Specific embodiment
Below in conjunction with attached drawing each exemplary embodiment that the present invention will be described in more detail.Although in attached drawing flow chart and
Schematic diagram shows some embodiments of the present invention, it should be understood that, the present invention can be realized by various forms, and
And should not be construed as limited to embodiments set forth here, providing these embodiments on the contrary is for more thorough and complete geography
The solution present invention.It should be understood that being merely to illustrate property of accompanying drawings and embodiments of the invention acts on, it is not intended to limit the present invention
Protection scope.
Fig. 1 instantiates the system for realizing data sharing using logical card that can be used for implementing example embodiments of the present invention
The schematic diagram of 100 framework.System 100 may include multiple client equipment (for example, client device 111,112) and block chain
Network (hereafter simply referred to as block chain) 120.
In an embodiment of the present invention, client device 111,112 (for example, mobile device or fixed equipment) can be via net
Network (for example, cable network or wireless network) is connected to each node of block chain 120.
Block chain network 120 (it can be private chain and is also possible to major network public affairs chain) includes multiple blocks by network connection
Chain node device (also referred herein as node), such as node 121,122 and 123.Although block chain shown in Fig. 1
120 only include three nodes and two client devices, but it should be appreciated that in practical applications, block catenary system 120 may include more
More or less node and more or fewer client devices.Also, in an embodiment of the present invention, on each client device
It is mountable to have corresponding Dapp, it can provide user oriented client end interface, and can realize to corresponding intelligent contract-defined interface
Encapsulation call.In an embodiment of the present invention, each node device in these node devices can calculate to calculate equipment
Equipment can be server or user equipment (for example, mobile device or fixed equipment).Between these block chain node devices
It can be by network come synchrodata, it is thus possible to avoid security risk brought by centralization node and security risk.Network
It can be any wired and or wireless network.Optionally, network can include but is not limited to, internet, wide area network, Metropolitan Area Network (MAN),
Local area network, Virtual Private Network, cordless communication network etc..Also, in an embodiment of the present invention, in these node devices
Logical card issuing module for example described in detail below, registration module, authorization module, data are fitted on each node device
Memory module, data inquiry module and Audit Module etc., these modules can be come real in a manner of one or more intelligent contracts
It is existing.
Fig. 2 instantiates the section that data sharing is realized using logical card in the block chain network of embodiment according to the present invention
The block diagram of point device 200.In an embodiment of the present invention, equipment 200 can be for example appointing for block chain (for example, block chain 120)
One node device.Equipment 200 may include logical card issuing module 201, registration module 202, authorization module 203, data memory module
204, data inquiry module 205 and Audit Module 206.These modules can realize by way of intelligent contract, and
These modules can be implemented in the same intelligent contract, or can also be implemented in separated intelligent contract.
Logical card issuing module 201 can be configured to the logical card (token) that predetermined quantity is issued in block chain network, wherein
The predetermined quantity can be determined according to actual use situation.Logical card can be used as client device to being stored in the account of block chain
The authorized certificate that accesses (including checking or downloading) of data record.In one implementation, client device (for example,
Chartered client device) it can be obtained in such a way that the either block chain link point into block chain network is bought
The logical card of respective numbers.In a further implementation, client device can also by the data record of their own is uploaded (for example,
Report) into the account book of block chain network, and in its data record by other client device access (such as check or download)
The logical card of quantity corresponding with accessed data record is obtained afterwards.Client device logical card obtained can be placed in its phase
In the account answered.In an embodiment of the present invention, data record can refer to any kind of data record, such as vehicle data note
Record (data record about car speed, the data record about tire rotational speed, the data note for the pressure born about wheel shaft
Record etc.).
Registration module 202 can be configured in response to receiving the registration request from client device, to the client
Equipment is registered (for example, distributing the certificate for accessing the modules in block chain network as the client device, and will
Corresponding certificate is stored in the account book of block chain network to carry out authentication to client device) so that the visitor
Family end equipment obtains the qualification for participating in data sharing.In one implementation, registration module 202 is further configured to come from receiving
After the registration request of client device, which is sent to each other chartered client device, and
These just receive the client and set in the case that at least the client device of more than half is agreed in chartered client device
Standby registration request, and only in the case where receiving the registration request, just the customer equipment is carried out in block chain network
Registration.
Authorization module 203 can be configured in response to receiving the authority distribution request from client device, to client
End equipment (for example, chartered client device) distributes upload permissions and/or access authority.Wherein, upload permissions may include
Allow to upload the permission of data record, and does not allow to upload the permission of data record.Access authority may include for example only allowing
The permission checked to data record only allows the permission being downloaded to data record, allows to look into data record
The permission etc. seen and downloaded.Data about the upload permissions and access authority distributed to each chartered client device
(for example, permissions list in) in account book can be stored in the account book of block chain network, in corresponding client device
For the upload permissions and/or visit to corresponding client device when initiating to be directed to the upload request or access request of data record
Ask that permission is verified.
Data memory module 204 can be configured to: come from client device (for example, the first client in response to receiving
Equipment) the upload request for one or more data record, which is stored in block link network
It wherein may include being accessed needed for (for example, check or download) to each data record in upload request in the account book of network
Logical card quantity.In one implementation, for identical data record is checked and downloaded, client device can be upper
It passes and specifies the quantity of required logical card different in request.It therefore, in this implementation, may include checking each number in upload request
The quantity of logical card needed for quantity and each data of downloading according to logical card needed for record.In addition, checking different data
The quantity of logical card needed for record can be different, and the quantity for downloading logical card needed for different data records can also be different.Please
Note that in an embodiment of the present invention, which can be chartered any customer equipment.For example, for every
One data record, by the mark of the data record and the respective client end equipment for uploading the data record (for example, the client
The title of equipment) and access the quantity of logical card needed for the data record and be collectively stored in the account book of block chain network.By
The account book of block chain network is stored in together with data record in the mark for the respective client end equipment for uploading the data record
In, therefore corresponding data record is found in block chain network, so that it may determine the data record be uploaded by whom, thus
So that client device can not deny the data record that it is uploaded.On the other hand, when the data record is by other clients
When end equipment is checked or downloaded, it is corresponding that block chain node can determine that the data record (will be checked or be downloaded) to needs with access
The logical card of quantity which client device distributed to.Data memory module is further configured to receiving from client device
The upload request for one or more data record after, to the client device carry out upload permissions verification, with judgement
The client device whether have allow upload data record permission, and only determine the client device have allow to upload
In the case where the permission of data record, just one or more data record is stored in the account book of block chain network.
In an embodiment of the present invention, data memory module is further configured to one or more each client device
The historical record for the upload behavior that data record uploads in the account book of block chain network is stored in the account book of block chain network,
So that auditing for Audit Module 206 to these upload behaviors of these client devices, to judge these clients
Whether the upload behavior of end equipment has surmounted the upload permissions of these client devices.
Data inquiry module 205 can be configured to: come from client device (for example, second client) in response to receiving
With at least one data record (for example, by the first client device upload one or more data record at least one
Data record) associated access request, at least one data record is inquired from the account book of block chain network;In response to
At least one data record is inquired, is accessed needed at least one data record from deduction in the account of the client device
Quantity logical card, and (for example, the first client device, but work as to the client device for uploading at least one data record
The second client device data record to be accessed so is depended on, other one or more client devices are also possible to)
Account distributes the logical card of respective numbers, and at least one data record is then sent to the client device.Data query mould
Block 205 is further configured to (look into receiving the access request associated at least one data record from client device
See request or downloading request) after, it accesses the verification of permission to the client device, to judge whether the client device has
There is the permission for allowing to carry out data record the access (check and/or download).The data inquiry module is further configured to true
In the case that the fixed client device has the permission for allowing to carry out data record the access, which is led to
Card verification, to judge it is at least one several to access and (check or download) this whether the client device has sufficient amount of logical card
According to record.
In an embodiment of the present invention, data inquiry module is further configured to inquire some client device by other
The historical record of the User behavior for the data record that one or more client devices upload is stored in the account book of block chain network
In, so that auditing for User behavior of the Audit Module to the client device, to judge the client device
Whether access behavior has surmounted the access authority of the client device.
Audit Module 206 can be configured to periodically examine the upload behavior of each client device and User behavior
Meter, to judge the client device with the presence or absence of surmounting the upload behavior of its upload permissions and surmount the access of its access authority
Behavior.
Fig. 3, which is instantiated, to be demonstrate,proved to realize data sharing being led to based on the utilization of block chain network for embodiment according to the present invention
The flow chart of illustrative methods 300.It note that this method 300 can be realized by the either block chain node of block chain network.Out
In illustrating brief purpose, this method 300 be for the first client device from registered to block chain network, to uploading number
It is write according to recording, arriving its data record again by the angle for the whole flow process that the second client device is inquired, but this method
It is applicable to any other client device.Method 300 can for example including registration step (e.g., including the step of being subsequently noted
301-303), authorisation step (e.g., including the step 304-305 being subsequently noted), data storing steps (e.g., including below
The step 306-308 mentioned), data query step (e.g., including the step 309- step 314) that is subsequently noted and audit step
Suddenly (e.g., including the step 315) being subsequently noted.But specific application is depended on, during use, may only it relate to
And the part steps in the multiple steps in this method 300 including are (for example, it may be possible to only relate to registration step, authorisation step, data
One or more of storing step, data query step and audit steps).In addition, it is to be appreciated that according to practical application, the party
One or more steps in method 300 can be omitted, without departing from scope of the present invention.
In step 301, the registration request from the first client device is received.
In step 302, judge whether to receive the registration request of first customer equipment.For example, in one implementation, it can
The registration request is sent to each client device registered to block chain network, and in these other clients
In the case that the client device of more than half in equipment receives the registration request, receive the registration request, otherwise refuses the note
Volume request.
In step 303, in the case where receiving the registration request, the first client device is registered, is otherwise returned
Return error message.For example, register to the first client device may include as the distribution of the first client device for access region
The certificate of the modules on each block chain node in block chain network, and corresponding certificate is stored in block chain network
For to the progress authentication of the first client device in account book.It, should after the registration to first client device is completed
First client device just obtains the qualification that data sharing is participated in the block chain network.
In step 304, the authority distribution request from the first client device is received.
In step 305, upload permissions and/or access authority are distributed to the first client device.Upload permissions may include
Allow to upload the permission of data record, or does not allow to upload the permission of data record.Access authority may include for example only allowing to look into
See the permission of data record, only allow the permission of downloading data record or allow to check the permission recorded with downloading data etc..
Data about the upload permissions and/or access authority distributed to each chartered client device can be stored in block chain
In the account book of network (for example, permissions list in) in account book, for initiating to be directed to data record in corresponding client device
Upload request or access request when for corresponding client device upload permissions and access authority verify.
Within step 306, the upload for one or more data record from first client device is received to ask
It asks, wherein may include the quantity of logical card needed for accessing each data record in upload request.In one implementation, upload is asked
Seek the number of logical card needed for may specify the quantity of logical card needed for checking each data record and each data of downloading
Amount.In addition, the quantity for checking logical card needed for different data records specified in upload request can be different, and download not
The quantity of logical card needed for same data record can also be different.
In step 307, upload permissions verification is carried out to the first client device, to judge that first client device is
It is no that there is the permission for allowing to upload data record.
In step 308, the first client device have allow upload data record permission in the case where, by this one
Item or a plurality of data record are stored in the account book of block chain network, otherwise return to error message.For example, for each data
Record, should by the mark (for example, title of the first client device) and access of the data record and the first client device
The quantity of logical card needed for data record is collectively stored in the account book of block chain network.Due to the mark of the first client device
It is stored in together with data record in the account book of block chain network, therefore finds the data record in block chain network, just
It can determine that the data record is uploaded by the first client device, so that the first client device can not upload it
Data record denied.On the other hand, when the data record is checked or downloaded by other client devices, block chain link
Point can determine that the logical card for (checking or downloading) the corresponding quantity of the data record with access is distributed to the first client by needs
End equipment, rather than other client devices.Although being recorded in block chain network to data by taking the first client device as an example here
Account book in storage be illustrated, but it should be appreciated that for other client devices upload data record for, also need by
It corresponding data record and the mark of other client devices and accesses together with the quantity of logical card needed for the data record
It is stored in the account book of block chain network.
In an embodiment of the present invention, which is uploaded to block link network by the first client device
The historical record of this upload behavior in the account book of network can be stored in the account book of block chain network, so that for examining
Meter module 206 audit to this upload behavior of first client device, with judge the first client device this
Whether upload behavior has surmounted the upload permissions of first client device.Although here with the first client device upload this one
It is illustrated for item or a plurality of data record, but this is equally applicable to other client devices and uploads other data records
Situation.
In a step 309, receive from the second client device with uploaded by the first client device one or more
The associated access request of at least one data record in data record.
In the step 310, it accesses the verification of permission to the second client device, to judge second client device
Whether there is the permission for allowing to carry out data record the access (check and/or download).
In step 311, the second client device have allow to carry out data record the access (check and/or under
Carry) permission in the case where, logical card verification is carried out to the second client device, to judge whether second client device has
Otherwise sufficient amount of logical card returns to error message to carry out the access (check or download) at least one data record.
In step 312, in the second client device, with sufficient amount of logical card, to access and (check or download), this is extremely
In the case where few data record, at least one data record is inquired from the account book of block chain network, is otherwise returned wrong
Accidentally message.
In step 313, it in response to inquiring at least one data record, is detained from the account of the second client device
Respective numbers are distributed except the logical card of quantity needed for access at least one data record, and to the account of the first client device
Logical card.The logical card for including in the account of second client device can be by the second client device via either block chain node
The data note that can also be uploaded to due to the second client device in the account book of block chain network to obtain is bought to block chain network
Record is obtained by other client device access (check or download).Although it is to be appreciated that here by taking the second client device as an example
The method for illustrating how to obtain logical card, but actually any client device can all obtain logical card in this way.
In a step 314, at least one data record inquired is sent to the second client device.
In an embodiment of the present invention, the second client device inquires this or more uploaded by the first client device
The historical record of this User behavior of at least one data record in data record can also be stored in block chain network
Account book in so that auditing for this User behavior of Audit Module 206 to second client device, to sentence
Whether this User behavior of disconnected second client device has surmounted the access authority of second client device.Although here with
It is illustrated at least one data record that the inquiry of second client device is uploaded by the first client device, but this is same
Sample is suitable for the case where inquiry of third client device uploads other data records by the 4th client device.
In step 315, periodically (for example, weekly, every month etc.) to the upload behavior of the first client device and
User behavior is audited, to judge the first client device with the presence or absence of the upload behavior for surmounting its upload permissions and surmount
The access behavior of its access authority.And determine the first client device exist surmount its upload permissions upload behavior and
In the case where the access behavior for surmounting its access authority, corresponding punitive measures is carried out to the first client device, such as deduct
Corresponding logical card etc..
By above method 300, can be implemented as data record (for example, Vehicular data recording) offer can not be distorted and can
The trusted storage of retrospect can provide safe and reliable access control for the share and access of data, can be to avoid by for example traditional
Centralization background server caused by many adverse effect factors (for example, data access safety issue etc.), also mention
The unified access to data is supplied.
The process of method in Fig. 3 also represents machine readable instructions, which includes being executed by processor
Program.The program can be by hypostazation in the software for being stored in visible computer readable medium, readable Jie of the tangible computer
Matter such as CD-ROM, floppy disk, hard disk, digital versatile disc (DVD), Blu-ray Disc or other forms memory.Substitution, Fig. 3
In exemplary method in some steps or all steps can utilize specific integrated circuit (ASIC), programmable logic device
(PLD), any combination of field programmable logic device (EPLD), discrete logic, hardware, firmware etc. is implemented.In addition, though
Flow chart shown in Fig. 3 describes the data processing method, but can the step in the processing method be modified, deletes or be closed
And.
As described above, using coded command (such as computer-readable instruction) Lai Shixian Fig. 1,3 instantiation procedure, the programming
Instruction is stored in visible computer readable medium, such as hard disk, flash memory, read-only memory (ROM), CD (CD), digital universal
CD (DVD), Cache, random access storage device (RAM) and/or any other storage medium, on the storage medium
Information can store any time (for example, for a long time, for good and all, of short duration situation, the caching of interim buffering and/or information).
As used herein, the term visible computer readable medium is expressly defined to include any type of computer-readable storage
Information.Additionally or alternatively, the instantiation procedure of Fig. 3, the volume are realized using coded command (such as computer-readable instruction)
Code instruction is stored in non-transitory computer-readable medium, such as hard disk, flash memory, read-only memory, CD, digital versatile disc,
Cache, random access storage device and/or any other storage medium, when the storage-medium information can store any
Between (for example, for a long time, for good and all, of short duration situation, the caching of interim buffering and/or information).It should be understood that the calculating
Machine readable instruction can also be stored in network server, on the platform of cloud, in order to user's use.
In addition, although operation is depicted with particular order, this simultaneously should not be construed and require this generic operation to show
Particular order is completed with sequential order, or executes the operation of all diagrams to obtain expected result.In some cases, more
Task or parallel processing can be beneficial.Similarly, although discussed above contain certain specific implementation details, this is not
It should be interpreted that any invention of limitation or the scope of the claims, and should be interpreted that the specific embodiment that can be directed to specific invention
Description.Certain features described in the context of separated embodiment can also be with combined implementation single real in this specification
It applies in example.Conversely, the various features described in the context of single embodiment can also discretely multiple embodiments or
Implement in any appropriate sub-portfolio.
Therefore, although describing the present invention referring to specific example, wherein these specific examples are merely intended to be to show
Example property, rather than limit the invention, but it will be apparent to those skilled in the art that not taking off
On the basis of spirit and scope of the invention, the disclosed embodiments can be changed, increased or deleted.