1. The utility model provides a distributed account book is privacy protection system independently controllable which characterized in that includes:

the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;

the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the business data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed;

the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.

2. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the channel management module comprises:

the channel creating module is used for creating a channel according to a set strategy, and the strategy specifies which users can enter the channel;

and the channel updating module is used for updating the existing channel according to the new strategy and changing the users which can enter the existing channel.

3. The distributed ledger-autonomous controllable privacy-preserving system of claim 1, wherein the private data set comprises:

actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;

and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.

4. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the private data set management module comprises:

the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and when to clear the private data set;

the private data set updating module is used for updating data of specified data of an existing private data set needing to update data;

the private data set sharing module is used for sharing all or preset data in the private data set needing to share the data to a set user set;

and the private data set clearing module is used for automatically clearing the data of the private data set according to a preset private data set automatic clearing data strategy.

5. The distributed ledger-autonomous controllable privacy preserving system of claim 1, wherein the distributed ledger business process of the private data set comprises:

the client constructs a transaction proposal containing private data and submits the transaction proposal to an endorsement node, the endorsement node verifies the legality of the transaction proposal according to a preset check rule, the endorsement node executes a chain code function to read or write the private data, and the private data is sent to a transient field of the proposal;

the endorsement node simulates transaction, stores private data in a transient data storage, and then distributes the private data to the authorization node through a Gossip protocol according to a preset distribution strategy of a private data set;

after the endorsement node signs the verified transaction proposal, a response result which does not contain the actual private data but contains the hash value of the private data is returned to the client;

the client submits a response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction;

and the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.

6. The distributed ledger-autonomous controllable privacy-preserving system of claim 1, wherein the privacy mechanism of the private data set comprises:

the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;

the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password;

the transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.

7. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the identity confusion management module comprises:

the verifiable certificate issuing module is used for creating and issuing verifiable certificates;

a verifiable statement generation module for generating a verifiable statement;

and the verifiable statement verification module is used for verifying the verification statement.

8. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the privacy protection process of the identity confusion management service comprises:

the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;

a VC holder applies for VC from a VC issuer;

the VC issuer verifies the ID of the VC holder through the identity management service;

a VC issuer generates a VC and registers the VC to an identity management service;

the VC issuer sends the VC to the VC holder through a secure channel;

the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;

the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;

the VC issuer revokes the VC and submits the revocation information to the identity management service.

9. A cluster architecture of the distributed ledger-autonomous controllable privacy preserving system of any of claims 1 to 8, comprising:

the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,

the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;

the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;

the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;

the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.

10. A privacy protection method of a cluster architecture as claimed in claim 9, comprising the steps of:

receiving a privacy protection request service sent by a user through a client;

the method comprises the following steps that a service request of a user is subjected to load balancing through a load balancing module, and then is distributed to each reverse proxy module deployed in a cluster for reverse proxy;

under the action of each reverse proxy module deployed by the cluster, service requests are distributed to each server deployed by the cluster for corresponding processing;

each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;

when the specific operation on the database is the operation on the data stored for a long time, acquiring corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;

and when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.

Background

In the existing block chain technology, the distributed account book technology is an emerging technology in which a plurality of computer devices participate in 'accounting' together and maintain a complete distributed database together. The block chain technology has the characteristics of decentralization, openness and transparency, each computer device can participate in database recording, data synchronization can be rapidly carried out among the computer devices, and the like, so that the distributed account book technology has wide application in many fields.

The general characteristics of the distributed account book technology are represented by information transparency, sharing, traceability and wide participation, including:

(1) and (3) transparency: the dimension of information exposure is expanded;

(2) sharing: all nodes store data, and the data storage positions are increased;

(3) traceability: the storage of data can be permanent, which prolongs the storage time and causes the information to be difficult to forget;

(4) the method is widely participated in: the distributed book is used as a distributed network, and all parties need to achieve consensus, so that the open network environment is easy to incorporate an untrusted role.

Privacy protection requires information hiding, privacy, forgetting and limited participation, such as:

(1) hiding: the privacy information can be hidden and cannot be randomly accessed by other people;

(2) privatization: refers to the fact that private information exists only at nodes that are necessarily (or authorized to) possess the information;

(3) forgetting: the owner of the private information has the right to forget the information, so that the storage (exposure) time of the private information is shortened;

(4) limited participation: meaning that the identities of all participants are verifiable and trustworthy in a network.

Therefore, certain conflict exists between the distributed account book technology and privacy protection, and the current measures of the distributed account book technology in the aspect of privacy protection mainly include:

(1) address obfuscation techniques: the transaction information of the trader is difficult to track by an attacker through confusion of the transaction address of the user, and the technology comprises a centralized mixed coin technology, a decentralized mixed coin technology and a decentralized two-party mixed coin technology.

(2) Information hiding technology: the transaction information of the user is hidden (encrypted) by using complex cryptography technologies such as zero-knowledge proof, ring signature and the like, so that an attacker cannot acquire an information source code.

However, the above prior art still has the following disadvantages:

firstly, the current technology can not cause the privacy information to be forgotten;

secondly, the current technology uses a complex cryptography technology, the calculation task is heavy, and the efficiency can be possibly affected by a short performance board;

the privacy data can not be privately controlled by the current technology;

fourthly, under the current technology, the identity information of the user can not be displayed controllably;

and fifthly, under the current technology, the exposure range cannot be controlled by the user privacy information.

Disclosure of Invention

In view of one of the above technical problems, the present application provides an autonomous controllable privacy protection system for a distributed account book.

The application is realized by the following scheme:

a distributed account book autonomous controllable privacy protection system, comprising:

the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;

the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the business data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed;

the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.

Further, the channel management module includes:

the channel creating module is used for creating a channel according to a set strategy, and the strategy specifies which users can enter the channel;

and the channel updating module is used for updating the existing channel according to the new strategy and changing the users which can enter the existing channel.

Further, the private data set includes:

actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;

and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.

Further, the private data set management module includes:

the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and when to clear the private data set;

the private data set updating module is used for updating data of specified data of an existing private data set needing to update data;

the private data set sharing module is used for sharing all or preset data in the private data set needing to share the data to a set user set;

and the private data set clearing module is used for automatically clearing the data of the private data set according to a preset private data set automatic clearing data strategy.

Further, the distributed ledger business process of the private data set includes:

the client constructs a transaction proposal containing private data and submits the transaction proposal to an endorsement node, the endorsement node verifies the legality of the transaction proposal according to a preset check rule, the endorsement node executes a chain code function to read or write the private data, and the private data is sent to a transient field of the proposal;

the endorsement node simulates transaction, stores private data in a transient data storage, and then distributes the private data to the authorization node through a Gossip protocol according to a preset distribution strategy of a private data set;

after the endorsement node signs the verified transaction proposal, a response result which does not contain the actual private data but contains the hash value of the private data is returned to the client;

the client submits a response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction;

and the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.

Further, the privacy mechanism of the private data set includes:

the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;

the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password;

the transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.

Further, the identity confusion management module comprises:

the verifiable certificate issuing module is used for creating and issuing verifiable certificates;

a verifiable statement generation module for generating a verifiable statement;

and the verifiable statement verification module is used for verifying the verification statement.

Further, the privacy protection process of the identity confusion management service comprises the following steps:

the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;

a VC holder applies for VC from a VC issuer;

the VC issuer verifies the ID of the VC holder through the identity management service;

a VC issuer generates a VC and registers the VC to an identity management service;

the VC issuer sends the VC to the VC holder through a secure channel;

the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;

the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;

the VC issuer revokes the VC and submits the revocation information to the identity management service.

Another aspect of the present application further provides a cluster architecture of the privacy protection system with the distributed ledger being independently controllable, including:

the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,

the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;

the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;

the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;

the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.

Another aspect of the present application further provides a privacy protection method based on the cluster architecture, including the steps of:

receiving a privacy protection request service sent by a user through a client;

the method comprises the following steps that a service request of a user is subjected to load balancing through a load balancing module, and then is distributed to each reverse proxy module deployed in a cluster for reverse proxy;

under the action of each reverse proxy module deployed by the cluster, service requests are distributed to each server deployed by the cluster for corresponding processing;

each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;

when the specific operation on the database is the operation on the data stored for a long time, acquiring corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;

and when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.

Compared with the prior art, the method has the following beneficial effects:

the application provides a distributed account book autonomous controllable privacy protection system and a cluster architecture thereof, wherein the privacy protection system comprises a channel management module and a private data set management module identity confusion management module, the channel management module is used for providing management channel service, and comprises channel creation and updating operations, wherein the participation of a channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting specified conditions of the channel can join the channel; the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the service data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed; the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generating and verifiable statement verifying operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information. Compared with the prior art, the method and the device have the advantages that three different pluggable privacy protection technologies are provided, such as channel management service, private data set service and identity confusion service, and users can flexibly select and use the technologies according to own requirements. The method and the device realize limited participation of the network through the channel management service, forbid the non-trusted role from entering the network, and reduce the exposure range of the private information; according to the method and the device, privacy, hiding and forgetting of the private data of the user are achieved through private data set service, and the user can independently and controllably share the private data; the method and the device realize the controllable display of the user identity information through the identity confusion service; according to the method and the device, the privacy protection performance and the expansibility are improved by adopting a privacy protection architecture cluster deployment mode.

Drawings

Fig. 1 is a block diagram of a distributed ledger-autonomous controllable privacy protection system according to a preferred embodiment of the present application.

Fig. 2 is a schematic diagram of a privacy preserving architecture including a privacy preserving system.

Fig. 3 is a sub-module diagram of a channel management module according to the preferred embodiment of the present application.

Fig. 4 is a schematic diagram of a channel in a distributed ledger network according to a preferred embodiment of the present application.

Fig. 5 is a diagram of the ledger model of private data sets in the preferred embodiment of the present application.

Fig. 6 is a sub-module diagram of the private data set management module in the preferred embodiment of the present application.

Fig. 7 is a schematic diagram of a distributed ledger business process of private data sets in the preferred embodiment of the present application.

Fig. 8 is a schematic diagram of a privacy mechanism for private data sets in a preferred embodiment of the present application.

Fig. 9 is a sub-module schematic diagram of an identity confusion management module according to the preferred embodiment of the present application.

Fig. 10 is a schematic diagram illustrating a privacy protection process of an identity confusion management service according to a preferred embodiment of the present application.

Fig. 11 is a schematic diagram of a cluster architecture of a distributed ledger-autonomous controllable privacy protection system in accordance with a preferred embodiment of the present application.

Fig. 12 is a flowchart illustrating a privacy protection method based on the cluster architecture according to a preferred embodiment of the present application.

Detailed Description

It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.

For the sake of understanding, related art terms referred to in this application will be explained first.

Distributed account book technology: the distributed accounting book technology is an emerging technology which is formed by a plurality of computer devices participating in accounting and maintaining a complete distributed database. The block chain technology has the characteristics of decentralization, openness and transparency, each computer device can participate in database recording, data synchronization can be rapidly carried out among the computer devices, and the like, so that the distributed account book technology has wide application in many fields.

Verifiable Credentials (VC): the VC is a tamper-resistant certificate encrypted by a certificate issuer signature and has the characteristics of cryptology safety, privacy protection and machine readability. The voucher contains at least two pieces of information: one is metadata and statements representing verifiable credentials; second is the digital signature of the credential issuer.

Verifiable statement (VP): a VP is a tamper-resistant description that is generated by one or more VCs and contains a body signature that discloses the credentials.

Random salt: random salting refers to the process of "salting" by inserting a specific string at an arbitrarily fixed location in the password to make the hashed result not match the hashed result of the original password. Salts are generally divided into fixed salts and random salts. The form of the fixed salt is simple, such as adding random numbers in front and back, inserting specific digits, reversing the sequence or adding salt to the original data by various methods. However, the salt adding mode is easy to be broken by a large rainbow table, so that a random salt form exists. The random salt is generated randomly before the cipher digest, and the plain text of the salt and the digest are spliced and stored together. The random salt aims at the same code, the result after each encryption is different, but whether the abstract is matched with the plaintext password can be verified according to the salt stored in the encryption information, and relatively speaking, the random salt can ensure that the hash in the database cannot be inverted into the plaintext.

As shown in fig. 1, a preferred embodiment of the present application provides a distributed ledger autonomous controllable privacy protection system, including:

the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;

the private data set management module is used for providing private data set management services, including private data set creating, updating, sharing and clearing operations, so that the business data of the user is autonomously controlled by the user, a data sharing object is designated, and a data clearing mechanism is designated.

The identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.

As shown in fig. 2, a privacy protection architecture composed of the above system can be divided into three layers: a functional layer, a service layer and a technology layer, wherein:

the functional layer describes the functions that the privacy protection architecture can realize in the aspect of privacy protection, and the layer comprises the functions of channel participation control, data privacy control and identity privacy control, wherein:

the channel participation is controllable, namely the participation of the channel has authority control, a user cannot join a designated channel at will, and only the user meeting the designated condition of the channel can join the channel.

The controllable data privacy means that the service data of the user can be autonomously controlled by the user, a data sharing object can be specified, and a data clearing mechanism can also be specified.

The identity privacy is controllable, that is, the user can independently control the display of the identity information of the user and can complete the verification of the related authority on the premise of not displaying the original information.

The service layer describes the main services of the privacy protection architecture support function layer, including a channel management service, a private data set service and an identity obfuscation service, wherein:

the channel management service mainly provides services such as channel creation and updating.

The private data set service mainly provides services of private data set creation, updating, sharing, clearing and the like.

The identity obfuscation service mainly provides services of verifiable certificate issuance, verifiable claim generation, verifiable claim verification, and the like.

The technical layer describes technical services such as processing, storage and communication services required by the service layer, and mainly comprises technical services such as cryptography, communication protocols, data storage, a P2P network, certificate standards and the like.

The embodiment provides a distributed account book autonomous controllable privacy protection system, which comprises a channel management module and a private data set management module identity confusion management module, wherein the channel management module is used for providing management channel services, including channel creation and updating operations, and the participation of a channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting specified conditions of the channel can join the channel; the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the service data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed; the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generating and verifiable statement verifying operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information. Compared with the prior art, the method and the device have the advantages that three different pluggable privacy protection technologies are provided, such as channel management service, private data set service and identity confusion service, and users can flexibly select and use the technologies according to own requirements. The method and the device realize limited participation of the network through the channel management service, forbid the non-trusted role from entering the network, and reduce the exposure range of the private information; according to the method and the device, privacy, hiding and forgetting of the private data of the user are achieved through private data set service, and the user can independently and controllably share the private data; the method and the device realize the controllable display of the user identity information through the identity confusion service.

Specifically, as shown in fig. 3, the channel management module includes:

the channel creating module is used for creating a channel according to a set strategy, the strategy specifies which users can enter the channel, and the creating model is as follows:

Create_Channel(strategy)→new_Channel

wherein, stream represents the policy of the channel, which specifies which users can enter the channel;

a channel updating module, configured to update an existing channel according to a new policy, and change a user that can enter the existing channel, where an update model is as follows:

Update_Channel(channel,strategy)→{success,false}

wherein, channel represents the channel needing to be updated, and strategy represents the new strategy of the channel.

Several different organizations in a distributed ledger network may form a federation. A channel is established in a plurality of different organizations under the alliance, each channel has an independent account book, and the channel account books can be shared only among the organizations belonging to a certain channel. The channel isolation mechanism can ensure that a private network is formed between member organizations of the same channel and is isolated from unrelated organizations or individuals outside the channel. As shown in fig. 4, in a distributed ledger network including two alliances (alliance 1 and alliance 2), in alliance 2, channel 1 includes organizations 3, 4 and 5, channel 2 includes organizations 5 and 6, organizations 3 and 4 do not have authority to view the channel ledger of channel 2, organization 6 does not have authority to view the channel ledger of channel 1, and organization 5 can view the channel ledger of channels 1 and 2 because organization 5 belongs to both channels 1 and 2. The embodiment realizes limited participation of a network by providing the channel management service, prohibits an untrusted role from entering the network, reduces the exposure range of the privacy information, and solves the problem that the exposure range of the privacy information of a user cannot be controlled.

Specifically, as shown in fig. 5, the private data set includes:

actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;

and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.

Further, as shown in fig. 6, the private data set management module includes:

the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and the time for clearing the private data set, and an operation model of the private data set creating module is as follows:

Create_PraviteSet(A)→new_PraviteSet

a represents an attribute set of a private data set, and specifies the content of the private data such as sharing range, operation authority, clearing time and the like;

the private data set updating module is used for updating data of specified data of an existing private data set needing to update the data, and the operation model of the private data set updating module is as follows:

Update_PraviteSet(pravite_set,data_set)→{success,false}

the pravate _ set represents a private data set needing to update data, and the data _ set represents the data needing to be updated;

the private data set sharing module is used for sharing all or preset data in the private data set needing to share data to a set user set, and the operation model is as follows:

Update_PraviteSet(pravite_set,data_set)→{success,false}

the pravate _ set represents a private data set needing to share data, the user _ set represents a user set capable of sharing data, the data _ set represents data needing to share, and if the parameter is null, the whole private data set is shared;

the private data set clearing module is used for automatically clearing data of the private data set according to a preset private data set automatic clearing data strategy, and the operation model is as follows:

Delete_PraviteSet(pravite_set,strategy)→{success,false}

where pravate _ set represents a private data set that needs to be purged, and strategy represents a policy (defined when creating the private data set) for automatically purging data from the private data set, and if the policy is reached, the data from the private data set will be automatically purged.

Specifically, as shown in fig. 7, the distributed ledger business process of the private data set includes:

n1, the client constructs the transaction proposal containing private data and submits the proposal to the endorsement node, the endorsement node verifies the legality of the transaction proposal according to the preset check rule, the endorsement node executes the chain code function to read or write the private data, and the private data is sent to the transient field of the proposal;

n2, the endorsement node simulates the transaction, stores the private data in the transient data storage, and then distributes the private data to the authorization node through the Gossip protocol according to the preset distribution strategy of the private data set;

n3, after the endorsement node signs the verified transaction proposal, a response result of the hash value which does not contain the actual private data but contains the private data is returned to the client;

n4, submitting the response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction by the client;

and N5, the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.

Specifically, as shown in fig. 8, the privacy mechanism of the private data set includes:

the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;

the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password; if the private data set is relatively simple and predictable (e.g., transaction amount), unauthorized channel members may attempt to guess the content of the private data through brute force hashing of the domain space. Therefore, the private data set should be protected by a random salt manner, so that a matched hash cannot be found by brute force, and under the encryption protection of the hash function and the random salt, the private data set can be guaranteed to be verifiable while the hidden attribute is kept.

The transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.

Specifically, as shown in fig. 9, the identity confusion management module includes:

a verifiable credential issuance module to create and issue verifiable credentials:

Create(ID,A,sk_b)→VC

wherein ID represents the owner of the VC, A represents the identity attribute contained in the VC, sk_bA private key representing a credential issuer;

a verifiable assertion generating module to generate a verifiable assertion:

GenerateVP(Set_VC,sk_c)→VP

wherein，Set_VCIndicates the set of VCs, sk, required to generate a VP_cA private key representing the VP owner;

a verifiable assertion verification module for verifying a verification assertion:

VerifyVP(VP,pk_b,pk_c)→{ture,false}。

wherein, VP represents VP, pk to be verified_bPublic key, pk, representing the VC publisher_cRepresenting the VP owner's public key.

Specifically, as shown in fig. 10, the privacy protection process of the identity confusion management service includes:

1. the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;

2. a VC holder applies for VC from a VC issuer;

3. the VC issuer verifies the ID of the VC holder through the identity management service;

4. a VC issuer generates a VC and registers the VC to an identity management service;

5. the VC issuer sends the VC to the VC holder through a secure channel;

6. the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;

7. the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;

8. the VC issuer revokes the VC and submits the revocation information to the identity management service.

The VC holder, when generating the VP, may choose to place all identity attributes on the VC on the VP for presentation to the claim verifier. However, in order to protect identity privacy, the VC holder, with the support of cryptographic algorithm services, can generate a VP that selectively reveals or zero-knowledge proves the identity attributes, while satisfying the requirements of the claims verifier, and protecting identity privacy information.

As shown in fig. 11, another aspect of the present application further provides a cluster architecture of the privacy protection system with distributed ledger autonomous control, including:

the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,

the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;

the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;

the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;

the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.

Specifically, another aspect of the present application further provides a privacy protection method based on the cluster architecture, including the steps of:

s1, receiving a privacy protection request service sent by a user through a client;

s2, load balancing the service request of the user through the load balancing module, and then distributing the service request to each reverse proxy module deployed in the cluster for reverse proxy;

s3, under the action of each reverse proxy module deployed by the cluster, the service request is distributed to each server deployed by the cluster for corresponding processing;

s4, each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;

s5, when the concrete operation on the database is the operation on the data stored for a long time, obtaining the corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;

and S6, when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.

This embodiment is through adopting the mode of cluster architecture, has improved privacy protection's performance and expansibility, solves the problem that system efficiency is not enough.

The functionality of the method of the present embodiment, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in one or more computing device readable storage media. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.