Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
Referring to fig. 1 and fig. 3, a data tracing and circulating method based on network trust includes the steps of:
s1, the data circulation platform receives the authorization data item sent by the data authorization party to obtain an authorization data item set, and the authorization data item set is stored in the interplanetary file system;
s2, the data circulation platform receives a data query request sent by a data demand party, the data query request comprises a required data item, whether the required data item is in the authorized data item set is verified, and if yes, S3 is executed;
s3, the data circulation platform routes the data query request to the edge node corresponding to the data owner corresponding to the authorized data item;
s4, the edge node acquires target data according to the required data item and stores the target data in the interplanetary file system;
and S5, the data circulation platform acquires the target data through the interplanetary file system and forwards the target data to the data demand side.
From the above description, the beneficial effects of the present invention are: the data circulation platform receives the data query request sent by the data demand party in a unified mode, authenticates the data query request, forwards the data query request meeting the conditions to the edge node corresponding to the corresponding data owner to acquire data, reduces the pressure of the data circulation platform for processing the data query request, achieves data exchange between the data circulation platform and the edge node through the interplanetary file system, does not need to transfer data layer by layer through complex asynchronous calling, and can conveniently acquire the data stored in the interplanetary file system in the edge node or the data circulation platform by the other party, so that the data transmission efficiency is improved, and the real-time performance of the data is also guaranteed by directly acquiring the data from the data owner.
Further, the S1 specifically includes:
receiving authorized data items sent by a data authorization party to obtain an authorized data item set, hashing the authorized data item set and storing the hashed value in an interplanetary file system, and obtaining a hashed value identifier of each authorized data item in the interplanetary file system;
storing the hash value identification and the data authority into a preset block chain;
verifying in said S2 whether said required data item is included in said set of authorized data items:
obtaining the hash value of the required data item, and comparing the hash value with the hash value identification;
and if the first hash value identification which is the same as the hash value exists, the required data item is in the authorized data item set.
According to the description, the authorized data item set is stored in the interplanetary file system, the interplanetary file system stores the file by taking the hash value of the file content as the identifier, namely, the file content as the identifier, so that the comparison between the required data item and the authorized data item is conveniently carried out subsequently, and the existing mode of storing the file by the address is replaced, and the access of the file is more flexible.
Further, the S2 further includes:
checking whether the data demander subscribes to the access API corresponding to the required data item;
and obtaining the target data corresponding to the required data item through the access API.
According to the description, whether the data demand party has the authority to acquire the required data item or not is judged by checking whether the data demand party subscribes the access API corresponding to the required data item in the data query request or not, the data circulation platform authenticates the data demand party, and the data owner party only needs to acquire the corresponding data according to the data query request, so that the pressure of the data owner party is reduced.
Further, the S4 specifically includes:
the edge node acquires target data from a data owner according to the required data item;
encrypting the target data to obtain ciphertext target data;
and fragmenting the ciphertext data according to a preset scheme through the interplanetary file system to obtain a plurality of ciphertext fragment data, and storing the plurality of ciphertext fragment data into the interplanetary file system.
According to the description, after the edge node acquires the target data, the target data is encrypted, so that the data circulation platform is encrypted by the target data except for the data owner and the data demand side, and the data safety is guaranteed.
Further, the access API is a synchronous call or an asynchronous call.
As can be seen from the above description, the access API may set a synchronous call or an asynchronous call when it is issued, and can change according to the request frequency of the required data item.
Referring to fig. 2, a data tracing and circulating system based on network trust includes a data circulating platform and an edge node, where the data circulating platform includes a first memory, a first processor, and a first computer program stored in the first memory and operable on the first processor, the edge node includes a second memory, a second processor, and a second computer program stored in the second memory and operable on the second processor, and the first processor implements the following steps when executing the first computer program:
s1, receiving an authorized data item set sent by a data authorizing party, and storing the authorized data item set in an interplanetary file system;
s2, receiving a data query request sent by a data demand party, wherein the data query request comprises a required data item, verifying whether the required data item is in the authorized data item set, and if so, executing S3;
s3, routing the data query request to the edge node corresponding to the data owner corresponding to the authorized data item;
s5, acquiring the target data through the interplanetary file system and forwarding the target data to the data demand side;
the second processor, when executing the second computer program, implements the steps of:
and S4, the edge node acquires target data according to the required data item and stores the target data in the interplanetary file system.
The invention has the beneficial effects that: the data circulation platform receives the data query request sent by the data demand party in a unified mode, authenticates the data query request, forwards the data query request meeting the conditions to the edge node corresponding to the corresponding data owner to acquire data, reduces the pressure of the data circulation platform for processing the data query request, achieves data exchange between the data circulation platform and the edge node through the interplanetary file system, does not need to transfer data layer by layer through complex asynchronous calling, and can conveniently acquire the data stored in the interplanetary file system in the edge node or the data circulation platform by the other party, so that the data transmission efficiency is improved, and the real-time performance of the data is also guaranteed by directly acquiring the data from the data owner.
Further, the S1 specifically includes:
receiving an authorized data item sent by a data authorized party to obtain an authorized data item set, storing the authorized data item set in an interplanetary file system, and acquiring a hash value identifier of each authorized data item in the interplanetary file system;
storing the hash value identification and the data authority into a preset block chain;
verifying in said S2 whether said required data item is included in said set of authorized data items:
obtaining the hash value of the required data item, and comparing the hash value with the hash value identification;
and if the first hash value identification which is the same as the hash value exists, the required data item is in the authorized data item set.
According to the description, the authorized data item set is stored in the interplanetary file system, the interplanetary file system stores the file by taking the hash value of the file content as the identifier, namely, the file content as the identifier, so that the comparison between the required data item and the authorized data item is conveniently carried out subsequently, and the existing mode of storing the file by the address is replaced, and the access of the file is more flexible.
Further, the first processor when executing the first computer program implementation S2 further includes:
checking whether the data demander subscribes to the access API corresponding to the required data item;
and obtaining the target data corresponding to the required data item through the access API.
According to the description, whether the data demand party has the authority to acquire the required data item or not is judged by checking whether the data demand party subscribes the access API corresponding to the required data item in the data query request or not, the data circulation platform authenticates the data demand party, and the data owner party only needs to acquire the corresponding data according to the data query request, so that the pressure of the data owner party is reduced.
Further, the S4 specifically includes:
the edge node acquires target data from a data owner according to the required data item;
encrypting the target data to obtain ciphertext target data;
and fragmenting the ciphertext data according to a preset scheme through the interplanetary file system to obtain a plurality of ciphertext fragment data, and storing the plurality of ciphertext fragment data into the interplanetary file system.
According to the description, after the edge node acquires the target data, the target data is encrypted, so that the data circulation platform is encrypted by the target data except for the data owner and the data demand side, and the data safety is guaranteed.
Further, the access API is a synchronous call or an asynchronous call.
As can be seen from the above description, the access API may set a synchronous call or an asynchronous call when it is issued, and can change according to the request frequency of the required data item.
Referring to fig. 1 and 5, a first embodiment of the present invention is:
a data tracing and circulating method based on network trust comprises the following steps:
s1, the data circulation platform receives an authorized data item set obtained by receiving an authorized data item sent by a data authorizer (the data producer in fig. 5), and stores the authorized data item set in an interplanetary file system, specifically:
receiving authorized data items sent by a data authorization party to obtain an authorized data item set, hashing the authorized data item set and storing the hashed value in an interplanetary file system, and obtaining a hashed value identifier of each authorized data item in the interplanetary file system;
storing the hash value identification, the name of the data authorizer, the sending time of a data packet comprising the authorized data item set and the digital certificate information of the data authorizer into a preset block chain;
s2, the data circulation platform receives a data query request sent by a data demand party, the data query request comprises a required data item, whether the required data item is in the authorized data item set is verified, and if yes, S3 is executed;
s2 includes: checking whether the data demander subscribes to the access API corresponding to the required data item;
the target data corresponding to the required data item can be obtained through the access API, and specifically, the access API can call a data API of a data owner to obtain the target data;
wherein verifying whether the required data item is in the set of authorized data items comprises:
obtaining the hash value of the required data item, and comparing the hash value with the hash value identification;
if a first hash value identifier identical to the hash value exists, the required data item is in the authorized data item set;
s3, the data circulation platform routes the data query request to an edge node corresponding to a data owner (data collector in fig. 5) corresponding to the authorized data item;
s4, the edge node acquires target data according to the required data item, and stores the target data in the interplanetary file system, specifically:
the edge node acquires target data from a data owner according to the required data item;
encrypting the target data to obtain ciphertext target data;
the ciphertext data are segmented according to a preset scheme through the interplanetary file system to obtain a plurality of ciphertext segmented data, and the ciphertext segmented data are stored into the interplanetary file system;
submitting the output transaction to a blockchain for evidence storage;
specifically, the output transaction includes: the name of the data owner and the hash value of the ciphertext target data in the interplanetary file system;
s5, the data circulation platform acquires the target data through the interplanetary file system and forwards the target data to the data demand side;
specifically, after storing the target data in the interplanetary file system, the edge node sends a callback message to the data circulation platform, and after receiving the callback message, the data circulation platform acquires a target hash value of the target data through the interplanetary file system and forwards the target hash value to the data demand side;
the data demander inquires in the interplanetary file system according to the target hash value to obtain target data, and submits inquiry transaction to a block chain for evidence storage;
specifically, the query transaction includes: the name of the data demander, the time when the data demander receives the data packet with the target data and the target hash value;
in an alternative embodiment, the data archived in the blockchain for each step is shown in table 1:
TABLE 1
Referring to fig. 4, a second embodiment of the present invention is:
the data tracing and circulating method based on the network trust is applied to an actual scene:
in this embodiment, the data circulation platform includes a message center and an API gateway;
a message center corresponds to a plurality of edge nodes, and under the condition that the message center comprises a plurality of data circulation platforms:
s1, each data circulation platform receives the authorization data item sent by the corresponding data authorization party to obtain an authorization data item set, and stores the authorization data item set in an interplanetary file system, specifically:
receiving authorized data items sent by a data authorization party to obtain an authorized data item set, hashing the authorized data item set and storing the hashed value in an interplanetary file system, and obtaining a hashed value identifier of each authorized data item in the interplanetary file system;
storing the hash value identification and the data authority into a preset block chain;
s2, the first data circulation platform receives a data query request sent by a data demand party, wherein the data query request comprises a required data item, whether the required data item is in the authorized data item set is verified, and if yes, S3 is executed;
s2 includes: checking whether the data demander subscribes to an access API in the first data circulation platform or not through an API gateway;
target data corresponding to the required data item can be obtained through the access API;
wherein verifying whether the required data item is in the set of authorized data items comprises:
obtaining the hash value of the required data item, and comparing the hash value with the hash value identification;
if a first hash value identifier identical to the hash value exists, the required data item is in the authorized data item set;
s3, the first data circulation platform routes the data query request to a target edge node corresponding to the data owner corresponding to the authorized data item;
if the target edge node does not correspond to the first data circulation platform, routing the data query request to a total data circulation platform (a national data circulation platform), checking whether the data calling is legal through an interplanetary file system, if so, acquiring a second data circulation platform corresponding to the target edge node by the total data circulation platform, routing the data query request to the second data circulation platform, and checking whether the data calling is legal through the interplanetary file system;
specifically, the specific step of checking whether the data call is legal through the interplanetary file system is as follows: obtaining an authorized data item set through an interplanetary file system, verifying whether the required data item is in the authorized data item set, and calling legality if the required data item is in the authorized data item set;
the second data circulation platform routes the data query request to the target edge node;
s4, the target edge node acquires target data according to the required data item and stores the target data in the interplanetary file system;
submitting the output transaction to a blockchain for evidence storage;
the output transaction includes: the name of the data owner, the hash value of the data packet of the target data in the interplanetary file system, the time for sending the data packet including the target data to the interplanetary file system by the edge node and the digital certificate information of the data owner;
s5, the data circulation platform acquires the target data through the interplanetary file system and forwards the target data to the data demand side;
specifically, after storing target data in an interplanetary file system, the edge node sends a callback message to a second data circulation platform, the second data circulation platform receives the callback message and then forwards the callback message to a total data circulation platform, the total data circulation platform receives the callback message and then forwards the callback message to a first data circulation platform, and the first data circulation platform receives the callback message and then obtains a target hash value of the target data through the interplanetary file system and forwards the target hash value to a data demand side;
the data demander inquires in the interplanetary file system according to the target hash value to obtain target data, and submits inquiry transaction to a block chain for evidence storage;
specifically, the query transaction includes: the name of the data demander, the time when the data demander receives the data packet with the target data and the target hash value.
Referring to fig. 2, a third embodiment of the present invention is:
a data tracing and circulating system 3 based on network trust includes a data circulating platform 1 and an edge node 2, where the data circulating platform 1 includes a first memory 1.2, a first processor 1.1 and a first computer program stored in the first memory 1.2 and operable on the first processor 1.1, the edge node 2 includes a second memory 2.2, a second processor 2.1 and a second computer program stored in the second memory 2.2 and operable on the second processor 2.1, the first processor 1.1 implements the steps implemented by the data circulating platform in the first embodiment or the second embodiment when executing the first computer program, and the second processor 2.1 implements the steps implemented by the edge node in the first embodiment or the second embodiment when executing the second computer program.
In summary, the invention provides a data tracing and circulating method and system based on network trust, a data circulating platform and edge nodes are arranged, the edge nodes are arranged at one side of a data owner, the data circulating platform performs authentication of data query requests and forwards the data query requests to the corresponding edge nodes, the data owner does not need to care which data owner the data query requests are sent to, and the data owner does not need to verify the authority of the data owner, so that the execution efficiency of the data query requests is improved; introducing a interstellar file system, wherein the interstellar file system uses the hash value of the file content as an identifier to realize the storage of the files, and can use the hash value to realize the comparison of whether the files are the same or not; the data circulation platform does not need to gather data, the data is directly acquired from a data owner for a data demand side, the real-time performance of the acquired data is guaranteed, all the steps are filed on a block chain, the source and the destination of the data can be traced back, the data cannot be tampered and irreversible, the data is encrypted and completed on an edge node, the edge node is arranged at one end of the data owner, namely the data circulation platform serving as a transfer mode can not acquire plaintext data content except the data owner and the final data demand side, and the safety of the data in the transmission process is guaranteed.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.