[go: up one dir, main page]

CN110851843A - Data management method and device based on block chain - Google Patents

Data management method and device based on block chain Download PDF

Info

Publication number
CN110851843A
CN110851843A CN201910949871.0A CN201910949871A CN110851843A CN 110851843 A CN110851843 A CN 110851843A CN 201910949871 A CN201910949871 A CN 201910949871A CN 110851843 A CN110851843 A CN 110851843A
Authority
CN
China
Prior art keywords
data
target data
identification information
blockchain
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910949871.0A
Other languages
Chinese (zh)
Inventor
李立中
李知旃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lijun (shanghai) Technology Co Ltd
Original Assignee
Lijun (shanghai) Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lijun (shanghai) Technology Co Ltd filed Critical Lijun (shanghai) Technology Co Ltd
Priority to CN201910949871.0A priority Critical patent/CN110851843A/en
Publication of CN110851843A publication Critical patent/CN110851843A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification discloses a data management method and device based on a block chain, the data management method and device based on the block chain are applied to terminal equipment, and the method at least comprises the following steps: determining target data to be stored in a block chain and identification information of the target data; calculating a first abstract value of the target data according to a preset abstract algorithm; encrypting the target data by using a first key to form ciphertext data; and storing the ciphertext data, the first abstract value and the identification information in a block chain in an associated manner. Through the technical scheme of the embodiment of the specification, the data can be more effectively prevented from being stolen and tampered by an intruder, so that the data security is improved.

Description

基于区块链的数据管理方法及装置Blockchain-based data management method and device

技术领域technical field

本说明书涉及计算机技术领域,尤其涉及基于区块链的数据管理方法及装置。This specification relates to the field of computer technology, and in particular, to a method and device for data management based on blockchain.

背景技术Background technique

区块链利用链式数据结构来验证与存储数据,利用分布式节点共识算法来生成和更新数据,利用密码学的方式保证数据在各个分布式节点之间传输和访问的安全。区块链技术本质上是一种去中心化的分布式数据库技术,数据被公开透明的存储在区块链网络的每个记账节点中,从而使得存储至区块链的数据具有不可篡改的特性。Blockchain uses chain data structure to verify and store data, uses distributed node consensus algorithm to generate and update data, and uses cryptography to ensure the security of data transmission and access between distributed nodes. Blockchain technology is essentially a decentralized distributed database technology. The data is openly and transparently stored in each accounting node of the blockchain network, so that the data stored in the blockchain can not be tampered with. characteristic.

对于普通用户而言,用户的数据被公开透明的存储在区块链网络的每个记账节点,会增大用户的数据被入侵者恶意窃取的风险。而且,用户日常使用的终端设备通常能够对区块链网络进行访问,但其自身可能并不会作为区块链网络的一个节点加入到区块链网络中;如此,入侵者还可能在终端设备从区块链获取数据的过程中,为了达到特定的业务目的而对数据进行篡改。For ordinary users, the user's data is openly and transparently stored in each accounting node of the blockchain network, which increases the risk of malicious theft of user data by intruders. Moreover, the terminal equipment that users use on a daily basis can usually access the blockchain network, but it may not join the blockchain network as a node of the blockchain network; in this way, the intruder may also be in the terminal equipment. In the process of obtaining data from the blockchain, the data is tampered with in order to achieve a specific business purpose.

因此,如何更为有效的避免数据被入侵者窃取和篡改,从而提高数据的安全性则成为亟待解决的问题。Therefore, how to more effectively prevent data from being stolen and tampered with by intruders, so as to improve data security, has become an urgent problem to be solved.

发明内容SUMMARY OF THE INVENTION

本说明书实施例中提供了一种基于区块链数据管理方法及装置,可更为有效的避免数据被入侵者窃取和篡改,从而提高数据的安全性。The embodiments of this specification provide a blockchain-based data management method and device, which can more effectively prevent data from being stolen and tampered with by intruders, thereby improving data security.

第一方面,提供了一种基于区块链的数据管理方法,所述方法应用于终端设备,所述方法包括:In a first aspect, a blockchain-based data management method is provided, the method is applied to a terminal device, and the method includes:

确定待存储到区块链的目标数据以及所述目标数据的标识信息;Determine the target data to be stored in the blockchain and the identification information of the target data;

根据预设的摘要算法计算所述目标数据的第一摘要值;Calculate the first digest value of the target data according to a preset digest algorithm;

利用第一密钥对所述目标数据进行加密以形成密文数据;encrypting the target data with the first key to form ciphertext data;

将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链。The ciphertext data, the first digest value and the identification information are associated and stored in the blockchain.

在一种可能的实施方式中,In one possible implementation,

在所述将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链之后,所述方法还包括:将所述标识信息作为一个索引项添加到数据索引表。After the ciphertext data, the first digest value and the identification information are associated and stored in the blockchain, the method further includes: adding the identification information as an index item to a data index table.

在一种可能的实施方式中,In one possible implementation,

所述标识信息包括:所述目标数据对应的文件名称,以及确定所述目标数据时所对应的第一时刻。The identification information includes: a file name corresponding to the target data, and a first moment corresponding to the determination of the target data.

在一种可能的实施方式中,In one possible implementation,

所述将所述标识信息作为一个索引项添加到数据索引表,包括:The described adding the identification information as an index item to the data index table includes:

检测所述数据索引表包含的各个所述索引项中是否存在第一索引项,所述第一索引项中包含所述文件名称;Detecting whether there is a first index entry in each of the index entries included in the data index table, and the first index entry includes the file name;

如果存在所述第一索引项,将所述第一索引项中包含的第二时刻更新为所述第一时刻。If the first index entry exists, the second time included in the first index entry is updated to the first time.

在一种可能的实施方式中,In one possible implementation,

所述将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链,包括:The storing the ciphertext data, the first digest value and the identification information in association with the blockchain includes:

将所述密文数据、所述第一摘要值和所述标识信息写入一个交易的数据字段,并通过区块链网络的节点将所述交易发布到区块链网络,使得所述交易被打包到一个区块中,所述区块被添加到所述区块链。Write the ciphertext data, the first digest value and the identification information into the data field of a transaction, and publish the transaction to the blockchain network through the nodes of the blockchain network, so that the transaction is Packed into a block, the block is added to the blockchain.

第二方面,提供了一种基于区块链的数据管理方法,所述方法应用于终端设备,所述方法包括:In a second aspect, a blockchain-based data management method is provided, the method is applied to a terminal device, and the method includes:

确定待获取的目标数据的标识信息;Determine the identification information of the target data to be acquired;

从区块链中获取与所述标识信息关联的密文数据和第一摘要值;Obtain the ciphertext data and the first digest value associated with the identification information from the blockchain;

利用第二密钥对所述密文数据进行解密以获取所述目标数据,其中,所述第二密钥与加密所述目标数据以形成所述密文数据时使用的第一密钥相同或相对应;Decrypt the ciphertext data with a second key to obtain the target data, wherein the second key is the same as the first key used to encrypt the target data to form the ciphertext data or Corresponding;

根据预设的摘要算法计算所述目标数据的第二摘要值;Calculate the second digest value of the target data according to a preset digest algorithm;

在所述第一摘要值和所述第二摘要值相同的情况下,确定所述目标数据未被篡改,并提供所述目标数据。In the case that the first digest value and the second digest value are the same, it is determined that the target data has not been tampered with, and the target data is provided.

在一种可能的实施方式中,In one possible implementation,

在所述确定待获取的目标数据的标识信息之前,所述方法还包括:向用户提供数据索引表,所述数据索引表包含至少一个索引项;Before determining the identification information of the target data to be acquired, the method further includes: providing a data index table to the user, the data index table including at least one index item;

所述确定待获取的目标数据的标识信息,包括:响应于用户对所述至少一个索引项中的第二索引项的触发,确定所述第二索引项为待获取的目标数据的标识信息。The determining of the identification information of the target data to be acquired includes: in response to a user triggering a second index item in the at least one index item, determining that the second index item is the identification information of the target data to be acquired.

第三方面,提供了一种基于区块链的数据管理装置,所述装置应用于终端设备,所述装置包括:In a third aspect, a block chain-based data management apparatus is provided, the apparatus is applied to terminal equipment, and the apparatus includes:

信息确定单元,配置为确定待存储到区块链的目标数据以及所述目标数据的标识信息;an information determination unit, configured to determine target data to be stored in the blockchain and identification information of the target data;

摘要计算单元,配置为根据预设的摘要算法计算所述目标数据的第一摘要值;The digest calculation unit is configured to calculate the first digest value of the target data according to a preset digest algorithm;

加密处理单元,配置为利用第一密钥对所述目标数据进行加密以形成密文数据;an encryption processing unit configured to encrypt the target data with the first key to form ciphertext data;

存储处理单元,配置为将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链。A storage processing unit, configured to associate and store the ciphertext data, the first digest value and the identification information in the blockchain.

在一种可能的实施方式中,In one possible implementation,

所述装置还包括:索引管理单元,配置为将所述标识信息作为一个索引项添加到数据索引表。The apparatus further includes: an index management unit configured to add the identification information as an index item to the data index table.

第四方面,提供了一种基于区块链的数据管理装置,所述装置应用于终端设备,所述装置包括:In a fourth aspect, a blockchain-based data management apparatus is provided, the apparatus is applied to terminal equipment, and the apparatus includes:

信息确定单元,配置为确定待获取的目标数据的标识信息;an information determination unit, configured to determine the identification information of the target data to be acquired;

数据获取单元,配置为从区块链中获取与所述标识信息关联的密文数据和第一摘要值;a data acquisition unit, configured to acquire the ciphertext data and the first digest value associated with the identification information from the blockchain;

解密处理单元,配置为利用第二密钥对所述密文数据进行解密以获取所述目标数据,其中,所述第二密钥与加密所述目标数据以形成所述密文数据时使用的第一密钥相同或相对应;A decryption processing unit configured to use a second key to decrypt the ciphertext data to obtain the target data, wherein the second key is the same as the one used when encrypting the target data to form the ciphertext data The first key is the same or corresponding;

摘要计算单元,配置为根据预设的摘要算法计算所述目标数据的第二摘要值;A digest calculation unit, configured to calculate a second digest value of the target data according to a preset digest algorithm;

数据提供单元,配置为在所述第一摘要值和所述第二摘要值相同的情况下,确定所述目标数据未被篡改,并提供所述目标数据。A data providing unit, configured to determine that the target data has not been tampered with, and provide the target data when the first digest value and the second digest value are the same.

第五方面,提供了一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算设备中执行时,所述计算设备实现如第一方面、第二方面中任一项所述的方法。A fifth aspect provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed in a computing device, the computing device implements any one of the first aspect and the second aspect the method described.

第六方面,提供了一种终端设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现如第一方面、第二方面中任一项所述的方法。In a sixth aspect, a terminal device is provided, including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the first and second aspects is implemented. one of the methods described.

通过本说明书实施例中提供的数据管理方法及装置,一方面,区块链中并不直接存储目标数据,即使入侵者能够从区块链获取到目标数据的密文数据,也将因无法得知用于解密密文数据所需的密钥而无法窃取目标数据;另一方面,密文数据、第一摘要值及标识信息关联存储至区块链,使得终端设备可以基于标识信息从区块链中获取与其关联的密文数据和第一摘要值,而第一摘要值可以用于对密文数据所对应的目标数据的完整性进行验证,有利于降低入侵者对目标数据进行篡改的可能性。综上所述,本说明书实施例中提供的技术方案,可更为有效的避免数据被入侵者窃取和篡改,从而提高数据的安全性。Through the data management method and device provided in the embodiments of this specification, on the one hand, the target data is not directly stored in the blockchain, even if the intruder can obtain the ciphertext data of the target data from the blockchain, it will be impossible to obtain the target data. On the other hand, the ciphertext data, the first digest value and the identification information are associated and stored in the block chain, so that the terminal device can extract the target data from the block chain based on the identification information. The ciphertext data and the first digest value associated with it are obtained from the chain, and the first digest value can be used to verify the integrity of the target data corresponding to the ciphertext data, which is beneficial to reduce the possibility of intruders tampering with the target data. sex. To sum up, the technical solutions provided in the embodiments of this specification can more effectively prevent data from being stolen and tampered with by intruders, thereby improving data security.

附图说明Description of drawings

图1为本说明书实施例的系统框架示意图;1 is a schematic diagram of a system framework of an embodiment of the present specification;

图2为本说明书实施例中提供的一种基于区块链的数据管理方法的流程图;2 is a flowchart of a blockchain-based data management method provided in an embodiment of this specification;

图3为本说明书实施例中提供的另一种基于区块链的数据管理方法的流程图;3 is a flowchart of another blockchain-based data management method provided in the embodiment of this specification;

图4为本说明书实施例中提供的另一种基于区块链的数据管理方法的流程图;FIG. 4 is a flowchart of another blockchain-based data management method provided in the embodiment of this specification;

图5为本说明书实施例中提供的一种基于区块链的数据管理装置的结构示意图;5 is a schematic structural diagram of a blockchain-based data management device provided in the embodiment of this specification;

图6为本说明书实施例中提供的另一种基于区块链的数据管理装置的结构示意图;6 is a schematic structural diagram of another blockchain-based data management device provided in the embodiment of this specification;

图7为本说明书实施例中提供的另一种基于区块链的数据管理装置的结构示意图。FIG. 7 is a schematic structural diagram of another block chain-based data management apparatus provided in an embodiment of the present specification.

具体实施方式Detailed ways

图1示出了本说明书实施例的系统框架示意图。如图1所示,区块链网络(或者称为区块链系统)10可以包括多个区块链节点101;区块链网络10的每个区块链节点101,具有将包含数据的交易广播到整个区块链网络10的能力;作为记账节点的区块链节点101可以将其接收的交易打包成区块,并添加到区块链中,实现将数据存储到区块链。FIG. 1 shows a schematic diagram of a system framework of an embodiment of the present specification. As shown in FIG. 1, a blockchain network (or a blockchain system) 10 may include a plurality of blockchain nodes 101; each blockchain node 101 of the blockchain network 10 has a transaction that will contain data The ability to broadcast to the entire blockchain network 10; the blockchain node 101 as an accounting node can package the transactions it receives into blocks and add them to the blockchain to store data in the blockchain.

在区块链网络10包含的各个区块链节点101中,每个节点都会存储相同的交易,即区块链网络10的每个节点均存储相同的数据;并且,在节点存储的区块链所包含的相邻两个区块中,在后打包的区块与在先打包的区块相关联。如此,使得存储至区块链中的数据具有不可篡改的特性。In each blockchain node 101 included in the blockchain network 10, each node stores the same transaction, that is, each node in the blockchain network 10 stores the same data; and, the blockchain stored in the node Of the two adjacent blocks included, the later-packed block is associated with the earlier-packed block. In this way, the data stored in the blockchain is immutable.

用户使用的终端设备20可能作为一个区块链节点101加入区块链网络10,还可能与区块链网络10的一个或多个区块链节点101连接。当终端设备20与区块链网络10的一个区块链节点101连接时,终端设备20可以向与其连接的区块链节点101发送包含数据的交易,通过该节点101将包含数据的交易发布到区块链网络10,最终使得包含数据的交易被存储到区块链中。The terminal device 20 used by the user may join the blockchain network 10 as a blockchain node 101 , and may also be connected to one or more blockchain nodes 101 of the blockchain network 10 . When the terminal device 20 is connected to a blockchain node 101 of the blockchain network 10, the terminal device 20 can send a transaction containing data to the blockchain node 101 connected to it, and the node 101 can publish the transaction containing data to The blockchain network 10 ultimately enables transactions containing data to be stored in the blockchain.

相应的,终端设备20还能够通过与其连接的区块链节点101,获取区块链中存储的包含于各个交易的数据。Correspondingly, the terminal device 20 can also obtain the data contained in each transaction stored in the blockchain through the blockchain node 101 connected to it.

可以理解的,每个区块链节点101可以为一个或多个具有一定数据存储能力、一定计算能力的计算设备,比如为一台服务器。It can be understood that each blockchain node 101 may be one or more computing devices with certain data storage capability and certain computing capability, such as a server.

可以理解的,用户使用的终端设备20包括但不限于笔记本电脑、平板电脑、智能手机等各种形式的、能够与作为区块链节点101的计算设备进行通信的电子设备。It can be understood that the terminal device 20 used by the user includes, but is not limited to, various forms of electronic devices such as notebook computers, tablet computers, and smart phones that can communicate with the computing device serving as the blockchain node 101 .

可以理解的,对于区块链网络10,各个区块链节点101自身及其连接的终端设备20均能够对区块链中存储的数据进行查询,且区块链节点101可能由不同的托管方(企业、组织机构或个人)进行托管。如果入侵者成功入侵某一个终端设备20或者某一个区块链节点101,则能够直接窃取公开透明的存储在区块链网络10的各个节点上的数据;而且,在终端设备20未作为区块链节点101加入区块链网络10的情况下,数据在终端设备20与其连接的区块链节点101之间传输的过程中,也可能被入侵者窃取或篡改,数据的安全性较低。It can be understood that for the blockchain network 10, each blockchain node 101 itself and its connected terminal device 20 can query the data stored in the blockchain, and the blockchain node 101 may be hosted by different custodians. (enterprise, organization or individual) for hosting. If the intruder successfully invades a certain terminal device 20 or a certain blockchain node 101, he can directly steal the data that is openly and transparently stored on each node of the blockchain network 10; moreover, the terminal device 20 is not used as a block When the chain node 101 joins the blockchain network 10, the data may be stolen or tampered with by intruders during the transmission of the data between the terminal device 20 and the connected blockchain node 101, and the security of the data is low.

有鉴于此,本申请实施例中至少提供了一种基于区块链的数据管理方法及装置,以期更为有效的避免数据被入侵者窃取和篡改,从而提高数据的安全性。In view of this, the embodiments of the present application provide at least a blockchain-based data management method and apparatus, in order to more effectively prevent data from being stolen and tampered with by intruders, thereby improving data security.

下面结合上述系统框架,对本说明书实施例的技术方案进行详细描述。The technical solutions of the embodiments of the present specification will be described in detail below in conjunction with the above-mentioned system framework.

图2为本说明书实施例中提供的一种基于区块链的数据管理方法的流程图。该方法由终端设备20执行,如图2所示,该方法至少可以包括如下步骤21至步骤27:步骤21,确定待存储到区块链的目标数据以及所述目标数据的标识信息;步骤23,根据预设的摘要算法计算所述目标数据的第一摘要值;步骤25,利用第一密钥对所述目标数据进行加密以形成密文数据;步骤27,将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链。FIG. 2 is a flowchart of a blockchain-based data management method provided in an embodiment of this specification. The method is executed by the terminal device 20. As shown in FIG. 2, the method may include at least the following steps 21 to 27: Step 21, determine the target data to be stored in the blockchain and the identification information of the target data; Step 23 , calculate the first digest value of the target data according to the preset digest algorithm; Step 25, encrypt the target data with the first key to form ciphertext data; Step 27, encrypt the ciphertext data, all The first digest value and the identification information are associated and stored in the blockchain.

首先,在步骤21,确定待存储到区块链的目标数据以及所述目标数据的标识信息。First, in step 21, target data to be stored in the blockchain and identification information of the target data are determined.

本说明书实施例中,目标数据包括但不限于音频、视频、文档等各种格式的文件。In the embodiment of this specification, the target data includes, but is not limited to, files in various formats such as audio, video, and documents.

本说明书实施例中,目标数据的标识信息应当能够用于对目标数据进行唯一标识,以便该目标数据的相关信息在后续过程中被存储到区块链之后,能够通过该目标数据的标识信息,在区块链中查询到该目标数据的相关信息。In the embodiment of this specification, the identification information of the target data should be able to be used to uniquely identify the target data, so that after the relevant information of the target data is stored in the blockchain in the subsequent process, the identification information of the target data can be passed through. The relevant information of the target data is queried in the blockchain.

对于不允许用户编辑或者通常不会被用户编辑的文件,该文件的文件名称通常能够用于对该文件进行唯一标识。因此,在一种可能的实施方式中,目标数据的标识信息可以包括目标数据的文件名称。For files that are not allowed to be edited by the user or are not normally edited by the user, the file name of the file can often be used to uniquely identify the file. Therefore, in a possible implementation manner, the identification information of the target data may include the file name of the target data.

然而,当一个文件被用户编辑时,编辑之前和编辑之后的文件可能文件名相同而文件内容不完全相同,那么不管是在终端设备中还是在区块链中,很难仅仅利用该文件的文件名称来唯一标识编辑之前、编辑之后的文件。举例来说,对于一个文件名称为“XXX”的文本文件,用户可能在T1~T2时间段内对该文件进行编辑,比如在该文本文件中增加、修改或删除相应的文本内容;如果该文件在时刻T1之前的一个时刻T0被确定为需要进行存储的目标数据,且在时刻T2之后的一个时刻Ti再次被确定为需要进行存储的目标数据,该文件的文件名称则无法用于在终端设备或区块链中唯一标识这两个包含不同文本内容的目标数据。However, when a file is edited by a user, the file name before and after editing may be the same but the file content is not exactly the same, so it is difficult to use only the file of the file whether in the terminal device or in the blockchain Name to uniquely identify the file before and after editing. For example, for a text file whose file name is "XXX", the user may edit the file within the time period of T1 to T2, such as adding, modifying or deleting the corresponding text content in the text file; if the file A time T0 before time T1 is determined as the target data to be stored, and a time Ti after time T2 is determined as the target data to be stored again, and the file name of the file cannot be used in the terminal device. Or uniquely identify these two target data with different text content in the blockchain.

因此,在另一种可能的实施方式中,目标数据的标识信息还可以包括确定该目标数据时对应的第一时刻。举例来说,文件名称为“XXX”的文件在T0时刻被确定为需要进行存储的目标数据,即可利用文件名称“XXX”和第一时刻T0的组合,作为该目标数据的标识信息。Therefore, in another possible implementation manner, the identification information of the target data may further include the corresponding first moment when the target data is determined. For example, the file with the file name "XXX" is determined as the target data to be stored at time T0, that is, the combination of the file name "XXX" and the first time T0 can be used as the identification information of the target data.

接着,在步骤23,根据预设的摘要算法计算所述目标数据的第一摘要值。Next, in step 23, a first digest value of the target data is calculated according to a preset digest algorithm.

可以理解的,预设的摘要算法包括但不限于MD5算法、SHA-1算法及其各种形式的变体。It can be understood that the preset digest algorithm includes, but is not limited to, the MD5 algorithm, the SHA-1 algorithm, and various forms of variants thereof.

可以理解的,第一摘要值可以用于对目标数据的完整性进行校验。It can be understood that the first digest value can be used to check the integrity of the target data.

接着,在步骤25,利用第一密钥对所述目标数据进行加密以形成密文数据。Next, in step 25, the target data is encrypted with the first key to form ciphertext data.

对于加密目标数据所使用的加密算法,既可以是各种形式的对称加密算法,也可以是各种形式的非对称加密算法,本说明书实施例中并不会对加密目标数据时使用的加密算法进行限定。The encryption algorithm used for encrypting the target data can be either various forms of symmetric encryption algorithms or various forms of asymmetric encryption algorithms. be limited.

对于加密目标数据所使用的第一密钥,如果加密目标数据所使用的加密算法为对称加密算法,该第一密钥可以为针对该目标数据随机生成的一个随机数。对于加密目标数据所使用的第一密钥,如果加密目标数据所使用的加密算法为非对称加密算法,该第一密钥可以为针对该目标数据随机生成的两个随机数中的一个;两个随机数中的另一个作为与该第一密钥相对应的第二密钥,可以用于在后续过程中对该目标数据所对应的密文数据进行解密以得到该目标数据。如此,对于任意两个需要进行存储处理的目标数据,可能使用不同的第一密钥对其进行加密以形成其各自对应的密文数据,避免入侵者在得知用于加密某个目标数据的第一密钥或解密某个目标数据所需的第二密钥之后,利用大量的第二密钥继续窃取或篡改其他的目标数据。For the first key used for encrypting the target data, if the encryption algorithm used for encrypting the target data is a symmetric encryption algorithm, the first key may be a random number randomly generated for the target data. For the first key used to encrypt the target data, if the encryption algorithm used to encrypt the target data is an asymmetric encryption algorithm, the first key may be one of two random numbers randomly generated for the target data; two The other of the random numbers is used as the second key corresponding to the first key, and can be used to decrypt the ciphertext data corresponding to the target data in the subsequent process to obtain the target data. In this way, for any two target data that need to be stored and processed, different first keys may be used to encrypt them to form their corresponding ciphertext data, so as to prevent the intruder from knowing the data used to encrypt a certain target data. After the first key or the second key required to decrypt a certain target data, a large number of second keys are used to continue stealing or tampering with other target data.

接着,在步骤27,将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链。Next, in step 27, the ciphertext data, the first digest value and the identification information are associated and stored in the blockchain.

具体地,终端设备可以将该密文数据、第一摘要值和标识信息写入一个交易的数据字段,并将该交易发送至区块链网络中与其连接的一个区块链节点101,从而通过与其连接的区块链节点101将该交易发布到整个区块链网络10,使得区块链网络10中作为记账节点的各个区块链节点101将该交易打包到一个区块中,并将该区块添加到区块链。Specifically, the terminal device can write the ciphertext data, the first digest value and the identification information into the data field of a transaction, and send the transaction to a blockchain node 101 connected to it in the blockchain network, so as to pass the The blockchain node 101 connected to it publishes the transaction to the entire blockchain network 10, so that each blockchain node 101 serving as an accounting node in the blockchain network 10 packs the transaction into a block, and puts the transaction into a block. The block is added to the blockchain.

这里,将目标数据对应的密文数据及其第一摘要值、标识信息关联存储至区块链,便于用户通过该目标数据的标识信息,从区块链中获取该目标数据所对应的密文数据和第一摘要值。Here, the ciphertext data corresponding to the target data, its first digest value, and the identification information are associated and stored in the blockchain, so that the user can obtain the ciphertext corresponding to the target data from the blockchain through the identification information of the target data. data and the first summary value.

相应的,为了使用户能够通过该目标数据的标识信息,从区块链中获取该目标数据所对应的密文数据和第一摘要值,如图3所示,在一种可能的实施方式中,所述方法还可以包括如下步骤29:将所述标识信息作为一个索引项添加到数据索引表。Correspondingly, in order to enable the user to obtain the ciphertext data and the first digest value corresponding to the target data from the blockchain through the identification information of the target data, as shown in FIG. 3 , in a possible implementation manner , the method may further include the following step 29: adding the identification information as an index item to the data index table.

在一个较为具体的示例中,可以将该目标数据的标识信息作为一个新的索引项增加到数据索引表中。以目标数据的标识信息包括目标数据的文件名称,可选的包括确定该目标数据时所对应的第一时刻为例,请参考如下表1所示的数据索引表:In a more specific example, the identification information of the target data may be added to the data index table as a new index item. Taking the identification information of the target data including the file name of the target data, optionally including the first moment corresponding to the target data, as an example, please refer to the data index table shown in Table 1 below:

表1Table 1

文件名称file name 时刻time XXXXXX T<sub>i</sub>T<sub>i</sub> ZZZZZZ NULLNULL XXXXXX T<sub>j</sub>T<sub>j</sub>

如上表1所示,对于一个名称为“XXX”的文件,该文件在第一时刻Ti首次被确定为目标数据,且该文件包含的数据内容可能在Ti时刻之后的某个时间段内被用户编辑,那么,即可将该文件的文件名称“XXX”和时刻“Ti”组合成一个索引项新增到数据索引表;对于一个名称为“ZZZ”的文件,该文件在第一时刻Tn首次被确定为目标数据,但是该文件包含的数据内容并不允许用户编辑或者用户通常不会在时刻Tn之后对该文件进行编辑,那么,即可将该文件的文件名称“ZZZ”作为该数据对应的索引项新增到数据索引表。假设用户在时刻Ti之后针对该文件名称为“XXX”的文件所包含的数据内容进行编辑,在时刻Tj再次将该文件确定为目标数据,则可将该文件的文件名称“XXX”和时刻“Tj”组合成一个索引项新增到数据索引表。As shown in Table 1 above, for a file named "XXX", the file is determined as the target data for the first time at the first time Ti , and the data content contained in the file may be within a certain time period after the time Ti If it is edited by the user, then the file name "XXX" and the time "T i " of the file can be combined into an index item and added to the data index table; for a file named "ZZZ", the file is in the first Time T n is determined as the target data for the first time, but the data content contained in the file does not allow the user to edit or the user usually does not edit the file after time T n , then the file name of the file "ZZZ" ” is added to the data index table as the index item corresponding to the data. Assuming that the user edits the data content contained in the file with the file name "XXX" after time T i , and determines the file as the target data again at time T j , the file name "XXX" and Time "T j " is combined into an index item and added to the data index table.

如此,对于用户侧而言,可方便用户通过数据索引表来获取文件名称相同却包含有不同数据内容的目标数据,即方便用户通过数据索引表来获取各个版本的文件。In this way, for the user side, it is convenient for the user to obtain target data with the same file name but different data contents through the data index table, that is, it is convenient for the user to obtain files of various versions through the data index table.

在另一个较为具体的示例中,还可以检测数据索引表包含的各个索引项中是否存在包含目标数据的文件名称的第一索引项,如果存在第一索引项,则将第一索引项中包含的第二时刻更新为确定该目标数据时所对应的第一时刻。以目标数据的标识信息包括目标数据的文件名称,可选的包括确定该目标数据时所对应的第一时刻为例,请参考如下表2所示的数据索引表:In another specific example, it can also be detected whether there is a first index entry containing the file name of the target data in each index entry included in the data index table, and if there is a first index entry, the first index entry contains The second moment of is updated to the first moment corresponding to the determination of the target data. Taking the identification information of the target data including the file name of the target data, optionally including the first moment corresponding to the target data, as an example, please refer to the data index table shown in Table 2 below:

表2Table 2

文件名称file name 时刻time XXXXXX T<sub>j</sub>T<sub>j</sub> ZZZZZZ NULLNULL

如上表2所示,对于一个名称为“XXX”的文件,该文件在第一时刻Ti首次被确定为目标数据,且该文件包含的数据内容可能在Ti时刻之后的某个时间段内被用户编辑,那么,即可将该文件的文件名称“XXX”和时刻“Ti”组合成一个索引项新增到数据索引表;对于一个名称为“ZZZ”的文件,该文件在第一时刻Tn首次被确定为目标数据,但是该文件包含的数据内容并不允许用户编辑或者用户通常不会在时刻Tn之后对该文件进行编辑,那么,即可将该文件的文件名称“ZZZ”作为该数据对应的索引项新增到数据索引表。假设用户在时刻Ti之后针对该文件名称为“XXX”的文件所包含的数据内容进行编辑,在时刻Tj再次将该文件确定为目标数据;此时,数据索引表中已经存在一个第一索引项包含文件名称“XXX”,可以利用Tj直接替换该第一索引项包含的时刻“Ti”。As shown in Table 2 above, for a file named "XXX", the file is determined as the target data for the first time at the first time Ti , and the data content contained in the file may be within a certain time period after the time Ti If it is edited by the user, then the file name "XXX" and the time "T i " of the file can be combined into an index item and added to the data index table; for a file named "ZZZ", the file is in the first Time T n is determined as the target data for the first time, but the data content contained in the file does not allow the user to edit or the user usually does not edit the file after time T n , then the file name of the file "ZZZ" ” is added to the data index table as the index item corresponding to the data. Suppose the user edits the data content contained in the file named "XXX" after time T i , and determines the file as the target data again at time T j ; at this time, there is already a first one in the data index table. The index entry contains the file name "XXX", and the time "T i " contained in the first index entry can be directly replaced with T j .

如此,对于用户侧而言,即使用户针对某个文件频繁进行编辑,并在不同的时刻将该文件确定为目标数据进行存储,数据索引表中也仅存储一个相关于该文件的索引项,且用户能够通过该数据索引表查询到最近一次编辑的文件,如此,使得数据索引表更加简洁,用户体验较好。In this way, for the user side, even if the user frequently edits a certain file and determines the file as the target data for storage at different times, only one index item related to the file is stored in the data index table, and The user can query the last edited file through the data index table, so that the data index table is more concise and the user experience is better.

前述各个方法实施例中重点描述了基于区块链来存储数据的过程,与前述存储数据的过程相对应的,本申请实施例中还提供了另一种基于区块链的数据管理方法,该方法由终端设备20执行,如图4所示,该方法至少可以包括如下步骤41至步骤49:步骤41,确定待获取的目标数据的标识信息;步骤43,从区块链中获取与所述标识信息关联的密文数据和第一摘要值;步骤45,利用第二密钥对所述密文数据进行解密以获取所述目标数据,其中,所述第二密钥与加密所述目标数据以形成所述密文数据时使用的第一密钥相同或相对应;步骤47,根据预设的摘要算法计算所述目标数据的第二摘要值;步骤49,在所述第一摘要值和所述第二摘要值相同的情况下,确定所述目标数据未被篡改,并提供所述目标数据。The foregoing method embodiments focus on describing the process of storing data based on the blockchain. Corresponding to the foregoing process of storing data, another blockchain-based data management method is also provided in the embodiments of the present application. The method is executed by the terminal device 20. As shown in FIG. 4, the method may include at least the following steps 41 to 49: Step 41, determine the identification information of the target data to be acquired; The ciphertext data associated with the identification information and the first digest value; Step 45, use a second key to decrypt the ciphertext data to obtain the target data, wherein the second key is the same as the encrypted target data be the same or correspond to the first key used when forming the ciphertext data; step 47, calculate the second digest value of the target data according to a preset digest algorithm; step 49, between the first digest value and the If the second digest values are the same, it is determined that the target data has not been tampered with, and the target data is provided.

首先,在步骤41,确定待获取的目标数据的标识信息。First, in step 41, the identification information of the target data to be acquired is determined.

在一种可能的实施方式中,终端设备可以向用户提供数据索引表,数据索引表包含至少一个索引项。数据索引表和数据索引项的具体内容参考前述各个实施例,这里不再对其进行赘述。In a possible implementation manner, the terminal device may provide the user with a data index table, where the data index table includes at least one index item. For the specific contents of the data index table and the data index items, refer to the foregoing embodiments, which will not be repeated here.

相应的,对于步骤41,可以在终端设备接收到用户对至少一个索引项中的第二索引项的触发时,确定用户触发的第二索引为待获取的目标数据的标识信息。Correspondingly, for step 41 , when the terminal device receives the triggering of the second index item in the at least one index item by the user, it may be determined that the second index triggered by the user is the identification information of the target data to be acquired.

接着,在步骤43,从区块链中获取与所述标识信息关联的密文数据和第一摘要值。Next, in step 43, the ciphertext data and the first digest value associated with the identification information are obtained from the blockchain.

具体而言,终端设备20可以直接的或者通过与其连接的区块链节点间接的针对区块链上记录的各个交易进行查询,从而直接的或者通过与其连接的区块链节点101间接的实现从区块链中获取与标识信息关联的密文数据和第一摘要值。Specifically, the terminal device 20 can query each transaction recorded on the blockchain directly or indirectly through the blockchain node connected to it, so as to directly or indirectly through the blockchain node 101 connected to the terminal device 20 The ciphertext data and the first digest value associated with the identification information are obtained from the blockchain.

接着,在步骤45,利用第二密钥对所述密文数据进行解密以获取所述目标数据。Next, in step 45, the ciphertext data is decrypted using the second key to obtain the target data.

其中,第二密钥与加密所述目标数据以形成所述密文数据时使用的第一密钥相同或相对应。具体而言,如果终端设备20利用第一密钥加密目标数据以形成密文数据时使用的加密算法为对称加密算法,则该第二密钥与该第一密钥相同;如果终端设备20利用第一密钥加密目标数据以形成密文数据时使用的加密算法为非对称加密算法,则该第二密钥与该第一密钥相对应。Wherein, the second key is the same as or corresponds to the first key used when encrypting the target data to form the ciphertext data. Specifically, if the encryption algorithm used when the terminal device 20 uses the first key to encrypt the target data to form ciphertext data is a symmetric encryption algorithm, the second key is the same as the first key; if the terminal device 20 uses The encryption algorithm used when the first key encrypts the target data to form the ciphertext data is an asymmetric encryption algorithm, and the second key corresponds to the first key.

接着,在步骤47,根据预设的摘要算法计算所述目标数据的第二摘要值。Next, in step 47, a second digest value of the target data is calculated according to a preset digest algorithm.

需要说明的是,计算目标数据的第二摘要值时使用的摘要算法,与计算目标数据的第一摘要值时使用的摘要算法应当完全相同。It should be noted that the digest algorithm used when calculating the second digest value of the target data should be exactly the same as the digest algorithm used when calculating the first digest value of the target data.

这里,如果密文数据和第一摘要值从区块链网络传输至终端设备的过程中,入侵者利用其获知的、用于解密该密文数据的第二密钥解密了密文数据,针对解密得到的目标数据进行篡改之后,重新计算了篡改后的目标数据的第一摘要值,并利用其获知的第一密钥重新加密了篡改后的目标数据以形成新的密文数据;那么,也将由于入侵者无法得知终端设备实际使用的用于计算目标数据的预设的摘要算法,导致终端设备计算的第二摘要值与入侵者重新计算的第一摘要值并不相同。即如果终端设备计算的第二摘要值与第一摘要值不同,则说明入侵者成功篡改了目标数据。Here, if the ciphertext data and the first digest value are transmitted from the blockchain network to the terminal device, the intruder decrypts the ciphertext data by using the second key that he knows and is used to decrypt the ciphertext data. After the decrypted target data is tampered with, the first digest value of the tampered target data is recalculated, and the tampered target data is re-encrypted with the first key that it knows to form new ciphertext data; then, Also, because the intruder cannot know the preset digest algorithm actually used by the terminal device for calculating the target data, the second digest value calculated by the terminal device is not the same as the first digest value recalculated by the intruder. That is, if the second digest value calculated by the terminal device is different from the first digest value, it means that the intruder has successfully tampered with the target data.

相应的,在步骤49,在所述第一摘要值和所述第二摘要值相同的情况下,确定所述目标数据未被篡改,并提供所述目标数据。即在确认目标数据未被篡改的情况下,才向用户提供准确的、未被篡改的目标数据,以便用户查阅该目标数据或对该目标数据进行编辑。Correspondingly, in step 49, if the first digest value and the second digest value are the same, it is determined that the target data has not been tampered with, and the target data is provided. That is, only when it is confirmed that the target data has not been tampered with, the user is provided with accurate and untampered target data, so that the user can consult the target data or edit the target data.

在一种可能的实施方式中,由于区块链中存储的目标数据的密文数据和第一摘要值并不会被篡改,如果终端设备计算的第二摘要值与第一摘要值不同,那就意味着,目标数据在从区块链网络到终端设备的传输过程中被入侵者篡改,此时终端设备可以提示用户目标数据已经被入侵者篡改,以便用户触发终端设备重新获取区块链中存储的、该目标数据的密文数据和第一摘要值。In a possible implementation, since the ciphertext data and the first digest value of the target data stored in the blockchain will not be tampered with, if the second digest value calculated by the terminal device is different from the first digest value, then This means that the target data is tampered with by the intruder during the transmission from the blockchain network to the terminal device. At this time, the terminal device can prompt the user that the target data has been tampered with by the intruder, so that the user can trigger the terminal device to re-obtain the data in the blockchain. The stored ciphertext data and the first digest value of the target data.

如此,终端设备20能够确定目标数据是否被入侵者篡改,即使入侵者为了达到特定业务目的而恶意篡改目标数据,也会被终端设备发现而导致其业务目的无法达成,从而降低入侵者在密文数据和第一摘要值从区块链网络10传输至终端设备20的过程中篡改目标数据的可能性。In this way, the terminal device 20 can determine whether the target data has been tampered with by the intruder. Even if the intruder maliciously tampered with the target data in order to achieve a specific business purpose, it will be discovered by the terminal device and its business purpose cannot be achieved. The possibility of tampering with the target data during the transmission of the data and the first digest value from the blockchain network 10 to the terminal device 20 .

与前述一个或多个方法实施例对应的,本说明书实施例中还提供了一种基于区块链的数据管理装置50,该数据管理装置50可部署在终端设备20上,使得终端设备20实现前述一个或多个实施例中所述的基于区块链的数据管理方法。如图5所示,在软件层面而言,该基于区块链的数据管理装置50可以包括:Corresponding to one or more of the foregoing method embodiments, a blockchain-based data management apparatus 50 is also provided in the embodiments of this specification, and the data management apparatus 50 can be deployed on the terminal device 20, so that the terminal device 20 realizes the The blockchain-based data management method described in one or more of the foregoing embodiments. As shown in FIG. 5, at the software level, the blockchain-based data management device 50 may include:

信息确定单元51,配置为确定待存储到区块链的目标数据以及所述目标数据的标识信息;The information determination unit 51 is configured to determine the target data to be stored in the blockchain and the identification information of the target data;

摘要计算单元53,配置为根据预设的摘要算法计算所述目标数据的第一摘要值;The digest calculation unit 53 is configured to calculate the first digest value of the target data according to a preset digest algorithm;

加密处理单元55,配置为利用第一密钥对所述目标数据进行加密以形成密文数据;an encryption processing unit 55, configured to encrypt the target data by using the first key to form ciphertext data;

存储处理单元57,配置为将所述密文数据、所述第一摘要值和所述标识信息关联存储至区块链。The storage processing unit 57 is configured to associate and store the ciphertext data, the first digest value and the identification information in the blockchain.

在一种可能的实施方式中,如图6所示,基于区块链的数据管理装置50还可以包括:索引管理单元59,配置为将所述标识信息作为一个索引项添加到数据索引表。In a possible implementation manner, as shown in FIG. 6 , the blockchain-based data management apparatus 50 may further include: an index management unit 59 configured to add the identification information as an index item to the data index table.

与前述一个或多个方法实施例对应的,本说明书实施例中还提供了另一种基于区块链的数据管理装置70,该数据管理装置70可部署在终端设备20上,使得终端设备20实现前述一个或多个实施例中所述的基于区块链的数据管理方法。如图7所示,在软件层面而言,该基于区块链的数据管理装置70可以包括:Corresponding to one or more of the foregoing method embodiments, another blockchain-based data management apparatus 70 is also provided in the embodiments of this specification, and the data management apparatus 70 can be deployed on the terminal device 20, so that the terminal device 20 Implement the blockchain-based data management method described in one or more of the foregoing embodiments. As shown in FIG. 7, at the software level, the blockchain-based data management device 70 may include:

信息确定单元71,配置为确定待获取的目标数据的标识信息;an information determination unit 71, configured to determine the identification information of the target data to be acquired;

数据获取单元73,配置为从区块链中获取与所述标识信息关联的密文数据和第一摘要值;A data acquisition unit 73, configured to acquire the ciphertext data and the first digest value associated with the identification information from the blockchain;

解密处理单元75,配置为利用第二密钥对所述密文数据进行解密以获取所述目标数据,其中,所述第二密钥与加密所述目标数据以形成所述密文数据时使用的第一密钥相同或相对应;The decryption processing unit 75 is configured to decrypt the ciphertext data by using a second key to obtain the target data, wherein the second key is used when encrypting the target data to form the ciphertext data is the same or corresponds to the first key of ;

摘要计算单元77,配置为根据预设的摘要算法计算所述目标数据的第二摘要值;The digest calculation unit 77 is configured to calculate the second digest value of the target data according to a preset digest algorithm;

数据提供单元79,配置为在所述第一摘要值和所述第二摘要值相同的情况下,确定所述目标数据未被篡改,并提供所述目标数据。The data providing unit 79 is configured to, when the first digest value and the second digest value are the same, determine that the target data has not been tampered with, and provide the target data.

在一种可能的实施方式中,该数据管理装置70还可以包括:索引管理单元;其中,In a possible implementation manner, the data management apparatus 70 may further include: an index management unit; wherein,

所述索引管理单元,配置为向用户提供数据索引表,所述数据索引表包含至少一个索引项;The index management unit is configured to provide a user with a data index table, where the data index table includes at least one index item;

所述信息确定单元71,配置为响应于用户对所述至少一个索引项中的第二索引项的触发,确定所述第二索引项为待获取的目标数据的标识信息。The information determining unit 71 is configured to, in response to a user triggering a second index item in the at least one index item, determine that the second index item is identification information of the target data to be acquired.

需要说明的是,上述基于区块链的数据管理装置50和基于区块链的数据管理装置70可以集成为同一个数据管理装置,并且部署于终端设备20中。It should be noted that the above-mentioned blockchain-based data management device 50 and blockchain-based data management device 70 may be integrated into the same data management device and deployed in the terminal device 20 .

本领域技术人员应该可以意识到,在上述一个或多个示例中,本说明书所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能所对应的计算机程序存储在计算机可读介质中,或者作为计算机可读介质上的一个或多个指令/代码进行传输,以便这些功能所对应的计算机程序被计算机执行时,通过计算机实现本发明任意一个实施例中所述的方法。Those skilled in the art should appreciate that, in one or more of the above examples, the functions described in this specification may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the computer program corresponding to these functions can be stored in a computer-readable medium, or transmitted as one or more instructions/codes on the computer-readable medium, so that the computer program corresponding to these functions can be When executed by a computer, the method described in any one of the embodiments of the present invention is implemented by a computer.

具体而言,本说明书实施例中还提供了一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算设备中执行时,所述计算设备实现本说明书任意一个实施例中提供的基于区块链的数据管理方法。Specifically, the embodiments of this specification also provide a computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computing device, the computing device implements any one of the embodiments of this specification. A blockchain-based approach to data management provided in .

本说明书实施例中还提供了一种终端设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现本说明书任意一个实施例中提供的基于区块链的数据管理方法。An embodiment of this specification also provides a terminal device, including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, the implementation provided in any one of the embodiments of this specification is implemented. A blockchain-based approach to data management.

本说明书中的各个实施例均采用递进的方式描述,各个实施例中相同、相似的部分互相参见即可,每个实施例均重点说明其与其他实施例的不同之处。尤其,对于装置/设备/系统实施例而言,其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same and similar parts in each embodiment may be referred to each other, and each embodiment focuses on explaining its differences from other embodiments. In particular, the apparatus/equipment/system embodiments are basically similar to the method embodiments, so the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts.

上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。The specific embodiments described above further describe the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made on the basis of the technical solution of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1. A data management method based on a block chain is applied to terminal equipment and is characterized in that the method comprises the following steps:
determining target data to be stored in a block chain and identification information of the target data;
calculating a first abstract value of the target data according to a preset abstract algorithm;
encrypting the target data by using a first key to form ciphertext data;
and storing the ciphertext data, the first abstract value and the identification information in a block chain in an associated manner.
2. The method of claim 1,
after the storing the ciphertext data, the first digest value, and the identification information in association with a blockchain, the method further comprises: and adding the identification information as an index item to a data index table.
3. The method of claim 2,
the identification information includes: the file name corresponding to the target data and a first time corresponding to the target data when the target data is determined.
4. The method of claim 3,
the adding the identification information as an index entry to a data index table includes:
detecting whether a first index entry exists in each index entry contained in the data index table, wherein the first index entry contains the file name;
and if the first index item exists, updating the second time contained in the first index item to the first time.
5. The method according to any one of claims 1 to 4,
the associating and storing the ciphertext data, the first digest value, and the identification information to a blockchain includes:
writing the ciphertext data, the first digest value, and the identification information into a data field of a transaction, and issuing the transaction to a blockchain network through a node of the blockchain network, such that the transaction is packed into a block, which is added to the blockchain.
6. A data management method based on a block chain is applied to terminal equipment and is characterized by comprising the following steps:
determining identification information of target data to be acquired;
acquiring ciphertext data and a first abstract value which are associated with the identification information from a block chain;
decrypting the ciphertext data by using a second key to obtain the target data, wherein the second key is the same as or corresponds to a first key used when encrypting the target data to form the ciphertext data;
calculating a second abstract value of the target data according to a preset abstract algorithm;
in a case where the first digest value and the second digest value are the same, it is determined that the target data has not been tampered, and the target data is provided.
7. The method of claim 6,
before the determining the identification information of the target data to be acquired, the method further includes: providing a data index table to a user, wherein the data index table comprises at least one index entry;
the determining the identification information of the target data to be acquired includes: and responding to the trigger of a user on a second index item in the at least one index item, and determining the second index item as the identification information of the target data to be acquired.
8. A block chain-based data management device is applied to a terminal device, and is characterized by comprising:
an information determination unit configured to determine target data to be stored to a blockchain and identification information of the target data;
the abstract calculation unit is configured to calculate a first abstract value of the target data according to a preset abstract algorithm;
an encryption processing unit configured to encrypt the target data with a first key to form ciphertext data;
and the storage processing unit is configured to store the ciphertext data, the first digest value and the identification information in a block chain in an associated manner.
9. The apparatus of claim 8,
the device further comprises: and the index management unit is configured to add the identification information as an index item to a data index table.
10. A block chain-based data management device is applied to a terminal device, and is characterized by comprising:
an information determination unit configured to determine identification information of target data to be acquired;
the data acquisition unit is configured to acquire ciphertext data and a first abstract value which are associated with the identification information from a block chain;
a decryption processing unit configured to decrypt the ciphertext data using a second key to obtain the target data, wherein the second key is the same as or corresponds to a first key used when encrypting the target data to form the ciphertext data;
the abstract calculation unit is configured to calculate a second abstract value of the target data according to a preset abstract algorithm;
a data providing unit configured to determine that the target data has not been tampered and provide the target data in a case where the first digest value and the second digest value are the same.
CN201910949871.0A 2019-10-08 2019-10-08 Data management method and device based on block chain Pending CN110851843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910949871.0A CN110851843A (en) 2019-10-08 2019-10-08 Data management method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910949871.0A CN110851843A (en) 2019-10-08 2019-10-08 Data management method and device based on block chain

Publications (1)

Publication Number Publication Date
CN110851843A true CN110851843A (en) 2020-02-28

Family

ID=69597320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910949871.0A Pending CN110851843A (en) 2019-10-08 2019-10-08 Data management method and device based on block chain

Country Status (1)

Country Link
CN (1) CN110851843A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111429643A (en) * 2020-03-18 2020-07-17 南京巨公科技有限公司 Method and device for shaking numbers and storage medium
CN111565185A (en) * 2020-04-29 2020-08-21 陈议尊 Information abstract supply and demand transaction method and system based on time division multiplexing
CN112000730A (en) * 2020-07-10 2020-11-27 邦邦汽车销售服务(北京)有限公司 Tracing information writing and tracing information verification method and system based on block chain
CN112491878A (en) * 2020-11-26 2021-03-12 杭州安恒信息技术股份有限公司 Method, device and system for detecting MITM attack
CN112966022A (en) * 2021-03-10 2021-06-15 安徽航天信息科技有限公司 Information query method, device and system for data transaction platform
CN114124356A (en) * 2021-11-24 2022-03-01 中国银行股份有限公司 Ciphertext generation method, server, medium and device applied to block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156376A (en) * 2013-05-15 2014-11-19 腾讯科技(深圳)有限公司 Storage method, device and server for file
CN108881262A (en) * 2018-07-02 2018-11-23 北京市天元网络技术股份有限公司 Restoring files methods, devices and systems based on block chain
CN109522681A (en) * 2018-09-19 2019-03-26 北京非对称区块链科技有限公司 Digital content really weighs method, apparatus and storage medium
CN110060162A (en) * 2019-03-29 2019-07-26 阿里巴巴集团控股有限公司 Data grant, querying method and device based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156376A (en) * 2013-05-15 2014-11-19 腾讯科技(深圳)有限公司 Storage method, device and server for file
CN108881262A (en) * 2018-07-02 2018-11-23 北京市天元网络技术股份有限公司 Restoring files methods, devices and systems based on block chain
CN109522681A (en) * 2018-09-19 2019-03-26 北京非对称区块链科技有限公司 Digital content really weighs method, apparatus and storage medium
CN110060162A (en) * 2019-03-29 2019-07-26 阿里巴巴集团控股有限公司 Data grant, querying method and device based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘军稳著: "《区块链+资产数字化:破解实体经济困局》", 31 August 2019, 中国经济出版社, pages: 89 - 93 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111429643A (en) * 2020-03-18 2020-07-17 南京巨公科技有限公司 Method and device for shaking numbers and storage medium
CN111565185A (en) * 2020-04-29 2020-08-21 陈议尊 Information abstract supply and demand transaction method and system based on time division multiplexing
CN111565185B (en) * 2020-04-29 2023-05-12 陈议尊 Information abstract supply and demand transaction method and system based on time division multiplexing
CN112000730A (en) * 2020-07-10 2020-11-27 邦邦汽车销售服务(北京)有限公司 Tracing information writing and tracing information verification method and system based on block chain
CN112491878A (en) * 2020-11-26 2021-03-12 杭州安恒信息技术股份有限公司 Method, device and system for detecting MITM attack
CN112966022A (en) * 2021-03-10 2021-06-15 安徽航天信息科技有限公司 Information query method, device and system for data transaction platform
CN112966022B (en) * 2021-03-10 2024-04-05 安徽航天信息科技有限公司 Information query method, device and system of data transaction platform
CN114124356A (en) * 2021-11-24 2022-03-01 中国银行股份有限公司 Ciphertext generation method, server, medium and device applied to block chain
CN114124356B (en) * 2021-11-24 2024-01-26 中国银行股份有限公司 Ciphertext generation method, server, medium and device applied to blockchain

Similar Documents

Publication Publication Date Title
CN107994991B (en) Data processing method, data processing server and storage medium
CN110851843A (en) Data management method and device based on block chain
CN110797099B (en) A method and system for sharing medical data based on blockchain
WO2021003980A1 (en) Blacklist sharing method and apparatus, computer device and storage medium
WO2019205380A1 (en) Electronic device, blockchain-based data processing method and program, and computer storage medium
US20090296926A1 (en) Key management using derived keys
US10007803B2 (en) Searching over encrypted keywords in a database
US8769675B2 (en) Clock roll forward detection
US20150113270A1 (en) Method and System for Securing Documents on a Remote Shared Storage Resource
US20090034733A1 (en) Management of cryptographic keys for securing stored data
US20230254126A1 (en) Encrypted search with a public key
EP3314521A2 (en) Cryptographic assurances of data integrity for data crossing trust boundaries
EP1698991A2 (en) Method and computer-readable medium for generating usage rights for an item based upon access rights
US9202074B1 (en) Protection of shared data
US10671748B2 (en) Secrets as a service
CN107251480A (en) Data storing device, data update system, data processing method and data processor
US20230066630A1 (en) System and method for ensuring document integrity with non-fungible tokens
CN111639938A (en) Data processing method, device, equipment and medium
KR20250052991A (en) Creation and maintenance of digital tokens on the blockchain using physical device identifiers
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
Mishra et al. Enabling efficient deduplication and secure decentralized public auditing for cloud storage: A redactable blockchain approach
US20200372008A1 (en) Method for Determining Information Integrity and Computer System Using the Same
CN114826736B (en) Information sharing method, device, equipment and storage medium
CN115659417A (en) Audit log storage method, audit log verification method, audit log storage device, audit log verification device and computer equipment
WO2024250834A1 (en) Encryption method and apparatus, and device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200228