[go: up one dir, main page]

WO2018032374A1 - Encrypted storage system for block chain and method using same - Google Patents

Encrypted storage system for block chain and method using same Download PDF

Info

Publication number
WO2018032374A1
WO2018032374A1 PCT/CN2016/095578 CN2016095578W WO2018032374A1 WO 2018032374 A1 WO2018032374 A1 WO 2018032374A1 CN 2016095578 W CN2016095578 W CN 2016095578W WO 2018032374 A1 WO2018032374 A1 WO 2018032374A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
key
storage system
user
encrypted storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/095578
Other languages
French (fr)
Chinese (zh)
Inventor
张丛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Fanxi Eelectronics Co Ltd
Original Assignee
Shenzhen Fanxi Eelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Fanxi Eelectronics Co Ltd filed Critical Shenzhen Fanxi Eelectronics Co Ltd
Publication of WO2018032374A1 publication Critical patent/WO2018032374A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the invention relates to the transaction data security problem of a blockchain, in particular to an encrypted storage system of a blockchain and a using method thereof.
  • blockchain is a secure account book database, composed of data blocks, users can constantly update and upgrade here.
  • the platform looks for data.
  • the blockchain can speed up transaction processing, reduce costs, reduce middlemen, improve market insight, and increase business transparency.
  • Computing and storage are the two basic tasks of computer systems. With the explosive growth of information, storage components will experience direct storage based on single-server, to cluster-based grid storage based on LAN, and finally to WAN-based data grids.
  • Blockchain technology is the most extreme development at present. The intrinsic characteristics of this data storage medium include intelligent storage. The quality of storage service can guarantee service differentiation and performance guarantee for user applications.
  • Storage is object-oriented mass storage, and Network storage must be confidential and complete.
  • the existing Internet does not have a good or convenient way to ensure the confidentiality, integrity, availability, and data of the data stored in the blockchain and the data stored on the storage device. Non-repudiation and the reliability of the entire network storage system, especially the generation of trusted computing technology in blockchain in recent years, puts higher demands on network storage security.
  • An object of the present invention is to provide an encrypted storage system for a blockchain, comprising: (1) a file group S, which is composed of files having the same access attribute and at different levels, for reducing key exchange between users. Volume, distinguish between file read and write, effectively handle the revocation of user access rights, let an untrusted server authorization file to write operations; (2) open file system, embedded in the blockchain encryption storage system prototype, including The right database, the authentication database of the open file system and the file group key of the encrypted storage system itself are formed in the same programming manner; (3) the lock box device includes multiple key distribution schemes, and the user uses more client-based One of the key distribution schemes to customize the security policy and authentication mechanism for its own files.
  • the number of key exchanges and the number of key exchanges between the file owner and the user is reduced by the key rotation management key, but at the same time the obligation of the file owner to initially distribute the key is not released.
  • the open file system defines the basic structure of the first level directory, so that the user can transparently access the file by using the same directory address anywhere.
  • the access process is to input the "login user name" command, input After the correct password, you can get the token verification code. You can use the check command to check whether the token verification code is correctly obtained. If you modify the personal access password, use the keyword + username to change the keyword and transaction. Relevant, including the transaction information digest, must be used when the user leaves the open file system.
  • the token verification code is time-sensitive and automatically expires after 24 hours from the login. If it is necessary to obtain a new token verification code, the login information needs to be entered again.
  • all data encryption in the file group S is encrypted by a disk, and key management is performed by the client.
  • the plurality of key distribution schemes are differentiated according to the ratio of security and performance ratio values, and the lock box device has multiple keys.
  • the blockchain encryption storage system uses the public key cryptography as the security key of the access right.
  • a file group contains several files belonging to the same file owner and belonging to the same group of lock boxes.
  • the owner of the file group immediately distributes the lock box key to the user after creating the lock box, and calculates a hash tree for each file, and signs and puts the root Enter the file header; (3) the encrypted storage system uses an asymmetric file verification key or uses the file signing key protocol to distinguish between read and write users, these keys are used to sign or verify the hash value of the file block content, thereby Provide proof of file integrity; (4) When requesting a file, the server will pass the encrypted lock box and the encrypted file block to the user, and then the user uses the lock box key to open the lock box and use the lock box The corresponding key decrypts the file block.
  • the method further includes the following steps: for the unified file group, the file owner generates a new key by using the original lock box key, and when the user accesses the file, if the new lock box key is not available, the new key is obtained from the owner. If the lockbox key is not the latest user, you must calculate the original key yourself.
  • the method further includes: the blockchain encryption storage system uses two types of keys, a file signature key and a file verification key, to distinguish between read and write permissions of the file, and when the user reads or writes the file, the file is used.
  • the signature key and the file verification key verify the digital signature and the hash value of the file. If the verification fails, the user believes that the file was illegally modified.
  • the encrypted storage system of the present invention and the method of using the same, the key management right is placed on the client rather than a trusted server, which prevents the problem of insufficient server-side capacity caused by expensive cryptographic operations, and at the same time, relies on the file group. Limiting the number of keys, files with the same access attribute are protected by the same key in the same file group, making it possible to access files when the file owner is offline, thus avoiding the need to access each file. The trouble of contacting the file owner.
  • FIG. 1 is a schematic structural diagram of a blockchain encryption storage system according to an embodiment of the present invention.
  • the essence of a transaction is a relational data structure that contains information about the value transfer of the trading participants. These transaction information is called the accounting ledger.
  • the transaction needs to go through three creation, verification, and writing blockchains. The transaction must be digitally signed to ensure the legality of the transaction.
  • Block All transaction information is stored in the block, and a transaction information is a record, which is stored as a separate record in the blockchain.
  • the block consists of a block header and a data part.
  • the block header field contains various characteristics of the block itself, such as the previous block information, the merkle value, and the timestamp.
  • the block header hash value and block height are the two most important indicators for identifying the block.
  • the block primary identifier is its cryptographic hash value, a digital fingerprint obtained by performing a second hash calculation on the block header by the SHA algorithm.
  • the resulting 32-byte hash value is called the block hash value, or the block header hash value, and only the block header is used for calculation.
  • the block hash value can uniquely and unambiguously identify a block, and any node can independently obtain the block hash value by simply hashing the block header.
  • Blockchain A data structure in which blocks are chained in an orderly fashion.
  • a blockchain is like a vertical stack, with the first block being the first block at the bottom of the stack, and each block is then placed on top of the other blocks.
  • a block When a block is written to a blockchain, it will never change and is backed up to another blockchain server.
  • an encrypted storage system for a blockchain does not affect the secure data sharing of a blockchain node even if it does not trust the server.
  • This embodiment uses cryptography to protect shared files. It is characterized by providing a single user with direct and extensible key management while maintaining direct control over the user accessing the data, and using the file group S in the encrypted storage system to reduce The amount of key exchange between users, distinguishes between file read and write, effectively handles the revocation of user access rights, and allows an untrusted server authorization file.
  • a file group is a strict collection of files with the same access attributes. Regardless of the hierarchy, managing keys by key rotation helps reduce the number and number of key exchanges between the file owner and the user, but At the same time, the obligation of the file owner to initially distribute the key is not removed.
  • the file system specifies the basic structure of the first-level directory, enabling users to transparently access their files using the same directory address from anywhere. The process of entering is to enter the "login user name" command, and after entering the correct password, The token verification code can be obtained.
  • the user can check again whether the token verification code is correctly obtained by using the check command. If the personal access password is modified, the command of "keyword + user name" must be used to change the keyword, including the transaction information. Abstract, when the user leaves the open file system The logout command must be used. In addition, for security reasons, the token verification code is time-sensitive. It automatically expires 24 hours after login. If you need to obtain a new token verification code, you need to type the login information again to prevent system phishing.
  • the primary goal of the lockbox approach is to provide highly scalable key management while giving file owners direct control over authorized access.
  • All data encryption uses disk encryption, and key management is performed by the client to alleviate server-side stress.
  • the user uses one of a plurality of client-based key distribution schemes to customize security policies and authentication mechanisms for their own files, where each allocation scheme is differentiated according to the ratio of security and performance ratios, and the lock box scheme has Multiple keys.
  • each allocation scheme is differentiated according to the ratio of security and performance ratios, and the lock box scheme has Multiple keys.
  • the file is divided into blocks and encrypted in blocks.
  • the block key is placed in the lock box.
  • a file group contains several files belonging to the same file owner.
  • the lock boxes belonging to the same group have the same lock box key and The signature key, the owner of the file group distributes the lock box key to the user once the lock box is created, and computes a hash tree for each file, signs the root and places it in the file header.
  • the blockchain encryption storage system uses asymmetric file verification keys or uses a file signing key protocol to distinguish between read and write users. These keys are used to sign Or verify the hash value of the contents of the file block to provide proof of the integrity of the file.
  • the server When requesting a file, the server passes the encrypted lock box and the encrypted file block to the user, who then uses the lock box key to open the lock box and decrypt the file block using the corresponding key in the lock box.
  • the blockchain encryption storage system of this embodiment uses the public key cryptography as the security key of the access right, and prevents the problem that the re-encryption box key management is overburdened.
  • the file owner uses the original lock box key to generate a new key.
  • the new lock box key is not available, the new key is obtained from the owner. If the lock box key is not up to date
  • the user needs to calculate the original key by himself. Of course, the user needs to know enough information to calculate the original key. Only the owner of the file can generate the new key in order, and the user can use the current key to generate the previous key. , only produces the immediate, can not produce all.
  • the blockchain encryption storage system of this embodiment does not trust the file server, and therefore does not rely on the server to distinguish the read and write permissions of the file, but uses two types of keys: a file signature key and a file verification key.
  • the read and write permissions of the file are differentiated. When the user reads or writes the file, these keys are used to verify the digital signature and the hash value of the file. If the verification fails, the user believes that the file has been illegally modified.
  • the measurement results using the embodiment show that the security and scalability of the encrypted storage system are strong compared with the blockchain of all network communication systems, and the time-to-case ratio of the cryptographic operation is tested for reading and writing of a single file.
  • Ordinary encrypted storage systems are 40% faster.
  • Putting key management rights on the client instead of a trusted server prevents the problem of insufficient server-side capacity caused by expensive cryptographic operations. It mainly relies on file groups to limit the number of keys. Files with the same access attribute are protected by the same key in the same file group, which makes it possible to access files when the file owner is offline, thus avoiding access. Each file needs to be contacted by the owner of the file.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides an encrypted storage system for a block chain, comprising: (1) a file group (S), used for reducing the amounts of key exchange between users, differentiating file reading and writing, effectively processing and revoking access rights of the users, and allowing an un-trusted server to authorize a write operation for a file; (2) an open file system, used for embedding an encrypted storage system prototype of the block chain and comprising an authentication database; and (3) a box locking device comprising a plurality of key distribution schemes. A user customizes safety strategies and authentication mechanisms for files of the user with by using one of a plurality of client-based key distribution schemes. Also disclosed is a method for using the encrypted storage system for a block chain. According to the present invention, the problem of possibly insufficient capacity of servers due to expensive cipher computation can be solved, files can be accessed when file owners are offline, and accordingly, when each file needs to be accessed, the trouble of contacting with the corresponding file owner can be prevented.

Description

一种用于区块链的加密存储系统及其使用方法Encrypted storage system for blockchain and using method thereof 技术领域Technical field

本发明涉及区块链的交易数据安全问题,特别是一种区块链的加密存储系统及其使用方法。The invention relates to the transaction data security problem of a blockchain, in particular to an encrypted storage system of a blockchain and a using method thereof.

背景技术Background technique

2009年比特币的出现带来了一种颠覆性的成果--区块链技术,区块链是一个安全的帐簿类数据库,由一个个数据区块组成,使用者可以在这个不断更新升级的平台查找数据,对于金融机构来说,区块链能加快交易处理过程、降低成本、减少中间人、提高市场洞察力,增加业务透明度。The emergence of Bitcoin in 2009 brought a subversive result - blockchain technology, blockchain is a secure account book database, composed of data blocks, users can constantly update and upgrade here. The platform looks for data. For financial institutions, the blockchain can speed up transaction processing, reduce costs, reduce middlemen, improve market insight, and increase business transparency.

计算和存储是计算机系统的两大基本任务,随着信息的爆炸性增长,存储部件会经历基于单服务器的直连存储,到基于局域网的集群网格存储,最后发展到基于广域网的数据网格,区块链技术是目前发展的最末端,这种数据存储介质的本征特质包括智能化的存储,存储服务质量可以保证为用户应用提供服务区分和性能保证,存储是面向对象的海量存储,以及网络存储必须保证是机密完整和安全的,现有的互联网还没有很好的或者方便的办法保证区块链传输过程中的数据和保存在存储设备上的数据的保密性、完整性、可用性、不可抵赖性以及整个网络存储系统的可靠性能,尤其是近年来区块链可信计算技术的产生,对网络存储安全又提出更高的要求。Computing and storage are the two basic tasks of computer systems. With the explosive growth of information, storage components will experience direct storage based on single-server, to cluster-based grid storage based on LAN, and finally to WAN-based data grids. Blockchain technology is the most extreme development at present. The intrinsic characteristics of this data storage medium include intelligent storage. The quality of storage service can guarantee service differentiation and performance guarantee for user applications. Storage is object-oriented mass storage, and Network storage must be confidential and complete. The existing Internet does not have a good or convenient way to ensure the confidentiality, integrity, availability, and data of the data stored in the blockchain and the data stored on the storage device. Non-repudiation and the reliability of the entire network storage system, especially the generation of trusted computing technology in blockchain in recent years, puts higher demands on network storage security.

发明内容 Summary of the invention

本发明的目的在于提供一种用于区块链的加密存储系统,包括:(1)文件群S,由具有相同访问属性且处于不同层次的文件构成,用于减少用户之间的密钥交换量,区分文件的读写,有效处理吊销用户访问权,让一个不信任的服务器授权文件进行写操作;(2)开放式文件系统,用于嵌入区块链的加密存储系统原型,其中包括鉴权数据库,所述开放式文件系统的鉴权数据库与加密存储系统自身的文件群密钥采用同一编程方式形成;(3)锁盒装置,包含多个密钥分配方案,用户使用基于客户端的多个密钥分配方案中的一个来对自己的文件定制安全策略和认证机制。An object of the present invention is to provide an encrypted storage system for a blockchain, comprising: (1) a file group S, which is composed of files having the same access attribute and at different levels, for reducing key exchange between users. Volume, distinguish between file read and write, effectively handle the revocation of user access rights, let an untrusted server authorization file to write operations; (2) open file system, embedded in the blockchain encryption storage system prototype, including The right database, the authentication database of the open file system and the file group key of the encrypted storage system itself are formed in the same programming manner; (3) the lock box device includes multiple key distribution schemes, and the user uses more client-based One of the key distribution schemes to customize the security policy and authentication mechanism for its own files.

优选的,通过密钥旋转管理密钥减少文件拥有者与用户之间的密钥交换次数和数量,但同时不解除文件拥有者初始分发秘钥的义务。Preferably, the number of key exchanges and the number of key exchanges between the file owner and the user is reduced by the key rotation management key, but at the same time the obligation of the file owner to initially distribute the key is not released.

优选的,开放式的文件系统规定第一级目录的基本结构,使用户能够在任何地方都能够使用同一目录地址对自己的文件进行透明访问,访问的过程是输入“登陆用户名”命令,输入正确的密码后,就可以取得代币验证码,用户可以使用检查命令再次检查是否正确获得代币验证码,如果修改个人访问密码,采用“关键词+用户名”的命令更改,关键词与交易有关,包括交易信息摘要,当用户离开所述开放式文件系统的时候,必须使用注销命令。Preferably, the open file system defines the basic structure of the first level directory, so that the user can transparently access the file by using the same directory address anywhere. The access process is to input the "login user name" command, input After the correct password, you can get the token verification code. You can use the check command to check whether the token verification code is correctly obtained. If you modify the personal access password, use the keyword + username to change the keyword and transaction. Relevant, including the transaction information digest, must be used when the user leaves the open file system.

优选的,代币验证码具有时效性,自登陆起24小时候自动失效,如果需要获取新的代币验证码,需要再次键入登陆信息。Preferably, the token verification code is time-sensitive and automatically expires after 24 hours from the login. If it is necessary to obtain a new token verification code, the login information needs to be entered again.

优选的,文件群S内所有的数据加密采用磁盘加密,密钥管理由客户端执行。Preferably, all data encryption in the file group S is encrypted by a disk, and key management is performed by the client.

优选的,多个密钥分配方案是根据安全性和性能的比率值来区分定义的,并且锁盒装置具有多重密钥。Preferably, the plurality of key distribution schemes are differentiated according to the ratio of security and performance ratio values, and the lock box device has multiple keys.

优选的,区块链加密存储系统使用公钥密码作为访问权的确权密钥。Preferably, the blockchain encryption storage system uses the public key cryptography as the security key of the access right.

本发明的目的还在于提供一种用于区块链的加密存储系统的使用方法,包括如下步骤:(1)将区块链内的文件分成块,以块为单位加密,块密钥放到锁盒中,一个文件群包含若干文件,属于同一文件拥有者,属于同一个群的锁盒 具有相同的锁盒密钥和签名密钥;(2)文件群的拥有者创建锁盒后立即把锁盒密钥分发给用户,并且要对每个文件计算哈希树,对根签名并放入文件头部;(3)加密存储系统使用非对称的文件验证密钥或者使用文件签名密钥协议区分读和写的用户,这些密钥用来签名或验证文件块内容的哈希值,从而提供关于文件完整性的证明;(4)在请求一个文件的时候,服务器会把加密的锁盒和加密的文件块传给用户,然后用户使用锁盒密钥打开锁盒并使用锁盒中的相应密钥解密文件块。It is still another object of the present invention to provide a method for using an encrypted storage system for a blockchain, comprising the steps of: (1) dividing a file in a blockchain into blocks, encrypting them in blocks, and placing block keys in blocks. In the lock box, a file group contains several files belonging to the same file owner and belonging to the same group of lock boxes. Have the same lock box key and signature key; (2) The owner of the file group immediately distributes the lock box key to the user after creating the lock box, and calculates a hash tree for each file, and signs and puts the root Enter the file header; (3) the encrypted storage system uses an asymmetric file verification key or uses the file signing key protocol to distinguish between read and write users, these keys are used to sign or verify the hash value of the file block content, thereby Provide proof of file integrity; (4) When requesting a file, the server will pass the encrypted lock box and the encrypted file block to the user, and then the user uses the lock box key to open the lock box and use the lock box The corresponding key decrypts the file block.

优选的,还包括如下步骤:对于统一文件群,文件拥有者利用原有锁盒密钥产生新的密钥,用户访问文件时,如果没有新锁盒密钥就从拥有者索取新的密钥,如果锁盒密钥不是最新用户要自己计算原来的密钥。Preferably, the method further includes the following steps: for the unified file group, the file owner generates a new key by using the original lock box key, and when the user accesses the file, if the new lock box key is not available, the new key is obtained from the owner. If the lockbox key is not the latest user, you must calculate the original key yourself.

优选的,还包括:区块链加密存储系统使用文件签名密钥和文件验证密钥两种类型的密钥来进行文件的读写权限区分,当用户读或者写文件的时候,使用所述文件签名密钥和文件验证密钥验证数字签名和文件的哈希值,如果未能通过验证,用户认为文件遭到非法修改。Preferably, the method further includes: the blockchain encryption storage system uses two types of keys, a file signature key and a file verification key, to distinguish between read and write permissions of the file, and when the user reads or writes the file, the file is used. The signature key and the file verification key verify the digital signature and the hash value of the file. If the verification fails, the user believes that the file was illegally modified.

本发明的加密存储系统及其使用方法,将密钥管理权放到客户端而不是一个可信的服务器,阻止了昂贵的密码运算可能引起的服务器端容量不足的问题,同时,依赖文件群来限制密钥的数量,具有同一访问属性的文件放在同一个文件群中受到同一密钥的保护,使得文件拥有者不在线的时候对文件的访问成为可能,从而避免访问每个文件都需要与文件拥有者联系的麻烦。The encrypted storage system of the present invention and the method of using the same, the key management right is placed on the client rather than a trusted server, which prevents the problem of insufficient server-side capacity caused by expensive cryptographic operations, and at the same time, relies on the file group. Limiting the number of keys, files with the same access attribute are protected by the same key in the same file group, making it possible to access files when the file owner is offline, thus avoiding the need to access each file. The trouble of contacting the file owner.

根据下文结合附图对本发明具体实施例的详细描述,本领域技术人员将会更加明了本发明的上述以及其他目的、优点和特征。The above as well as other objects, advantages and features of the present invention will become apparent to those skilled in the <

附图说明DRAWINGS

后文将参照附图以示例性而非限制性的方式详细描述本发明的一些具体实施例。附图中相同的附图标记标示了相同或类似的部件或部分。本领域技术人员应该理解,这些附图未必是按比例绘制的。本发明的目标及特征考虑到如下 结合附图的描述将更加明显,附图中:Some specific embodiments of the present invention are described in detail below by way of example, and not limitation. The same reference numbers in the drawings identify the same or similar parts. Those skilled in the art should understand that the drawings are not necessarily drawn to scale. The objects and features of the present invention are considered as follows The description will be more apparent in conjunction with the drawings, in which:

图1为根据本发明实施例的区块链加密存储系统的结构示意图。FIG. 1 is a schematic structural diagram of a blockchain encryption storage system according to an embodiment of the present invention.

具体实施方式detailed description

在进行具体实施方式的说明之前,为了更为清楚的表达所论述的内容,首先定义一些非常重要的概念。Before proceeding with the description of the specific embodiments, in order to more clearly express the content discussed, first define some very important concepts.

交易:交易的实质是个关系数据结构,这个数据结构中包含交易参与者价值转移的相关信息。这些交易信息被称为记账总账簿。交易需经过三个创建、验证、写入区块链。交易必须经过数字签名,保证交易的合法性。Trading: The essence of a transaction is a relational data structure that contains information about the value transfer of the trading participants. These transaction information is called the accounting ledger. The transaction needs to go through three creation, verification, and writing blockchains. The transaction must be digitally signed to ensure the legality of the transaction.

区块:所有的交易信息存放于区块中,一条交易信息就是一条记录,作为一个独立的记录存放于区块链中。区块由区块头部和数据部分组成,区块头字段包含区块本身的各种特性,例如前一区块信息,merkle值及时间戳等。其中区块头哈希值和区块高度是标识区块最主要的两个指标。区块主标识符是它的加密哈希值,一个通过SHA算法对区块头进行二次哈希计算而得到的数字指纹。产生的32字节哈希值被称为区块哈希值,或者区块头哈希值,只有区块头被用于计算。区块哈希值可以唯一、明确地标识一个区块,并且任何节点通过简单地对区块头进行哈希计算都可以独立地获取该区块哈希值。Block: All transaction information is stored in the block, and a transaction information is a record, which is stored as a separate record in the blockchain. The block consists of a block header and a data part. The block header field contains various characteristics of the block itself, such as the previous block information, the merkle value, and the timestamp. The block header hash value and block height are the two most important indicators for identifying the block. The block primary identifier is its cryptographic hash value, a digital fingerprint obtained by performing a second hash calculation on the block header by the SHA algorithm. The resulting 32-byte hash value is called the block hash value, or the block header hash value, and only the block header is used for calculation. The block hash value can uniquely and unambiguously identify a block, and any node can independently obtain the block hash value by simply hashing the block header.

区块链:由区块按照链式结构有序链接起来的数据结构。区块链就像一个垂直的堆栈,第一个区块作为栈底的首区块,随后每个区块都被放置在其他区块之上。当区块写入区块链后将永远不会改变,并且备份到其他的区块链服务器上。Blockchain: A data structure in which blocks are chained in an orderly fashion. A blockchain is like a vertical stack, with the first block being the first block at the bottom of the stack, and each block is then placed on top of the other blocks. When a block is written to a blockchain, it will never change and is backed up to another blockchain server.

实施例:参见图1,一种用于区块链的加密存储系统,即便对服务器不信任也不影响区块链节点安全的数据共享的。本实施例使用密码学来保护共享文件,特点是在让单个用户保持对访问数据的使用者直接控制的同时提供更高的可扩展的密钥管理,在加密存储系统中使用文件群S来减少用户之间的密钥交换量,区分文件的读写,有效处理吊销用户访问权,让一个不信任的服务器授权文件 进行写操作,文件群是严格的具有相同访问属性的文件集合体,与层次无关,通过密钥旋转管理密钥,有助于减少文件拥有者与用户之间的密钥交换次数和数量,但同时不解除文件拥有者初始分发秘钥的义务。Embodiment: Referring to FIG. 1, an encrypted storage system for a blockchain does not affect the secure data sharing of a blockchain node even if it does not trust the server. This embodiment uses cryptography to protect shared files. It is characterized by providing a single user with direct and extensible key management while maintaining direct control over the user accessing the data, and using the file group S in the encrypted storage system to reduce The amount of key exchange between users, distinguishes between file read and write, effectively handles the revocation of user access rights, and allows an untrusted server authorization file. For write operations, a file group is a strict collection of files with the same access attributes. Regardless of the hierarchy, managing keys by key rotation helps reduce the number and number of key exchanges between the file owner and the user, but At the same time, the obligation of the file owner to initially distribute the key is not removed.

创建一个开放式的文件系统,在文件系统内嵌入上述区块链的加密存储系统原型,使用户方便、高效的共享分布在局域网或者广域网中的文件,并通过鉴权数据库为用户提供更高的安全性,开放式文件系统的鉴权数据库与加密存储系统自身的文件群密钥采用同一编程方式,也就是锁盒方案,兼容加密方式的同时,提高安全性和可扩展性,通过开放式的文件系统规定第一级目录的基本结构,使用户能够在任何地方都能够使用同一目录地址对自己的文件进行透明访问,访问的过程是输入“登陆用户名”命令,输入正确的密码后,就可以取得代币验证码,用户可以使用检查命令再次检查是否正确获得代币验证码,如果修改个人访问密码,必须采用“关键词+用户名”的命令更改,关键词与交易有关,包括交易信息摘要,当用户离开该开放式文件系统的时候,必须使用注销命令,另外,出于安全考虑,该代币验证码具有时效性,自登陆起24小时候自动失效,如果需要获取新的代币验证码,需要再次键入登陆信息,防系统钓鱼。Create an open file system, embed the above-mentioned blockchain encryption storage system prototype in the file system, so that users can conveniently and efficiently share files distributed in the LAN or WAN, and provide users with higher authentication through the authentication database. Security, the authentication database of the open file system and the file group key of the encrypted storage system itself are in the same programming mode, that is, the lock box solution, which is compatible with the encryption method, improves security and scalability, and is open-ended. The file system specifies the basic structure of the first-level directory, enabling users to transparently access their files using the same directory address from anywhere. The process of entering is to enter the "login user name" command, and after entering the correct password, The token verification code can be obtained. The user can check again whether the token verification code is correctly obtained by using the check command. If the personal access password is modified, the command of "keyword + user name" must be used to change the keyword, including the transaction information. Abstract, when the user leaves the open file system The logout command must be used. In addition, for security reasons, the token verification code is time-sensitive. It automatically expires 24 hours after login. If you need to obtain a new token verification code, you need to type the login information again to prevent system phishing.

锁盒方案的主要目标是在给文件所有者提供对授权访问的直接控制的同时,提供高扩展性的密钥管理。所有的数据加密采用磁盘加密,密钥管理由客户端执行从而减轻服务器端的压力。用户使用基于客户端的多个密钥分配方案中的一个来对自己的文件定制安全策略和认证机制,其中每个分配方案是根据安全性和性能的比率值来区分定义的,并且锁盒方案具有多重密钥。使用时,文件分成块,以块为单位加密,块密钥放到锁盒中,一个文件群包含若干文件,属于同一文件拥有者,属于同一个群的锁盒具有相同的锁盒密钥和签名密钥,文件群的拥有者一旦创建锁盒就把锁盒密钥分发给用户,并且要对每个文件计算哈希树,对根签名并放入文件头部。该区块链加密存储系统使用非对称的文件验证密钥或者使用文件签名密钥协议区分读和写的用户。这些密钥用来签名 或验证文件块内容的哈希值,从而提供关于文件完整性的证明。The primary goal of the lockbox approach is to provide highly scalable key management while giving file owners direct control over authorized access. All data encryption uses disk encryption, and key management is performed by the client to alleviate server-side stress. The user uses one of a plurality of client-based key distribution schemes to customize security policies and authentication mechanisms for their own files, where each allocation scheme is differentiated according to the ratio of security and performance ratios, and the lock box scheme has Multiple keys. When used, the file is divided into blocks and encrypted in blocks. The block key is placed in the lock box. A file group contains several files belonging to the same file owner. The lock boxes belonging to the same group have the same lock box key and The signature key, the owner of the file group distributes the lock box key to the user once the lock box is created, and computes a hash tree for each file, signs the root and places it in the file header. The blockchain encryption storage system uses asymmetric file verification keys or uses a file signing key protocol to distinguish between read and write users. These keys are used to sign Or verify the hash value of the contents of the file block to provide proof of the integrity of the file.

在请求一个文件的时候,服务器会把加密的锁盒和加密的文件块传给用户,然后用户使用锁盒密钥打开锁盒并使用锁盒中的相应密钥解密文件块。When requesting a file, the server passes the encrypted lock box and the encrypted file block to the user, who then uses the lock box key to open the lock box and decrypt the file block using the corresponding key in the lock box.

在加密存储系统中,密钥的增多和文件群的使用是的密钥吊销方案比较复杂。在文件系统中当大量文件使用同一个只与访问权有关的密钥加密时,密钥吊销可能引起大量文件重加密和密钥管理问题。因此,本实施例的区块链加密存储系统使用公钥密码作为访问权的确权密钥,防止重加密盒密钥管理负担过重的问题。In an encrypted storage system, the increase in keys and the use of file groups are complicated by key revocation schemes. Key revocation can cause a large number of file re-encryption and key management issues when a large number of files are encrypted using the same key associated with access rights in the file system. Therefore, the blockchain encryption storage system of this embodiment uses the public key cryptography as the security key of the access right, and prevents the problem that the re-encryption box key management is overburdened.

对于统一文件群,文件拥有者利用原有锁盒密钥产生新的密钥,用户访问文件时,如果没有新锁盒密钥就从拥有者索取新的密钥,如果锁盒密钥不是最新就需要用户自己计算原来的密钥,当然用户需要知道的信息足够多才能计算得到原来的密钥,只有文件的拥有者才能按序产生新密钥,用户能利用当前密钥产生前面的密钥,仅产生紧邻的,不能产生所有的。For a unified file group, the file owner uses the original lock box key to generate a new key. When the user accesses the file, if the new lock box key is not available, the new key is obtained from the owner. If the lock box key is not up to date The user needs to calculate the original key by himself. Of course, the user needs to know enough information to calculate the original key. Only the owner of the file can generate the new key in order, and the user can use the current key to generate the previous key. , only produces the immediate, can not produce all.

本实施例的区块链加密存储系统对文件服务器时不信任的,因此不依靠服务器来区分文件的读写权限,而是使用文件签名密钥和文件验证密钥两种类型的密钥来进行文件的读写权限区分,当用户读或者写文件的时候,要使用这些密钥验证数字签名和文件的哈希值。如果未能通过验证,用户认为文件遭到非法修改。The blockchain encryption storage system of this embodiment does not trust the file server, and therefore does not rely on the server to distinguish the read and write permissions of the file, but uses two types of keys: a file signature key and a file verification key. The read and write permissions of the file are differentiated. When the user reads or writes the file, these keys are used to verify the digital signature and the hash value of the file. If the verification fails, the user believes that the file has been illegally modified.

使用本实施例测量结果表明,同加密所有网络通信系统的区块链相比,该加密存储系统的安全性和可扩展性很强,并且针对单个文件的读写进行测试,密码运算的时间比普通加密存储系统快40%。将密钥管理权放到客户端而不是一个可信的服务器,阻止了昂贵的密码运算可能引起的服务器端容量不足的问题。主要依赖文件群来限制密钥的数量,具有同一访问属性的文件放在同一个文件群中受到同一密钥的保护,这些使得文件拥有者不在线的时候对文件的访问成为可能,从而避免访问每个文件都需要与文件拥有者联系。The measurement results using the embodiment show that the security and scalability of the encrypted storage system are strong compared with the blockchain of all network communication systems, and the time-to-case ratio of the cryptographic operation is tested for reading and writing of a single file. Ordinary encrypted storage systems are 40% faster. Putting key management rights on the client instead of a trusted server prevents the problem of insufficient server-side capacity caused by expensive cryptographic operations. It mainly relies on file groups to limit the number of keys. Files with the same access attribute are protected by the same key in the same file group, which makes it possible to access files when the file owner is offline, thus avoiding access. Each file needs to be contacted by the owner of the file.

虽然本发明已经参考特定的说明性实施例进行了描述,但是不会受到这些 实施例的限定而仅仅受到附加权利要求的限定。本领域技术人员应当理解可以在不偏离本发明的保护范围和精神的情况下对本发明的实施例能够进行改动和修改。 Although the invention has been described with reference to specific illustrative embodiments, it is not subject to these The definition of the embodiments is only limited by the appended claims. It will be appreciated by those skilled in the art that the embodiments of the invention can be modified and modified without departing from the scope and spirit of the invention.

Claims (10)

一种用于区块链的加密存储系统,其特征在于包括:An encrypted storage system for a blockchain, comprising: (1)文件群(S),由具有相同访问属性且处于不同层次的文件构成,用于减少用户之间的密钥交换量,区分文件的读写,有效处理吊销用户访问权,让一个不信任的服务器授权文件进行写操作;(1) The file group (S) consists of files with the same access attributes and at different levels. It is used to reduce the amount of key exchange between users, distinguish between file read and write, and effectively handle the revocation of user access rights. Trusted server authorization file to write; (2)开放式文件系统,用于嵌入区块链的加密存储系统原型,其中包括鉴权数据库,所述开放式文件系统的鉴权数据库与加密存储系统自身的文件群密钥采用同一编程方式形成;(2) an open file system for embedding an encrypted storage system prototype of a blockchain, which includes an authentication database, the authentication database of the open file system and the file group key of the encrypted storage system itself are in the same programming manner form; (3)锁盒装置,包含多个密钥分配方案,用户使用基于客户端的多个密钥分配方案中的一个来对自己的文件定制安全策略和认证机制。(3) A lock box device, comprising a plurality of key distribution schemes, wherein the user uses one of a plurality of key distribution schemes based on the client to customize a security policy and an authentication mechanism for the own file. 根据权利要求1所述的一种用于区块链的加密存储系统,其特征在于:通过密钥旋转管理密钥减少文件拥有者与用户之间的密钥交换次数和数量,但同时不解除文件拥有者初始分发秘钥的义务。An encrypted storage system for a blockchain according to claim 1, wherein the key exchange number and the number of key exchanges between the file owner and the user are reduced by the key rotation management key, but are not released at the same time. The obligation of the file owner to initially distribute the key. 根据权利要求2所述的一种用于区块链的加密存储系统,其特征在于:所述开放式的文件系统规定第一级目录的基本结构,使用户能够在任何地方都能够使用同一目录地址对自己的文件进行透明访问,访问的过程是输入“登陆用户名”命令,输入正确的密码后,就可以取得代币验证码,用户可以使用检查命令再次检查是否正确获得代币验证码,如果修改个人访问密码,采用“关键词+用户名”的命令更改,关键词与交易有关,包括交易信息摘要,当用户离开所述开放式文件系统的时候,必须使用注销命令。An encrypted storage system for a blockchain according to claim 2, wherein said open file system defines a basic structure of the first level directory, enabling a user to use the same directory anywhere. The address transparently accesses the file. The process of entering is to enter the “login user name” command. After entering the correct password, the token verification code can be obtained. The user can check the correct verification code by using the check command. If the personal access password is modified, the command is changed with the keyword "user name". The keyword is related to the transaction, including the transaction information digest. When the user leaves the open file system, the logout command must be used. 根据权利要求3所述的一种用于区块链的加密存储系统,其特征在于所述代币验证码具有时效性,自登陆起24小时候自动失效,如果需要获取新的代币验证码,需要再次键入登陆信息。An encrypted storage system for a blockchain according to claim 3, wherein said token verification code is time-sensitive, automatically expires 24 hours after login, and if a new token verification code is required, You need to type in the login information again. 根据权利要求1所述的一种用于区块链的加密存储系统,其特征在于:所述文件群(S)内所有的数据加密采用磁盘加密,密钥管理由客户端执行。 The encrypted storage system for a blockchain according to claim 1, wherein all data encryption in the file group (S) is encrypted by a disk, and key management is performed by the client. 根据权利要求1所述的一种用于区块链的加密存储系统,其特征在于:所述多个密钥分配方案是根据安全性和性能的比率值来区分定义的,并且所述锁盒装置具有多重密钥。An encrypted storage system for a blockchain according to claim 1, wherein said plurality of key distribution schemes are differentiated according to ratio values of security and performance, and said lock box The device has multiple keys. 根据权利要求1所述的一种用于区块链的加密存储系统,其特征在于:所述区块链加密存储系统使用公钥密码作为访问权的确权密钥。The encrypted storage system for a blockchain according to claim 1, wherein the blockchain encryption storage system uses a public key cryptography as a security key for access rights. 根据上述任意一个权利要求所述的一种用于区块链的加密存储系统的使用方法,其特征在于包括如下步骤:A method of using an encrypted storage system for a blockchain according to any of the preceding claims, comprising the steps of: (1)将区块链内的文件分成块,以块为单位加密,块密钥放到锁盒中,一个文件群包含若干文件,属于同一文件拥有者,属于同一个群的锁盒具有相同的锁盒密钥和签名密钥;(1) Divide the files in the blockchain into blocks, encrypt them in block units, place the block keys in the lock box, and a file group contains several files belonging to the same file owner. The lock boxes belonging to the same group have the same Lock key and signature key; (2)文件群的拥有者创建锁盒后立即把锁盒密钥分发给用户,并且要对每个文件计算哈希树,对根签名并放入文件头部;(2) The owner of the file group immediately distributes the lock box key to the user after creating the lock box, and calculates a hash tree for each file, signs the root and puts it into the file header; (3)加密存储系统使用非对称的文件验证密钥或者使用文件签名密钥协议区分读和写的用户,这些密钥用来签名或验证文件块内容的哈希值,从而提供关于文件完整性的证明;(3) The encrypted storage system uses asymmetric file verification keys or uses the file signing key protocol to distinguish between read and write users. These keys are used to sign or verify the hash value of the file block contents, thus providing information about file integrity. Proof of (4)在请求一个文件的时候,服务器会把加密的锁盒和加密的文件块传给用户,然后用户使用锁盒密钥打开锁盒并使用锁盒中的相应密钥解密文件块。(4) When requesting a file, the server will pass the encrypted lock box and the encrypted file block to the user, and then the user opens the lock box using the lock box key and decrypts the file block using the corresponding key in the lock box. 根据权利要求8所述的一种用于区块链的加密存储系统的使用方法,其特征在于还包括如下步骤:对于统一文件群,文件拥有者利用原有锁盒密钥产生新的密钥,用户访问文件时,如果没有新锁盒密钥就从拥有者索取新的密钥,如果锁盒密钥不是最新用户要自己计算原来的密钥。A method for using an encrypted storage system for a blockchain according to claim 8, further comprising the step of: for a unified file group, the file owner generates a new key by using the original lock box key. When the user accesses the file, if there is no new lock box key, the new key is obtained from the owner. If the lock box key is not the latest user, the original key is calculated by itself. 根据权利要求8所述的一种用于区块链的加密存储系统的使用方法,其特征在于还包括:所述区块链加密存储系统使用文件签名密钥和文件验证密钥两种类型的密钥来进行文件的读写权限区分,当用户读或者写文件的时候,使用所述文件签名密钥和文件验证密钥验证数字签名和文件的哈希值,如果未能通过验证,用户认为文件遭到非法修改。 The method for using an encrypted storage system for a blockchain according to claim 8, further comprising: said blockchain encryption storage system uses two types of file signature keys and file verification keys. The key is used to distinguish between the read and write permissions of the file. When the user reads or writes the file, the file signature key and the file verification key are used to verify the hash value of the digital signature and the file. If the verification fails, the user considers The file was illegally modified.
PCT/CN2016/095578 2016-08-13 2016-08-16 Encrypted storage system for block chain and method using same Ceased WO2018032374A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610670777.8 2016-08-13
CN201610670777.8A CN106055993A (en) 2016-08-13 2016-08-13 Encryption storage system for block chains and method for applying encryption storage system

Publications (1)

Publication Number Publication Date
WO2018032374A1 true WO2018032374A1 (en) 2018-02-22

Family

ID=57480691

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/095578 Ceased WO2018032374A1 (en) 2016-08-13 2016-08-16 Encrypted storage system for block chain and method using same

Country Status (2)

Country Link
CN (1) CN106055993A (en)
WO (1) WO2018032374A1 (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108566436A (en) * 2018-05-28 2018-09-21 上海交通大学 A kind of distributed power equipment information collection system and method based on block chain
CN110135178A (en) * 2019-04-11 2019-08-16 贝克链区块链技术有限公司 Zero-lag account book access technique in the verifying of block chain
CN110993044A (en) * 2019-11-28 2020-04-10 周口师范学院 Lightweight dynamic autonomous cross-link interaction method for medical alliance link
CN111131259A (en) * 2019-12-26 2020-05-08 罗碧霞 Account sharing system based on multi-party collaborative project management mode
CN111177265A (en) * 2019-12-27 2020-05-19 安徽讯呼信息科技有限公司 Block chain domain division method
CN111177080A (en) * 2019-12-31 2020-05-19 西安理工大学 A knowledge graph storage and verification method based on blockchain and IPFS
CN111405223A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Video processing method, device and equipment
CN111416832A (en) * 2019-01-07 2020-07-14 珠海金山办公软件有限公司 File updating method and device, electronic equipment and readable storage medium
CN111415718A (en) * 2020-02-29 2020-07-14 重庆邮电大学 An electronic prescription sharing method based on blockchain and conditional proxy re-encryption
CN111985004A (en) * 2019-05-21 2020-11-24 欧簿客科技股份有限公司 Method for judging information integrity and computer system thereof
CN112635010A (en) * 2020-12-28 2021-04-09 扬州大学 Data storage and sharing method under edge calculation based on double block chains
CN112835977A (en) * 2021-01-20 2021-05-25 中国科学院信息工程研究所 A method and system for database management based on blockchain
CN113420325A (en) * 2021-06-07 2021-09-21 北京许继电气有限公司 Internet of things data management system and method based on block chain technology
CN113593090A (en) * 2021-07-30 2021-11-02 国家电网有限公司技术学院分公司 Transformer substation five-prevention Bluetooth lockset system based on block chain
CN113611014A (en) * 2021-07-08 2021-11-05 国家电网有限公司技术学院分公司 Five-prevention lock management method based on block chain
CN114116895A (en) * 2021-11-17 2022-03-01 北京八分量信息科技有限公司 Cloud storage system for block chain big data
CN114386098A (en) * 2021-12-31 2022-04-22 江苏任务网络科技有限公司 Big data storage and traceability system
CN114417375A (en) * 2021-12-30 2022-04-29 南京邮电大学 Interstellar file system encryption and decryption method based on slice optimization
CN115438320A (en) * 2022-07-25 2022-12-06 云海链控股股份有限公司 Hidden data right confirming method based on block chain and digital fingerprint
CN115687506A (en) * 2021-07-27 2023-02-03 深圳中经量子科技有限公司 Block chain-based file storage and reading method, device, equipment and medium
CN115842833A (en) * 2022-11-24 2023-03-24 国家电投集团重庆狮子滩发电有限公司 Processing method, device and system for super-fusion virtual storage
CN116090024A (en) * 2023-02-06 2023-05-09 山东昱鑫信息科技有限公司 Reliable data storage device, system and method
TWI802145B (en) * 2021-12-13 2023-05-11 財團法人國家實驗研究院 Validity management system for digital file and method for operating the same
CN116432207A (en) * 2023-06-07 2023-07-14 国网福建省电力有限公司 A blockchain-based power data permission hierarchical management method
US12153702B2 (en) 2022-02-25 2024-11-26 Micro Focus Llc Using a trusted authority to enforce encryption levels/authentication levels in a blockchain
CN119311310A (en) * 2024-09-27 2025-01-14 江苏新质信息科技有限公司 A method and system for issuing authorization for cryptographic device software module
CN120412868A (en) * 2025-04-17 2025-08-01 禾创科技有限公司 A medical data sharing method and system based on blockchain

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107944255B (en) * 2016-10-13 2020-08-04 深圳市图灵奇点智能科技有限公司 Block chain-oriented key management method
CN106548330B (en) * 2016-10-27 2018-03-16 上海亿账通区块链科技有限公司 Transaction verification method and system based on block chain
CN106991334B (en) 2016-11-24 2021-03-02 创新先进技术有限公司 Data access method, system and device
EP3566390B1 (en) * 2017-01-03 2020-12-02 University Of Stavanger User controlled, decentralized, distributed, and secure content distribution
CN106487821B (en) * 2017-01-04 2020-07-03 北京天云智汇科技有限公司 Digital signature method based on Internet block chain technology
CN106845960B (en) * 2017-01-24 2018-03-20 上海壹账通区块链科技有限公司 Method for secure transactions and system based on block chain
CN106973036B (en) * 2017-02-07 2020-04-14 杭州云象网络技术有限公司 Block chain privacy protection method based on asymmetric encryption
CN106919476A (en) * 2017-02-24 2017-07-04 中国科学院软件研究所 Data safety backup method, client and cloud server terminal based on alliance's chain
CN107451002B (en) * 2017-03-24 2020-11-10 北京瑞卓喜投科技发展有限公司 Active verification method and system for block chain of modified block volume data
WO2018176232A1 (en) * 2017-03-28 2018-10-04 深圳市源畅通科技有限公司 Anti-information loss electronic communication transaction login system with high security performance
CN107016272A (en) * 2017-03-28 2017-08-04 深圳市源畅通科技有限公司 A kind of high anti-information of security performance loses telecommunications transaction login system
CN108885899B (en) * 2017-04-01 2022-02-08 达闼机器人有限公司 Method, device and electronic device for processing medical image transmission data
CN107067720B (en) * 2017-04-01 2020-10-27 成都信息工程大学 Urban real-time traffic system and method based on block chain
CN106921677A (en) * 2017-04-20 2017-07-04 陈少峰 A kind of multiple encryption system of block chain houseclearing
CN107273410B (en) * 2017-05-03 2020-07-07 上海点融信息科技有限责任公司 Block chain based distributed storage
GB201707788D0 (en) * 2017-05-15 2017-06-28 Nchain Holdings Ltd Computer-implemented system and method
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
KR102588710B1 (en) * 2017-05-22 2023-10-16 엔체인 홀딩스 리미티드 Parameterizable smart contracts
CN107273455B (en) * 2017-05-31 2020-12-18 深圳前海微众银行股份有限公司 Blockchain data access method and device
CN107341402B (en) * 2017-06-19 2020-09-01 上海策链信息科技有限公司 Program execution method and device
CN107392528A (en) * 2017-06-30 2017-11-24 海航创新科技研究有限公司 Container operation data treating method and apparatus
WO2019006849A1 (en) * 2017-07-07 2019-01-10 克洛斯比尔有限公司 Method and system for electronic signature
CN107610279B (en) * 2017-08-11 2020-05-05 北京云知科技有限公司 Vehicle starting control system and method and intelligent key
US10296248B2 (en) * 2017-09-01 2019-05-21 Accenture Global Solutions Limited Turn-control rewritable blockchain
WO2019098873A1 (en) * 2017-11-16 2019-05-23 Accenture Global Solutions Limited Blockchain operation stack for rewritable blockchain
GB201720389D0 (en) * 2017-12-07 2018-01-24 Nchain Holdings Ltd Computer-implemented system and method
CN108259169B (en) * 2018-01-09 2021-07-20 北京大学深圳研究生院 A method and system for secure file sharing based on blockchain cloud storage
CN108471510A (en) * 2018-01-29 2018-08-31 东莞理工学院 Video operation record protection method and system based on block chain
CN110414256A (en) * 2018-04-26 2019-11-05 中思博安科技(北京)有限公司 A kind of accurate poverty alleviation data exchange sharing method and platform based on block chain
CN108683667B (en) * 2018-05-16 2021-12-03 深圳市迅雷网络技术有限公司 Account protection method, device, system and storage medium
CN109064124B (en) * 2018-07-17 2023-02-28 腾讯科技(深圳)有限公司 Method and device for verifying and storing work history based on block chain
CN109165205A (en) * 2018-08-21 2019-01-08 甲骨文科技时代(深圳)有限公司 A kind of date storage method and device based on block chain
CN110033258B (en) * 2018-11-12 2021-03-23 创新先进技术有限公司 Service data encryption method and device based on block chain
CN109525671B (en) * 2018-11-26 2021-05-14 远光软件股份有限公司 Block chain-based data storage method, electronic device and storage medium
CN109347868B (en) * 2018-11-27 2021-06-08 咪咕文化科技有限公司 Information verification method, device and storage medium
CN109451071B (en) * 2018-12-29 2021-05-11 杭州趣链科技有限公司 Credible data grid system based on block chain
CN109729168B (en) * 2018-12-31 2021-10-01 浙江成功软件开发有限公司 Data sharing exchange system and method based on block chain
TWI829061B (en) * 2019-02-25 2024-01-11 英屬維爾京群島商東方海外(信息科技)控股有限公司 Zero trust communication system for freight shipping organizations, and methods of use
CN109829824B (en) * 2019-03-05 2020-10-27 河钢国际科技(北京)有限公司 Commodity transaction information sharing method based on block chain technology
US11341261B2 (en) * 2019-04-05 2022-05-24 Spideroak, Inc. Integration of a block chain, managing group authority and access in an enterprise environment
CN111639063B (en) * 2020-06-08 2023-08-01 中国银行股份有限公司 Emergency information processing method and system based on block chain
CN111917720A (en) * 2020-06-28 2020-11-10 中科物缘科技(杭州)有限公司 File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain
CN111865965A (en) * 2020-07-16 2020-10-30 董海霞 Cloud electronic medical data encryption system
CN113159750A (en) * 2020-09-15 2021-07-23 裴俊伟 Block chain-based equipment determination method
CN113360931B (en) * 2021-06-29 2022-11-08 上海万向区块链股份公司 System and method for safeguarding judicial electronic delivery information based on block chain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN102546600A (en) * 2011-12-20 2012-07-04 华为技术有限公司 Proxy-based encryption and decryption method, network equipment, network device and system
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9547771B2 (en) * 2013-02-12 2017-01-17 Amazon Technologies, Inc. Policy enforcement with associated data
TWM504286U (en) * 2015-03-25 2015-07-01 Glory Tech Service Co Ltd Security digital memory card with embedded smart chip and card reader terminal
CN105844505A (en) * 2016-03-17 2016-08-10 深圳市新世纪启航科技开发有限公司 Method of carrying out digital currency trading through block chain technology
CN105812126B (en) * 2016-05-19 2018-10-12 齐鲁工业大学 Lightweight backup and the efficient restoration methods of healthy block chain data encryption key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN102546600A (en) * 2011-12-20 2012-07-04 华为技术有限公司 Proxy-based encryption and decryption method, network equipment, network device and system
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage

Cited By (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108566436B (en) * 2018-05-28 2023-06-27 上海交通大学 Distributed power equipment information acquisition system and method based on block chain
CN108566436A (en) * 2018-05-28 2018-09-21 上海交通大学 A kind of distributed power equipment information collection system and method based on block chain
CN111405223A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Video processing method, device and equipment
CN111416832B (en) * 2019-01-07 2023-03-24 珠海金山办公软件有限公司 File updating method and device, electronic equipment and readable storage medium
CN111416832A (en) * 2019-01-07 2020-07-14 珠海金山办公软件有限公司 File updating method and device, electronic equipment and readable storage medium
CN110135178A (en) * 2019-04-11 2019-08-16 贝克链区块链技术有限公司 Zero-lag account book access technique in the verifying of block chain
CN111985004A (en) * 2019-05-21 2020-11-24 欧簿客科技股份有限公司 Method for judging information integrity and computer system thereof
CN110993044A (en) * 2019-11-28 2020-04-10 周口师范学院 Lightweight dynamic autonomous cross-link interaction method for medical alliance link
CN110993044B (en) * 2019-11-28 2023-03-28 周口师范学院 Lightweight dynamic autonomous cross-link interaction method for medical alliance link
CN111131259B (en) * 2019-12-26 2023-12-22 北京亿邦德利智能科技有限公司 Accounting sharing system based on multiparty camping project management mode
CN111131259A (en) * 2019-12-26 2020-05-08 罗碧霞 Account sharing system based on multi-party collaborative project management mode
CN111177265A (en) * 2019-12-27 2020-05-19 安徽讯呼信息科技有限公司 Block chain domain division method
CN111177080A (en) * 2019-12-31 2020-05-19 西安理工大学 A knowledge graph storage and verification method based on blockchain and IPFS
CN111177080B (en) * 2019-12-31 2023-04-11 西安理工大学 Knowledge graph storage and verification method based on block chain and IPFS
CN111415718A (en) * 2020-02-29 2020-07-14 重庆邮电大学 An electronic prescription sharing method based on blockchain and conditional proxy re-encryption
CN111415718B (en) * 2020-02-29 2024-02-09 沈培君 Electronic prescription sharing method based on blockchain and conditional proxy re-encryption
CN112635010B (en) * 2020-12-28 2023-07-07 扬州大学 Data storage and sharing method under edge computing based on double block chains
CN112635010A (en) * 2020-12-28 2021-04-09 扬州大学 Data storage and sharing method under edge calculation based on double block chains
CN112835977B (en) * 2021-01-20 2022-07-15 中国科学院信息工程研究所 Database management method and system based on block chain
CN112835977A (en) * 2021-01-20 2021-05-25 中国科学院信息工程研究所 A method and system for database management based on blockchain
CN113420325A (en) * 2021-06-07 2021-09-21 北京许继电气有限公司 Internet of things data management system and method based on block chain technology
CN113420325B (en) * 2021-06-07 2024-05-28 北京许继电气有限公司 Internet of things data management system and method based on blockchain technology
CN113611014B (en) * 2021-07-08 2023-07-21 国家电网有限公司技术学院分公司 Five-prevention lockset management method based on block chain
CN113611014A (en) * 2021-07-08 2021-11-05 国家电网有限公司技术学院分公司 Five-prevention lock management method based on block chain
CN115687506A (en) * 2021-07-27 2023-02-03 深圳中经量子科技有限公司 Block chain-based file storage and reading method, device, equipment and medium
CN113593090A (en) * 2021-07-30 2021-11-02 国家电网有限公司技术学院分公司 Transformer substation five-prevention Bluetooth lockset system based on block chain
CN113593090B (en) * 2021-07-30 2023-07-18 国家电网有限公司技术学院分公司 A blockchain-based substation five-proof bluetooth lock system
CN114116895B (en) * 2021-11-17 2024-04-12 北京八分量信息科技有限公司 Cloud storage system for big data of block chain
CN114116895A (en) * 2021-11-17 2022-03-01 北京八分量信息科技有限公司 Cloud storage system for block chain big data
TWI802145B (en) * 2021-12-13 2023-05-11 財團法人國家實驗研究院 Validity management system for digital file and method for operating the same
CN114417375A (en) * 2021-12-30 2022-04-29 南京邮电大学 Interstellar file system encryption and decryption method based on slice optimization
CN114386098A (en) * 2021-12-31 2022-04-22 江苏任务网络科技有限公司 Big data storage and traceability system
CN114386098B (en) * 2021-12-31 2024-05-03 江苏大道云隐科技有限公司 Big data storage and traceability system
US12153702B2 (en) 2022-02-25 2024-11-26 Micro Focus Llc Using a trusted authority to enforce encryption levels/authentication levels in a blockchain
CN115438320B (en) * 2022-07-25 2023-08-11 云海链控股股份有限公司 Hidden data right determining method based on blockchain and digital fingerprint
CN115438320A (en) * 2022-07-25 2022-12-06 云海链控股股份有限公司 Hidden data right confirming method based on block chain and digital fingerprint
CN115842833A (en) * 2022-11-24 2023-03-24 国家电投集团重庆狮子滩发电有限公司 Processing method, device and system for super-fusion virtual storage
CN115842833B (en) * 2022-11-24 2023-12-15 国家电投集团重庆狮子滩发电有限公司 A processing method, device and system for hyper-converged virtual storage
CN116090024B (en) * 2023-02-06 2024-01-30 上海泰锟医药技术有限公司 Reliable data storage device, system and method
CN116090024A (en) * 2023-02-06 2023-05-09 山东昱鑫信息科技有限公司 Reliable data storage device, system and method
CN116432207B (en) * 2023-06-07 2023-09-22 国网福建省电力有限公司 A blockchain-based power data authority hierarchical management method
CN116432207A (en) * 2023-06-07 2023-07-14 国网福建省电力有限公司 A blockchain-based power data permission hierarchical management method
CN119311310A (en) * 2024-09-27 2025-01-14 江苏新质信息科技有限公司 A method and system for issuing authorization for cryptographic device software module
CN120412868A (en) * 2025-04-17 2025-08-01 禾创科技有限公司 A medical data sharing method and system based on blockchain
CN120412868B (en) * 2025-04-17 2025-09-30 禾创科技有限公司 Medical data sharing method and system based on blockchain

Also Published As

Publication number Publication date
CN106055993A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
WO2018032374A1 (en) Encrypted storage system for block chain and method using same
US11803654B2 (en) Integration of a block chain, managing group authority and access in an enterprise environment
CN106330452B (en) A secure network attachment and method for blockchain
US11238543B2 (en) Payroll based blockchain identity
US11874943B2 (en) Managing group authority and access to a secured file system in a decentralized environment
WO2018032377A1 (en) Read-only security file storage system for block chain, and method thereof
US11544392B2 (en) Implementation of a file system on a block chain
US20100005318A1 (en) Process for securing data in a storage unit
CN108259169A (en) A kind of file security sharing method and system based on block chain cloud storage
CN111010430B (en) Cloud computing security data sharing method based on double-chain structure
WO2018032379A1 (en) Untrusted remote transaction file secure storage system for block chain
Shu et al. Shield: A stackable secure storage system for file sharing in public storage
CN112989385B (en) A method and system for data security dynamic access control in cloud computing environment
CN106685994A (en) A cloud GIS resource access control method based on GIS role level authority
CN119272313B (en) A time-controlled fine-grained traceability method for large-scale supply chain data
CN114978664A (en) Data sharing method and device and electronic equipment
CN118368117A (en) Controlled access method and device for encrypting digital content on chain based on ciphertext policy attribute
CN114124392B (en) Data controlled circulation method, system, device and medium supporting access control
CN118018357A (en) A data encapsulation method for autonomous control and secure sharing
CN117457133A (en) Decentralised electronic medical record sharing method and system supporting dynamic access
CN117677946A (en) Systems and methods for improving researcher privacy in distributed ledger-based query record systems
Shu et al. Secure storage system and key technologies
Xia et al. Research on Data Security and Management Mechanism Based on Blockchain
CN121077640A (en) Fine-granularity medical data sharing method
CN120811674A (en) Hadoop data encryption and decryption method and system based on blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16913134

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16913134

Country of ref document: EP

Kind code of ref document: A1