CN110493220A

CN110493220A - A kind of data sharing method based on block chain, equipment and storage medium

Info

Publication number: CN110493220A
Application number: CN201910760147.3A
Authority: CN
Inventors: 王强; 申子熹
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-08-16
Filing date: 2019-08-16
Publication date: 2019-11-22
Anticipated expiration: 2039-08-16
Also published as: CN110493220B

Abstract

A kind of data sharing method based on block chain, it include: the login password for obtaining login user input, after being verified, the identity documents of login user are generated according to login user identity information and the first digital signature, the identity documents of login user are sent to client, receive the acquisition request message sent after the second node equipment in block chain is verified for identity documents, signature verification is carried out to the second digital signature, after being verified, it is sent to second node equipment and obtains response message, obtaining in response message includes the block chain address that matched file destination and file destination are identified with file destination.In this way, second node equipment can deposit card according to the file that block chain address obtains file destination, and the legitimacy of file destination is verified with this.On the one hand based on the authentication between block chain implementation mechanism, on the other hand, the tamper-resistance properties based on block chain can guarantee the security reliability of data sharing process, to guarantee business normal progression.

Description

A kind of data sharing method based on block chain, equipment and storage medium

Technical field

This application involves block chain technical field more particularly to a kind of data sharing method based on block chain, equipment and Storage medium.

Background technique

Nowadays can there are more institution cooperations and the credible demand recognized each other of data under many scenes, for example, public in tradition Multiple mechanisms combines are needed to provide business handling service for user in service system, this multiple inter-agency mutual identity of needs is recognized Card just can handle related service after authentication passes through to bid to host people, bid to host people and need during transacting business multiple Inter-agency to issue some proving data back and forth, a variety of materials are submitted in multiplicating, and Bid Process is extremely complex and inefficiency, this It is primarily due to cannot achieve safely and reliably data sharing between multiple mechanisms.

At present in order to improve efficiency simple flow in tradition public service system, in each inter-agency configuration authentication The heart realizes authentication to realizing data sharing, but each inter-agency Dynamic data exchange storage management will guarantee its safety, The investment of its hardware and software is huge, is nonetheless also difficult to prevent external or internal factor to having number in practical applications According to distort, distorting for data just will have a direct impact on business handling.

Except of course that except public service system, it is a lot of other that business side's participation data exchange scene is needed to equally exist Problem is stated, based on this situation, it is urgent to provide a kind of data sharing methods at present, improve the safety of data sharing process.

Summary of the invention

The embodiment of the present application provides a kind of data sharing method based on block chain, by being realized not using block chain With the data sharing between operation system, and the safety of shared procedure is ensured.Present invention also provides corresponding device, Equipment, medium and computer program product.

The application first aspect provides a kind of data sharing method based on block chain, which comprises

The login password for obtaining login user input is tested according to the login password of the registration user of local service system storage The legitimacy of the login password of the login user input is demonstrate,proved, the login that registration user is stored in the local service system is close Code and identity information；

After the login password authentication of login user input passes through, according to the identity information of the login user and the One digital signature generates the identity documents of the login user, and the client of Xiang Suoshu login user sends the login user Identity documents；

It receives after the second node equipment in the block chain is verified for the identity documents of the login user and sends out The acquisition request message sent includes user identifier, the file destination mark of the login user in the acquisition request message with And second digital signature；

Signature verification is carried out to second digital signature, after being verified, the transmission of Xiang Suoshu second node equipment is obtained Response message is taken, including that the login user is corresponding in the acquisition response message identifies matched mesh with the file destination Mark the block chain address of file and the file destination.

The application second aspect provides a kind of data sharing method based on block chain, which comprises

The identity documents of login user are obtained, include the identity of the login user in the identity documents of the login user Information and the first digital signature, first digital signature are first node equipment the stepping in the login user in block chain Record password authentification carries out signature generation to the identity information of the login user after passing through；

The identity that the login user is obtained from the block chain deposits card, deposits card pair according to the identity of the login user The identity documents of the login user are verified；It is stored with what each node device in block chain network uploaded in the block chain Identity information based on registration user generates identity and deposits card；

After being verified, Xiang Suoshu first node equipment sends acquisition request message, wraps in the acquisition request message Include the user identifier, file destination mark and the second digital signature of the login user；

Receive the acquisition response message that the first node equipment is sent after second digital signature authentication passes through, institute State in acquisition response message includes that the login user is corresponding and the file destination identifies matched file destination and institute State the block chain address of file destination；

The file that the file destination is obtained from the block chain according to the block chain address of the file destination deposits card, The legitimacy that results demonstrate,proves the file destination is deposited according to the file of the file destination；Block chain is also stored in the block chain The file for the file generated uploaded based on user that each node device uploads in network deposits card.

The application third aspect provides a kind of first node equipment, and the equipment includes:

First authentication module, for obtaining the login password of login user input, according to the note of local service system storage The legitimacy of the login password of the input of login user described in the login password authentication of volume user, stores in the local service system There are the login password and identity information of registration user；Sending module, the login password authentication for being inputted in the login user By rear, the identity documents of the login user are generated according to the identity information of the login user and the first digital signature, to The client of the login user sends the identity documents of the login user；

Receiving module, the identity documents for being directed to the login user for receiving the second node equipment in the block chain The acquisition request message sent after being verified includes user identifier, the mesh of the login user in the acquisition request message Mark file identification and the second digital signature；

Second authentication module, for carrying out signature verification to second digital signature, after being verified, to institute State second node equipment and send and obtain response message, in the acquisitions response message including the login user it is corresponding with it is described File destination identifies the block chain address of matched file destination and the file destination.

The application fourth aspect provides a kind of second node equipment, and the equipment includes:

Module is obtained, includes described in the identity documents of the login user for obtaining the identity documents of login user The identity information of login user and the first digital signature, first digital signature are that the first node equipment in block chain is being tested Demonstrate,prove the login user login password pass through after signature generation at least is carried out to the identity information of the login user；

First authentication module, the identity for obtaining the login user from the block chain are deposited card, are stepped on according to described The identity for employing family is deposited card and is verified to the identity documents of the login user；Block chain network is stored in the block chain In the identity information based on registration user that uploads of each node device generate identity and deposit card；

Sending module, for after being verified, Xiang Suoshu first node equipment to send acquisition request message, the acquisition User identifier, file destination mark and the second digital signature in request message including the login user；

Receiving module is obtained for receive that the first node equipment sends after second digital signature authentication passes through Response message is taken, including that the login user is corresponding in the acquisition response message identifies matched mesh with the file destination Mark the block chain address of file and the file destination；

Second authentication module, for obtaining the mesh from the block chain according to the block chain address of the file destination The file of mark file deposits card, deposits the legitimacy that results demonstrate,proves the file destination according to the file of the file destination；The block The file that the file generated uploaded based on user that each node device in block chain network uploads also is stored in chain deposits card.

The 5th aspect of the application provides a kind of node device, and the node device includes processor and memory:

The memory is for storing computer program；

The processor is used to execute the number as described in above-mentioned first aspect or second aspect according to the computer program The step of according to sharing method.

The 6th aspect of the application provides a kind of computer readable storage medium, and the computer readable storage medium is for depositing Computer program is stored up, the computer program is for executing data sharing method described in above-mentioned first aspect or second aspect.

The 7th aspect of the application provides a kind of computer program product including instruction, when run on a computer, So that the computer executes method described in above-mentioned first aspect or second aspect.

As can be seen from the above technical solutions, the embodiment of the present application has the advantage that

A kind of data sharing method based on block chain is provided in the embodiment of the present application, by operation system and block chain In conjunction with, in the login password and identity information of local service system storage registration user, and will be based on the identity letter of registration user The identity that breath generates, which deposits card and deposits card in the file of the file generated locally uploaded based on the registration user, is stored in area On block chain, when user is to a certain mechanism transacting business, the machine of other business can be handled before accessing by login password First node equipment corresponding to structure obtains the node device and is generated by the identity information of login user and the first digital signature Identity documents, the corresponding second node equipment of operational agency to be handled realizes that identity is recognized each other by verifying identity documents, testing After card passes through, acquisition request message is sent to first node equipment, to request the corresponding file destination of login user, first node After equipment passes through the second digital signature authentication in acquisition request message, file destination is carried to the transmission of second node equipment And its acquisition response message of block chain address, in this way, second node equipment can obtain file destination according to block chain address File deposit card, and the legitimacy of the file destination is verified with this.On the one hand recognized based on the identity between block chain implementation mechanism Card, on the other hand, the tamper-resistance properties based on block chain can guarantee the security reliability of data sharing process, to guarantee business just Often progress.

Detailed description of the invention

Fig. 1 is the scene framework figure of the data sharing method based on block chain in the embodiment of the present application；

Fig. 2A is the flow chart of the data sharing method based on block chain in the embodiment of the present application；

Fig. 2 B is the flow chart of the data sharing method based on block chain in the embodiment of the present application；

Fig. 3 is the flow chart of the data sharing method based on block chain in the embodiment of the present application；

Fig. 4 is the application scenarios schematic diagram of the data sharing method based on block chain in the embodiment of the present application；

Fig. 5 is the interaction diagrams of the data sharing method based on block chain in the embodiment of the present application；

Fig. 6 A is inter-agency authentication schematic diagram in the embodiment of the present application；

Fig. 6 B is user identity authentication schematic diagram in the embodiment of the present application；

Fig. 7 A is data sharing schematic diagram in the embodiment of the present application；

Fig. 7 B is alliance's chain schematic diagram of auditing in the embodiment of the present application；

Fig. 8 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Fig. 9 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Figure 10 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Figure 11 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Figure 12 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Figure 13 is a structural schematic diagram of first node equipment in the embodiment of the present application；

Figure 14 is a structural schematic diagram of second node equipment in the embodiment of the present application；

Figure 15 is a structural schematic diagram of second node equipment in the embodiment of the present application；

Figure 16 is a structural schematic diagram of second node equipment in the embodiment of the present application；

Figure 17 is a structural schematic diagram of terminal in the embodiment of the present application.

Specific embodiment

In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only this Apply for a part of the embodiment, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist Every other embodiment obtained under the premise of creative work is not made, shall fall in the protection scope of this application.

The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that embodiments herein described herein for example can be to remove Sequence other than those of illustrating or describe herein is implemented.In addition, term " includes " and " having " and theirs is any Deformation, it is intended that cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, production Product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for this A little process, methods, the other step or units of product or equipment inherently.

For in traditional public service system each inter-agency configuration authentication center come realize authentication to It realizes data sharing, but needs to put into a large amount of hardware and softwares to guarantee safety, and be also difficult to prevent in practical applications External or internal factor is to this problem of distorting of data with existing, sharing of the application based on block chain technology and anti-tamper Characteristic proposes a kind of data sharing method based on block chain, specifically, stores stepping on for registration user in local service system Password and identity information are recorded, the identity that the identity information based on registration user generates is stored in block chain and deposits card and based on institute It states registration user and deposits card in the file of the file generated locally uploaded, user can carry out identity by input login password and test Card, and the identity documents for the user that first node equipment is generated according to the identity information of user and the first digital signature are obtained, with Identity is recognized each other between this implementation mechanism, is recognized each other in identity by rear, can be by way of sending acquisition request message from first segment Point device obtains file destination and its block chain address, obtains the file voucher of file destination, based on the block chain address to test The legitimacy for demonstrate,proving file destination, to ensure the safety of file destination shared procedure.

It is appreciated that data sharing method provided by the present application can be applied to public services' business handling, such as exist When founding enterprise, the mechanisms such as industrial and commercial administration, public security subbureau, bank, tax may be implemented identity and recognize each other and secure data It is shared, therefore, for the data that has been filed on, user be not necessarily to it is multiple it is inter-agency issue and repeat to submit back and forth, substantially increase Business handling efficiency saves user time and energy.The data sharing method can also be applied to medical field, realize different doctors Patient data management between mechanism such as Different hospital and pharmacy is treated, or is applied to financial field, such as property transfer scene, Transaction Information is shared between realization bank, broker, government official, buyer and seller.In order to make it easy to understand, hereinafter to found This scene of enterprise illustrates.

Specifically, above-mentioned data sharing method can be applied to block chain network, and two are included at least in the block chain network A node device, specially the first node equipment of sharing data and the second node equipment for enjoying data.Above-mentioned node device It can be any calculating equipment with data-handling capacity, including terminal or server, wherein terminal specifically can be platform Formula machine, laptop, tablet computer or smart phone etc..

Data sharing method provided by the present application can be stored in the node of block chain network in the form of a computer program Equipment, first node equipment and second node equipment realize the data sharing method of the application by operation computer program.It needs It is noted that computer program can be independent, it is also possible to be integrated in the program on other equipment, such as can be Functional module, plug-in unit or small routine etc..

In practical application, the data sharing method provided by the present application based on block chain can be, but not limited to be applied to such as In application environment shown in FIG. 1.

As shown in Figure 1, including multiple node devices in block chain network 100, such as the first node equipment of corresponding A mechanism 101 and corresponding B mechanism second node equipment 102, user can input in the client that the terminal 200 that itself holds is run Login password accesses first node equipment 101, and first node equipment 101 obtains the login password of login user input, according to this The legitimacy of the login password of the login password authentication login user input of the registration user of ground operation system storage, is used logging in After the login password authentication of family input passes through, first node equipment 101 is according to the identity information of the login user and the first number Word signature generates the identity documents of the login user, and the client of Xiang Suoshu login user sends the identity of the login user Voucher, wherein identity documents can be presented with quick response code form, and such second node equipment 102 can scan the two-dimensional code acquisition and step on The identity documents at family are employed, then the identity documents of login user are verified, and after being verified, are set to first node Standby 101 send acquisition request message, then receive what first node equipment 101 was sent after passing through to the second digital signature authentication Response message is obtained, file destination is obtained from the block chain according to the block chain address for obtaining file destination in response message File deposit card, according to the file of file destination deposit results card file destination legitimacy.

In order to enable the technical solution of the application it is clearer, it can be readily appreciated that separately below from first node equipment and Data sharing method is described in detail in the angle of two node devices.

The flow chart of data sharing method based on block chain shown in A referring to fig. 2, this method comprises:

S201: obtaining the login password of login user input, according to the login of the registration user of local service system storage The legitimacy of the login password of the input of login user described in password authentification.

Specifically, each mechanism for carrying out data sharing has corresponding local service system, and in block chain Node device in network.Wherein, local service system is used to provide corresponding business handling service for user, referring to fig. 2 B, User registers in local service system, and file, such as body needed for locally uploading transacting business after succeeding in registration Part documentary evidence, various qualifications files etc. are user's transacting business so that local service system is based on above-mentioned file.

In the present embodiment, it is stored with the login password and identity information of registration user in local service system, logs in close Code specifically can be the text of user's artificial settings, pattern, can also be that the biological characteristics such as fingerprint, face, iris, vocal print are believed Breath, it is clear that login authentication is carried out as login password using biological information, on the one hand can simplify user's operation, Yong Huwu Need memory cipher that verifying can be realized, on the other hand, biological information can tamper it is lower, have higher reliability, identity Information then can be the information of user inputs in registration characterization user identity, including name, age, gender, occupation, institute Belong to unit, contact method, identification card number etc..

In view of data sharing demand, first node equipment is also by the body of the identity information generation based on the registration user Part deposits card and deposits card in the file of the file generated locally uploaded based on the registration user and is stored on block chain.Its In, identity is deposited card to first node equipment and file deposits card and is stored in the process of block chain and is properly termed as identity and deposits card cochain and text Part deposits card cochain.

Card cochain is deposited for identity, can specifically be accomplished in that the identity for obtaining the registration user input The identity information of the registration user is stored in the local service system, then to the identity of the registration user by information Information carries out Hash operation and obtains cryptographic Hash, deposits card, last first node for the cryptographic Hash as the identity of the registration user The identity of the registration user is deposited card broadcast to the block chain, to store the registration user on the block chain by equipment Identity deposit card.File, which deposits the upper chain process of card and may refer to identity, deposits the upper chain process of card, no longer relates herein.

It, can be by unified entrance such as dedicated programs or small when user is when another mechanism handles corresponding business Routine access first node equipment, specifically, user can input user in the login interface of dedicated programs or small routine Name and login password, in this way, the available user name of first node equipment and login password, it is stored with local service system Registration user user name and login password be compared, if unanimously, being verified, allow to log in, the table if inconsistent Bright user name or login password are wrong, and first node equipment can return to prompting message to client, and user is reminded to step on again Record.

S202: after the login password authentication of login user input passes through, believed according to the identity of the login user Breath and the first digital signature generate the identity documents of the login user, and the client of Xiang Suoshu login user sends the login The identity documents of user.

For first node equipment, the login password authentication of login user input passes through, then shows that login user is Believable, first node equipment can generate identity documents for the login user, so as to based between the voucher implementation mechanism Identity is recognized each other.

In specific implementation, first node equipment services CA application key pair (public key and private key) to digital certificate, can be with Understand, the corresponding node device of other mechanisms such as second node equipment knows the public key of first node equipment, first node equipment Signature meter can be carried out to the information including the identity information of the login user using signature algorithm according to its private key It calculates, generates the first digital signature, then be packaged to generate to log in by the identity information of the login user and the first digital signature and use The identity documents at family.

In some cases, user can also select to disclose according to different business oneself to need disclosed information, avoid quick Sense information is illegally revealed.Specifically, before the user identity voucher for generating the login user, first node equipment can be obtained Take the file destination mark that the login user is specified, wherein the target that file destination mark can be formulated with unique identification user File can be file name, number as an example, it is certainly contemplated that file type during some business handlings There is uniqueness, can also be identified using the type identification of file destination as file destination, such as identity card, business license Deng then it is specified to the identity information of the login user and the login user to can use local terminal private key for first node equipment File destination mark carry out signature and generate first digital signature, by the identity information of the login user and the login The file destination mark and first digital signature that user specifies are packaged the user identity voucher for generating the login user.

Wherein, the pattern of user identity voucher can be arranged according to actual needs, such as identity letter can be directly used The combination of breath and the first digital signature can also encode it as identity documents, as generated institute with quick response code form State the user identity voucher of login user.By two dimensional code, operation convenience on the one hand can be improved, on the other hand can ensure The safety of identity information, avoids information leakage.

S203: the second node equipment received in the block chain is verified for the identity documents of the login user The acquisition request message sent afterwards.

Specifically, the identity documents of the available login user of second node equipment, are such as obtained by scanning the two-dimensional code mode Identity documents are taken, then using the first digital signature in the public key verifications identity documents of first node equipment, to realize second Certification of the node device to authority identity shows that authority identity is credible, first node is set if the first digital signature authentication passes through The standby identity that the login user is obtained from the block chain deposits card, is deposited described in results demonstrate,proves according to the identity of the login user The legitimacy of the identity information in user identity voucher realizes certification of the second node equipment to user identity.If second Node device is verified for the identity documents of login user, then second node equipment can send to first node equipment and obtain Request message is taken, to obtain file destination from first node equipment.

User identifier, file destination mark and the second number in the acquisition request message including the login user Signature, wherein the second digital signature is second node equipment according to own private key, using signature algorithm to including login user Information including user identifier, file destination mark carries out signature calculation generation, and specific calculating process may refer to first The calculating process of digital signature.First node equipment is identified by carrying user identifier and file destination in acquisition request message It can indicate that second node equipment returns to file destination corresponding with user identifier characterization user.

S204: signature verification is carried out to second digital signature, after being verified, Xiang Suoshu second node is set Preparation send acquisition response message, and include that the login user is corresponding in the acquisition response message identifies with the file destination The block chain address of matched file destination and the file destination.

Specifically, first node equipment can be according to the public key of second node equipment, using signature algorithm to including logging in Information including the user identifier of user, file destination mark is locally carrying out signature calculation, by itself and the second number for receiving Word signature is compared, if unanimously, passing through for the second digital signature authentication, otherwise verifying and do not pass through.

When the second digital signature authentication passes through, show that the acquisition request message is credible, first node equipment can basis User identifier and file destination mark obtain that the login user is corresponding to identify matched file destination with the file destination, And obtaining the block chain address of the file destination, i.e. the file of file destination deposits the storage address demonstrate,proved in block chain network, so Afterwards file destination and its block chain address are packaged to generate and obtain response message, sent acquisition response to second node equipment and disappear Breath.In this way, second node equipment not only available file destination, can also obtain file according to block chain address and deposit card, so The cryptographic Hash of file destination can be obtained by carrying out Hash calculation to file destination afterwards, be compared by the way that it is deposited card with file Compared with to verify the legitimacy of file destination.

In some possible implementations, it is contemplated that Information Security and trackability, first node equipment can be with By the file acquisition behavior record cochain of user, so that record is checked for user maintenance file, to there is security incident When can be traced by the record.Specifically, described in first node equipment can be obtained for the second node equipment The behavior record of file destination, which generates, obtains user behaviors log, then carries out Hash operation to the acquisition user behaviors log and obtains Hash Value, as the reading voucher of the file destination, the reading voucher of the file destination is broadcasted to the block chain, with The reading voucher of the file destination is stored on the block chain.

In view of tracing integrality, local operation log can also also be carried out cochain by first node equipment, for audit Work provides data basis.Specifically, first node equipment can also be directed to the operation behavior log of the local service system It carries out Hash operation and obtains cryptographic Hash, as local operation voucher, then broadcast the local operation voucher to the block On chain, to store the local operation voucher of the file destination on the block chain.In this way, the use in the block chain network In the audit node device for realizing audit function when being audited for each mechanism, each mechanism can be obtained from block chain Operational credentials are verified with the authenticity of the operation log provided each mechanism itself, and each mechanism is based on after being verified Operation log audited, issue auditing result, to facilitate each mechanism to check in time.

From the foregoing, it will be observed that the embodiment of the present application provides a kind of data sharing method, by operation system and block chain combination, The login password and identity information of registration user are stored in local service system, and will be generated based on the identity information of registration user Identity deposit card and card is deposited in the file of the file generated locally uploaded based on the registration user be stored on block chain, When user is to a certain mechanism transacting business, can be handled corresponding to the mechanism of other business before being accessed by login password First node equipment, obtain identity that the node device is generated by the identity information of login user and the first digital signature with Card, the corresponding second node equipment of operational agency to be handled is recognized each other by verifying identity documents realization identity, after being verified, Acquisition request message is sent to first node equipment, to request the corresponding file destination of login user, first node equipment is to obtaining After taking the second digital signature authentication in request message to pass through, file destination and its block are carried to the transmission of second node equipment The acquisition response message of chain address, in this way, second node equipment can be deposited according to the file that block chain address obtains file destination It demonstrate,proves, and verifies the legitimacy of the file destination with this.On the one hand based on the authentication between block chain implementation mechanism, another party Face, the tamper-resistance properties based on block chain can guarantee the security reliability of data sharing process, to guarantee business normal progression.

Next, data sharing method provided by the embodiments of the present application is introduced from the angle of second node equipment.

The flow chart of data sharing method shown in Figure 3, this method comprises:

S301: the identity documents of login user are obtained.

It is described including the identity information and the first digital signature of the login user in the identity documents of the login user First digital signature be first node equipment in block chain after the login password authentication of the login user passes through to described The identity information of login user carries out signature generation.

In specific implementation, B, the unified entrance that user can be provided by client access first node and set referring to fig. 2 It is standby, the login password of login user described in first node device authentication pass through after to client return the identity of the login user with Card, in this way, second node equipment can obtain the identity documents of login user from client.Specifically, user identity voucher can To exist with quick response code form, in this way, second node equipment can obtain the identity documents of login user by barcode scanning mode.

S302: the identity that the login user is obtained from the block chain deposits card, according to the identity of the login user Card is deposited to verify the identity documents of the login user.

Specifically, the identity letter based on registration user that each node device in block chain network uploads is stored in block chain The identity that breath generates deposits card, and user can realize the double authentication of user identity and authority identity with identity-based voucher.Carry out It, can be first with the public key of the first node equipment to described in the identity documents of the login user when authentication One digital signature carries out signature verification, and after first digital signature authentication passes through, obtains institute from the block chain The identity for stating login user deposits card, deposits results according to the identity of the login user and demonstrate,proves the body in the user identity voucher The legitimacy of part information.

S303: after being verified, Xiang Suoshu first node equipment sends acquisition request message.

User identifier, file destination mark and the second number label in the acquisition request message including the login user Name.Wherein, the second digital signature is second node equipment according to own private key, using signature algorithm to the use including login user Information including family mark, file destination mark carries out signature calculation generation.

It is identified for file destination, can be user oneself specifies namely second node equipment and obtain the login The service scripts mark that user specifies, the service scripts is identified and is identified as the file destination, certain file destination mark Know be also possible to second node equipment automatically from operation system obtain, as mechanism in operation system customized file destination class Type, then second node equipment can obtain the specified service scripts mark of local terminal operation system automatically, i.e., make by oneself in operation system The type identification of adopted target file type, " identity card ", " business license " etc. then will be described in service scripts mark conducts File destination mark.

In practical application, can be by one side of sharing data such as first node equipment, it can also be by enjoying one side of data such as Second node equipment provides specified interface for user, and user oneself specifies interface by selecting control to choose file destination at this. That is, second node equipment can show user interface, root after the identity documents of the login user are verified According to the selection operation that the login user triggers on the user interface, the login user specified services file is determined Mark is identified as file destination.

In some possible implementations, second node equipment is also possible to test in the identity documents of the login user After card passes through, the specified service scripts mark of the login user is obtained from the specific field in the identity documents of the login user Know and is identified as file destination.

S304: it receives the acquisition response that the first node equipment is sent after second digital signature authentication passes through and disappears Breath.

Specifically, first node equipment can mark the user for including login user using signature algorithm according to its private key Knowledge, file destination mark carry out local signature calculation in interior information, and calculated result is compared with the second digital signature, if Unanimously, then passing through for the second digital signature authentication, first node equipment can send acquisition response message, if inconsistent, Do not pass through for the second digital signature authentication.

Including that the login user is corresponding in the acquisition response message identifies matched target with the file destination The block chain address of file and the file destination.Wherein, block chain address is specifically the area file Cun Zheng of file destination Address in block chain.

S305: the file of the file destination is obtained from the block chain according to the block chain address of the file destination Card is deposited, the legitimacy that results demonstrate,proves the file destination is deposited according to the file of the file destination.

It is raw that the file uploaded based on user that each node device in block chain network uploads also is stored in the block chain At file deposit card.Based on this, second node equipment can deposit the legal of results card file destination based on the file of file destination Property.

Specifically, second node equipment can calculate its cryptographic Hash for file destination, then by the cryptographic Hash and basis The file that the block chain address of the file destination obtains the file destination from the block chain is deposited card and is compared, if one It causes, it is determined that file destination is legal, otherwise determines that file destination is illegal.

In view of information trackability, second node equipment can also be by local operation log cochain, to provide for audit Believable data basis.Specifically, second node equipment carries out Hash for the operation behavior log of the local service system Operation obtains cryptographic Hash, as local operation voucher, then broadcasts the local operation voucher to the block chain, with The local operation voucher of the file destination is stored on the block chain.

It describes in detail below with reference to this concrete application scene of enterprise is founded to the data sharing method of the application.It is first First, the schematic diagram of a scenario of data sharing method shown in Figure 4 includes industrial and commercial administration, the tax, bank, public affairs in this scenario An Deng mechanism, industrial and commercial administration mechanism acquires the data such as industrial and commercial business license according to duty, and carries out related data convergence, taxation authority according to Duty shares company and individual and pays taxes data such as tax certificate, and unit official seal, finance seal, legal person's chapter and rent are shared according to the authority of office by bank It rents the data such as contract, a copy of house-owner certificate, for said mechanism by data sharing in block chain, public security organ can be according to the authority of office in area The shared data of said mechanism are consulted in block chain, facilitate supervision.

Wherein, block chain is safeguarded by each node device in block chain network, as shown in figure 3, each machine Structure can dispose alliance's chain service, form the node device 410 in block chain network, each node device is by shared data with area Block form is stored in database 420, and user can access block chain network by block browser 430 and check block data.

It is illustrated below using two inter-agency data sharings as data sharing process of the example to the application.In order to Facilitate description to refer to the mechanism in the mechanisms such as industrial and commercial administration, the tax, bank, public security with mechanism A, above-mentioned machine is referred to mechanism B Another mechanism in structure.The interaction diagrams of data sharing method shown in Figure 5, this method specifically comprise the following steps:

1, mechanism A, mechanism the B enrollment status in alliance's catenary system obtain identity (Identity, ID) and certificate text Part；

2, user registers full identity in mechanism A, makes a report on office worker/company information, specifically includes input user base letter Breath and biological information such as face, fingerprint etc., wherein biological information can be used as the login password of user, after succeeding in registration, User can such as upload qualification file AA and carry out business handling in the normal transacting business AA of mechanism A；

3, mechanism A stores relevant user information and qualification file AA；

4, user goes mechanism B with transacting business BB；

5, the client input login password of mobile phone operation is first passed through, the corresponding first node equipment of request mechanism A carries out Bio-identification, and to mechanism A request identity documents；

6, the login password that user inputs is compared by mechanism A with the login password of the registration user prestored, with verifying The legitimacy of the login password generates identity documents according to subscriber identity information and the first digital signature if being verified, and Identity documents are returned to client；

7, user shows identity documents to the corresponding second node equipment of mechanism B；

8, mechanism B reads the identity documents of user by working window using barcode scanning mode, based on the identity documents to machine Structure A and user identity are verified；

If 9, being verified, acquisition request message, request qualification file AA are sent to mechanism A；

10, mechanism B is called the calling log of qualification file AA and other audits to believe by the corresponding first node equipment of mechanism A Breath carries out cochain；

11, the corresponding first node equipment of mechanism A returns to the corresponding second node equipment of mechanism B and obtains response message, It include the block chain address of qualification file AA and qualification file AA in the acquisition response message；

12, the corresponding second node equipment of mechanism B obtains the text of qualification file AA according to block chain address from block chain Part deposits card, and qualification file AA progress Hash calculation is obtained cryptographic Hash, cryptographic Hash is then deposited card with file and is compared, to test Demonstrate,prove the legitimacy of qualification file AA；

13, if legal, then user can continue in mechanism B transacting business.

For inter-agency authentication, Fig. 6 A is referred to, each mechanism can registration body's identity, life in alliance's catenary system At Tencent's user security infrastructure mark (Tencent User Security Infrastructure Identity, TUSI-ID), then apply for public key certificate on the key management system of TUSI (Key Management System, KMS), and Private key privatization is deployed in SGX, so-called SGX is the security context of the data run under Intel Technical Architecture, will be to quick The operation of sense data (such as encryption key, password, user data) is encapsulated in one " small black box ", and Malware can not access These data, mechanism A is by public key cochain, and by the public key data between TUSI-ID index alliance chain mechanism, carry out it is inter-agency When identity validation, be by private key signature, then using public key verifications signature realize, such as mechanism A with load TUSI-ID with The message of action event is sent to mechanism B confirmation, and mechanism B is verified by TUSI-ID index public key.In this process, may be used also To increase completeness check code in messages, to realize completeness check, and increases timestamp in messages and realize anti-replay Attack.

For enterprise's clerical worker's authentication, Fig. 6 B is referred to, accredited personnel's identity first in alliance's catenary system is raw At TUSI-ID, subscriber identity information is carried out to deposit card cochain as identity after Hash calculation, while by user biological characteristic information If fingerprint be stored in operation system, in this way, user can by specified application program entry input biological information so that First node equipment verification biological information, and verification by when generate quick response code form identity documents, in this way, second Node device pulls user ID data by the identity documents that working window reads user in real time.

For data sharing process, Fig. 7 A specifically may refer to, when progress block chain service platform is built, needing to count According to it is shared it is inter-agency build alliance's chain, each structure can be used as a node access, and the mechanism of access is according to different power Limit can be assigned as write-in node and observe node (i.e. previously described audit node).Wherein, write-in node has initiation to hand over Easily/contract permission, it may be assumed that possess book keeping operation power, be suitble to alliance's chain data sharing mechanisms, bank as described above, industrial and commercial administration Etc. mechanisms, replaced with mechanism A, mechanism B, mechanism C and mechanism D in Fig. 7 A, observation node can have been synchronized with real time inspection Data, be suitble to regulatory agency and the third-party institution.

The mechanism namely data of shared data, which will hold mechanism such as mechanism A, will need number to be sharing with initiation protocol contract According to being packaged in the protocol, then the node device in block chain network determines book keeping operation section according to common recognition algorithm such as Byzantium's algorithm Point, accounting nodes can be packaged block according to agreement contract, be recorded in block chain, and pass through peer-to-peer network (Peer to Peer, P2P) realize that each internodal data is synchronous.

In addition, data synchronization, data sharing, push, access etc. that each node is initiated operate, can in the form of contract shape At audit log, it is sent to each node of alliance's chain, can not delete and distort.That is, being also based on block chain technology building number According to the audit alliance chain of sharing application system, unified stream compression service is realized.

Fig. 7 B is specifically referred to, accesses 4A system in alliance's chain network, wherein 4A system refers to offer certification The system of Authentication, authorization Authorization, book keeping operation Accounting and Audit service of auditing, pass through 4A system The identification authorization of the service node implementation mechanism of system promulgates number card using the CA management system that TUSI block platform chain carries Book has secure access to block platform chain for each service node, it is ensured that the legitimacy of record of the audit cochain.For mechanism A, between B Stream compression and great burst accident, be added the record of the audit of log, record of the audit include emergency event date and time, User, event type, whether event succeeds and other information relevant to audit, and data pick-up application node is as observation section Point, realize data pull and big data statistical fractals, data safety audit supervision as audit node access audit alliance Chain is realized and audits to the unified security of each system of large data center, carries out audit retrospect based on security incident.

It should be noted that in practical application, at least one node can also be reserved when disposing alliance's chain as can Expanding node, use when to extend new business.

The above are the specific implementation of data sharing method provided by the embodiments of the present application, the embodiment of the present application is also provided First node equipment, the second node equipment for realizing the above method, below will carry out in detail it from the angle of function modoularization It describes in detail bright.

The structural schematic diagram of first node equipment shown in Figure 8, the first node equipment 800 include:

First authentication module 810, for obtaining the login password of login user input, according to the storage of local service system The legitimacy of the login password of the input of login user described in the login password authentication of user is registered, is deposited in the local service system Contain the login password and identity information of registration user；

Sending module 820, for being used according to the login after the login password authentication that the login user inputs passes through The identity information at family and the first digital signature generate the identity documents of the login user, the client hair of Xiang Suoshu login user Send the identity documents of the login user；

Receiving module 830, the identity for being directed to the login user for receiving the second node equipment in the block chain The acquisition request message that credential verification is sent after passing through includes that the user of the login user marks in the acquisition request message Know, file destination identifies and the second digital signature；

Second authentication module 840, for carrying out signature verification to second digital signature, after being verified, to institute State second node equipment and send and obtain response message, in the acquisitions response message including the login user it is corresponding with it is described File destination identifies the block chain address of matched file destination and the file destination.

It optionally, is a structural schematic diagram of first node equipment provided by the embodiments of the present application, In referring to Fig. 9, Fig. 9 On the basis of structure shown in Fig. 8, the first node equipment 800 further include:

Identity information acquisition module 851, for obtaining the identity information of the registration user input, by the registration user Identity information be stored in the local service system；

Computing module 852 carries out Hash operation for the identity information to the registration user and obtains cryptographic Hash, as institute The identity for stating registration user deposits card；

Identity deposits card module 853, for the identity of the registration user to be deposited card broadcast to the block chain, described The identity that the registration user is stored on block chain deposits card.

It optionally, is a structural schematic diagram of first node equipment provided by the embodiments of the present application referring to Figure 10, Figure 10, On the basis of structure shown in Fig. 8, the first node equipment 800 further include:

Acquisition module 860, for acquiring the biological characteristic of registration user's typing, using the biological characteristic as described in Register the login password of user.

It optionally, is a structural schematic diagram of first node equipment provided by the embodiments of the present application referring to Figure 11, Figure 11, On the basis of structure shown in Fig. 8, the first node equipment 800 further include:

Log generation module 871, the behavior record for obtaining the file destination for the second node equipment are raw At acquisition user behaviors log；

File deposits card module 872, cryptographic Hash is obtained for carrying out Hash operation to the acquisition user behaviors log, as described The reading voucher of file destination；The reading voucher of the file destination is broadcasted to the block chain, in the block chain The reading voucher of the upper storage file destination.

It optionally, is a structural schematic diagram of first node equipment provided by the embodiments of the present application referring to Figure 12, Figure 12, On the basis of structure shown in Fig. 8, the first node equipment 800 further include:

Operational credentials generation module 881 carries out Hash fortune for the operation behavior log for the local service system Calculation obtains cryptographic Hash, as local operation voucher；

Operational credentials deposit card module 882, for broadcasting the local operation voucher to the block chain, described The local operation voucher of the file destination is stored on block chain.

It optionally, is a structural schematic diagram of first node equipment provided by the embodiments of the present application referring to Figure 13, Figure 13, On the basis of structure shown in Fig. 8, the first node equipment 800 further include:

File destination identifier acquisition module 890, for obtaining the specified file destination mark of the login user；

Then the sending module 820 is specifically used for:

It is identified using the local terminal private key file destination specified to the identity information of the login user and the login user It carries out signature and generates first digital signature；

By the specified file destination mark and described first of the identity information of the login user and the login user Digital signature generates the user identity voucher of the login user.

Optionally, the sending module 820 generates the user identity voucher of the login user with quick response code form.

Next, the structural schematic diagram of second node equipment shown in Figure 14, second node equipment 1400 include:

Module 1410 is obtained for obtaining the identity documents of login user includes in the identity documents of the login user The identity information of the login user and the first digital signature, first digital signature are the first node equipment in block chain Signature generation is carried out to the identity information of the login user after the login password authentication of the login user passes through；

First authentication module 1420, the identity for obtaining the login user from the block chain deposits card, according to institute The identity for stating login user is deposited card and is verified to the identity documents of the login user；Block chain is stored in the block chain The identity information based on registration user that each node device uploads in network generates identity and deposits card；

Sending module 1430, for after being verified, Xiang Suoshu first node equipment to send acquisition request message, described User identifier, file destination mark and the second digital signature in acquisition request message including the login user；

Receiving module 1440 is sent after second digital signature authentication passes through for receiving the first node equipment Acquisition response message, include that corresponding identify with the file destination of the login user matches in the acquisition response message File destination and the file destination block chain address；

Second authentication module 1450, for obtaining institute from the block chain according to the block chain address of the file destination The file for stating file destination deposits card, deposits the legitimacy that results demonstrate,proves the file destination according to the file of the file destination；It is described The file that the file generated uploaded based on user that each node device in block chain network uploads also is stored in block chain deposits card.

It optionally, is a structural schematic diagram of second node equipment provided by the embodiments of the present application referring to Figure 15, Figure 15, On the basis of the structure shown in Figure 14, first authentication module 1420 includes:

Signature verification submodule 1421, for the public key using the first node equipment to the identity of the login user First digital signature in voucher carries out signature verification；

Identity information verifies submodule 1422, for after first digital signature authentication passes through, from the block chain The middle identity for obtaining the login user deposits card, deposits results according to the identity of the login user and demonstrate,proves in the user identity voucher The identity information legitimacy.

Optionally, the acquisition module 1410 is also used to:

The specified service scripts mark of local terminal operation system is obtained, the service scripts is identified and is used as the file destination Mark；Alternatively,

The specified service scripts mark of the login user is obtained, the service scripts is identified and is used as the file destination Mark.

Optionally, the acquisition module 1410 is also used to:

Designated word after the identity documents of the login user are verified, from the identity documents of the login user Section obtains the specified service scripts mark of the login user；Alternatively,

After the identity documents of the login user are verified, user interface is shown, according to the login user The selection operation triggered on the user interface determines the login user specified services file identification.

It optionally, is a structural schematic diagram of second node equipment provided by the embodiments of the present application referring to Figure 16, Figure 16, On the basis of the structure shown in Figure 14, the second node equipment 1400 further include:

Computing module 1460 carries out Hash operation for the operation behavior log for the local service system and is breathed out Uncommon value, as local operation voucher；

Card module 1470 is deposited, for broadcasting the local operation voucher to the block chain, in the block chain The local operation voucher of the upper storage file destination.

In order to make it easy to understand, below by from the angle of hardware entities to first node equipment provided by the embodiments of the present application It is introduced with second node equipment.

The embodiment of the present application provides a kind of node device, as shown in figure 17, for ease of description, illustrates only and this Shen Please the relevant part of embodiment, it is disclosed by specific technical details, please refer to the embodiment of the present application method part.The terminal can be with Being includes desktop computer, laptop, tablet computer, mobile phone, personal digital assistant (full name in English: Personal Digital Assistant, english abbreviation: PDA), any terminal device such as vehicle-mounted computer, by taking terminal is desktop computer as an example:

Figure 17 shows the block diagram of the part-structure of desktop computer relevant to terminal provided by the embodiments of the present application.With reference to Figure 17, desktop computer include: radio frequency (full name in English: Radio Frequency, english abbreviation: RF) circuit 1710, memory 1720, input unit 1730, display unit 1740, sensor 1750, voicefrequency circuit 1760, Wireless Fidelity (full name in English: Wireless fidelity, english abbreviation: WiFi) components such as module 1770, processor 1780 and power supply 1790.This field Technical staff is appreciated that desktop computer structure shown in Figure 17 does not constitute the restriction to desktop computer, may include than diagram More or fewer components perhaps combine certain components or different component layouts.

It is specifically introduced below with reference to each component parts of the Figure 17 to desktop computer:

RF circuit 1710 can be used for receiving and sending messages or communication process in, signal sends and receivees, particularly, by base station After downlink information receives, handled to processor 1780；In addition, the data for designing uplink are sent to base station.In general, RF circuit 1710 include but is not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (full name in English: Low Noise Amplifier, english abbreviation: LNA), duplexer etc..

Memory 1720 can be used for storing software program and module, and processor 1780 is stored in memory by operation 1720 software program and module, thereby executing the various function application and data processing of desktop computer.Memory 1720 can It mainly include storing program area and storage data area, wherein storing program area can be needed for storage program area, at least one function Application program (such as sound-playing function, image player function etc.) etc.；Storage data area can be stored to be made according to desktop computer With the data (such as audio data, phone directory etc.) etc. created.In addition, memory 1720 may include that high random access is deposited Reservoir can also include nonvolatile memory, for example, at least a disk memory, flush memory device or other volatibility Solid-state memory.

Input unit 1730 can be used for receiving the number or character information of input, and generate the user setting with desktop computer And the related key signals input of function control.Specifically, input unit 1730 may include touch panel 1731 and other are defeated Enter equipment 1732.Touch panel 1731, collect user on it or nearby touch operation (such as user using finger, touching The operations of any suitable object or attachment on touch panel 1731 or near touch panel 1731 such as pen), and according to pre- The formula first set drives corresponding attachment device.In addition to touch panel 1731, input unit 1730 can also include that other are defeated Enter equipment 1732.Specifically, other input equipments 1732 can include but is not limited to physical keyboard, function key (such as volume control Key processed, switch key etc.), trace ball, mouse, one of operating stick etc. or a variety of.

Display unit 1740 can be used for showing information input by user or the information and desktop computer that are supplied to user Various menus.Display unit 1740 may include display panel 1741, optionally, can using liquid crystal display (full name in English: Liquid Crystal Display, english abbreviation: LCD), Organic Light Emitting Diode (full name in English: Organic Light- Emitting Diode, english abbreviation: OLED) etc. forms configure display panel 1741.Further, touch panel 1731 can Covering display panel 1741 sends processor to after touch panel 1731 detects touch operation on it or nearby 1780, to determine the type of touch event, are followed by subsequent processing device 1780 and are provided on display panel 1741 according to the type of touch event Corresponding visual output.Although touch panel 1731 and display panel 1741 are come as two independent components in Figure 17 Realize the input and input function of desktop computer, but in some embodiments it is possible to by touch panel 1731 and display panel 1741 is integrated and that realizes desktop computer output and input function.

Desktop computer may also include at least one sensor 1750, such as optical sensor and other sensors.Specifically, light Sensor may include ambient light sensor, and ambient light sensor can adjust display panel 1741 according to the light and shade of ambient light Brightness；Other sensings such as gyroscope, barometer, hygrometer, thermometer, infrared sensor for can also configure as desktop computer Device, details are not described herein.

Voicefrequency circuit 1760, loudspeaker 1761, microphone 1762 can provide the audio interface between user and desktop computer.Sound Electric signal after the audio data received conversion can be transferred to loudspeaker 1761, by 1761 turns of loudspeaker by frequency circuit 1760 It is changed to voice signal output；On the other hand, the voice signal of collection is converted to electric signal by microphone 1762, by voicefrequency circuit 1760 receive after be converted to audio data, then by after the processing of audio data output processor 1780, through RF circuit 1710 to send It exports to memory 1720 to such as another desktop computer, or by audio data to be further processed.

WiFi belongs to short range wireless transmission technology, and desktop computer can help user's transceiver electronics by WiFi module 1770 Mail, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Figure 17 is shown WiFi module 1770, but it is understood that, and it is not belonging to must be configured into for desktop computer, it can according to need completely Do not change in the range of the essence of invention and omits.

Processor 1780 is the control centre of desktop computer, utilizes each portion of various interfaces and the entire desktop computer of connection Point, by running or execute the software program and/or module that are stored in memory 1720, and calls and be stored in memory Data in 1720 execute the various functions and processing data of desktop computer, to carry out integral monitoring to desktop computer.Optionally, Processor 1780 may include one or more processing units；Preferably, processor 1780 can integrate application processor and modulatedemodulate Adjust processor, wherein the main processing operation system of application processor, user interface and application program etc., modem processor Main processing wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1780.

Desktop computer further includes the power supply 1790 (such as battery) powered to all parts, it is preferred that power supply can pass through electricity Management system and processor 1780 are logically contiguous, to realize management charging, electric discharge and power consumption by power-supply management system The functions such as management.

Although being not shown, desktop computer can also include camera, bluetooth module etc., and details are not described herein.

In the embodiment of the present application, when the terminal is as first node equipment, included by processor 1780 also have Following functions:

Optionally, the processor 1780 is also used to execute any one of data sharing method provided by the embodiments of the present application The step of kind implementation.

The terminal when as second node equipment, included by processor 1780 it is also with the following functions:

The embodiment of the present application also provides a kind of computer readable storage medium, for storing program code, the program code For executing any one embodiment in a kind of data sharing method described in foregoing individual embodiments.

The embodiment of the present application also provides a kind of computer program product including instruction, when run on a computer, So that computer executes any one embodiment in a kind of data sharing method described in foregoing individual embodiments.

It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.

In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (full name in English: Read-Only Memory, english abbreviation: ROM), random access memory (full name in English: Random Access Memory, english abbreviation: RAM), the various media that can store program code such as magnetic or disk.

The above, above embodiments are only to illustrate the technical solution of the application, rather than its limitations；Although referring to before Embodiment is stated the application is described in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features；And these It modifies or replaces, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution.

Claims

1. a kind of data sharing method based on block chain characterized by comprising

The login password for obtaining login user input, according to the login password authentication institute of the registration user of local service system storage The legitimacy for stating the login password of login user input, be stored in the local service system registration user login password and Identity information；

After the login password authentication of login user input passes through, according to the identity information of the login user and the first number Word signature generates the identity documents of the login user, and the client of Xiang Suoshu login user sends the identity of the login user Voucher；

It receives and sends after second node equipment in the block chain is verified for the identity documents of the login user Acquisition request message includes the user identifier of the login user, file destination mark and the in the acquisition request message Two digital signature；Signature verification is carried out to second digital signature, after being verified, Xiang Suoshu second node equipment is sent Response message is obtained, includes that the login user is corresponding matched with file destination mark in the acquisition response message The block chain address of file destination and the file destination.

2. the data sharing method according to claim 1 based on block chain, which is characterized in that the method also includes:

The identity information of the registration user is stored in the local service by the identity information for obtaining the registration user input System；

Hash operation is carried out to the identity information of the registration user and obtains cryptographic Hash, the identity as the registration user is deposited Card；

The identity of the registration user is deposited into card broadcast to the block chain, to store the registration user on the block chain Identity deposit card.

3. the data sharing method according to claim 1 based on block chain, which is characterized in that the method also includes:

The biological characteristic for acquiring registration user's typing, using the biological characteristic as the login password of the registration user.

4. the data sharing method according to any one of claims 1 to 3 based on block chain, which is characterized in that institute It states in block chain after second node equipment transmission acquisition response message, the method also includes:

It is generated for the behavior record that the second node equipment obtains the file destination and obtains user behaviors log；

Hash operation is carried out to the acquisition user behaviors log and obtains cryptographic Hash, the reading voucher as the file destination；By institute The reading voucher for stating file destination is broadcasted to the block chain, to store the reading of the file destination on the block chain Voucher.

5. the data sharing method according to any one of claims 1 to 3 based on block chain, which is characterized in that the side Method further include:

For the local service system operation behavior log carry out Hash operation obtain cryptographic Hash, as local operation with Card；

The local operation voucher is broadcasted to the block chain, to store the sheet of the file destination on the block chain Ground operational credentials.

6. the data sharing method according to claim 1 based on block chain, which is characterized in that described according to the login Before the identity information of user and the first digital signature generate the user identity voucher of the login user, the method is also wrapped It includes:

Obtain the specified file destination mark of the login user；

The then user identity that the login user is generated according to the identity information and the first digital signature of the login user Voucher includes:

It is identified and is carried out using the local terminal private key file destination specified to the identity information of the login user and the login user Signature generates first digital signature；

By the specified file destination mark of the identity information of the login user and the login user and first number Signature generates the user identity voucher of the login user.

7. the data sharing method according to any one of the claim 1 to 3 based on block chain, which is characterized in that with two dimensional code Form generates the user identity voucher of the login user.

8. a kind of data sharing method based on block chain characterized by comprising

The identity documents of login user are obtained, include the identity information of the login user in the identity documents of the login user With the first digital signature, first digital signature is that the first node equipment in block chain is close in the login of the login user Code at least carries out signature generation to the identity information of the login user after being verified；

The identity that the login user is obtained from the block chain deposits card, deposits card to described according to the identity of the login user The identity documents of login user are verified；Be stored with that each node device in block chain network uploads in the block chain based on The identity information of registration user generates identity and deposits card；After being verified, Xiang Suoshu first node equipment sends acquisition request and disappears It ceases, includes the user identifier, file destination mark and the second digital signature of the login user in the acquisition request message；

The acquisition response message that the first node equipment is sent after second digital signature authentication passes through is received, it is described to obtain Take in response message includes that the login user is corresponding and the file destination identifies matched file destination and the mesh Mark the block chain address of file；

The file that the file destination is obtained from the block chain according to the block chain address of the file destination deposits card, according to The file of the file destination deposits the legitimacy that results demonstrate,proves the file destination；Block chain network is also stored in the block chain In the file of the file generated uploaded based on user that uploads of each node device deposit card.

9. data sharing method according to claim 8, which is characterized in that it is described from alliance's block chain obtain described in The identity of login user deposits card, deposits card according to the identity of the login user and tests the identity documents of the login user Card, comprising:

Using the first node equipment public key to first digital signature in the identity documents of the login user into Row signature verification；

After first digital signature authentication passes through, the identity that the login user is obtained from the block chain deposits card, root The legitimacy for the identity information that results is demonstrate,proved in the user identity voucher is deposited according to the identity of the login user.

10. data sharing method according to claim 8, which is characterized in that determine the file destination in the following manner Mark:

The specified service scripts mark of local terminal operation system is obtained, the service scripts is identified and is used as the file destination mark Know；Alternatively,

The specified service scripts mark of the login user is obtained, the service scripts is identified and is used as the file destination mark Know.

11. data sharing method according to claim 10, which is characterized in that described to obtain the specified industry of the login user Business file identification include:

After the identity documents of the login user are verified, obtained from the specific field in the identity documents of the login user Take the service scripts mark that the login user is specified；Alternatively,

After the identity documents of the login user are verified, user interface is shown, according to the login user in institute The selection operation triggered on user interface is stated, determines the login user specified services file identification.

12. according to any one of claim 8 to 11 data sharing method, which is characterized in that the method also includes:

13. a kind of first node equipment characterized by comprising

First authentication module is used for obtaining the login password of login user input according to the registration of local service system storage The legitimacy of the login password of the input of login user described in the login password authentication at family, is stored with note in the local service system The login password and identity information of volume user；Sending module, the login password authentication for inputting in the login user pass through Afterwards, the identity documents of the login user, Xiang Suoshu are generated according to the identity information of the login user and the first digital signature The client of login user sends the identity documents of the login user；

Receiving module is verified for receiving the second node equipment in the block chain for the identity documents of the login user User identifier, target text by the acquisition request message of rear transmission, in the acquisition request message including the login user Part mark and the second digital signature；

Second authentication module, for carrying out signature verification to second digital signature, after being verified, Xiang Suoshu the Two node devices, which are sent, obtains response message, includes that the login user is corresponding and the target in the acquisitions response message The block chain address of the matched file destination of file identification and the file destination.

14. a kind of second node equipment characterized by comprising

Module is obtained, includes the login in the identity documents of the login user for obtaining the identity documents of login user The identity information of user and the first digital signature, first digital signature are that the first node equipment in block chain is verifying institute State login user login password pass through after signature generation at least is carried out to the identity information of the login user；

First authentication module, the identity for obtaining the login user from the block chain deposit card, are used according to the login The identity at family is deposited card and is verified to the identity documents of the login user；It is stored in the block chain in block chain network each The identity information based on registration user that node device uploads generates identity and deposits card；

Sending module, for after being verified, Xiang Suoshu first node equipment to send acquisition request message, the acquisition request User identifier, file destination mark and the second digital signature in message including the login user；

Receiving module is rung for receiving the acquisition that the first node equipment is sent after second digital signature authentication passes through Message is answered, including that the login user is corresponding in the acquisition response message identifies matched target text with the file destination The block chain address of part and the file destination；

Second authentication module obtains the target text for the block chain address according to the file destination from the block chain The file of part deposits card, deposits the legitimacy that results demonstrate,proves the file destination according to the file of the file destination；In the block chain The file for being also stored with the file generated uploaded based on user that each node device in block chain network uploads deposits card.

15. a kind of node device, which is characterized in that the node device includes processor and memory；

The memory is for storing computer program；

The processor requires 1 to 12 described in any item data sharing sides for running the computer program with perform claim Method.

16. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium is for storing computer Program, the computer program require 1 to 12 described in any item data sharing methods for perform claim.