一种基于区块链的数据统计的装置的结构,该装置可以执行基于区块链的数据统计的方法的流程。Based on the same inventive concept, FIG. 3 exemplarily shows the structure of a block chain-based data statistics device provided by an embodiment of the present invention, and the device can execute the flow of the block chain-based data statistics method.
所述装置包括:The devices include:
收发单元301、解密单元302、处理单元303;Transceiver unit 301, decryption unit 302, processing unit 303;
所述收发单元301用于接收转发服务器转发的来自数据服务器的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据;所述第一公钥是所述处理单元303生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The transceiver unit 301 is used to receive the encrypted data from the data server forwarded by the forwarding server; the encrypted data is data encrypted by the data server using the first public key to treat statistical data and signature information; the first public key It is generated by the processing unit 303 and sent to the data server; the signature information is the information after the data server signs the data to be counted using the second private key; the second private key is the generating and sending to the data server according to the group public key and group private key of the statistical group where the data server is located;
所述解密单元302用于使用所述第一公钥对应的第一私钥解密所述加密数据,得到所述待统计数据和所述签名信息;The decryption unit 302 is configured to use the first private key corresponding to the first public key to decrypt the encrypted data to obtain the data to be counted and the signature information;
所述处理单元303用于使用所述第二私钥对应的第二公钥对所述签名信息验证通过后,统计所述待统计数据得到统计结果;所述第二公钥是所述监管服务器发送至所述处理单元303的所述数据服务器所在统计群的群公钥。The processing unit 303 is configured to use the second public key corresponding to the second private key to count the data to be counted to obtain a statistical result after the signature information is verified by the second public key corresponding to the second private key; the second public key is the The group public key of the statistical group where the data server is located is sent to the processing unit 303 .
可选的,所述处理单元303还用于:Optionally, the processing unit 303 is further configured to:
在得到所述待统计数据和所述签名信息之后,将所述签名信息和所述待统计数据对应写入区块链中,以使所述监管服务器对所述数据服务器所提供的待统计数据进行验证。After the data to be counted and the signature information are obtained, the signature information and the data to be counted are correspondingly written into the block chain, so that the supervisory server can provide the data to be counted by the data server authenticating.
可选的,所述处理单元303还用于:Optionally, the processing unit 303 is further configured to:
在得到统计结果之后,将所述统计结果写入区块链中,并在接收到查询服务器发送的数据查询请求后,根据所述查询请求从所述区块链中获取查询结果,将所述查询结果反馈至所述查询服务器。After obtaining the statistical results, write the statistical results into the block chain, and after receiving the data query request sent by the query server, obtain the query results from the block chain according to the query request, and write the The query result is fed back to the query server.
可选的,所述处理单元303具体用于:Optionally, the processing unit 303 is specifically configured to:
使用所述第二公钥验证所述数据服务器是否为所述统计群中的数据服务器,若是,则确定所述签名信息通过验证。Verifying whether the data server is a data server in the statistical group by using the second public key, and if so, determining that the signature information passes the verification.
可选的,所述处理单元303还用于:Optionally, the processing unit 303 is further configured to:
在所述收发单元301接收所述转发服务器转发的来自数据服务器的加密数据之前,生成所述第一私钥和所述第一公钥;Before the transceiving unit 301 receives the encrypted data from the data server forwarded by the forwarding server, generate the first private key and the first public key;
所述收发单元301还用于:The transceiver unit 301 is also used for:
将所述第一公钥发送至所述数据服务器;以及接收所述监管服务器发送的所述第二公钥。sending the first public key to the data server; and receiving the second public key sent by the administration server.
基于同一发明构思,图4示例性的示出了本发明实施例提供的一种基于区块链的数据统计的装置的结构,该装置可以执行基于区块链的数据统计的方法的流程。Based on the same inventive concept, FIG. 4 exemplarily shows the structure of a block chain-based data statistics device provided by an embodiment of the present invention, and the device can execute the flow of the block chain-based data statistics method.
所述装置,包括:The device includes:
接收单元401和发送单元402;a receiving unit 401 and a sending unit 402;
所述接收单元401用于接收数据服务器发送的加密数据;所述加密数据是所述数据服务器使用第一公钥对待统计数据和签名信息加密后的数据,所述第一公钥是统计服务器生成并发送至所述数据服务器的;所述签名信息是所述数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The receiving unit 401 is used to receive the encrypted data sent by the data server; the encrypted data is data encrypted by the data server using the first public key to be statistical data and signature information, and the first public key is generated by the statistical server and sent to the data server; the signature information is information obtained by the data server using the second private key to sign the data to be counted; The group public key and group private key of the group are generated for the data server and sent to the data server;
所述发送单元402用于将所述加密数据发送至所述统计服务器,以使所述统计服务器使用所述第一公钥对应的第一私钥,对所述加密数据解密,并在使用所述第二私钥对应的第二公钥对解密后的签名信息验证通过后,统计解密后的待统计数据;所述第二公钥是所述监管服务器发送至所述统计服务器的所述数据服务器所在统计群的群公钥。The sending unit 402 is configured to send the encrypted data to the statistics server, so that the statistics server uses the first private key corresponding to the first public key to decrypt the encrypted data, and uses the After the second public key corresponding to the second private key passes the verification of the decrypted signature information, count the decrypted data to be counted; the second public key is the data sent by the supervision server to the statistics server The group public key of the statistical group where the server is located.
可选的,所述统计群中包括N个数据服务器,N大于等于1;所述数据服务器向所述接收单元401发送的加密数据有M个,M大于等于1,每一个加密数据对应一个数据属性;Optionally, the statistical group includes N data servers, where N is greater than or equal to 1; there are M encrypted data sent by the data server to the receiving unit 401, and M is greater than or equal to 1, and each encrypted data corresponds to one data Attributes;
所述接收单元401具体用于:The receiving unit 401 is specifically used for:
接收所述N个数据服务器中各数据服务器发送的M个加密数据;receiving M encrypted data sent by each data server in the N data servers;
所述发送单元402具体用于:The sending unit 402 is specifically used for:
在确定接收完成所述N个数据服务器中各数据服务器发送的M个加密数据之后,确定出M组具有相同属性的加密数据,每组有N个加密数据;After determining that the M encrypted data sent by each data server in the N data servers has been received, M groups of encrypted data with the same attribute are determined, and each group has N encrypted data;
在预设时间将M组加密数据发送至所述统计服务器。Send M sets of encrypted data to the statistical server at a preset time.
基于同一发明构思,图5示例性的示出了本发明实施例提供的一种基于区块链的数据统计的装置的结构,该装置可以执行基于区块链的数据统计的方法的流程。Based on the same inventive concept, FIG. 5 exemplarily shows the structure of a block chain-based data statistics device provided by an embodiment of the present invention, and the device can execute the flow of the block chain-based data statistics method.
所述装置,包括:The device includes:
加密单元501和收发单元502;An encryption unit 501 and a transceiver unit 502;
所述加密单元501用于使用第二私钥对待统计数据进行签名后生成签名信息;所述第二私钥是监管服务器根据数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述收发单元502;The encryption unit 501 is used to use the second private key to sign the statistical data to be signed to generate signature information; the second private key is the data server's signature for the data server according to the group public key and group private key of the statistical group where the data server is located. Generate and send to the transceiver unit 502;
所述加密单元501还用于使用第一公钥对所述签名信息和所述待统计数据加密后生成加密数据;所述第一公钥是统计服务器生成并发送至所述收发单元502的;The encryption unit 501 is further configured to use a first public key to encrypt the signature information and the data to be counted to generate encrypted data; the first public key is generated by the statistics server and sent to the transceiver unit 502;
所述收发单元502用于将所述加密数据发送至所述转发服务器,以使所述转发服务器将所述加密数据转发至所述统计服务器进行数据统计。The transceiving unit 502 is configured to send the encrypted data to the forwarding server, so that the forwarding server forwards the encrypted data to the statistics server for data statistics.
可选的,所述待统计数据为M个,M大于等于1;Optionally, there are M data to be counted, and M is greater than or equal to 1;
所述加密单元501具体用于:The encryption unit 501 is specifically used for:
针对每一个待统计数据,使用所述第一公钥对所述签名信息和所述待统计数据加密后生成加密数据。For each piece of data to be counted, use the first public key to encrypt the signature information and the data to be counted to generate encrypted data.
可选的,所述收发单元502还用于:Optionally, the transceiver unit 502 is also used for:
在所述加密单元501生成签名信息之前,接收所述监管服务器发送的第二私钥;Before the encryption unit 501 generates the signature information, receive the second private key sent by the supervision server;
所述收发单元502还用于:The transceiver unit 502 is also used for:
在所述加密单元501生成加密数据之前,接收所述统计服务器发送的第一公钥。Before the encryption unit 501 generates the encrypted data, it receives the first public key sent by the statistics server.
基于同一发明构思,图6示例性的示出了本发明实施例提供的一种基于区块链的数据统计的装置的结构,该装置可以执行基于区块链的数据统计的方法的流程。Based on the same inventive concept, FIG. 6 exemplarily shows the structure of a block chain-based data statistics device provided by an embodiment of the present invention, and the device can execute the flow of the block chain-based data statistics method.
所述装置,包括:The device includes:
获取单元601、解密单元602、验证单元603;An acquisition unit 601, a decryption unit 602, and a verification unit 603;
所述获取单元601用于从区块链上获取待验证信息,所述待验证信息包括待统计数据和签名信息;所述签名信息是提供所述待统计数据的数据服务器使用第二私钥对所述待统计数据签名后的信息;所述第二私钥是监管服务器根据所述数据服务器所在统计群的群公钥和群私钥针对所述数据服务器生成并发送至所述数据服务器;The obtaining unit 601 is used to obtain information to be verified from the block chain, and the information to be verified includes data to be counted and signature information; the signature information is the second private key pair used by the data server that provides the data to be counted The information after the signature of the data to be counted; the second private key is generated by the supervisory server for the data server according to the group public key and group private key of the statistical group where the data server is located and sent to the data server;
所述解密单元602用于使用待验证数据服务器所在统计群的群私钥解密所述签名信息,确定所述待验证数据服务器的签名信息和对应的待统计数据;The decryption unit 602 is used to decrypt the signature information by using the group private key of the statistical group where the data server to be verified is located, and determine the signature information of the data server to be verified and the corresponding data to be counted;
所述验证单元603用于根据所述待验证数据服务器的签名信息和对应的待统计数据,对所述待验证数据服务器所提供的待统计数据进行验证。The verification unit 603 is configured to verify the data to be counted provided by the data server to be verified according to the signature information of the data server to be verified and the corresponding data to be counted.
可选的,所述装置还包括生成单元604和收发单元605;Optionally, the device further includes a generation unit 604 and a transceiver unit 605;
所述生成单元604用于:The generating unit 604 is used for:
在从所述获取单元601区块链上获取待验证信息之前,生成统计群的群私钥和群公钥;Before obtaining the information to be verified from the block chain of the obtaining unit 601, generate a group private key and a group public key of the statistical group;
根据所述统计群的群私钥和群公钥,生成所述统计群中各数据服务器的第二私钥;According to the group private key and group public key of the statistical group, generate the second private key of each data server in the statistical group;
所述收发单元605用于:The transceiver unit 605 is used for:
将所述各数据服务器的第二私钥发送至各数据服务器,以使所述数据服务器使用所述第二私钥对待统计数据签名并生成签名信息;所述签名信息用于所述数据服务器使用第一公钥对所述签名信息和待统计数据加密;所述第一公钥是统计服务器生成并发送至所述数据服务器的;Send the second private key of each data server to each data server, so that the data server uses the second private key to sign the statistical data to be signed and generate signature information; the signature information is used for the data server to use The first public key encrypts the signature information and the data to be counted; the first public key is generated by the statistics server and sent to the data server;
将所述群公钥作为所述第二私钥对应的第二公钥发送至所述统计服务器,以使所述统计服务器使用所述第二公钥对所述签名信息验证。Sending the group public key as a second public key corresponding to the second private key to the statistics server, so that the statistics server uses the second public key to verify the signature information.
基于同一发明构思,本发明实施例还提供了一种计算设备,包括:Based on the same inventive concept, an embodiment of the present invention also provides a computing device, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述基于区块链的数据统计的方法。The processor is configured to call the program instructions stored in the memory, and execute the above-mentioned method of data statistics based on blockchain according to the obtained program.
基于同一发明构思,本发明实施例还提供了一种计算机可读非易失性存储介质,包括计算机可读指令,当计算机读取并执行所述计算机可读指令时,使得计算机执行上述基于区块链的数据统计的方法。Based on the same inventive concept, an embodiment of the present invention also provides a computer-readable non-volatile storage medium, including computer-readable instructions. When a computer reads and executes the computer-readable instructions, the computer executes the above region-based The data statistics method of block chain.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.
Claims (26)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910828975.6A CN110569666B (en) | 2019-09-03 | 2019-09-03 | Block chain-based data statistics method and device |
PCT/CN2020/111832 WO2021043067A1 (en) | 2019-09-03 | 2020-08-27 | Blockchain-based data statistical method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910828975.6A CN110569666B (en) | 2019-09-03 | 2019-09-03 | Block chain-based data statistics method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110569666A true CN110569666A (en) | 2019-12-13 |
CN110569666B CN110569666B (en) | 2023-09-08 |
Family
ID=68777604
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910828975.6A Active CN110569666B (en) | 2019-09-03 | 2019-09-03 | Block chain-based data statistics method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110569666B (en) |
WO (1) | WO2021043067A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111162910A (en) * | 2019-12-20 | 2020-05-15 | 杭州能信科技有限公司 | Multi-language encryption transmission scheme for high-concurrency new energy power generation data |
CN111170104A (en) * | 2020-01-06 | 2020-05-19 | 北京时代凌宇科技股份有限公司 | Elevator inspection monitoring system and method based on block chain |
CN111210352A (en) * | 2020-01-10 | 2020-05-29 | 李�荣 | Economic data statistical device and method based on block chain |
CN111585769A (en) * | 2020-05-14 | 2020-08-25 | 小米数字科技有限公司 | Data transmission method, device and medium |
CN111741031A (en) * | 2020-08-26 | 2020-10-02 | 深圳信息职业技术学院 | Blockchain-based network communication encryption method |
CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
WO2021043067A1 (en) * | 2019-09-03 | 2021-03-11 | 深圳前海微众银行股份有限公司 | Blockchain-based data statistical method and device |
CN114595437A (en) * | 2022-05-09 | 2022-06-07 | 荣耀终端有限公司 | Access control method, electronic device, and computer-readable storage medium |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113806794B (en) * | 2021-03-12 | 2024-08-16 | 京东科技控股股份有限公司 | File electronic signature processing method, device, computer equipment and storage medium |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013008175A (en) * | 2011-06-24 | 2013-01-10 | Fujitsu Ltd | Conversion processing method, device and program and restoration processing method, device and program |
JP2013026996A (en) * | 2011-07-26 | 2013-02-04 | Fujitsu Ltd | Information processing method, device, and computer system |
CN103490880A (en) * | 2013-10-07 | 2014-01-01 | 西安电子科技大学 | Power counting and charging method with private protection function in intelligent power grid |
JP2014211607A (en) * | 2013-04-04 | 2014-11-13 | キヤノン株式会社 | Apparatus and method for information processing |
US8997198B1 (en) * | 2012-12-31 | 2015-03-31 | Emc Corporation | Techniques for securing a centralized metadata distributed filesystem |
CN104951472A (en) * | 2014-03-29 | 2015-09-30 | 华为技术有限公司 | Data statistics method based on distribution |
CN105827399A (en) * | 2016-04-12 | 2016-08-03 | 金华鸿正科技有限公司 | Data processing method used for electronic election |
CN109286497A (en) * | 2018-09-06 | 2019-01-29 | 贵阳信息技术研究院(中科院软件所贵阳分部) | A Blockchain-Based Method for Secret Voting and Multi-Condition Counting |
US20190114438A1 (en) * | 2017-10-12 | 2019-04-18 | Salesforce.Com, Inc. | Mass encryption management |
CN109726563A (en) * | 2017-10-31 | 2019-05-07 | 阿里巴巴集团控股有限公司 | A kind of method, apparatus and equipment of data statistics |
CN110069501A (en) * | 2019-04-23 | 2019-07-30 | 北京恒冠网络数据处理有限公司 | A kind of big data stocking system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201710176D0 (en) * | 2017-06-26 | 2017-08-09 | Nchain Holdings Ltd | Computer-implemented system and method |
CN107493162A (en) * | 2017-07-25 | 2017-12-19 | 中国联合网络通信集团有限公司 | The implementation method and device of block chain node |
CN107911216B (en) * | 2017-10-26 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | A method and system for privacy protection of blockchain transactions |
CN110569666B (en) * | 2019-09-03 | 2023-09-08 | 深圳前海微众银行股份有限公司 | Block chain-based data statistics method and device |
-
2019
- 2019-09-03 CN CN201910828975.6A patent/CN110569666B/en active Active
-
2020
- 2020-08-27 WO PCT/CN2020/111832 patent/WO2021043067A1/en active Application Filing
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013008175A (en) * | 2011-06-24 | 2013-01-10 | Fujitsu Ltd | Conversion processing method, device and program and restoration processing method, device and program |
JP2013026996A (en) * | 2011-07-26 | 2013-02-04 | Fujitsu Ltd | Information processing method, device, and computer system |
US8997198B1 (en) * | 2012-12-31 | 2015-03-31 | Emc Corporation | Techniques for securing a centralized metadata distributed filesystem |
JP2014211607A (en) * | 2013-04-04 | 2014-11-13 | キヤノン株式会社 | Apparatus and method for information processing |
CN103490880A (en) * | 2013-10-07 | 2014-01-01 | 西安电子科技大学 | Power counting and charging method with private protection function in intelligent power grid |
CN104951472A (en) * | 2014-03-29 | 2015-09-30 | 华为技术有限公司 | Data statistics method based on distribution |
CN105827399A (en) * | 2016-04-12 | 2016-08-03 | 金华鸿正科技有限公司 | Data processing method used for electronic election |
US20190114438A1 (en) * | 2017-10-12 | 2019-04-18 | Salesforce.Com, Inc. | Mass encryption management |
CN109726563A (en) * | 2017-10-31 | 2019-05-07 | 阿里巴巴集团控股有限公司 | A kind of method, apparatus and equipment of data statistics |
CN109286497A (en) * | 2018-09-06 | 2019-01-29 | 贵阳信息技术研究院(中科院软件所贵阳分部) | A Blockchain-Based Method for Secret Voting and Multi-Condition Counting |
CN110069501A (en) * | 2019-04-23 | 2019-07-30 | 北京恒冠网络数据处理有限公司 | A kind of big data stocking system |
Non-Patent Citations (1)
Title |
---|
马飞;蒋建国;: "具有隐私保护的分布式协作统计计算方案" * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021043067A1 (en) * | 2019-09-03 | 2021-03-11 | 深圳前海微众银行股份有限公司 | Blockchain-based data statistical method and device |
CN111162910A (en) * | 2019-12-20 | 2020-05-15 | 杭州能信科技有限公司 | Multi-language encryption transmission scheme for high-concurrency new energy power generation data |
CN111170104A (en) * | 2020-01-06 | 2020-05-19 | 北京时代凌宇科技股份有限公司 | Elevator inspection monitoring system and method based on block chain |
CN111210352A (en) * | 2020-01-10 | 2020-05-29 | 李�荣 | Economic data statistical device and method based on block chain |
CN111585769A (en) * | 2020-05-14 | 2020-08-25 | 小米数字科技有限公司 | Data transmission method, device and medium |
CN111585769B (en) * | 2020-05-14 | 2023-07-25 | 天星数科科技有限公司 | Data transmission method, device and medium |
CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
WO2021139338A1 (en) * | 2020-07-31 | 2021-07-15 | 平安科技(深圳)有限公司 | Data access permission verification method and apparatus, computer device, and storage medium |
CN111914293B (en) * | 2020-07-31 | 2024-05-24 | 平安科技(深圳)有限公司 | Data access right verification method and device, computer equipment and storage medium |
CN111741031A (en) * | 2020-08-26 | 2020-10-02 | 深圳信息职业技术学院 | Blockchain-based network communication encryption method |
CN114595437A (en) * | 2022-05-09 | 2022-06-07 | 荣耀终端有限公司 | Access control method, electronic device, and computer-readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110569666B (en) | 2023-09-08 |
WO2021043067A1 (en) | 2021-03-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110569666B (en) | Block chain-based data statistics method and device | |
CN107911216B (en) | A method and system for privacy protection of blockchain transactions | |
US10846372B1 (en) | Systems and methods for trustless proof of possession and transmission of secured data | |
CN110276613B (en) | Block chain-based data processing apparatus, method, and computer-readable storage medium | |
CN109544331B (en) | Blockchain-based supply chain financial application method, device, terminal equipment and storage medium | |
CN106559211B (en) | A privacy-preserving smart contract method in blockchain | |
CN111861473B (en) | Electronic bidding system and method | |
WO2022089237A1 (en) | Blockchain-based value verification method and apparatus, computer device and medium | |
CN110719176A (en) | Blockchain-based logistics privacy protection method, system and readable storage medium | |
US8220040B2 (en) | Verifying that group membership requirements are met by users | |
CN110189184B (en) | Electronic invoice storage method and device | |
US20210035090A1 (en) | System and method for secure data delivery | |
Qu et al. | A electronic voting protocol based on blockchain and homomorphic signcryption | |
CN113949541B (en) | A Design Method of DDS Secure Communication Middleware Based on Attribute Policy | |
US11676111B1 (en) | Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing | |
CN108769010A (en) | The method and apparatus that node is invited to registration | |
CN114154196B (en) | Heterogeneous data processing method, device and electronic device | |
CN115203749A (en) | Data transaction method and system based on block chain | |
CN116975936B (en) | Finance qualification proving method and finance qualification verifying method | |
CN111414634A (en) | Information processing method and device | |
CN112073196B (en) | Service data processing method and device, electronic equipment and storage medium | |
JP2025518069A (en) | Blockchain-based message journaling | |
CN113468549A (en) | Retrieval method and system for encrypted information evidence based on block chain and electronic equipment | |
CN114866317B (en) | Multi-party data security computing method, device, electronic equipment and storage medium | |
CN117371010A (en) | Data trace query method, electronic device and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |