CN116938917A - Block chain-based data sharing method, device and system - Google Patents

Block chain-based data sharing method, device and system Download PDF

Info

Publication number
CN116938917A
CN116938917A CN202211665675.9A CN202211665675A CN116938917A CN 116938917 A CN116938917 A CN 116938917A CN 202211665675 A CN202211665675 A CN 202211665675A CN 116938917 A CN116938917 A CN 116938917A
Authority
CN
China
Prior art keywords
data
identifier
node
hash
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211665675.9A
Other languages
Chinese (zh)
Inventor
陈静静
周晶
陈健
方俊超
位恒曦
李峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Hangzhou Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202211665675.9A priority Critical patent/CN116938917A/en
Publication of CN116938917A publication Critical patent/CN116938917A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a data sharing method, device and system based on a block chain, wherein the method comprises the following steps: monitoring a data request event issued by an intelligent contract of a blockchain and called by a second node of the blockchain, wherein the data request event at least carries a first identification of original data; encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that a second identifier matched with the first identifier exists in a first node of a block chain is determined, uploading the first encrypted data to an inter-star file system (IPFS), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data; invoking the intelligent contract to issue a data response event, wherein the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.

Description

Block chain-based data sharing method, device and system
Technical Field
The present application relates to the field of networking technologies, and in particular, but not limited to, a method, an apparatus, and a system for sharing data based on a blockchain.
Background
In the related art, networking users mostly adopt the following two ways to share data: the first mode is that the data owner provides a data service interface, which is obtained by calling the interface of the data user (also called as a data requester or a data demand party), and the data security is ensured by an encryption mode. And secondly, original data sharing is carried out through file transmission, such as FTP (File Transfer Protocol ), and the original data is encrypted through an encryption method to ensure data security.
However, both the above two data sharing methods require that the data owner and the data user agree on an encryption key together, and once the encryption key is revealed, the data security cannot be ensured, and the data security is low. Multiple participants need to repeatedly butt joint when sharing data at the same time, and the complexity of the system is high, and the data is difficult to trace by using links.
Disclosure of Invention
In view of the above, the embodiments of the present application provide a method, apparatus and system for sharing data based on blockchain.
In a first aspect, an embodiment of the present application provides a data sharing method based on a blockchain, applied to a first node, where the method includes: monitoring a data request event issued by a second node calling the intelligent contract of the blockchain, wherein the data request event at least carries a first identification of original data; encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploading the first encrypted data to an inter-star file system (IPFS), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data; invoking the intelligent contract to issue a data response event, wherein the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
In a second aspect, an embodiment of the present application provides another blockchain-based data sharing method, applied to a second node, the method including: invoking an intelligent contract of the blockchain to issue a data request event, wherein the data request event at least carries a first identification of original data; the method comprises the steps that a first node monitors a data request event, encrypts original data corresponding to a second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploads the first encrypted data to an IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data; monitoring a data response event issued by the first node calling the intelligent contract, wherein the data response event at least carries the second identifier and the ciphertext data; decrypting the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In a third aspect, an embodiment of the present application provides a blockchain-based data sharing device, including: the first monitoring module is used for monitoring a data request event issued by the intelligent contract of the second node calling the blockchain, wherein the data request event at least carries a first identification of original data; the encryption module is used for encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploading the first encrypted data to an IPFS (inter-star file system), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data; the first issuing module is used for calling the intelligent contract to issue a data response event, and the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
In a fourth aspect, an embodiment of the present application provides another blockchain-based data sharing device, including: the second issuing module is used for calling the intelligent contract of the blockchain to issue a data request event, and the data request event at least carries a first identification of original data; the method comprises the steps that a first node monitors a data request event, encrypts original data corresponding to a second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploads the first encrypted data to an IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data; the second monitoring module is used for monitoring a data response event issued by the first node calling the intelligent contract, wherein the data response event at least carries the second identifier and the ciphertext data; the decryption module is used for decrypting the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In a fifth aspect, embodiments of the present application provide a blockchain-based data sharing system, the system including: a first node and a second node, wherein: the second node is configured to invoke an intelligent contract of the blockchain to issue a data request event, where the data request event at least carries a first identifier of original data; the first node is configured to monitor the data request event, encrypt the original data corresponding to the second identifier to obtain first encrypted data, upload the first encrypted data to an interstellar file system IPFS, receive first hash data returned by the IPFS, and encrypt the first hash data to obtain ciphertext data when determining that the first node has the second identifier matched with the first identifier; the first node is further configured to invoke the intelligent contract to issue a data response event, where the data response event at least carries the second identifier and the ciphertext data; the second node is further configured to monitor the data response event corresponding to the second identifier, and decrypt the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In the embodiment of the application, encryption sharing of data is performed based on the blockchain, so that the data security is improved, the traceability of a data use link is realized through an intelligent contract of the blockchain, and the efficient sharing of the data is realized through the IPFS.
Drawings
FIG. 1 is a flow chart of a block chain based data sharing method according to an embodiment of the application;
FIG. 2 is a flowchart illustrating another exemplary block chain based data sharing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a block chain based data sharing system according to an embodiment of the present application;
FIG. 4 is an interactive schematic diagram of a data sharing method based on a blockchain according to an embodiment of the present application;
FIG. 5 is a flow chart of a data encryption sharing method according to an embodiment of the present application;
FIG. 6 is a schematic diagram illustrating a block chain based data sharing device according to an embodiment of the present application;
FIG. 7 is a schematic diagram illustrating a block chain based data sharing device according to another embodiment of the present application;
fig. 8 is a schematic diagram of a composition structure of an electronic device according to an embodiment of the application.
Detailed Description
The technical scheme of the application is further elaborated below with reference to the drawings and examples.
With the development of videos, mobile terminals and smart families, wiFi has become a necessary requirement in the home, and the dead-angle-free coverage of a whole-house wireless network is realized to become a rigid requirement for more and more users. The intelligent networking is a WiFi quality improvement service provided by a network operator for an optical fiber broadband user with WiFi networking requirements, and comprises professional-level WiFi environment evaluation, networking design, terminal sales, modulation and deployment and other services, so that the aims of better WiFi coverage, more stable and faster Internet surfing are achieved. With the rapid development of intelligent networking services, networking user data needs to be fused and shared with other service data to promote the common development of home broadband services.
In order to help understand the technical solution of the embodiment of the present application, the following describes the nouns involved in the embodiment of the present application:
blockchain: is a chain composed of blocks. Each block holds certain information which is linked in a chain according to the time sequence of their respective generation. The chain is stored in all servers, and the entire blockchain is safe as long as one server in the entire blockchain system can work. These servers, referred to as nodes in the blockchain system, provide storage space and computational support for the entire blockchain system. If the information in the blockchain is to be modified, it is necessary to sign consent of more than half of the nodes and modify the information in all the nodes, which are usually held in different subject hands, so it is an extremely difficult thing to tamper with the information in the blockchain. Compared with the traditional network, the blockchain has two main core characteristics: firstly, the data is difficult to tamper, and secondly, the data is decentralised. Based on the two characteristics, the information recorded by the blockchain is more real and reliable, and the problem of mutual distrust can be solved.
The alliance chain is one of blockchains, only aims at members of a specific certain group and limited third parties, a plurality of preselected nodes are internally designated as billing people, the generation of each block is jointly determined by all preselected nodes, other access nodes can participate in transactions, but no accounting process is performed, and other third parties can perform limited inquiry through an API (Application Program Interface ) of the blockchain. For better performance, the federation chain has certain requirements for the configuration of consensus or authentication nodes and the network environment. With the admission mechanism, transaction performance can be improved more easily, and problems caused by participants with irregular participation are avoided.
Smart contract: is a computer protocol that aims to propagate, verify or execute contracts in an informative manner. Smart contracts allow trusted transactions to be made without third parties, which transactions are traceable and irreversible. The purpose of smart contracts is to provide a security approach that is superior to traditional contracts and to reduce other transaction costs associated with the contracts.
IPFS (InterPlanetary File System ): is a file storage and content distribution network protocol that combines a successful system distributed hash table (Distributed Hash Tables (DHTs)), bitTorrent (P2P download tool), a version control system Git, a Self-authenticated file system (Self-Certified Filesystems-SFS), and a blockchain. The combined advantages of these systems bring it with the following remarkable characteristics:
Permanent, decentralised save and share files (storage DHTs in blockchain mode);
point-to-point hypermedia: P2P holds various types of data (BitTorrent);
versioning: traceable file modification history (Git-Merkle DAG merck directed acyclic graph));
content addressable: the file is identified by generating an independent hash value from the file contents, rather than by the file save location. Only one file with the same content exists in the system, so that the storage space is saved.
Fig. 1 is a flow chart of a data sharing method based on a blockchain, which is applied to a first node according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
step 102: monitoring a data request event issued by a second node calling the intelligent contract of the blockchain, wherein the data request event at least carries a first identification of original data;
all the participants of the data sharing can jointly form a blockchain, each participant can be used as a node in the blockchain, and all the participants can agree on the unique identification of the data; the second node may be a data requestor, the first node may be a data responder, and the first identification may be expressed as reqDataIdHash.
The intelligent contract is also called a data sharing intelligent contract, the intelligent contract comprises a data request mode and a data response mode, and meanwhile, the mapping relation between a user address and a public key is maintained, the data request mode is used for constructing a data request event, recording the address of a data request party and the identification of requested data, the data response mode is used for constructing a data response event, recording the address of the data response party and the identification of the responded data, and the mapping relation between the user address and the public key can be synchronously initialized when the intelligent contract is initialized.
The second node may invoke a smart contract of the blockchain to issue a data request event for the original data, and the first node may snoop for the data request event on the blockchain.
Step 104: encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploading the first encrypted data to an inter-star file system (IPFS), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data;
Wherein, all participants can build an IPFS alliance chain together; the first hash data is a hash value of the first encrypted data; the first encrypted data may be represented as cipheret, the first hash data may be represented as ciphererfsh, and the ciphertext data may be represented as cipherent; the second identifier is considered to be the same as the first identifier when the second identifier is matched with the first identifier, if the second identifier matched with the first identifier exists in the first node, the first node is indicated to be a data owner of the original data, and the first node can generate ciphertext data and issue the ciphertext data after processing such as encryption and the like on the original data.
Step 106: invoking the intelligent contract to issue a data response event, wherein the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
The first node can call the intelligent contract to issue a data response event, the second node monitors the data response event after issuing the data request event, and decrypts the ciphertext data to obtain the original data when monitoring the data response event which is issued by the first node and corresponds to the first identifier which is requested by the second node.
In the embodiment of the application, encryption sharing of data is performed based on the blockchain, so that the data security is improved, the traceability of a data use link is realized through an intelligent contract of the blockchain, and the efficient sharing of the data is realized through the IPFS.
In some embodiments, the "decrypting the ciphertext data to obtain the original data" in step 106 includes the following steps 1061 to 1063:
step 1061: decrypting the ciphertext data to obtain the first hash data;
step 1062: acquiring the first encrypted data corresponding to the first hash data from the IPFS;
step 1063: and decrypting the first encrypted data to obtain the original data.
In the embodiment of the application, the second node decrypts the ciphertext data to obtain the first hash data, obtains the first encrypted data corresponding to the first hash data from the IPFS, decrypts the first encrypted data to obtain the original data, and can realize data sharing with the first node more efficiently.
In some embodiments, the data request event further carries a first random number, the method further comprising:
generating a second random number if it is determined that a second identifier matching the first identifier exists in the first node; generating a first key by taking the first random number as salt and the second random number as seed;
Wherein the first random number may be denoted as a salt, the second random number may be denoted as a seed, and the first key may be denoted as a key;
correspondingly, in step 104, "encrypt the original data corresponding to the second identifier to obtain first encrypted data", includes:
and encrypting the original data corresponding to the second identifier by using the first key to obtain first encrypted data.
Wherein, all participants can agree on a symmetric encryption algorithm to ensure data security, the symmetric encryption algorithm can be an AES (Advanced Encryption Standard ) algorithm, DES (Data Encryption Standard, data encryption standard) algorithm, etc.
In the embodiment of the application, the random number generation key is generated by the two parties together, so that higher security is provided, and the data security is further ensured by a symmetric encryption algorithm.
In some embodiments, the data request event further carries a first address of the second node, and "encrypting the first hash data to obtain ciphertext data" in step 104 includes:
encrypting the first hash data and the second random number by using a first public key corresponding to the first address based on the mapping relation between the address and the public key in the intelligent contract to obtain ciphertext data;
The second random number and the first hash data can be encrypted by the first public key to obtain ciphertext data.
Correspondingly, the "decrypting the ciphertext data to obtain the first hash data" in step 1061 includes:
and decrypting the ciphertext data by using a first private key corresponding to the first public key to obtain the first hash data and the second random number.
All parties can agree on an asymmetric encryption algorithm to ensure data security, wherein the asymmetric encryption algorithm can be RSA algorithm, DSA (Digital Signature Algorithm ), ECC (Ellipse Curve Ctyptography, elliptic curve cryptography) algorithm, DH algorithm and the like.
In step 106, "decrypt the first encrypted data to obtain the original data", including:
generating a first key by taking the first random number as salt and the second random number as seed;
and decrypting the first encrypted data by using the first key to obtain the original data.
In the embodiment of the application, the traceability of the data using link is realized through the intelligent contract, and the data security is ensured through the asymmetric encryption algorithm.
In some embodiments, the first identifier is obtained by desensitizing a third identifier of the original data using a first desensitization algorithm, and the method further includes:
Step 1031: performing desensitization processing on a fourth identifier of each of the reference data in the plurality of reference data in the first node by using the first desensitization algorithm to obtain a second identifier corresponding to the reference data;
wherein all parties may agree on a desensitization algorithm, which may be a hash algorithm of SHA-256 (Secure Hash Algorithm, hash algorithm 256), SHA-224, SHA-384, SHA-512, etc. The third identifier or the fourth identifier may be a user mobile phone number or a networking order number, and the third identifier or the fourth identifier is used for data query or tracing.
Step 1032: the first identity is compared with second identities of the plurality of reference data to determine if there is a second identity in the first node that matches the first identity.
In the embodiment of the application, the unique identification of the desensitized data ensures the data privacy while the data can be retrieved, and further improves the data security.
In some embodiments, the blockchain includes a coalition chain, the method further comprising:
step 1011: acquiring a uplink request of at least one third node, wherein the uplink request carries networking information;
All the participants share data to form a alliance chain together, and each participant serves as one node.
Step 1012: receiving and issuing networking information written by the third node under the condition that the common identification verification result of the uplink request is passed;
wherein each third node corresponds to a networking service; the networking service comprises at least one of environment evaluation service, networking design service, terminal sales service, adjustment and measurement deployment service, order service and evaluation service; each networking service is connected into a alliance chain according to the time sequence generated by each networking service; user data sharing among various provincial companies of the intelligent networking service of the operator can be realized through a alliance chain.
In the embodiment of the application, the encryption sharing of networking data is performed based on the block chain, so that the safety of the networking data is improved, the traceability of the link used by the networking data is realized through the intelligent contract of the block chain, and the efficient sharing of the networking data is realized through the IPFS.
Fig. 2 is a flowchart of another data sharing method based on blockchain, applied to a second node, as shown in fig. 2, according to an embodiment of the present application, the method includes the following steps:
Step 202: invoking an intelligent contract of the blockchain to issue a data request event, wherein the data request event at least carries a first identification of original data;
the method comprises the steps that a first node monitors a data request event, encrypts original data corresponding to a second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploads the first encrypted data to an IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data;
step 204: monitoring a data response event issued by the first node calling the intelligent contract, wherein the data response event at least carries the second identifier and the ciphertext data;
step 206: decrypting the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In the embodiment of the application, encryption sharing of data is performed based on the blockchain, so that the data security is improved, the traceability of a data use link is realized through an intelligent contract of the blockchain, and the efficient sharing of the data is realized through the IPFS.
Fig. 3 is a schematic diagram of a block chain-based data sharing system according to an embodiment of the present application, and as shown in fig. 3, the system 30 includes a first node 31 and a second node 32, wherein,
the second node 32 is configured to invoke an intelligent contract of the blockchain to issue a data request event, where the data request event carries at least a first identifier of original data;
the first node 31 is configured to monitor the data request event, encrypt the original data corresponding to the second identifier to obtain first encrypted data, upload the first encrypted data to an interstellar file system IPFS, receive first hash data returned by the IPFS, and encrypt the first hash data to obtain ciphertext data when determining that the second identifier matched with the first identifier exists in the first node 31;
the first node 31 is further configured to invoke the smart contract to issue a data response event, where the data response event at least carries the second identifier and the ciphertext data;
the second node 32 is further configured to monitor the data response event corresponding to the second identifier, and decrypt the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In the embodiment of the application, encryption sharing of data is performed based on the blockchain, so that the data security is improved, the traceability of a data use link is realized through an intelligent contract of the blockchain, and the efficient sharing of the data is realized through the IPFS.
Fig. 4 is an interaction diagram of a blockchain-based data sharing method according to an embodiment of the present application, which is applied to a data sharing system, as shown in fig. 4, where the system includes a first node 41 and a second node 42, and the method includes the following steps:
step 401: the second node 42 invokes the intelligent contract of the blockchain to issue a data request event, wherein the data request event at least carries a first identifier of original data;
step 402: the first node 41 listens for the data request event;
step 403: the first node 41 encrypts the original data corresponding to the second identifier to obtain first encrypted data, uploads the first encrypted data to an interstellar file system IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data when determining that the second identifier matched with the first identifier exists in the first node 41;
Step 404: the first node calls the intelligent contract to issue a data response event, wherein the data response event at least carries the second identifier and the ciphertext data;
step 405: the second node monitors the data response event corresponding to the second identifier;
step 406: the second node decrypts the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
In the embodiment of the application, encryption sharing of data is performed based on the blockchain, so that the data security is improved, the traceability of a data use link is realized through an intelligent contract of the blockchain, and the efficient sharing of the data is realized through the IPFS.
Fig. 5 is a flow chart of a data encryption sharing method according to an embodiment of the present application, as shown in fig. 5, the method includes the following steps:
step 501: building a alliance chain;
all the participants share data to form a alliance chain together, and each participant serves as one node;
step 502: constructing an IPFS alliance chain;
wherein, all the participants of the data sharing build an IPFS alliance chain together.
Step 503: a unique identification of the participator appointed data, a desensitization algorithm and an encryption algorithm;
step 504: deploying and initializing a data sharing intelligent contract;
the data sharing intelligent contract comprises a data request mode and a data response mode, and meanwhile, a mapping relation between a user address and a public key is maintained, the data request mode is used for constructing a data request event, recording an address of a data request party and identification of requested data, the data response mode is used for constructing a data response event, recording the address of the data response party and identification of responsive data, and the mapping relation between the user address and the public key can be synchronously initialized during intelligent contract initialization.
Step 505: the data demand side initiates a request to the blockchain according to the unique identifier of the desensitized data;
the data after desensitization of the original data is uniquely identified as a first identification. The data requesting party uses a desensitization algorithm to desensitize a third identifier (dataId) of original data to be requested, a value after desensitization is called a first identifier and can be expressed as reqDataIdHash, a first random number salt is generated at the same time, and the intelligent contract executes a data request event by using the desensitized data reqDataIdHash and a data request mode of the first random number salt for calling an intelligent contract;
Step 506: the blockchain generating a data request event;
step 507: the data owner monitors a data request event;
step 508: the data owner inquires local data according to the unique data identifier after desensitization, encrypts a data original text if the local data exists, uploads the encrypted data to the IPFS, and initiates a data response request to the blockchain;
step 509: the blockchain generating a data response event;
the data owner can acquire a hash value of the first encrypted data returned by the IPFS, namely first hash data, and encrypt the first hash data to obtain ciphertext data; and the data response request carries the first identifier and the ciphertext data.
The data owner desensitizes all dataIds in a local service system by using a desensitization algorithm which is the same as that of the data requester, when a data request event on a blockchain is monitored, the data reqDataIdHash is matched with local data according to the monitored desensitized data, if a record exists locally, a second random number seed is generated, salt is used as salt, the seed is used as a seed to construct a symmetric encryption algorithm key, the key is used to encrypt the original data dataId corresponding to the reqDataIdHash, the encrypted first encrypted data is called cipherent, the cipherent is uploaded to an IPFS, and the hash value returned by the IPFS is called ciphererIPFSHash. The data response party obtains the public key of the request party through the intelligent contract according to the address of the data request party, seed, cipherIPFSHash is encrypted by the public key of the data request party, the obtained ciphertext is called cipherContent, and the intelligent contract is used for executing and generating a data response event by calling a data response mode of a block chain by using reqDataIdHash and cipherContent;
Step 510: and if the data request party monitors the data response event, analyzing the response to obtain the hash value of the IPFS, downloading the data from the IPFS, and decrypting to obtain the data original text.
The data requesting party decrypts the ciphertext data to obtain first hash data, downloads first encrypted data corresponding to the first hash data from the IPFS, and decrypts the first encrypted data to obtain a data original, namely original data.
After the data request is sent, the data request party monitors a data response event, when the event of reqDataIdHash requested by the data request party is monitored, the cipherContent is decrypted by using the private key of the data request party to obtain seed and cipherIPFSHash, the salt is used as salt, the seed is used as seed to construct a symmetric encryption algorithm key, the cipherIPFSHash is used for obtaining ciphertext cipherchext from IPFS, and the key is used for decrypting cipherchext to obtain a data text.
In the embodiment of the application, a multiparty data sharing method is realized based on the blockchain and the IPFS, the intelligent contract realizes that the data use link is traceable, the hash algorithm realizes data desensitization, the unique identification of the desensitized data ensures the data privacy while the data can be searched, the IPFS stores larger data, and the two parties respectively generate random numbers to generate symmetric keys, thereby improving the safety. The data security is commonly ensured through symmetric encryption, asymmetric encryption, desensitization algorithm and the like.
It should be noted that, in the embodiment of the present application, if the networking method is implemented in the form of a software functional module, and is sold or used as a separate product, the networking method may also be stored in a computer readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be embodied essentially or in a part contributing to the related art in the form of a software product stored in a storage medium, including several instructions for causing an electronic device (which may be a mobile phone, a tablet computer, a desktop computer, a personal digital assistant, a navigator, a digital phone, a video phone, a television, a sensing device, etc.) to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes. Thus, embodiments of the application are not limited to any specific combination of hardware and software.
Fig. 6 is a schematic structural diagram of a data sharing device based on a blockchain according to an embodiment of the present application, as shown in fig. 6, the device 600 includes: a first listening module 601, an encryption module 602, and a first distribution module 603, wherein:
A first monitoring module 601, configured to monitor a data request event issued by an intelligent contract of the blockchain invoked by a second node, where the data request event at least carries a first identifier of original data;
the encryption module 602 is configured to encrypt the original data corresponding to the second identifier to obtain first encrypted data, upload the first encrypted data to an interstellar file system IPFS, receive first hash data returned by the IPFS, and encrypt the first hash data to obtain ciphertext data when it is determined that the second identifier matched with the first identifier exists in the first node;
a first issuing module 603, configured to invoke the smart contract to issue a data response event, where the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
In some embodiments, the first distribution module 603 includes: the first decryption submodule is used for decrypting the ciphertext data to obtain the first hash data; a first obtaining sub-module, configured to obtain, from the IPFS, the first encrypted data corresponding to the first hash data; and the second decryption sub-module is used for decrypting the first encrypted data to obtain the original data.
In some embodiments, the data request event further carries a first random number, the apparatus further comprising:
a first generation sub-module, configured to generate a second random number if it is determined that a second identifier matching the first identifier exists in the first node; generating a first key by taking the first random number as salt and the second random number as seed;
the encryption module 602 includes: and the second encryption sub-module is used for encrypting the original data corresponding to the second identifier by using the first key to obtain first encrypted data.
In some embodiments, the data request event also carries a first address of the second node,
the encryption module 602 includes: the first encryption sub-module is used for encrypting the first hash data and the second random number by utilizing a first public key corresponding to the first address based on the mapping relation between the address and the public key in the intelligent contract to obtain ciphertext data;
the first decryption sub-module is used for decrypting the ciphertext data by using a first private key corresponding to the first public key to obtain the first hash data and the second random number;
The second decryption submodule is used for generating a first secret key by taking the first random number as salt and the second random number as seed; and decrypting the first encrypted data by using the first key to obtain the original data.
In some embodiments, the first identifier is obtained by desensitizing a third identifier of the original data by using a first desensitization algorithm, and the apparatus further includes: the desensitization module is used for carrying out desensitization processing on the fourth identifier of each of the reference data in the plurality of reference data in the first node by utilizing the first desensitization algorithm to obtain a second identifier corresponding to the reference data; and the comparison module is used for comparing the first identifier with second identifiers of the plurality of reference data to determine whether the second identifier matched with the first identifier exists in the first node.
In some embodiments, the blockchain includes a coalition chain, the apparatus further comprising: the acquisition module is used for acquiring a uplink request of at least one third node, wherein the uplink request carries networking information; the second issuing module is used for receiving and issuing networking information written by the third node when the common identification verification result of the uplink request is passed; wherein each third node corresponds to a networking service; the networking service comprises at least one of an environment evaluation service, a networking design service, a terminal sales service, a call testing deployment service, an order service and an evaluation service.
Fig. 7 is a schematic diagram of a block chain-based data sharing apparatus according to another embodiment of the present application, as shown in fig. 7, the apparatus 700 includes: a second publishing module 701, a second listening module 702 and a decryption module 703, wherein:
a second issuing module 701, configured to invoke an intelligent contract of the blockchain to issue a data request event, where the data request event at least carries a first identifier of original data;
under the condition that a first node determines that a second identifier matched with the first identifier exists in the first node, encrypting the original data corresponding to the second identifier to obtain first encrypted data, uploading the first encrypted data to an IPFS (interstellar file system), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data;
a second monitoring module 702, configured to monitor a data response event issued by the first node calling the smart contract, where the data response event at least carries the second identifier and the ciphertext data;
a decryption module 703, configured to decrypt the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
Correspondingly, an embodiment of the present application provides an electronic device, and fig. 8 is a schematic diagram of a hardware entity of the electronic device according to the embodiment of the present application, as shown in fig. 8, the hardware entity of the device 800 includes: comprising a memory 801 and a processor 802, the memory 801 storing a computer program executable on the processor 802, the processor 802 implementing the steps in the blockchain based data sharing method of the above embodiments when executing the program.
The memory 801 is configured to store instructions and applications executable by the processor 802, and may also cache data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or processed by various modules in the processor 802 and the device 800, which may be implemented by a FLASH memory (FLASH) or a random access memory (Random Access Memory, RAM).
Accordingly, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps in the blockchain-based data sharing method provided in the above embodiments.
It should be noted here that: the description of the storage medium and the device embodiments above is similar to that of the method embodiments above, with similar benefits as the device embodiments. For technical details not disclosed in the embodiments of the storage medium and the method of the present application, please refer to the description of the embodiments of the apparatus of the present application.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application. The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a magnetic disk or an optical disk, or the like, which can store program codes. Alternatively, the above-described integrated units of the present application may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present application may be embodied essentially or in a part contributing to the related art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a mobile phone, a tablet computer, a desktop computer, a personal digital assistant, a navigator, a digital phone, a video phone, a television, a sensing device, etc.) to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a removable storage device, a ROM, a magnetic disk, or an optical disk.
The methods disclosed in the method embodiments provided by the application can be arbitrarily combined under the condition of no conflict to obtain a new method embodiment. The features disclosed in the several product embodiments provided by the application can be combined arbitrarily under the condition of no conflict to obtain new product embodiments. The features disclosed in the embodiments of the method or the apparatus provided by the application can be arbitrarily combined without conflict to obtain new embodiments of the method or the apparatus.
The foregoing is merely an embodiment of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A blockchain-based data sharing method, applied to a first node, the method comprising:
monitoring a data request event issued by a second node calling the intelligent contract of the blockchain, wherein the data 5 request event at least carries a first identification of original data;
Encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploading the first encrypted data to an inter-star file system (IPFS), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data;
0 calling the intelligent contract to issue a data response event, wherein the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
2. The method of claim 1, wherein decrypting the ciphertext data to obtain the original data comprises:
5, decrypting the ciphertext data to obtain the first hash data;
acquiring the first encrypted data corresponding to the first hash data from the IPFS;
and decrypting the first encrypted data to obtain the original data.
3. The method of claim 2, wherein the data request event further carries a first random number, the method further comprising:
0 generating a second random number if it is determined that a second identifier matching the first identifier exists in the first node; generating a first key by taking the first random number as salt and the second random number as seed;
the encrypting the original data corresponding to the second identifier to obtain first encrypted data includes:
and 5, encrypting the original data corresponding to the second identifier by using the first key to obtain first encrypted data.
4. The method of claim 3, wherein the data request event further carries a first address of the second node,
the encrypting the first hash data to obtain ciphertext data comprises the following steps:
encrypting the first hash data and the second random number by using a first public key corresponding to the first address based on the mapping relation between the address and the public key in the intelligent contract to obtain ciphertext data;
the decrypting the ciphertext data to obtain the first hash data includes:
decrypting the ciphertext data by using a first private key corresponding to the first public key to obtain the first hash data and the second random number;
The decrypting the first encrypted data to obtain the original data includes:
generating the first key by taking the first random number as salt and the second random number as seed;
and decrypting the first encrypted data by using the first key to obtain the original data.
5. The method of claim 2, wherein the first identifier is obtained by desensitizing a third identifier of the original data using a first desensitization algorithm, the method further comprising:
performing desensitization processing on a fourth identifier of each of the reference data in the plurality of reference data in the first node by using the first desensitization algorithm to obtain a second identifier corresponding to the reference data;
the first identity is compared with second identities of the plurality of reference data to determine if there is a second identity in the first node that matches the first identity.
6. The method of any of claims 1-5, wherein the blockchain includes a coalition chain, the method further comprising:
acquiring a uplink request of at least one third node, wherein the uplink request carries networking information;
Receiving and issuing networking information written by the third node under the condition that the common identification verification result of the uplink request is passed;
wherein each third node corresponds to a networking service; the networking service comprises at least one of an environment evaluation service, a networking design service, a terminal sales service, a call testing deployment service, an order service and an evaluation service.
7. A blockchain-based data sharing method, applied to a second node, the method comprising:
invoking an intelligent contract of the blockchain to issue a data request event, wherein the data request event at least carries a first identification of original data; the method comprises the steps that a first node monitors a data request event, encrypts original data corresponding to a second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploads the first encrypted data to an IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data;
monitoring a data response event issued by the first node calling the intelligent contract, wherein the data response event at least carries the second identifier and the ciphertext data;
Decrypting the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
8. A blockchain-based data sharing device, the device comprising:
the first monitoring module is used for monitoring a data request event issued by the intelligent contract of the second node calling the blockchain, wherein the data request event at least carries a first identification of original data;
the encryption module is used for encrypting the original data corresponding to the second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploading the first encrypted data to an IPFS (inter-star file system), receiving first hash data returned by the IPFS, and encrypting the first hash data to obtain ciphertext data;
the first issuing module is used for calling the intelligent contract to issue a data response event, and the data response event at least carries the second identifier and the ciphertext data; and after the second node monitors the data response event corresponding to the second identifier, decrypting the ciphertext data to obtain the original data.
9. A blockchain-based data sharing device, the device comprising:
the second issuing module is used for calling the intelligent contract of the blockchain to issue a data request event, and the data request event at least carries a first identification of original data;
the method comprises the steps that a first node monitors a data request event, encrypts original data corresponding to a second identifier to obtain first encrypted data under the condition that the second identifier matched with the first identifier exists in the first node, uploads the first encrypted data to an IPFS, receives first hash data returned by the IPFS, and encrypts the first hash data to obtain ciphertext data;
the second monitoring module is used for monitoring a data response event issued by the first node calling the intelligent contract, wherein the data response event at least carries the second identifier and the ciphertext data;
the decryption module is used for decrypting the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
10. A blockchain-based data sharing system, the system comprising: a first node and a second node, wherein:
the second node is configured to invoke an intelligent contract of the blockchain to issue a data request event, where the data request event at least carries a first identifier of original data;
the first node is configured to monitor the data request event, encrypt the original data corresponding to the second identifier to obtain first encrypted data, upload the first encrypted data to an interstellar file system IPFS, receive first hash data returned by the IPFS, and encrypt the first hash data to obtain ciphertext data when determining that the first node has the second identifier matched with the first identifier;
the first node is further configured to invoke the intelligent contract to issue a data response event, where the data response event at least carries the second identifier and the ciphertext data;
the second node is further configured to monitor the data response event corresponding to the second identifier, and decrypt the ciphertext data to obtain the first hash data; acquiring the first encrypted data corresponding to the first hash data from the IPFS; and decrypting the first encrypted data to obtain the original data.
CN202211665675.9A 2022-12-23 2022-12-23 Block chain-based data sharing method, device and system Pending CN116938917A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211665675.9A CN116938917A (en) 2022-12-23 2022-12-23 Block chain-based data sharing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211665675.9A CN116938917A (en) 2022-12-23 2022-12-23 Block chain-based data sharing method, device and system

Publications (1)

Publication Number Publication Date
CN116938917A true CN116938917A (en) 2023-10-24

Family

ID=88391452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211665675.9A Pending CN116938917A (en) 2022-12-23 2022-12-23 Block chain-based data sharing method, device and system

Country Status (1)

Country Link
CN (1) CN116938917A (en)

Similar Documents

Publication Publication Date Title
CN109462588B (en) Decentralized data transaction method and system based on block chain
JP6961818B2 (en) Data sharing methods, clients, servers, computing devices, and storage media
CN109144961B (en) Authorization file sharing method and device
JP6547079B1 (en) Registration / authorization method, device and system
CN109495592B (en) Data collaboration method and electronic equipment
CN111556120B (en) Data processing method and device based on block chain, storage medium and equipment
KR101985179B1 (en) Blockchain based id as a service
CN109740384A (en) Data based on block chain deposit card method and apparatus
US20140006512A1 (en) Methods for Exchanging User Profile, Profile Mediator Device, Agents, Computer Programs and Computer Program Products
CN109981641A (en) A kind of safe distribution subscription system and distribution subscription method based on block chain technology
EP3537684B1 (en) Apparatus, method, and program for managing data
CN111740966B (en) Data processing method based on block chain network and related equipment
CN102546176A (en) Supporting DNS security in a multi-master environment
WO2007025998A2 (en) Method and system for resource encryption and decryption
CN111132150A (en) Method and device for protecting data, storage medium and electronic equipment
CN111522809A (en) Data processing method, system and equipment
WO2023051337A1 (en) Data processing method and apparatus, and device and storage medium
KR102447797B1 (en) System for managing document based on IPFS and method thereof
CN107196918B (en) Data matching method and device
Guo et al. Using blockchain to control access to cloud data
KR20160040399A (en) Personal Information Management System and Personal Information Management Method
George et al. Ethereum blockchain-based authentication approach for Data Sharing in Cloud Storage Model
CN115001720B (en) Optimization method, device, medium and equipment for safe transmission of federal learning modeling
CN112418850A (en) Transaction method and device based on block chain and electronic equipment
CN116938917A (en) Block chain-based data sharing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination