CN111902815B

CN111902815B - Data transmission method, system, device, electronic device and readable storage medium

Info

Publication number: CN111902815B
Application number: CN202080001871.9A
Authority: CN
Inventors: 张焱; 施逸; 杨东; 李汪红
Original assignee: Hefei DappWorks Technology Co Ltd
Current assignee: Hefei DappWorks Technology Co Ltd
Priority date: 2020-03-11
Filing date: 2020-03-11
Publication date: 2023-06-27
Anticipated expiration: 2040-03-11
Also published as: CN111902815A; CN112333176A; CN112333176B; CN112333175B; CN112333175A; CN112333173A; CN112333173B; WO2021179203A1

Abstract

The embodiment of the disclosure provides a data transmission method, a system, equipment, electronic equipment and a readable storage medium. The data transmission method comprises the following steps: the first node transmits the authorization condition, the first certificate, the data access address and the transformed value of the data to the intermediate node; the first node sends a second certificate to a second node; the second node sends the second certificate and the first key to the intermediate node; the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate; in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node; the first node receives the first key and stores the first key into an allowed access list; the intermediate node transmits the data access address and the transformed value of the data to the second node. Therefore, the data transmission process is ensured to be safe and reliable.

Description

Data transmission method, system, device, electronic device and readable storage medium

Technical Field

The embodiments of the present disclosure relate to the field of computer technology, and in particular, to a data transmission method, system, device, electronic device, and readable storage medium.

Background

A large amount of data transfer is required for computer system communication. Therefore, it is extremely important to ensure the reliability of the data transfer process. Data authorized access is a method by which a system controls a user to obtain rights to read data stored in the system. The current data authorization access mode is generally controlled by a data provider, and a user is difficult to provide evidence when disputes occur. Moreover, current data authorized access is generally bound with a data provider, and when the required data comes from a plurality of data providers, a user needs to maintain a plurality of authorized authentications and data entries by himself, which is very troublesome.

Disclosure of Invention

To solve the problems in the related art, embodiments of the present disclosure provide a data transfer method, system, device, electronic device, and readable storage medium.

In a first aspect, an embodiment of the present disclosure provides a data transmission method, including:

the first node transmits the authorization condition, the first certificate, the data access address and the transformed value of the data to the intermediate node;

The first node sends a second certificate to a second node;

the second node sends the second certificate and the first key to the intermediate node;

the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate;

in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node;

the first node receives the first key and stores the first key into an allowed access list;

the intermediate node sending the data access address and the transformed value of the data to the second node;

the second node accessing the data access address of the first node, sending a signature based on a second key to the first node;

the first node verifies a second key-based signature and sends the data to the second node by verification in response to the second key-based signature;

the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct.

With reference to the first aspect, in a first implementation manner of the first aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the first aspect, in a second implementation manner of the first aspect, the second certificate is generated based on the first certificate.

With reference to the first aspect, in a third implementation manner of the first aspect, the first key is generated based on the second key, and the verifying the signature based on the second key includes: and verifying the signature based on the second key according to the first key.

With reference to the first aspect, in a fourth implementation manner of the first aspect, the intermediate node is distributed.

With reference to the first aspect, in a fifth implementation manner of the first aspect, the transformation value of the data is a hash transformation value of the data.

With reference to the first aspect, in a sixth implementation manner of the first aspect, the first node is a data provider, the second node is a data receiver, and the intermediate node is a contract constructed to implement data transmission between the first node and the second node.

In a second aspect, an embodiment of the present disclosure provides a data transmission method, including:

transmitting an authorization condition, a first certificate, a data access address and a transformed value of the data to an intermediate node;

Transmitting the second certificate to the second node;

receiving a first key from the intermediate node, and saving the first key to an allowed access list;

a second key-based signature is received from the second node, the second key-based signature is verified, and the data is sent to the second node by verification in response to the second key-based signature.

With reference to the second aspect, in a first implementation manner of the second aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the second aspect, in a second implementation manner of the second aspect, the second certificate is generated based on the first certificate.

With reference to the second aspect, in a third implementation manner of the second aspect, the first key is generated based on the second key, and the verifying the signature based on the second key includes: and verifying the signature based on the second key according to the first key.

With reference to the second aspect, in a fourth implementation manner of the second aspect, the transformation value of the data is a hash transformation value of the data.

In a third aspect, an embodiment of the present disclosure provides a data transmission method, including:

Receiving an authorization condition, a first certificate, a data access address, and a transformed value of the data from a first node;

receiving a second certificate and a first key from a second node;

verifying the authorization condition, and verifying the second certificate according to the first certificate;

in response to the second certificate being authenticated, saving the second certificate and transmitting the first key to the first node;

and transmitting the data access address and the transformed value of the data to the second node.

With reference to the third aspect, in a first implementation manner of the third aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the third aspect, in a second implementation manner of the third aspect, the second certificate is generated based on the first certificate.

With reference to the third aspect, in a third implementation manner of the third aspect, the transformation value of the data is a hash transformation value of the data.

With reference to the third aspect, in a fourth implementation manner of the third aspect, the intermediate node is distributed.

In a fourth aspect, an embodiment of the present disclosure provides a data transmission method, including:

Receiving a second certificate from the first node;

transmitting the second certificate and the first key to an intermediate node;

receiving a data access address and a transformed value of the data from the intermediate node;

accessing the data access address of the first node, sending a signature based on a second key to the first node;

the data is received from the first node and the transformed value of the data is checked to confirm whether the received data is correct.

With reference to the fourth aspect, in a first implementation manner of the fourth aspect, the first key is generated based on the second key.

With reference to the fourth aspect, in a second implementation manner of the fourth aspect, the transformation value of the data is a hash transformation value of the data.

In a fifth aspect, embodiments of the present disclosure provide a data transfer system comprising a first node, an intermediate node, and a second node, the system characterized in that,

the first node sends the authorization condition, the first certificate, the data access address and the transformed value of the data to an intermediate node;

the first node sending a second certificate to the second node;

With reference to the fifth aspect, in a first implementation manner of the fifth aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the fifth aspect, in a second implementation manner of the fifth aspect, the second certificate is generated based on the first certificate.

With reference to the fifth aspect, in a third implementation manner of the fifth aspect, the first key is generated based on the second key, and the verifying the signature based on the second key includes: and verifying the signature based on the second key according to the first key.

With reference to the fifth aspect, in a fourth implementation manner of the fifth aspect, the intermediate node is distributed.

With reference to the fifth aspect, in a fifth implementation manner of the fifth aspect, the transformation value of the data is a hash transformation value of the data.

With reference to the fifth aspect, in a sixth implementation manner of the fifth aspect, the first node is a data provider, the second node is a data receiver, and the intermediate node is a contract constructed to implement data transmission between the first node and the second node.

In a sixth aspect, in an embodiment of the present disclosure, there is provided a data transfer apparatus including:

an authorization condition transmitting means configured to transmit an authorization condition, a first certificate, a data access address, and a converted value of the data to an intermediate device;

second certificate transmission means configured to transmit a second certificate to the second device;

First key receiving means configured to receive a first key from the intermediate device, save the first key to an allowed access list;

a data transmission means configured to receive a second key-based signature from the second device, verify the second key-based signature, and transmit the data to the second device by verification in response to the second key-based signature.

With reference to the sixth aspect, in a first implementation manner of the sixth aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the sixth aspect, in a second implementation manner of the sixth aspect, the second certificate is generated based on the first certificate.

With reference to the sixth aspect, in a third implementation manner of the sixth aspect, the first key is generated based on the second key, and the verifying the signature based on the second key includes: and verifying the signature based on the second key according to the first key.

With reference to the sixth aspect, in a fourth implementation manner of the sixth aspect, the transformation value of the data is a hash transformation value of the data.

In a seventh aspect, embodiments of the present disclosure provide a data transfer apparatus, including:

authorization condition receiving means configured to receive, from a first device, an authorization condition, a first certificate, a data access address, and a transformed value of the data;

second certificate and first key receiving means configured to receive the second certificate and the first key from the second device;

an authorization verification device configured to verify the authorization condition, the second certificate being verified according to the first certificate;

first key transmission means configured to save the second certificate in response to the second certificate being authenticated, and to transmit the first key to the first device;

a data access address and data conversion value transmitting means configured to transmit the data access address and the conversion value of the data to the second device.

With reference to the seventh aspect, in a first implementation manner of the seventh aspect, the authorization condition is that the second node pays a bill to the first node.

With reference to the seventh aspect, in a second implementation manner of the seventh aspect, the second certificate is generated based on the first certificate.

With reference to the seventh aspect, in a third implementation manner of the seventh aspect, the transformation value of the data is a hash transformation value of the data.

With reference to the seventh aspect, in a fourth implementation manner of the seventh aspect, the intermediate node is distributed.

In an eighth aspect, in an embodiment of the present disclosure, there is provided a data transfer apparatus including:

second certificate receiving means configured to receive a second certificate from the first device;

second certificate and first key transmitting means configured to transmit the second certificate and first key to an intermediate device;

a data access address and data conversion value receiving means configured to receive a data access address and a conversion value of the data from the intermediate device;

second key signature transmission means configured to access the data access address of the first device, and transmit a signature based on a second key to the first device;

and a data receiving means configured to receive the data from the first device and to check a converted value of the data to confirm whether the received data is correct.

With reference to the eighth aspect, in a first implementation manner of the eighth aspect, the first key is generated based on the second key.

With reference to the eighth aspect, in a second implementation manner of the eighth aspect, the transformation value of the data is a hash transformation value of the data.

In a ninth aspect, embodiments of the present disclosure provide an electronic device including a memory and a processor; wherein the memory is configured to store one or more computer instructions, wherein the one or more computer instructions are executable by the processor to implement the method of any one of the first aspect, the first implementation of the first aspect, the sixth implementation of the first aspect, the second aspect, the first implementation of the second aspect, the fourth implementation of the second aspect, the third aspect, the first implementation of the third aspect, the fourth aspect, the first implementation of the fourth aspect, and the second implementation of the fourth aspect.

In a tenth aspect, embodiments of the present disclosure provide a readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method according to any one of the first aspect, the first implementation of the first aspect, the sixth implementation of the first aspect, the second aspect, the first implementation of the second aspect, the fourth implementation of the second aspect, the third aspect, the first implementation of the third aspect, the fourth aspect, the first implementation of the fourth aspect, and the second implementation of the fourth aspect.

The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:

according to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the transformation value of the data are sent to the intermediate node through the first node; the first node sends a second certificate to a second node; the second node sends the second certificate and the first key to the intermediate node; the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate; in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node; the first node receives the first key and stores the first key into an allowed access list; the intermediate node sending the data access address and the transformed value of the data to the second node; the second node accessing the data access address of the first node, sending a signature based on a second key to the first node; the first node verifies a second key-based signature and sends the data to the second node by verification in response to the second key-based signature; the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct, thereby preventing the authorization condition and the certificate from being illegally modified, and preventing the transmitted data from being revealed or tampered. Therefore, the data transmission process is ensured to be safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, the second node pays the bill to the first node under the authorization condition, so that the safe and reliable transaction process is ensured.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is generated based on the first certificate, so that the reliability of the second certificate is verified, and the safety and reliability of a data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the first key is generated based on the second key, and the verification of the signature based on the second key comprises: and verifying the signature based on the second key according to the first key, thereby ensuring the reliability of the signature based on the second key and further ensuring the safety and reliability of the data transmission process.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate nodes are distributed, so that information such as an authorization condition, a first certificate, a data access address and the like stored in the intermediate nodes is prevented from being illegally tampered, and the safety and reliability of a data transmission process are further ensured.

According to the technical scheme provided by the embodiment of the disclosure, the transformation value of the data is the hash transformation value of the data, so that the transmitted data is prevented from being tampered, and the safety and reliability of the data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the transformation value of the data are sent to the intermediate node; transmitting the second certificate to the second node; receiving a first key from the intermediate node, and saving the first key to an allowed access list; receiving a second key-based signature from the second node, verifying the second key-based signature, and transmitting the data to the second node by verification in response to the second key-based signature, thereby preventing the data transmitted to the second node from being revealed or tampered with. Therefore, the data transmission process is ensured to be safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is generated based on the first certificate, so that the reliability of the second certificate is ensured, and the safety and reliability of the data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the transformation value of the data are received from the first node; receiving a second certificate and a first key from a second node; verifying the authorization condition, and verifying the second certificate according to the first certificate; in response to the second certificate being authenticated, saving the second certificate and transmitting the first key to the first node; and transmitting the data access address and the conversion value of the data to the second node, so that the safety and reliability of the data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is generated based on the first certificate, so that the reliability of the second certificate is ensured, and the safety and reliability of a data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is received from the first node; transmitting the second certificate and the first key to an intermediate node; receiving a data access address and a transformed value of the data from the intermediate node; accessing the data access address of the first node, sending a signature based on a second key to the first node; the data is received from the first node and the transformed value of the data is checked to confirm whether the received data is correct, thereby ensuring that the data transfer process is safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, the first key is generated based on the second key, so that the reliability of the signature based on the second key is ensured, and the safety and reliability of the data transmission process are further ensured.

According to the technical scheme provided by the embodiment of the disclosure, the system comprises a first node, an intermediate node and a second node, and is characterized in that the first node sends an authorization condition, a first certificate, a data access address and a transformation value of data to the intermediate node; the first node sending a second certificate to the second node; the second node sends the second certificate and the first key to the intermediate node; the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate; in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node; the first node receives the first key and stores the first key into an allowed access list; the intermediate node sending the data access address and the transformed value of the data to the second node; the second node accessing the data access address of the first node, sending a signature based on a second key to the first node; the first node verifies a second key-based signature and sends the data to the second node by verification in response to the second key-based signature; the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct, thereby preventing the authorization condition and the certificate from being illegally modified, and preventing the transmitted data from being revealed or tampered. Therefore, the data transmission process is ensured to be safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition sending device is configured to send the authorization condition, the first certificate, the data access address and the conversion value of the data to the intermediate equipment; second certificate transmission means configured to transmit a second certificate to the second device; first key receiving means configured to receive a first key from the intermediate device, save the first key to an allowed access list; and a data transmitting means configured to receive a signature based on a second key from the second device, verify the signature based on the second key, and transmit the data to the second device by verification in response to the signature based on the second key, thereby preventing the data transmitted to the second device from being leaked or tampered with. Therefore, the data transmission process is ensured to be safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, through the authorization condition receiving device, the authorization condition receiving device is configured to receive an authorization condition, a first certificate, a data access address and a conversion value of the data from a first device; second certificate and first key receiving means configured to receive the second certificate and the first key from the second device; an authorization verification device configured to verify the authorization condition, the second certificate being verified according to the first certificate; first key transmission means configured to save the second certificate in response to the second certificate being authenticated, and to transmit the first key to the first device; and the data access address and data conversion value transmitting device is configured to transmit the data access address and the conversion value of the data to the second device, so that the safety and reliability of the data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate receiving device is configured to receive the second certificate from the first device; second certificate and first key transmitting means configured to transmit the second certificate and first key to an intermediate device; a data access address and data conversion value receiving means configured to receive a data access address and a conversion value of the data from the intermediate device; second key signature transmission means configured to access the data access address of the first device, and transmit a signature based on a second key to the first device; and a data receiving device configured to receive the data from the first device and check a converted value of the data to confirm whether the received data is correct, thereby ensuring a safe and reliable data transfer process.

These and other aspects of the disclosure will be more readily apparent from the following description of the embodiments. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the related art, a brief description will be given below of the drawings required for the exemplary embodiments or the related technical descriptions, and it is apparent that the drawings in the following description are some exemplary embodiments of the present disclosure, and other drawings may be obtained according to the drawings without inventive effort to those of ordinary skill in the art.

FIG. 1 shows a flow chart of a data transfer method according to an embodiment of the present disclosure;

FIG. 2 shows a flow chart of a data transfer method of a first node according to the embodiment shown in FIG. 1;

FIG. 3 shows a flow chart of a data transfer method of an intermediate node according to the embodiment shown in FIG. 1;

FIG. 4 shows a flow chart of a data transfer method of a second node according to the embodiment shown in FIG. 1;

FIG. 5 illustrates an exemplary schematic diagram of a data transfer system according to an embodiment of the present disclosure;

FIG. 6 shows a block diagram of a data transfer device according to an embodiment of the present disclosure;

fig. 7 shows a block diagram of a data transfer device according to another embodiment of the present disclosure;

fig. 8 shows a block diagram of a data transfer device according to a further embodiment of the present disclosure;

FIG. 9 shows a block diagram of an electronic device according to an embodiment of the present disclosure;

fig. 10 is a schematic diagram of a computer system suitable for use in implementing a data transfer method according to an embodiment of the present disclosure.

Detailed Description

In order that those skilled in the art will better understand the present disclosure, a technical solution in exemplary embodiments of the present disclosure will be clearly and completely described in the following with reference to the accompanying drawings in exemplary embodiments of the present disclosure.

In some of the flows described in the specification and claims of this disclosure and in the foregoing figures, a number of operations are included that occur in a particular order, but it should be understood that the operations may be performed in other than the order in which they occur or in parallel, that the order of operations such as 101, 102, etc. is merely for distinguishing between the various operations, and that the order of execution does not itself represent any order of execution. In addition, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first" and "second" herein are used to distinguish different messages, devices, modules, etc., and do not represent a sequence, and are not limited to the "first" and the "second" being different types.

Technical solutions in exemplary embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in exemplary embodiments of the present disclosure, and it is apparent that the described exemplary embodiments are only some embodiments of the present disclosure, not all embodiments. Based on the embodiments in this disclosure, all other embodiments that a person of ordinary skill in the art would obtain without making any inventive effort are within the scope of the disclosure.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the conversion value of the data are sent to the intermediate node through the first node; the first node sending the second certificate to the second node; the second node sends the second certificate and the first key to the intermediate node; the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate; in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node; the first node receives the first key and stores the first key into an allowed access list; the intermediate node sends the data access address and the transformed value of the data to the second node; the second node accesses the data access address of the first node and sends a signature based on the second key to the first node; the first node verifies the signature based on the second key and sends data to the second node by verification in response to the signature based on the second key; the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct, thereby preventing the authorization condition and the certificate from being illegally modified and preventing the transmitted data from being leaked or tampered. Therefore, the data transmission process is ensured to be safe and reliable.

Fig. 1 shows a flowchart of a data transfer method according to an embodiment of the present disclosure. As shown in fig. 1, the data transfer method includes steps S101 to S110.

In step S101, the first node transmits the authorization condition, the first certificate, the data access address, and the transformed value of the data to the intermediate node.

In step S102, the first node transmits a second certificate to the second node.

In step S103, the second node transmits the second certificate, the first key, to the intermediate node.

In step S104, the intermediate node verifies the authorization condition and verifies the second certificate from the first certificate.

In step S105, in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node.

In step S106, the first node receives the first key and saves the first key to the allowed access list.

In step S107, the intermediate node transmits the data access address and the converted value of the data to the second node.

In step S108, the second node accesses the data access address of the first node, and transmits a signature based on the second key to the first node.

In step S109, the first node verifies the signature based on the second key, and transmits data to the second node through verification in response to the signature based on the second key.

In step S110, the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct.

In one embodiment of the present disclosure, in a data transmission system composed of a first node, a second node, and an intermediate node, the first node may be a data provider node; the second node may be a data receiver node; the intermediate node may be a verification center constructed in software, hardware, or a combination of software and hardware to enable authorization management of the first node to send data to the second node. In the case of implementing the intermediate node in software, the intermediate node may be a contract constructed to implement data transfer between the first node and the second node for authorization management of the first node to send data to the second node. The following embodiments of the present disclosure are described with the example of contracts as intermediate nodes.

The first node sends the authorization condition, the first certificate, the data access address and the transformed value of the data to the intermediate node for authorization management. The authorization condition may be any authorization condition in which the data provider node sends data to the data receiver node, for example, it may be that the data receiver node pays a certain monetary bill to the data provider node, or a certain token. The first certificate may be a root certificate or may be another form of certificate. The data access address may be a data access portal URL of the data provider node from which the data receiver node obtains data. The calculation speed of the transformation value of the data obtained by calculation is high, and the result is unique; the data is obtained reversely from the conversion value of the data, and the data is needed and huge calculation amount is needed, so that after the data and the conversion value of the data are respectively received, the data receiving node can recalculate the conversion value of the data from the data and compare the calculated conversion value with the received conversion value of the data, thereby ensuring the received data to be complete and reliable and preventing the data from being lost or tampered in the transmission process.

The second certificate may be a data-authorized access certificate, for example, a data-authorized access certificate generated by the issuance of a root certificate. The data provider node sends the data grant access certificate to the data receiver node. The first key of the data receiver node may be a public key generated based on the private key, the data receiver node sending the data-authorized access certificate and the public key obtained from the data provider node to the contract.

The contract verifies that the authorization condition is satisfied between the data receiver node and the data provider node, and verifies that the data is authorized to access the certificate using the root certificate. In response to the data grant access certificate passing verification, the contract saves the data grant access certificate and sends the public key of the data receiver node to the data provider node to enable data transfer authorization between the data provider node and the data receiver node.

After receiving the public key of the data receiver node, the data provider node saves the public key of the data receiver node to an allowed access list, and allows the data receiver node to access.

The contract sends the data access entry URL and the transformed value of the data to the data receiver node.

The data receiver node accesses the data access portal URL of the data provider node and sends a private key based signature to the data provider node, for example, by encrypting a piece of text using the private key and sending the encrypted text to the data provider node.

The data provider node verifies the private key-based signature, for example, the encrypted text may be decrypted using the public key of the data receiver node and compared to the original text. After verification is correct, the data provider node sends data to the data receiver node.

After the data receiver node receives the data, the data conversion value is calculated as the data provider node, and the data conversion value is compared with the data conversion value received from the contract, so that the received data is complete and correct and is not tampered.

In one embodiment of the present disclosure, the contract performs only authorized management of data transfer without storing transferred data, which is directly transferred by the data provider node to the data receiver node, thereby preventing data leakage in the contract.

In one embodiment of the present disclosure, the authorization condition may be any authorization condition in which the data provider node sends data to the data receiver node, for example, may be that the data receiver node pays a certain monetary bill to the data provider node, or a certain token. The data transmission scheme of one embodiment of the present disclosure can improve the security and reliability of a payment or transaction process when applied to the payment or transaction process.

In one embodiment of the present disclosure, the first certificate may be a root certificate and the second certificate may be a data-authorized access certificate generated by the root certificate issuance. The contract uses the root certificate to generate the data authorized access certificate again, and compares the data authorized access certificate with the data authorized access certificate received from the data provider node, so that the reliability of the data authorized access certificate is verified, and the data authorized access certificate is prevented from being tampered in the transmission process.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is generated based on the first certificate, so that the reliability of the second certificate is verified, and the safety and reliability of the data transmission process are ensured.

In one embodiment of the present disclosure, the public key of the data receiver node may be generated based on the private key, and the data provider decrypts the encrypted text using the public key of the data receiver node and compares it with the original text, thereby ensuring the reliability of the encrypted text and preventing loss or tampering during transmission.

According to the technical scheme provided by the embodiment of the disclosure, the first key is generated based on the second key, and verifying the signature based on the second key comprises: and verifying the signature based on the second key according to the first key, thereby ensuring the reliability of the signature based on the second key and further ensuring the safety and reliability of the data transmission process.

In one embodiment of the present disclosure, the data transfer scheme in the present disclosure may be applied to a blockchain to ensure safe and reliable data transfer in the blockchain. Blockchain is a distributed billing technique. Because the blockchain has the advantages of decentralization, non-falsification and no third party trust guarantee, the blockchain is widely valued. In one embodiment of the present disclosure, the contracts mentioned in the foregoing may be implemented using smart contract technology in blockchain technology. The intelligent contract is to write and store the contract clause in the block chain by using the computer language, and when a preset condition is triggered, the intelligent contract automatically executes the corresponding contract clause.

In one embodiment of the present disclosure, the contract may be a distributed smart contract, such as a distributed blockchain. Through the distributed structure of the blockchain, information such as an authorization condition, a root certificate, a data access entry URL, a data authorization access certificate and the like stored in the intelligent contract can be prevented from being illegally tampered, so that reliable authorization of data transmission is ensured, and the information can be used as evidence when disputes occur.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate nodes are distributed, so that information such as the authorization condition, the first certificate, the data access address and the like stored in the intermediate nodes is prevented from being illegally tampered, and the safety and reliability of the data transmission process are further ensured.

In one embodiment of the present disclosure, the transformed value of the data may be a hash value of the data, or may be other transforms with unique forward operand values and huge reverse operand values. By comparing hash conversion values of the data, the transmitted data is prevented from being tampered, and the safety and reliability of the data transmission process are ensured.

According to the technical scheme provided by the embodiment of the disclosure, the transmitted data is prevented from being tampered by the fact that the transformation value of the data is the hash transformation value of the data, and the safety and reliability of the data transmission process are ensured.

Fig. 2 shows a flow chart of a data transfer method according to the first node in the embodiment shown in fig. 1. As shown in fig. 2, the data transfer method includes steps S201, S202, S203, S204.

In step S201, the authorization condition, the first certificate, the data access address and the transformed value of the data are sent to the intermediate node

In step S202, a second certificate is sent to the second node.

In step S203, a first key is received from the intermediate node, and the first key is saved to the allowed access list.

In step S204, a signature based on the second key is received from the second node, the signature based on the second key is verified, and data is sent to the second node through verification in response to the signature based on the second key.

In one embodiment of the present disclosure, the data provider node sends the authorization condition, the root certificate, the data access entry URL, and the transformed value of the data to the contract; transmitting the data grant access credentials to the data receiver node; receiving the public key from the contract, saving the public key to the allowed access package; and receiving the signature based on the private key from the data receiver node, and transmitting data to the data receiver node after verifying the signature based on the private key, thereby preventing the data transmitted to the data receiver node from being revealed or tampered. Therefore, the data transmission process is ensured to be safe and reliable.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the conversion value of the data are sent to the intermediate node; transmitting the second certificate to the second node; receiving a first key from the intermediate node, saving the first key to the allowed access list; the method further includes receiving a signature based on the second key from the second node, verifying the signature based on the second key, and transmitting data to the second node by verification in response to the signature based on the second key, thereby preventing the data transmitted to the second node from being revealed or tampered with. Therefore, the data transmission process is ensured to be safe and reliable.

In one embodiment of the present disclosure, for a data provider node, the authorization condition may be any authorization condition for the data provider node to send data to a data receiver node, for example, it may be that the data receiver node paid a certain monetary bill, or a certain token to the data provider node.

In one embodiment of the present disclosure, for the data provider node, the first certificate may be a root certificate and the second certificate may be a data grant access certificate generated by the root certificate issuance. The contract uses the root certificate to generate the data authorized access certificate again, and compares the data authorized access certificate with the data authorized access certificate received from the data provider node, so that the reliability of the data authorized access certificate is verified, and the data authorized access certificate is prevented from being tampered in the transmission process.

In one embodiment of the present disclosure, for a data provider node, a public key of a data receiver node may be generated based on a private key, and the data provider decrypts the encrypted text using the public key of the data receiver node and compares it with the original text, thereby ensuring the reliability of the encrypted text and preventing deletion or tampering during transmission.

In one embodiment of the present disclosure, for a data provider node, the transformed value of the data may be a hash value of the data, or may be other transforms with unique forward operand values and huge reverse operand values. By comparing hash converted values of data, transmitted data is prevented from being tampered.

Fig. 3 shows a flow chart of a data transfer method of an intermediate node according to the embodiment shown in fig. 1. As shown in fig. 3, the data transfer method includes steps S301, S302, S303, S304, S305.

In step S301, a transformed value of the authorization condition, the first certificate, the data access address and the data is received from the first node.

In step S302, a second certificate and a first key are received from a second node.

In step S303, an authorization condition is verified, and the second certificate is verified from the first certificate.

In step S304, in response to the second certificate being authenticated, the second certificate is saved and the first key is sent to the first node.

In step S305, the data access address and the transformed value of the data are transmitted to the second node.

In one embodiment of the present disclosure, a contract receives from a data provider node an authorization condition, a root certificate, a data access portal URL, and a transformed value of data; receiving a data grant access certificate and a public key from a data receiver node; verifying the authorization condition, and authorizing the access certificate according to the root certificate verification data; in response to the data grant access certificate passing the verification, saving the data grant access certificate, and transmitting the public key to the data provider node; the data access entry URL and the transformed value of the data are sent to the data receiver node. The contract provides authorization management for data transfer between the data provider node and the data receiver node, enabling the first node to reliably transfer data to the second node.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition, the first certificate, the data access address and the transformation value of the data are received from the first node; receiving a second certificate and a first key from a second node; verifying the authorization condition, and verifying the second certificate according to the first certificate; in response to the second certificate being authenticated, saving the second certificate and transmitting the first key to the first node; and transmitting the data access address and the conversion value of the data to the second node, thereby ensuring the safety and reliability of the data transmission process.

In one embodiment of the present disclosure, the authorization condition may be any authorization condition for the data provider node to send data to the data receiver node, such as that the data receiver node pays a monetary bill to the data provider node, or a token.

In one embodiment of the present disclosure, for a contract, the first certificate may be a root certificate and the second certificate may be a data-authorized access certificate generated by the root certificate issuance. The contract uses the root certificate to generate the data authorized access certificate again, and compares the data authorized access certificate with the data authorized access certificate received from the data provider node, so that the reliability of the data authorized access certificate is verified, and the data authorized access certificate is prevented from being tampered in the transmission process.

In one embodiment of the present disclosure, for contracts, the transformed value of the data may be a hash value of the data, or other transforms with unique forward operand values and huge reverse operand values. By comparing hash converted values of data, transmitted data is prevented from being tampered.

In one embodiment of the present disclosure, the contract may be a smart contract that may be distributed, such as a blockchain that may be distributed. Through the distributed structure of the blockchain, information such as an authorization condition, a root certificate, a data access entry URL, a data authorization access certificate and the like stored in the intelligent contract can be prevented from being illegally tampered, so that reliable authorization of data transmission is ensured, and the information can be used as evidence when disputes occur.

Fig. 4 shows a flow chart of a data transfer method according to the second node in the embodiment shown in fig. 1. As shown in fig. 4, the data transfer method includes: steps S401, S402, S403, S404, S405.

In step S401, a second certificate is received from the first node.

In step S402, the second certificate and the first key are sent to the intermediate node.

In step S403, the data access address and the transformed value of the data are received from the intermediate node.

In step S404, the data access address of the first node is accessed, and a signature based on the second key is sent to the first node.

In step S405, data is received from the first node, and the converted value of the data is checked to confirm whether the received data is correct.

In one embodiment of the present disclosure, a data receiver node receives a data grant access credential from a data provider node; transmitting the data-authorized access certificate and the public key to the contract; receiving a data access entry URL and a transformed value of the data from the contract; accessing a data access portal URL of a data provider node, and sending a signature based on a private key to the data provider node; data is received from the data provider node and the transformed value of the data is checked to confirm whether the received data is correct, thereby reliably receiving the data from the first node.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate is received from the first node; transmitting the second certificate and the first key to the intermediate node; receiving a data access address and a transformed value of the data from the intermediate node; accessing a data access address of the first node, transmitting a signature based on the second key to the first node; data is received from the first node and the transformed value of the data is checked to confirm whether the received data is correct, thereby ensuring that the data transfer process is safe and reliable.

In one embodiment of the present disclosure, for a data receiver node, a public key is generated based on a private key, thereby ensuring the authenticity of a signature based on the private key.

According to the technical scheme provided by the embodiment of the disclosure, the first secret key is generated based on the second secret key, so that the reliability of the signature based on the second secret key is ensured, and the safety and reliability of the data transmission process are further ensured.

Fig. 5 shows an exemplary schematic diagram of a data transfer system according to an embodiment of the present disclosure. As shown in fig. 5, the data transfer system 500 includes: data providers, smart contracts, and data recipients.

The steps taken by the data provider are S501, S502, S503, S504, the steps taken by the smart contract are S505, S506, S507, S508, S509, and the steps taken by the data receiver are S510, S511, S512, S513, S514.

The data provider, the smart contract and the data receiver realize reliable transmission of data by the following modes:

in step S501, transmitting the authorization condition, the root certificate, the data access portal URL, and the hash value of the data to the smart contract;

in step S505, an authorization condition, a root certificate, a data access entry URL, and a hash value of data are received from a data sender;

in step S502, a data authorized access certificate is transmitted to a data receiver;

in step S510, a data authorized access certificate is received from a data sender;

in step S511, sending the data-authorized access certificate and the public key to the smart contract;

in step S506, receiving the data-authorized access certificate and the public key from the data receiver;

in step S507, the authorization condition is verified, and the access certificate is authorized according to the root certificate verification data;

in step S508, in response to the data authorized access certificate passing the verification, saving the data authorized access certificate, and transmitting the public key to the data transmitter;

in step S503, a public key is received from the smart contract, and the public key is saved to the allowed access list;

in step S509, the data access entry URL and the hash value of the data are transmitted to the data receiving side;

In step S512, receiving a data access entry URL and a hash value of the data from the smart contract;

in step S513, the data access portal URL of the data sender is accessed, and a signature based on the private key is transmitted to the data sender;

in step S504, a signature based on the private key is received from the data receiving side, the signature based on the private key is verified, and data is transmitted to the data receiving side;

in step S514, data is received from the data sender, and the hash value of the data is checked to confirm whether the received data is correct.

According to the technical scheme provided by the embodiment of the disclosure, through a data transmission system, the system comprises a first node, an intermediate node and a second node, and is characterized in that the first node transmits an authorization condition, a first certificate, a data access address and a conversion value of data to the intermediate node; the first node sending the second certificate to the second node; the second node sends the second certificate and the first key to the intermediate node; the intermediate node verifies the authorization condition and verifies the second certificate in accordance with the first certificate; in response to the second certificate being authenticated, the intermediate node saves the second certificate and sends the first key to the first node; the first node receives the first key and stores the first key into an allowed access list; the intermediate node sends the data access address and the transformed value of the data to the second node; the second node accesses the data access address of the first node and sends a signature based on the second key to the first node; the first node verifies the signature based on the second key and sends data to the second node by verification in response to the signature based on the second key; the second node receives the data and checks the transformed value of the data to confirm whether the received data is correct, thereby preventing the authorization condition and the certificate from being illegally modified and preventing the transmitted data from being leaked or tampered. Therefore, the data transmission process is ensured to be safe and reliable.

It should be noted that the data transfer system shown in fig. 5 may be implemented in connection with a blockchain, as well as a system of data providers, verification centers, and data recipients, or in other ways.

Fig. 6 shows a block diagram of a data transfer device according to an embodiment of the present disclosure. As shown in fig. 6, the data transfer apparatus 600 includes: an authorization condition transmitting means 601, a second certificate transmitting means 602, a first key receiving means 603, and a data transmitting means 604.

The authorization condition transmitting means 601 is configured to transmit the authorization condition, the first certificate, the data access address, and the converted value of the data to the intermediate device;

the second certificate transmitting means 602 is configured to transmit a second certificate to the second device;

the first key receiving means 603 is configured to receive a first key from the intermediate device, save the first key to the allowed access list;

the data transmission means 604 is configured to receive a signature based on the second key from the second device, verify the signature based on the second key, and transmit data to the second device by verification in response to the signature based on the second key.

According to the technical scheme provided by the embodiment of the disclosure, the authorization condition sending device is configured to send the authorization condition, the first certificate, the data access address and the conversion value of the data to the intermediate equipment; second certificate transmission means configured to transmit a second certificate to the second device; a first key receiving means configured to receive a first key from the intermediate device, save the first key to the allowed access list; and a data transmitting means configured to receive a signature based on the second key from the second device, verify the signature based on the second key, and transmit data to the second device by verification in response to the signature based on the second key, thereby preventing the data transmitted to the second device from being leaked or tampered with. Therefore, the data transmission process is ensured to be safe and reliable.

Fig. 7 shows a block diagram of a data transfer device according to another embodiment of the present disclosure. As shown in fig. 7, the data transfer apparatus 700 includes: the authorization condition receiving means 701, the second certificate and first key receiving means 702, the authorization verifying means 703, the first key transmitting means 704, the data access address and data conversion value transmitting means 705.

The authorization condition receiving means 701 is configured to receive an authorization condition, a first certificate, a data access address and a transformed value of the data from the first device.

The second certificate and first key receiving means 702 is configured to receive the second certificate and the first key from the second device.

The authorization verification means 703 is configured to verify the authorization condition, verifying the second certificate from the first certificate.

The first key transmission means 704 is configured to save the second certificate in response to the second certificate being authenticated and to transmit the first key to the first device.

The data access address and data conversion value transmitting means 705 is configured to transmit the data access address and the conversion value of the data to the second device.

According to the technical scheme provided by the embodiment of the disclosure, through the authorization condition receiving device, the authorization condition receiving device is configured to receive the authorization condition, the first certificate, the data access address and the conversion value of the data from the first equipment; second certificate and first key receiving means configured to receive the second certificate and the first key from the second device; an authorization verification device configured to verify an authorization condition, the second certificate being verified according to the first certificate; first key transmission means configured to save the second certificate in response to the second certificate being authenticated, and transmit the first key to the first device; and the data access address and data conversion value transmitting device is configured to transmit the data access address and the conversion value of the data to the second device, so that the safety and reliability of the data transmission process are ensured.

Fig. 8 shows a block diagram of a data transfer apparatus according to still another embodiment of the present disclosure. As shown in fig. 8, the data transfer device 800 includes: a second certificate receiving means 801, a second certificate and first key transmitting means 802, a data access address and data conversion value receiving means 803, a second key signature transmitting means 804, and a data receiving means 805.

The second certificate receiving means 801 is configured to receive a second certificate from the first device.

The second certificate and first key sending means 802 is configured to send the second certificate and the first key to the intermediary device.

The data access address and data transformation value receiving means 803 is configured to receive a transformation value of the data access address and data from the intermediate device.

The second key signature transmitting means 804 is configured to access a data access address of the first device and transmit a signature based on the second key to the first device.

The data receiving means 805 is configured to receive data from the first device and to check the transformed value of the data to confirm whether the received data is correct.

According to the technical scheme provided by the embodiment of the disclosure, the second certificate receiving device is configured to receive the second certificate from the first device; second certificate and first key transmitting means configured to transmit the second certificate and the first key to the intermediate device; data access address and data conversion value receiving means configured to receive a conversion value of data access address and data from the intermediate device; a second key signature transmitting means configured to access a data access address of the first device, transmit a signature based on the second key to the first device; and the data receiving device is configured to receive the data from the first device and check the conversion value of the data to confirm whether the received data is correct or not, so that the safety and reliability of the data transmission process are ensured.

Fig. 9 shows a block diagram of an electronic device according to an embodiment of the present disclosure.

The foregoing embodiments describe the internal functions and structure of a data processing node or resource allocation node, which in one possible design may be implemented as an electronic device, as shown in fig. 9, which electronic device 900 may include a processor 901 and a memory 902.

The memory 902 is configured to store a program supporting a processor to execute the data processing method or the resource allocation method in any of the above embodiments, and the processor 901 is configured to execute the program stored in the memory 902.

The memory 902 is configured to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor 901 to perform the steps of:

the first node sends a second certificate to a second node;

In one embodiment of the present disclosure, the authorization condition is that the second node pays a bill to the first node.

In one embodiment of the present disclosure, the second certificate is generated based on the first certificate.

In one embodiment of the disclosure, the first key is generated based on the second key, and the verifying the signature based on the second key comprises: and verifying the signature based on the second key according to the first key.

In one embodiment of the present disclosure, the intermediate nodes are distributed.

In one embodiment of the present disclosure, the transformed value of the data is a hash transformed value of the data.

In one embodiment of the disclosure, the first node is a data provider, the second node is a data receiver, and the intermediate node is a contract constructed to enable data transfer between the first node and the second node.

The one or more computer instructions are also executed by the processor 901 to perform the steps of:

transmitting the second certificate to the second node;

receiving a second certificate and a first key from a second node;

receiving a second certificate from the first node;

transmitting the second certificate and the first key to an intermediate node;

In one embodiment of the present disclosure, the first key is generated based on the second key.

As shown in fig. 10, a computer system 1000 includes a processor (CPU, GPU, FPGA, etc.) 1001 that can execute part or all of the processing in the embodiments shown in the above figures in accordance with a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. In the RAM1003, various programs and data required for the operation of the system 1000 are also stored. The processor 1001, the ROM1002, and the RAM1003 are connected to each other by a bus 1004. An input/output (I/O) interface 1005 is also connected to bus 1004.

The following components are connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.

In particular, according to embodiments of the present disclosure, the method described above with reference to the drawings may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a medium readable thereby, the computer program comprising program code for performing the method in the accompanying drawings. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware. The units or modules described may also be provided in a processor, the names of which in some cases do not constitute a limitation of the unit or module itself.

As another aspect, the present disclosure also provides a computer-readable storage medium, which may be a computer-readable storage medium contained in the node in the above embodiment; or may be a computer-readable storage medium, alone, that is not assembled into a device. The computer-readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.

The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention referred to in this disclosure is not limited to the specific combination of features described above, but encompasses other embodiments in which any combination of features described above or their equivalents is contemplated without departing from the inventive concepts described. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).

Claims

1. A data transfer method, comprising:

the first node sends a second certificate to a second node;

2. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the authorization condition is that the second node pays a bill to the first node.

3. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the second certificate is generated based on the first certificate.

4. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the first key is generated based on the second key, and the verifying the signature based on the second key includes: and verifying the signature based on the second key according to the first key.

5. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the intermediate nodes are distributed.

6. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the transformed value of the data is a hash transformed value of the data.

7. The method of claim 1, wherein the first node is a data provider and the second node is a data receiver, and wherein the intermediate node is a contract constructed to enable data transfer between the first node and the second node.

8. A data transfer system comprising a first node, an intermediate node and a second node, the system being characterized in that,

the first node sending a second certificate to the second node;

9. An electronic device includes a memory and a processor; wherein the memory is for storing one or more computer instructions, wherein the one or more computer instructions are executed by the processor to implement the method of any of claims 1-7.

10. A readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any of claims 1 to 7.