CN116137627A - Data processing method and device based on blockchain network and related equipment - Google Patents

Data processing method and device based on blockchain network and related equipment Download PDF

Info

Publication number
CN116137627A
CN116137627A CN202111370887.XA CN202111370887A CN116137627A CN 116137627 A CN116137627 A CN 116137627A CN 202111370887 A CN202111370887 A CN 202111370887A CN 116137627 A CN116137627 A CN 116137627A
Authority
CN
China
Prior art keywords
node
tee
chain
block
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111370887.XA
Other languages
Chinese (zh)
Inventor
朱耿良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202111370887.XA priority Critical patent/CN116137627A/en
Publication of CN116137627A publication Critical patent/CN116137627A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the application provides a data processing method, a device and related equipment based on a block chain network, wherein the method comprises the following steps: the first node sends an access request of target data to a second node of a second service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data; receiving first response data sent by a second node, wherein the first response data comprises authorized access information of target data and identification information of a Trusted Execution Environment (TEE) of a third node; according to the identification information of the TEE of the third node, a request for acquiring target data is sent to the third node, and encrypted target data generated by the TEE of the third node and sent by the third node is received, so that efficient data sharing among multiple chains can be realized, safety and privacy during inter-chain data interaction can be ensured, and the running efficiency and safety of a blockchain network are improved.

Description

Data processing method and device based on blockchain network and related equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data processing method and apparatus based on a blockchain network, and related devices.
Background
The blockchain is a decentralized distributed account book system, and has the characteristics of non-tamperable data, decentralized and openness. The consensus mechanism is used as a core in the block chain technology and is a basis for ensuring the normal operation of the block chain system. The consensus process of the blockchain system is a process of keeping the distributed ledgers among the nodes consistent. With development and application of blockchain technology, applications of cross-chain services between multiple blockchains are becoming wider and wider, for example, in a multi-chain blockchain network, data cross-chain transmission is generally required between different chains to complete service interaction, and how to ensure data security during cross-chain data transmission is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a data processing method, a device and related equipment based on a blockchain network, which can efficiently perform data sharing among multiple chains, and can ensure privacy security during cross-chain data interaction by combining with a TEE, so that the operation efficiency and the security of the blockchain network are improved.
In a first aspect, an embodiment of the present application provides a data processing method based on a blockchain network, where the blockchain network includes K service sub-chains, each of the K service sub-chains is used to record transaction data of a corresponding service, and K is an integer greater than or equal to 2, and the method includes:
The method comprises the steps that a first node of a first service sub-chain sends an access request of target data to a second node of a second service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node to the target data, and the first service sub-chain and the second service sub-chain are any two of K service sub-chains.
The first node receives first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of the target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of the first block passes.
And after the first node determines that the first response data comprises the authorized access information of the target data, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node.
The first node receives second response data sent by the third node for the acquisition request, wherein the second response data comprises encrypted target data generated by a TEE of the third node.
In a second aspect, an embodiment of the present application provides another data processing method based on a blockchain network, where the blockchain network includes K service sub-chains, each of the K service sub-chains is used to record transaction data of a corresponding service, and K is an integer greater than or equal to 2, and the method includes:
the second node of the second service sub-chain receives an access request of target data sent by the first node of the first service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node to the target data, and the first service sub-chain and the second service sub-chain are any two of the K service sub-chains.
And the second node responds to the access request to verify the verification information of the first block.
And if the verification is passed, the second node generates authorized access information of the target data and determines a third node.
The second node sends first response data to the first node, wherein the first response data comprises authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending an acquisition request of the target data to the third node by the first node so as to acquire encrypted target data generated by the TEE of the third node.
In a third aspect, an embodiment of the present application provides a data processing apparatus, including:
the system comprises a sending module, a target data access module and a target data access module, wherein the sending module is used for sending an access request of target data to a second node of a second service sub-chain, the access request carries verification information of a first block of a first service sub-chain, and the first block stores a pre-access record of the first node of the first service sub-chain to the target data.
The receiving module is configured to receive first response data sent by the second node for the access request, where the first response data includes authorized access information of the target data and identification information of a trusted execution environment TEE of a third node, and the authorized access information is generated by the second node after verification information of the first block passes.
The sending module is further configured to send, after determining that the first response data includes authorized access information of the target data, an acquisition request of the target data to the third node according to identification information of a TEE of the third node.
The receiving module is further configured to receive second response data sent by the third node for the acquisition request, where the second response data includes encrypted target data generated by a TEE of the third node.
In a fourth aspect, embodiments of the present application provide another data processing apparatus, the apparatus including:
the device comprises a receiving module, a first node and a second node, wherein the receiving module is used for receiving an access request of target data sent by the first node of a first service sub-chain, the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
And the processing module is used for responding to the access request and checking the verification information of the first block.
And the processing module is further used for generating authorized access information of the target data and determining a third node if the verification is passed.
The sending module is configured to send first response data to the first node, where the first response data includes authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending, by the first node, an acquisition request of the target data to the third node, so as to acquire encrypted target data generated by the TEE of the third node.
In a fifth aspect, an embodiment of the present application provides a computer apparatus, where the computer apparatus includes a processor, a network interface, and a storage device, where the processor, the network interface, and the storage device are connected to each other, and the network interface is controlled by the processor to send and receive data, and the storage device is used to store a computer program, where the computer program includes program instructions, and the processor is configured to invoke the program instructions to perform the data processing method based on a blockchain network according to the first aspect.
In a sixth aspect, an embodiment of the present application provides a computer apparatus, where the computer apparatus includes a processor, a network interface, and a storage device, where the processor, the network interface, and the storage device are connected to each other, and the network interface is controlled by the processor to send and receive data, and the storage device is used to store a computer program, where the computer program includes program instructions, and the processor is configured to invoke the program instructions to perform the data processing method based on a blockchain network according to the second aspect.
In a seventh aspect, embodiments of the present application provide a computer readable storage medium storing a computer program, the computer program including program instructions for execution by a processor to perform the blockchain network-based data processing method of the first aspect.
In an eighth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program, the computer program including program instructions for execution by a processor to perform the blockchain network-based data processing method of the second aspect.
In a ninth aspect, embodiments of the present application provide a computer program product comprising a computer program, wherein the computer program when executed by a computer processor implements the data processing method according to the first aspect based on a blockchain network.
In a tenth aspect, embodiments of the present application provide a computer program product comprising a computer program, wherein the computer program when executed by a computer processor implements the blockchain network-based data processing method according to the second aspect.
In this embodiment of the present application, a first node of a first service sub-chain may send an access request of target data to a second node of a second service sub-chain, where the target data is data recorded in the second service sub-chain, the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node on the target data, that is, the first service sub-chain records an access requirement on the target data first, so as to reserve an application record of data access in the block chain, and the first service sub-chain and the second service sub-chain are any two service sub-chains; the first node receives first response data sent by a second node aiming at an access request, wherein the first response data comprises authorized access information of target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of a first block is verified; after determining that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, the first node sends an acquisition request of the target data to the third node according to the identification information of the TEE of the third node, and receives second response data sent by the third node for the acquisition request, wherein the second response data includes encrypted target data generated by the TEE of the third node, so that efficient data sharing among a plurality of sub-chains in a tree-shaped block chain structure can be realized, and safety privacy communication during cross-chain data interaction can be ensured by combining with the TEE, thereby improving the operation efficiency and safety of the block chain network.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1a is a schematic diagram of a data processing system according to an embodiment of the present application;
FIG. 1b is a block chain architecture diagram according to one embodiment of the present application;
FIG. 1c is a schematic diagram of a process for generating a new block according to an embodiment of the present application;
FIG. 1d is a schematic diagram of a tree blockchain according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of a data processing method based on a blockchain network according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of another data processing method based on a blockchain network according to an embodiment of the present application;
FIG. 4 is a flow chart of yet another data processing method based on a blockchain network according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a process for cross-chain data sharing provided by an embodiment of the present application;
FIG. 6 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 7 is a schematic diagram of another data processing apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Referring to fig. 1a, an architecture diagram of a data processing system according to an embodiment of the present application is provided, where the data processing system includes a service network 11, a core network 12, and a terminal device 13, and the method includes:
the traffic network 11 and the core network 12 together form a blockchain network. A blockchain network refers to a network for data sharing between node devices, and a plurality of node devices may be included in the blockchain network. Each node device may receive input information while operating normally and maintain shared data (i.e., blockchains) within the blockchain network based on the received input information. In order To ensure information intercommunication in the blockchain network, information connection can exist between every two node devices, point-To-point (P2P) communication can be realized between any two node devices, and particularly P2P communication can be performed through a wired communication link or a wireless communication link. For example, when any node device in the blockchain network receives input information, other node devices acquire the input information according to a consensus algorithm, and store the input information as data in shared data, so that the data stored on all node devices in the blockchain network are consistent.
The core network 12 is composed of a plurality of consensus nodes 102, the service network 11 is composed of a plurality of service nodes 101, and the nodes in the service network 11 mainly perform service execution, do not participate in accounting consensus, but obtain block header data and block data with visible partial authorization from the core network 12 by means of identity authentication. The nodes in the core network 12 are primarily responsible for consensus of the transaction data of the business, packaging the transaction data into blocks for consensus accounting, for example for tax purposes, the business may include a number of related sub-businesses (e.g., invoices, credit, imports and exports, corporate qualification, tax refunds, etc.).
In some possible embodiments, a routing agent layer may be provided between the service network 11 and the core network 12, wherein the routing agent layer acts as an isolation for the service layer and the core consensus network layer.
The terminal device 13 may access the blockchain network and may communicate with node devices in the blockchain network (e.g., node 101 of the service network 11), for example, submit data (e.g., transaction data, data query requests, etc.) to the node devices, query data from the node devices, and so on. The terminal device 13 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, an on-vehicle intelligent terminal, etc., which is not limited in this embodiment.
It should be noted that the number of nodes 101, 102 and the number of service networks 11, 12 shown in fig. 1a are only illustrative, and any number of nodes, service networks and core networks may be deployed according to actual needs.
Each node device in the blockchain network has a node identifier corresponding to the node device, and each node device in the blockchain network can store the node identifiers of other node devices in the blockchain network, so that the generated blocks can be broadcasted to other node devices in the blockchain network according to the node identifiers of the other node devices. Each node device may maintain a node identifier list as shown in the following table, and store the node name and the node identifier in the node identifier list correspondingly. The node identifier may be an internet protocol (Internet Protocol, IP) address, or any other information that can be used to identify the node, and the table is described only by way of example as an IP address.
Node name Node identification
Node 1 117.114.151.174
Node 2 117.116.189.145
Node N 119.123.789.258
Wherein each node device in the blockchain network stores one and the same blockchain. The blockchain is composed of a plurality of blocks, see fig. 1b, the blockchain is composed of a plurality of blocks, the starting block comprises a block head and a block main body, the block head stores an input information characteristic value, a version number, a time stamp and a difficulty value, and the block main body stores input information; the next block of the starting block takes the starting block as a father block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the father block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain are associated with the block data stored in the father block, and the safety of the input information in the block is ensured.
When each block in the blockchain is generated, referring to fig. 1c, when the node device where the blockchain is located receives input information, checking the input information, after the checking is completed, storing the input information into a memory pool, and updating a hash tree used for recording the input information; then, updating the update time stamp to the time of receiving the input information, trying different random numbers, and calculating the characteristic value for a plurality of times, so that the calculated characteristic value can meet the following formula:
SHA256(SHA256(version+prev_hash+merkle_root+ntime+nbits+x))<TARGET
wherein SHA256 is a eigenvalue algorithm used to calculate eigenvalues; version (version number) is version information of the related block protocol in the block chain; the prev_hash is the block header characteristic value of the parent block of the current block; the merkle_root is a characteristic value of input information; ntime is the update time of the update timestamp; the nbits is the current difficulty, is a fixed value in a period of time, and is determined again after exceeding a fixed period of time; x is a random number; TARGET is a eigenvalue threshold that can be determined from nbits.
Thus, when the random number meeting the formula is calculated, the information can be correspondingly stored to generate the block head and the block main body, and the current block is obtained. And then, the node equipment of the block chain respectively sends the newly generated blocks to other node equipment in the block chain network according to the node identification of other node equipment in the block chain network, the other node equipment checks the newly generated blocks, and the newly generated blocks are added into the stored block chain after the checking is completed.
The intelligent contract is a code implementation for executing when a certain condition is met, a developer can define contract logic through a programming language, issue the contract logic to a blockchain (intelligent contract registration), call a key or trigger execution according to the logic of contract clauses to complete the contract logic, and simultaneously provide functions of upgrading and logging off the intelligent contract.
In some possible implementations, as shown in fig. 1d, a schematic structural diagram of a tree-shaped blockchain is provided in the embodiment of the present application, where:
(1) The A chain can be a basic main chain, such as a main chain operated by a tax administration, wherein an creation block issued by the tax administration is started to operate, and basic data and service configuration are submitted into the basic main chain.
(2) The B chain, the C chain, the D chain and the like are service sub-chains derived from a block of a certain height of the A chain in the process of adding the block chain to perform self service of various tax related services (such as invoices, credit, import and export, enterprise qualification, tax refund and the like), for example, the B chain is derived from a block A1 of a main chain, and the D chain is derived from a block A3 of the main chain. Every time a new service sub-chain is derived, a corresponding chain Identification (ID) is generated for it.
Wherein the chain ID of each service sub-chain must be published and registered in the main chain (a-chain), and there is an intelligent contract for the service sub-chain to register in the a-chain, which can write the assigned chain ID, the described service, basic information, etc. into the main chain. Service nodes in the witness network need to specify a sub-link ID, i.e. can interact with the core network.
(3) After the derivation, the generation block of the B chain is A1, the generation block of the C chain is A2, and on the basis, each service sub-chain runs a corresponding service transaction uplink. When verifying the block, except the block for verifying the service sub-chain, the A chain can be found from the generation block of the service sub-chain, and finally the generation block of the A chain is verified. For the nodes which have synchronized the A chain data locally, the verification of the service sub-chain only needs to verify the generation block of the corresponding service sub-chain.
(4) If the information in the whole basic chain and the whole tax field (such as regulation, calculation regulation change, important block chain link point change, chain certificate authority (Certificate Authority, CA) rotation and the like) is changed, the change information needs to simultaneously send out a new block in all sub-chains, and only if all the sub-chains finish the new block sending out, the operation can be restored. Such as blocks A3, B5, C4 in fig. 1 d.
It should be noted that, although different service sub-chains are derived, the data maintenance of each service sub-chain can be completed by the original fixed core consensus node, when the service sub-chains are commonly known, the service sub-chains to which the transaction is submitted are distinguished according to the chain ID, and the different service sub-chains can be independently commonly known in parallel without affecting each other. Some traffic sub-chains may also be configured to be independently consensus by other consensus nodes, but independently consensus nodes must synchronize the data of the underlying backbone (a-chain).
(5) The nodes may also include simple pay verification (Simplified Payment Verification, SPV) nodes, one SPV node may dynamically configure multiple chain IDs to participate in the services of multiple service sub-chains. Multiple sub-chains can participate with the same SPV ID and address, while the SPV ID and address must be registered in advance with the a-chain. The block chain data for each sub-chain is independently synchronized back to the SPV and stored independently locally at the SPV.
(6) The agent node needs to record the information of the independent consensus node, and if a request for transmitting transaction or synchronous data to the independent consensus network is met, the request is forwarded to the independent consensus node; otherwise, according to the original basic configuration, the request is checked and then forwarded to the consensus node of the core network, and the consensus node is independently processed according to the sub-chain ID of the request.
In connection with the tree blockchain shown in fig. 1d, in tax service, a blockchain structure scheme of continuously adding service subchains can be implemented, so that a plurality of service subchains are continuously branched from a main chain.
In some possible embodiments, when cross-link data sharing is performed, a first node of a first service sub-link sends an access request of target data to a second node of a second service sub-link, where the target data is data recorded in the second service sub-link, the access request carries verification information of a first block of the first service sub-link, the first block stores a pre-access record of the first node on the target data, that is, the first service sub-link records an access requirement on the target data first, so as to keep an application record of data access in the block chain, and the first service sub-link and the second service sub-link are any two service sub-links; the first node receives first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of target data and identification information of a trusted execution environment (Trusted Execution Environment, TEE) of the third node, and the authorized access information is generated by the second node after verification information of the first block is verified; after determining that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, the first node sends an acquisition request of the target data to the third node according to the identification information of the TEE of the third node, and receives second response data sent by the third node for the acquisition request, wherein the second response data includes encrypted target data generated by the TEE of the third node, so that efficient data sharing among a plurality of sub-chains in a tree-shaped block chain structure can be realized, and safety privacy communication during cross-chain data interaction can be ensured by combining with the TEE, thereby improving the operation efficiency and safety of the block chain network.
The implementation details of the technical solutions of the embodiments of the present application are described in detail below:
referring to fig. 2, a flowchart of a data processing method based on a blockchain network provided by the data processing system shown in fig. 1a according to an embodiment of the present application is shown, where the data processing method includes the following steps:
201. the method comprises the steps that a first node of a first service sub-chain sends an access request of target data to a second node of a second service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
The blockchain network may include K service sub-chains, where K is an integer greater than or equal to 2, where the K service sub-chains are generated based on a main chain of the blockchain network, different service sub-chains in the K service sub-chains respectively use different blocks of the main chain as generating blocks, the first service sub-chain and the second service sub-chain are any two of the K service sub-chains, for example, the first service sub-chain corresponds to an invoice service in a tax service, the second service sub-chain corresponds to an enterprise qualification in the tax service, and cross-chain data interaction needs to be performed between the two service sub-chains, for example, the first service sub-chain needs to query the enterprise qualification through the second service sub-chain.
Specifically, the first service sub-chain may apply for access rights of target data to the second service sub-chain, and the first node of the first service sub-chain may send an access request of the target data to the second node of the second service sub-chain, where the first node may be a consensus node responsible for consensus of transaction data of the first service sub-chain, or may be an independent node started by the first service sub-chain, and the second node may be a consensus node responsible for consensus of transaction data of the second service sub-chain; the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data, that is, the first service sub-chain first records an access requirement to the target data so as to reserve an application record of data access in the block chain.
In some possible embodiments, the first node may generate a pre-access record of the target data by the first node, where the pre-access record may include one or more of a chain ID of the first service sub-chain, a node ID of the first node, a data identification of the target data, and the like; the first node generates a first block according to the pre-access record, namely, writes the information of the pre-access record into the first block, and adds the first block into the first service sub-chain after the first block is authenticated with other nodes (such as consensus nodes) of the first service sub-chain, thereby realizing writing the application record of the data access into the block chain.
202. The first node receives first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of the target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of the first block passes.
Specifically, the second node may verify the access right of the first node, and may further verify the first block where the first node writes the pre-access record, if the verification passes, authorization access information of the first node to the target data is generated, that is, the first node is allowed to access the target data, and a third node performing data interaction with the first node may be determined, where both the first node and the third node operate a trusted execution environment TEE, and the first node receives first response data sent by the second node, where the first response data includes authorization access information of the target data and identification information of the trusted execution environment TEE of the third node.
In some possible embodiments, the third node and the second node may be the same node or different nodes, for example, the third node may be an independent node started by the second node, and is specifically used for performing cross-link transmission of data with the first node, which is not limited in this embodiment.
203. And after the first node determines that the first response data comprises the authorized access information of the target data, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node.
Specifically, after determining that the first response data includes the authorized access information of the target data, that is, the first node confirms that the first response data has the access right, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node, where the acquisition request may carry the identification information of the target data, for example, the sign information of a certain user needs to be queried, and the identification information of the target data may be the identification such as the name, the mobile phone number, the identification card number, and the like of the user.
204. The first node receives second response data sent by the third node for the acquisition request, wherein the second response data comprises encrypted target data generated by a TEE of the third node.
Specifically, after the third node receives the data acquisition request of the first node, the third node may acquire the target data from a local storage space (such as a cache space or a hard disk space) or a distributed storage space according to identification information of the target data, and the third node transmits the target data into the TEE, the TEE encrypts the target data, for example, a public key of the TEE of the first node is used for encrypting the target data to obtain encrypted target data, the first node receives second response data sent by the third node, and the second response data includes the encrypted target data.
In some possible embodiments, the third node may query the hash value of the target data from the second service sub-chain according to the identification information of the target data, and obtain the target data from the local storage space or the distributed storage space by using the hash value of the target data.
In this embodiment of the present application, a first node of a first service sub-chain may send an access request of target data to a second node of a second service sub-chain, where the target data is data recorded in the second service sub-chain, the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node on the target data, that is, the first service sub-chain records an access requirement on the target data first, so as to reserve an application record of data access in the block chain, and the first service sub-chain and the second service sub-chain are any two service sub-chains; the first node receives first response data sent by a second node aiming at an access request, wherein the first response data comprises authorized access information of target data and identification information of a TEE of a third node, and the authorized access information is generated by the second node after verification information of a first block passes; after determining that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, the first node sends an acquisition request of the target data to the third node according to the identification information of the TEE of the third node, and receives second response data sent by the third node for the acquisition request, wherein the second response data includes encrypted target data generated by the TEE of the third node, so that efficient data sharing among a plurality of sub-chains in a tree-shaped block chain structure can be realized, and safety privacy communication during cross-chain data interaction can be ensured by combining with the TEE, thereby improving the operation efficiency and safety of the block chain network.
Referring to fig. 3, a flowchart of another data processing method based on a blockchain network provided by the data processing system shown in fig. 1a according to an embodiment of the present application includes the following steps:
301. a first node of a first service sub-chain sends a TEE registration request to a second node of a second service sub-chain, wherein the TEE registration request carries identification information of a TEE of the first node.
Specifically, the first node may register its own TEE with the second service sub-chain, for example, the first node may send a TEE registration request to the second node of the second service sub-chain, where the TEE registration request carries identification information of the TEE of the first node.
In some possible embodiments, the first node may register its TEE in the first service sub-chain before registering its TEE in the second service sub-chain, which may specifically include: the first node obtains registration information of a TEE of the first node, such as a TEE address, a TEE public key and the like; the first node generates a second block according to the registration information of the TEE of the first node; after the first node passes the second block consensus verification with other nodes of the first service sub-chain, the second block is added into the first service sub-chain, so that the TEE of the first node is registered into the first service sub-chain, and whether the second service sub-chain completes registration in the first service sub-chain or not can be verified from the first service sub-chain when registering the TEE of the first node.
302. The first node receives a registration success notification message sent by the second node after the identification information of the TEE of the first node is verified by using a second block of the first service sub-chain, wherein the second block stores registration information of the TEE of the first node.
Specifically, the first node receives a registration success notification message sent by the second node after the second node verifies the identification information of the TEE of the first node by using the second block of the first service sub-chain, where the second block stores the registration information of the TEE of the first node.
303. And the first node sends an access request of target data to the second node, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
304. The first node receives first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of the target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of the first block passes.
305. And after the first node determines that the first response data comprises the authorized access information of the target data, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node.
306. The first node receives second response data sent by the third node for the acquisition request, wherein the second response data comprises signature information of a TEE of the third node and encrypted target data generated by the TEE of the third node.
The specific implementation of steps 302 to 306 may be referred to the related descriptions of steps 201 to 204 in the foregoing embodiments, and will not be repeated here.
Specifically, the second response data may include signature information of the TEE of the third node, such as a private key signature, in addition to the encrypted target data generated by the TEE of the third node.
307. And the first node calls the TEE of the first node to verify the signature information of the TEE of the third node.
Specifically, the first node may call the TEE of the first node to obtain a third block from the second service subchain, where the third block stores registration information of the TEE of the third node, obtain a public key of the TEE of the third node from the registration information of the TEE of the third node stored in the third block, and call the TEE of the first node to verify signature information of the TEE of the third node by using the public key of the TEE of the third node.
308. And if the verification is passed, the first node calls the TEE of the first node to decrypt the encrypted target data to obtain the target data, and performs corresponding service processing on the target data to obtain a data processing result.
309. And the first node writes the data processing result, the signature information of the TEE of the first node and the signature information of the TEE of the third node into the first service sub-chain.
Specifically, after the signature information of the TEE of the third node is verified by the first node, the encrypted target data may be decrypted in the TEE of the first node, for example, the TEE of the first node may decrypt the encrypted target data by using a TEE private key to obtain the target data, and may further perform corresponding service processing on the target data in the TEE to obtain a data processing result.
In this embodiment of the present application, a first node of a first service sub-chain may apply for registration of a TEE of the first node to a second node of a second service sub-chain, when receiving a registration success notification message sent by the second node after verification of identification information of the TEE of the first node by using a second block of the first service sub-chain passes, the first node may send an access request of target data to the second node of the second service sub-chain, where the target data is data recorded in the second service sub-chain, the access request carries verification information of the first block of the first service sub-chain, the first block stores a pre-access record of the first node to the target data, that is, the first service sub-chain records an access requirement to the target data first to reserve an application record of data access in the block chain, and the first service sub-chain and the second service sub-chain are any two service sub-chains; the first node receives first response data sent by a second node aiming at an access request, wherein the first response data comprises authorized access information of target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of a first block is verified; after determining that the first response data comprises the authorized access information of the target data, namely, the second node authorizes the first node to access the target data, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node, and receiving second response data sent by the third node for the acquisition request, wherein the second response data comprises the signature information of the TEE of the third node and encrypted target data generated by the TEE of the third node, so that efficient data sharing among a plurality of sub-chains in a tree-shaped block chain structure can be realized, and safety privacy communication during cross-chain data interaction can be ensured by combining with the TEE, thereby improving the operation efficiency and safety of a block chain network; in addition, the first node may invoke the TEE to verify the signature information of the TEE of the third node, if the verification is passed, the encrypted target data is decrypted in the TEE to obtain the target data, and the corresponding service processing is performed on the target data in the TEE to obtain a data processing result, and the data processing result, the signature information of the TEE of the first node and the signature information of the TEE of the third node may be written into the first service sub-chain.
Referring to fig. 4, a flowchart of another data processing method based on a blockchain network provided by the data processing system shown in fig. 1a according to an embodiment of the present application includes the following steps:
401. the second node of the second service sub-chain receives an access request of target data sent by the first node of the first service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
The first service sub-chain and the second service sub-chain are any two of K service sub-chains included in a block chain network, and K is an integer greater than or equal to 2.
In some possible embodiments, the second node may receive a TEE registration request sent by the first node, where the TEE registration request carries identification information of a TEE of the first node; the second node responds to the TEE registration request, calls a data sharing contract to acquire block data of a second block from the first service sub-chain, the second block stores registration information of the TEE of the first node, and calls the data sharing contract to determine whether the block data of the second block is matched with the identification information of the TEE of the first node, for example, whether the identification information of the TEE of the first node included in the block data of the second block is consistent with the identification information of the TEE of the first node carried by the TEE registration request, or whether the hash value of the identification information of the TEE of the first node included in the block data of the second block is corresponding to the identification information of the TEE of the first node carried by the TEE registration request; if the first node and the second node are matched, a fifth block is generated according to the identification information of the TEE of the first node, the fifth block is added into the second service sub-chain, a registration success notification message is sent to the first node, and only after the TEE of the first node is registered successfully in both the first service sub-chain and the second service sub-chain, the second node can carry out audit verification on the authority of the first node to apply for accessing the target data.
402. And the second node responds to the access request to verify the verification information of the first block.
The verification information of the first chunk may include a hash value of the first chunk, a chunk height, a merkle root, and the like.
Specifically, the second node may verify the access right of the first node, for example, the second node may invoke a data cross-link access application contract to obtain the block data of the first block from the first service sub-chain in response to the access request, verify the verification information of the first block by using the block data of the first block, and determine that the verification passes when the block data of the first block is matched with the verification information of the first block.
403. And if the verification is passed, the second node generates authorized access information of the target data and determines a third node.
404. The second node sends first response data to the first node, wherein the first response data comprises authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending an acquisition request of the target data to the third node by the first node so as to acquire encrypted target data generated by the TEE of the third node.
Specifically, if the verification is passed, the second node generates authorized access information of the first node to the target data, namely, the first node is allowed to access the target data, and a third node which performs data interaction with the first node can be determined, wherein the third node runs a Trusted Execution Environment (TEE); then, the second node transmits first response data carrying authorized access information of the target data and identification information of a TEE of the third node to the first node, so that the first node performs TEE communication with the third node, and the third node encrypts the target data in the TEE and transmits the encrypted target data to the first node.
In some possible embodiments, the second node generates a fourth block according to the authorized access information of the target data and the identification information of the TEE of the third node; and the second node adds the fourth block into the second service sub-chain after the second node passes the common identification verification of the fourth block with other nodes of the second service sub-chain, so that the related information of authorizing the first node to access the target data is recorded in the second service sub-chain.
In the embodiment of the application, the second node of the second service sub-chain receives an access request of target data sent by the first node of the first service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data; and if the verification is passed, generating authorized access information of the target data, determining a third node, and transmitting first response data to the first node, wherein the first response data comprises the authorized access information of the target data and the identification information of the TEE of the third node, and the first node can send an acquisition request of the target data to the third node according to the identification information of the TEE of the third node after determining the authorized access information so as to acquire the encrypted target data generated by the TEE of the third node, so that efficient data sharing among a plurality of sub-links in a tree-shaped block chain structure can be realized, and safety privacy communication during cross-link data interaction can be ensured by combining with the TEE, thereby improving the operation efficiency and safety of the block chain network.
In some possible implementations, as shown in fig. 5, a cross-link communication process provided for the embodiments of the present application mainly includes performing TEE-based cross-link secure data sharing between sub-links on the basis of a tree-structured chain. Specifically, the method comprises the following steps:
(1) The B-chain (e.g., the first traffic sub-chain described above) registers a TEE address with the data sharing contract in the C-chain (e.g., the second traffic sub-chain described above), indicating that cross-chain shared data is to be received with this TEE device (e.g., the first node described above). The TEE registration is also a cross-chain operation, and the C-chain needs to verify that the TEE is also successfully registered in the B-chain before the C6 (e.g., the fifth block) goes out of the block, that is, verify the B5 block (e.g., the second block) in the B-chain, so as to ensure that both parties have trusted on-chain records.
(2) The B chain is firstly written in a new block B6 (such as the first block) and recorded on a chain of C pre-access data X (such as the target data), after the verification is finished, verification information of the B6 block is carried, data of the C chain is accessed to apply for contract in a cross-chain access mode, after the C chain is verified on the B6, the access request is granted and written in a transaction C7 (such as the fourth block) on the chain. And C, returning success information of the B-chain application and TEE equipment information of the C-chain application, and if the C-chain application is refused, returning refusal information, and terminating the cross-chain flow.
(3) After the B-chain receives the application success, the first node may initiate a request for acquiring data X from the TEE device of the C-chain (the third node), and after the C-chain TEE device receives the request, the C-chain TEE device verifies the validity of the C7 block through the C-chain contract, that is, verifies the validity of authority of the B-chain to access the data, then acquires the X-data, encrypts the X-data with the public key of the B-chain TEE device, obtains encrypted data X, and returns a TEE device signature attached with the C-chain to the B-chain data processing device (the first node).
(4) And B chain carries out security processing of the encrypted data X in the TEE, wherein the security processing comprises decryption and business processing, and after the processing is finished, the corresponding processing results, the TEE signature of the B chain and the TEE signature of the C chain are submitted to the B8 block together so as to confirm that the data is shared and calculated across the chains. Under the condition that the data X is not visible in the clear all the time, the validity of the uplink of the calculation result can be ensured by the link-crossing contract information of the original links of the B and C links and the signature of the TEE appointed by the two parties.
It can be seen that under the tree-shaped block chain structure scheme in the tax system, the application describes a trusted cross-chain information sharing scheme, and specifically designs the combination of cross-chain interaction and a TEE, so that the cross-chain process is more trusted, stored data on a chain can be reduced through the TEE, plaintext data is prevented from being stored, hash of the data is only stored, actual transmission of the data is completed inside the TEE, the plaintext is always invisible in the link, the validity of the whole cross-chain sharing and calculating process is guaranteed through signatures of the cross-chain contract and the TEE, and sensitive data and key data can be protected more safely and effectively.
Referring to fig. 6, a schematic structural diagram of a data processing apparatus according to an embodiment of the present application, where the data processing apparatus according to an embodiment of the present application may be applied to the first node, the apparatus includes:
the sending module 601 is configured to send an access request of the target data to a second node of the second service sub-chain, where the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node of the first service sub-chain to the target data.
The receiving module 602 is configured to receive first response data sent by the second node for the access request, where the first response data includes authorized access information of the target data and identification information of a trusted execution environment TEE of a third node, and the authorized access information is generated by the second node after verification of verification information of the first block passes.
The sending module 601 is further configured to send, after determining that the first response data includes authorized access information of the target data, an acquisition request of the target data to the third node according to identification information of a TEE of the third node.
The receiving module 602 is further configured to receive second response data sent by the third node for the acquisition request, where the second response data includes encrypted target data generated by a TEE of the third node.
Optionally, the second response data further includes signature information of the TEE of the third node, and the apparatus further includes a processing module 603, where the processing module 603 is configured to:
and invoking the TEE of the first node to verify the signature information of the TEE of the third node.
And if the verification is passed, invoking the TEE of the first node to decrypt the encrypted target data to obtain the target data, and performing corresponding business processing on the target data to obtain a data processing result.
And writing the data processing result, the signature information of the TEE of the first node and the signature information of the TEE of the third node into the first service sub-chain.
Optionally, the processing module 603 is further configured to:
a pre-access record of the target data by the first node is generated.
And generating a first block according to the pre-access record.
The first chunk is added to the first traffic subchain after the first chunk is authenticated in common with other nodes of the first traffic subchain.
Optionally, the sending module 601 is further configured to send a TEE registration request to the second node, where the TEE registration request carries identification information of a TEE of the first node.
The receiving module 602 is further configured to receive a registration success notification message sent by the second node after the second node verifies the identifier information of the TEE of the first node by using a second block of the first service sub-chain, where the second block stores registration information of the TEE of the first node.
Optionally, the processing module 603 is further configured to:
and acquiring registration information of the TEE of the first node.
And generating a second block according to the registration information of the TEE of the first node.
The second chunk is added to the first traffic subchain after the second chunk is authenticated in common with other nodes of the first traffic subchain.
Optionally, the processing module 603 is specifically configured to:
and calling the TEE of the first node to acquire a third block from the second service sub-chain, wherein the third block stores registration information of the TEE of the third node.
And calling the TEE of the first node to acquire the public key of the TEE of the third node from the registration information of the TEE of the third node stored in the third block.
And invoking the TEE of the first node to verify the signature information of the TEE of the third node by using the public key of the TEE of the third node.
Optionally, the K service sub-chains are generated based on a main chain of the blockchain network, and different service sub-chains in the K service sub-chains respectively use different blocks of the main chain as the creation blocks.
It should be noted that, the functions of each functional module of the data processing apparatus in the embodiments of the present application may be specifically implemented according to the method in the embodiments of the method, and the specific implementation process may refer to the related description of the embodiments of the method, which is not repeated herein.
Referring to fig. 7, a schematic structural diagram of another data processing apparatus according to an embodiment of the present application, where the data processing apparatus according to an embodiment of the present application may be applied to the second node described above, the apparatus includes:
the receiving module 701 is configured to receive an access request of target data sent by a first node of a first service sub-chain, where the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
And the processing module 702 is configured to verify the verification information of the first block in response to the access request.
The processing module 702 is further configured to generate authorized access information of the target data and determine a third node if the verification passes.
A sending module 703, configured to send first response data to the first node, where the first response data includes authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending, by the first node, an acquisition request of the target data to the third node, so as to acquire encrypted target data generated by the TEE of the third node.
Optionally, the processing module 702 is specifically configured to:
and responding to the access request, and calling a data cross-chain access application contract to acquire the block data of the first block from the first service sub-chain.
And invoking the data cross-chain access application contract to check the verification information of the first block by using the block data of the first block, and determining that the verification passes when the block data of the first block is matched with the verification information of the first block.
Optionally, the apparatus further includes a generating module 704, where the generating module 704 is configured to:
and generating a fourth block according to the authorized access information of the target data and the identification information of the TEE of the third node.
The fourth chunk is added to the second traffic subchain after the fourth chunk is authenticated in common with other nodes of the second traffic subchain.
It should be noted that, the functions of each functional module of the data processing apparatus in the embodiments of the present application may be specifically implemented according to the method in the embodiments of the method, and the specific implementation process may refer to the related description of the embodiments of the method, which is not repeated herein.
Referring to fig. 8, a schematic structural diagram of a computer device according to an embodiment of the present application includes a power supply module and other structures, and includes a processor 801, a storage device 802, and a network interface 803. Data may be interacted between the processor 801, the storage 802, and the network interface 803.
The storage device 802 may include volatile memory (RAM), such as random-access memory (RAM); the storage device 802 may also include a non-volatile memory (non-volatile memory), such as a flash memory (flash memory), a Solid State Drive (SSD), etc.; the storage device 802 may also include a combination of the types of memory described above.
The processor 801 may be a central processing unit (central processing unit, CPU). In one embodiment, the processor 801 may also be a graphics processor (Graphics Processing Unit, GPU). The processor 801 may also be a combination of a CPU and a GPU.
In one embodiment, the storage device 802 is configured to store program instructions, and the processor 801 may call the program instructions to perform the following operations:
the network interface 803 is invoked to send an access request of the target data to the second node of the second service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node of the first service sub-chain to the target data.
The call network interface 803 receives first response data sent by the second node for the access request, where the first response data includes authorized access information of the target data and identification information of a trusted execution environment TEE of a third node, where the authorized access information is generated by the second node after verification of verification information of the first block passes.
After determining that the first response data includes authorized access information of the target data, the network interface 803 is invoked to send an acquisition request of the target data to the third node according to the identification information of the TEE of the third node.
The call network interface 803 receives second response data sent by the third node for the acquisition request, where the second response data includes encrypted target data generated by a TEE of the third node.
Optionally, the second response data further includes signature information of the TEE of the third node, and the processor 801 is specifically configured to:
and invoking the TEE of the first node to verify the signature information of the TEE of the third node.
And if the verification is passed, invoking the TEE of the first node to decrypt the encrypted target data to obtain the target data, and performing corresponding business processing on the target data to obtain a data processing result.
And writing the data processing result, the signature information of the TEE of the first node and the signature information of the TEE of the third node into the first service sub-chain.
Optionally, the processor 801 is further configured to:
a pre-access record of the target data by the first node is generated.
And generating a first block according to the pre-access record.
The first chunk is added to the first traffic subchain after the first chunk is authenticated in common with other nodes of the first traffic subchain.
Optionally, the processor 801 is further configured to:
the network interface 803 is invoked to send a TEE registration request to the second node, where the TEE registration request carries the identification information of the TEE of the first node.
The call network interface 803 receives a registration success notification message sent by the second node after the second block of the first service sub-chain verifies that the identifier information of the TEE of the first node passes, where the second block stores registration information of the TEE of the first node.
Optionally, the processor 801 is further configured to:
and acquiring registration information of the TEE of the first node.
And generating a second block according to the registration information of the TEE of the first node.
The second chunk is added to the first traffic subchain after the second chunk is authenticated in common with other nodes of the first traffic subchain.
Optionally, the processor 801 is specifically configured to:
and calling the TEE of the first node to acquire a third block from the second service sub-chain, wherein the third block stores registration information of the TEE of the third node.
And calling the TEE of the first node to acquire the public key of the TEE of the third node from the registration information of the TEE of the third node stored in the third block.
And invoking the TEE of the first node to verify the signature information of the TEE of the third node by using the public key of the TEE of the third node.
Optionally, the K service sub-chains are generated based on a main chain of the blockchain network, and different service sub-chains in the K service sub-chains respectively use different blocks of the main chain as the creation blocks.
In specific implementation, the processor 801, the storage device 802 and the network interface 803 described in the embodiments of the present application may perform the implementation described in the related embodiments of the method provided in fig. 2 to 3 of the embodiments of the present application, and may also perform the implementation described in the related embodiments of the apparatus provided in fig. 6 of the embodiments of the present application, which are not described herein again.
In one embodiment, the storage device 802 is configured to store program instructions, and the processor 801 may call the program instructions to perform the following operations:
the call network interface 803 receives an access request of target data sent by a first node of a first service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data.
And responding to the access request to verify the verification information of the first block.
And if the verification is passed, generating authorized access information of the target data, and determining a third node.
The network interface 803 is invoked to send first response data to the first node, where the first response data includes authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for the first node to send an acquisition request of the target data to the third node, so as to acquire encrypted target data generated by the TEE of the third node.
Optionally, the processor 801 is specifically configured to:
and responding to the access request, and calling a data cross-chain access application contract to acquire the block data of the first block from the first service sub-chain.
And invoking the data cross-chain access application contract to check the verification information of the first block by using the block data of the first block, and determining that the verification passes when the block data of the first block is matched with the verification information of the first block.
Optionally, the processor 801 is further configured to:
and generating a fourth block according to the authorized access information of the target data and the identification information of the TEE of the third node.
The fourth chunk is added to the second traffic subchain after the fourth chunk is authenticated in common with other nodes of the second traffic subchain.
In specific implementation, the processor 801, the storage device 802 and the network interface 803 described in the embodiments of the present application may perform the implementation described in the related embodiments of the method provided in fig. 4 of the embodiments of the present application, and may also perform the implementation described in the related embodiments of the apparatus provided in fig. 7 of the embodiments of the present application, which are not described herein again.
It will be appreciated that in the specific embodiments of the present application, related data such as user information is referred to, and when the above embodiments of the present application are applied to specific products or technologies, user permissions or consents need to be obtained, and the collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments. The technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc., and may be a processor in the computer device in particular) to execute all or part of the steps of the above-described method of the embodiments of the present application. Wherein the aforementioned storage medium may comprise: a U-disk, a removable hard disk, a magnetic disk, an optical disk, a Read-Only Memory (abbreviated as ROM), a random access Memory (abbreviated as Random Access Memory, RAM), or the like.
The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (19)

1. A data processing method based on a blockchain network, wherein the blockchain network includes K service sub-chains, each of the K service sub-chains is used for recording transaction data of a corresponding service, and K is an integer greater than or equal to 2, the method comprising:
a first node of a first service sub-chain sends an access request of target data to a second node of a second service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node to the target data, and the first service sub-chain and the second service sub-chain are any two of the K service sub-chains;
The first node receives first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of the target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of the first block passes;
after the first node determines that the first response data comprises the authorized access information of the target data, sending an acquisition request of the target data to the third node according to the identification information of the TEE of the third node;
the first node receives second response data sent by the third node for the acquisition request, wherein the second response data comprises encrypted target data generated by a TEE of the third node.
2. The method of claim 1, wherein the second response data further includes signature information of a TEE of the third node, and wherein after the first node receives the second response data sent by the third node for the acquisition request, the method further comprises:
the first node calls a TEE of the first node to verify signature information of a TEE of the third node;
If the verification is passed, the first node calls the TEE of the first node to decrypt the encrypted target data to obtain the target data, and performs corresponding service processing on the target data to obtain a data processing result;
and the first node writes the data processing result, the signature information of the TEE of the first node and the signature information of the TEE of the third node into the first service sub-chain.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
the first node generates a pre-access record of the first node to the target data;
the first node generates a first block according to the pre-access record;
the first node adds the first block to the first service sub-chain after the first block is authenticated with other nodes of the first service sub-chain.
4. The method according to claim 1 or 2, wherein before the first node of the first traffic sub-chain sends an access request for the target data to the second node of the second traffic sub-chain, the method further comprises:
the first node sends a TEE registration request to the second node, wherein the TEE registration request carries the identification information of the TEE of the first node;
The first node receives a registration success notification message sent by the second node after the identification information of the TEE of the first node is verified by using a second block of the first service sub-chain, wherein the second block stores registration information of the TEE of the first node.
5. The method according to claim 4, wherein the method further comprises:
the first node acquires registration information of a TEE of the first node;
the first node generates a second block according to the registration information of the TEE of the first node;
the first node adds the second block to the first service sub-chain after passing the second block consensus verification with other nodes of the first service sub-chain.
6. The method of claim 2, wherein the first node invoking the TEE of the first node to verify the signature information of the TEE of the third node, comprising:
the first node calls a TEE of the first node to acquire a third block from the second service sub-chain, wherein the third block stores registration information of the TEE of the third node;
the first node calls a TEE of the first node to acquire a public key of the TEE of the third node from registration information of the TEE of the third node stored in the third block;
The first node calls the TEE of the first node to verify the signature information of the TEE of the third node by using the public key of the TEE of the third node.
7. The method of claim 1, wherein the K service subchains are generated based on a backbone of the blockchain network, and different ones of the K service subchains each have different blocks of the backbone as an innovation block.
8. A data processing method based on a blockchain network, wherein the blockchain network includes K service sub-chains, each of the K service sub-chains is used for recording transaction data of a corresponding service, and K is an integer greater than or equal to 2, the method comprising:
a second node of a second service sub-chain receives an access request of target data sent by a first node of a first service sub-chain, wherein the access request carries verification information of a first block of the first service sub-chain, the first block stores a pre-access record of the first node to the target data, and the first service sub-chain and the second service sub-chain are any two of the K service sub-chains;
The second node responds to the access request to verify the verification information of the first block;
if the verification is passed, the second node generates authorized access information of the target data and determines a third node;
the second node sends first response data to the first node, wherein the first response data comprises authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending an acquisition request of the target data to the third node by the first node so as to acquire encrypted target data generated by the TEE of the third node.
9. The method of claim 8, wherein the second node verifying the authentication information of the first block in response to the access request comprises:
the second node responds to the access request and calls a data cross-link access application contract to acquire block data of the first block from the first service sub-link;
the second node invokes the data cross-chain access application contract to verify the verification information of the first block by using the block data of the first block, and determines that the verification passes when the block data of the first block is matched with the verification information of the first block.
10. The method according to claim 8 or 9, wherein after the second node generates authorized access information for the target data and determines a third node, the method further comprises:
the second node generates a fourth block according to the authorized access information of the target data and the identification information of the TEE of the third node;
the second node adds the fourth block to the second service sub-chain after passing the fourth block consensus verification with other nodes of the second service sub-chain.
11. The method according to claim 8 or 9, wherein before the second node of the second service sub-chain receives the access request of the target data sent by the first node of the first service sub-chain, the method further comprises:
the second node receives a TEE registration request sent by the first node, wherein the TEE registration request carries the identification information of the TEE of the first node;
the second node responds to the TEE registration request, and invokes a data sharing contract to acquire block data of a second block from the first service sub-chain, wherein the second block stores registration information of the TEE of the first node;
The second node invokes the data sharing contract to determine whether the block data of the second block is matched with the identification information of the TEE of the first node;
if so, the second node generates a fifth block according to the identification information of the TEE of the first node, adds the fifth block into the second service sub-chain, and sends a registration success notification message to the first node.
12. A data processing apparatus, the apparatus comprising:
the system comprises a sending module, a target data access module and a target data access module, wherein the sending module is used for sending an access request of target data to a second node of a second service sub-chain, the access request carries verification information of a first block of a first service sub-chain, and the first block stores a pre-access record of the first node of the first service sub-chain to the target data;
the receiving module is used for receiving first response data sent by the second node for the access request, wherein the first response data comprises authorized access information of the target data and identification information of a Trusted Execution Environment (TEE) of a third node, and the authorized access information is generated by the second node after verification information of the first block passes;
The sending module is further configured to send, after determining that the first response data includes authorized access information of the target data, an acquisition request of the target data to the third node according to identification information of a TEE of the third node;
the receiving module is further configured to receive second response data sent by the third node for the acquisition request, where the second response data includes encrypted target data generated by a TEE of the third node.
13. A data processing apparatus, the apparatus comprising:
the device comprises a receiving module, a first service sub-chain and a second service sub-chain, wherein the receiving module is used for receiving an access request of target data sent by a first node of the first service sub-chain, the access request carries verification information of a first block of the first service sub-chain, and the first block stores a pre-access record of the first node to the target data;
the processing module is used for responding to the access request and checking the verification information of the first block;
the processing module is further configured to generate authorized access information of the target data and determine a third node if the verification passes;
the sending module is configured to send first response data to the first node, where the first response data includes authorized access information of the target data and identification information of a TEE of the third node, and the first response data is used for sending, by the first node, an acquisition request of the target data to the third node, so as to acquire encrypted target data generated by the TEE of the third node.
14. A computer device, characterized in that it comprises a processor, a network interface and a storage means, said processor, said network interface and said storage means being connected to each other, wherein said network interface is controlled by said processor for transceiving data, said storage means being arranged for storing a computer program comprising program instructions, said processor being arranged for invoking said program instructions for performing the blockchain network based data processing method according to any of claims 1-7.
15. A computer device, characterized in that it comprises a processor, a network interface and a storage means, said processor, said network interface and said storage means being connected to each other, wherein said network interface is controlled by said processor for transceiving data, said storage means being arranged for storing a computer program comprising program instructions, said processor being arranged for invoking said program instructions for performing the blockchain network based data processing method according to any of claims 8-11.
16. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions for execution by a processor for performing the blockchain network-based data processing method of any of claims 1-7.
17. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions for execution by a processor for performing the blockchain network-based data processing method of any of claims 8-11.
18. A computer program product comprising a computer program which, when executed by a computer processor, implements the blockchain network-based data processing method of any of claims 1 to 7.
19. A computer program product comprising a computer program which, when executed by a computer processor, implements the blockchain network-based data processing method of any of claims 8 to 11.
CN202111370887.XA 2021-11-18 2021-11-18 Data processing method and device based on blockchain network and related equipment Pending CN116137627A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111370887.XA CN116137627A (en) 2021-11-18 2021-11-18 Data processing method and device based on blockchain network and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111370887.XA CN116137627A (en) 2021-11-18 2021-11-18 Data processing method and device based on blockchain network and related equipment

Publications (1)

Publication Number Publication Date
CN116137627A true CN116137627A (en) 2023-05-19

Family

ID=86326803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111370887.XA Pending CN116137627A (en) 2021-11-18 2021-11-18 Data processing method and device based on blockchain network and related equipment

Country Status (1)

Country Link
CN (1) CN116137627A (en)

Similar Documents

Publication Publication Date Title
CN111090876B (en) Contract calling method and device
US11516011B2 (en) Blockchain data processing methods and apparatuses based on cloud computing
CN111090888B (en) Contract verification method and device
CN111461723B (en) Data processing system, method and device based on block chain
US8417964B2 (en) Software module management device and program
CN111090875A (en) Contract deployment method and device
CN110489996B (en) Database data security management method and system
CN111092726A (en) Method and device for generating shared contract key
US20230316273A1 (en) Data processing method and apparatus, computer device, and storage medium
CN110855791A (en) Block link point deployment method and related equipment
US11405198B2 (en) System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment
CN112669147B (en) Service request method and device based on block chain
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN112804354B (en) Method and device for data transmission across chains, computer equipment and storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN113010894B (en) Data processing method and device and computer readable storage medium
CN111160905B (en) Block chain link point user request processing protection method and device
WO2024011863A9 (en) Communication method and apparatus, sim card, electronic device, and terminal device
CN115409511B (en) Personal information protection system based on block chain
CN114679473B (en) Financial account management system and method based on distributed digital identity
WO2022227799A1 (en) Device registration method and apparatus, and computer device and storage medium
CN116137627A (en) Data processing method and device based on blockchain network and related equipment
CN106534047A (en) Information transmitting method and apparatus based on Trust application
CN111092734A (en) Product activation authentication method based on ad hoc network communication
CN114116855A (en) Data circulation system, method and device based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40086063

Country of ref document: HK