Search

CN-121980619-A - Data authorization and authentication and anonymous query method based on blockchain

CN121980619ACN 121980619 ACN121980619 ACN 121980619ACN-121980619-A

Abstract

The invention discloses a data authorization and authentication and anonymous query method based on a blockchain, which comprises the steps of initializing, authorizing and authentication, anonymously querying data and using the data, wherein the whole data authorization process is authenticated through an intelligent contract, an anonymous query mechanism is provided, a data owner can initiate a query request by using an anonymous identity, and after a system verifies encrypted authorization credentials, the system executes query on the chain and returns an encryption result; the invention stores the authorization record by utilizing the characteristics of non-falsification and traceability of the blockchain, provides an anonymous query function by combining a privacy computing technology, can ensure that the data control right is always mastered in the hand of a data owner in the sharing and using process, simultaneously realizes anonymous data query, protects the user privacy in the query process, realizes the trusted authorization, privacy protection and controllable use of the data, and meets the data compliance sharing requirement under multiple roles and multiple scenes.

Inventors

  • TANG HANLIN
  • XIAO BIN
  • ZHONG YU
  • PENG CHANGGEN
  • XU XUBIN
  • DING HONGFA
  • NIU JIN

Assignees

  • 贵州数据宝网络科技有限公司

Dates

Publication Date
20260505
Application Date
20251215

Claims (5)

  1. 1. The data authorization and authentication and anonymous query method based on the blockchain is characterized by comprising the following steps of: Firstly, initializing, namely generating public parameters which need to be used for encryption, wherein the public parameters comprise security parameter setting, key pair generation and security algorithm setting; Secondly, authorizing and storing the certificate, namely realizing the certificate storing function of the authorization token by utilizing a blockchain according to an authorization strategy set by a data owner, realizing the automatic authorization and verification function by an intelligent contract, and issuing the authorization token and a data result to a data user meeting the conditions; The anonymous inquiry service checks whether the data user submits a valid authorization token or not, verifies the authorization token by checking an authorization chain record on a blockchain, sends the encrypted inquiry request to an intelligent contract on the blockchain, verifies the validity of the authorization token by checking the authorization chain record on the blockchain, performs inquiry operation if the authorization token is valid, decrypts a result returned from the intelligent contract by the anonymous inquiry service, and returns the decrypted inquiry result to the data user; And fourthly, data use, namely sharing the data to a data user through an authorization chain and a service platform by the data owner, and performing data quality checking, calculation and query operation on the encrypted data through the data use component after the data user passes the authentication by using the authorization token.
  2. 2. The method for authorizing and checking up data based on blockchain as recited in claim 1, wherein the initializing includes the steps of: S1, setting safety parameters, namely defining a large prime number q, selecting an addition cycle group G 1 and a multiplication cycle group G 2 , and defining bilinear mapping The method meets the following conditions: Selecting a generator ; S2, generating a key pair, namely selecting a random number by a data user i Calculating public and private key pairs: , service platform selects random number Calculating public and private key pairs: , ; S3, setting a security algorithm, namely an AES (symmetric encryption algorithm), an ECDSA (public key encryption decryption algorithm), an encryption scheme based on elliptic curves and an ECDSA (signature and verification algorithm).
  3. 3. The method for authorizing and querying data based on blockchain as recited in claim 1, wherein the authorizing and authenticating steps include the steps of: s4, the data owner selects a symmetric encryption algorithm AES-256 to encrypt the original data M to generate ciphertext: Where K is a random generation symmetric key by the data owner, which computes the data catalog Wherein Storing the encrypted data C into cloud storage for hash function SHA-256, and sending data catalog information to a service platform, wherein the catalog information comprises data hash D, a data identifier, a data type, a storage address and data description information; S5, setting an authorization policy by a data owner to control the access authority of the data, wherein the authorization policy comprises, but is not limited to, visitor identity, designated user or organization allowed to access the data, access time, set access duration or validity period of the data, access conditions, preconditions required to be met by the visitor, and the access authority comprises access level defining data; S6, after receiving the authorization strategy set by the data owner, the service platform generates an authorization token Wherein As a private key of the service platform, policy is an authorization policy, and the service platform uses a signature algorithm to sign the authorization token and then stores the authorization token into the blockchain; s7, the intelligent contract is responsible for managing the authorization token and verifying the authorization token during data access so as to ensure that the data access accords with a preset strategy; S8, the data user submits a data access request to the service platform and provides a public key of the data user And the identity verification information, the service platform verifies the identity of the data user and checks whether the data user accords with the authorization strategy, if the data user passes the verification, the service platform generates an access authorization token The encrypted transaction data is sent to a data user, and the service platform records the authorized transaction on a blockchain so as to ensure the transparency and traceability of the authorization process; s9, data user holds authorization token Requesting encrypted data from the cloud storage and providing its own public key for decryption; the cloud storage server queries the blockchain for authorization tokens If the authorization token is verified, the cloud storage returns the encrypted data C to the data user, who decrypts the data M using the shared symmetric key K.
  4. 4. The method for authorizing and checking data based on blockchain as recited in claim 1, wherein the method for checking data anonymously comprises the following steps: S10, generating an anonymous identity by a data user, initiating a query request, designating a data range and other conditions of the query, and encrypting the query request to ensure the security in the transmission process; S11, an anonymous query service provided by the service platform receives an encrypted query request and an anonymous identity of a data user, the query service checks whether the data user submits a valid authorization token or not, and verifies through checking an authorization chain record on a blockchain, and the query service generates an encrypted query request which comprises query conditions and the encrypted authorization token and is used for verifying authority on the blockchain; S12, the anonymous query service sends an encrypted query request to an intelligent contract on the blockchain, the intelligent contract verifies the validity of an authorization token by checking an authorization chain record on the blockchain, if the authorization token is valid, the intelligent contract executes query operation, and the result is encrypted and returned to the anonymous query service; S13, the anonymous query service decrypts the returned result from the intelligent contract, and returns the decrypted query result to the data user.
  5. 5. The method for authorizing and checking up data based on blockchain as recited in claim 1, wherein the data use includes the steps of: s14, the data owner shares the data to the data user through an authorization chain and a service platform; S15, after the data user passes the verification by using the authorization token, performing data quality check, calculation and query operation on the encrypted data through the data use component.

Description

Data authorization and authentication and anonymous query method based on blockchain Technical Field The invention relates to a data authorization and authentication and anonymous query method based on a blockchain, and belongs to the technical field of information security and big data. Background With the rapid development of information technology and the rise of data economy, more and more enterprises and institutions need to share data to realize business growth and technical innovation. However, how to effectively protect ownership and usage rights of data during data sharing becomes an important issue. In the conventional data sharing mode, after the data owner grants the data to the user, the data owner often loses control over the data, which causes problems such as data abuse and data leakage. Blockchain technology provides a new solution for data logging and sharing by its decentralised, non-tamperable and traceable nature. By using the blockchain technology, a data owner can definitely authorize the use of data through an intelligent contract and can tamper-proof the authorization chain. The authorization process is managed through the intelligent contract, and the visitor of the data must meet the conditions specified by the contract to obtain the access right, so that the security of the data and the rights and interests of the data owners are ensured. However, in the prior art, during the process of data authorization and query, the data owner cannot control the use condition and range of the data after authorizing the data to be used in the traditional data sharing mode, and the risk of data abuse exists. During the process of querying the data authorization records, the identity of the user is easily exposed, resulting in disclosure of personal privacy. Although the blockchain can provide guarantee of data authorization and certification, the combination of privacy computing technology is weak in the process of data analysis and query, and the requirement of 'data availability invisible' cannot be ensured. Disclosure of Invention The technical problem to be solved by the invention is to provide a block chain-based data authorization and authentication and anonymous query method, which can ensure the control right of a data owner on data and ensure the privacy security of a user in the data query and analysis process. In order to solve the technical problems, the technical scheme of the invention is as follows: A data authorization and authentication and anonymous query method based on a blockchain comprises the following steps: Firstly, initializing, namely generating public parameters which need to be used for encryption, wherein the public parameters comprise security parameter setting, key pair generation and security algorithm setting; Secondly, authorizing and storing the certificate, namely realizing the certificate storing function of the authorization token by utilizing a blockchain according to an authorization strategy set by a data owner, realizing the automatic authorization and verification function by an intelligent contract, and issuing the authorization token and a data result to a data user meeting the conditions; The anonymous inquiry service checks whether the data user submits a valid authorization token or not, verifies the authorization token by checking an authorization chain record on a blockchain, sends the encrypted inquiry request to an intelligent contract on the blockchain, verifies the validity of the authorization token by checking the authorization chain record on the blockchain, performs inquiry operation if the authorization token is valid, decrypts a result returned from the intelligent contract by the anonymous inquiry service, and returns the decrypted inquiry result to the data user; And fourthly, data use, namely sharing the data to a data user through an authorization chain and a service platform by the data owner, and performing data quality checking, calculation and query operation on the encrypted data through the data use component after the data user passes the authentication by using the authorization token. As a preferred embodiment, the initializing includes the steps of: S1, setting safety parameters, namely defining a large prime number q, selecting an addition cycle group G 1 and a multiplication cycle group G 2, and defining bilinear mapping The method meets the following conditions: Selecting a generator ; S2, generating a key pair, namely selecting a random number by a data user iCalculating public and private key pairs:, service platform selects random number Calculating public and private key pairs:,; S3, setting a security algorithm, namely an AES (symmetric encryption algorithm), an ECDSA (public key encryption decryption algorithm), an encryption scheme based on elliptic curves and an ECDSA (signature and verification algorithm). As a preferred scheme, the authorization document comprises the following steps: s4, the data owner sele