CN115712916A - Data access processing method based on block chain and data interaction system - Google Patents
Data access processing method based on block chain and data interaction system Download PDFInfo
- Publication number
- CN115712916A CN115712916A CN202211312259.0A CN202211312259A CN115712916A CN 115712916 A CN115712916 A CN 115712916A CN 202211312259 A CN202211312259 A CN 202211312259A CN 115712916 A CN115712916 A CN 115712916A
- Authority
- CN
- China
- Prior art keywords
- data access
- node
- account
- information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application discloses a data access processing method, a data access processing system, a data interaction system and a computer readable storage medium based on a block chain, wherein the method comprises the following steps: a first node in the blockchain system responds to a data access request to generate data access information and sends the data access information to a monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node; the monitoring center verifies the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information; and the second node performs data access feedback based on the detail content. According to the scheme, the data access information sent by the block chain nodes can be verified in real time, and the safety of data access between the block chain nodes is improved.
Description
Technical Field
The present application relates to the field of blockchain technology, and in particular, to a method and system for processing data access based on blockchain, a data interaction system, and a computer-readable storage medium.
Background
A federation chain is a form of blockchain, which refers to a blockchain that is commonly managed by several organizations or institutions, each organization or institution controlling one or more nodes that collectively record transaction data. In practical applications, it is often necessary to acquire access data of each node in a federation chain to monitor data access of each node, for example, acquire a transaction amount of a node to charge an account corresponding to the node, limit a flow, and the like.
In the related art, usually, a service person periodically derives access data of each node in a block chain, and performs subsequent monitoring operations such as current limiting and charging on the node by analyzing the derived access data.
However, since the data access of the node is not timed but may be generated at any time based on a transaction request triggered by a merchant, the above scheme may lead to poor real-time performance of monitoring the node by analyzing the access data of the node derived at regular time by a service staff, so that the security of data access of the block chain cannot be well ensured, and the normal operation of the block chain is affected.
Disclosure of Invention
The application provides a data access processing method, a data access processing system, a data interaction system and a computer readable storage medium based on a block chain, which can verify data access information sent by block chain nodes in real time and improve the security of data access between the block chain nodes.
In a first aspect, an embodiment of the present application provides a data access processing method based on a blockchain, which is applied to a data interaction system, where the data interaction system includes a blockchain system and a monitoring center, and the method includes:
a first node in the block chain system responds to a data access request to generate data access information and sends the data access information to the monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node;
the monitoring center verifies the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
and the second node performs data access feedback based on the detail content.
Optionally, the data access information further includes: a request account requesting data access, and first signature data obtained by carrying out private key signature on the detailed content;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires a target private key corresponding to the request account from preset account statistical information, and performs private key signature on the detailed content according to the target private key to obtain second signature data, wherein the account statistical information comprises: private keys corresponding to the registered accounts;
the preset verification conditions comprise: the first signature data is the same as the second signature data.
Optionally, the account statistical information further includes: each registered account allows the node of visit;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the node which requests the account to allow access from the account statistical information;
the preset verification condition further comprises: and the node corresponding to the node information is the node which is allowed to be accessed by the request account.
Optionally, the account statistical information further includes: the maximum access times in unit time corresponding to each registered account;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the maximum access times in unit time corresponding to the request account from the account statistical information, and calculates the current access times in unit time of the request account;
the preset verification condition further comprises: and the current unit time access times corresponding to the request account are less than or equal to the maximum access times corresponding to the request account.
Optionally, the account statistical information further includes: a node IP address corresponding to each registered account;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the node IP address corresponding to the request account from the account statistical information and analyzes the IP address of the node sending the data access information;
the preset verification condition further comprises: and the node IP address obtained from the account number statistical information is the same as the node IP address in the data access information.
Optionally, the verifying the content in the data access information by the monitoring center based on a preset verification condition includes:
when detecting that the request account number meets a preset condition, the monitoring center verifies the content in the data access information based on the preset verification condition, wherein the preset condition comprises: the request account is a registered account.
Optionally, when the monitoring center detects that the request account number meets a preset condition, before verifying the content in the data access information based on a preset verification condition, the method further includes:
the monitoring center inquires the balance in the request account and determines the cost required by the request account for single data access;
the preset conditions further include: the balance in the requesting account is greater than or equal to the required cost.
Optionally, the data access information is transmitted in a form of a hypertext transfer protocol http message, and the node information, the request account, and the first signature data are located in a request header of the http message.
Optionally, the data access request is: a request for a data query on a blockchain or a request to perform a virtual asset transaction.
Optionally, the method further comprises: and the monitoring center counts the data access information of the request account on the basis of the data access feedback result received from the second node.
Optionally, the method further comprises: the monitoring center deducts a preset number of virtual assets in the request account in response to receiving a data access feedback result sent by the second node;
or when the monitoring center reaches a preset time, determining the uncharged and completed target data access corresponding to the request account, and deducting the virtual assets in the request account in a corresponding amount according to the number of times of target data access and the preset cost required by single data access.
Optionally, the method further comprises: and when the balance in the request account is less than the required cost, sending information that the balance of the request account is insufficient to the first node.
In a second aspect, an embodiment of the present application provides a data access processing system based on a block chain, where the system includes:
the system comprises a sending unit, a monitoring center and a processing unit, wherein the sending unit is applied to a first node in a block chain system and used for responding to a data access request to generate data access information and sending the data access information to the monitoring center, and the data access information comprises details of data access and node information requested to be accessed by the first node;
the verification unit is used for verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
and the feedback unit is applied to a second node in the block chain system and is used for performing data access feedback based on the detail content.
Optionally, the data access processing further includes:
the signature unit is applied to a monitoring center, and is used for acquiring a target private key corresponding to the request account from preset account statistical information, and performing private key signature on the detailed content according to the target private key to obtain second signature data, where the account statistical information includes: and a private key corresponding to each registered account.
The verification unit is specifically configured to verify that the first signature data is the same as the second signature data.
Optionally, the data access processing further includes:
and the acquisition unit is used for acquiring the node which requests the account to access from the account statistical information.
The verification unit may be further specifically configured to verify that the node corresponding to the node information is a node that the request account allows access.
Optionally, the obtaining unit may be further configured to obtain, from the account statistical information, a maximum number of accesses per unit time corresponding to the request account, and calculate a current number of accesses per unit time of the request account.
The verification unit may be further specifically configured to verify that the current access count per unit time corresponding to the request account is less than or equal to the maximum access count corresponding to the request account.
Optionally, the obtaining unit may be further configured to obtain an IP address of a node corresponding to the requested account from the account statistical information, and analyze an IP address of a node that sends the data access information.
The verification unit is specifically configured to verify that the node IP address obtained from the account statistical information is the same as the node IP address in the data access information.
Optionally, the verifying unit may be further configured to verify, when it is detected that the request account satisfies a preset condition, content in the data access information based on the preset verification condition, where the preset condition includes: the request account is a registered account.
Optionally, the obtaining unit may be further configured to query a balance in the request account, and determine a cost required by the request account for performing single data access;
the verification unit is specifically configured to verify that the balance in the request account is greater than or equal to the required cost.
Optionally, in the data access processing, the data access information is transmitted in a form of an http message, and the node information, the request account, and the first signature data are located in a request header of the http message.
Optionally, the data access request is: a request for a data query on a blockchain or a request to perform a virtual asset transaction.
Optionally, the data access processing further includes:
and the counting unit is used for counting the data access information of the request account on the basis of the data access feedback result received from the second node.
Optionally, the data access processing further includes:
the fee deducting unit is applied to the monitoring center and used for deducting the virtual assets with the preset number in the request account in response to the received data access feedback result sent by the second node;
or when the preset time is reached, determining the uncharged and completed target data access corresponding to the request account, and deducting the corresponding number of virtual assets in the request account according to the number of times of target data access and the preset cost required by single data access.
Optionally, the data access processing further includes:
and the feedback information sending unit is used for sending the information that the balance of the request account is insufficient to the first node when the balance of the request account is less than the required cost.
In a third aspect, an embodiment of the present application provides a data interaction system, where the system includes: a block chain system and a monitoring center;
the first node in the block chain system is used for responding to a data access request to generate data access information and sending the data access information to the monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node;
the monitoring center is used for verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
a second node in the blockchain system for data access feedback based on the detail content.
Optionally, the first node in the blockchain system includes: a first processor; and
and the first storage is used for storing a first data processing program, and after the first node is powered on and runs the first data processing program through the first processor, the method steps of generating data access information in response to a data access request and sending the data access information to the monitoring center are executed.
Optionally, the monitoring center includes: a second processor; and
and the second memory is used for storing a second data processing program, and after the monitoring center is powered on and runs the second data processing program through the second processor, the monitoring center executes the method steps of verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, sending the data access information to a second node in the block chain system.
Optionally, the second node in the blockchain system comprises: a third processor; and
and the third memory is used for storing a third data processing program, and after the second node is powered on and runs the third data processing program through the third processor, the method steps of performing data access feedback based on the detailed content are executed.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium storing a data processing program, which is executed by a processor to perform the method according to any one of the first aspect.
Compared with the prior art, the method has the following advantages:
according to the data access processing method based on the block chain, a first node in a block chain system responds to a data access request to generate data access information, the data access information comprises details of data access and node information requested to be accessed by the first node, the node requested to be accessed by the first node can be determined through the node information, the first node sends the data access information to a monitoring center, the monitoring center verifies the contents in the data access information sent by the first node based on preset verification conditions after receiving the data access information, if the contents in the data access information meet the preset verification conditions, the monitoring center sends the data access information to a second node in the block chain system, the second node is a node determined according to the node information requested to be accessed by the first node, the second node processes the data access based on the details and feeds back a data access processing result.
Therefore, according to the data access processing method provided by the application, the monitoring center is arranged outside the block chain system, the monitoring center presets verification conditions of the data access information sent by the first node, the data access information sent by the block chain nodes can be verified in real time, the security of data access among the block chain nodes is improved, and the normal operation of the block chain is better guaranteed. Meanwhile, a monitoring center is arranged outside the block chain system, so that the performance requirement on the block chain nodes can be reduced, the process of data access of the block chain nodes can be faster, and the efficiency of data access is improved.
In addition, the monitoring center is arranged outside the blockchain system to verify data access, so that the verification of the data access is independent of the blockchain system, additional codes do not need to be added to blockchain link points due to verification, the usability and universality of blockchain codes are improved, the application difficulty of blockchain technology is reduced, members participating in the blockchain system can be increased, and the decentralized degree of the blockchain is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1: an application scene schematic diagram of the data access processing method based on the block chain provided by the embodiment of the application is provided;
FIG. 2: the application provides a data interaction schematic diagram of a data access processing method based on a block chain;
FIG. 3: a flowchart of an example of a data access processing method based on a block chain provided in an embodiment of the present application;
FIG. 4 is a schematic view of: a flowchart of another example of the data access processing method based on the block chain provided in the embodiment of the present application;
FIG. 5: the http message structure diagram provided by the embodiment of the application;
FIG. 6: an example of a structure schematic block diagram of a data interaction system provided by the embodiment of the application;
FIG. 7: an example of a block chain-based data access processing system provided in the embodiments of the present application is a block diagram;
FIG. 8: another example of the data access processing system based on the block chain provided in the embodiment of the present application is a block diagram;
FIG. 9: another example of the data interaction system provided by the embodiment of the application is a schematic structural diagram;
FIG. 10: another example of the data interaction system provided in the embodiment of the present application is a schematic structural diagram.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
It should be noted that the terms "first," "second," "third," and the like in the claims, the description, and the drawings of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. The data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in other sequences than described or illustrated herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The block chains can be classified into public chains, alliance chains and private chains. The public chain refers to a blockchain which can be used by anyone for participating in maintenance and reading of blockchain data, can be used by anyone for sending transactions, and is completely open and transparent.
A federation chain is a chain of regulatory blocks commonly engaged by a plurality of organizations or organizations of mutually known identity, such as supply chain management between multiple enterprises, data sharing between government departments, payment settlement between multiple banks, and the like. The rights that the federation chain opens to each node of an organization or organization within the network are different, for example, the read rights of the federation chain database may be public or may be limited to the participants of the system like the write rights, and therefore, the access rights of each node need to be verified in the federation chain network.
A private chain may be understood as having only one member of a federation chain, such as a government agency's internal management system or the like.
In practical applications, it is often necessary to acquire access data of each node in a federation chain to monitor data access of each node, for example, to acquire a transaction amount of a node to charge an account corresponding to the node, to limit a current, and the like.
In the related art, usually, a service person periodically derives access data of each node in a block chain, and performs subsequent monitoring operations such as current limiting and charging on the node by analyzing the derived access data.
However, since the data access by the node is not timed but may be generated at any time based on a transaction request triggered by a merchant, the above scheme may result in poor real-time performance of monitoring the node by analyzing the access data of the node derived at regular time by service personnel, so that the security of data access of the block chain cannot be well ensured, and the normal operation of the block chain is affected.
In the related technology, the verification program for data access may also be deployed on the blockchain node in a manner of modifying the blockchain node code, that is, the verification program is embedded inside the blockchain system code to monitor the data access of each node in the blockchain, but this manner may cause the blockchain code to be doped with too many personalized service codes, which affects the usability and universality of the blockchain code, increases the application difficulty of the blockchain technology, and at the same time, adding too many centralized service codes may not only cause the blockchain to lose the decentralized characteristic, but also may affect the block output performance of the blockchain.
Based on the above problems, in order to verify data access information sent by blockchain nodes in real time and improve the security of data access between blockchain nodes, the application provides a data access processing method based on blockchain, and the method is applied to a data interaction system.
For ease of understanding, a description of an application scenario of the data access processing method based on the block chain provided in the present application is given below with reference to fig. 1. In the application scenario shown in fig. 1, the method includes: a first node 110, a monitoring center 120, and a second node 130. The first node 110 and the second node 130 are nodes in the blockchain system, respectively.
In this embodiment, the first node 110 may be, but is not limited to, an electronic device with a display function, such as a desktop computer, a notebook computer, a mobile phone, a smart watch, and a tablet computer. The first node 110 may be one or more electronic devices, and the number of the first nodes is not limited in this embodiment of the application, and in this embodiment, the first node 110 is only taken as one electronic device for example. The first node 110 may directly send the data access information to the second node 130 in the blockchain system for processing, or send the data access information to the monitoring center 120, and after the monitoring center 120 verifies the data access information sent by the first node, the data access information sent by the first node 110 is forwarded to the second node 130 in the blockchain system for processing.
In this embodiment, the monitoring center 120 may be, but is not limited to, an electronic device such as a server and a computer outside the blockchain system, and may include one or more electronic devices, which is not limited specifically. The monitoring center 120 may be a service system that monitors data access information transmitted by the first node 110.
As shown in FIG. 6, a JSON-RPC-HTTP gateway module can be arranged in the monitoring center and used for receiving the data access request transmitted by the first node. The system is provided with a pre-filter and a post-filter, wherein the pre-filter is used for carrying out personalized verification on the data access information, and the post-filter is used for carrying out statistics on the data access information. For example, the pre-filter 1 performs flow control on the first node, and the pre-filter 2 performs authority verification on the first node, and the like, which is not limited in detail again. And the JSONRPC transaction routing module is used for forwarding the data access information to the second node.
In this embodiment, the block chain system may include a plurality of nodes, and the plurality of nodes may be configured with the same block chain, and the block chain may be a public chain, a federation chain, or a private chain, which is not specifically limited herein. In the federation chain, the plurality of nodes may be a plurality of nodes of the same enterprise, or a plurality of nodes of different enterprises, and the embodiment of the present application is not particularly limited.
The first node 110, the monitoring center 120, and the second node 130 may be directly or indirectly connected through wired or wireless communication, which is not limited in the embodiment of the present application.
It should be understood that: the above application scenarios are only examples and are not limitations of the present application, and in addition, specific references in the embodiments of the present application are referred to in the following embodiments.
First embodiment
The technical solution of the present application will be described in detail by specific examples. It should be noted that the following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 2 is a schematic diagram of data interaction of an example of a data access processing method based on a block chain according to an embodiment of the present application, fig. 3 is a flowchart of an example of a data access processing method based on a block chain according to an embodiment of the present application, and fig. 4 is a flowchart of another example of a data access processing method based on a block chain according to an embodiment of the present application. A first embodiment of the present application will be described below with reference to fig. 2, 3, and 4.
As shown in fig. 3, the method may include the following steps S310 to S330.
Step S310: and the first node in the block chain system responds to the data access request to generate data access information and sends the data access information to the monitoring center.
The data access information comprises details of data access and node information requested to be accessed by the first node.
As shown in fig. 2, step S310 corresponds to step S201 and step S202 in fig. 2, and is configured to generate data access information by the first node, and send the data access information to the monitoring center for verification.
The first node may be any node having a data access request in the blockchain system, and may be a common user node, a merchant node, or a node of a government entity, which is not limited specifically. In this embodiment, the first node is taken as an example to be a merchant node, where the merchant node is a node where a merchant participates in an alliance chain, and the merchant may be understood as an enterprise applying the alliance chain system, a merchant providing services or selling products, and the like, for example, the merchant may be a game facilitator joining a game block chain, an enterprise in an enterprise supply chain, an express service provider of an express logistics block chain, and the like, and is not limited specifically.
The node information may be an address of a node to which the first node requests access, or may be other information for identifying the node.
In a specific embodiment, the data access request may be, but is not limited to, a request for data query on a block chain, a request for performing a virtual asset transaction, a request for uploading data, and the like.
The details of the data access may include information such as access time, data access mode (e.g. inquiry access or transaction access), transaction amount, transaction type (transfer, recharge), and other information indicating the details of the data access.
The monitoring center may be understood as a blockchain agent service system that provides a verification service for a blockchain system, and is used to monitor data access in the blockchain system, for example, right verification, flow control or other personalized verification may be performed on data access information, and statistics of the data access information may also be performed according to data access feedback information sent by the second node 130, for example, statistics of time consumed by data access, statistics of costs required for data access, and the like, which is not specifically limited in this embodiment.
As shown in fig. 6, a Software Development Kit (SDK) capable of invoking a block chain is installed in the first node, and it can be understood that an SDK client capable of invoking the block chain is installed in the first node, such as a WEB3J-SDK client in an ethernet platform. The SDK client provides a core interface for assembling access data, signing the access data and sending the access data for a user, any user can assemble and sign the access data on the first node through the SDK client, and then the access data is sent to the blockchain system or the proxy service system of the blockchain system.
Taking the supply chain between enterprises as an example, enterprise B is a product supplier of enterprise a, both enterprise a and enterprise B can be regarded as merchants, and enterprise a and enterprise B perform transactions through the blockchain system. The computing device corresponding to enterprise a participating in the supply chain may be the first node. For example, enterprise a purchases a product from enterprise B, which may initiate a transaction request to enterprise B via an SDK client running on a first node.
In a specific embodiment, the data access information may be transmitted in the form of a hypertext transfer protocol http message. The hypertext transfer protocol (http) is a simple request-response application layer protocol based on a TCP/IP communication protocol, and can enable data access information to be transmitted between the first node and the monitoring center in an agreed format. The http message includes a request header and a request body, as shown in fig. 5, the node information is located in the request header of the http message, and details of data access, that is, the trade in fig. 5, are located in the request body of the http message. The node information is put into a request header of the http message, and the details of the data access are put into a request body of the http message for transmission, so that the interface format of the original calling block chain of the first node is not changed, that is, the change cost of the native WEB3J-SDK is low.
In a specific embodiment, the data access information can be transmitted by an http protocol and can also be realized by combining the http protocol and a JSON-RPC (JavaScript Object Notation-Remote Procedure Call) protocol, the JSON-RPC protocol is a cross-language Remote Call protocol based on JSON, the JSON is a lightweight data exchange format, and a completely independent and language-changed text format is adopted to store and represent data, so that the data is easy to read and write by a human, and is easy to analyze and generate by a machine, and the network transmission efficiency can be effectively improved.
The JSON-RPC protocol allows the data access request data in the embodiment to satisfy the JSON format in the http protocol message transmission environment.
For example, as shown in fig. 5, when the JSON-RPC protocol is adopted, the data format in the request body of the http message is as follows:
{"jsonrpc":"2.0",
"method":"eth_call",
"params":["trade"],
"id":1}
wherein, jsonrpc:2.0, the JSON-RPC protocol version is designated to be 2.0;
a method: when the first node accesses data, a character string of a name of a method to be called, for example, "eth _ call" is a query interface of a calling blockchain, and "sendethhrawrtransaction" is a transaction interface of the calling blockchain;
params: accessing detailed content of the data;
id: a unique identification id of the client on the first node that has been established.
Step S320: and the monitoring center verifies the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the monitoring center sends the data access information to a second node in the block chain system.
The second node is a node corresponding to the node information in step S310. The number of the nodes in the blockchain system having a data access relationship with the first node may be one or more, and is not limited specifically.
Step S320 is used to verify the data access information sent by the first node in step S310.
The preset verification condition may be, but is not limited to, verifying whether a signature of the detail content in the data access message is correct, whether the number of times of the first node sending the data access information per unit time satisfies a preset flow control rule, and whether the first node has a right to send the data access information to the second node.
As shown in fig. 2, the authentication process for the access information may include steps S203 to S213 in fig. 2. The data access information sent by the first node may be subjected to authority verification, flow control, log printing, or other personalized verification, which is not limited specifically. The validation processes in fig. 2 are not in any particular order or sequence, and may be interchanged where appropriate. After the verification is completed, the verified data access information is sent to the second node based on step S214.
For example, when an enterprise a initiates a transaction request for purchasing a product to an enterprise B through an SDK client on a first node, the transaction request is first sent to a monitoring center, the monitoring center verifies the transaction request based on a preset verification condition, for example, whether the enterprise a has an authority to send the transaction request to the second node is verified, whether a signature of a transaction in the transaction request sent by the enterprise a is correct, whether an account of the enterprise a has sufficient cost, and the like, after the preset verification condition passes, the monitoring center forwards the transaction request sent by the enterprise a to the second node corresponding to the enterprise B through a JSO N-RPC transaction route, and the enterprise B processes the transaction request.
Step S330: and the second node performs data access feedback based on the detail content.
The data access feedback information corresponds to data access request information sent by the first node, for example, the first node sends a transfer request, feeds back a message that the transfer is successful, queries a request, and feeds back queried data.
As shown in fig. 2, this step S330 corresponds to step S215 in fig. 2, and is used for processing the data access information that is authenticated in step S320 and feeding back the processing result of the access information. The second node may send the feedback information to the first node, or may send the feedback information to the monitoring center, where the monitoring center forwards the feedback information to the first node. In this embodiment, as shown in fig. 2, in step S218, the first node sends the data access feedback result to the first node through the monitoring center.
According to the data access processing method based on the block chain, a first node in a block chain system responds to a data access request to generate data access information, the data access information comprises details of data access and node information requested to be accessed by the first node, the node requested to be accessed by the first node can be determined through the node information, the first node sends the data access information to a monitoring center, the monitoring center verifies the contents in the data access information sent by the first node based on preset verification conditions after receiving the data access information, if the contents in the data access information meet the preset verification conditions, the monitoring center sends the data access information to a second node in the block chain system, the second node is the node determined from the node information requested to be accessed by the first node, the second node processes the data access based on the details and feeds back a data access processing result.
Therefore, according to the data access processing method provided by the application, the monitoring center is arranged outside the block chain system, the monitoring center presets the verification condition of the data access information sent by the first node, the data access information sent by the block chain nodes can be verified in real time, the security of data access among the block chain nodes is improved, and the normal operation of the block chain is better ensured. Meanwhile, a monitoring center is arranged outside the block chain system, so that the performance requirement on the block chain nodes can be reduced, the process of data access of the block chain nodes can be faster, and the efficiency of data access is improved.
In addition, the monitoring center is arranged outside the blockchain system for verifying the data access, so that the verification of the data access is independent of the blockchain system, additional codes do not need to be added to blockchain link points due to verification, the usability and the universality of blockchain codes are improved, the application difficulty of blockchain technology is reduced, members participating in the blockchain system can be increased, and the decentralized degree of the blockchain is improved.
In one embodiment, the data access information in step S310 further includes: the system comprises a request account number for requesting data access and first signature data obtained after private key signature of detail content. As shown in fig. 5, the request account and the first signature data are placed in a request header of the http message, and the monitoring center obtains the request account and the first signature data by analyzing the request header of the http message, so as to subsequently obtain a private key corresponding to the request account and verify the first signature data.
As shown in fig. 4, before the monitoring center verifies the content in the data access information in step S320, the following step S340 may be included.
Step S340: and the monitoring center acquires a target private key corresponding to the request account from preset account statistical information, and performs private key signature on the detailed content according to the target private key to obtain second signature data.
The account number statistical information includes: and a private key corresponding to each registered account.
The preset verification conditions comprise: the first signature data is the same as the second signature data.
Step S340 is configured to recalculate the signature for the detail content sent by the request account by the monitoring center, obtain second signature data, and verify whether the first signature data and the second signature data are consistent. Corresponding to step S206 and step S207 in fig. 2, if the first signature is the same as the second signature, the next operation is continued, and if the first signature is different from the second signature, the monitoring center sends information of denying access to the first node.
The preset account statistical information is set related statistical information corresponding to each registered request account when the user registers the request account through the first node, and for example, the account statistical information may include: the content of the data access information sent by the authentication request account and the authentication request account, such as the private key corresponding to each registered account, the node that each registered account allows access, and the maximum access number per unit time corresponding to each registered account, is not limited herein.
The preset account statistical information may be stored in a memory of the monitoring center, or may be stored in other storage devices in communication connection with the monitoring center, which is not specifically limited in this embodiment.
The private key corresponding to each registered account is a private key generated when the account is registered.
The signature data is obtained by calculating a string of character passwords by using a hash algorithm and taking details in the data access information sent by the request account and a private key corresponding to the request account as input. The hash algorithm is a one-way cipher mechanism which cannot be tampered, and reverse decryption cannot be performed. In this embodiment, the detail contents of the input hash algorithm correspond to the output character password string one by one, and any change in the detail contents will result in a change in the character password string that is finally output. For example, when the node address of the block chain of the data access in the detail content is changed, a different character string is generated, and the detail content in the data access request can be prevented from being changed artificially and maliciously.
The signature of the detailed content may be calculated by MD5 Message Digest Algorithm (md5), hash Message Authentication Code Algorithm (Hash-based Message Authentication Code-Secure Hash Algorithm 256, hmac-SHA 256) using Secure Hash Algorithm 256 to calculate a Hash value, and the like, and is not limited in particular.
The embodiment provides a specific signature data calculation method:
AppSign=HmacSHA256(tradeBody+chainNodeUrl+appKey+APPSecret)
wherein AppSign is signature data of the detail content, tradeBody is the detail content, chainnodourl is a first node address, appKey is a request account, and apprequest is a private key corresponding to the request account.
By comparing the first signature information with the second signature information, the integrity of detailed contents in the data access request information sent by the first node and the correctness of the request account identity of the data access request can be ensured.
In one embodiment, the account statistics information in step S340 further includes: each registered account allows access to the node.
As shown in fig. 4, before the monitoring center verifies the content in the data access information in step S320, step S350 is further included.
Step S350: and the monitoring center acquires the node which requests the account to allow access from the account statistical information.
The preset verification conditions further include: and the node corresponding to the node information is the node which allows the access of the request account.
In this step S350, the monitoring center is configured to acquire a node that requests an account to allow access from preset account statistical information, compare a node corresponding to node information in the data access information sent by the first node with the acquired node that requests the account to allow access, and determine whether a node corresponding to the node information in the data access information, that is, a second node, is consistent with a preset second node, so as to prevent the first node from performing data access to node information input errors or malicious artificial malicious information.
The node allowing access to the request account is pre-agreed among the first node, the second node and the monitoring center when the first node registers the request account, and can be stored in a list manner.
The number of the nodes that the request account allows to access may be one or multiple, and is not specifically limited herein, and may be set according to the actual situation of data access.
As shown in fig. 2, step S212 acquires a node that requests the account to allow access, step S213 compares a node corresponding to the node information in the data access information with the node that allows access, if the node information in the data access information is consistent with the node that allows access, the next operation is continued, and if the node information in the data access information is not consistent with the node that allows access, the node that requests the account to allow access is sent to the first node. For example, the supply chain in which the enterprise a is located has 10 nodes, the enterprise a can only perform data access to 1 node corresponding to the enterprise B, when the node corresponding to the enterprise a initiates a data access request, the monitoring center verifies the node that the enterprise a can perform data access, and if the node that needs to be accessed in the data access information sent by the enterprise a is not the node of the enterprise B, the monitoring center sends information denying access to the enterprise a. The method and the system can prevent the node information input by the enterprise A from being wrong, obtain wrong feedback information or maliciously perform data access and other accidents from happening.
In one embodiment, the account statistics information in step S340 further includes: the maximum number of accesses per unit time corresponding to each registered account.
As shown in fig. 4, before the monitoring center verifies the content in the data access information in step S320, step S360 is further included.
Step S360: and the monitoring center acquires the maximum access times in unit time corresponding to the request account from the account statistical information and calculates the current access times in unit time of the request account.
The preset verification condition further comprises: and the current unit time access times corresponding to the request account are less than or equal to the maximum access times corresponding to the request account.
This step S360 is used for the monitoring center to verify the access times of the request account in unit time, that is, to limit the times of sending data access requests by each request account in unit time.
The unit time may be agreed by itself, for example, the unit time may be 1 second, 1 minute, or 1 hour, and the unit time in this embodiment is, without limitation, 1 second as an example, that is, in step S360, the query rate per second (QPS) of the requested account is verified, and the QPS is a measurement standard for how many data access requests are processed by the block chain system within 1 second.
As shown in fig. 2, in step S208, the maximum access time per unit time corresponding to the request account is obtained from the account statistical information, and the current access time per unit time of the request account is calculated, and step S209 determines whether the current access time per unit time of the request account calculated in step S208 is less than or equal to the maximum access time per unit time corresponding to a preset request account, if so, performs the next operation, and if so, sends access denial information or queue waiting information to the first node.
The maximum access times per unit time corresponding to the request accounts may be that all the request accounts registered in the monitoring center have the same maximum access times per unit time, that is, the same current limiting rule is configured for all the request accounts in a global configuration manner, or each request account has different maximum access times per unit time, and the current limiting rule may be set independently according to the type of the request account. For example, by adopting a global configuration mode, the maximum access times of all the request accounts in unit time can be set to be 1000 times; or the maximum access times per unit time of the request account only performing query access is 500, and the maximum access times per unit time of the request account performing asset transaction is 1000.
By limiting the access times of the request account in unit time, the normal operation of the block chain system can be guaranteed when sudden request amount is increased and malicious data access is caused, or when the processing of the block chain system is stressed due to overhigh data access request frequency.
For example, a total of 100 request accounts call a block chain, and the block chain supports at most 1000 access requests per unit time, the number of access requests of each request account needs to be limited, so that it is prevented that a certain request account at the same time point requests too fast to support such many access requests, which can protect the block chain and can also ensure normal access of other request accounts.
Generally, the current limitation of the request account may be performed in various manners, such as a sliding window algorithm, a sliding log algorithm, a leaky bucket algorithm, and a token bucket algorithm, which is not limited in this embodiment.
In one embodiment, the account statistics information in step S340 further includes: a node IP address corresponding to each registered account;
as shown in fig. 4, before the monitoring center verifies the content in the data access information in step S320, step S370 may be further included.
Step S370: and the monitoring center acquires the IP address of the node corresponding to the request account from the account statistical information and analyzes the IP address of the node sending the data access information.
The preset verification condition further comprises: and the node IP address obtained from the account number statistical information is the same as the node IP address in the data access information.
This step S370 is used to verify whether the IP address of the request account of the first node has the right to send a data access request to the blockchain system.
The node IP Address corresponding to each registered account is an Internet Protocol Address (IP Address) of the first node, and is an IP Address configured by the first node and used for connecting to a network.
In this embodiment, when the data access request information is transmitted through an application layer protocol based on the TCP/IP communication protocol, the IP address of the first node located in the network layer in the TCP/IP communication protocol is also sent to the monitoring center.
As shown in fig. 2, step S210 obtains a node IP address corresponding to the request account from the preset account statistical information, analyzes an IP address of a node that sends data access information from the TCP/IP communication protocol, determines whether the preset IP address is the same as the analyzed IP address through step S211, continues the next operation if the preset IP address is the same as the analyzed IP address, and sends information of denying access to the first node if the preset IP address is different from the analyzed IP address.
By verifying the IP address of the node sending the data access information, whether the node has the right to access the block chain system can be judged, and the data access information sent by the first node can be prevented from being intercepted maliciously by a person.
In a specific embodiment, the step S321 may be implemented by the monitoring center verifying the content in the data access information based on a preset verification condition in step S320.
Step S321: and when detecting that the request account number meets the preset condition, the monitoring center verifies the content in the data access information based on the preset verification condition.
The preset conditions include: the request account is a registered account.
This step S321 is used to determine whether the requested account is a registered account, so as to avoid situations such as unregistering an account, inputting an incorrect account, and sending data access information.
As shown in fig. 2, this step S321 corresponds to step S203 in fig. 2, and after the first node sends the data access information to the monitoring center in step S202, it may first verify whether the requested account is registered, if the requested account is not an already registered account, send information denying access to the first node, and if the requested account is an already registered requested account, verify the content in the data access information based on the preset verification condition.
In one embodiment, step S321 is preceded by step S322.
Step S322: the monitoring center inquires the balance in the request account and determines the cost required by the request account for single data access.
The preset conditions further include: the balance in the requested account is greater than or equal to the required charge.
In this step S322, the monitoring center is configured to verify the cost of the request account, and determine whether the cost in the request account can be used for data access.
The balance in the request account is the number of virtual assets in the request account.
As shown in fig. 2, after the request account is verified in step S203 to be a registered account, in step S204, the monitoring center queries the balance in the request account and the cost required by the request account for performing single data access, and step S205 determines whether the balance of the request account is greater than or equal to the cost required by the request account for performing single data access, that is, whether there are enough virtual assets in the request account to support the data access, and if so, continues to perform the next operation. If the answer is less than the answer, the final access information is sent to the first node, and the request account balance is prompted to be insufficient, as shown in fig. 4, which corresponds to step S3100.
Step S3100: and when the balance in the request account is less than the required cost, sending information that the balance of the request account is insufficient to the first node.
The fee required for a single data access by the requesting account may be configured at the time of registration of the requesting account. The configuration may be global configuration, that is, the costs required for performing single data access on all the requesting accounts are the same, or may be separate configuration for a specific requesting account, that is, the costs required for performing single data access on each requesting account may be the same or different, or may be separate configuration required for performing single data access on a certain data access on each requesting account according to the type of the data access information, that is, the costs for performing single data access on the same requesting account may be different. The embodiment is not particularly limited.
For example, a supply chain has 10 nodes, each of which is a node corresponding to a merchant a-merchant J, and when the cost required for a single data access to a request account of the merchant a-merchant J is set, the cost can be set in the following three ways: the first method comprises the following steps: the method comprises the steps of performing global cost configuration required by single data access on a request account corresponding to a merchant A-a merchant J, namely setting the cost of data access of the merchant A-the merchant J to be 1 yuan each time; and the second method comprises the following steps: the method comprises the steps of configuring request accounts of merchants A and merchants J independently, wherein the cost required for performing single data access on the request account corresponding to the merchant A is 1 yuan, the cost required for performing single data access on the request account corresponding to the merchant B is 2 yuan, the cost required for performing single data access on the request account corresponding to the merchant C is 1.5 yuan and the like, and the cost required for performing single data access on the request accounts corresponding to the merchants A and the merchants B can be the same or different; and the third is that: when the request account number corresponding to the merchant A only carries out data query, charging is 1 yuan, and when the virtual asset transaction is carried out, charging is 2 yuan, or different charging standards can be set according to the number of the virtual assets transacted.
In one embodiment, as shown in fig. 4, the data access processing method may further include step S380.
Step S380: and the monitoring center counts the data access information of the request account on the basis of the data access feedback result received from the second node.
The step S380 is used for the monitoring center to count the data access information of the request account based on the data access feedback result.
As shown in fig. 2, the monitoring center receives the data access result sent by the second node in step S215, and in step S216, personalized statistics is performed on the data access information of the request account based on the feedback result.
The statistics may be statistics of the number of data accesses of the request account, statistics of the time consumed by a single data access of the request account, and the like, and the statistics is not particularly limited, and may be performed according to specific service requirements.
The personalized statistics is carried out on the data access information of the request account, so that developers can analyze the performance of each system related to the data access based on the statistical result.
In one embodiment, as shown in fig. 4, the data access processing method may further include step S390a or step S390b.
Step S390a: the monitoring center deducts a preset number of virtual assets in the request account in response to receiving a data access feedback result sent by the second node;
step S390b: and when the monitoring center reaches a preset time, determining the uncharged and completed target data access corresponding to the request account, and deducting the virtual assets in the request account in a corresponding quantity according to the number of times of target data access and the preset cost required by single data access.
Step S390a and step S390b are two ways of deducting the fee generated by requesting the account to send data access by the monitoring center.
The first method comprises the following steps: in step S390a, the virtual assets with the preset number are the fee required for requesting the account number to perform single data access in step S322. And after receiving the data access feedback result sent by the second node, the monitoring center synchronously deducts the cost of the data access. For example, the cost of the data access sent by the request account is 1 yuan, and the monitoring center deducts 1 yuan from the request account.
And the second method comprises the following steps: unlike the step S390a that charges are synchronously deducted after the data access feedback result is received, the step S390b deducts charges generated when the request account sends the data access information asynchronously when the preset time is reached.
The preset timing may include: the number of times of the data access feedback result received by the monitoring center reaches a preset threshold, for example, the threshold is 10 times, and the monitoring center receives the 10 times of data access result and deducts the fee for the 10 times of data access. Or, the time period for deducting the fee may be preset, and the fee is deducted at regular time, for example, the fee is deducted once in 10 minutes, 30 minutes, 1 hour, and 1 day, which is not limited in this embodiment.
In step S390b, when a preset time is reached, it is first determined which data accesses of the request account need to be deducted, that is, the uncharged and completed target data accesses corresponding to the request account need to be deducted, the deduction of the target data accesses needs to determine the total cost of the target data accesses according to the number of times of the target data accesses and the preset cost required by the single data access, deduct a corresponding number of virtual assets in the request account, and add the deducted number of virtual assets in the account corresponding to the monitoring center.
For example, the time period of the deduction fee is preset to be 10 minutes, the monitoring center executes the deduction fee every 10 minutes, firstly, it is determined that the uncharged and completed target data access in the request account number is 10 times within 10 minutes, and the fee required by the preset single data access is 1 yuan obtained from the account number statistical information corresponding to the request account number, then, the monitoring center deducts 10 yuan in the request account number, and adds 10 yuan in the account number corresponding to the monitoring center.
Second embodiment
Corresponding to the method for processing data access based on a block chain provided in the first embodiment of the present application, a second embodiment of the present application further provides a system for processing data access based on a block chain, as shown in fig. 7, the system for processing data access provided by the present application includes:
a sending unit 401, configured to be applied to a first node in a blockchain system, where the sending unit 401 is configured to generate data access information in response to a data access request, and send the data access information to the monitoring center, where the data access information includes details of data access and node information requested to be accessed by the first node;
a verification unit 402, configured to be applied to a monitoring center, where the verification unit 402 is configured to verify content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, send the data access information to a second node in the block chain system, where the second node is a node corresponding to the node information;
a feedback unit 403 applied to a second node in the blockchain system, where the feedback unit 403 is configured to perform data access feedback based on the detail content.
As shown in fig. 8, in this embodiment of the application, the data access processing system further includes:
a signature unit 404, configured to be applied to a monitoring center, where the signature unit 404 is configured to obtain a target private key corresponding to the request account from preset account statistical information, and perform private key signature on the detailed content according to the target private key to obtain second signature data, where the account statistical information includes: private keys corresponding to the registered accounts;
the verifying unit 402 is specifically configured to verify that the first signature data is the same as the second signature data.
Optionally, the data access processing further includes:
an obtaining unit 405, which is applied to a monitoring center, where the obtaining unit 405 is configured to obtain a node that the request account allows access from the account statistical information;
the verifying unit 402 may be further specifically configured to verify that the node corresponding to the node information is a node that the request account allows access.
Optionally, the obtaining unit 405 may be further configured to obtain the maximum access times per unit time corresponding to the request account from the account statistical information, and calculate the current access times per unit time of the request account;
the verifying unit 402 may be further configured to verify that the current access time per unit time corresponding to the request account is less than or equal to the maximum access time corresponding to the request account.
Optionally, the obtaining unit 405 may be further configured to obtain an IP address of a node corresponding to the requested account from the account statistical information, and analyze an IP address of a node that sends the data access information;
the verifying unit 402 is specifically configured to verify that the node IP address obtained from the account statistics information is the same as the node IP address in the data access information.
Optionally, the verifying unit 402 is further configured to verify, when it is detected that the request account satisfies a preset condition, content in the data access information based on the preset verification condition, where the preset condition includes: the request account is a registered account.
Optionally, the obtaining unit 405 may be further configured to query a balance in the requested account, and determine a cost required for performing single data access on the requested account;
the verifying unit 402 is specifically configured to verify that the balance in the requested account is greater than or equal to the required fee.
Optionally, in the data access processing, the data access information is transmitted in a form of an http message, and the node information, the request account, and the first signature data are located in a request header of the http message.
Optionally, the data access request is: for block on-chain data
Or a request to conduct a virtual asset transaction.
Optionally, the data access processing further includes:
a counting unit 406, applied to the monitoring center, where the counting unit 406 is configured to count the data access information of the request account based on the data access feedback result received from the second node.
Optionally, the data access processing further includes:
a deduction unit 407, applied to the monitoring center, where the deduction unit 407 is configured to deduct a preset number of virtual assets in the request account in response to receiving a data access feedback result sent by the second node;
or when the preset time is reached, determining the uncharged and completed target data access corresponding to the request account, and deducting the corresponding number of virtual assets in the request account according to the number of times of target data access and the preset cost required by single data access.
Optionally, the data access processing further includes:
a feedback information sending unit 408, which is applied to the monitoring center, where the feedback information sending unit 408 is configured to send, to the first node, information that the balance of the requested account is insufficient when the balance in the requested account is less than the required cost.
Third embodiment
Corresponding to the block chain-based data access processing method provided in the first embodiment of the present application, a third embodiment of the present application further provides a data interaction system, as shown in fig. 9 and fig. 1, the data interaction system provided in the embodiment of the present application includes: a first node 110 in a blockchain system, a monitoring center 120, and a second node 130 in the blockchain system.
The first node 110 in the blockchain system is configured to generate data access information in response to a data access request, and send the data access information to the monitoring center, where the data access information includes details of data access and node information requested to be accessed by the first node;
the monitoring center 120 is configured to verify content in the data access information based on a preset verification condition, and send the data access information to a second node in the block chain system if the content in the data access information meets the preset verification condition;
a second node 130 in the blockchain system for data access feedback based on the detail content.
In practical applications, the number of the first nodes in the blockchain system is at least one, and the number of the second nodes in the blockchain system is at least one.
Optionally, as shown in fig. 10, the first node 110 in the blockchain system includes: a first processor 111; and
a first memory 112, configured to store a first data processing program, where after the first node 110 is powered on and runs the first data processing program through the first processor 111, the method step of generating data access information in response to a data access request and sending the data access information to the monitoring center 120 is executed.
Optionally, the monitoring center 120 includes: a second processor 121; and
a second memory 122, configured to store a second data processing program, where after the monitoring center 120 is powered on and runs the second data processing program through the second processor 121, the monitoring center performs a method step of verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, sending the data access information to the second node 130 in the blockchain system.
Optionally, the second node 130 in the blockchain system comprises: a third processor 131; and
a third memory 132 for storing a third data processing program, wherein the second node 130 is powered on and executes the third data processing program through the third processor 132, and then performs the method steps of data access feedback based on the details.
Fourth embodiment
In correspondence with the method for processing data access based on block chain provided in the first embodiment of the present application, a fourth embodiment of the present application provides a computer-readable storage medium, storing a program of the method for processing data access based on block chain, where the program is executed by a processor to perform the following steps:
a first node in the block chain system responds to a data access request to generate data access information and sends the data access information to the monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node;
the monitoring center verifies the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
and the second node performs data access feedback based on the detail content.
It should be noted that, for the detailed description of the system and the computer-readable storage medium provided in the second embodiment, the third embodiment, and the fourth embodiment of the present application, reference may be made to the relevant description of the first embodiment of the present application, and details are not repeated here.
In a typical configuration, a computing device of a blockchain node includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
1. Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
2. As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
Claims (15)
1. A data access processing method based on a block chain is characterized by being applied to a data interaction system, wherein the data interaction system comprises a block chain system and a monitoring center; the method comprises the following steps:
a first node in the block chain system responds to a data access request to generate data access information and sends the data access information to the monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node;
the monitoring center verifies the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
and the second node performs data access feedback based on the detail content.
2. The method of claim 1, wherein the data access information further comprises: a request account requesting data access, and first signature data obtained by carrying out private key signature on the detailed content;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires a target private key corresponding to the request account from preset account statistical information, and performs private key signature on the detailed content according to the target private key to obtain second signature data, wherein the account statistical information comprises: private keys corresponding to the registered accounts;
the preset verification conditions comprise: the first signature data is the same as the second signature data.
3. The method of claim 2, wherein the account statistics further include: each registered account allows the node of visit;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the node which requests the account to allow access from the account statistical information;
the preset verification condition further comprises: and the node corresponding to the node information is the node which is allowed to be accessed by the request account.
4. The method of claim 2, wherein the account statistics further include: the maximum access times in unit time corresponding to each registered account;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the maximum access times in unit time corresponding to the request account from the account statistical information, and calculates the current access times in unit time of the request account;
the preset verification condition further comprises: and the current unit time access times corresponding to the request account are less than or equal to the maximum access times corresponding to the request account.
5. The method of claim 2, wherein the account statistics further include: a node IP address corresponding to each registered account;
before the monitoring center verifies the content in the data access information, the method further comprises:
the monitoring center acquires the node IP address corresponding to the request account from the account statistical information and analyzes the IP address of the node sending the data access information;
the preset verification condition further comprises: and the node IP address obtained from the account statistical information is the same as the node IP address in the data access information.
6. The method of claim 2, wherein the monitoring center verifies the content in the data access information based on a preset verification condition, comprising:
when detecting that the request account number meets a preset condition, the monitoring center verifies the content in the data access information based on the preset verification condition, wherein the preset condition comprises: the request account is a registered account.
7. The method according to claim 6, wherein before the monitoring center verifies the content in the data access information based on a preset verification condition when detecting that the request account number satisfies a preset condition, the method further includes:
the monitoring center inquires the balance in the request account and determines the cost required by the request account for single data access;
the preset conditions further include: the balance in the requesting account is greater than or equal to the required cost.
8. The method according to claim 2, wherein the data access information is transmitted in a form of a hypertext transfer protocol http message, and the node information, the request account, and the first signature data are located in a request header of the http message.
9. The method of any of claims 1 to 8, wherein the data access request is: a request for a data query on a blockchain or a request to conduct a virtual asset transaction.
10. The method of any of claims 2 to 8, further comprising:
and the monitoring center counts the data access information of the request account on the basis of the data access feedback result received from the second node.
11. The method according to any one of claims 2 to 8, further comprising:
the monitoring center deducts a preset number of virtual assets in the request account in response to receiving a data access feedback result sent by the second node;
or when the monitoring center reaches a preset time, determining the uncharged and completed target data access corresponding to the request account, and deducting the virtual assets in the request account in a corresponding amount according to the number of times of target data access and the preset cost required by single data access.
12. The method of claim 7, further comprising:
and when the balance in the request account is less than the required cost, sending information that the balance of the request account is insufficient to the first node.
13. A blockchain-based data access processing system, the system comprising:
the system comprises a sending unit, a monitoring center and a processing unit, wherein the sending unit is applied to a first node in a block chain system and used for responding to a data access request to generate data access information and sending the data access information to the monitoring center, and the data access information comprises details of data access and node information requested to be accessed by the first node;
the verification unit is used for verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
and the feedback unit is applied to a second node in the block chain system and is used for performing data access feedback based on the detail content.
14. A data interaction system is characterized by comprising a block chain system and a monitoring center;
the first node in the block chain system is used for responding to a data access request to generate data access information and sending the data access information to the monitoring center, wherein the data access information comprises details of data access and node information requested to be accessed by the first node;
the monitoring center is used for verifying the content in the data access information based on a preset verification condition, and if the content in the data access information meets the preset verification condition, the data access information is sent to a second node in the block chain system, wherein the second node is a node corresponding to the node information;
a second node in the blockchain system for data access feedback based on the detail content.
15. A computer-readable storage medium, in which a data processing program is stored, which program, when executed by a processor, performs the method according to any one of claims 1-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211312259.0A CN115712916A (en) | 2022-10-25 | 2022-10-25 | Data access processing method based on block chain and data interaction system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211312259.0A CN115712916A (en) | 2022-10-25 | 2022-10-25 | Data access processing method based on block chain and data interaction system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115712916A true CN115712916A (en) | 2023-02-24 |
Family
ID=85231724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211312259.0A Pending CN115712916A (en) | 2022-10-25 | 2022-10-25 | Data access processing method based on block chain and data interaction system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115712916A (en) |
-
2022
- 2022-10-25 CN CN202211312259.0A patent/CN115712916A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11210661B2 (en) | Method for providing payment gateway service using UTXO-based protocol and server using same | |
| US11809608B2 (en) | Methods and systems for using digital signatures to create trusted digital asset transfers | |
| KR102215773B1 (en) | Blockchain data protection based on account note model with zero-knowledge proof | |
| KR101816650B1 (en) | Method for providing simplified account registration service and authentication service, and authentication server using the same | |
| US20190116038A1 (en) | Attestation With Embedded Encryption Keys | |
| US10313353B2 (en) | Method, device, terminal, and server for verifying security of service operation | |
| US11108566B2 (en) | Methods and systems for using digital signatures to create trusted digital asset transfers | |
| US11201751B2 (en) | System and method for off-chain cryptographic transaction verification | |
| US20220188815A1 (en) | Distributed ledger systems, methods and devices | |
| WO2019019344A1 (en) | Webpage data crawling method and device, user terminal, and readable storage medium | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| WO2019238299A1 (en) | System and method for simulating network events | |
| US11856107B2 (en) | Methods and systems for exchanging confidential information via a blockchain | |
| TW201909072A (en) | Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account | |
| US20230289789A1 (en) | Privacy protected consumers identity for centralized p2p network services | |
| EP3913483A1 (en) | Public and private api hub synchronization | |
| KR101120059B1 (en) | Billing verifying apparatus, billing apparatus and method for cloud computing environment | |
| CN114731293A (en) | Preventing data manipulation and protecting user privacy when determining accurate location event measurements | |
| WO2021121030A1 (en) | Resource transfer method, settlement terminal, and server node | |
| CN115712916A (en) | Data access processing method based on block chain and data interaction system | |
| CN110766407A (en) | Transaction verification method, accounting node and medium based on block chain | |
| US20240007309A1 (en) | Systems and methods for facilitating blockchain operations involving on chain and off chain interactions | |
| KR102667841B1 (en) | Prevent data manipulation and protect user privacy when measuring accurate location events | |
| CN116980136A (en) | Interface processing method, device, equipment, storage medium and product of intelligent contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |