CN115221238A - Data sharing method and device based on service and storage medium - Google Patents

Data sharing method and device based on service and storage medium Download PDF

Info

Publication number
CN115221238A
CN115221238A CN202110426413.6A CN202110426413A CN115221238A CN 115221238 A CN115221238 A CN 115221238A CN 202110426413 A CN202110426413 A CN 202110426413A CN 115221238 A CN115221238 A CN 115221238A
Authority
CN
China
Prior art keywords
block chain
service
data
directory
source data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110426413.6A
Other languages
Chinese (zh)
Inventor
程叶霞
何申
付俊
郭智慧
刘海霞
苏海洋
胡古宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110426413.6A priority Critical patent/CN115221238A/en
Publication of CN115221238A publication Critical patent/CN115221238A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a data sharing method and device based on service and a storage medium. The method comprises the following steps: receiving a service request sent by a request terminal; reading a target service block chain corresponding to the service request and stored in the service block chain set based on the service request; determining catalog information of cross-department source data to be accessed by a service request based on a target service block chain; obtaining an access address of the source data based on the directory information; accessing the source data based on the access address and responding to the service request; the mapping relation between the directory information and the access address of the source data of each department is constructed based on the data transmission room and stored in the directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain. Because the directory block chain and the service block chain set do not relate to source data, centralized sharing of the data is not needed, and the security protection difficulty, the exposure surface and the risk of data leakage are effectively reduced.

Description

Data sharing method and device based on service and storage medium
Technical Field
The present application relates to the field of network technologies, and in particular, to a method and an apparatus for data sharing based on services, and a storage medium.
Background
With the rapid development of computer network technology and communication technology, the application of big data is very popular. Particularly, for large data applications across industries and fields, such as public services, government affair data disclosure, government affair data governance and the like, openness is needed, and an absolute central mechanism is difficult to find. Moreover, in the process of large data application, there are leakage risks and tampering risks in data exchange, and risks of violating relevant laws and regulations, especially for transnational data flow, which may violate the regulations of other countries on data security.
In the related art, data is often subjected to centralized data sharing and application, where data may be subjected to transmission application based on encryption processing, or subjected to transmission application after data is desensitized. However, when data is subjected to centralized data sharing, the data needs to be transmitted to a sharing node for sharing, network security protection difficulty and an exposed surface are increased in the data migration process, and in addition, even if an encryption or desensitization mode is adopted in the transmission process, the whole amount of data still exists in the data sharing node finally, and the risk of data leakage is increased.
Disclosure of Invention
In view of this, embodiments of the present application provide a method, an apparatus, and a storage medium for data sharing based on business, which aim to reduce the security protection difficulty of data, the exposure and the risk of data leakage.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides a data sharing method based on service, which comprises the following steps:
receiving a service request sent by a request terminal;
reading a target service block chain corresponding to the service request and stored in a service block chain set based on the service request;
determining the catalogue information of cross-department source data to be accessed by the service request based on the target service block chain;
acquiring an access address of the source data based on the directory information;
accessing the source data based on the access address and responding to the service request;
the mapping relation between the directory information and the access addresses of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain.
In the foregoing solution, before determining the directory information of the source data to be accessed by the service request based on the target service block chain, the method further includes:
and determining that the request terminal has the access right of the target service block chain based on the service intelligent contract of the service request.
In the foregoing solution, the obtaining an access address of the source data based on the directory information includes:
and determining the access address of the source data based on the directory information and the mapping relation stored in the directory block chain.
In the foregoing solution, before determining the access address of the source data based on the directory information and the mapping relationship stored in the directory block chain, the method further includes:
the data conveyance room determines catalog information for the source data based on metadata for the source data;
the data transfer room generates the mapping relation based on the directory information and the access address of the source data, and issues the directory information and the mapping relation to the directory block chain.
In the foregoing solution, before accessing the source data based on the access address, the method further includes:
and determining that the request terminal has the access right of the directory information of the source data in the directory block chain based on the intelligent contract of the directory block chain.
In the foregoing solution, the method further includes:
and recording the access record of the directory information of the source data accessed by the request terminal in the directory block chain.
In the above scheme, the method further comprises:
and recording a processing record responding to the processing result of the service request in the target service block chain.
An embodiment of the present application further provides a data sharing apparatus based on a service, where the data sharing apparatus includes:
the receiving module is used for receiving a service request sent by a request terminal;
a reading module, configured to read, based on the service request, a target service block chain corresponding to the service request stored in a service block chain set;
the determining module is used for determining the catalogue information of the cross-department source data to be accessed by the service request based on the target service block chain;
the acquisition module is used for acquiring the access address of the source data based on the directory information;
the access and processing module is used for accessing the source data based on the access address and responding to the service request;
the mapping relation between the directory information and the access addresses of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain.
An embodiment of the present application further provides a data interaction platform, including: a processor and a memory for storing a computer program capable of running on the processor, wherein the processor, when running the computer program, is configured to perform the steps of the method according to the embodiments of the present application.
The embodiment of the present application further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the method in the embodiment of the present application are implemented.
According to the technical scheme provided by the embodiment of the application, the mapping relation between the directory information and the access address of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, each service block chain in a service block chain set is generated based on the directory information combination of at least two departments in the directory block chain, a target service block chain corresponding to a service request stored in the service block chain set can be read for the service request sent by a request terminal, and the directory information of the source data to be accessed by the service request is determined based on the target service block chain; obtaining an access address of the source data based on the directory information; and accessing the source data based on the access address and responding to the service request. Therefore, the method can respond to source data of different industries and/or different departments based on the service request, and as the directory block chain and the service block chain set do not relate to specific source data, centralized sharing of the data is not needed, so that the safety protection difficulty, the exposure surface and the risk of data leakage are effectively reduced, and the privacy of data of all parties is ensured; the method enhances the safety and credibility of cross-industry and cross-department data exchange and business cooperation, ensures the non-falsification, controllability and safety of data of each party, ensures the transparency and traceability of a business process, and is beneficial to promoting the safe application of big data.
Drawings
FIG. 1 is a schematic structural diagram of a data interaction platform according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data sharing method based on services according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a directory block chain according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a service-based data sharing apparatus according to an embodiment of the present application;
fig. 5 is another schematic structural diagram of the data interaction platform according to the embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
The embodiment of the application provides a data sharing method based on a service, which can be applied to a data interaction platform, and before introducing the method, the data interaction platform related to the embodiment of the application is simply introduced as follows:
as shown in fig. 1, the data interaction platform may include: a database 101, a blockchain network 103, and a management server 105.
The database 101 may store raw data (also referred to as source data) for various departments (also referred to as domains) of various industries. For example, to avoid data leakage and enhance data security, raw data of various departments in various industries may be stored in an internal local area network (i.e., intranet), i.e., source data is not visible to the intranet. For example, database 101 may include: based on industry and/or department partitioned DBs (databases), source data between DBs cannot be directly associated and accessed.
The blockchain network 103 is used to store the full directory index (i.e., the collection of directory information) for each domain of each industry. The blockchain network 103 is a decentralized, shared data storage network based on a distributed network, and may include a plurality of blockchain nodes for storing shared data based on a consensus mechanism. Illustratively, the data stored by blockchain network 103 includes two parts, the first part being a catalog blockchain 1031 generated based on the catalog index for the industry and department; the second part is a service block chain set 1032 corresponding to service block chains of different services, which is formed by arranging and combining different directory indexes according to service needs.
The management server 105 is configured to construct an intelligent contract set of each service based on the service block chain of the different services. For example, an intelligent contract set includes: service 1 intelligent contracts, service 2 intelligent contracts, … … service m intelligent contracts, … … service n intelligent contracts. Wherein m is a natural number greater than 2, and n is a natural number greater than m. It will be appreciated that each service intelligence contract corresponds to a respective service blockchain, and the service intelligence contract may be a set of digitally defined commitments (commitments) for agreement of a contract participant to perform a commitment on a service blockchain.
For example, a catalog index (i.e., a collection of catalog information) for each DB may be constructed based on a data transfer room, and the data transfer room links the catalog index for each department of each industry to the catalog blockchain 1031, and the raw data for different departments of different industries corresponds to the constructed catalog index for the department of the industry, for example, the raw data for the 1 st department DB of industry corresponds to the 1 st department catalog index of industry. Then, different directory indexes are arranged and combined according to service needs to form service block chains of corresponding different services. Based on the above, an intelligent contract set of each service is constructed. Thus, based on the data interaction platform, the corresponding big data application business service based on the block chain and the data transmission room can be executed. The big data application service here may include, but is not limited to, government affairs inquiry, civil data inquiry, directional recommendation, personal data linkage inquiry, associated application, etc. according to application types. According to the business field, the services can include but are not limited to government affairs services, public services, medical services, tax services, transportation services, poverty relief recruiters and the like. The division of the industry and the department can be performed based on a classification rule related to the big data, which is not specifically limited in the embodiment of the present application.
As shown in fig. 2, a method for sharing data based on a service in an embodiment of the present application includes:
step 201, receiving a service request sent by a request terminal;
here, the requesting terminal may be a client corresponding to the requesting user, where the client includes, but is not limited to, a mobile phone, a notebook, a tablet computer, a desktop computer, and the like. The requesting terminal may send a service request to the management server 105, where the service request may include a service identifier for identifying a service type, and may also include a service operation parameter corresponding to a corresponding service type, for example, the service operation parameter may be a parameter related to service query or a parameter related to service management, and a person skilled in the art may perform reasonable design according to a service requirement, which is not limited herein.
Step 202, reading a target service block chain corresponding to the service request stored in a service block chain set based on the service request;
for example, before reading a target service block chain corresponding to a service request stored in a service block chain set based on the service request, a service intelligence contract of the service request may also be determined based on the service request.
Illustratively, the management server 105 may read a service intelligence contract for a service request based on a service identification in the service request. In practical application, the management server 105 further stores a corresponding relationship between the service intelligent contract and the service identifier, and the service intelligent contract of the service request can be determined based on the corresponding relationship and the service identifier carried by the service request.
Illustratively, each service intelligence contract corresponds to a corresponding service blockchain, and the management server 105 may read the corresponding service blockchain (i.e., the target service blockchain) based on the service intelligence contract.
Step 203, determining the catalog information of the cross-department source data to be accessed by the service request based on the target service block chain;
illustratively, the target service block chain stores directory information of source data of different departments corresponding to the service request. The specific directory information may be preset based on a business intelligence contract. For example, the business 1 blockchain is generated based on the combination of the business 1 department 1 directory index, the business 1 department 2 directory index and the business 2 department n directory index, that is, the business request corresponding to the business type needs to use the original data of the business 1 department 1, the business 1 department 2 and the business 2 department n.
Step 204, obtaining an access address of the source data based on the directory information;
here, the mapping relationship between the directory information and the access address of the source data of each department is constructed based on the data transfer room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain. Here, the at least two departments may be departments of the same industry, or may include at least one department of a different industry, that is, the source data corresponding to the service request may be source data of cross-departments within the same industry, or may be source data of cross-departments.
Illustratively, the obtaining the access address of the source data based on the directory information includes:
and determining the access address of the source data based on the directory information and the mapping relation stored in the directory block chain.
It can be understood that the mapping relationship between the directory information of the source data stored in the directory block chain and the access address may be determined based on the directory block chain and the directory information of the source data to be accessed by the service request.
Step 205, accessing the source data based on the access address, and responding to the service request;
illustratively, the management server 105 may access the source data based on the access address and respond to the service request. For example, if the service request is a query request, returning a query result to the data request end; and if the service request is a processing request, performing service management, change, deletion, addition and other processing based on corresponding source data, and feeding back a processing result to the data request end.
The data sharing method based on the business can respond to source data of different industries and/or different departments based on the business request, and as the directory block chain and the business block chain set do not relate to specific source data, centralized sharing of the data is not needed, so that the safety protection difficulty, the exposure surface and the risk of data leakage are effectively reduced, and the privacy of data of all parties is ensured; the safety and credibility of cross-industry and cross-field multi-department data exchange and business collaboration are enhanced, the data of each party is guaranteed to be non-falsifiable, controllable and safe, meanwhile, the transparency and traceability of the business process are guaranteed, and the promotion of the safe application of the big data is facilitated.
In some embodiments, before determining the directory information of the source data to be accessed by the service request based on the target service block chain, the method may further include:
and determining that the request terminal has the access right of the target service block chain based on the service intelligent contract of the service request.
For example, before performing step 203, the access right of the requesting terminal may be authenticated based on the service intelligence contract, and if the authentication is passed, the service request is indicated as being authentic, and the subsequent steps 203 to 206 are continued. If the authentication is not passed, the service request is not credible, and the subsequent operation of the service request is terminated. Therefore, the security of the service request of the big data can be enhanced, and the service access and/or service management of an unauthorized user can be avoided.
For example, the authentication of the access right of the requesting terminal based on the service intelligent contract may be verification of the identity of the requesting terminal based on the service intelligent contract, for example, the management server 105 sends relevant information such as the login identity of the requesting terminal to the service intelligent contract for access right authentication, if the authentication is passed, the subsequent steps 203 to 206 are continuously performed, and if the authentication is not passed, the access of the service request is terminated. The service block chain can also record the access authority authentication result, so that subsequent tracing management is facilitated.
In some embodiments, before determining the access address of the source data based on the directory information and the mapping relationship stored in the directory block chain, the method further includes:
a data conveyance room determines catalog information for the source data based on metadata for the source data;
the data transfer room generates the mapping relation based on the directory information and the access address of the source data, and issues the directory information and the mapping relation to the directory block chain.
For example, the data transfer room may collect metadata of source data in the DB of each department of the industry, for example, an access address of the source data, and translate the source data into simplified directory information based on the access address. Namely, the directory information of the source data is obtained by translation and simplification based on the access address of the source data. It should be noted that the metadata may also be other data used for describing the source data, for example, a file name used for uniquely identifying the source data, and the like, that is, the directory information of the source data may also be obtained by translating and simplifying based on the file name of the source data. Here, the directory information is used to simplify metadata of the source data and implicitly express the source data, thereby reducing the data amount of the directory block chain and satisfying the confidentiality requirement of the source data.
In some embodiments, before accessing the source data based on the access address, the method further comprises:
and determining that the request terminal has the access right of the directory information of the source data in the directory block chain based on the intelligent contract of the directory block chain.
For example, the data delivery room may further authenticate an access right of a requesting terminal before accessing source data of an intranet based on an access address, map directory information to the access address after determining that the requesting terminal has the access right of the directory information of the source data in the directory block chain, and access the source data based on the access address.
In some embodiments, the data sharing method further comprises:
and recording an access record of the directory information of the source data accessed by the request terminal in the directory block chain.
For example, the data transfer room may record an access record of directory information for requesting a terminal to access source data on the directory block chain based on an intelligent contract of the directory block chain, thereby facilitating subsequent tracing of access to the source data of departments of various industries based on the directory block chain.
In some embodiments, the data sharing method further comprises:
and recording a processing record responding to the processing result of the service request in the target service block chain.
Illustratively, the management server 105 can record a processing record of a processing result of a response service request on a target service block chain based on a service intelligent contract, so that the safety and credibility of cross-industry and cross-domain multi-department data exchange and service collaboration are enhanced, the non-falsification, controllability and safety of data of each party are ensured, meanwhile, the transparency and traceability of a service process can be ensured, and the promotion of large data security application is facilitated.
In an application example, catalog indices (i.e., collections of catalog information) for each DB may be built based on a data relay room, and the data relay room links the catalog indices for each department of the industry to the catalog blockchain 1031. The data communication room may enable secure data interaction between the database 101 and the blockchain network 103. Illustratively, the data communication room may include: the system comprises an access control module and a data ferry center module.
And the access control module is used for performing identity authentication and access control on a user accessing the source data of the intranet. And judging whether the identity authentication is carried out, namely whether the user name and the password are matched or not, simultaneously verifying whether the input verification code is matched with the verification code randomly generated at the moment, and if the verification code is matched with the verification code, judging the identity authentication as a legal user, otherwise, judging the identity authentication as an illegal user. For access control, the access control module performs internal and external network conversion, and converts the access control on the source data of the internal network into the access control on the directory information presented by the service system in the data ferry center. The specific implementation process is as follows: and displaying the real service system name of the internal network to a user as a directory entry in directory information, wherein the content only builds a presented page in a text form and does not have an instruction operation function. If the access control judges that the operation authority exists, displaying the address information of the original data through a directory mapping relation; if the access control is determined to have no operation authority, the address information of the original data is not displayed. And judging whether the user is allowed to carry out the data ferry center module or not and which authorized part in the data ferry center module is entered according to the result of the access control. The access control judging process comprises the following steps: calling out the access control matrix of the user who passes the identity authentication, comparing authority values one by one, and if the authority values pass the item comparison, having the authority to access; if the authority value is compared with the failed item, no authority is given to access. The specific implementation is realized through an intelligent contract of the block chain.
The data ferry center module has multiple functions. One is to collect, submit and present the intranet and extranet data, and is the display function for the user to operate. The data acquisition is that the intranet provides the directory information of the intranet for acquisition. The submission of the data means that the user clicks or fills in the directory chain system to access the directory information and submits the directory information through a submission button. The presentation means that the directory information of the original data of the business system is displayed. And secondly, the function of carrying the data isolation and exchange of the internal network and the external network is carried out, a control unit is arranged between the external network and the internal network in an operation mode similar to a single-pole double-throw switch to realize data ferry, and an encryption and decryption unit and a digital signature unit of data are added in the control unit of the internal network to carry out confidentiality and anti-denial protection on the data of the external network. The encryption process is realized by carrying out encryption operation on input data through a traditional encryption algorithm to obtain a ciphertext and then transmitting the ciphertext. The decryption process is realized by carrying out decryption operation on the received data through a secret key so as to obtain an original plaintext. The digital signature process is realized by operating data through a private key to obtain signed information. The digital signature verification is realized by adopting a public key to calculate received information to obtain original information, thereby verifying the source of the information and preventing the information from being repudiated. Thirdly, mapping and conversion of intranet data, security audit, key and signature management, user data access control, user authentication and certification, intranet service system interface management and the like are realized. The mapping and conversion are carried out by carrying out directory mapping on the acquired directory information and the address information of the original data and then mapping the directory information and the address information of the original data. The safety audit is to log each operation and obtain the audit result through subsequent analysis. Key and signature management is a common application of modern cryptography. Access control, user authentication and authentication are achieved by a username, password, authentication code, and access control permission matrix. The interface management is realized by the universal system interface management.
The data ferry center module is formed by directory information and mapping relations in a directory block chain and various intelligent contracts during specific implementation. Firstly, the above information items are obtained. And secondly, mapping relation conversion is carried out on the directory information, so that an access address of the original data is obtained, and the access to the directory in the data ferry center is converted into the access of an intranet system.
Illustratively, as shown in fig. 3, the intranet 1 corresponds to the data transmission room 1, the intranet 2 corresponds to the data transmission room 2, … …, and the intranet n corresponds to the data transmission room n, that is, the DBs of the source data of each department are arranged in one-to-one correspondence with the data transmission rooms, so that the source data between the DBs cannot be directly associated and accessed, which is beneficial to enhancing the security of the source data. The n data conveyance rooms may constitute a directory blockchain as nodes on the directory blockchain.
It can be understood that the data sharing method based on the service in the embodiment of the present application can implement secure computation and big data application under the condition that the source data is not copyable. And based on the combination of the service block chain and the directory block chain, the safety and credibility of cross-industry and cross-field multi-department data exchange and service collaboration can be enhanced, and the data of each party can be guaranteed to be untrustable, controllable and safe. Based on the data record of the block chain, the transparency and traceability of the business process and the privacy of data of all parties can be ensured. Therefore, the method can promote the safety application of cross-industry and cross-field big data, and has wide popularization and application prospects.
In order to implement the data sharing method according to the embodiment of the present application, an embodiment of the present application further provides a data sharing device based on a service, where the data sharing device based on a service corresponds to the data sharing method based on a service, and each step in the data sharing method based on a service is also completely applicable to the data sharing device based on a service.
As shown in fig. 4, the data sharing apparatus includes: a receiving module 401, a reading module 402, a determining module 403, an obtaining module 404, and an accessing and processing module 405; the receiving module 401 is configured to receive a service request sent by a request terminal; the reading module 402 is configured to read, based on the service request, a target service block chain corresponding to the service request stored in a service block chain set; the determining module 403 is configured to determine, based on the target service blockchain, directory information of cross-department source data to be accessed by the service request; the obtaining module 404 is configured to obtain an access address of the source data based on the directory information; the access and processing module 405 is configured to access the source data based on the access address and respond to the service request; the mapping relation between the directory information and the access addresses of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain.
In some embodiments, the data sharing apparatus further comprises:
the authentication module 406 is used for authenticating the access authority of the request terminal based on the service intelligent contract of the service request;
accordingly, the reading module 402 is specifically configured to: and after the request terminal is determined to have the access right of the target service block chain, reading the target service block chain corresponding to the service request, which is stored in a service block chain set, based on the service intelligent contract.
In some embodiments, the obtaining module 404 is specifically configured to:
and determining the access address of the source data based on the directory information and the mapping relation stored in the directory block chain.
In some embodiments, the data sharing apparatus further comprises: a directory information constructing module 407, configured to determine directory information of the source data based on the metadata of the source data; and generating the mapping relation based on the directory information and the access address of the source data, and issuing the directory information and the mapping relation to the directory block chain. It will be appreciated that the catalog information construction module 407 corresponds to the data communication room described previously.
In some embodiments, the authentication module 406 is further configured to: authenticating the access authority of the request terminal based on the intelligent contract of the directory block chain;
accordingly, the obtaining module 404 is specifically configured to: and after determining that the request terminal has the access right of the directory information of the source data in the directory block chain, accessing the source data based on the access address.
In some embodiments, the access and processing module 405 is further configured to: and recording the access record of the directory information of the source data accessed by the request terminal in the directory block chain.
In some embodiments, the access and processing module 405 is further configured to: and recording a processing record responding to the processing result of the service request in the target service block chain.
In practical applications, the receiving module 401, the reading module 402, the determining module 403, the obtaining module 404, the accessing and processing module 405, the authenticating module 406, and the directory information constructing module 407 may be implemented by a processor in the service-based data sharing apparatus. Of course, the processor needs to run a computer program in memory to implement its functions.
It should be noted that: in the data sharing device based on the service provided in the above embodiment, when the data sharing based on the service is performed, only the division of the above program modules is taken as an example, and in practical applications, the processing distribution may be completed by different program modules according to needs, that is, the internal structure of the device may be divided into different program modules to complete all or part of the processing described above. In addition, the service-based data sharing apparatus provided in the foregoing embodiments and the service-based data sharing method embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
Based on the hardware implementation of the program module, in order to implement the method of the embodiment of the present application, the embodiment of the present application further provides a data interaction platform. The data sharing platform may be implemented with reference to the topology shown in fig. 1.
Illustratively, as shown in fig. 5, the data interaction platform 500 provided in the embodiment of the present application includes: a processor 501, a memory 502, a user interface 503, and a network interface 504. The various components in the data interaction platform 500 are coupled together by a bus system 505. It will be appreciated that the bus system 505 is used to enable communications among the components of the connection. The bus system 505 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 505 in FIG. 5. The number of the processors 501 is plural, and the processors 501 may be communicatively connected via a network interface 504, thereby forming the network topology shown in fig. 1.
The user interface 503 may include a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, a touch screen, or the like, among others.
The memory 502 in the embodiments of the present application is used to store various types of data to support the operation of the data interaction platform. Examples of such data include: any computer program for operating on a data interaction platform.
The service-based data sharing method disclosed in the embodiment of the present application may be applied to the processor 501, or implemented by the processor 501. The processor 501 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the service-based data sharing method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 501. The Processor 501 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The processor 501 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 502, and the processor 501 reads the information in the memory 502, and completes the steps of the service-based data sharing method provided in the embodiments of the present application in combination with its hardware.
In an exemplary embodiment, the data interaction platform may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable Logic Devices (PLDs), complex Programmable Logic Devices (CPLDs), field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.
It will be appreciated that the memory 502 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a magnetic random access Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), synchronous Static Random Access Memory (SSRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), synchronous Dynamic Random Access Memory (SLDRAM), direct Memory (DRmb Access), and Random Access Memory (DRAM). The memories described in the embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory.
In an exemplary embodiment, the present application further provides a storage medium, that is, a computer storage medium, which may be a computer readable storage medium, for example, a memory 502 storing a computer program, where the computer program is executable by a processor 501 of a data interaction platform to complete the steps described in the method of the present application. The computer readable storage medium may be a ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM, among others.
It should be noted that: "first," "second," and the like are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The technical means described in the embodiments of the present application may be arbitrarily combined without conflict.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for service-based data sharing, the method comprising:
receiving a service request sent by a request terminal;
reading a target service block chain corresponding to the service request and stored in a service block chain set based on the service request;
determining the catalogue information of cross-department source data to be accessed by the service request based on the target service block chain;
acquiring an access address of the source data based on the directory information;
accessing the source data based on the access address and responding to the service request;
the mapping relation between the directory information and the access addresses of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain.
2. The method of claim 1, wherein before determining the directory information of the source data to be accessed by the service request based on the target service block chain, the method further comprises:
and determining that the request terminal has the access right of the target service block chain based on the service intelligent contract of the service request.
3. The method of claim 1, wherein the obtaining the access address of the source data based on the directory information comprises:
and determining the access address of the source data based on the directory information and the mapping relation stored in the directory block chain.
4. The method of claim 3, wherein before determining the access address of the source data based on the directory information and the mapping relationship stored in the directory block chain, the method further comprises:
the data conveyance room determines catalog information for the source data based on metadata for the source data;
the data transmission room generates the mapping relation based on the directory information and the access address of the source data, and issues the directory information and the mapping relation to the directory block chain.
5. The method of claim 1, wherein prior to accessing the source data based on the access address, the method further comprises:
and determining that the request terminal has the access right of the directory information of the source data in the directory block chain based on the intelligent contract of the directory block chain.
6. The method of claim 5, further comprising:
and recording the access record of the directory information of the source data accessed by the request terminal in the directory block chain.
7. The method of claim 1, further comprising:
and recording a processing record responding to the processing result of the service request in the target service block chain.
8. A service-based data sharing apparatus, the data sharing apparatus comprising:
the receiving module is used for receiving a service request sent by a request terminal;
a reading module, configured to read, based on the service request, a target service block chain corresponding to the service request stored in a service block chain set;
the determining module is used for determining the catalogue information of the cross-department source data to be accessed by the service request based on the target service block chain;
the acquisition module is used for acquiring the access address of the source data based on the directory information;
the access and processing module is used for accessing the source data based on the access address and responding to the service request;
the mapping relation between the directory information and the access addresses of the source data of each department is constructed based on a data transmission room and stored in a directory block chain, and each service block chain in the service block chain set is generated based on the combination of the directory information of at least two departments in the directory block chain.
9. A data interaction platform, comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein,
the processor, when executing the computer program, is adapted to perform the steps of the method of any of claims 1 to 7.
10. A storage medium having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of the method of any one of claims 1 to 7.
CN202110426413.6A 2021-04-20 2021-04-20 Data sharing method and device based on service and storage medium Pending CN115221238A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110426413.6A CN115221238A (en) 2021-04-20 2021-04-20 Data sharing method and device based on service and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110426413.6A CN115221238A (en) 2021-04-20 2021-04-20 Data sharing method and device based on service and storage medium

Publications (1)

Publication Number Publication Date
CN115221238A true CN115221238A (en) 2022-10-21

Family

ID=83604398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110426413.6A Pending CN115221238A (en) 2021-04-20 2021-04-20 Data sharing method and device based on service and storage medium

Country Status (1)

Country Link
CN (1) CN115221238A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116050698A (en) * 2023-03-10 2023-05-02 山东铁路投资控股集团有限公司 Method, device and equipment for managing big railway construction data and readable storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116050698A (en) * 2023-03-10 2023-05-02 山东铁路投资控股集团有限公司 Method, device and equipment for managing big railway construction data and readable storage medium

Similar Documents

Publication Publication Date Title
US10790975B2 (en) Attestation management
US11003771B2 (en) Self-help for DID claims
US20210273931A1 (en) Decentralized authentication anchored by decentralized identifiers
US11411959B2 (en) Execution of application in a container within a scope of user-granted permission
EP3938941B1 (en) User choice in data location and policy adherence
US11429743B2 (en) Localization of DID-related claims and data
US20070143475A1 (en) Identification services
US11412002B2 (en) Provision of policy compliant storage for DID data
US11288389B2 (en) Scoped sharing of DID-associated data using a selector
US11587084B2 (en) Decentralized identification anchored by decentralized identifiers
US11394542B2 (en) Deauthorization of private key of decentralized identity
US11916919B2 (en) Resolving decentralized identifiers using multiple resolvers
US11729157B2 (en) Bootstrapping trust in decentralized identifiers
US20220385475A1 (en) Endorsement claim in a verfifiable credential
EP4018614B1 (en) Did delegation/revocation to another did
CN115221238A (en) Data sharing method and device based on service and storage medium
US11240244B2 (en) Presentation interrupt for a DID attestation
US11288358B2 (en) On skin decentralized identity technologies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination