CN116915793A - Data streaming control method, system and storage medium based on digital certificates - Google Patents

Data streaming control method, system and storage medium based on digital certificates Download PDF

Info

Publication number
CN116915793A
CN116915793A CN202311168073.7A CN202311168073A CN116915793A CN 116915793 A CN116915793 A CN 116915793A CN 202311168073 A CN202311168073 A CN 202311168073A CN 116915793 A CN116915793 A CN 116915793A
Authority
CN
China
Prior art keywords
data
circulation
digital
digital certificate
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311168073.7A
Other languages
Chinese (zh)
Other versions
CN116915793B (en
Inventor
王小芳
陆蓓婷
蒋文创
王巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Value Chain Technology Shenzhen Co ltd
Harbin Engineering University Sanya Nanhai Innovation And Development Base
Harbin Engineering University
Original Assignee
Value Chain Technology Shenzhen Co ltd
Harbin Engineering University Sanya Nanhai Innovation And Development Base
Harbin Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Value Chain Technology Shenzhen Co ltd, Harbin Engineering University Sanya Nanhai Innovation And Development Base, Harbin Engineering University filed Critical Value Chain Technology Shenzhen Co ltd
Priority to CN202311168073.7A priority Critical patent/CN116915793B/en
Publication of CN116915793A publication Critical patent/CN116915793A/en
Application granted granted Critical
Publication of CN116915793B publication Critical patent/CN116915793B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a data flow control method, a system and a storage medium based on digital certificates, which are applied to a data flow control system of a block chain, wherein the block chain is respectively communicated with each service system; the control method comprises the following steps: responding to a data circulation request, acquiring circulation data, storing the circulation data in a corresponding block in a block chain, and generating corresponding circulation control information and a corresponding digital certificate; transmitting the encrypted digital certificate to a second node of the blockchain; after the second node successfully verifies the encrypted digital certificate, correspondingly processing the digital certificate according to the circulation control information to generate a new digital certificate; the invention improves the data information transmission and communication efficiency by controlling the data flow of the multiparty digital certificate. Meanwhile, in the process of data circulation, the data security, the authenticity and the integrity are ensured through the blockchain management of the digital certificates.

Description

Data streaming control method, system and storage medium based on digital certificates
Technical Field
The present invention relates to the field of data identification technologies, and in particular, to a data streaming control method, system and storage medium based on digital certificates.
Background
In the aspects that each business link of maritime trade is closely related to government matters, such as customs, quarantine inspection, industrial tax, intellectual property, environmental protection and the like, the multi-party business is usually managed separately and independently due to the fact that the business links of maritime trade business, logistics transportation business and the like are multiple and complex in operation. With the development of the digital age, data generated by trade business and government affairs have been gradually informationized and digitized. In the prior art, paper certificates on various businesses are converted into electronic certificates in the form of digital certificates, and various tangible and intangible rights certificates are provided without physical certificates.
However, in the prior art, in the informatization management of maritime trade and government affairs, firstly, when information transmission is carried out in the business of each link, the problems of safety and integrity are not considered, so that the problems of information leakage and damage occur due to the fact that a large amount of sensitive data or information is lost, distorted and damaged in the process of circulation of trade data and government affair data. And the multiparty information in trade business, logistics transportation business, government business and other businesses is independent and opaque, integrated management is not performed, and business information transmission and communication efficiency are low in the process of trade data circulation. Therefore, in the prior maritime trade and government information management, especially in the process of data stream transfer, the problems of safety and integrity of data and low data information transmission and communication efficiency are easy to occur.
Disclosure of Invention
The invention provides a data transfer control method, a system and a storage medium based on digital certificates, which realize the integrated management of business information of each link of maritime trade by controlling the data transfer of multiparty digital certificates and improve the data information transmission and communication efficiency. Meanwhile, in the process of data circulation, the data security, the authenticity and the integrity are ensured through the blockchain management of the digital certificates.
The invention provides a data stream transfer control method based on digital certificates, which is applied to a data stream transfer control system of a block chain, wherein the block chain is respectively communicated with each service system;
the control method comprises the following steps: responding to a data flow request initiated in a first service system, acquiring corresponding flow data in the first service system and storing the flow data in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
generating corresponding circulation control information in the first node according to the data circulation request, and generating corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
After the second node successfully verifies the encrypted first digital certificate, correspondingly processing the first digital certificate according to circulation control information to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
As a preferred scheme, the invention adopts a block chain technology, responds to the data transfer requests of each service system respectively, and uses digital certificates as data carriers to transfer and control the transfer data in the multiparty service system. The business information and the government information of each link of maritime trade can be integrated and informationized managed through the blockchain, and the data information transmission and communication efficiency of the multiparty business system is improved. In addition, the information of the blockchain is encrypted according to the identity information of the circulation object, so that the security and the integrity of circulation information are ensured, the traceability requirement of circulation data information is met, and the data authenticity is ensured.
Further, in response to a data stream request initiated in a first service system, obtaining corresponding stream data in the first service system to be stored in a corresponding first block in a block chain, specifically:
Judging whether a data flow request initiated in a first service system accords with a preset acceptance condition or not; if yes, obtaining corresponding circulation data in the first service system, uploading the circulation data to a first node of a block chain, and controlling the first node to distribute the circulation data to a corresponding first block; the first node is used for managing and distributing the circulation data uploaded by each service system.
As a preferred scheme, the invention adopts a blockchain technology, aiming at the data to be circulated to be stored in the block of the first node, the multiparty business system can send the data to be circulated to the first node for storage and circulation control, and the authenticity and the security of the digital asset circulating in the network space in the form of digital certificates are greatly improved based on the blockchain technology.
Further, generating corresponding circulation control information in the first node according to the data circulation request, and generating corresponding first digital certificates according to circulation data, wherein the first digital certificates specifically comprise:
determining the circulation demand of the current circulation request according to the data circulation request, and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process;
And generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate.
As a preferred scheme, the invention considers the type and the range of data processing needed to be carried out on the circulation data when producing the digital certificate, so that the circulation data can be correspondingly processed and circulation controlled when the circulation demand is communicated between nodes in the process of data circulation, and the data information transmission and communication efficiency of the multiparty service system is improved.
Further, the first digital certificate is encrypted according to the circulation object, specifically:
performing hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
Further, the second node verifies the encrypted first digital certificate, specifically:
Controlling a second node to acquire the corresponding operation authority parameters and attribute parameters of a second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; and comparing the first digital digest, the second digital digest and the third digital digest, and if the first digital digest, the second digital digest and the third digital digest are the same, verifying successfully.
As a preferable scheme, after the digital certificate is produced, encryption processing is carried out according to the identity information of the circulation object, so that only the circulation object with the identity information can verify and receive the digital certificate, and the security and the integrity of circulation information are ensured.
Further, the first digital certificate is correspondingly processed according to the circulation control information to generate a second digital certificate, which is specifically:
according to the data processing type information of the circulation control information, performing corresponding data processing operation on the circulation content in the circulation range to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
The invention considers the type and the range of data processing needed to be carried out on the circulation data, carries out corresponding data processing on the circulation data after the second node carries out encryption verification on the first digital certificate, updates the digital asset information, generates a new second digital certificate and improves the data information transmission and communication efficiency of the multiparty service system. And meanwhile, the information in the new second digital certificate is encrypted and then sent to the corresponding service system, and the information is decrypted by the appointed circulation object, so that the security and the integrity of circulation information are ensured.
Correspondingly, the invention also provides a data stream transfer control system based on the digital certificate, which is applied to the block chain, wherein the block chain is respectively communicated with each service system;
the system comprises: the device comprises a data storage module, a data control module and a data transmission module;
the data storage module is used for responding to a data flow request initiated in a first service system, acquiring corresponding flow data in the first service system and storing the flow data in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
The data control module is used for generating corresponding circulation control information in the first node according to the data circulation request and generating corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
the data sending module is used for carrying out corresponding processing on the first digital certificate according to the circulation control information after the second node successfully verifies the encrypted first digital certificate, so as to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
Further, the data control module comprises a production unit and an encryption unit;
the production unit is used for determining the circulation requirement of the current circulation request according to the data circulation request and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process; generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate;
The encryption unit is used for carrying out hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
Further, the data transmission module comprises a verification unit and a processing unit;
the verification unit is used for controlling the second node to acquire the corresponding operation authority parameters and attribute parameters of the second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; comparing the first digital abstract, the second digital abstract and the third digital abstract, and if the first digital abstract, the second digital abstract and the third digital abstract are the same, verifying successfully;
the processing unit is used for carrying out corresponding data processing operation on the streaming content in the streaming range according to the data processing type information of the streaming control information to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
As a preferred scheme, the device adopts a block chain technology, the data storage module respectively responds to the data circulation requests of all service systems, and the data control module and the data sending module use digital certificates as data carriers to circulate and control circulation data in the multiparty service systems. The business information of each link of maritime trade can be integrated and informationized managed through the block chain, and the data information transmission and communication efficiency of the multiparty business system is improved. In addition, the information of the blockchain is encrypted according to the identity information of the circulation object, so that the security and the integrity of circulation information are ensured, the traceability requirement of circulation data information is met, and the data authenticity is ensured.
Accordingly, the present invention also provides a computer-readable storage medium including a stored computer program; wherein, the computer program controls the equipment of the computer readable storage medium to execute a data stream control method based on digital certificates when in operation.
Drawings
FIG. 1 is a flow chart of one embodiment of a digital credential based data transfer control method provided by the present invention;
Fig. 2 is a schematic structural diagram of an embodiment of a data flow control device based on digital certificates.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, a data stream control method based on digital certificates is provided in an embodiment of the present invention, and is applied to a data stream control system of a blockchain, which communicates with each service system respectively,
the control method comprises the steps of S101-S103:
step S101: responding to a data flow request initiated in a first service system, acquiring corresponding flow data in the first service system and storing the flow data in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
Further, in response to a data stream request initiated in a first service system, obtaining corresponding stream data in the first service system to be stored in a corresponding first block in a block chain, specifically:
judging whether a data flow request initiated in a first service system accords with a preset acceptance condition or not; if yes, obtaining corresponding circulation data in the first service system, uploading the circulation data to a first node of a block chain, and controlling the first node to distribute the circulation data to a corresponding first block; the first node is used for managing and distributing the circulation data uploaded by each service system.
In this embodiment, whether a data flow request initiated in a first service system meets a preset acceptance condition is determined; if not, the data circulation request is refused, and the corresponding circulation data in the first service system is not processed.
In this embodiment, the preset acceptance condition is set according to the target allowed to perform the data stream by the first service system and the index such as the stream range.
In this embodiment, each business system specifically includes a maritime trade system, a government system, other systems, and the like. As an example, when service information generated in each link of maritime trade needs to be streamed to a corresponding government system, a maritime trade system corresponding to the service information needing to be streamed is used as a first service system, a data stream request is initiated to a blockchain, the blockchain responds to the data stream request initiated in the first service system, corresponding stream data in the first service system is acquired and stored in a corresponding first block in the blockchain, and after the blockchain performs a series of processing on the stream data, digital certificates generated according to the stream data are sent to the corresponding government system.
In this embodiment, the data transfer from the maritime trade system to the government system is not limited, and the data transfer from any one of the business systems to the other system may be performed. In addition, the blockchain can process the data flow requirement of the multi-party service system at the same time, so long as the multi-party service system transmits the data to be circulated to the first node for storage and circulation control, and after the blockchain processes the data to be circulated, the digital asset is caused to flow in the network space in the form of a digital certificate to be turned to different service systems, so that the authenticity, the safety and the processing efficiency of the data circulation are improved.
Step S102: generating corresponding circulation control information in the first node according to the data circulation request, and generating corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
further, generating corresponding circulation control information in the first node according to the data circulation request, and generating corresponding first digital certificates according to circulation data, wherein the first digital certificates specifically comprise:
Determining the circulation demand of the current circulation request according to the data circulation request, and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process;
and generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate.
In this embodiment, as one embodiment, the first service system may directly transfer the data stream to the corresponding service system, that is, the data processing type is selected to be not processed, so as to generate corresponding stream control information; and storing the first digital asset information and the transfer control information of the transfer data as a first digital voucher in a first block.
As another embodiment, the first service system may perform some data processing on the data and then flow to the corresponding service system, for example, data calculation needs to be performed on part of the data (data a and data B), and addition processing needs to be performed on the data a and the data B; selecting addition processing in data calculation by the data processing type, designating an object processed by the processing type, and generating corresponding circulation control information; and storing the first digital asset information and the transfer control information of the transfer data as a first digital voucher in a first block.
As a preferred scheme, the invention considers the type and the range of data processing needed to be carried out on the circulation data when producing the digital certificate, so that the circulation data can be correspondingly processed and circulation controlled when the circulation demand is communicated between nodes in the process of data circulation, and the data information transmission and communication efficiency of the multiparty service system is improved.
Further, the first digital certificate is encrypted according to the circulation object, specifically:
performing hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
Further, the second node verifies the encrypted first digital certificate, specifically:
controlling a second node to acquire the corresponding operation authority parameters and attribute parameters of a second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; and comparing the first digital digest, the second digital digest and the third digital digest, and if the first digital digest, the second digital digest and the third digital digest are the same, verifying successfully.
As a preferable scheme, after the digital certificate is produced, encryption processing is carried out according to the identity information of the circulation object, so that only the circulation object with the identity information can verify and receive the digital certificate, and the security and the integrity of circulation information are ensured.
Step S103: after the second node successfully verifies the encrypted first digital certificate, correspondingly processing the first digital certificate according to circulation control information to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
Further, the first digital certificate is correspondingly processed according to the circulation control information to generate a second digital certificate, which is specifically:
according to the data processing type information of the circulation control information, performing corresponding data processing operation on the circulation content in the circulation range to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
In the present embodiment, the encryption processing performed on the first digital certificate is set for the second node, and the second node performs authentication. After the second node receives the digital certificate, the first digital certificate after encryption processing needs to be verified first. After the verification is successful, the second node can successfully receive the first digital asset information before the data processing in the first digital certificate, and perform corresponding data processing operation on the streaming content according to the data processing type and the object which designates the processing type to process, namely the streaming control information, and illustratively, perform addition processing on the data A and the data B to obtain the data C after the processing. After data processing, the digital asset information is redetermined, namely, the second digital asset information after data processing operation is carried out, and the processing information generated after data processing is encrypted to generate an information ciphertext; and generating a second digital certificate according to the second digital asset information and the information ciphertext.
In this embodiment, the encryption in the second digital certificate is set for the third node, and the third node obtains the identity information of the service system that needs to be sent, and verifies the second digital certificate. After verification is successful, the third node can successfully receive the processing information generated after the data in the second digital certificate is processed and the second digital asset information, and sends the processing information and the second digital asset information to the corresponding service system.
The invention considers the type and the range of data processing needed to be carried out on the circulation data, carries out corresponding data processing on the circulation data after the second node carries out encryption verification on the first digital certificate, updates the digital asset information, generates a new second digital certificate and improves the data information transmission and communication efficiency of the multiparty service system. And meanwhile, the information in the new second digital certificate is encrypted and then sent to the corresponding service system, and the information is decrypted by the appointed circulation object, so that the security and the integrity of circulation information are ensured.
The implementation of the embodiment of the invention has the following effects:
the invention adopts the block chain technology, responds to the data transfer request of each service system respectively, and uses the digital certificate as a data carrier to transfer and control the transfer data in the multiparty service system. The business information and the government information of each link of maritime trade can be integrated and informationized managed through the blockchain, and the data information transmission and communication efficiency of the multiparty business system is improved. In addition, the information of the blockchain is encrypted according to the identity information of the circulation object, so that the security and the integrity of circulation information are ensured, the traceability requirement of circulation data information is met, and the data authenticity is ensured.
Example two
Referring to fig. 2, a data stream control system based on digital certificates is provided in an embodiment of the present invention, and is applied to a blockchain, where the blockchain communicates with each service system respectively;
the system comprises: a data storage module 201, a data control module 202 and a data transmission module 203;
the data storage module 201 is configured to obtain, in response to a data stream request initiated in a first service system, that corresponding stream data in the first service system is stored in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
the data control module 202 is configured to generate corresponding circulation control information according to the data circulation request in the first node, and generate corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
The data sending module 203 is configured to perform corresponding processing on the first digital certificate according to the circulation control information after the second node successfully verifies the encrypted first digital certificate, so as to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
The data storage module 201 includes a storage unit;
the storage unit is used for judging whether a data flow request initiated in the first service system accords with a preset acceptance condition or not; if yes, obtaining corresponding circulation data in the first service system, uploading the circulation data to a first node of a block chain, and controlling the first node to distribute the circulation data to a corresponding first block; the first node is used for managing and distributing the circulation data uploaded by each service system.
The data control module 202 includes a production unit and an encryption unit;
the production unit is used for determining the circulation requirement of the current circulation request according to the data circulation request and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process; generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate;
The encryption unit is used for carrying out hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
The data transmission module 203 includes an authentication unit and a processing unit;
the verification unit is used for controlling the second node to acquire the corresponding operation authority parameters and attribute parameters of the second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; comparing the first digital abstract, the second digital abstract and the third digital abstract, and if the first digital abstract, the second digital abstract and the third digital abstract are the same, verifying successfully;
the processing unit is used for carrying out corresponding data processing operation on the streaming content in the streaming range according to the data processing type information of the streaming control information to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
The data flow control device based on the digital certificate can implement the data flow control method based on the digital certificate of the method embodiment. The options in the method embodiments described above are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present application may refer to the content of the above method embodiments, and in this embodiment, no further description is given.
The implementation of the embodiment of the application has the following effects:
the device adopts the block chain technology, the data storage module respectively responds to the data circulation request of each service system, and the data control module and the data sending module use the digital certificate as a data carrier to carry out circulation control on circulation data in the multiparty service system. The business information of each link of maritime trade can be integrated and informationized managed through the block chain, and the data information transmission and communication efficiency of the multiparty business system is improved. In addition, the information of the blockchain is encrypted according to the identity information of the circulation object, so that the security and the integrity of circulation information are ensured, the traceability requirement of circulation data information is met, and the data authenticity is ensured.
Example III
Correspondingly, the application further provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program controls equipment where the computer readable storage medium is located to execute the data stream transfer control method based on the digital certificate according to any embodiment.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The terminal equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The terminal device may include, but is not limited to, a processor, a memory.
The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the terminal device, and which connects various parts of the entire terminal device using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the terminal device by running or executing the computer program and/or the module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile terminal, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the terminal device integrated modules/units may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as stand alone products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.

Claims (10)

1. The data flow control method based on the digital certificate is characterized by being applied to a data flow control system of a block chain, wherein the block chain is respectively communicated with each service system;
the control method comprises the following steps:
responding to a data flow request initiated in a first service system, acquiring corresponding flow data in the first service system and storing the flow data in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
generating corresponding circulation control information in the first node according to the data circulation request, and generating corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
After the second node successfully verifies the encrypted first digital certificate, correspondingly processing the first digital certificate according to circulation control information to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
2. The method for controlling data transfer based on digital certificates as claimed in claim 1, wherein said obtaining, in response to a data transfer request initiated in a first service system, corresponding transfer data in the first service system to be stored in a corresponding first block in a block chain specifically includes:
judging whether a data flow request initiated in a first service system accords with a preset acceptance condition or not; if yes, obtaining corresponding circulation data in the first service system, uploading the circulation data to a first node of a block chain, and controlling the first node to distribute the circulation data to a corresponding first block; the first node is used for managing and distributing the circulation data uploaded by each service system.
3. The method for controlling data transfer based on digital certificates according to claim 1, wherein the generating corresponding transfer control information according to the data transfer request in the first node, generating corresponding first digital certificates according to transfer data, specifically comprises:
Determining the circulation demand of the current circulation request according to the data circulation request, and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process;
and generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate.
4. The method for controlling data transfer based on digital certificates according to claim 3, wherein the encrypting the first digital certificate according to the transfer object comprises:
performing hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
5. The data stream transmission control method based on the digital certificate as set forth in claim 4, wherein the second node verifies the encrypted first digital certificate, specifically:
Controlling a second node to acquire the corresponding operation authority parameters and attribute parameters of a second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; and comparing the first digital digest, the second digital digest and the third digital digest, and if the first digital digest, the second digital digest and the third digital digest are the same, verifying successfully.
6. The method for controlling data transfer based on digital certificates according to claim 5, wherein the corresponding processing is performed on the first digital certificate according to the transfer control information to generate a second digital certificate, specifically:
according to the data processing type information of the circulation control information, performing corresponding data processing operation on the circulation content in the circulation range to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
7. A data stream transfer control system based on digital certificates, which is characterized by being applied to a blockchain, wherein the blockchain is respectively communicated with each service system;
the system comprises: the device comprises a data storage module, a data control module and a data transmission module;
the data storage module is used for responding to a data flow request initiated in a first service system, acquiring corresponding flow data in the first service system and storing the flow data in a corresponding first block in a block chain; the circulation data comprises a data circulation request, circulation contents and circulation objects; the first block is managed by a first node of a blockchain;
the data control module is used for generating corresponding circulation control information in the first node according to the data circulation request and generating corresponding first digital certificates according to circulation data; encrypting the first digital certificate according to the circulation object, and sending the encrypted first digital certificate to a second node of a blockchain so that the second node verifies the encrypted first digital certificate;
the data sending module is used for carrying out corresponding processing on the first digital certificate according to the circulation control information after the second node successfully verifies the encrypted first digital certificate, so as to generate a second digital certificate; and sending the second digital certificate to a third node so that the third node sends the second digital certificate to a corresponding service system.
8. A digital credential based data transfer control system in accordance with claim 7, wherein the data control module comprises a production unit and an encryption unit;
the production unit is used for determining the circulation requirement of the current circulation request according to the data circulation request and generating corresponding circulation control information; the circulation requirement comprises a data processing type and a circulation range; the data processing type comprises at least one of data extraction, data conversion, data calculation and no-process; generating first digital asset information and circulation control information of the circulation data before data processing according to circulation content and the circulation control information, and storing the first digital asset information and the circulation control information in a first block as a first digital certificate;
the encryption unit is used for carrying out hash calculation on a first block where the first digital certificate is located, and generating a first digital digest of the first digital certificate; carrying out private key encryption on the digital abstract according to the identity information of the circulation object to generate a digital signature of the first digital certificate; and packaging the first digital certificate and the digital signature thereof to finish encryption processing of the first digital certificate.
9. The digital credential based data transfer control system of claim 7, wherein the data transmission module includes a verification unit and a processing unit;
the verification unit is used for controlling the second node to acquire the corresponding operation authority parameters and attribute parameters of the second service system, and verifying and signing the encrypted first digital certificate to acquire a second digital abstract; verifying and signing the first digital certificate digital signature to obtain a third digital abstract; comparing the first digital abstract, the second digital abstract and the third digital abstract, and if the first digital abstract, the second digital abstract and the third digital abstract are the same, verifying successfully;
the processing unit is used for carrying out corresponding data processing operation on the streaming content in the streaming range according to the data processing type information of the streaming control information to generate at least one piece of processing information; determining second digital asset information of each piece of processing information after the data processing operation according to first digital asset information of the circulation data before the data processing and the data processing operation corresponding to the processing information; encrypting the processing information according to the attribute of the processing information and a preset access parameter to generate an information ciphertext; generating a second digital certificate according to the second digital asset information and the information ciphertext; the access parameters are calculated according to the identity information of the circulation object; each piece of processing information generates a second digital certificate.
10. A computer readable storage medium, wherein the computer readable storage medium comprises a stored computer program; wherein the computer program, when run, controls a device on which the computer readable storage medium resides to perform a digital credential based data streaming control method as claimed in any one of claims 1 to 6.
CN202311168073.7A 2023-09-12 2023-09-12 Data streaming control method, system and storage medium based on digital certificates Active CN116915793B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311168073.7A CN116915793B (en) 2023-09-12 2023-09-12 Data streaming control method, system and storage medium based on digital certificates

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311168073.7A CN116915793B (en) 2023-09-12 2023-09-12 Data streaming control method, system and storage medium based on digital certificates

Publications (2)

Publication Number Publication Date
CN116915793A true CN116915793A (en) 2023-10-20
CN116915793B CN116915793B (en) 2024-03-08

Family

ID=88360586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311168073.7A Active CN116915793B (en) 2023-09-12 2023-09-12 Data streaming control method, system and storage medium based on digital certificates

Country Status (1)

Country Link
CN (1) CN116915793B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110288480A (en) * 2019-06-28 2019-09-27 深圳前海微众银行股份有限公司 A kind of Private transaction method and device of block chain
CN113076527A (en) * 2021-04-19 2021-07-06 支付宝(杭州)信息技术有限公司 Block chain-based digital asset processing method and device
CN114626102A (en) * 2022-03-21 2022-06-14 深圳壹账通智能科技有限公司 Block chain-based electronic certificate transfer method, device, equipment and storage medium
CN115619396A (en) * 2021-07-16 2023-01-17 中移物联网有限公司 Data certificate processing method and device, block link node and storage medium
CN115983854A (en) * 2022-12-27 2023-04-18 英大汇通商业保理有限公司 Digital certificate multistage circulation method based on electric charge account receivable
CN116032613A (en) * 2022-12-29 2023-04-28 中国工商银行股份有限公司 Block chain digital certificate exchange method, file storage access method and system
CN116074061A (en) * 2022-12-27 2023-05-05 中车工业研究院有限公司 Data processing method and device for rail transit, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110288480A (en) * 2019-06-28 2019-09-27 深圳前海微众银行股份有限公司 A kind of Private transaction method and device of block chain
CN113076527A (en) * 2021-04-19 2021-07-06 支付宝(杭州)信息技术有限公司 Block chain-based digital asset processing method and device
CN115619396A (en) * 2021-07-16 2023-01-17 中移物联网有限公司 Data certificate processing method and device, block link node and storage medium
CN114626102A (en) * 2022-03-21 2022-06-14 深圳壹账通智能科技有限公司 Block chain-based electronic certificate transfer method, device, equipment and storage medium
CN115983854A (en) * 2022-12-27 2023-04-18 英大汇通商业保理有限公司 Digital certificate multistage circulation method based on electric charge account receivable
CN116074061A (en) * 2022-12-27 2023-05-05 中车工业研究院有限公司 Data processing method and device for rail transit, electronic equipment and storage medium
CN116032613A (en) * 2022-12-29 2023-04-28 中国工商银行股份有限公司 Block chain digital certificate exchange method, file storage access method and system

Also Published As

Publication number Publication date
CN116915793B (en) 2024-03-08

Similar Documents

Publication Publication Date Title
US11115418B2 (en) Registration and authorization method device and system
CN108197891B (en) Electronic signing device and method based on block chain
US20190163912A1 (en) System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service
KR20200097744A (en) Systems and methods for protecting data transmission between non-IP endpoint devices and connected services connected to gateway devices
CN111563261A (en) Privacy protection multi-party computing method and system based on trusted execution environment
CN112215608A (en) Data processing method and device
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
US20210126769A1 (en) Integration of blockchain-enabled readers with blockchain network using machine-to-machine communication protocol
US20190205539A1 (en) Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector
CN105262773A (en) A verification method and apparatus for an IOT system
CN111340483A (en) Data management method based on block chain and related equipment
CN115203749A (en) Data transaction method and system based on block chain
CN108846671B (en) Online secure transaction method and system based on block chain
CN112235290B (en) Block chain-based Internet of things equipment management method and first Internet of things equipment
CN113328854A (en) Service processing method and system based on block chain
CN116915793B (en) Data streaming control method, system and storage medium based on digital certificates
WO2015079004A1 (en) Method and apparatus for supporting verification of a contract
CN113592638A (en) Transaction request processing method and device and alliance chain
CN116599650B (en) Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium
CN115964733B (en) Block chain-based data sharing method and device, electronic equipment and storage medium
CN117540439B (en) Method and device for automatically authorizing number writing of equipment, storage medium and electronic equipment
US20220158852A1 (en) Providing a Proof of Origin for a Digital Key Pair
CN110611656B (en) Identity management method, device and system based on master identity multiple mapping
CN116800431A (en) Authentication method and device for data multiparty calculation based on data operation
CN117726351A (en) Authentication method and device for data product and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant