CN110990484A - Block chain based information storage method and system, computer equipment and storage medium - Google Patents
Block chain based information storage method and system, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110990484A CN110990484A CN201911183946.5A CN201911183946A CN110990484A CN 110990484 A CN110990484 A CN 110990484A CN 201911183946 A CN201911183946 A CN 201911183946A CN 110990484 A CN110990484 A CN 110990484A
- Authority
- CN
- China
- Prior art keywords
- information
- identity certificate
- stored
- valid
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an information storage method, a system, computer equipment and a storage medium based on a block chain, wherein the method comprises the following steps: the method comprises the steps of receiving information to be stored, generating a public key and a private key according to a secret key generation rule, judging whether an effective identity certificate exists according to a certificate judgment rule, if not, sending an identity certificate acquisition request to a management server to acquire the effective identity certificate, associating the public key with the effective identity certificate to obtain associated information, sending the associated information to the management server, signing the information to be stored according to a signature rule and the private key to obtain information to be stored containing a signature value, associating the information to be stored with the public key and the signature value to obtain associated stored information, and storing the associated stored information in a distributed mode. By the method, the identity certificate and the information to be stored are stored respectively, so that the repeated storage of the identity certificate caused by adding the identity certificate in the information to be stored is avoided, the storage space is saved, and the efficiency of storing the data information is improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an information storage method and system based on a block chain, a computer device, and a storage medium.
Background
When data information is stored based on a block chain technology, in order to perform authority control and privacy protection on each node in a block chain, a certificate system based on a Public Key Infrastructure (PKI) may be used, in order to ensure validity of a signature in the data information, the data information from a block chain node needs to carry certificate information corresponding to the node, which results in a large amount of storage space required when the data information is stored and affects transmission efficiency of data between nodes, multiple pieces of data information from the same node all contain the same certificate information, and thus, due to the fact that the certificate information is repeatedly stored, storage resources are seriously wasted, and the scheme can greatly reduce efficiency of the block chain in storing the data information. Therefore, the prior art method has the problem of low data information storage efficiency.
Disclosure of Invention
The embodiment of the invention provides an information storage method, an information storage system, computer equipment and a storage medium based on a block chain, and aims to solve the problem of low data information storage efficiency in the prior art.
In a first aspect, an embodiment of the present invention provides an information storage method based on a block chain, including:
if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule;
judging whether a valid identity certificate exists according to a preset certificate judgment rule;
if no valid identity certificate exists, sending an identity certificate acquisition request to the management server so as to acquire a valid identity certificate corresponding to the user terminal from the management server;
if a valid identity certificate exists or a corresponding valid identity certificate is obtained, associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server;
signing the information to be stored according to a preset signature rule and the private key to obtain the information to be stored containing a signature value;
and associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
In a second aspect, an embodiment of the present invention provides an information storage system based on a block chain, including:
the secret key generating unit is used for generating a public key and a private key according to a preset secret key generating rule if the input information to be stored is received;
the identity certificate judging unit is used for judging whether a valid identity certificate exists according to a preset certificate judging rule;
a valid identity certificate acquisition unit, configured to send an identity certificate acquisition request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server if a valid identity certificate does not exist;
the association information sending unit is used for associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server if the valid identity certificate exists or the corresponding valid identity certificate is obtained;
the information to be stored signing unit is used for signing the information to be stored according to a preset signing rule and the private key so as to obtain the information to be stored containing a signing value;
and the distributed storage unit is used for associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the computer program, implements the block chain based information storage method according to the first aspect.
In a fourth aspect, the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the method for storing information based on a blockchain according to the first aspect.
The embodiment of the invention provides an information storage method and system based on a block chain, computer equipment and a storage medium. The method comprises the steps of receiving information to be stored, generating a public key and a private key according to a secret key generation rule, judging whether an effective identity certificate exists according to a certificate judgment rule, if not, sending an identity certificate acquisition request to a management server to acquire the effective identity certificate, associating the public key with the effective identity certificate to obtain associated information, sending the associated information to the management server, signing the information to be stored according to a signature rule and the private key to obtain information to be stored containing a signature value, associating the information to be stored with the public key and the signature value to obtain associated stored information, and storing the associated stored information in a distributed mode. By the method, the identity certificate and the information to be stored are stored respectively, so that the repeated storage of the identity certificate caused by adding the identity certificate in the information to be stored is avoided, the storage space is saved, and the efficiency of storing the data information is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information storage method based on a block chain according to an embodiment of the present invention;
fig. 2 is a schematic view of an application scenario of the information storage method based on a block chain according to an embodiment of the present invention;
fig. 3 is a sub-flowchart schematic diagram of an information storage method based on a block chain according to an embodiment of the present invention;
fig. 4 is another schematic flowchart of an information storage method based on a block chain according to an embodiment of the present invention;
fig. 5 is a schematic sub-flowchart of an information storage method based on a block chain according to an embodiment of the present invention;
fig. 6 is another schematic flowchart of an information storage method based on a block chain according to an embodiment of the present invention;
FIG. 7 is a schematic block diagram of a blockchain-based information storage system provided by an embodiment of the present invention;
FIG. 8 is a schematic block diagram of a computer device provided by an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic flowchart of an information storage method based on a block chain according to an embodiment of the present invention, and fig. 2 is a schematic application scenario diagram of the information storage method based on a block chain according to an embodiment of the present invention. The information storage method based on the block chain is applied to the user terminal 10, the method is executed through application software installed in the user terminal 10, and the management server 20 and the block chain network 30 realize the transmission of data information by establishing network connection with the user terminal 10. The user terminal 10 is a terminal device, such as a desktop computer, a notebook computer, a tablet computer, or a mobile phone, for executing the information storage method based on the blockchain, so as to store information, the management server 20 is a server side for establishing a network connection with the user terminal 10 to perform data transmission, and the blockchain network 30 is a terminal network formed by a plurality of terminal devices in the internet based on an intelligent contract. Fig. 2 only illustrates one ue 10 performing information transmission with the management server 20 and the blockchain network 30, and in practical applications, the blockchain network 30 and the management server 20 may perform information transmission with multiple ues 10 at the same time.
As shown in fig. 1, the method includes steps S110 to S160.
And S110, if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule.
And if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule. The user terminal receives information to be stored input by a user, the information to be stored can be transaction data, log data and the like and only contains data of character information, the block chain network is composed of a plurality of terminal devices, each terminal device in the block chain network corresponds to one node in the block chain network, and the user terminal can be used as one node in the block chain network. The public key and the private key are generated according to a key generation rule, wherein the key generation rule can be an Elliptic Curve Digital Signature Algorithm (ECDSA) or an Edwards curve digital signature algorithm (EDDSA). The public key and the private key can be generated according to the secret key generation rule, the public key and the private key appear in pairs, the private key can be used for signing (also called encrypting) information needing to be signed to obtain signature information, the public key can be used for verifying the signature information, only the signature information which is verified can be ensured to be valid signature information, namely, the signature in the signature information which is obtained by signature through the private key is confirmed to be valid.
For example, taking an elliptic curve digital signature algorithm as an example, the specific process of generating the public key and the private key is as follows: 1. an elliptic curve E is arbitrarily selected from elliptic curves contained in an elliptic curve digital signature algorithmp(a, b) and a base point G corresponding to the elliptic curve; 2. generating a random integer k as a private key according to the order n of G, wherein 0<k<n; 3. the public key P is calculated from the base point G as k × G.
And S120, judging whether a valid identity certificate exists according to a preset certificate judgment rule.
And judging whether a valid identity certificate exists according to a preset certificate judgment rule. And judging whether the user terminal stores a valid identity certificate according to the certificate judgment rule. The identity certificate is a certificate for proving the qualification that the user terminal can join the blockchain network to store information to the blockchain network, and only the user terminal storing a valid identity certificate can join the blockchain network and send the information to the blockchain network for storage. The valid identity certificate comprises an issuing organization, issuing time, a certificate validity period and terminal information of a user terminal, wherein the terminal information of the user terminal is information for identifying the user terminal, and the terminal information comprises identity identification information such as a user name of a user using the user terminal, an organization name (or company name) to which the user belongs, a mailbox address and the like.
In an embodiment, as shown in fig. 3, step S120 includes sub-steps S121, S122, S123 and S124.
S121, judging whether the identity certificate is stored in the user terminal.
And judging whether the identity certificate is stored in the user terminal. Firstly, judging whether an identity certificate is stored in a user terminal, if so, indicating that the user terminal is added into a blockchain network, and further judging whether the identity certificate is a valid identity certificate; and if the identity certificate is not stored in the user terminal, indicating that the user terminal does not join the block chain network.
And S122, if the user terminal stores the identity certificate, judging whether the identity certificate is valid according to the certificate judgment rule.
And if the user terminal has stored the identity certificate, judging whether the identity certificate is valid according to the certificate judgment rule. The certificate judgment rule is a rule for judging whether the identity certificate is valid, and the certificate judgment rule may be a rule for judging whether the identity certificate at the current time is overdue based on the issuing time of the identity certificate and the certificate validity period, or a rule for judging whether an issuing authority is a valid issuing authority, or a rule for judging whether the terminal information of the user terminal is matched with the user terminal.
Taking the example that the certificate judgment rule is used for judging whether the current identity certificate exceeds the period based on the signing time and the certificate validity period of the identity certificate, judging whether the current time is included in the time limited by the signing time and the certificate validity period, and if so, judging that the identity certificate is valid; if not, the identity certificate is judged to be invalid.
For example, if the issuance time of an identity certificate is 2018-07-11, the validity period of the certificate is 180 days, and the current time is 2018-11-01, the current time is included in the time defined by the issuance time and the validity period of the certificate, and the identity certificate is determined to be valid.
S123, if the user terminal does not store the identity certificate or judges that the obtained identity certificate is invalid, obtaining a judgment result of the identity certificate which is not stored and valid.
And if the user terminal does not store the identity certificate or judges that the obtained identity certificate is invalid, obtaining a judgment result of the identity certificate which is not stored and valid. If the user terminal does not store the identity certificate, indicating that the user terminal does not join the block chain network; if the identity certificate is judged to be invalid, the identity certificate stored in the user terminal cannot be normally used, and the two conditions are judged to obtain the judgment result of storing the valid identity certificate.
And S124, if the identity certificate is judged to be valid, obtaining a judgment result of the stored valid identity certificate.
And if the identity certificate is judged to be valid, obtaining a judgment result of the stored valid identity certificate.
S130, if no valid identity certificate exists, sending an identity certificate acquisition request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server.
And if the valid identity certificate does not exist, sending an identity certificate acquisition request to the management server so as to acquire the valid identity certificate corresponding to the user terminal from the management server. If the user terminal does not store the valid identity certificate, an identity certificate acquisition request needs to be sent to the management server to acquire the corresponding valid identity certificate. The identity certificate acquisition request includes terminal information of the user terminal.
In an embodiment, as shown in fig. 4, the method further includes steps S131, S132, and S133, which are all executed in the management server.
S131, if an identity certificate acquisition request from the user terminal is received, request summary information corresponding to the identity certificate acquisition request is generated according to a preset summary information generation rule.
And if an identity certificate acquisition request from the user terminal is received, generating request summary information corresponding to the identity certificate acquisition request according to a preset summary information generation rule. Specifically, the terminal information included in the identity certificate acquisition request is acquired, where the terminal information includes the user name of the user using the user terminal, the organization name (or company name) to which the user belongs, and the identification information such as the mailbox address. And performing hash operation on the terminal information according to the digest information generation rule to obtain corresponding digest information, wherein the hash operation is a secure hash algorithm 256.
In this embodiment, that is, Hash (basic information) is digest information, that is, after performing Hash operation on terminal information in the identity certificate acquisition request, one digest information is obtained, for information of any length (calculated by bit), SHA256 (secure Hash algorithm 256) generates data of length of 32 bytes, and SHA256 always processes the information as a string of one bit (bit).
For example, Hash (username: xyz, organization name: AA company, mailbox address: xyz @999.com) ═ 82D54BC57A6F1D 78.
S132, signing the request summary information according to a preset root certificate to obtain a digital signature.
And signing the request summary information according to a preset root certificate to obtain a digital signature. Specifically, the root certificate contains private key information, the process of signing the request summary information according to the root certificate is that the private key information of the root certificate is used for encrypting the request summary information, and encrypted data obtained after encryption is the digital signature. May be based on c ≡ neThe (modN) is calculated, namely the information N required to be encrypted is encrypted to obtain the encrypted information c, wherein (N, e) is the private key information of the root certificate, and the mode of signing the request summary information according to the root certificate can also be other encryption modes.
S133, generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding back the valid identity certificate to the user terminal.
And generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding back the valid identity certificate to the user terminal. Specifically, the certificate issuing rule is rule information for issuing a valid identity certificate, the certificate issuing rule includes an expiration date and issuing information, the expiration date is configured according to the expiration date, the issuing authority is configured according to the issuing information, the current time is used as issuing time, the obtained certificate expiration date, the issuing authority, the issuing time and the digital signature are added to the information included in the identity certificate acquisition request, and a corresponding valid identity certificate can be generated, and the generated valid identity certificate includes the issuing authority, the issuing time, the certificate expiration date, the terminal information of the user terminal and the digital signature.
In one embodiment, as shown in fig. 5, step S130 is followed by step S130 a.
S130, sending the valid identity certificate to the block chain network so as to store the valid identity certificate in a distributed mode.
And sending the valid identity certificate to the blockchain network so as to perform distributed storage on the valid identity certificate. Specifically, the valid identity certificate may be broadcasted according to a preset broadcast rule, so that the valid identity certificate is stored in a plurality of nodes of the blockchain network, that is, distributed storage of the valid identity certificate is realized. The broadcast rule includes a plurality of node addresses, each node address corresponds to a node in the block chain network, and the node address in the broadcast rule may be an IP address corresponding to a node preset by a user, or an IP address of a history node which is recorded in the user terminal and has performed data information transmission with the node corresponding to the user terminal. After the valid identity certificate is broadcasted according to the broadcast rule, the valid identity certificate is stored in a distributed mode in a plurality of nodes of the block chain, the corresponding identity certificate in the current user terminal can be verified through the valid identity certificates stored in other nodes, and the method can avoid repeated storage of the valid identity certificate in the same user terminal.
And S140, if a valid identity certificate exists or a corresponding valid identity certificate is obtained, associating the public key with the valid identity certificate to obtain associated information and sending the associated information to the management server.
And if a valid identity certificate exists or a corresponding valid identity certificate is obtained, associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server. And if the user terminal stores the valid identity certificate or acquires the valid identity certificate from the management server, associating the generated public key with the valid identity certificate to obtain associated information, and sending the associated information to the management server. One valid identity certificate can be associated with one or more public keys, and one valid identity certificate associated with the public key can be found according to the public key.
S150, signing the information to be stored according to a preset signature rule and the private key to obtain the information to be stored containing a signature value.
And signing the information to be stored according to a preset signature rule and the private key to obtain the information to be stored containing a signature value. The signature rule is a rule for signing the information to be stored by using a private key, the information to be stored containing a signature value is obtained after the information to be stored is signed, and the signature of the signature value contained in the information to be stored can be verified through a public key so as to verify whether the signature value is valid.
For example, taking an elliptic curve digital signature algorithm as an example, the process of signing the information to be stored according to the signature rule and the private key includes: 1. generating a random integer R according to the order n of G, and calculating a point R which is R multiplied by G, wherein 0<k<n and G are base points corresponding to the circular curves; 2. the information m to be stored and the point R are positioned on an elliptic curve EpCoordinate points (x, y) in (a, b) are used as parameters, and a hash is calculated according to SHA1 (secure hash algorithm 1), wherein the hash is SHA1(m, x, y); 3. calculating s ≡ r-hash × k (mod n); 4. and judging whether r or s is 0, if any number of r or s is zero, repeating the steps 1-4, and if both r and s are not zero, outputting r and s as signature values.
And after the signature value is acquired, attaching the signature value to the information to be stored to complete signature of the information to be stored, so as to obtain the information to be stored containing the signature value.
And S160, associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
And associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage. And associating the information to be stored, the public key and the signature value, and sending the information to be stored, the public key and the signature value to a block chain network for distributed storage, wherein the information for distributed storage does not contain a valid identity certificate. In addition, the stored book information corresponding to the information to be stored can be generated according to the summary information generation rule, and the stored book information is associated with the public key and the signature value and then sent to the block chain network for distributed storage.
In an embodiment, as shown in fig. 6, step S160 is followed by steps S170, S180, and S190.
S170, if the associated storage information to be stored from the block chain network is received, checking whether the associated storage information to be stored passes the verification according to a preset signature checking algorithm and a public key and a signature value in the associated storage information to be stored.
And if the associated storage information to be stored from the block chain network is received, checking whether the associated storage information to be stored passes the verification or not according to a preset signature checking algorithm and a public key and a signature value in the associated storage information to be stored. The user terminal receives the associated information to be stored sent by other nodes in the block chain network, firstly, the associated information to be stored is checked according to a check-sign algorithm, the associated information to be stored comprises valid information, a public key associated with the valid information and a signature value, and the public key and the signature value in the associated information to be stored are required to be used in the process of checking the valid information.
For example, taking an elliptic curve digital signature algorithm as an example, the process of verifying the stored associated information is as follows: 1. calculating s multiplied by G + SHA1(m) multiplied by P to obtain coordinate values (x1, y1) of a point D, wherein G is a base point corresponding to the circular curve, and r and s are signature values; 2. calculating r1 ≡ x1 mod P, wherein P is a public key; 3. and verifying whether the equation of r1 ≡ r mod P is established, wherein if the equation is established, the verification result is verified to be passed, and if the equation is not established, the verification result is not verified to be failed.
S180, if the associated information to be stored passes the verification, the public key is sent to the management server to obtain the certificate verification information whether the valid identity certificate corresponding to the public key passes the verification.
And if the associated information to be stored passes the verification, sending the public key to the management server to acquire certificate verification information whether a valid identity certificate corresponding to the public key passes the verification. The management server is an issuing organization of the valid identity certificates, the issued valid identity certificates and the public keys associated with the valid identity certificates are stored in the management server, the public keys in the associated information to be stored are sent to the management server, the management server can obtain the valid identity certificates corresponding to the public keys, and if the valid identity certificates corresponding to the public keys do not exist in the management server, certificate verification information which does not pass verification is fed back to the user terminal; if the valid identity certificate corresponding to the public key exists in the management server, whether the valid identity certificate exists in a certificate revocation list or not needs to be judged, a plurality of identity certificates needing to be revoked are stored in the certificate revocation list of the management server, and if the valid identity certificate does not exist in the certificate revocation list, certificate verification information passing verification is fed back to the user terminal; if the valid identity certificate exists in the certificate revocation list, the certificate verification information which does not pass the verification is fed back to the user terminal.
And S190, if the certificate verification information is verified to pass, storing the associated storage information to be stored.
And if the certificate verification information is verified to pass, storing the associated storage information to be stored. And if the received certificate verification information is verified to be passed, storing the associated storage information to be stored, namely storing the associated storage information to be stored in a storage space of the user terminal.
The information storage method based on the block chain provided by the embodiment of the invention comprises the steps of receiving information to be stored, generating a public key and a private key according to a secret key generation rule, judging whether a valid identity certificate exists according to a certificate judgment rule, sending an identity certificate acquisition request to a management server to acquire the valid identity certificate if the valid identity certificate does not exist, associating the public key and the valid identity certificate to obtain associated information, sending the associated information to the management server, signing the information to be stored according to a signature rule and the private key to obtain information to be stored containing a signature value, associating the information to be stored with the public key and the signature value to obtain the associated stored information, and storing the associated stored information in a distributed mode. By the method, the identity certificate and the information to be stored are stored respectively, so that the repeated storage of the identity certificate caused by adding the identity certificate in the information to be stored is avoided, the storage space is saved, and the efficiency of storing the data information is improved.
The embodiment of the present invention further provides an information storage system based on a block chain, where the information storage system based on a block chain includes a management server 20 and at least one user terminal 10, the user terminal 10 is configured to execute a method executable by the user terminal in the information storage method based on a block chain, and the management server 20 is configured to execute a method executable by the management server in the information storage method based on a block chain. Specifically, referring to fig. 7, fig. 7 is a schematic block diagram of an information storage system based on a block chain according to an embodiment of the present invention.
As shown in fig. 7, the user terminal 10 includes a key generation unit 110, an identity certificate judgment unit 120, a valid identity certificate acquisition unit 130, an association information transmission unit 140, a to-be-stored information signature unit 150, and a distributed storage unit 160.
The key generating unit 110 is configured to generate a public key and a private key according to a preset key generating rule if the input information to be stored is received.
An identity certificate judging unit 120, configured to judge whether a valid identity certificate already exists according to a preset certificate judgment rule.
In other embodiments of the present invention, the identity certificate determining unit 120 includes sub-units: the device comprises an identity certificate storage and judgment unit, an effective judgment unit, a first judgment result acquisition unit and a second judgment result acquisition unit.
An identity certificate storage judging unit, configured to judge whether an identity certificate is stored in the user terminal; the validity judging unit is used for judging whether the identity certificate is valid or not according to the certificate judging rule if the identity certificate is stored in the user terminal; a first judgment result obtaining unit, configured to obtain a judgment result of an identity certificate which is not stored and valid if the identity certificate is not stored in the user terminal or the identity certificate is judged to be invalid; and the second judgment result acquisition unit is used for acquiring a judgment result of the stored valid identity certificate if the identity certificate is judged to be valid.
A valid identity certificate obtaining unit 130, configured to send an identity certificate obtaining request to the management server to obtain a valid identity certificate corresponding to the user terminal from the management server if a valid identity certificate does not exist.
As shown in fig. 7, the management server 20 includes: a request digest information generation unit 131, a data signature acquisition unit 132, and a valid identification certificate generation unit 133.
A request summary information generating unit 131, configured to generate request summary information corresponding to an identity certificate acquisition request according to a preset summary information generation rule if the identity certificate acquisition request from the user terminal is received; a data signature obtaining unit 132, configured to sign the request digest information according to a preset root certificate to obtain a digital signature; and a valid identity certificate generating unit 133, configured to generate a valid identity certificate corresponding to the identity certificate obtaining request according to a preset certificate issuing rule and the digital signature, and feed back the valid identity certificate to the user terminal.
In other invention embodiments, the user terminal 10 further includes a sub-unit: identity certificate distributed storage unit.
And the identity certificate distributed storage unit is used for sending the valid identity certificate to the block chain network so as to store the valid identity certificate in a distributed manner.
The association information sending unit 140 is configured to, if a valid identity certificate exists or a corresponding valid identity certificate is obtained, associate the public key with the valid identity certificate to obtain association information, and send the association information to the management server.
And the to-be-stored information signing unit 150 is configured to sign the to-be-stored information according to a preset signature rule and the private key to obtain the to-be-stored information including a signature value.
And the distributed storage unit 160 is configured to associate the information to be stored with the public key and the signature value to obtain associated storage information, and perform distributed storage.
In another embodiment of the present invention, the ue further includes a subunit: the system comprises a signature verification unit, a certificate verification information acquisition unit and an information storage unit.
The signature verification unit is used for verifying whether the to-be-stored associated storage information passes verification or not according to a preset signature verification algorithm and a public key and a signature value in the to-be-stored associated storage information if the to-be-stored associated storage information from the block chain network is received; the certificate verification information acquisition unit is used for sending the public key to the management server to acquire the certificate verification information whether the valid identity certificate corresponding to the public key passes the verification or not if the associated information to be stored passes the verification; and the information storage unit is used for storing the associated storage information to be stored if the certificate verification information passes verification.
The information storage system based on the block chain provided by the embodiment of the invention is used for executing the information storage method based on the block chain, when information to be stored is received, a public key and a private key are generated according to a secret key generation rule, whether a valid identity certificate exists or not is judged according to a certificate judgment rule, if the valid identity certificate does not exist, an identity certificate acquisition request is sent to a management server to acquire the valid identity certificate, the public key and the valid identity certificate are associated to obtain associated information and sent to the management server, the information to be stored is signed according to a signature rule and the private key to obtain information to be stored containing a signature value, and the information to be stored is associated with the public key and the signature value to obtain associated stored information and is stored in a distributed mode. By the method, the identity certificate and the information to be stored are stored respectively, so that the repeated storage of the identity certificate caused by adding the identity certificate in the information to be stored is avoided, the storage space is saved, and the efficiency of storing the data information is improved.
The above-described blockchain-based information storage system may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 8.
Referring to fig. 8, fig. 8 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Referring to fig. 8, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to perform a blockchain-based information storage method.
The processor 502 is used to provide computing and control capabilities that support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can be caused to execute the block chain-based information storage method.
The network interface 505 is used for network communication, such as providing transmission of data information. Those skilled in the art will appreciate that the configuration shown in fig. 8 is a block diagram of only a portion of the configuration associated with aspects of the present invention and is not intended to limit the computing device 500 to which aspects of the present invention may be applied, and that a particular computing device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The processor 502 is configured to run a computer program 5032 stored in the memory to implement the information storage method based on the block chain according to the embodiment of the present application.
Those skilled in the art will appreciate that the embodiment of a computer device illustrated in fig. 8 does not constitute a limitation on the specific construction of the computer device, and that in other embodiments a computer device may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may only include a memory and a processor, and in such embodiments, the structures and functions of the memory and the processor are consistent with those of the embodiment shown in fig. 8, and are not described herein again.
It should be understood that, in the embodiment of the present invention, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a non-volatile computer readable storage medium. The computer readable storage medium stores a computer program, and the computer readable storage medium is installed in a user terminal or a management server, wherein computer readable instructions in the user terminal are executed by a processor to implement a method executable by the user terminal in the blockchain-based information storage method according to the embodiment of the present application, and computer readable instructions in the management server are executed by the processor to implement a method executable by the management server in the blockchain-based information storage method according to the embodiment of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, systems and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, system, and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only a logical division, and there may be other divisions in actual implementation, or units with the same function may be grouped into one unit, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. Further, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may also be an electrical, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a computer-readable storage medium, which includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. The computer-readable storage medium is a physical non-transitory storage medium, the computer-readable storage medium is a non-volatile storage medium, and the computer-readable storage medium may be an internal storage unit of the foregoing device, for example, a physical storage medium such as a hard disk or a memory of the device. The storage medium may also be an external storage device of the device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and other physical storage Media provided on the device.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. An information storage method based on a block chain is applied to a user terminal, the user terminal is communicated with a management server and a block chain network, and the method is characterized by comprising the following steps:
if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule;
judging whether a valid identity certificate exists according to a preset certificate judgment rule;
if no valid identity certificate exists, sending an identity certificate acquisition request to the management server so as to acquire a valid identity certificate corresponding to the user terminal from the management server;
if a valid identity certificate exists or a corresponding valid identity certificate is obtained, associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server;
signing the information to be stored according to a preset signature rule and the private key to obtain the information to be stored containing a signature value;
and associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
2. The method for storing information based on a blockchain according to claim 1, wherein the determining whether a valid identity certificate exists according to a preset certificate determination rule includes:
judging whether the identity certificate is stored in the user terminal;
if the user terminal has stored the identity certificate, judging whether the identity certificate is valid according to the certificate judgment rule;
if the user terminal does not store the identity certificate or judges that the obtained identity certificate is invalid, obtaining a judgment result of the identity certificate which is not stored and valid;
and if the identity certificate is judged to be valid, obtaining a judgment result of the stored valid identity certificate.
3. The blockchain-based information storage method according to claim 1, further comprising, after the sending an identity certificate acquisition request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server:
and sending the valid identity certificate to the blockchain network so as to perform distributed storage on the valid identity certificate.
4. The method of claim 1, further comprising:
if the to-be-stored associated storage information from the block chain network is received, checking whether the to-be-stored associated storage information passes the verification or not according to a preset signature checking algorithm and a public key and a signature value in the to-be-stored associated storage information;
if the associated information to be stored passes the verification, the public key is sent to the management server to obtain certificate verification information whether a valid identity certificate corresponding to the public key passes the verification;
and if the certificate verification information is verified to pass, storing the associated storage information to be stored.
5. An information storage method based on a block chain is applied to a management server and is characterized by comprising the following steps:
if an identity certificate acquisition request from the user terminal is received, generating request summary information corresponding to the identity certificate acquisition request according to a preset summary information generation rule;
signing the request summary information according to a preset root certificate to obtain a digital signature;
and generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding back the valid identity certificate to the user terminal.
6. A blockchain-based information storage system comprising a management server and at least one user terminal, the user terminal being configured to perform the method according to any one of claims 1 to 4, the management server being configured to perform the method according to claim 5, the user terminal comprising:
the secret key generating unit is used for generating a public key and a private key according to a preset secret key generating rule if the input information to be stored is received;
the identity certificate judging unit is used for judging whether a valid identity certificate exists according to a preset certificate judging rule;
a valid identity certificate acquisition unit, configured to send an identity certificate acquisition request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server if a valid identity certificate does not exist;
the association information sending unit is used for associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server if the valid identity certificate exists or the corresponding valid identity certificate is obtained;
the information to be stored signing unit is used for signing the information to be stored according to a preset signing rule and the private key so as to obtain the information to be stored containing a signing value;
and the distributed storage unit is used for associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
7. The blockchain-based information storage system according to claim 6, wherein the identity certificate determination unit includes:
an identity certificate storage judging unit, configured to judge whether an identity certificate is stored in the user terminal;
the validity judging unit is used for judging whether the identity certificate is valid or not according to the certificate judging rule if the identity certificate is stored in the user terminal;
a first judgment result obtaining unit, configured to obtain a judgment result of an identity certificate which is not stored and valid if the identity certificate is not stored in the user terminal or the identity certificate is judged to be invalid;
and the second judgment result acquisition unit is used for acquiring a judgment result of the stored valid identity certificate if the identity certificate is judged to be valid.
8. The blockchain-based information storage system according to claim 6, wherein the user terminal further includes:
and the identity certificate distributed storage unit is used for sending the valid identity certificate to the block chain network so as to store the valid identity certificate in a distributed manner.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor is configured to execute the computer program to perform the steps of the method according to any one of claims 1 to 4 or to perform the steps of the method according to claim 5.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the steps of the method according to any one of claims 1-4, or implements the steps of the method according to claim 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911183946.5A CN110990484B (en) | 2019-11-27 | 2019-11-27 | Information storage method, system, computer equipment and storage medium based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911183946.5A CN110990484B (en) | 2019-11-27 | 2019-11-27 | Information storage method, system, computer equipment and storage medium based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110990484A true CN110990484A (en) | 2020-04-10 |
CN110990484B CN110990484B (en) | 2023-10-24 |
Family
ID=70087410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911183946.5A Active CN110990484B (en) | 2019-11-27 | 2019-11-27 | Information storage method, system, computer equipment and storage medium based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110990484B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111832046A (en) * | 2020-07-02 | 2020-10-27 | 中通服创发科技有限责任公司 | Trusted data evidence storing method based on block chain technology |
CN112307445A (en) * | 2020-09-30 | 2021-02-02 | 深圳百纳维科技有限公司 | Identity management method and device based on block chain |
CN113515764A (en) * | 2021-06-24 | 2021-10-19 | 南京可信区块链与算法经济研究院有限公司 | Data management and control method |
CN114666065A (en) * | 2022-03-28 | 2022-06-24 | 深圳大学 | Block chain based message encryption transmission method, device, equipment and medium |
CN115430138A (en) * | 2022-08-25 | 2022-12-06 | 深圳快狗互动科技有限公司 | Stand-alone game data secure storage method and device and computer equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107079037A (en) * | 2016-09-18 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Identity identifying method, device, node and system based on block chain |
CN108777684A (en) * | 2018-05-30 | 2018-11-09 | 招商银行股份有限公司 | Identity identifying method, system and computer readable storage medium |
CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
US20190356641A1 (en) * | 2014-03-31 | 2019-11-21 | Monticello Enterprises LLC | System and Method for Performing Social Media Cryptocurrency Transactions |
CN110493237A (en) * | 2019-08-26 | 2019-11-22 | 深圳前海环融联易信息科技服务有限公司 | Identity management method, device, computer equipment and storage medium |
CN110490588A (en) * | 2019-08-23 | 2019-11-22 | 深圳前海环融联易信息科技服务有限公司 | Letter of identity management method, device, computer equipment and storage medium |
-
2019
- 2019-11-27 CN CN201911183946.5A patent/CN110990484B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190356641A1 (en) * | 2014-03-31 | 2019-11-21 | Monticello Enterprises LLC | System and Method for Performing Social Media Cryptocurrency Transactions |
CN107079037A (en) * | 2016-09-18 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Identity identifying method, device, node and system based on block chain |
CN108777684A (en) * | 2018-05-30 | 2018-11-09 | 招商银行股份有限公司 | Identity identifying method, system and computer readable storage medium |
CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
CN110490588A (en) * | 2019-08-23 | 2019-11-22 | 深圳前海环融联易信息科技服务有限公司 | Letter of identity management method, device, computer equipment and storage medium |
CN110493237A (en) * | 2019-08-26 | 2019-11-22 | 深圳前海环融联易信息科技服务有限公司 | Identity management method, device, computer equipment and storage medium |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111832046A (en) * | 2020-07-02 | 2020-10-27 | 中通服创发科技有限责任公司 | Trusted data evidence storing method based on block chain technology |
CN111832046B (en) * | 2020-07-02 | 2024-02-23 | 中通服创发科技有限责任公司 | Trusted data certification method based on blockchain technology |
CN112307445A (en) * | 2020-09-30 | 2021-02-02 | 深圳百纳维科技有限公司 | Identity management method and device based on block chain |
CN112307445B (en) * | 2020-09-30 | 2021-08-10 | 深圳百纳维科技有限公司 | Identity management method and device based on block chain |
CN113515764A (en) * | 2021-06-24 | 2021-10-19 | 南京可信区块链与算法经济研究院有限公司 | Data management and control method |
CN114666065A (en) * | 2022-03-28 | 2022-06-24 | 深圳大学 | Block chain based message encryption transmission method, device, equipment and medium |
CN114666065B (en) * | 2022-03-28 | 2023-05-30 | 深圳大学 | Message encryption transmission method, device, equipment and medium based on block chain |
CN115430138A (en) * | 2022-08-25 | 2022-12-06 | 深圳快狗互动科技有限公司 | Stand-alone game data secure storage method and device and computer equipment |
CN115430138B (en) * | 2022-08-25 | 2023-04-11 | 深圳快狗互动科技有限公司 | Stand-alone game data safe storage method and device and computer equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110990484B (en) | 2023-10-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110990484B (en) | Information storage method, system, computer equipment and storage medium based on block chain | |
CN109462483B (en) | Block chain based mail evidence storage method, device, equipment and storage medium | |
CN111989891B (en) | Data processing method, related device and block chain system | |
CN111628868A (en) | Digital signature generation method and device, computer equipment and storage medium | |
EP1401143A1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
US8468339B2 (en) | Efficient security information distribution | |
US9641340B2 (en) | Certificateless multi-proxy signature method and apparatus | |
US20230308287A1 (en) | Threshold signatures | |
KR20230024369A (en) | Creation of Secret Shares | |
EP2608477A1 (en) | Trusted certificate authority to create certificates based on capabilities of processes | |
CN114710298A (en) | Method, device, equipment and medium for batch signature of documents based on chameleon Hash | |
CN104012036A (en) | Combined digital certificate | |
EP4035304A1 (en) | Computer implemented method and system for storing certified data on a blockchain | |
CN111161075B (en) | Blockchain transaction data proving and supervising method, system and related equipment | |
CN107332833B (en) | Verification method and device | |
KR20120091618A (en) | Digital signing system and method using chained hash | |
CN112910661A (en) | Block chain consensus method, device, equipment and medium suitable for electronic subscription | |
KR100635280B1 (en) | Security method using electronic signature | |
CN110266478B (en) | Information processing method and electronic equipment | |
CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
CN111859314A (en) | SM2 encryption method, system, terminal and storage medium based on encryption software | |
CN111552950A (en) | Software authorization method and device and computer readable storage medium | |
CN115378615A (en) | Collaborative signature method and device, electronic equipment and storage medium | |
JP6634171B2 (en) | Apparatus, method and program for certifying public key reliability | |
CN114338027B (en) | Privacy processing method of blockchain, request terminal and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |