CN109525671A - Date storage method, electronic equipment and storage medium based on block chain - Google Patents
Date storage method, electronic equipment and storage medium based on block chain Download PDFInfo
- Publication number
- CN109525671A CN109525671A CN201811418529.XA CN201811418529A CN109525671A CN 109525671 A CN109525671 A CN 109525671A CN 201811418529 A CN201811418529 A CN 201811418529A CN 109525671 A CN109525671 A CN 109525671A
- Authority
- CN
- China
- Prior art keywords
- data
- block chain
- user node
- stored
- sensitive data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of date storage method based on block chain, electronic equipment and storage mediums.Date storage method includes that sensitive data to be stored according to type of data structure is divided into first kind sensitive data and the second class sensitive data by the first user node;It is stored in block chain after being encrypted to the first kind sensitive data;Corresponding digital finger-print is generated to the second class sensitive data, is stored in after the digital finger-print is encrypted in the block chain.Through the above way while avoiding influencing the processing capacity of block chain network, Information Security is improved.
Description
Technical field
This application involves block chain technical fields, more particularly to a kind of date storage method based on block chain, electronics
Equipment and storage medium.
Background technique
Block chain technology is the computer technologies such as Distributed Storage, point-to-point transmission, common recognition mechanism, Encryption Algorithm
New application technology set.From the point of view of data Angle, block chain is sequentially in time by data block in such a way that sequence is connected
A kind of linked data structure being combined into, the data structure guarantee that it can not distort and can not forge by cryptography mode.
From the technical point of view, block chain technology incorporates a variety of different technologies, by constructing block chain network, so that in network
Each node allows to obtain a complete data block copy, and is calculated based on common recognition mechanism and competition to maintain based on area
The update of the data block of block chain.The end to end network constituted is linked up by multinode as a result, and realizes going for data storage and management
It centralization and goes to trust.
The audit also gradually audited from traditional audit measure to cloud with the continuous maturation of cloud computing platform, audit operations
Mode is changed, and cloud audit changes the post-audit drawback that economic activity occurs for traditional audit, focuses more on audit knot
Fruit Producing reason.In the environment of cloud computing platform, the auditing bodies of different geographical can be across time, across space conducting audit industry
Business, auditor can carry out the operation of audit operations by internet whenever and wherever possible.The auditing procedure of cloud computing platform is by special
The cloud software vendor of door provides, safeguards and upgrades, and has homology, is able to ascend the standardization and normalization of Audit data,
Accelerate data screening and processing, reduces data analysis difficulty and audit difficulty.
However, cloud audit while bringing convenient for audit operations, is also faced with from Audit data inside and outside safety
The challenge of problem.Firstly, Audit data first goes the audit target to acquire by each accredited agency at present, the center then uniformly uploaded to
Cloud database is managed concentratedly, under this management mode, once software and hardware Single Point of Faliure occurs, will lead to loss of data,
And time-consuming, at high cost for data recovery.In addition, Audit data is uploading to cloud database, and when being called by multi-party mechanism,
It not is that height encrypts that it, which is transmitted, easily by hack, leads to leaking data, occurs abusing privately without permission, replicates, even goes out
The case where selling Audit data.
Summary of the invention
The application mainly solving the technical problems that provide a kind of date storage method based on block chain, electronic equipment and
Storage medium, the date storage method can be improved the safety of data storage.
To solve the above-mentioned problems, the application first aspect provides a kind of date storage method based on block chain, institute
Stating date storage method includes:
First user node according to type of data structure by sensitive data to be stored be divided into first kind sensitive data and
Second class sensitive data;
It is stored in block chain after being encrypted to the first kind sensitive data;
Corresponding digital finger-print is generated to the second class sensitive data, is stored in after the digital finger-print is encrypted
In the block chain.
To solve the above-mentioned problems, the application second aspect provides a kind of electronic equipment, which includes mutual
The memory and processor of connection, wherein
The memory is used to store the computer instruction that the processor executes;
The processor is used to run the computer instruction of the memory storage, to realize above-mentioned data storage side
Method.
To solve the above-mentioned problems, the application third aspect provides a kind of storage medium, and storage medium storage calculates
Machine instruction, the computer instruction can be run by processor, to realize above-mentioned date storage method.
In above scheme, the sensitive data that user node is needed to store by the date storage method based on block chain is based on number
It is divided into first kind sensitive data and the second class sensitive data according to structure, part of sensitive data is directly encrypted and is stored in area
In block chain, another part sensitive data is converted to digital finger-print, is stored in block chain after digital finger-print is encrypted.Pass through block
The distributed storage characteristic of chain improves the safety of data storage, is converted to number simultaneously for another part sensitive data and refers to
Line cochain reduces data and is stored in influence in block chain to block chain processing capacity.
Detailed description of the invention
Fig. 1 is the configuration diagram of the application block platform chain architecture;
Fig. 2 is the structural schematic diagram of the block of the block chain used in the examples of the application one;
Fig. 3 is the structural schematic diagram of one embodiment of the application data processing network;
Fig. 4 is the flow diagram of the application data processing method first embodiment;
Fig. 5 is the flow diagram of an embodiment of step S12 in Fig. 4;
Fig. 6 is the configuration diagram of the application block chain cloud audit platform base framework;
Fig. 7 is the structural schematic diagram of one embodiment of the application data storage network;
Fig. 8 is the flow diagram of the application date storage method first embodiment;
Fig. 9 is the flow diagram of an embodiment of step S21 in Fig. 8;
Figure 10 is the flow diagram of the application date storage method second embodiment;
Figure 11 is the flow diagram of the application data sharing method first embodiment;
Figure 12 is the flow diagram of an embodiment of step S42 in Figure 11;
Figure 13 is the flow diagram of an embodiment of step S44 in Figure 11;
Figure 14 is the flow diagram of an embodiment of step S444 in Figure 13;
Figure 15 is the flow diagram of the application data sharing method second embodiment;
Figure 16 is the structural schematic diagram of one embodiment of the application electronic equipment;
Figure 17 is the structural schematic diagram of one embodiment of the application storage medium.
Specific embodiment
With reference to the accompanying drawings of the specification, the scheme of the embodiment of the present application is described in detail.
In being described below, for illustration and not for limitation, propose such as specific system structure, interface, technology it
The detail of class, so as to provide a thorough understanding of the present application.
The terms " system " and " network " are often used interchangeably herein.The terms "and/or", only
It is a kind of incidence relation for describing affiliated partner, indicates may exist three kinds of relationships, for example, A and/or B, can indicates: individually
There are A, exist simultaneously A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent forward-backward correlation pair
As if a kind of relationship of "or".
Block chain technology is the novel distributed data organizer of one kind risen with the digital encryptions such as bit coin currency
Method and operation mode.Its biggest characteristic is that: decentralization, this enables data to realize distributed collective's maintenance, be greatly improved
Data operation, management, maintenance efficiency;It is based on a set of common recognition mechanism between common recognition node, safeguards entire area jointly by competing to calculate
Block chain, any node failure, remaining node remain to work normally.The block chain for carrying asymmetric encryption techniques simultaneously has Gao An
Quan Xing, trackability can effectively prevent leaking data or illegally distort.The application proposes to utilize the combination cloud computing of block chain technology
Platform realizes data storage, processing and shared, which can be Audit data, accounting data, transaction data etc., the application
It is illustrated by taking Audit data as an example.
The application block chain network for ease of understanding, the block chain technology first used to the application are illustrated.?
In one concrete application, electronic equipment runs the block chain technology to become the node of the block chain network, the block platform chain base
Plinth framework is as shown in Figure 1, include data Layer, network layer, common recognition layer, contract layer, service layer, application layer and the presentation of block chain
Layer.
Wherein, block chain data Layer is used for packaging bottom layer data block and the skills such as relevant data encryption and timestamp
Art.Also, file data calculate (as twice) at least once using irreversible encryption algorithm (such as SHA256 algorithm),
Generate unique block chain ID, i.e. Hash (Hash) value.Specifically, which can be the privately owned chain of block, to guarantee the block
Chain is not full disclosure, and the member's node only registered just may have access to.
Network layer encapsulates P2P networking mode, message propagation protocol and data authentication mechanism of block chain network system etc.
Element is made each node status equity and is interconnected with flat topological structure and mutually, possesses distribution, autonomy, opening
It the characteristics such as can free in and out.Each node can participate in verification and the accounting procedure of block data in block chain network, only when
After block data passes through the whole network major part node verification, block chain can be just charged to.This decentralization design of block chain guarantees text
Number of packages evidence can not be distorted, can not be forged.
Common recognition layer, encapsulates the method that common recognition is rapidly completed in the topological network of decision-making power high degree of dispersion, to participate in area
The common recognition mechanism of block chain network.
Contract layer is packaged with the contract code of data storage scheme and access strategy, automatic to execute when the condition in contract code is triggered
Respective transaction, while can provide that corresponding access conditions accesses to corresponding data by treaty content.
Service layer is effectively integrated and is managed to application related functions for passing through distributed server, such as with
Family registration, user identity management, encryption and decryption service, distributed account book service, intelligent bond service, data management service etc..
Application layer is the important link for storing and sharing to data, by function for showing the concrete function of block chain network
The difference of energy can be divided into user management, permission control, inventory management of resources etc..
Presentation layer for system function to be shown by modes such as portal websites, and then interacts, each number with user
Interface access application layer that corresponding presentation layer shows can be logged in by system client according to main body and to obtain information resources, including
Register interface, operation execute interface, query interface, application management interface, administrator interfaces etc..
Block chain network is collected with a kind of mode of decentralization, is packaged and the related of safeguard protection files is marked
Know, the lending information of files, give back the information data relevant to files such as information, and these information datas are anchored
Onto block chain.Specifically, block chain can be realized using the network of block alliance chain or the privately owned chain of block chain.Block chain
Node constantly converts the responsibility undertaken in network system, and never only one node is controlling whole network system,
I.e. will not only one accounting nodes keep accounts.Each node is a part in network system.The node of block chain
The timing such as role of transformation in each minute, any a part of network system can be permanently controlled without node.
In one embodiment, the block encapsulation of the data Layer of block chain can be as shown in Figure 2.The block of the block chain includes area
Build 21 (Header) and block body 22 (Body).The block body 22 be stored with the relevant data of at least one pair of execution business into
The cryptographic Hash (Hash) that row setting Hash operation obtains.The block head 21 is with being packaged with current version number 211, previous block
Location 212, the target cryptographic Hash 213 of current block, current block PoW (proof of work) common recognition process solution random number 214,
The information such as Merkle root 215 (Merkle-root) and timestamp 216.Wherein, current version number 211, for indicating software
And the relevant release note of agreement;The previous block address 212, alternatively referred to as previous block cryptographic Hash can just be incited somebody to action by the value
Each block, which joins end to end, constitutes block chain;The solution random number 214 is the answer that record decrypts the block correlation mathematical problem
Value;The Merkle root 215 is calculated by data cryptographic Hash all in block body 22, for examining whether related data deposits
It is in the block;The timestamp 216 is used to record the time of the block 20 generation.It is understood that the structure of the block
It can be adjusted according to the difference of the block chain technology of use, such as common recognition process does not use Pow common recognition mechanism, then there is no upper
The solution random number stated.
In a concrete application, which can be made of block layered (Block).Root is mesh
It records block (Directory Block).These blocks constitute a miniature chain, store compressed reference on chain
(reference).In order to avoid data scale is excessive, the reference in catalogue block (Directory Block) is recording areas
The cryptographic Hash of block (Entry Block).
Catalogue block corresponds to the first layer of this system, is the area for recording the record block integrality (hash value) and proving
Block.Catalogue block be all record blocks as defined in Servers-all be grouped together construction and generate.Therefore, each
Server is owned by all record blocks, all catalogue blocks and all records (Entry).
The second layering for recording block (Entry Block) this corresponding system, is record Entry integrality (hash value)
The block of proof.It may require that record block in the application for finding record, it can be from a digital fingerprint search to all possible phases
The records such as storage, processing, the shared, access of the data of pass.Record block includes the cryptographic Hash of electronical record.Electronical record
Cryptographic Hash demonstrates the presence of data simultaneously and finds the key of record in distributed hash table (DHT) network.
Record block (Entry Block) contains whole Entry related with a chain ID.If some Entry is
If being associated with some record block (Entry Block), then it is considered that this Entry and being not present.Such design
It can allow application program easily falsfication, easily identify which Entry is true and reliable.
Referring to Fig. 3, Fig. 3 is the structural schematic diagram of data processing network one embodiment of the application based on block chain.Such as
Shown in Fig. 3, the data processing network 30 of the present embodiment is block chain network 31, and wherein data processing network 30 includes at least user
Node 311, accounting nodes 312 and submission node 313.
The application is illustrated by taking Audit data as an example, and in one embodiment, user node can correspond to auditing bodies, quilt
All kinds of agency nodes relevant to audit activities such as audit unit, taxation authority, bank.Wherein, the corresponding use of unit under auditing
Family node can generate corresponding Audit data based on the economic activity of itself, and the Audit data is stored in block chain;It examines
The corresponding user node of meter unit can obtain the Audit data from block chain, and corresponding audit operation is executed to it, into
And generate the new audit numbers such as audit commenting report, auditor's comments, the audit working paper audited to unit under auditing
According to, and will be in these new Audit data storages and block chain;The other users node such as taxation authority, bank can be based on block chain
It is accessed to auditing bodies and by all kinds of Audit datas that auditing bodies generates and the operation such as checks.As a result, the application according to
The specific identity information of family node 311 divides user node 311 for the first user node 311a corresponding to auditing bodies and right
It should be in the second user node 311b of unit under auditing.
Further, there is authoritative agency node can be used as accounting nodes 312 and be added to for fiscal institution, regulatory agency etc.
In block chain.Accounting nodes 312 can carry out the book keeping operation of block chain network, and each accounting nodes 312 are with competition accounting capabilities
Node, user node is occurred to Audit data it is relevant storage, processing, addition, modification, access etc. transaction it is related
Information and data are stored, and each accounting nodes 312 save transaction relevant to the Audit data letter of user node generation
Breath realizes the distributed storage for the Transaction Information relevant to Audit data that each user node generates.Further, the present embodiment
Also reusable is the accounting nodes 312 in block chain network 31 for middle auditing bodies and the corresponding user node 311 of unit under auditing,
Execute above-mentioned book keeping operation operation.
It may also include management node 314 in block chain network 31, for user node 311, accounting nodes 312 and submit section
Point 313 carries out identity registration, management user node 311, the identity information of accounting nodes 312 and submission node 313, data sharing
The various audit operations functions such as strategy.Management node 314 may be configured as corresponding to and certificate authority in the application
Block chain network is being added in (Certificate Authority), user node 311, accounting nodes 312 and submission node 313
When 31, registration request is initiated to certificate authority, certificate authority is based on registration request can to the offer of corresponding node
Show the digital certificate of the node identity information, wherein data certificate may include the public key and private key distributed to the node.Application
After the node of registration gets the public key and private key of distribution, private key is stored in own local, by public key broadcasts to block link network
Network 31.
Above-mentioned user node 311, submits node 313 and management node 314 to be specifically as follows any electricity at accounting nodes 312
Sub- equipment, such as server, mobile phone, computer, tablet computer etc., in an embodiment, which is the service of block chain
Device, management node 314 are the application server with traffic handing capacity, and can be used as and deposit card system based on block chain network
System.It is understood that above-mentioned user node 311, accounting nodes 312, submission node 313 and management node 314 can communicate, this
User node 311 and management node 314 in embodiment are used as block chain node, for example, the light weight accounting nodes of block chain,
But in other embodiments, user node 311 and management node 314 are not limited to block chain node, i.e. 311 He of user node
Management node 314 may not at least partly participate in block chain.In addition, the differentiation of above-mentioned node is according to by the Node registers
Identity information determine.Therefore the corresponding main body of above-mentioned node such as auditing bodies, unit under auditing, taxation authority, bank, finance
Mechanism, regulatory agency etc., require to complete registration on block platform chain in advance that (in an application, which is that block is private
Have chain or block alliance chain, story first completes identity registration on block platform chain), and corresponding public key and private key are obtained, really
After its fixed identity is credible, allow to carry out following data processing business.
The block chain network of the present embodiment is by taking alliance's chain network or privately owned chain network as an example, i.e., block chain network is added in node
When need to carry out identity information registration, the member's node for the identity information only registered could visit the block chain network
It asks.
Referring to Fig. 4, Fig. 4 is the flow diagram of data processing method first embodiment of the application based on block chain.
The data processing method of the present embodiment can be applied to block chain network shown in Fig. 3, as shown in figure 4, at the data of the present embodiment
Reason method may include following steps:
In step s 11, the first user node according to the data that data content is generated be divided into primary sources and
Secondary sources;Primary sources are stored in block chain;It is formed accordingly using the private key encryption secondary sources of itself
Secondary sources ciphertext, and secondary sources ciphertext is sent to second user node.
It is illustrated so that data are Audit data as an example in the present embodiment, block chain network 30 as shown in connection with fig. 3 is corresponding
User node in auditing bodies and the user node corresponding to unit under auditing are collectively termed as user node, not according to its identity
Together, user node conduct of the user node of auditing bodies as the first user node, corresponding to unit under auditing will be corresponded to
Second user node.
It includes the needs such as financial report, financial statement that second user node occurs to generate therewith when economic activity accordingly
The Audit data audited, in audit process, second user node utilizes the Audit data of its generation of the private key encryption of itself
Encrypted Audit data block chain is uploaded to afterwards to store;At this point, as the first user node audit unit and/or
When other users node wants access to above-mentioned Audit data, the approval by second user node is needed.In other words, above-mentioned audit
The ownership of data is second user node, and corresponding data are arranged in the above-mentioned Audit data that second user node can upload it
Access strategy need to be to second user section when the first user node and/or other users node need to access above-mentioned Audit data
Point initiates access request, the data storage scheme and access strategy that can be arranged according to second user node after the approval of second user node
Access above-mentioned Audit data.Further, the first user node can obtain above-mentioned Audit data from block chain, and execute phase to it
The audit operation answered, and then generating includes the new Audit datas such as audit commenting report, auditor's comments, audit working paper.
Above-mentioned new Audit data is generated by the first user node, when above-mentioned new Audit data is transmitted to by the first user node
It is to be encrypted using the private key of itself to above-mentioned new Audit data when block chain stores, in other words, above-mentioned at this time new examines
The ownership counted is the first user node.However, generated in above-mentioned new Audit data based on second user node
The data content of Audit data and the new Audit data such as audit commenting report, auditor's comments for generating corresponds to second user
Node, i.e. the carry out strategy for the data storage scheme and access strategy that the access of this partial data needs to be arranged based on second user node, but by
The approval by the first user node is needed, so that other users node is inconvenient the access of this partial data.
In the present embodiment, it includes audit commenting report, auditor's comments, audit working paper etc. that the first user node, which generates,
After new Audit data, primary sources and the second class are divided into according to the above-mentioned new Audit data that data content is generated
Data;Wherein, primary sources are the Audit data that the data contents such as audit working paper correspond to the first user node, other
User node only needs the approval of the first user node that can access the access of primary sources;Secondary sources are careful
The Audit data that the data contents such as appraisal report, auditor's comments correspond to second user node is counted, this part is audited data and needed
It to complete to access based on the data storage scheme and access strategy that second user node is arranged.
In the present embodiment, the first user node corresponds to the he first-class numbert of itself using the private key encryption data content of itself
According to, and encrypted primary sources are stored into block chain.And for secondary sources, the first user node utilizes itself
Private key encryption secondary sources after, form corresponding secondary sources ciphertext, and send he second-class number to second user node
According to ciphertext.
In step s 12, second user node based on secondary sources ciphertext by the ownership of secondary sources from first
User node is transferred to second user node.
In the present embodiment, second user node receives secondary sources ciphertext, can utilize the first user node accordingly
Public key secondary sources ciphertext is decrypted, and then obtain corresponding secondary sources, and then by the institute of secondary sources
It has the right to be transferred to second user node itself.
Further, referring to Fig. 5, as shown in figure 5, step S12 may include following steps:
In step S121, second user node utilizes the public key decryptions secondary sources ciphertext of the first user node, obtains
To secondary sources.
The public key of first user node is broadcasted to block chain, i.e. arbitrary node in block chain can obtain the first use
The public key of family node.In the present embodiment, after second user node receives secondary sources ciphertext, i.e., using the got
The public key of one user node decrypts secondary sources ciphertext, thus to obtain corresponding secondary sources.
In step S122, secondary sources are encrypted again using the private key of itself, and will again pass by the second of encryption
Class data are stored in block chain.
Second user node further encrypts secondary sources using the private key of itself again, and will pass through itself
Private key encryption after secondary sources storage with block chain in.It is understood that secondary sources are by second user at this time
The private key encryption of node, in other words, other users node need to obtain corresponding using the public key decryptions of second user node
Two class data, i.e., by the ownership transfer of secondary sources to second user node.At this point, when other users node needs to visit
When asking secondary sources, then need to initiate access request to second user node, it can root after the approval of second user node
Secondary sources are accessed according to corresponding data storage scheme and access strategy.
The present embodiment completes the transfer of the ownership of secondary sources by the transfer to secondary sources private key encryption, into
And other users node is enabled only to need to initiate to visit to its corresponding seised user node of tool when needing to access secondary sources
It asks request, simplifies the process that other users node accesses to secondary sources.
Further, the application combination cloud technology, based on block platform chain foundation structure shown in Fig. 1, it is also proposed that
Block chain cloud audit platform base framework, as shown in fig. 6, the block chain cloud audit platform base framework of the application is shown in Fig. 1
Block platform chain architecture on the basis of combine the infrastructure service mode of cloud computing platform, i.e. infrastructure services
(IaaS, Infrastructure as a Service), platform service (PaaS, Platform as a Service), soft
Part services (SaaS, Software as a Service);Wherein, IaaS service passes through standard data interface, offline upload etc.
The magnanimity Audit data of various regions unit under auditing is constantly collected cloud database by various ways, according to different audit mouths
Diameter, by data carry out preliminarily homogeneous classification, screen, store and access control;Structural data and unstructured data quilt
It is packaged in hardware device, so that auditing bodies remotely accesses;PaaS service is for real to the Audit data stored in IaaS layers
Fine-grained management is applied, according to specific audit operations demand, encapsulates various analyses and visualization component, facilitates auditing bodies certainly
All kinds of audit operations processes of body frame structure improve audit efficiency;SaaS service is for IaaS service and PaaS service audit output
It is further encapsulation, storage, the functions such as the acquisition of Audit data, analysis, exchange are not only deployed in cloud completely, and will
The resources such as the auditing method of formation and model, auditing case, audit real training further store, and realize that more accurately value is excavated.
In addition, architecture and Fig. 1 institute of the block platform chain in the block chain cloud audit platform base framework of the application
The block platform chain architecture shown is essentially identical, and difference is that data Layer further includes cloud database, and cloud database is used for
The Audit data of magnanimity is stored, easily to carry out the data processing of various dimensions and implement the data service of logic complexity.
Further, referring to Fig. 7, Fig. 7 is the block chain cloud audit that the application is proposed based on block chain network shown in Fig. 3
System on the basis of block chain network 31 that is, shown in Fig. 3, is also wrapped with constituting the data storage network 40 based on block chain
Cloud database 32 is included, each node of 31 side of block chain network is as shown in figure 3, details are not described herein again.Wherein, block chain network
Data interaction can be mutually carried out between 31 and cloud database 32, and the data that user node 311 can be generated or be obtained are straight
It connects and is stored in cloud database 32.
It is understood that Fig. 4 can also be applied to above-mentioned Fig. 7 institute to data processing method first embodiment shown in fig. 5
The block chain cloud auditing system shown, each node is configured with block chain cloud shown in fig. 6 audit platform base framework at this time.
Referring to Fig. 8, Fig. 8 is the flow diagram of date storage method first embodiment of the application based on block chain,
The date storage method of the present embodiment can be applied to the data storage network 40 shown in Fig. 7 based on block chain, and each node is matched
It is equipped with block chain cloud audit platform base framework shown in fig. 6.The present embodiment is with above-mentioned first user node by primary sources
Storage in block chain for be illustrated.As shown in figure 8, the date storage method of the present embodiment at least may include walking as follows
It is rapid:
In the step s 21, the first user node filters out sensitive data using default sensitive field from primary sources,
Sensitive data is stored in block chain.
First user node obtains data content and corresponds to itself, and block chain can be stored in after the private key encryption of itself
In primary sources corresponding sensitive number is further filtered out from primary sources according to the sensitive field of user setting
According to the sensitive data filtered out is stored in block chain.
In the present embodiment, sensitive field can be by there is user to be configured according to demand, and primary sources are in the present embodiment
Audit data can include then the amount of money, economic activity name according to settings such as audit part or unit under auditing, Audit data keywords
The settings such as title, important financial report sensitive field accordingly, will go out in primary sources with the matched data screening of sensitive field
As in sensitive data storage and block chain.
Further, refering to Fig. 9, being stored in sensitive data in block chain for executing in step S21 may include following steps:
In step S211, sensitive data is divided into first kind sensitivity number according to type of data structure by the first user node
According to the second class sensitive data.
In the present embodiment, sensitive data is divided by first kind sensitive data according to type of data structure and the second class is sensitive
Data, specifically, the type of data structure of first kind sensitive data is structural data, the data structure of the second class sensitive data
Type is unstructured data.It will be appreciated that structural data usually has the production of the Audit datas such as unit under auditing, auditing bodies
The structural data that the financial management system of raw user node generates, can be usually indicated by respective data structures
The data such as text, table, the data capacity of structural data is relatively small, is relatively easy to arrange and handle.Unstructured number
According to be then economic activity is carried out based on big data platform under big data development and having of generating it is in large scale it is lengthy and jumbled, at any time increase
Long, the specific Audit data such as value density is low, it may include the data such as picture, video, webpage information, all kinds of reports, data are held
It measures relatively large.
In step S212, it is stored in after being encrypted to first kind sensitive data in block chain to first kind sensitive data
It is stored in after being encrypted in block chain.
First kind sensitive data is structural data, and therefore, the data volume of first kind sensitive data is smaller, and is easy in itself
It arranges and therefore processing is stored in block chain after can directly encrypting to it.In the present embodiment, using elliptic curve
First kind sensitive data is encrypted, further, the first user node uses elliptic curve pair using the private key of itself
First kind sensitive data is encrypted.
In other embodiments, other rivest, shamir, adelmans can also be used to encrypt first kind sensitive data, this
Embodiment is not specifically limited.
In step S213, corresponding digital finger-print is generated to the second class sensitive data, after digital finger-print is encrypted
It is stored in block chain.
Second class sensitive data is unstructured data, and therefore, the data volume of the second class sensitive data is larger, and format is not
It is unified, if the second class sensitive data directly encrypts the storage pressure for being stored in block chain and largely increasing block chain,
Influence the overall treatment efficiency and speed of block chain.Accordingly, for the second class sensitive data, corresponding number is generated to it and is referred to
Line is stored in block chain after being encrypted digital finger-print.
In the present embodiment, Hash calculation is carried out to the second class sensitive data and generates corresponding digital finger-print, to data fingerprint
It is stored in after being encrypted in block chain;Further, the first user node utilizes private key encryption the second class sensitive data of itself.
In step S22, cloud database is stored in using data remaining in primary sources as nonsensitive data.
Further, using remaining data are as nonsensitive data after screening in primary sources, for this part number
According to then storage and cloud database, it is to be understood that, can also be to non-sensitive when by nonsensitive data storage with cloud database
Data are encrypted, and cloud database is stored in after encryption.The Encryption Algorithm used can be calculated for asymmetric encryption such as RSA Algorithms
Method, the present embodiment are not specifically limited.
User node is needed the data stored to be divided into sensitive data and non-sensitive number using sensitive field by the present embodiment
According to, and sensitive data is further divided into first kind sensitive data and the second class sensitive data according to type of data structure, it will
Nonsensitive data is stored in cloud database, and the data that structuring is belonged in sensitive data directly store and block chain, belongs to non-
The data of structuring are calculated as digital finger-print storage and block chain, improve the safety of sensitive data storage, while subtracting relatively
The data storage of small block chain and data processing pressure.
Further, referring to Fig. 10, Figure 10 is the stream of date storage method second embodiment of the application based on block chain
Journey schematic diagram, as shown in Figure 10, the date storage method of the present embodiment may include following steps:
In step S31, primary sources are stored in cloud database by the first user node.
In the present embodiment, before the first user node carries out the screening of sensitive data to primary sources, by primary sources
It is fully stored in cloud database.
In step s 32, sensitive data is filtered out from primary sources using default sensitive field, sensitive data is deposited
It is stored in block chain.
Further, corresponding sensitive data is filtered out from primary sources according to the sensitive field of user setting, will sieved
The sensitive data selected is stored in block chain.Step S32 is identical as step S21 shown in Fig. 8 in the present embodiment, herein no longer
It repeats.
The present embodiment is stored and cloud database for sensitive data, and be stored in block chain;It can be with
Understand, when sensitive data to be stored in cloud database and block chain simultaneously, data rope between the two can be established
Draw, i.e., sensitive data identical with the sensitive data of cloud database storage can be found from block chain according to data directory,
Data directory can guide label for data.At this point, when the first user node or other need the user node of access sensitive data
When determining that the sensitive data being stored in cloud database lacks, it can be found from block chain according to data directory identical
Sensitive data, and then identical sensitive data will be found and be stored in cloud database again, and then quickly to cloud
Storing data in database is restored, and then safeguards the operation steady in a long-term of block chain cloud auditing system.
It is understood that Fig. 8 is to shown in Fig. 10 based on the date storage method first embodiment of block chain and second
Embodiment can be applied to any user node in block chain network, i.e., any user node can lead to the data to be stored
The sensitive field filter sensitive data of setting is crossed, sensitive data is stored in block chain, and be stored in cloud database;And into
One step stores structural data in sensitive data by the way of direct encryption storage, and unstructured data is using meter
The mode for calculating digital finger-print is stored.
Further, Figure 11 is please referred to, Figure 11 is data sharing method first embodiment of the application based on block chain.This reality
The data sharing method for applying example can be applied to block chain network shown in Fig. 3, can also be applied to block chain cloud audit shown in Fig. 7
System, the present embodiment are not particularly limited.As shown in figure 11, the data sharing method of the present embodiment at least may include walking as follows
It is rapid:
In step S41, the first user node corresponds to the first access request of data to be visited to the broadcast of block chain.
The present embodiment with data to be visited is generated by second user node, and ownership is attributed to the number of second user node
It is illustrated for.It for ease of understanding, can be single by audit using the corresponding user node of auditing bodies as the first user node
The corresponding user node in position is as second user node;Data to be visited are economic activity of the second user node based on its own
The Audit datas such as the Audit data of generation or the report of corresponding audit commenting, auditor's comments.
First user node can be retrieved, according to inspection according to itself requirements for access based on sharing data resources catalogue
Hitch fruit obtains second user node corresponding with data to be visited, the relevant informations such as storage address of data to be visited.As a result,
The first access request can be created based on above-mentioned search result, and broadcasts the first access request to block chain.Wherein, the first access
It may include the public key of the first user node in request.
In step S42, submits node to be based on the first access request and generate corresponding shared token, and shared token is anti-
It is fed back to the first user node.
Submission node in block chain can obtain the first access request, and according to the first access request to the first user node
Carry out authentication.After confirming to the identity of the first user node, that is, produce corresponding shared token, and by generation
Shared token feeds back to the first user node, at this point, shared token may be considered the confirmation message for the first access request,
Confirm that the first user node can initiate data access to the user node of all sides of data to be visited.Wherein, it shares and enables
Board at least may include the public key by the first user node of the public key encryption of second user node.
It can regard the behavior that the first user node broadcasts the first access request as a transaction request in the present embodiment, mention
Friendship node is counterparty corresponding with this transaction request, and the shared token for submitting node to generate is considered as response transaction request
And the transaction confirmation message created, a transaction random number can produce based on this transaction request as a result,.The shared order of the present embodiment
Board may include the transaction random number corresponding with the first access request by the public key encryption of second user node.
Further, as shown in figure 12, step S42 at least may include following steps:
In step S421, submits node to be based on the first access request and match to obtain corresponding data storage scheme and access strategy.
It submits node to carry out authentication to the first user node according to the first access request, and can further obtain the
Thus the identity information of one user node can match to obtain corresponding data access plan according to the identity information of the first user node
Slightly.In the present embodiment, data storage scheme and access strategy can be intelligent contract, for be deployed in the settable preset trigger condition of block chain into
And the data script executed automatically.Data storage scheme and access strategy defines data access condition relevant to the identity information of user node
And relevant regulations, and it is provided with prerequisite.
In step S422, first access request is enabled to trigger the prerequisite of the data sharing strategy, generates institute
Shared token is stated, and shared token is fed back into the first user node.
Further, node is submitted match by the first access request and data sharing strategy, so that first accesses and ask
The prerequisite for the solicited message trigger data sharing policy for including in asking, prerequisite, which is triggered, illustrates the first user node
The first access request can be utilized, and initiates to treat the second access request for accessing data based on data sharing strategy, is given birth at this time
At corresponding shared token.
In step S43, the first user node is using shared token and access mandate contract to corresponding with data to be visited
Second user node initiate the second access request.
After first user node receives the shared token for submitting node feeding back, that is, confirm that it can be to second user node
Data access is initiated, shared token is as the confirmation message for corresponding to the first access request.At this point, the first user node can also root
According to the access mandate strategy that the requirements for access for itself treating access data generates, and utilize the private key encryption of itself access mandate
Strategy forms access mandate contract.The first user node can carry shared token and access mandate contract and use to second as a result,
Family node initiates the second access request.
Wherein, access mandate strategy is to be generated by the first user node according to the requirements for access for itself treating access data
Comprising the first user node want to treat the access time section of access data, access duration, whether need to download,
Whether need to increase the requirements for access such as new content.
In step S44, second user node is based on shared token and verifies to the first access request, and awards to access
Power contract is assessed, and assessment result is obtained.
Second user node receives the second access request for carrying shared token and access mandate contract, wherein shared
Token packet contains the public key and transaction random number of the first user node of the public key encryption by second user node.As a result,
Two user nodes can carry out the first access request based on transaction random number, the public key of the first user node and access mandate contract
Verifying, and access mandate contract is assessed.
Further, as shown in figure 13, step S44 may include following steps:
In step S441, second user node using itself private key decrypt shared token, obtain it includes first
The public key and transaction random number of user node, and obtain the identity information of the first user node.
Since shared token includes public key and the friendship of the first user node by the public key encryption of second user node
Easy random number, second user node is that shared token can be decrypted using the private key of itself, and then obtain and wherein wrap as a result,
The public key and transaction random number of the first user node contained.Wherein, transaction random number be based on the first access request generate with
Machine number, for preventing request from repeating.
In step S442, the first access request is verified according to transaction random number, is verified result.
Second user node verifies the first access request using transaction random number.Specifically, being generated in block chain
When the first access request, regard the first access request as a transaction request, thus generates transaction random number (nonce), hand over
The numerical value of easy random number is that transaction count is every to increase primary, random number of trading as the increase of transaction count is incremental since 0
Numerical value also therewith plus 1, in block chain, only when the corresponding trading processing of the lesser transaction random number of front numerical value completes it
The corresponding transaction of the biggish transaction random number of subsequent numerical value can be just handled afterwards.It can determine whether to ask with the first access at this time as a result,
The numerical value of the corresponding random number of trading of processed access request before asking the numerical value of corresponding transaction random number whether to be greater than, or
Whether the numerical value of person's transaction random number there is hop interval, and then verifies to the first access request, if transaction random number
The numerical value of numerical value corresponding random number of trading of processed access request before being greater than, and the numerical value for random number of trading is not jumped
Jump interval, the then verification result verified to the first access request are to be verified, and can continue to hold based on the first access request
Row subsequent step S443, the verification result otherwise verified to the first access request are to be verified to test for the first access request
Card does not pass through, and then is no longer based on the first access request and carries out execution subsequent step.
In step S443, using the public key decryptions access mandate contract of the first user node got, obtain corresponding
Access mandate plan get over.
When the verification result that step S442 is obtained is to be verified, second user node is further utilized in step S441
The public key decryptions access mandate contract of the first obtained user node, obtains corresponding access mandate strategy;And it is awarded based on access
Power strategy continues to execute step S444.
In step S444, the identity information of the first user node and the access mandate contract of access mandate strategy pair are utilized
It is assessed, obtains assessment result.
Second user node is utilized in the identity information and step S443 of the first user node obtained in step S441 and is obtained
To the access mandate contract of access mandate strategy pair assess, obtain assessment result.
Further, as shown in figure 14, step S444 may include following steps:
In step S4441, confirm that block chain provides the first user node according to the identity information of the first user node
Data access authority.
Corresponding data access authority is had according to the identity information regulation that do not have to of user node in block chain, for example, identity
Information is that the user node of audit part can have biggish data access authority, can treat the access time section of access data
Can be with any time period, accessing duration can be two weeks even one month etc., and can download data to be visited, and can
Add new content;And the access time section that the user node that identity information is general data user treats access data can only be
Defined certain time period, access duration can be a couple of days or one week etc., cannot download data to be visited, and cannot add
New content etc..
Second user node can obtain defined first according to the identity information of the first user node from block chain as a result,
The data access authority of user node.
In step S4442, judge that the requirements for access for treating access data for including in access mandate strategy and data are visited
Ask whether permission matches.
Further, judge access mandate strategy that the first user node is formed according to itself requirements for access whether defined
In the data access authority of first user node, for example, whether the access time section recorded in access mandate strategy visits in data
It asks in the period specified in permission, whether the access duration recorded in access mandate strategy is no more than in data access authority
Defined access duration etc., and then judge whether access mandate strategy matches with data access authority.If in access mandate strategy
The access request of record then continues to execute step S4443 in the data access authority of defined first user node;Otherwise,
Execute step S4444.
In step S4443, determine that assessment result is that access mandate contract passes through assessment.
If the access request recorded in access mandate strategy in the data access authority of defined first user node,
Illustrate the access request of the first user node without departing from defined data access authority, then assessment result is logical for access mandate contract
Assessment is crossed, step S35 can be continued to execute.
In step S4444, determine that assessment result is that access mandate contract does not pass through assessment.
If the access request recorded in access mandate strategy exceeds the data access authority of defined first user node,
Assessment result is that access mandate contract does not pass through assessment, then stops executing subsequent step, and can feed back it to the first user node
Access request information against regulation.
In step S45, the first user node is awarded when assessment result is that access mandate contract passes through assessment according to access
It weighs contract and accesses data to be visited.
When assessment result is that access mandate contract passes through assessment, that is, illustrate that second user node is completed to the first user
The authentication of node and the approval of access request, the first user node can be provided according in access mandate contract as a result,
Requirements for access treat access data and access, can accordingly treat access data and shared, downloaded, add content etc. and grasp
Make.
Further, Fig. 8 can be used to shown in Fig. 10 to the data that it needs to store in second user node in the present embodiment
Mode described in date storage method first embodiment and second embodiment based on block chain is stored, i.e. second user section
Point all data store with cloud database in, further, sensitive data also store and block chain in, and the first kind sensitivity
Data are directly encrypted and are stored in block chain, the second class sensitive data stored by way of digital finger-print in block chain.Phase
It answers, the first user node can be obtained preferentially from cloud database and be needed when carrying out data access to second user node
Data, data acquisition process can be simplified;If the data in cloud database lack, can further be obtained from block chain
Access evidence, and the data that will acquire are stored in cloud database again.
In the present embodiment, the first user node needs to broadcast the corresponding transaction of its data access to the whole network, submits node root
After authenticating according to the transaction to the first user node, shared token is generated;First user node need to be after obtaining shared token
It could be based on shared token and initiate data access request to second user node, and to be verified and be commented in second user node
It just can be carried out data access after estimating, improve data circulate in block chain network safety and compliance.
Further, Figure 15 is please referred to, Figure 15 is the stream of data sharing method second embodiment of the application based on block chain
Journey schematic diagram.The data sharing method of the present embodiment proposes on the basis of being the data sharing method shown in Figure 11 to Figure 14
, as shown in figure 15, the present embodiment may include following steps:
In step s 51, the first user node corresponds to the first access request of data to be visited to the broadcast of block chain.
In step S52, submits node to be based on the first access request and generate corresponding shared token, and shared token is anti-
It is fed back to the first user node.
In step S53, the first user node is using shared token and access mandate contract to corresponding with data to be visited
Second user node initiate the second access request.
In step S54, second user node is based on shared token and verifies to the first access request, and awards to access
Power contract is assessed, and sends assessment result to submission node.
In the present embodiment in data sharing method first embodiment shown in step S51 to step S53 and Figure 11 to Figure 13
Step S41 it is identical to step S43, details are not described herein again.Further, step 44 class shown in step S54 and Figure 11 to Figure 14
Seemingly, difference be after obtaining assessment result, second user node to submit node send the assessment result, by submission node according to
Assessment result allows or the first user node is not allowed to treat access data to access.
In step S55, node the first user node of clearance is submitted to treat the data sharing interface of access data.
After submitting node to obtain the assessment result that second user node is sent, if assessment result is that access mandate contract passes through
Assessment, then the first user node of letting pass treat the data sharing interface of access data, thus continue step S56.
In step S56, the first user node accesses data to be visited according to access mandate contract.
After submitting node the first user node of clearance to treat the data sharing interface of access data, the first user node
Data to be visited are accessed according to access mandate contract by the data sharing interface.
In step S57, submit node that the first user node is blocked to treat the data sharing interface for accessing data.
After submitting node to obtain the assessment result that second user node is sent, if assessment result is that access mandate contract does not lead to
Assessment is crossed, then the first user node is blocked to treat the data sharing interface of access data, terminates process.
Further, Figure 16 is please referred to, Figure 16 is the structural schematic diagram of one embodiment of the application electronic equipment.Such as Figure 16 institute
Show, the electronic equipment 160 of the present embodiment can be Fig. 3 or user node shown in fig. 7 411, accounting nodes 412, submission section
Point 313 or management node 314.Electronic equipment 160 can be specially with user node 411, accounting nodes 412, submit node 313 or
The terminals such as the corresponding computer of management node 314, mobile phone, tablet computer.Deployment is just like Fig. 1 in the electronic equipment 160 of the present embodiment
Shown in block platform chain architecture or block chain cloud as shown in FIG. 6 audit architecture, can be used as in block chain network
Node be added block chain network in.
Further, the electronic equipment 160 of the present embodiment may include the processor 1601 by being located inside electronic equipment 160
With memory 1602, processor 1601 is connected with memory 1602 by bus.The memory 1602 is stored with processor 1601
Executable computer instruction, processor 1601 execute the computer instruction to realize above-mentioned Fig. 4 to shown in fig. 5 based on block
The data processing method first embodiment of chain, Fig. 8 to the date storage method first embodiment shown in Fig. 10 based on block chain
And second embodiment and Figure 11 are implemented to shown in figure 15 based on the data sharing method first embodiment of block chain and second
Any one or more embodiments in example.
Further, Figure 17 is please referred to, Figure 17 is the structural schematic diagram of one embodiment of the application storage medium.Such as Figure 17 institute
Show, the computer instruction 1701 that can be performed is stored in the storage medium 170 in the present embodiment, the computer instruction 1701
It is performed and can be realized above-mentioned Fig. 4 to the data processing method first embodiment shown in fig. 5 based on block chain, Fig. 8 to Figure 10
Shown in date storage method first embodiment and second embodiment based on block chain and Figure 11 be based on to shown in figure 15
Any one or more embodiments in the data sharing method first embodiment and second embodiment of block chain.
In the present embodiment, which can be the memory module of intelligent terminal, flash memory device (such as movement
Hard disk, USB flash disk etc.), network cloud disk, application memory platform or server etc. have the medium of store function.In addition, the storage medium
It can also be the storage device or accounting nodes 312, submission of 311 counterpart terminal of above-mentioned Fig. 3 or user node shown in fig. 7
Node 313, the corresponding server of management node 314;It again or is memory 1602 shown in Figure 16.
Above scheme can realize it is following the utility model has the advantages that
(1) by encrypting Audit data using rivest, shamir, adelman in the circulation process, only authorization node
Private key could decrypt to obtain corresponding Audit data, and partial audit data are carried out cochain by the way of digital finger-print and deposited
Storage, further increases data deciphering difficulty, enhances Information Security, improves data Feasible degree.
(2) crucial financial affairs receipt, document, great contract etc. are stored as digital asset cochain using sensitive field,
And different access permissions is arranged according to the responsibility of audit main body, protection Audit data privacy draw simultaneously logical data across the time,
The Secure in space is shared, and shared log can not be distorted, be can be traced, in addition, auditing result is included in block chain, and is examined
Meter unit is associated, and is realized that digitlization is retained, is provided Real-time Decision foundation for stakeholder, so that it is negative to reduce data circulation
Lotus saves the audit time.
(3) clip Text of Audit data is kept accounts after knowing together on block chain, by cross-check to Audit data source
Authenticity veritification is carried out, while automatic label and processing are carried out to exception record, completes real-time auditing;Using highly programmable
Script executes related Audit data to the preset time cycle by audit model code, for the specific audit target automatically
Cleaning and data analysis, eliminate the subjectivityization Audit data Effective judgement of auditor, make entire audit process and result more
Add just, objective, reliable.
(4) distributed storage of block chain cloud auditing system, each node possess consistent data account book, not only solve
Traditional audit is when carrying out frequency data processing, the problems such as system load is high, the speed of service is slow, can also pass through the work that will audit
Share as amount to different nodes, the great number operation and maintenance expenses for improving audit speed, reducing server.
(5) Audit data is associated with its producer on chain, and formulates programmable data access strategy by audit main body,
When data trade is initiated, needs to broadcast to the whole network, and obtain the approval of certain amount node, just it is allowed effectively to access, it is ensured that
Audit data uses conjunction rule, safety.
In above description, for illustration and not for limitation, propose such as specific system structure, interface, technology it
The detail of class, so as to provide a thorough understanding of the present application.However, it will be clear to one skilled in the art that there is no these specific
The application also may be implemented in the other embodiment of details.In other situations, omit to well-known device, circuit with
And the detailed description of method, so as not to obscure the description of the present application with unnecessary details.
Claims (10)
1. a kind of date storage method based on block chain characterized by comprising
Sensitive data to be stored is divided into first kind sensitive data and second according to type of data structure by the first user node
Class sensitive data;
It is stored in block chain after being encrypted to the first kind sensitive data;
Corresponding digital finger-print is generated to the second class sensitive data, is stored in after the digital finger-print is encrypted described
In block chain.
2. date storage method according to claim 1, which is characterized in that
The type of data structure of the first kind sensitive data is structural data;The data structure of the second class sensitive data
Type is unstructured data.
3. date storage method according to claim 1, which is characterized in that
Sensitive data to be stored is divided by first kind sensitive data and the second class sensitivity according to type of data structure described
Before data, further includes:
First user node filters out the sensitive data using default sensitive field from primary sources to be stored.
4. date storage method according to claim 3, which is characterized in that
The date storage method, further includes:
The primary sources are stored in the cloud database.
5. date storage method according to claim 4, which is characterized in that
The date storage method, further includes:
When first user node determines that the sensitive data being stored in the cloud database lacks, according to
Data directory obtains corresponding sensitive data from the block chain, and the corresponding sensitive data that will acquire is stored in institute again
It states in cloud database.
6. date storage method according to claim 3, which is characterized in that
Described using sensitive field is preset before filtering out the sensitive data in primary sources to be stored, also wrap
It includes:
Data to be stored are divided into the primary sources and he second-class number according to data content by first user node
According to;
The date storage method, further includes:
Secondary sources described in private key encryption of first user node using itself form corresponding secondary sources ciphertext,
And the secondary sources ciphertext is sent to the second user node, so that the second user node is based on second class
The ownership of the secondary sources is transferred to the second user node from first user node by data ciphertext.
7. date storage method according to claim 1, which is characterized in that
It is described the first kind sensitive data is encrypted after be stored in block chain, comprising:
The first kind sensitive data is encrypted using elliptic curve, encrypted first kind sensitive data will be passed through
It is stored in block chain;
It is described that corresponding digital finger-print is generated to the second class sensitive data, it is stored in after the digital finger-print is encrypted
In the block chain, comprising:
Hash calculation is carried out to the second class sensitive data and generates corresponding digital finger-print, the data fingerprint is encrypted
After be stored in the block chain.
8. date storage method according to claim 7, which is characterized in that
It is described that elliptic curve encryption is carried out to the first kind sensitive data, comprising:
Elliptic curve encryption is carried out to first kind sensitive data using the private key of first user node;
It is described the data fingerprint is encrypted after be stored in the block chain, comprising:
It is stored in after being encrypted using the private key of first user node to the data fingerprint in the block chain.
9. a kind of electronic equipment, which is characterized in that including memory interconnected and processor, wherein
The memory is used to store the computer instruction that the processor executes;
The processor is used to run the computer instruction of the memory storage, to realize that claim 1-8 is any one
Date storage method described in.
10. a kind of storage medium, which is characterized in that the storage medium stores computer instruction, and the computer instruction can
It is run by processor, to realize date storage method described in claim 1-8 any one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811418529.XA CN109525671B (en) | 2018-11-26 | 2018-11-26 | Block chain-based data storage method, electronic device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811418529.XA CN109525671B (en) | 2018-11-26 | 2018-11-26 | Block chain-based data storage method, electronic device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109525671A true CN109525671A (en) | 2019-03-26 |
CN109525671B CN109525671B (en) | 2021-05-14 |
Family
ID=65793822
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811418529.XA Active CN109525671B (en) | 2018-11-26 | 2018-11-26 | Block chain-based data storage method, electronic device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109525671B (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110020553A (en) * | 2019-04-12 | 2019-07-16 | 山东浪潮云信息技术有限公司 | A kind of method and system for protecting sensitive data |
CN110245947A (en) * | 2019-05-20 | 2019-09-17 | 阿里巴巴集团控股有限公司 | The receipt storage method and node limited in conjunction with the condition of transaction and user type |
CN110263031A (en) * | 2019-05-07 | 2019-09-20 | 深圳壹账通智能科技有限公司 | Trading platform data processing method, device, computer equipment and storage medium |
CN110264193A (en) * | 2019-05-20 | 2019-09-20 | 阿里巴巴集团控股有限公司 | In conjunction with the receipt storage method and node of user type and type of transaction |
CN110334536A (en) * | 2019-05-30 | 2019-10-15 | 深圳壹账通智能科技有限公司 | Data save method, device and computer equipment based on block chain |
CN110675145A (en) * | 2019-08-22 | 2020-01-10 | 中国平安财产保险股份有限公司 | Data processing method and device based on block chain, terminal and storage medium |
CN110784521A (en) * | 2019-09-30 | 2020-02-11 | 远光软件股份有限公司 | Block chain consensus method, electronic device and storage medium |
CN111066019A (en) * | 2019-05-15 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Processing data elements stored in a blockchain network |
CN111147575A (en) * | 2019-12-25 | 2020-05-12 | 山东公链信息科技有限公司 | Data storage system based on block chain |
CN111506651A (en) * | 2020-04-15 | 2020-08-07 | 中国银行股份有限公司 | Data storage method and device |
CN111538786A (en) * | 2020-04-24 | 2020-08-14 | 上海简苏网络科技有限公司 | Block chain data desensitization and tracing storage method and device |
CN111683366A (en) * | 2020-06-05 | 2020-09-18 | 宗陈星 | Communication data processing method based on artificial intelligence and block chain and big data platform |
CN111858520A (en) * | 2020-07-21 | 2020-10-30 | 杭州溪塔科技有限公司 | Method and device for separately storing block link point data |
WO2020233421A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code marking |
CN112153047A (en) * | 2020-09-24 | 2020-12-29 | 国网区块链科技(北京)有限公司 | Block chain-based network security operation and maintenance and defense method and system |
CN112468577A (en) * | 2020-11-25 | 2021-03-09 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
CN112507355A (en) * | 2020-12-04 | 2021-03-16 | 钟爱健康科技(广东)有限公司 | Individual health data storage system based on block chain |
CN113051625A (en) * | 2021-03-24 | 2021-06-29 | 中国工商银行股份有限公司 | Data evidence storing method and device based on block chain |
CN113268763A (en) * | 2020-12-28 | 2021-08-17 | 上海能链众合科技有限公司 | Block chain-based distributed private data storage method |
CN114860730A (en) * | 2022-05-17 | 2022-08-05 | 北京新五好农业科技有限公司 | Land data storage method, system and storage medium based on block chain |
CN115277593A (en) * | 2022-07-13 | 2022-11-01 | 葛莺燕 | Method and system for safely storing data under link based on block chain |
CN115277593B (en) * | 2022-07-13 | 2024-05-31 | 上海企源科技股份有限公司 | Method and system for safely storing under-chain data based on blockchain |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160292396A1 (en) * | 2015-03-30 | 2016-10-06 | Iperial, Inc. | System and method for authenticating digital content |
CN106055993A (en) * | 2016-08-13 | 2016-10-26 | 深圳市樊溪电子有限公司 | Encryption storage system for block chains and method for applying encryption storage system |
CN107368750A (en) * | 2017-06-23 | 2017-11-21 | 雷虹 | The implementation method and device of electronic health record based on block chain |
CN107426170A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of data processing method and equipment based on block chain |
CN108197505A (en) * | 2017-12-29 | 2018-06-22 | 泰康保险集团股份有限公司 | Block chain business data processing method, device and electronic equipment |
-
2018
- 2018-11-26 CN CN201811418529.XA patent/CN109525671B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160292396A1 (en) * | 2015-03-30 | 2016-10-06 | Iperial, Inc. | System and method for authenticating digital content |
CN106055993A (en) * | 2016-08-13 | 2016-10-26 | 深圳市樊溪电子有限公司 | Encryption storage system for block chains and method for applying encryption storage system |
CN107426170A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of data processing method and equipment based on block chain |
CN107368750A (en) * | 2017-06-23 | 2017-11-21 | 雷虹 | The implementation method and device of electronic health record based on block chain |
CN108197505A (en) * | 2017-12-29 | 2018-06-22 | 泰康保险集团股份有限公司 | Block chain business data processing method, device and electronic equipment |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110020553A (en) * | 2019-04-12 | 2019-07-16 | 山东浪潮云信息技术有限公司 | A kind of method and system for protecting sensitive data |
CN110263031A (en) * | 2019-05-07 | 2019-09-20 | 深圳壹账通智能科技有限公司 | Trading platform data processing method, device, computer equipment and storage medium |
CN111066019B (en) * | 2019-05-15 | 2023-05-16 | 创新先进技术有限公司 | Processing data elements stored in a blockchain network |
CN111066019A (en) * | 2019-05-15 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Processing data elements stored in a blockchain network |
CN110245947A (en) * | 2019-05-20 | 2019-09-17 | 阿里巴巴集团控股有限公司 | The receipt storage method and node limited in conjunction with the condition of transaction and user type |
CN110264193A (en) * | 2019-05-20 | 2019-09-20 | 阿里巴巴集团控股有限公司 | In conjunction with the receipt storage method and node of user type and type of transaction |
CN110245947B (en) * | 2019-05-20 | 2021-08-24 | 创新先进技术有限公司 | Receipt storage method and node combining conditional restrictions of transaction and user types |
WO2020233421A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code marking |
CN110334536A (en) * | 2019-05-30 | 2019-10-15 | 深圳壹账通智能科技有限公司 | Data save method, device and computer equipment based on block chain |
CN110675145A (en) * | 2019-08-22 | 2020-01-10 | 中国平安财产保险股份有限公司 | Data processing method and device based on block chain, terminal and storage medium |
CN110784521A (en) * | 2019-09-30 | 2020-02-11 | 远光软件股份有限公司 | Block chain consensus method, electronic device and storage medium |
CN110784521B (en) * | 2019-09-30 | 2022-05-27 | 远光软件股份有限公司 | Block chain consensus method, electronic device and storage medium |
CN111147575A (en) * | 2019-12-25 | 2020-05-12 | 山东公链信息科技有限公司 | Data storage system based on block chain |
CN111506651A (en) * | 2020-04-15 | 2020-08-07 | 中国银行股份有限公司 | Data storage method and device |
CN111538786A (en) * | 2020-04-24 | 2020-08-14 | 上海简苏网络科技有限公司 | Block chain data desensitization and tracing storage method and device |
CN111683366A (en) * | 2020-06-05 | 2020-09-18 | 宗陈星 | Communication data processing method based on artificial intelligence and block chain and big data platform |
CN111858520A (en) * | 2020-07-21 | 2020-10-30 | 杭州溪塔科技有限公司 | Method and device for separately storing block link point data |
CN111858520B (en) * | 2020-07-21 | 2024-03-22 | 杭州溪塔科技有限公司 | Method and device for separately storing block chain node data |
CN112153047B (en) * | 2020-09-24 | 2021-05-18 | 国网区块链科技(北京)有限公司 | Block chain-based network security operation and maintenance and defense method and system |
CN112153047A (en) * | 2020-09-24 | 2020-12-29 | 国网区块链科技(北京)有限公司 | Block chain-based network security operation and maintenance and defense method and system |
CN112468577A (en) * | 2020-11-25 | 2021-03-09 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
CN112468577B (en) * | 2020-11-25 | 2021-11-02 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
CN112507355A (en) * | 2020-12-04 | 2021-03-16 | 钟爱健康科技(广东)有限公司 | Individual health data storage system based on block chain |
CN112507355B (en) * | 2020-12-04 | 2024-04-02 | 钟爱健康科技(广东)有限公司 | Personal health data storage system based on block chain |
CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
CN112506860B (en) * | 2020-12-15 | 2024-02-27 | 中国银行股份有限公司 | Collaborative audit method, device and system based on blockchain |
CN113268763B (en) * | 2020-12-28 | 2023-09-15 | 上海零数众合信息科技有限公司 | Distributed privacy data storage method based on blockchain |
CN113268763A (en) * | 2020-12-28 | 2021-08-17 | 上海能链众合科技有限公司 | Block chain-based distributed private data storage method |
CN113051625B (en) * | 2021-03-24 | 2024-02-20 | 中国工商银行股份有限公司 | Data storage method and device based on blockchain |
CN113051625A (en) * | 2021-03-24 | 2021-06-29 | 中国工商银行股份有限公司 | Data evidence storing method and device based on block chain |
CN114860730A (en) * | 2022-05-17 | 2022-08-05 | 北京新五好农业科技有限公司 | Land data storage method, system and storage medium based on block chain |
CN115277593A (en) * | 2022-07-13 | 2022-11-01 | 葛莺燕 | Method and system for safely storing data under link based on block chain |
CN115277593B (en) * | 2022-07-13 | 2024-05-31 | 上海企源科技股份有限公司 | Method and system for safely storing under-chain data based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN109525671B (en) | 2021-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109450910A (en) | Data sharing method, data sharing network and electronic equipment based on block chain | |
CN109525671A (en) | Date storage method, electronic equipment and storage medium based on block chain | |
CN109753815A (en) | Data processing method, data processing network and electronic equipment based on block chain | |
US11157833B2 (en) | Learning service blockchain | |
US11689362B2 (en) | Distributed ledger for generating and verifying random sequence | |
US11038670B2 (en) | System and method for blockchain-based cross-entity authentication | |
US10685099B2 (en) | System and method for mapping decentralized identifiers to real-world entities | |
US10917246B2 (en) | System and method for blockchain-based cross-entity authentication | |
EP3788522B1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
US20180218454A1 (en) | Managing participation in a monitored system using blockchain technology | |
US20210083845A1 (en) | Off-chain notification of updates from a private blockchain | |
CA3186249A1 (en) | Digital ledger based health data sharing and management | |
US20210406876A1 (en) | Permissioned eventing in a decentralized database | |
Mansoor et al. | A Review of Blockchain Approaches for KYC | |
CN110492997A (en) | A kind of encryption system based on super account book, method, apparatus and storage medium | |
US20230208640A1 (en) | Selective audit process for privacy-preserving blockchain | |
Rani et al. | A block chain-based approach using proof of continuous work consensus algorithm to secure the educational records | |
KR102450412B1 (en) | SLA-Based Sharing Economy Service with Smart Contract for Resource Integrity in the Internet of Things | |
Ellervee | A reference model for Blockchain-based distributed ledger technology | |
Yu et al. | Blockchain-based solutions for mobile crowdsensing: A comprehensive survey | |
Uddin et al. | Blockchain: Research and applications | |
Uddin | A Patient Agent Controlled Customized Blockchain Based Framework for Internet of Things | |
Gao et al. | Blockchain-enabled supervised secure data sharing and delegation scheme in Web3. 0 | |
Al Breiki | Trust Requirements Model for Blockchain Systems | |
CN117455496A (en) | Method, device, product, equipment and medium for processing resource package |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |