CN114900324A - Data interaction method based on ODIN and related equipment - Google Patents
Data interaction method based on ODIN and related equipment Download PDFInfo
- Publication number
- CN114900324A CN114900324A CN202210131401.5A CN202210131401A CN114900324A CN 114900324 A CN114900324 A CN 114900324A CN 202210131401 A CN202210131401 A CN 202210131401A CN 114900324 A CN114900324 A CN 114900324A
- Authority
- CN
- China
- Prior art keywords
- data
- odin
- key
- node
- target data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000003993 interaction Effects 0.000 title claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 22
- 238000013507 mapping Methods 0.000 claims abstract description 5
- 238000010200 validation analysis Methods 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 4
- 230000002123 temporal effect Effects 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 230000003287 optical effect Effects 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 239000010410 layer Substances 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000002355 dual-layer Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The application provides a data interaction method based on ODIN and related equipment, wherein the method comprises the following steps: generating an ODIN number of target data provided by a data provider node according to the open data index naming identifier ODIN, and mapping the ODIN number to metadata of the target data and a uniform resource locator URL; storing metadata containing the ODIN number and the URL on the blockchain; responding to a data access request issued by a data acquirer node, analyzing the data access request to obtain an ODIN (open data in) number, and determining target data according to the metadata and the URL corresponding to the ODIN number; verifying whether the data acquisition side node has the data access authority or not according to a preset verification rule; and if so, encrypting the target data, and sending the encrypted target data to the data acquisition side node for decryption to obtain the target data. The method of the application not only improves the safety and reliability of data interaction, but also can ensure the uniqueness of the data.
Description
Technical Field
The present application relates to the field of information technologies, and in particular, to a Data interaction method based on an Open Data Index name identifier (ODIN) and a related device.
Background
With the development of network technology, people can conveniently acquire files wanted by themselves through a network, and meanwhile, it becomes more and more important to perform secure and trusted data transmission through the network.
The existing data transmission mode is realized by a centralized data sharing platform. Because the centralized data sharing platform realizes the sharing and the exchange of data by a centralized means, for a data producer, the data transmission is realized by the centralized means, and the data sharing and exchange processes are public, the data privacy is leaked, and the data interaction safety is low.
Disclosure of Invention
In view of the above, an object of the present application is to provide a data interaction method based on ODIN and a related device.
In view of the above, a first aspect of the present application provides an ODIN-based data interaction method, applied to a blockchain system, including:
generating an ODIN number of target data provided by a data provider node according to an open data index naming identifier ODIN, and mapping the ODIN number to metadata and a Uniform Resource Locator (URL) of the target data;
storing the metadata and URL containing the ODIN number on a blockchain;
responding to a data access request issued by a data acquirer node, analyzing the data access request to obtain an ODIN (open data in) number, and determining the target data according to the metadata and the URL corresponding to the ODIN number;
verifying whether the data acquisition side node has data access authority or not according to a preset verification rule;
if so, encrypting the target data according to a preset encryption mode to obtain first encrypted data, sending the first encrypted data to the data acquisition side node, and decrypting the first encrypted data by the data acquisition side node according to a decryption mode corresponding to the encryption mode to obtain the target data.
Further, the encrypting the target data according to a predetermined encryption method to obtain first encrypted data includes:
encrypting the sensitive field in the target data according to the first symmetric key to obtain second encrypted data;
and encrypting the second encrypted data according to a second symmetric key to obtain the first encrypted data.
Further, the encrypting the target data according to the predetermined encryption method to obtain the first encrypted data further includes:
encrypting the first symmetric key according to the public key of the data acquirer node to obtain a first encryption key;
and encrypting the second symmetric key according to the public key of the data acquirer node to obtain a second encryption key.
Further, the data acquirer node decrypts the first encrypted data according to the decryption mode corresponding to the encryption mode to obtain the target data, including:
acquiring the first encryption key and the second encryption key;
decrypting the second encryption key according to the private key of the data acquirer node to obtain a second symmetric key;
decrypting the first encrypted data according to the second symmetric key to obtain second encrypted data;
decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key;
and decrypting the second encrypted data according to the first symmetric key to obtain target data.
Further, the validation rule includes at least one of: a temporal validation rule and a spatial validation rule; wherein the content of the first and second substances,
the time verification rule is used for judging whether the time for the data acquirer node to access the target data is in the accessible time interval of the target data or not, and if so, the data acquirer node has data access authority;
the space verification rule is to judge whether the public key of the data acquirer node is in a public key list allowing the target data to be accessed, and if so, the data acquirer node has data access permission.
Further, storing the metadata containing the ODIN and the URL on the blockchain further comprises:
the PBFT algorithm is used to agree on the ODIN numbers between the nodes of the block chain.
Further, the block chain is a federation chain, and the method further includes:
acquiring identity information of a node to be accessed into a alliance chain;
verifying the identity information through an intelligent contract to obtain an identity verification result;
and in response to the fact that the identity authentication result is that the identity authentication is passed, generating a public key and a private key for data encryption and decryption through an intelligent contract, wherein the private key is sent to the node to be accessed into the federation chain, and the public key is stored in the federation chain.
Based on the same inventive concept, a second aspect of the present application provides an ODIN-based data interaction device, comprising:
the identification generation module is configured to name an identification ODIN according to the open data index, generate an ODIN of target data provided by a data provider node, and map the ODIN to metadata and a Uniform Resource Locator (URL) of the target data;
a storage module configured to store the metadata and URL containing the ODIN number on a blockchain;
the identification analysis module is configured to respond to a data access request issued by a data acquirer node, analyze the data access request to obtain an ODIN (optical distribution network) number, and determine the target data according to the metadata and the URL corresponding to the ODIN number;
the right confirming module is configured to verify whether the data acquirer node has data access right according to a preset verification rule;
and the data interaction module is configured to encrypt the target data according to a preset encryption mode to obtain first encrypted data if the target data has the data access right, send the first encrypted data to the data acquirer node, and decrypt the first encrypted data by the data acquirer node according to a decryption mode corresponding to the encryption mode to obtain the target data.
Further, the data interaction module is further configured to encrypt a sensitive field in the target data according to the first symmetric key to obtain second encrypted data;
and encrypting the second encrypted data according to a second symmetric key to obtain the first encrypted data.
Further, the data interaction module is further configured to encrypt the first symmetric key according to the public key of the data acquirer node to obtain a first encryption key;
and encrypting the second symmetric key according to the public key of the data acquirer node to obtain a second encryption key.
Further, the data interaction module is further configured to obtain the first encryption key and the second encryption key;
decrypting the second encryption key according to the private key of the data acquirer node to obtain a second symmetric key;
decrypting the first encrypted data according to the second symmetric key to obtain second encrypted data;
decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key;
and decrypting the second encrypted data according to the first symmetric key to obtain target data.
Based on the same inventive concept, a third aspect of the present application provides an electronic device, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the method according to the first aspect when executing the program.
Based on the same inventive concept, a fourth aspect of the present application provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of the first aspect.
As can be seen from the foregoing, according to the data interaction method and the related device based on the ODIN provided by the present application, the data provided by the data provider is identified by using the open data index naming identifier, so that the data has an autonomous and secure unique index identifier. Through a double-layer encryption and decryption mechanism, the data can be guaranteed to be stored in a trusted mode and transmitted safely in the network. In addition, the data acquisition party is subjected to identity verification, and the safety of data interaction can be further ensured.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the related art, the drawings needed to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of an ODIN-based data interaction method according to an embodiment of the present application;
FIG. 2 is a schematic flowchart of a target data and symmetric key encryption method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a target data and symmetric key decryption method according to an embodiment of the present application;
fig. 4 is a flowchart of an authentication method for a node to be connected to a federation chain according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an ODIN-based data interaction device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to the accompanying drawings in combination with specific embodiments.
It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
As described in the background section, the data interaction scheme in the related art is also difficult to meet the requirement, and data interaction is generally achieved through a centralized means, however, privacy disclosure is easily caused in the data sharing and exchanging process through the centralized means, and the security of data interaction is low.
In addition, in a specific case (for example, data only provided for internal personnel to view) in order to prevent data leakage, authority is also set for data operation, and people without authority cannot view and download the data. Although the mode through setting up the authority can play the effect of ensureing data security transmission to a certain extent, the mode that sets up different authorities and promote data security is limited only to the personnel of management and control login system access data, can't deal with other circumstances outside this situation, and the limitation is great.
In view of this, an embodiment of the present application provides a data interaction method based on an ODIN, where, in consideration of uniqueness between data and a data provider, the data provider registers an ODIN number for the data when issuing the data, and encrypts and decrypts the data by using a dual-layer encryption and decryption mechanism, and furthermore, data access rights of a data acquirer are limited by an intelligent contract, thereby ensuring that the data is transmitted safely over a network.
Hereinafter, the technical means of the present application will be described in detail by specific examples.
Referring to fig. 1, an embodiment of the present application provides an ODIN-based data interaction method applied to a block chain system, which specifically includes the following steps:
step S101, according to the open data index name identifier ODIN, generating an ODIN number of the target data provided by the data provider node, and mapping the ODIN number to metadata and a Uniform Resource Locator (URL) of the target data.
In this step, ODIN refers to an open system for identifying and exchanging data content indexes in a network environment in a broad sense, which complies with Uniform Resource Identifier (URI) specification and provides an extensible framework for autonomous open, secure and reliable data content management and intellectual property management based on digital cryptocurrency block chains. The ODIN narrowly identifies a permanent open identifier for any data content object.
Specifically, the ODIN includes a prefix portion and a suffix portion, wherein the prefix portion is composed of the digit serial number of the block in which the registration record of the ODIN on the blockchain is located and the Arabic digit designation (addressing from 0) of the specific storage location in the block in which the registration record is located. The suffix part is a positioning identifier for customizing the corresponding data content by the data provider, and the suffix part also needs to have uniqueness.
By mapping the ODIN number to the metadata and URL of the data resource, the ODIN number becomes part of the data resource and always co-exists with the data resource. In addition, the newly registered ODIN is checked by the blockchain management node to ensure that the ODIN number conforms to the naming specification and has uniqueness.
When the data provider node issues a plurality of data, the ODIN, the metadata and the URL corresponding to the data can be stored in the database of the data provider node in a JSON coding mode, and further an ODIN resource identification library is formed, so that the data can be effectively managed.
Step S102, storing the metadata containing the ODIN and the URL on the block chain.
In this step, the data resource is stored locally at the data provider, and the data acquirer can acquire the corresponding data resource through the URL information and the metadata information.
Step S103, responding to a data access request issued by a data acquirer node, analyzing the data access request to obtain an ODIN, and determining the target data according to the metadata and the URL corresponding to the ODIN.
In this step, when a user queries a data resource or related information about the data resource according to the ODIN number, a query request is positioned on the block chain through the open source ODIN library, and then is transmitted to the ODIN to represent that the access point registered by the owner is analyzed, and metadata and URL information of the data resource are obtained, so that encrypted target data can be obtained through the metadata and the URL information.
And step S104, verifying whether the data acquisition side node has the data access authority or not according to a preset verification rule.
In this step, by performing authority authentication on the user who acquires the data, a malicious user can be prevented from acquiring the data, and the security of the data is guaranteed.
Step S105, if yes, encrypting the target data according to a preset encryption mode to obtain first encrypted data, sending the first encrypted data to the data acquirer node, and decrypting the first encrypted data by the data acquirer node according to a decryption mode corresponding to the encryption mode to obtain the target data.
In this step, the predetermined encryption mode is a double-layer encryption mechanism, the corresponding decryption mode is a double-layer decryption mechanism, and the target data is converted into a ciphertext form, so that data leakage caused by interception of directly transmitted data is avoided, and the security of transmission of the target data on the block chain can be ensured.
Therefore, in the data interaction method based on the ODIN provided by the embodiment, the data provided by the data provider is identified by using the open data index naming identifier, so that the data has an autonomous and safe unique index identifier. Through a double-layer encryption and decryption mechanism, the data can be guaranteed to be stored in a trusted mode and transmitted safely in the network. In addition, the data acquisition party is subjected to identity verification, and the safety of data interaction can be further ensured.
In some embodiments, referring to fig. 2, the encrypting the target data according to the predetermined encryption manner to obtain the first encrypted data may include the following steps:
step S201, encrypting the sensitive field in the target data according to the first symmetric key to obtain second encrypted data.
In this step, the second encrypted data is target data in which only the sensitive field is encrypted.
Step S202, encrypt the second encrypted data according to a second symmetric key, to obtain the first encrypted data.
In this step, the encrypted sensitive field in the target data is encrypted again, and the data in the non-sensitive field in the target data is encrypted.
In this embodiment, the data provided and issued by the data provider is doubly encrypted, so that it can be guaranteed that only a data obtaining party having a data access right can read the data, security and reliability during data transmission are guaranteed, the data can be effectively prevented from being leaked and tampered, and a privileged user (such as an administrator) can be prevented from viewing a private data file.
In addition, in order to ensure the security of data, a data provider performs digital signature operation by using a pair of public/private keys generated by an intelligent contract when accessing a alliance chain, issues data after signature by using the private key, transmits the signed data through a data exchange network, performs signature verification after a data acquirer acquires the data, acquires public key information of the data provider from a block chain, and decrypts and verifies the digital signature by using the public key of the data provider so as to further guarantee the credibility of the data.
In some embodiments, referring to fig. 2, the encrypting the target data according to a predetermined encryption manner to obtain first encrypted data may further include the following steps:
step S301, encrypting the first symmetric key according to the public key of the data acquirer node to obtain a first encryption key.
Step S302, the second symmetric key is encrypted according to the public key of the data acquirer node to obtain a second encryption key.
In the embodiment, in order to further improve the security of data transmission, the symmetric key generated randomly twice is encrypted, so that a malicious user is prevented from obtaining the symmetric key to decrypt the data, and the security of the data is further ensured.
In some embodiments, referring to fig. 3, the decrypting, by the data acquirer node, the first encrypted data according to the decryption method corresponding to the encryption method to obtain the target data may include the following steps:
step S401, acquiring the first encryption key and the second encryption key.
Step S402, the second encryption key is decrypted according to the private key of the data acquirer node to obtain the second symmetric key.
Step S403, decrypting the first encrypted data according to the second symmetric key to obtain the second encrypted data.
Step S404, decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key.
And S405, decrypting the second encrypted data according to the first symmetric key to obtain target data.
In this embodiment, it is easy to understand that the process of decrypting data by the data obtaining party corresponds to the process of encrypting data, the data decrypted for the first time includes an encrypted sensitive field and a decrypted common field, and the data decrypted for the second time includes a decrypted sensitive field and a decrypted common field, that is, the target data.
In some embodiments, the validation rules include at least one of: temporal validation rules and spatial validation rules.
The time verification rule is used for judging whether the time for the data acquirer node to access the target data is in the accessible time interval of the target data or not, if so, the data acquirer node has data access authority, and otherwise, the data acquirer node does not have the data access authority.
When the data provider issues data, the life cycle of the data resource is restricted through the intelligent contract, and the accessible time interval of the data resource is specified in the intelligent contract. The data resource is open to the outside during the time interval, and is invisible to the outside beyond the specified time interval. By deploying the event which is triggered according to time in the intelligent contract, the timeliness of the data resource is effectively guaranteed.
The space verification rule is used for judging whether the public key of the data acquirer node is in a public key list allowing the target data to be accessed, if so, the data acquirer node has data access authority, and otherwise, the data acquirer node does not have the data access authority.
In addition, the external access authority of the data can be customized to form a rule table, and the rule table is embedded into an intelligent contract to control the access authority of the data.
In some embodiments, for step S102 in the foregoing embodiments, it may further include the following steps after that:
step S501, a Practical Byzantine Fault Tolerance (PBFT) algorithm is used to achieve consensus of the ODIN numbers among the nodes of the block chain.
The practical Byzantine fault-tolerant algorithm is an algorithm based on mathematical identification, final consistent output is achieved through information interaction and local consensus in three stages, and a consistent consensus result can be guaranteed to be finally and certainly output due to the fact that normal nodes with the proportion of more than two thirds exist in the system.
It can be easily seen that the ODIN numbers corresponding to the data resources are commonly identified, so that the data resources have strong tamper resistance and traceability.
It should be noted that other block chain consensus algorithms can also be selected according to practical situations, for example: a Proof of workload algorithm (Proof of Work, POW), a Proof of entitlement algorithm (Proof of stamp, POS), a Delegated Proof of entitlement algorithm (DPOS), and the like.
In some embodiments, referring to fig. 4, the blockchain is a federation chain, the method further comprising the steps of:
step S601, obtaining identity information of a node to be accessed to the federation chain.
In this step, the user registers when accessing the block chain for the first time, the registration is completed through the intelligent contract based on the preset registration information, and the identity information of the node after the registration is completed is permanently stored in the block chain.
And step S602, verifying the identity information through the intelligent contract to obtain an identity verification result.
In the step, a user transmits own identity information (such as an account number and a password) into an intelligent contract, the intelligent contract inquires whether corresponding registration information exists on a block chain according to a preset inquiry rule, if so, the identity authentication is passed, otherwise, the identity authentication is not passed.
Step S603, in response to determining that the authentication result is that the authentication is passed, generating a public key and a private key for data encryption and decryption through an intelligent contract, where the private key is sent to the node to be accessed to the federation chain, and the public key is stored in the federation chain and agrees with other federation chain nodes. And when the authentication result is that the authentication is not passed, indicating that the user has not successfully accessed the alliance chain.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the multiple devices may only perform one or more steps of the method of the embodiment, and the multiple devices interact with each other to complete the method.
It should be noted that the foregoing describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to the method of any embodiment, the application also provides a data interaction device based on ODIN.
Referring to fig. 5, the ODIN-based data interaction apparatus includes:
an identifier generating module 701 configured to name and identify an ODIN according to an open data index, generate an ODIN number of target data provided by a data provider node, and map the ODIN number to metadata and a uniform resource locator URL of the target data;
a storage module 702 configured to store the metadata and URL containing the ODIN number on a blockchain;
the identifier analyzing module 703 is configured to respond to a data access request issued by a data acquirer node, analyze the data access request to obtain an ODIN, and determine the target data according to the metadata and the URL corresponding to the ODIN;
the right confirming module 704 is configured to verify whether the data acquirer node has a data access right according to a preset verification rule;
the data interaction module 705 is configured to, if the data access right is provided, encrypt the target data according to a predetermined encryption manner to obtain first encrypted data, send the first encrypted data to the data acquirer node, and decrypt the first encrypted data by the data acquirer node according to a decryption manner corresponding to the encryption manner to obtain the target data.
As an optional embodiment, the data interaction module 705 is specifically configured to encrypt the sensitive field in the target data according to the first symmetric key, so as to obtain second encrypted data; and encrypting the second encrypted data according to a second symmetric key to obtain the first encrypted data.
As an optional embodiment, the data interaction module 705 is further specifically configured to encrypt the first symmetric key according to the public key of the data acquirer node to obtain a first encryption key; and encrypting the second symmetric key according to the public key of the data acquirer node to obtain a second encryption key.
As an optional embodiment, the data interaction module 705 is specifically further configured to obtain the first encryption key and the second encryption key; decrypting the second encryption key according to the private key of the data acquirer node to obtain a second symmetric key; decrypting the first encrypted data according to the second symmetric key to obtain second encrypted data; decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key; and decrypting the second encrypted data according to the first symmetric key to obtain target data.
As an alternative embodiment, the validation rule includes at least one of: temporal validation rules and spatial validation rules; the time verification rule is used for judging whether the time for the data acquirer node to access the target data is in the accessible time interval of the target data or not, and if yes, the data acquirer node has data access authority; the space verification rule is used for judging whether the public key of the data acquirer node is in a public key list allowing the target data to be accessed, and if so, the data acquirer node has data access authority.
As an optional embodiment, the apparatus further comprises a consensus module (not shown) specifically configured to use the PBFT algorithm to agree on the ODIN numbers between the nodes of the blockchain.
As an optional embodiment, the blockchain is a federation chain, and the apparatus further includes an identity authentication module (not shown) configured to acquire identity information of a node to be connected to the federation chain; verifying the identity information through an intelligent contract to obtain an identity verification result; and in response to the fact that the identity authentication result is that the identity authentication is passed, generating a public key and a private key for data encryption and decryption through an intelligent contract, wherein the private key is sent to the node to be accessed into the federation chain, and the public key is stored in the federation chain.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.
The apparatus of the foregoing embodiment is used to implement the corresponding ODIN-based data interaction method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the method for data interaction based on ODIN according to any embodiment described above is implemented.
Fig. 6 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 200, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 200, and communication interface 1040 are communicatively coupled to each other within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solutions provided by the embodiments of the present specification are implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called by the processor 1010 for execution.
The input/output interface 200 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 200, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the above embodiment is used to implement the corresponding ODIN-based data interaction method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiment methods, the present application further provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the ODIN-based data interaction method according to any of the above embodiments.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, for storing information may be implemented in any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the above embodiment are used to enable the computer to execute the method for data interaction based on ODIN according to any of the above embodiments, and have the beneficial effects of corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present application are intended to be included within the scope of the present application.
Claims (13)
1. A data interaction method based on ODIN is characterized in that the method is applied to a block chain system and comprises the following steps:
generating an ODIN number of target data provided by a data provider node according to an open data index naming identifier ODIN, and mapping the ODIN number to metadata and a Uniform Resource Locator (URL) of the target data;
storing the metadata and URL containing the ODIN number on a blockchain;
responding to a data access request issued by a data acquirer node, analyzing the data access request to obtain an ODIN (open data in) number, and determining the target data according to the metadata and the URL corresponding to the ODIN number;
verifying whether the data acquisition side node has data access authority or not according to a preset verification rule;
if so, encrypting the target data according to a preset encryption mode to obtain first encrypted data, sending the first encrypted data to the data acquisition side node, and decrypting the first encrypted data by the data acquisition side node according to a decryption mode corresponding to the encryption mode to obtain the target data.
2. The data interaction method according to claim 1, wherein the encrypting the target data according to a predetermined encryption manner to obtain first encrypted data comprises:
encrypting the sensitive field in the target data according to the first symmetric key to obtain second encrypted data;
and encrypting the second encrypted data according to a second symmetric key to obtain the first encrypted data.
3. The data interaction method according to claim 2, wherein after encrypting the target data according to a predetermined encryption manner to obtain first encrypted data, the method further comprises:
encrypting the first symmetric key according to the public key of the data acquirer node to obtain a first encryption key;
and encrypting the second symmetric key according to the public key of the data acquirer node to obtain a second encryption key.
4. The data interaction method according to claim 3, wherein the data acquirer node decrypts the first encrypted data according to a decryption manner corresponding to the encryption manner to obtain the target data, and the method includes:
acquiring the first encryption key and the second encryption key;
decrypting the second encryption key according to the private key of the data acquirer node to obtain a second symmetric key;
decrypting the first encrypted data according to the second symmetric key to obtain second encrypted data;
decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key;
and decrypting the second encrypted data according to the first symmetric key to obtain target data.
5. The data interaction method of claim 1, wherein the validation rules comprise at least one of: a temporal validation rule and a spatial validation rule; wherein the content of the first and second substances,
the time verification rule is used for judging whether the time for the data acquirer node to access the target data is in the accessible time interval of the target data or not, and if so, the data acquirer node has data access authority;
the space verification rule is used for judging whether the public key of the data acquirer node is in a public key list allowing the target data to be accessed, and if so, the data acquirer node has data access authority.
6. The data interaction method of claim 1, wherein after storing the metadata including the ODIN and the URL on the blockchain, further comprises:
the PBFT algorithm is used to agree on the ODIN numbers between the nodes of the block chain.
7. The data interaction method of claim 1, wherein the blockchain is a federation chain, the method further comprising:
acquiring identity information of a node to be accessed into a alliance chain;
verifying the identity information through an intelligent contract to obtain an identity verification result;
and in response to the fact that the identity authentication result is that the identity authentication is passed, generating a public key and a private key for data encryption and decryption through an intelligent contract, wherein the private key is sent to the node to be accessed into the federation chain, and the public key is stored in the federation chain.
8. An ODIN-based data interaction device, comprising:
the identification generation module is configured to name an identification ODIN according to the open data index, generate an ODIN of target data provided by a data provider node, and map the ODIN to metadata and a Uniform Resource Locator (URL) of the target data;
a storage module configured to store the metadata and URL containing the ODIN number on a blockchain;
the identification analysis module is configured to respond to a data access request issued by a data acquirer node, analyze the data access request to obtain an ODIN (optical distribution network) number, and determine the target data according to the metadata and the URL corresponding to the ODIN number;
the right confirming module is configured to verify whether the data acquirer node has data access right according to a preset verification rule;
and the data interaction module is configured to encrypt the target data according to a preset encryption mode to obtain first encrypted data if the target data has the data access authority, send the first encrypted data to the data acquirer node, and decrypt the first encrypted data by the data acquirer node according to a decryption mode corresponding to the encryption mode to obtain the target data.
9. The data interaction device of claim 8, wherein the data interaction module is further configured to encrypt the sensitive field in the target data according to a first symmetric key, resulting in second encrypted data;
and encrypting the second encrypted data according to a second symmetric key to obtain the first encrypted data.
10. The data interaction device according to claim 9, wherein the data interaction module is further configured to encrypt the first symmetric key according to a public key of the data acquirer node, so as to obtain a first encryption key;
and encrypting the second symmetric key according to the public key of the data acquirer node to obtain a second encryption key.
11. The data interaction device of claim 10, wherein the data interaction module is further configured to obtain the first encryption key and the second encryption key;
decrypting the second encryption key according to the private key of the data acquirer node to obtain a second symmetric key;
decrypting the first encrypted data according to the second symmetric key to obtain second encrypted data;
decrypting the first encryption key according to the private key of the data acquirer node to obtain the first symmetric key;
and decrypting the second encrypted data according to the first symmetric key to obtain target data.
12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
13. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210131401.5A CN114900324A (en) | 2022-02-11 | 2022-02-11 | Data interaction method based on ODIN and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210131401.5A CN114900324A (en) | 2022-02-11 | 2022-02-11 | Data interaction method based on ODIN and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114900324A true CN114900324A (en) | 2022-08-12 |
Family
ID=82715552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210131401.5A Pending CN114900324A (en) | 2022-02-11 | 2022-02-11 | Data interaction method based on ODIN and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114900324A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182418A (en) * | 2013-05-27 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Method and device for obtaining node metadata |
| CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
| CN109086378A (en) * | 2018-07-24 | 2018-12-25 | 中国科学院计算机网络信息中心 | The quickly generating of Data for Global unique identification is registered and analysis system and method |
| CN112073467A (en) * | 2020-08-11 | 2020-12-11 | 东软集团股份有限公司 | Block chain-based data transmission method and device, storage medium and electronic equipment |
| CN113411638A (en) * | 2020-12-24 | 2021-09-17 | 腾讯科技(深圳)有限公司 | Video file playing processing method and device, electronic equipment and storage medium |
| CN113569226A (en) * | 2021-09-22 | 2021-10-29 | 深圳市金蚁云数字科技有限公司 | Parking space management system and method based on block chain |
| CN113572791A (en) * | 2021-09-23 | 2021-10-29 | 杭州海康威视数字技术股份有限公司 | Video Internet of things big data encryption service method, system and device |
| US20220021711A1 (en) * | 2020-07-20 | 2022-01-20 | Cgi Federal | Security Platform and Method for Efficient Access and Discovery |
-
2022
- 2022-02-11 CN CN202210131401.5A patent/CN114900324A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182418A (en) * | 2013-05-27 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Method and device for obtaining node metadata |
| CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
| CN109086378A (en) * | 2018-07-24 | 2018-12-25 | 中国科学院计算机网络信息中心 | The quickly generating of Data for Global unique identification is registered and analysis system and method |
| US20220021711A1 (en) * | 2020-07-20 | 2022-01-20 | Cgi Federal | Security Platform and Method for Efficient Access and Discovery |
| CN112073467A (en) * | 2020-08-11 | 2020-12-11 | 东软集团股份有限公司 | Block chain-based data transmission method and device, storage medium and electronic equipment |
| CN113411638A (en) * | 2020-12-24 | 2021-09-17 | 腾讯科技(深圳)有限公司 | Video file playing processing method and device, electronic equipment and storage medium |
| CN113569226A (en) * | 2021-09-22 | 2021-10-29 | 深圳市金蚁云数字科技有限公司 | Parking space management system and method based on block chain |
| CN113572791A (en) * | 2021-09-23 | 2021-10-29 | 杭州海康威视数字技术股份有限公司 | Video Internet of things big data encryption service method, system and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210344669A1 (en) | Secure authorization systems and methods | |
| Ammar et al. | Internet of Things: A survey on the security of IoT frameworks | |
| RU2637878C2 (en) | Authentication of processes and resource permission | |
| JP5314016B2 (en) | Information processing apparatus, encryption key management method, computer program, and integrated circuit | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| WO2014207554A2 (en) | Method and apparatus for providing database access authorization | |
| US8977857B1 (en) | System and method for granting access to protected information on a remote server | |
| CN111262889A (en) | Authority authentication method, device, equipment and medium for cloud service | |
| CN116490868A (en) | System and method for secure and fast machine learning reasoning in trusted execution environments | |
| CN111651794A (en) | Alliance chain-based electronic data management method and device and storage medium | |
| CN111460400A (en) | Data processing method and device and computer readable storage medium | |
| CN111475823A (en) | Data sharing method, equipment, server and readable storage medium | |
| CN112926082A (en) | Information processing method and device based on block chain | |
| Abraham et al. | SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance. | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| Hanaoui et al. | Security requirements and model for mobile agent authentication | |
| CN114900324A (en) | Data interaction method based on ODIN and related equipment | |
| Du et al. | Blockchain-based access control architecture for multi-domain environments | |
| Seyler et al. | SEMAFORE: Secure Mobile Field Diagnostics for Cyber-Physical Systems | |
| Adlam et al. | Applying Blockchain Technology to Security-Related Aspects of Electronic Healthcare Record Infrastructure | |
| TWI673621B (en) | Information registration, authentication method and device | |
| He | Data Security of Internet of Things Under Cloud Environment | |
| CN117579331A (en) | Remote proving method, device, electronic equipment and storage medium | |
| Li et al. | Blockchain-Based Searchable Encryption Access Control Mechanism for the Internet of Things | |
| CN117176367A (en) | Application sharing method based on block chain, file sharing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |