[go: up one dir, main page]

CN120744969A - Block chain-based document security access method, device, equipment and storage medium - Google Patents

Block chain-based document security access method, device, equipment and storage medium

Info

Publication number
CN120744969A
CN120744969A CN202510778434.2A CN202510778434A CN120744969A CN 120744969 A CN120744969 A CN 120744969A CN 202510778434 A CN202510778434 A CN 202510778434A CN 120744969 A CN120744969 A CN 120744969A
Authority
CN
China
Prior art keywords
document
blockchain
information
verification
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510778434.2A
Other languages
Chinese (zh)
Inventor
姚广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongpu Software Co Ltd
Original Assignee
Dongpu Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongpu Software Co Ltd filed Critical Dongpu Software Co Ltd
Priority to CN202510778434.2A priority Critical patent/CN120744969A/en
Publication of CN120744969A publication Critical patent/CN120744969A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data access, and discloses a method, a device, equipment and a storage medium for safely accessing a document based on a blockchain. The method comprises the steps of storing identification information and encrypted data characteristics of the document in the blockchain, setting authority configuration strategies of the document through preset configuration logic of the blockchain, carrying out identity and authority verification on a user based on the authority configuration strategies, storing interaction information related to verification in the blockchain, and carrying out data recovery or integrity verification on the document based on the encrypted data characteristics and the identification information stored in the blockchain. The invention provides a document security access method based on a blockchain, which improves the security and reliability of document storage and simplifies the auditing and recovering process by utilizing the characteristics of decentralization, non-falsification and transparency of the blockchain.

Description

Block chain-based document security access method, device, equipment and storage medium
Technical Field
The present invention relates to the field of data access technologies, and in particular, to a method, an apparatus, a device, and a storage medium for securely accessing a document based on a blockchain.
Background
With the rapid development of information technology, secure storage of electronic documents has become a focus of attention for various industries. Traditional document storage methods mainly rely on a centralized server, and have a plurality of potential safety hazards. On the one hand, once the centralized server is attacked, such as hacking, malicious software infection and the like, a large amount of stored document data can be stolen, tampered or lost, and huge losses are brought to enterprises and individuals. On the other hand, the access and management authority of the data lacks an effective control mechanism, so that the condition of illegal operation of internal personnel is easy to occur, and sensitive information is easy to leak.
Accordingly, the prior art is still in need of improvement and development.
Disclosure of Invention
The invention provides a document security access method based on a blockchain, which aims to solve the problems of data falsification, unauthorized access, data loss and the like of a traditional document storage system.
The invention provides a blockchain-based document security access method, which comprises the steps of storing identification information and encrypted data characteristics of a document in a blockchain, setting access authority configuration strategies of the document through preset configuration logic of the blockchain, acquiring identity information of a user when a user access request is received, allowing access after identity and authority verification of the identity information are passed based on the access authority configuration strategies, and storing interaction information related to verification in the blockchain.
Optionally, in a first implementation manner of the first aspect of the present invention, metadata of the document is extracted as identification information, where the metadata includes document title data, creation time data and author information data, encryption processing is performed on document content of the document to generate encrypted data, hash operation is performed on the encrypted data to obtain encrypted data features, the identification information and the encrypted data features are packaged into transaction data, security authentication and consensus verification are performed on the transaction data, and the transaction data after passing the security authentication and the consensus verification is stored in a blockchain.
Optionally, in a second implementation manner of the first aspect of the present invention, a symmetric key is generated in advance, the document content of the document is encrypted in blocks by using an encryption algorithm based on the symmetric key to obtain encrypted document content, an asymmetric public-private key pair is generated in advance, the symmetric key is encrypted by using an asymmetric encryption algorithm based on a public key in the asymmetric public-private key pair to obtain an encrypted symmetric key, and the encrypted document content and the encrypted symmetric key are integrated to obtain encrypted data.
Optionally, in a third implementation manner of the first aspect of the present invention, a preset configuration logic is deployed on the blockchain, where the preset configuration logic is used to determine a user identity and a permission set corresponding to the user identity, and based on the preset configuration logic, operation permissions of different user identities and different user identities on the document are set to obtain an access permission configuration policy including an identity verification rule and an operation permission verification rule, where the operation permissions include reading, modifying, deleting and recovering.
Optionally, in a fourth implementation manner of the first aspect of the present invention, when a user access request is received, the identity information of the user is obtained, the identity information is authenticated based on an authentication rule included in the access authority configuration policy to obtain authentication information, when the authentication information indicates that the authentication is passed, the authentication information is subjected to authority confirmation according to an operation authority authentication rule included in the access authority configuration policy to obtain authority confirmation information, after the authentication information and the authority confirmation information are obtained, the user is allowed to perform corresponding authority operation, and the identity information, the authentication information and the authority confirmation information are stored in the blockchain.
Optionally, in a fifth implementation manner of the first aspect of the present invention, when a user data recovery request is received, determining whether a data recovery operation can be performed based on authority confirmation information, when the data recovery operation can be performed, acquiring identification information associated with a document to be recovered from a blockchain, acquiring an encrypted data feature of the document to be recovered, an encrypted symmetric key, an asymmetric public key pair and encrypted document content based on the identification information, decrypting the encrypted symmetric key through a private key in the asymmetric public key pair to obtain a decrypted symmetric key, decrypting the encrypted document content through the decrypted symmetric key to obtain decrypted document content, performing hash operation on the decrypted document content to obtain a first encrypted data feature, comparing and verifying the first encrypted data feature with the encrypted data feature, and if values of the first encrypted data feature and the encrypted data feature are consistent, completing the data recovery operation.
Optionally, in a sixth implementation manner of the first aspect of the present invention, when a user integrity verification request is received, determining whether an integrity verification operation can be performed based on authority confirmation information, when the integrity verification operation can be performed, acquiring identification information associated with a document to be verified from a blockchain, acquiring encrypted data features of the document to be verified based on the identification information, performing hash operation on contents of the document to be verified to obtain a second encrypted data feature, comparing the second encrypted data feature with the encrypted data feature, and performing verification, if values of the second encrypted data feature and the encrypted data feature are consistent, completing the integrity verification operation.
The invention provides a blockchain-based document security access device which comprises a storage module, a setting module and a verification module, wherein the storage module is used for storing identification information and encrypted data characteristics of a document in a blockchain, the setting module is used for setting access authority configuration strategies of the document through preset configuration logic of the blockchain, the verification module is used for acquiring identity identification information of a user when a user access request is received, allowing access after identity and authority verification of the identity identification information are carried out based on the access authority configuration strategies, and storing interaction information related to verification in the blockchain.
Optionally, in a first implementation manner of the second aspect of the present invention, the storage module includes an extracting unit, an encrypting unit, and an integrating unit, where the extracting unit is configured to extract metadata of a document as identification information, the metadata includes document title data, creation time data, and author information data, the encrypting unit is configured to encrypt document content of the document to generate encrypted data, and hash the encrypted data to obtain encrypted data features, and the integrating unit is configured to package the identification information and the encrypted data features into transaction data, perform security authentication and consensus verification on the transaction data, and store the transaction data after the security authentication and the consensus verification in a blockchain.
Optionally, in a second implementation manner of the second aspect of the present invention, the encryption unit is specifically configured to generate a symmetric key in advance, encrypt the document content of the document by using an encryption algorithm based on the symmetric key in a blocking manner to obtain encrypted document content, generate an asymmetric public-private key pair in advance, encrypt the symmetric key by using an asymmetric encryption algorithm based on a public key in the asymmetric public-private key pair to obtain an encrypted symmetric key, and integrate the encrypted document content and the encrypted symmetric key to obtain encrypted data.
Optionally, in a third implementation manner of the second aspect of the present invention, the setting module includes a deployment unit, configured to deploy preset configuration logic on the blockchain, where the preset configuration logic is used to specify a user identity and a permission set corresponding to the user identity, and the setting unit is configured to set operation permissions of different user identities and different user identities on the document based on the preset configuration logic, so as to obtain an access permission configuration policy including an identity verification rule and an operation permission verification rule, where the operation permissions include reading, modifying, deleting and recovering.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the verification module includes a first obtaining unit configured to obtain, when a user access request is received, identity information of a user, a judging unit configured to perform identity verification on the identity information based on an identity verification rule included in the access right configuration policy to obtain identity verification information, and when the identity verification information indicates that the identity verification is passed, perform right verification on the identity information according to an operation right verification rule included in the access right configuration policy to obtain right verification information, and a right unit configured to allow the user to perform corresponding right operation after obtaining the identity verification information and the right verification information, and a storage unit configured to store the identity verification information, and the right verification information in the block chain.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the blockchain-based document security access device further includes a first determining unit, configured to determine, when a user data recovery request is received, whether a data recovery operation is executable based on authority confirmation information, a second obtaining unit, configured to obtain, when the data recovery operation is executable, identifier information associated with a document to be recovered from the blockchain, obtain an encrypted data feature of the document to be recovered, an encrypted symmetric key, an asymmetric public key pair, and encrypted document content based on the identifier information, and a decrypting unit, configured to decrypt the encrypted symmetric key with the private key in the asymmetric public key pair to obtain a decrypted symmetric key, decrypt the encrypted document content with the decrypted symmetric key to obtain decrypted document content, and a first comparing unit, configured to perform a hash operation on the decrypted document content to obtain a first encrypted data feature, compare and verify the first encrypted data feature with the encrypted data feature, and if the encrypted feature is consistent with the encrypted data feature, and the encrypted data is restored.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the blockchain-based document security access device further includes a second judging unit, configured to judge whether an integrity verification operation is executable based on authority confirmation information when a user integrity verification request is received, a third obtaining unit, configured to obtain, when the integrity verification operation is executable, identification information associated with a document to be verified from a blockchain, and obtain an encrypted data feature of the document to be verified based on the identification information, a second comparing unit, configured to perform hash operation on contents of the document to be verified to obtain a second encrypted data feature, compare the second encrypted data feature with the encrypted data feature, and complete the integrity verification operation if values of the second encrypted data feature and the encrypted data feature are consistent.
A third aspect of the present invention provides a blockchain-based document security access device comprising a memory and at least one processor, the memory having stored therein computer readable instructions, the memory and the at least one processor being interconnected by a wire, the at least one processor invoking the computer readable instructions in the memory to cause the blockchain-based document security access device to perform the steps of the blockchain-based document security access method as described above.
A fourth aspect of the present invention provides a computer readable storage medium having stored therein computer readable instructions which, when run on a computer, cause the computer to perform the steps of a blockchain-based document security access method as described above.
The method has the advantages that in the technical scheme, identification information and encrypted data characteristics of a document are stored in the blockchain, data loss and theft are prevented by utilizing the non-tamperable characteristic of the characteristics, access authority configuration strategies are set through preset configuration logic of the blockchain, user identities and operation authorities are verified, interaction information is uploaded to the blockchain, fine management and operation traceability of authorities are achieved, document recovery is achieved through decryption and encrypted data characteristic comparison or encrypted data characteristic verification integrity is directly compared on the basis of stored information on the blockchain, and whether data are tampered can be judged quickly without decryption. The invention provides a document security access method based on a blockchain, which improves the security and reliability of document storage by utilizing the characteristics of decentralization, non-falsification and transparency of the blockchain.
Drawings
FIG. 1 is a first flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 2 is a second flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 3 is a third flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 4 is a fourth flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 5 is a fifth flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 6 is a sixth flowchart of a blockchain-based secure access method for documents provided by an embodiment of the present invention;
FIG. 7 is a seventh flowchart of a blockchain-based document security access method provided by an embodiment of the present invention;
FIG. 8 is a schematic diagram of a block chain based document security access apparatus according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of another architecture of a blockchain-based document security access device according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of a blockchain-based document security access device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method, a device, equipment and a storage medium for safely accessing a document based on a blockchain, which are characterized in that in the technical scheme of the invention, the identification information and the encrypted data characteristic of the document are stored in the blockchain, the storage and change histories of the identification information and the encrypted data characteristic are recorded, the content of the document is encrypted by utilizing symmetric and asymmetric encryption technologies, the encrypted data characteristic of the encrypted information is recorded, the access authority of the document is set through preset configuration logic of the blockchain, the method and the system ensure that only authorized users can access or modify, simultaneously store access and operation logs in the blockchain, realize audit trail, support document restoration and reconstruction by utilizing the encrypted data characteristics prestored in the blockchain, verify the integrity and consistency of the document, automatically execute storage, access and change rules through preset configuration logic of the blockchain, and record document version information and change records. The invention provides a document security access method based on a blockchain, which improves the security and reliability of document storage by utilizing the characteristics of decentralization, non-falsification and transparency of the blockchain and solves the problems of data falsification, unauthorized access, data loss and the like of a traditional document storage system.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, a specific flow of an embodiment of the present invention is described below with reference to fig. 1, where a first embodiment of a blockchain-based document security access method in an embodiment of the present invention includes:
s100, storing identification information and encrypted data characteristics of a document in a blockchain;
In the present embodiment, the identification information of the document is metadata extracted from the document, and the metadata generally includes information such as a document title, an author name, a creation time, a modification time, a document type such as Word, PDF, and a document unique identification code (UUID, universallyUniqueIdentifier), but is not limited thereto. For the encrypted data feature, it is first generated by generating a set of random number strings, splitting the document content into several bits of small blocks, and then randomly generating an initialization vector of the same size as the blocks. And then generating a pair of asymmetric encryption public and private keys, wherein the asymmetric encryption public and private keys comprise a public key and a private key, the public key can be disclosed, and the private key needs to be kept secret. And finally, carrying out secure hash operation on the encrypted document content to generate unique encrypted data characteristics, namely hash values. Hash values are a way to represent data characteristics, with uniqueness and certainty.
For example, when a user uploads a text document, the system automatically reads the file header to obtain information of a title, an author and the like, constructs the information into a lightweight data exchange format (JSON, javaScript Object notification), such as a title, a financial report, an author, a Zhang Sanu, and the like, sends the information to a blockchain through a blockchain development kit together with encrypted data characteristics, verifies the information through a consensus mechanism, stores the information, and records a storage timestamp.
S200, setting an access authority configuration strategy of the document through preset configuration logic of the blockchain;
In this embodiment, the preset configuration logic refers to a blockchain smart contract, and is used to set an access right configuration policy of a document, where the access right configuration policy includes users such as an administrator, an editor, and a viewer, and corresponding operation rights such as reading, modifying, deleting, and recovering. The preset configuration logic defines a user identity table, an allowed operation set corresponding to each identity, and a permission change rule, but is not limited to the user identity table and the permission change rule. For example, an editor may read, modify a document, but not delete, and an administrator may read, modify, delete, and restore. After the access authority configuration strategy of the document is set through the preset configuration logic, the authority configuration strategy can automatically verify the authority of the user according to the setting rule and execute corresponding operation, so that the access and operation of the document are ensured to accord with the setting rule, and meanwhile, the safety, transparency and traceability of the whole process are ensured.
For example, the document owner invokes a preset configuration logic interface, i.e., an intelligent contract interface, to input the blockchain address, the specified identity, and the allowed operation type of the target user. After the preset configuration logic automatically verifies the authority of the document owner, authority information such as user addresses, identities and operation authorities are stored in the blockchain, and an untrustworthy authority change record is generated, so that an access authority configuration strategy of the document is generated, and all subsequent access requests of the user to the document need to trigger the access authority configuration strategy to verify the authority of the user. For example, the user A is provided with an editor identity, the user A is allowed to read and modify the document, deletion is forbidden, and related authority information is permanently stored in a key value pair form, so that the user A cannot tamper with the document.
And S300, when a user access request is received, acquiring identity information of a user, allowing access after identity and authority verification of the identity information is passed based on the access authority configuration strategy, and storing interaction information related to verification in the blockchain.
In this embodiment, the identification information includes a hash value of the user's blockchain address, digital certificate, or username password. When a user access request is received, identity verification is firstly carried out, namely, if a user uses a digital certificate, an issuing mechanism, a validity period and signature validity of the digital certificate are verified by an access authority configuration strategy, and if a user name password is used, whether a hash value of an input password is consistent with a hash value stored in a chain or not is compared by the access authority configuration strategy. After the identity verification is passed, performing authority verification, namely inquiring an operation authority set corresponding to the identity of the user through an access authority configuration strategy, and judging whether the operation type of the request is contained or not, such as reading and downloading.
For example, when a user initiates a document access request, the system extracts a blockchain address and a digital certificate in the identity information of the user, and after the digital certificate is verified to be valid by invoking an access authority configuration strategy, the user queries that the identity corresponding to the blockchain address is a 'viewer', only has reading authority and allows access to the encrypted content of the document. The interactive information generated in the verification process, such as user address, verification time 2025, 5, 29 days, 14:30, operation type read and result pass, is packaged into transaction data in a lightweight data exchange format (JSON, javaScript Object notification), and the transaction data is subjected to security authentication and consensus verification and then is stored with a jade block chain to form a traceable audit log.
In addition, if the authentication is not passed, the access permission configuration policy directly refuses the access request of the user, does not execute any permission authentication operation, and stores refusal information such as refusal time, user identification and refusal reason in the blockchain to form an audit record. For example, if the digital certificate submitted by the user is invalid, such as expired, a signature error, or the hash value of the user name password is inconsistent with the record on the blockchain, the access right configuration policy determines that the authentication is not passed. By the arrangement, unauthorized users can be prevented from bypassing authority verification through the set access authority configuration strategy, the security of document storage is enhanced, and meanwhile, all refused records cannot be tampered, so that compliance audit requirements are met.
The embodiment provides a document security access method based on a blockchain, which stores identification information and encrypted data characteristics of a document in the blockchain, prevents data loss and theft by utilizing the non-falsifiable characteristics of the document, sets access authority configuration strategies through preset configuration logic of the blockchain, verifies user identities and operation authorities, uploads interaction information to the blockchain, realizes fine management and operation traceability of authorities, and can quickly judge whether data is falsified or not by decrypting and comparing the encrypted data characteristics to finish document recovery or directly comparing the encrypted data characteristics to verify integrity based on stored information on the blockchain. The invention provides a document security access method based on a blockchain, which improves the security and reliability of document storage by utilizing the characteristics of decentralization, non-falsification and transparency of the blockchain.
Referring to fig. 2, a second embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
S110, extracting metadata of a document as identification information, wherein the metadata comprises document title data, creation time data and author information data;
s120, encrypting the document content of the document to generate encrypted data, and carrying out hash operation on the encrypted data to obtain encrypted data characteristics;
S130, packaging the identification information and the encrypted data characteristics into transaction data, carrying out security authentication and consensus verification on the transaction data, and storing the transaction data after the security authentication and the consensus verification in a blockchain.
In this embodiment, the system parses its metadata as identifying information based on the document type. When the document is divided into a text document, an image document and a table document, the text document obtains information such as a document title, an author, a creation time and the like by reading a file header to serve as identification information, the image document extracts information such as shooting equipment, shooting time, resolution and the like by using an image metadata standard to serve as identification information, and the table document obtains information such as a table name, a column name, a data source and the like from a document attribute or a data dictionary to serve as identification information.
The method comprises the steps of structuring extracted metadata into a key value pair form by adopting a lightweight data exchange format (JSON, javaScript Object notification), generating a 256-bit random symmetric key, splitting document contents according to 128-bit block sizes, encrypting each block of data by adopting a password block linking mode and combining a randomly generated 128-bit initialization vector to obtain encrypted document contents, generating an asymmetric public-private key pair, encrypting the symmetric key by using a public key to obtain an encrypted symmetric key, and carrying out 256-bit secure hash operation on the encrypted document contents to obtain encrypted data characteristics.
The identification information and the encrypted data feature are packaged into transaction data, the transaction data is signed by using a user private key, the transaction data is sent to a blockchain network through a software development kit (SDK, software Development Kit) of a blockchain platform, and the transaction data is stored in the blockchain after passing through verification by a consensus mechanism and is recorded with a storage timestamp.
Referring to fig. 3, a third embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
S121, generating a symmetric key in advance, and carrying out block encryption on document contents of a document by using an encryption algorithm based on the symmetric key to obtain encrypted document contents;
s122, generating an asymmetric public-private key pair in advance, and encrypting the symmetric key by adopting an asymmetric encryption algorithm based on a public key in the asymmetric public-private key pair to obtain an encrypted symmetric key;
s123, integrating the encrypted document content and the encrypted symmetric key to obtain encrypted data.
In the embodiment, a 256-bit random symmetric key is generated in advance, the document content is encrypted in blocks according to the size of 128-bit blocks by using an advanced encryption standard algorithm based on the symmetric key, an exclusive-or operation is carried out on each data block and the previous encryption block by adopting a password block link mode and combining with a random initialization vector, then the encrypted document content is obtained by using the symmetric key encryption, an asymmetric public-private key pair is generated in advance, the symmetric key is encrypted by adopting an asymmetric encryption algorithm based on the public key to obtain an encrypted symmetric key, and the encrypted document content and the encrypted symmetric key are integrated to obtain encrypted data.
It should be understood that the length of the generated random symmetric key can be selected to 128 bits, 192 bits or 256 bits according to the requirement of the advanced encryption standard algorithm, and the block size of the advanced encryption standard algorithm is fixed to 128 bits, so that the document content needs to be partitioned according to the 128 bit block size, the randomly generated initialization vector is a 128 bit byte sequence with the same size as the block size, when the encryption is performed in the cipher block chaining mode, the first data block firstly performs exclusive-or operation with the randomly generated 128 bit initialization vector, then uses the symmetric key to encrypt, then performs exclusive-or operation with the previous encryption block, and then uses the symmetric key to encrypt, in this way, the encryption result of each data block depends on the encryption state of the previous block, even if the same plaintext block is generated, so as to enhance the encryption security, wherein the randomly generated 128 bit initialization vector ensures the unique state of each data block, the bit block data is a basic unit of the encryption processing, and the random encryption key is generated by the random symmetric block 128 bits, thus realizing the encryption of the random data, and the random encryption of the data block.
The same plaintext block refers to a data block with identical content in a document, such as a repeated character sequence, and each plaintext block is encrypted by a cipher block linking mode, and then is encrypted by a symmetric key after being exclusive-or with the previous encrypted block, so that different ciphertext blocks are generated by the same plaintext block due to different exclusive-or objects, and the encryption security is improved.
Referring to fig. 4, a fourth embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
s210, deploying preset configuration logic on the blockchain, wherein the preset configuration logic is used for defining a user identity and a permission set corresponding to the user identity;
S220, setting different user identities and operation authorities of the different user identities on the document based on the preset configuration logic to obtain an access authority configuration strategy comprising an identity verification rule and an operation authority verification rule, wherein the operation authorities comprise reading, modifying, deleting and recovering.
In this embodiment, an intelligent contract is deployed on a blockchain as preset configuration logic, a user identity and a permission set corresponding to the user identity are defined through the preset configuration logic, a user identity table is created, each identity corresponds to different access permissions, for example, an administrator has full permissions of reading, modifying, deleting and recovering, an editor allows reading, modifying and forbidding deleting documents, and a viewer only allows reading documents. Based on preset configuration logic, setting different user identities and the operation authorities of the different user identities to the document, and obtaining an access authority configuration strategy containing an identity verification rule and an operation authority verification rule, wherein the operation authorities comprise reading, modifying, deleting and recovering. Meanwhile, the authority configuration information is stored in the blockchain in the form of key value pairs.
For example, the identity of the user three is "user ID001", which is set as the identity of the administrator and is given to the complete operation authority set, the identity of the user four is "user ID002", which is set as the identity of the editor and is given to the reading and modifying authority, and the identity of the user five is "user ID003", which is set as the identity of the viewer and is given to the reading authority only. When a user initiates an operation request for a document, the access authority configuration strategy reads corresponding authority configuration information from the blockchain according to the identity of the user, and performs authority verification. For example, if the user Lifour (editor identity) initiates a request for modifying a document, the access rights configuration policy verifies whether the rights set contains "modification" rights, permits operation after verification is passed, and records the operation log to the blockchain, and if the Lifour initiates a request for deleting a document, the access rights configuration policy verifies that the rights set does not contain "deletion" rights, denies the operation and records the refusal log.
Referring to fig. 5, a fifth embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
s310, when a user access request is received, acquiring identity information of a user;
S320, carrying out identity verification on the identity information based on the identity verification rule included in the access right configuration strategy to obtain identity verification information;
s330, when the identity verification information shows that the identity verification is passed, carrying out authority verification on the identity information according to an operation authority verification rule included in the access authority configuration strategy to obtain authority verification information;
s340, after the identity verification information and the authority confirmation information are obtained, allowing the user to perform corresponding authority operation;
S350, storing the identity information, the identity verification information and the authority confirmation information in the blockchain.
In this embodiment, when a user access request is received, a blockchain address of the user, a digital certificate, or a hash value of a user name password is acquired as identification information. By way of example, if a user initiates a request through a blockchain wallet, the blockchain address is obtained as an identity, if the user accesses through a client application, the digital certificate is obtained, and if the user accesses through a web page, the hash value of the user name and password is obtained. For example, the user opens a three-way access system for a blockchain wallet, the blockchain address of the system is 'wallet address 123456', the user Li four is accessed by a client application, the digital certificate of the system comprises information such as a issuing mechanism 'security authentication center', a certificate serial number 'certificate serial number 789012', and the like, the user Wang five is logged in through a webpage end, a user name 'Wang five' and a password are input, and the system carries out hash operation on the password to obtain a hash value 'hash value 345678'.
Based on the identity verification rule in the access authority configuration strategy, the validity of an issuing mechanism, a validity period, a signature and the like of the digital certificate is verified, and the user name and the password are compared with the hash value of the encryption information stored on the blockchain to obtain the identity verification information. For example, for a digital certificate, the system first verifies whether its issuing authority is a trusted authentication center, for example, checks whether the digital certificate issuing authority of the Li-IV is a "security authentication center", then verifies the validity period of the certificate, judges whether the current time is within the valid start-stop date range of the certificate, and finally verifies whether the signature of the certificate is valid, and compares the signature with the public key of the authentication center. For the hash value of the user name and password, the system reads the hash value of the encrypted information prestored by the user from the blockchain, for example, the prestored hash value of the king is 'hash value 345678', the hash value is compared with the hash value obtained by current calculation, and if the hash values are consistent, the verification is passed.
And when the identity verification information shows that the identity verification is passed, inquiring a permission set corresponding to the user identity according to an operation permission verification rule in the access permission configuration strategy, and judging whether the user identity has the requested operation permission or not to obtain permission confirmation information. By way of example, the blockchain address of Zhang three is associated with an administrator identity whose rights set is "read, modify, delete, restore", the digital certificate of Lifour is associated with an editor identity whose rights set is "read, modify", and the user name of Wang five is associated with a viewer identity whose rights set is "read". The system judges whether the operation authority requested by the user is contained in an authority set of the document, for example, the document is deleted by a three-request, the system inquires that the authority set of the document contains a 'delete' authority to obtain authority confirmation information as the permission operation, the document is modified by a Li-four request, the authority set of the document contains a 'modify' authority to confirm that the operation is permitted, and the authority set of the document does not contain a 'delete' authority if the document is deleted by a Li-four request, and the confirmation information is refusal operation.
And storing the identity identification information, the identity verification information and the authority confirmation information in the blockchain. By way of example, zhang Sancheng successfully deletes the document, the system records the operation log, four successfully modifies the document, the system updates the document content and records the modification log, wang Wucheng successfully reads the document, and the system records the access log. After the operation is completed, the system stores the identification information, the authentication information and the authority confirmation information of the user in the blockchain in a transaction mode. For example, "time: 2025, 5, 30, 15, user: wallet address 123456, operation: delete document, permission, result: success" etc. information is recorded, ensuring that all operations are traceable and non-tamperable.
Referring to fig. 6, a sixth embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
s410, when a user data recovery request is received, judging whether a data recovery operation can be executed or not based on the permission confirmation information;
s420, when data recovery operation can be executed, acquiring identification information associated with a document to be recovered from a blockchain, and acquiring encrypted data characteristics, an encrypted symmetric key, an asymmetric public and private key pair and encrypted document content of the document to be recovered based on the identification information;
S430, decrypting the encrypted symmetric key through the private key in the asymmetric public-private key pair to obtain a decrypted symmetric key;
S440, decrypting the encrypted document content through the decrypted symmetric key to obtain decrypted document content;
s450, carrying out hash operation on the decrypted document content to obtain a first encrypted data characteristic, and comparing and verifying the first encrypted data characteristic with the encrypted data characteristic;
s460, if the values of the first encrypted data feature and the encrypted data feature are consistent, finishing the data recovery operation.
It should be understood that the conventional storage manner has a disadvantage in terms of recovery, and when a document is damaged or lost, the recovery process is complicated and full recovery of data may not be guaranteed. In order to overcome the above problems, in this embodiment, when a document needs to be recovered due to deletion or damage, the system locates the data stored on the chain according to the identification information, and performs decryption and comparison operations.
In this embodiment, when the system receives a data recovery request of a user, the user authority is first determined based on the authority confirmation information. For example, a user who sends a "financial report" document with a request for restoration, the access rights configuration policy queries that its set of rights contains "restore" rights, allowing the restoration operation to be performed. The system obtains identification information associated with the financial report document from the blockchain, wherein the identification information comprises a document unique identifier of document ID123, and obtains an encrypted data characteristic hash value 456789 of the financial report document, an encrypted symmetric encryption key 789, a private key 101 in an asymmetric encryption public-private key pair and encrypted document content ciphertext content 123 based on the document unique identifier of document ID 123.
The private key 'private key 101' in the asymmetric public-private key pair is used for decrypting the encrypted symmetric encryption key 'encryption key 789', and the decrypted symmetric encryption key 'symmetric key 456' is obtained through the inverse operation of the asymmetric encryption algorithm. Next, the encrypted document content "ciphertext content 123" is decrypted by the decrypted symmetric encryption key "symmetric key 456". It should be understood that, because the cryptographic block linking mode is adopted during encryption, the initial vector "vector 789" needs to be combined during decryption, and the decrypted document content, such as "original content: financial report data," is obtained after decryption block by block according to the encryption inverse process.
256-Bit secure hash operation is carried out on the decrypted document content to obtain a first encrypted data characteristic hash value 456789, and the first encrypted data characteristic hash value 456789 is compared with a blockchain pre-stored encrypted data characteristic hash value 456789 in a bit-by-bit mode to verify. Through comparison, the two hash values are completely consistent, the document content is confirmed to be complete and the recovery is successful, the system returns the recovered financial report document to the user for three, records the recovery operation log time of 2025, 5, 30 and 16, and the user performs three, operates the recovery document, and results are successful, so that the data recovery operation is completed.
Referring to fig. 7, a seventh embodiment of a blockchain-based document security access method in an embodiment of the invention includes:
S510, when a user integrity verification request is received, judging whether an integrity verification operation can be executed or not based on authority confirmation information;
S520, when the integrity verification operation can be executed, acquiring identification information associated with the document to be verified from the blockchain, and acquiring the encrypted data characteristic of the document to be verified based on the identification information;
s530, carrying out hash operation on the content of the document to be verified to obtain a second encrypted data characteristic, and comparing and verifying the second encrypted data characteristic with the encrypted data characteristic;
s540, if the values of the second encrypted data feature and the encrypted data feature are consistent, completing the integrity verification operation.
It should be understood that, the conventional storage manner has defects in terms of verification of data integrity, often lacks reliable means, and is difficult to accurately judge whether the document is tampered in real time, so that the problems seriously affect the security and reliability of the storage of the electronic document. In order to overcome the problems, when the system regularly performs integrity check, the system does not need to decrypt the document, directly performs hash operation on the document of the current version and compares the document with the record on the chain, quickly judges the document integrity, and triggers an early warning mechanism if the hash value is inconsistent.
In this embodiment, when the system receives the user's integrity verification request, the user authority is also determined based on the authority confirmation information. For example, the user Lifour (editor identity) initiates an integrity verification request for a "technical solutions" document, and the system queries that its set of rights contains "read" rights, allowing the verification operation to be performed. It should be appreciated that the administrator identity, the editor identity, and the viewer identity all allow the integrity verification operation, and that a temporary user or an unauthorized user without explicit rights does not allow the integrity verification operation. The system obtains identifying information associated with the "technical scheme" document, such as a document unique identifier "document ID456", from the blockchain, and obtains an encrypted data feature "hash value 789012" of the "technical scheme" document based on the document unique identifier "document ID 456".
256-Bit secure hash operation is carried out on the content of the file in the technical scheme to obtain a second encrypted data characteristic hash value 789012, and the second encrypted data characteristic hash value 789012 is compared with a blockchain pre-stored encrypted data characteristic hash value 789012 in a bit-by-bit mode to verify. Through comparison, the two hash values are completely consistent, the document content is confirmed to be complete and not tampered, the system returns a verification result of ' document ' technical scheme ' document integrity verification pass ' to the user Lifour, and the verification operation log ' time is recorded: 2025, 5, 30, 17, the user, li IV, operates to verify the integrity of the document, and results pass.
If the hash values are inconsistent through comparison, for example, when the user king five (the identity of a viewer) verifies a document of 'product specification', the calculated hash value is 'hash value 345678', the blockchain pre-stored hash value is 'hash value 901234', and the system confirms that the document content is incomplete or tampered, and immediately triggers an exception handling mechanism. The system marks the document as a suspected falsification state, informs an administrator and records detailed log time of 2025, 5, 30 and 18, the user operates to verify the integrity of the document, and the result is failure and suspected falsification, and simultaneously reserves two hash values as audit basis.
It should be noted that the hash value can be regarded as a kind of "digital fingerprint", after the document is damaged and lost, the encrypted data and the hash value in the blockchain are needed to be decrypted and restored to the original content, and whether the original content is the same (comparing the hash value) is checked, after the document is normally modified, the new version information (modified content and modified time) is recorded, and the modified document is ensured not to be tampered maliciously (even if the document is not damaged, whether the document is modified illegally is checked). Therefore, whether the data of the document is tampered can be judged by only comparing whether the encrypted digital fingerprint (hash value) is consistent with the digital fingerprint stored in the blockchain.
The above describes a blockchain-based document security access method in the embodiment of the present invention, and the following describes a blockchain-based document security access device in the embodiment of the present invention, referring to fig. 8, an embodiment of the blockchain-based document security access device in the embodiment of the present invention includes:
A storage module 10 for storing identifying information and encrypted data characteristics of a document in a blockchain;
the setting module 20 is configured to set an access right configuration policy of the document through preset configuration logic of the blockchain;
And the verification module 30 is used for acquiring the identity information of the user when receiving the user access request, allowing access after the identity and the authority of the identity information are verified based on the access authority configuration strategy, and storing the interaction information related to verification in the blockchain.
In the embodiment, the security and reliability of document storage are improved by utilizing the characteristics of decentralization, non-falsification and transparency of the blockchain.
In this embodiment, the memory module 10 includes:
an extraction unit 11 for extracting metadata of a document as identification information, the metadata including document title data, creation time data, and author information data;
An encryption unit 12, configured to encrypt document content of a document to generate encrypted data, and perform a hash operation on the encrypted data to obtain an encrypted data feature;
And the integrating unit 13 is used for packaging the identification information and the encrypted data characteristics into transaction data, carrying out security authentication and consensus verification on the transaction data, and storing the transaction data after the security authentication and the consensus verification in a blockchain.
In this embodiment, the encryption unit 12 is specifically configured to generate a symmetric key in advance, encrypt document contents of a document by using an encryption algorithm based on the symmetric key in blocks to obtain encrypted document contents, generate an asymmetric public-private key pair in advance, encrypt the symmetric key by using an asymmetric encryption algorithm based on a public key in the asymmetric public-private key pair to obtain an encrypted symmetric key, and integrate the encrypted document contents and the encrypted symmetric key to obtain encrypted data.
In this embodiment, the setting module 20 includes:
A deployment unit 21, configured to deploy preset configuration logic on the blockchain, where the preset configuration logic is used to determine a user identity and a permission set corresponding to the user identity;
The setting unit 22 is configured to set different user identities and operation rights of the different user identities to the document based on the preset configuration logic, so as to obtain an access rights configuration policy including an identity verification rule and an operation rights verification rule, where the operation rights include reading, modifying, deleting and recovering.
In this embodiment, the verification module 30 includes:
a first obtaining unit 31, configured to obtain identity information of a user when receiving a user access request;
A judging unit 32, configured to perform identity verification on the identity information based on an identity verification rule included in the access right configuration policy, so as to obtain identity verification information; when the identity verification information shows that the identity verification is passed, carrying out authority confirmation on the identity information according to an operation authority verification rule included in the access authority configuration strategy to obtain authority confirmation information;
A permission unit 33, configured to allow the user to perform a corresponding permission operation after obtaining the authentication information and the permission confirmation information;
and a storage unit 34, configured to store the identification information, the authentication information, and the authority confirmation information in the blockchain.
In this embodiment, the blockchain-based document security access device further includes a data recovery module 40, where the data recovery module 40 includes:
a first judging unit 41 for judging whether or not the data recovery operation can be performed based on the authority confirmation information when the user data recovery request is received;
A second obtaining unit 42, configured to obtain, when the data recovery operation is executable, identification information associated with the document to be recovered from the blockchain, and obtain, based on the identification information, an encrypted data feature of the document to be recovered, an encrypted symmetric key, an asymmetric public-private key pair, and encrypted document content;
A decryption unit 43, configured to decrypt the encrypted symmetric key by using the private key in the asymmetric public-private key pair to obtain a decrypted symmetric key;
The first comparing unit 44 is configured to perform a hash operation on the decrypted document content to obtain a first encrypted data feature, compare and verify the first encrypted data feature with the encrypted data feature, and complete a data recovery operation if the values of the first encrypted data feature and the encrypted data feature are consistent.
In this embodiment, the blockchain-based document security access device further includes an integrity verification module 50, the integrity verification module 50 including:
A second judging unit 51 for judging whether or not the integrity verification operation is executable based on the authority confirmation information when the user integrity verification request is received;
a third obtaining unit 52, configured to obtain, when the integrity verification operation is executable, identification information associated with the document to be verified from the blockchain, and obtain an encrypted data feature of the document to be verified based on the identification information;
And the second comparing unit 53 is configured to perform hash operation on the content of the document to be verified to obtain a second encrypted data feature, compare and verify the second encrypted data feature with the encrypted data feature, and complete the integrity verification operation if the values of the second encrypted data feature and the encrypted data feature are consistent.
The blockchain-based document security access device in the embodiment of the present invention is described in detail from the point of view of the modularized functional entity in the above fig. 8 and 9, and the blockchain-based document security access device in the embodiment of the present invention is described in detail from the point of view of hardware processing in the following.
FIG. 10 is a schematic diagram of a blockchain-based document security access device 1000 that may vary widely in configuration or performance, and may include one or more processors (centralprocessing units, CPU) 1100 (e.g., one or more processors) and memory 1200, one or more storage mediums 1300 (e.g., one or more mass storage devices) that store applications 1310 or data 1320, according to an embodiment of the present invention. Wherein the memory 1200 and the storage medium 1300 may be transitory or persistent storage. The program stored on the storage medium 1300 may include one or more modules (not shown), each of which may include a series of instruction operations on the blockchain-based document security access device 1000. Still further, the processor 1100 may be configured to communicate with the storage medium 1300 to perform a series of instruction operations in the storage medium 1300 on the blockchain-based document security access device 1000.
The blockchain-based document security access device 1000 may also include one or more power supplies 1400, one or more wired or wireless network interfaces 1500, one or more input/output interfaces 1600, and/or one or more operating systems 1330 such as Windows Serve, mac OS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the device structure shown in FIG. 10 is not limiting of the blockchain-based document security access device 1000 and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, and which may also be a volatile computer readable storage medium, having instructions stored therein that when executed on a computer cause the computer to perform the steps of a blockchain-based document security access method.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the system or apparatus and unit described above may refer to the corresponding process in the foregoing method embodiment, which is not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that the foregoing embodiments may be modified or equivalents may be substituted for some of the features thereof, and that the modifications or substitutions do not depart from the spirit and scope of the embodiments of the invention.

Claims (10)

1.一种基于区块链的文档安全访问方法,其特征在于,包括:1. A blockchain-based document security access method, comprising: 将文档的标识性信息和加密数据特征存储于区块链;Storing the document’s identifying information and encrypted data features in the blockchain; 通过所述区块链的预设配置逻辑设定所述文档的访问权限配置策略;Setting the access permission configuration policy of the document through the preset configuration logic of the blockchain; 当接收到用户访问请求时,获取用户的身份标识信息,基于所述访问权限配置策略对所述身份标识信息进行身份和权限验证通过后允许访问,并将验证相关的交互信息存储于所述区块链。When a user access request is received, the user's identity information is obtained, and the identity and authority verification of the identity information is performed based on the access permission configuration policy. After passing the verification, access is allowed, and the verification-related interaction information is stored in the blockchain. 2.根据权利要求1所述基于区块链的文档安全访问方法,其特征在于,所述将文档的标识性信息和加密数据特征存储于区块链,包括:2. The blockchain-based document security access method according to claim 1, wherein storing the document's identification information and encrypted data features in the blockchain comprises: 提取文档的元数据作为标识性信息,所述元数据包括文档标题数据、创建时间数据及作者信息数据;Extracting metadata of the document as identification information, wherein the metadata includes document title data, creation time data, and author information data; 对文档的文档内容进行加密处理后生成加密数据,并对所述加密数据进行哈希运算得到加密数据特征;Encrypting the document content to generate encrypted data, and performing a hash operation on the encrypted data to obtain encrypted data features; 将所述标识性信息和加密数据特征打包成交易数据,对所述交易数据进行安全认证和共识验证,将通过安全认证和共识验证后的交易数据存储于区块链。The identification information and encrypted data features are packaged into transaction data, security authentication and consensus verification are performed on the transaction data, and the transaction data that passes security authentication and consensus verification is stored in the blockchain. 3.根据权利要求2所述基于区块链的文档安全访问方法,其特征在于,所述对文档的文档内容进行加密处理后生成加密数据,包括:3. The blockchain-based document security access method according to claim 2, wherein the step of encrypting the document content to generate encrypted data comprises: 预先生成对称密钥,基于所述对称密钥并使用加密算法对文档的文档内容进行分块加密,得到加密文档内容;Generate a symmetric key in advance, and encrypt the document content of the document in blocks using an encryption algorithm based on the symmetric key to obtain encrypted document content; 预先生成非对称公私钥对,基于所述非对称公私钥对中的公钥,采用非对称加密算法对所述对称密钥进行加密,得到加密后的对称密钥;Pre-generating an asymmetric public-private key pair, and encrypting the symmetric key using an asymmetric encryption algorithm based on the public key in the asymmetric public-private key pair to obtain an encrypted symmetric key; 将所述加密文档内容和所述加密后的对称密钥整合后,得到加密数据。After integrating the encrypted document content and the encrypted symmetric key, encrypted data is obtained. 4.根据权利要求3所述基于区块链的文档安全访问方法,其特征在于,所述通过所述区块链的预设配置逻辑设定所述文档的访问权限配置策略,包括:4. The blockchain-based document security access method according to claim 3, wherein the step of setting the document access permission configuration policy using the preset configuration logic of the blockchain comprises: 在所述区块链上部署预设配置逻辑,所述预设配置逻辑用于明确用户身份及与用户身份对应的权限集合;Deploying preset configuration logic on the blockchain, wherein the preset configuration logic is used to clarify the user identity and the permission set corresponding to the user identity; 基于所述预设配置逻辑,设定不同用户身份及不同用户身份对所述文档的操作权限,得到包括身份验证规则和操作权限验证规则的访问权限配置策略,所述操作权限包括读取、修改、删除及恢复。Based on the preset configuration logic, different user identities and their operation permissions for the document are set to obtain an access permission configuration policy including identity authentication rules and operation permission verification rules. The operation permissions include reading, modifying, deleting and restoring. 5.根据权利要求4所述基于区块链的文档安全访问方法,其特征在于,所述当接收到用户访问请求时,获取用户的身份标识信息,基于所述访问权限配置策略对所述身份标识信息进行身份和权限验证通过后允许访问,并将验证相关的交互信息存储于所述区块链,包括:5. The blockchain-based document security access method according to claim 4, characterized in that when a user access request is received, the user's identity information is obtained, the identity and permission verification of the identity information is performed based on the access permission configuration policy, and access is allowed after passing the verification, and the verification-related interaction information is stored in the blockchain, including: 当接收到用户访问请求时,获取用户的身份标识信息;When receiving a user access request, obtain the user's identity information; 基于所述访问权限配置策略所包括的身份验证规则对所述身份标识信息进行身份验证,得到身份验证信息;authenticating the identity information based on the identity authentication rules included in the access permission configuration policy to obtain identity authentication information; 当身份验证信息表明通过身份验证时,根据所述访问权限配置策略所包括的操作权限验证规则对所述身份标识信息进行权限确认,得到权限确认信息;When the identity authentication information indicates that the identity authentication is passed, the identity identification information is subjected to permission confirmation according to the operation permission verification rules included in the access permission configuration policy to obtain permission confirmation information; 在获得身份验证信息和权限确认信息后,允许用户进行相应权限操作;After obtaining identity authentication information and permission confirmation information, the user is allowed to perform operations with corresponding permissions; 将所述身份标识信息、所述身份验证信息以及所述权限确认信息存储于所述区块链。The identity identification information, the identity verification information, and the authority confirmation information are stored in the blockchain. 6.根据权利要求1-5任一项所述基于区块链的文档安全访问方法,其特征在于,所述的方法还包括:6. The blockchain-based document security access method according to any one of claims 1 to 5, characterized in that the method further comprises: 当接收到用户数据恢复请求时,基于权限确认信息判断是否可执行数据恢复操作;When receiving a user data recovery request, determine whether the data recovery operation can be performed based on the permission confirmation information; 当可执行数据恢复操作时,从区块链中获取待恢复文档关联的标识性信息,并基于所述标识性信息获取待恢复文档的加密数据特征、加密后的对称密钥、非对称公私钥对及加密后的文档内容;When a data recovery operation is available, identifying information associated with the document to be recovered is obtained from the blockchain, and based on the identifying information, the encrypted data features, the encrypted symmetric key, the asymmetric public-private key pair, and the encrypted document content of the document to be recovered are obtained; 通过所述非对称公私钥对中的私钥对所述加密后的对称密钥进行解密,得到解密后的对称密钥;Decrypting the encrypted symmetric key using the private key in the asymmetric public-private key pair to obtain a decrypted symmetric key; 通过所述解密后的对称密钥对加密后的文档内容进行解密,得到解密后的文档内容;Decrypting the encrypted document content using the decrypted symmetric key to obtain the decrypted document content; 对所述解密后的文档内容进行哈希运算,得到第一加密数据特征,将所述第一加密数据特征与所述加密数据特征进行比对验证;Performing a hash operation on the decrypted document content to obtain a first encrypted data feature, and comparing and verifying the first encrypted data feature with the encrypted data feature; 若所述第一加密数据特征和所述加密数据特征的数值一致,则完成数据恢复操作。If the values of the first encrypted data feature and the encrypted data feature are consistent, the data recovery operation is completed. 7.根据权利要求1-5任一项所述基于区块链的文档安全访问方法,其特征在于,所述的方法还包括:7. The blockchain-based document security access method according to any one of claims 1 to 5, characterized in that the method further comprises: 当接收到用户完整性验证请求时,基于权限确认信息判断是否可执行完整性验证操作;When receiving a user integrity verification request, determine whether the integrity verification operation can be performed based on the permission confirmation information; 当可执行完整性验证操作时,从区块链中获取待验证文档关联的标识性信息,并基于所述标识性信息获取加待验证文档的加密数据特征;When an integrity verification operation is executable, obtaining identification information associated with the document to be verified from the blockchain, and obtaining encrypted data features of the document to be verified based on the identification information; 对待验证文档的内容进行哈希运算,得到第二加密数据特征,将所述第二加密数据特征与所述加密数据特征进行比对验证;Performing a hash operation on the content of the document to be verified to obtain a second encrypted data feature, and comparing and verifying the second encrypted data feature with the encrypted data feature; 若所述第二加密数据特征和所述加密数据特征的数值一致,则完成完整性验证操作。If the values of the second encrypted data feature and the encrypted data feature are consistent, the integrity verification operation is completed. 8.一种基于区块链的文档安全访问装置,其特征在于,包括:8. A document security access device based on blockchain, comprising: 存储模块,用于将文档的标识性信息和加密数据特征存储于区块链;A storage module, used to store the identification information and encrypted data features of the document in the blockchain; 设定模块,用于通过所述区块链的预设配置逻辑设定所述文档的访问权限配置策略;A setting module, configured to set the access permission configuration policy of the document through the preset configuration logic of the blockchain; 验证模块,用于当接收到用户访问请求时,获取用户的身份标识信息,基于所述访问权限配置策略对所述身份标识信息进行身份和权限验证通过后允许访问,并将验证相关的交互信息存储于所述区块链。The verification module is used to obtain the user's identity information when receiving a user access request, perform identity and authority verification on the identity information based on the access permission configuration policy, and allow access after passing the verification, and store the verification-related interaction information in the blockchain. 9.一种基于区块链的文档安全访问设备,其特征在于,包括存储器和至少一个处理器,所述存储器中存储有计算机可读指令;9. A blockchain-based document security access device, comprising a memory and at least one processor, wherein the memory stores computer-readable instructions; 所述至少一个处理器调用所述存储器中的所述计算机可读指令,以执行如权利要求1-7中任一项所述基于区块链的文档安全访问方法的各个步骤。The at least one processor calls the computer-readable instructions in the memory to execute the various steps of the blockchain-based document security access method as described in any one of claims 1 to 7. 10.一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如权利要求1-7中任一项所述基于区块链的文档安全访问方法的各个步骤。10. A computer-readable storage medium having computer-readable instructions stored thereon, wherein when the computer-readable instructions are executed by a processor, the steps of the blockchain-based document security access method as described in any one of claims 1 to 7 are implemented.
CN202510778434.2A 2025-06-11 2025-06-11 Block chain-based document security access method, device, equipment and storage medium Pending CN120744969A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510778434.2A CN120744969A (en) 2025-06-11 2025-06-11 Block chain-based document security access method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510778434.2A CN120744969A (en) 2025-06-11 2025-06-11 Block chain-based document security access method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN120744969A true CN120744969A (en) 2025-10-03

Family

ID=97184451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510778434.2A Pending CN120744969A (en) 2025-06-11 2025-06-11 Block chain-based document security access method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN120744969A (en)

Similar Documents

Publication Publication Date Title
US7526654B2 (en) Method and system for detecting a secure state of a computer system
US7925023B2 (en) Method and apparatus for managing cryptographic keys
US11170128B2 (en) Information security using blockchains
US8369521B2 (en) Smart card based encryption key and password generation and management
CN117216740A (en) Digital identity authentication method based on blockchain technology
CN102483792A (en) Method and apparatus for sharing documents
JP2016531508A (en) Data secure storage
US11658978B2 (en) Authentication using blockchains
US20220141014A1 (en) Storing secret data on a blockchain
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
JP6533542B2 (en) Secret key replication system, terminal and secret key replication method
CN115022042B (en) A compliance code verification method and computer-readable medium for protecting data privacy
JP4612951B2 (en) Method and apparatus for securely distributing authentication credentials to roaming users
US8499357B1 (en) Signing a library file to verify a callback function
JP2004318645A (en) Wireless tag security extension method, ID management computer device, proxy server device, their programs, and recording media for those programs
KR20100106110A (en) Secure boot data total management system, methods for generating and verifying a verity of matadata for managing secure boot data, computer-readable recording medium storing program for executing any of such methods
CN116112234B (en) A method, system, medium and device for electronic signature security verification
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
JP2024043587A (en) File sharing system and method
CN120744969A (en) Block chain-based document security access method, device, equipment and storage medium
CN114637985A (en) An Android application login forgery identification method based on multiple environmental parameters
JP2002132145A (en) Authentication method, authentication system, recording medium and information processor
KR102854414B1 (en) Authentication methods and authentication systems that restrict unauthorized installation of software products
CN118734262B (en) A publication copyright infringement monitoring and early warning system and method
TWI844338B (en) Passwordless authentication method and computer program product

Legal Events

Date Code Title Description
PB01 Publication