CN109525671B - Block chain-based data storage method, electronic device and storage medium - Google Patents

Block chain-based data storage method, electronic device and storage medium Download PDF

Info

Publication number
CN109525671B
CN109525671B CN201811418529.XA CN201811418529A CN109525671B CN 109525671 B CN109525671 B CN 109525671B CN 201811418529 A CN201811418529 A CN 201811418529A CN 109525671 B CN109525671 B CN 109525671B
Authority
CN
China
Prior art keywords
data
type
user node
block chain
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811418529.XA
Other languages
Chinese (zh)
Other versions
CN109525671A (en
Inventor
程晗蕾
鲁静
向智宇
王超
陈利浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanguang Software Co Ltd
Original Assignee
Yuanguang Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanguang Software Co Ltd filed Critical Yuanguang Software Co Ltd
Priority to CN201811418529.XA priority Critical patent/CN109525671B/en
Publication of CN109525671A publication Critical patent/CN109525671A/en
Application granted granted Critical
Publication of CN109525671B publication Critical patent/CN109525671B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The application discloses a data storage method based on a block chain, electronic equipment and a storage medium. The data storage method comprises the steps that a first user node divides sensitive data to be stored into first type sensitive data and second type sensitive data according to a data structure type; encrypting the first type of sensitive data and storing the encrypted first type of sensitive data in a block chain; and generating a corresponding digital fingerprint for the second type of sensitive data, and encrypting the digital fingerprint and storing the encrypted digital fingerprint in the block chain. By the method, the processing capability of the block chain network is prevented from being influenced, and the data security is improved.

Description

Block chain-based data storage method, electronic device and storage medium
Technical Field
The present disclosure relates to the field of block chain technologies, and in particular, to a data storage method, an electronic device, and a storage medium based on a block chain.
Background
The block chain technology is a novel application technology set of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. From the data perspective, the block chain combines the data blocks in a sequential connection mode into a chain data structure according to the time sequence, and the data structure is guaranteed to be not falsifiable and not to be forged in a cryptographic mode. From a technical perspective, the blockchain technology integrates a plurality of different technologies, and by constructing a blockchain network, each node in the network is allowed to obtain a complete copy of a data block, and updates of the blockchain-based data blocks are maintained based on a consensus mechanism and competition calculation. Therefore, the decentralization and the distrust of data storage and management are realized through an end-to-end network formed by multi-node communication.
With the continuous maturity of the cloud computing platform, the audit service is gradually changed from the traditional audit mode to the cloud audit mode, the cloud audit changes the problem that the traditional audit has a problem of post audit on economic activities, and the reason for generating the audit result is more concerned. Under the environment of a cloud computing platform, auditing mechanisms in different regions can implement auditing services in a cross-time and cross-space mode, and auditors can perform the operation of the auditing services through the Internet at any time and any place. The auditing program of the cloud computing platform is provided, maintained and upgraded by a special cloud software provider, has homology, can improve standardization and normalization of auditing data, accelerates data screening and processing, and reduces data analysis difficulty and auditing difficulty.
However, cloud auditing also faces challenges from external security issues within the audit data while providing convenience for auditing services. At present, audit data are collected by auditing objects by each stationing mechanism, and then are uploaded to a central cloud database in a unified manner for centralized management. In addition, when the audit data is uploaded to a cloud database and called by a plurality of organizations, the transmission of the audit data is not highly encrypted and is easy to crack by hackers, so that the data is leaked, and the situations of unauthorized and private abuse, copying and even selling of the audit data occur.
Disclosure of Invention
The technical problem mainly solved by the application is to provide a data storage method based on a block chain, an electronic device and a storage medium.
In order to solve the above problem, a first aspect of the present application provides a data storage method based on a block chain, where the data storage method includes:
the method comprises the steps that a first user node divides sensitive data to be stored into first type sensitive data and second type sensitive data according to a data structure type;
encrypting the first type of sensitive data and storing the encrypted first type of sensitive data in a block chain;
and generating a corresponding digital fingerprint for the second type of sensitive data, and encrypting the digital fingerprint and storing the encrypted digital fingerprint in the block chain.
In order to solve the above-mentioned problems, a second aspect of the present application provides an electronic device comprising a memory and a processor connected to each other, wherein,
the memory is used for storing computer instructions executed by the processor;
the processor is used for operating the computer instructions stored by the memory to realize the data storage method.
In order to solve the above problem, a third aspect of the present application provides a storage medium storing computer instructions executable by a processor to implement the above data storage method.
In the above scheme, the data storage method based on the block chain divides the sensitive data to be stored by the user node into the first type of sensitive data and the second type of sensitive data based on the data structure, directly encrypts and stores part of the sensitive data in the block chain, converts the other part of the sensitive data into the digital fingerprint, and encrypts and stores the digital fingerprint in the block chain. The data storage safety is improved through the distributed storage characteristic of the block chain, and meanwhile, the other part of sensitive data is converted into digital fingerprint uplink, so that the influence of the data storage in the block chain on the block chain processing capacity is reduced.
Drawings
FIG. 1 is a block chain platform infrastructure architecture of the present application;
FIG. 2 is a block diagram of a block chain used in an embodiment of the present application;
FIG. 3 is a block diagram of an embodiment of a data processing network according to the present application;
FIG. 4 is a schematic flow chart diagram of a first embodiment of the data processing method of the present application;
FIG. 5 is a schematic flow chart diagram illustrating one embodiment of step S12 in FIG. 4;
FIG. 6 is a block chain cloud audit platform infrastructure architecture diagram according to the present application;
FIG. 7 is a schematic block diagram of an embodiment of a data storage network of the present application;
FIG. 8 is a schematic flow chart diagram illustrating a first embodiment of the data storage method of the present application;
FIG. 9 is a schematic flow chart diagram illustrating one embodiment of step S21 of FIG. 8;
FIG. 10 is a schematic flow chart diagram illustrating a second embodiment of the data storage method of the present application;
FIG. 11 is a flowchart illustrating a first embodiment of a data sharing method according to the present application;
FIG. 12 is a schematic flow chart diagram illustrating one embodiment of step S42 of FIG. 11;
FIG. 13 is a schematic flow chart diagram illustrating one embodiment of step S44 of FIG. 11;
FIG. 14 is a schematic flow chart diagram illustrating one embodiment of step S444 of FIG. 13;
FIG. 15 is a flowchart illustrating a data sharing method according to a second embodiment of the present application;
FIG. 16 is a schematic structural diagram of an embodiment of an electronic device of the present application;
FIG. 17 is a schematic structural diagram of an embodiment of a storage medium according to the present application.
Detailed Description
The following describes in detail the embodiments of the present application with reference to the drawings attached hereto.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application.
The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The block chain technology is a novel distributed data organization method and an operation mode which are developed along with digital encryption currencies such as bitcoin and the like. The method is characterized in that: decentralization enables the data to realize distributed collective maintenance, and greatly improves the efficiency of data operation, management and maintenance; the consensus nodes are based on a set of consensus mechanism, the whole block chain is maintained together through competition calculation, any node fails, and other nodes can still work normally. Meanwhile, the block chain carrying the asymmetric encryption technology has high safety and traceability, and can effectively prevent data leakage or illegal tampering. The application provides a block chain technology combined with a cloud computing platform to realize data storage, processing and sharing, the data can be audit data, accounting data, transaction data and the like, and the application takes the audit data as an example for explanation.
To facilitate understanding of the blockchain network of the present application, the blockchain technique employed in the present application is first exemplified. In one embodiment, the electronic device runs the blockchain technique to become a node of the blockchain network, and the blockchain platform infrastructure is shown in fig. 1 and includes a data layer, a network layer, a consensus layer, a contract layer, a service layer, an application layer, and a presentation layer of the blockchain.
The blockchain data layer is used for encapsulating the underlying data blocks and related data encryption and time stamping technologies. Also, at least one (e.g., two) computations may be performed on the file data using an irreversible encryption algorithm (e.g., SHA256 algorithm) to generate a unique blockchain ID, i.e., a Hash (Hash) value. Specifically, the blockchain may be a blockchain, ensuring that the blockchain is not fully public and only accessible to registered member nodes.
And the network layer encapsulates elements such as a P2P networking mode, a message propagation protocol, a data verification mechanism and the like of the blockchain network system, so that the nodes are equal in status and mutually communicated in a flat topological structure, and the characteristics of distribution, autonomy, openness, free access and the like are possessed. Each node in the block chain network can participate in the checking and accounting process of the block data, and the block chain can be recorded only after the block data passes verification of most nodes in the whole network. The decentralized design of the block chain ensures that the file data cannot be tampered and forged.
And the consensus layer encapsulates a method for rapidly completing consensus in a topological network with highly dispersed decision weights so as to participate in a consensus mechanism of the block chain network.
The contract layer encapsulates contract codes with data access strategies, automatically executes corresponding transactions when conditions in the contract codes are triggered, and simultaneously can access corresponding data through corresponding access conditions specified by contract contents.
And the service layer is used for effectively integrating and managing the related functions of the application through the distributed server, such as user registration, user identity management, encryption and decryption service, distributed book service, intelligent contract service, data management service and the like.
The application layer is used for displaying specific functions of the block chain network, is an important link for data storage and sharing, and can be divided into user management, authority control, resource directory management and the like according to different functions.
And each data main body can log in an interface displayed by the corresponding presentation layer through a system client to access the application layer so as to acquire information resources, including a registration interface, an operation execution interface, a query interface, an application management interface, an administrator interface and the like.
The blockchain network collects, packages and securely protects archive file related information data such as archive file related identification, archive file lending information, and archive file returning information in a decentralized manner, and anchors the information data to the blockchain. In particular, the blockchain may be implemented using a network of blockfederation chains or blockchain private chains. The nodes of the block chain continuously change the responsibility born by the network system, and only one node can never control the whole network system, namely only one accounting node can not carry out accounting. Each node is only part of the network system. The node timing of the blockchain changes roles, e.g., once every minute, and no node will permanently control any part of the network system.
In one embodiment, the block encapsulation of the data layer of the block chain may be as shown in fig. 2. The block of the blockchain includes a block Header 21(Header) and a block Body 22 (Body). The block 22 stores at least one Hash value (Hash) obtained by performing a Hash operation on data related to the execution service. The block header 21 may be packaged with information such as a current version number 211, a previous block address 212, a target hash value 213 of the current block, a solution random number 214 of a PoW (workload proof) consensus process of the current block, a Merkle root 215(Merkle-root), and a timestamp 216. Wherein, the current version number 211 is used for marking the relevant version information of software and protocol; the previous block address 212, which may also be referred to as a previous block hash value, by which each block is concatenated end to form a chain of blocks; the solution random number 214 is a value of the answer to record the decrypted block-related mathematical question; the Merkle root 215 is computed from all hash values of the data in the block 22 to verify whether the associated data exists in the block; the timestamp 216 is used to record the time when the block 20 was generated. It is understood that the structure of the block can be adjusted according to the block chain technique, for example, if the consensus process does not use the Pow consensus mechanism, the random number solution does not exist.
In one embodiment, the Block chain underlying system may be comprised of hierarchically structured blocks (blocks). The root is a Directory Block (Directory Block). These blocks form a mini chain, on which compressed references (references) are stored. In order to avoid the data size being too large, the reference in the Directory Block (Directory Block) is only the hash value of the recording Block (Entry Block).
The directory block corresponds to the first layer of the system and records the integrity (Hash value) proof block of the recording block. The directory block is created by combining all the recording blocks defined in all the servers together. Thus, each server has all recording blocks, all directory blocks, and all records (entries).
The recording Block (Entry Block) corresponds to the second layer of the system and is a Block for recording an Entry integrity (Hash value) certificate. The application seeking the record may need the record block, and the record of storing, processing, sharing, accessing and the like of all the possibly related data can be searched from one digital fingerprint. The recording block contains the electronically recorded hash value. The electronically recorded hash value simultaneously proves the existence of the data and the key to find the record in a Distributed Hash Table (DHT) network.
The recording Block (Entry Block) contains all entries associated with one chain ID. An Entry may be considered not to exist if it is associated to a recording Block (Entry Block). The design can ensure that the application program can be easily certified and can conveniently identify which entries are real and reliable.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a data processing network based on a block chain according to an embodiment of the present application. As shown in fig. 3, the data processing network 30 of the present embodiment is a blockchain network 31, wherein the data processing network 30 at least includes a user node 311, an accounting node 312 and a submitting node 313.
In an embodiment, the user node may correspond to various organization nodes related to auditing activities, such as an auditing organization, an audited unit, a tax organization, a bank, and the like. The user node corresponding to the audited unit can generate corresponding audit data based on the economic activity of the user node, and the audit data is stored in the block chain; the user node corresponding to the auditing unit can acquire the auditing data from the block chain and perform corresponding auditing operation on the auditing data, so as to generate new auditing data such as an auditing evaluation report, an auditing comment book, an auditing work manuscript and the like for auditing the audited unit, and store the new auditing data in the block chain; other user nodes such as tax agencies and banks can access and check various audit data generated by the auditing agencies and audited agencies based on the block chain. Therefore, the user node 311 is divided into a first user node 311a corresponding to an auditing agency and a second user node 311b corresponding to an audited unit according to the specific identity information of the user node 311.
Further, authoritative institution nodes such as financial institutions, regulatory agencies, etc. may be added to the blockchain as billing nodes 312. The accounting nodes 312 can perform accounting of the blockchain network, each accounting node 312 is a node having competitive accounting capability to store related information and data of transactions related to audit data generated by user nodes, such as storage, processing, addition, modification, access and the like, and each accounting node 312 stores transaction information related to audit data generated by user nodes, so that distributed storage of transaction information related to audit data generated by each user node is realized. Further, in this embodiment, the user node 311 corresponding to the auditing mechanism and the audited unit may also be reused as the accounting node 312 in the blockchain network 31 to perform the above accounting operation.
The blockchain network 31 may further include a management node 314, configured to perform identity registration for the user node 311, the accounting node 312, and the submitting node 313, and manage various auditing service functions such as identity information and data sharing policies of the user node 311, the accounting node 312, and the submitting node 313. In the present application, the management node 314 may be configured to correspond to a Certificate Authority (Certificate Authority), and when joining the blockchain network 31, the user node 311, the accounting node 312, and the submitting node 313 initiate a registration request to the Certificate Authority, and the Certificate Authority provides a digital Certificate capable of indicating identity information of the node to the corresponding node based on the registration request, where the digital Certificate may include a public key and a private key allocated to the node. After obtaining the distributed public key and private key, the node applying for registration stores the private key locally, and broadcasts the public key to the blockchain network 31.
The user node 311, the billing node 312, the submitting node 313, and the management node 314 may be any electronic device, such as a server, a mobile phone, a computer, a tablet computer, and the like, and in an embodiment, the billing node 312 is a blockchain server, and the management node 314 is an application server with a service processing capability, and may be used as a bankbook system based on a blockchain network. It is to be understood that the user node 311, the accounting node 312, the submitting node 313 and the management node 314 are communicable, the user node 311 and the management node 314 in this embodiment are regarded as blockchain nodes, for example, as lightweight accounting nodes of a blockchain, but in other embodiments, the user node 311 and the management node 314 are not limited to be blockchain nodes, that is, at least part of the user node 311 and the management node 314 do not necessarily participate in the blockchain. In addition, the distinction of the nodes is determined according to the identity information registered by the nodes. Therefore, corresponding entities of the nodes, such as an auditing organization, an audited unit, a tax administration, a bank, a financial institution, a supervision organization and the like, need to complete registration in advance on a block chain platform (in an application, the block chain is a block private chain or a block alliance chain, and the story completes identity registration on the block chain platform in advance), acquire corresponding public keys and private keys, and allow the following data processing services to be developed after the identity is determined to be trusted.
The blockchain network of this embodiment is exemplified by a alliance-chain network or a private-chain network, that is, when a node joins the blockchain network, an identity information registration needs to be performed, and only a member node of the registered identity information can access the blockchain network.
Referring to fig. 4, fig. 4 is a flowchart illustrating a block chain-based data processing method according to a first embodiment of the present application. The data processing method of this embodiment may be applied to the block chain network shown in fig. 3, and as shown in fig. 4, the data processing method of this embodiment may include the following steps:
in step S11, the first user node divides the data it generates into the first kind of data and the second kind of data according to the data content; storing the first type of data in a blockchain; and encrypting the second type of data by using the private key of the user to form a corresponding second type of data ciphertext, and sending the second type of data ciphertext to the second user node.
In this embodiment, data is taken as an example for explanation, and with reference to the blockchain network 30 shown in fig. 3, a user node corresponding to an auditing mechanism and a user node corresponding to an audited unit are both collectively referred to as a user node, and according to different identities, the user node corresponding to the auditing mechanism is taken as a first user node, and the user node corresponding to the audited unit is taken as a second user node.
The second user node generates corresponding audit data including financial reports, financial statements and the like which need to be audited when economic activities occur, and in the audit process, the second user node encrypts the generated audit data by using a private key of the second user node and uploads the encrypted audit data to a block chain for storage; at this time, when the auditing unit of the first user node and/or other user nodes want to access the auditing data, the second user node needs to approve the auditing unit. In other words, the ownership of the audit data is the second user node, the second user node may set a corresponding data access policy for the audit data uploaded thereon, when the first user node and/or other user nodes need to access the audit data, an access request needs to be initiated to the second user node, and the audit data can be accessed according to the data access policy set by the second user node after being approved by the second user node. Further, the first user node can acquire the audit data from the block chain and perform corresponding audit operation on the audit data, so as to generate new audit data including an audit evaluation report, an audit suggestion book, an audit work draft and the like. The new audit data are all generated by the first user node, and when the first user node transmits the new audit data to the block chain for storage, the new audit data are encrypted by using a private key of the first user node, in other words, the ownership of the new audit data is the first user node. However, the data content of the new audit data such as the audit evaluation report and the audit opinion book generated based on the audit data generated by the second user node in the new audit data corresponds to the second user node, that is, the access of the part of data needs to be performed based on the data access policy set by the second user node, but the access of the part of data by other user nodes is very inconvenient because the access of the part of data by the other user nodes needs to be approved by the first user node.
In the embodiment, after the first user node generates new audit data including an audit evaluation report, an audit opinion book, an audit work draft and the like, the generated new audit data is divided into first-class data and second-class data according to data content; the first type of data is audit data of a first user node corresponding to data contents such as an audit work draft, and other user nodes can access the first type of data only by approval of the first user node; the second type of data is audit data of which the data contents such as the audit evaluation report and the audit opinion book correspond to the second user node, and the part of the audit data needs to be accessed based on a data access strategy set by the second user node.
In this embodiment, the first user node encrypts the first type of data whose data content corresponds to its own private key, and stores the encrypted first type of data in the block chain. And for the second type of data, the first user node encrypts the second type of data by using the private key of the first user node to form a corresponding second type of data ciphertext and sends the second type of data ciphertext to the second user node.
In step S12, the second user node transfers ownership of the second type of data from the first user node to the second user node based on the second type of data ciphertext.
In this embodiment, the second user node receives the second type data ciphertext, that is, the second type data ciphertext can be decrypted by using the public key of the first user node, so as to obtain the corresponding second type data, and further transfer ownership of the second type data to the second user node.
Further, referring to fig. 5, as shown in fig. 5, the step S12 may include the following steps:
in step S121, the second user node decrypts the second-class data ciphertext by using the public key of the first user node, so as to obtain the second-class data.
The public key of the first user node is broadcasted to the block chain, that is, any node in the block chain can obtain the public key of the first user node. In this embodiment, after receiving the second-type data ciphertext, the second user node may decrypt the second-type data ciphertext by using the obtained public key of the first user node, thereby obtaining corresponding second-type data.
In step S122, the second type data is encrypted again using its own private key, and the second type data that is encrypted again is stored in the blockchain.
The second user node further encrypts the second type of data again by using the private key of the second user node, and stores the second type of data encrypted by the private key of the second user node in the block chain. It can be understood that, at this time, the second type data is encrypted by the private key of the second user node, in other words, other user nodes need to decrypt the second type data by using the public key of the second user node, that is, ownership of the second type data is transferred to the second user node. At this time, when other user nodes need to access the second type of data, an access request needs to be sent to the second user node, and the second type of data can be accessed according to the corresponding data access strategy after the approval of the second user node.
In the embodiment, the ownership of the second type data is transferred through the encrypted transfer of the second type data private key, so that when other user nodes need to access the second type data, only an access request needs to be sent to the corresponding user nodes with ownership, and the process of accessing the second type data by other user nodes is simplified.
Further, the present application combines with a cloud technology, and based on the block chain Platform Infrastructure shown in fig. 1, a block chain cloud audit Platform Infrastructure is also provided, as shown in fig. 6, the block chain cloud audit Platform Infrastructure of the present application combines with a basic Service mode of a cloud computing Platform, that is, Infrastructure as a Service (IaaS), Platform as a Service (PaaS, Platform as a Service), and Software as a Service (SaaS, Software as a Service), on the basis of the block chain Platform Infrastructure shown in fig. 1; the IaaS service continuously collects mass audit data of audited units in various places to a cloud database through various modes such as a standard data interface and offline uploading, and performs primary unified classification, screening, storage and access control on the data according to different audit apertures; the structured data and the unstructured data are encapsulated in hardware equipment so as to be conveniently accessed remotely by an auditing agency; the PaaS service is used for implementing fine management on audit data stored in the IaaS layer, and various analysis and visualization components are packaged according to specific audit business requirements, so that an audit organization can be facilitated to independently construct various audit business processes, and the audit efficiency is improved; the SaaS service is used for further packaging and storing audit output of the IaaS service and the PaaS service, not only is the functions of acquiring, analyzing, exchanging and the like of audit data completely deployed at the cloud end, but also the formed audit method and model, audit case, audit training and other resources are further stored, and more accurate value mining is achieved.
In addition, the basic architecture of the block chain platform in the block chain cloud audit platform basic architecture of the present application is basically the same as the block chain platform basic architecture shown in fig. 1, and the difference lies in that the data layer further includes a cloud database, and the cloud database is used for storing massive audit data so as to conveniently perform multidimensional data processing and implement data services with complex logic.
Further, referring to fig. 7, fig. 7 is a block chain cloud auditing system provided in the present application based on the block chain network shown in fig. 3 to form a data storage network 40 based on a block chain, that is, based on the block chain network 31 shown in fig. 3, the data storage network further includes a cloud database 32, and each node on the side of the block chain network 31 is shown in fig. 3, which is not described herein again. The blockchain network 31 and the cloud database 32 may perform data interaction with each other, and the user node 311 may directly store data generated or obtained by the user node in the cloud database 32.
It is understood that the first embodiment of the data processing method shown in fig. 4 to fig. 5 may also be applied to the blockchain cloud auditing system shown in fig. 7, where each node is configured with the blockchain cloud auditing platform infrastructure shown in fig. 6.
Referring to fig. 8, fig. 8 is a schematic flowchart of a first embodiment of the data storage method based on a block chain according to the present application, where the data storage method according to the present embodiment is applicable to the data storage network 40 based on a block chain shown in fig. 7, and each node is configured with the block chain cloud audit platform infrastructure shown in fig. 6. The present embodiment takes the first user node storing the first type data in the block chain as an example. As shown in fig. 8, the data storage method of this embodiment may at least include the following steps:
in step S21, the first user node screens out the sensitive data from the first type of data by using the preset sensitive field, and stores the sensitive data in the block chain.
The first user node acquires first-class data, the data content of which corresponds to the first user node and can be stored in the block chain after being encrypted by a private key of the first user node, further, corresponding sensitive data is screened out from the first-class data according to a sensitive field set by a user, and the screened sensitive data is stored in the block chain.
In this embodiment, the sensitive fields may be set by a user as required, and in this embodiment, the first type of data is audit data, and the corresponding sensitive fields may be set according to an audit part or an audited unit, an audit data keyword, and the like, including money amount, an economic activity name, an important financial statement, and the like, and data matched with the sensitive fields in the first type of data is screened out to be stored as sensitive data and in a block chain.
Further, referring to fig. 9, the storing of the sensitive data in the blockchain performed in step S21 may include the following steps:
in step S211, the first user node divides the sensitive data into a first type of sensitive data and a second type of sensitive data according to the data structure type.
In this embodiment, the sensitive data is divided into a first type of sensitive data and a second type of sensitive data according to the data structure type, specifically, the data structure type of the first type of sensitive data is structured data, and the data structure type of the second type of sensitive data is unstructured data. It can be understood that the structured data is usually structured data generated by a financial management system of a user node, which is generated by auditing data by an auditing unit, an auditing agency and the like, and is usually data such as characters, tables and the like which can be represented through a corresponding data structure, and the data capacity of the structured data is relatively small and is relatively easy to arrange and process. The unstructured data is specific audit data which is generated based on economic activities of a big data platform under big data development, has huge scale, is tedious, grows at any time, has low value density and the like, can comprise data such as pictures, videos, webpage information and various reports, and has relatively large data capacity.
In step S212, the first type of sensitive data is encrypted and stored in the blockchain, and the first type of sensitive data is encrypted and stored in the blockchain.
The first type of sensitive data is structured data, so that the data volume of the first type of sensitive data is small, and the first type of sensitive data is easy to arrange and process, so that the first type of sensitive data can be directly encrypted and then stored in the block chain. In this embodiment, the first type of sensitive data may be encrypted by using an elliptic curve algorithm, and further, the first user node encrypts the first type of sensitive data by using its own private key and using an elliptic curve algorithm.
In other embodiments, other asymmetric encryption algorithms may also be used to encrypt the first type of sensitive data, which is not specifically limited in this embodiment.
In step S213, a corresponding digital fingerprint is generated for the second type sensitive data, and the digital fingerprint is encrypted and stored in the blockchain.
The second type of sensitive data is unstructured data, so that the data volume of the second type of sensitive data is large, the formats of the second type of sensitive data are not uniform, if the second type of sensitive data is directly encrypted and stored in the block chain, the storage pressure of the block chain is increased to a great extent, and the overall processing efficiency and speed of the block chain are affected. Therefore, for the second type of sensitive data, a corresponding digital fingerprint is generated, and the digital fingerprint is encrypted and then stored in the block chain.
In the embodiment, the second type of sensitive data is subjected to Hash calculation to generate corresponding digital fingerprints, and the digital fingerprints are encrypted and then stored in a block chain; further, the first user node encrypts the second type of sensitive data by using a private key of the first user node.
In step S22, the remaining data in the first type of data is stored as non-sensitive data in the cloud database.
Further, the data left after screening in the first type of data is used as non-sensitive data, and the data is stored in the cloud database, so that it can be understood that the non-sensitive data can be encrypted when the non-sensitive data is stored in the cloud database, and the encrypted data is stored in the cloud database. The encryption algorithm used may be an asymmetric encryption algorithm such as an RSA algorithm, and the embodiment is not particularly limited.
In the embodiment, data required to be stored by a user node is divided into sensitive data and non-sensitive data by using a sensitive field, the sensitive data is further divided into first-class sensitive data and second-class sensitive data according to the data structure type, the non-sensitive data is stored in a cloud database, the sensitive data belongs to a structured data direct storage and block chain, the non-structured data is calculated into a digital fingerprint storage and block chain, the safety of sensitive data storage is improved, and meanwhile, the data storage and data processing pressure of the block chain is relatively reduced.
Further, referring to fig. 10, fig. 10 is a schematic flowchart illustrating a second embodiment of the data storage method based on a block chain according to the present application, as shown in fig. 10, the data storage method of the present embodiment may include the following steps:
in step S31, the first user node stores the first type of data in the cloud database.
In this embodiment, before the first user node performs the screening of the sensitive data on the first type of data, the first type of data is completely stored in the cloud database.
In step S32, sensitive data is screened from the first type of data by using a preset sensitive field, and the sensitive data is stored in the block chain.
Further, corresponding sensitive data are screened out from the first type of data according to sensitive fields set by the user, and the screened out sensitive data are stored in the block chain. Step S32 in this embodiment is the same as step S21 shown in fig. 8, and is not repeated here.
For sensitive data, the embodiment stores the sensitive data and the cloud database in the block chain; it can be understood that when the sensitive data is stored in the cloud database and the blockchain at the same time, a data index between the cloud database and the blockchain may be established, that is, the sensitive data identical to the sensitive data stored in the cloud database may be found from the blockchain according to the data index, and the data index may be a data guide tag. At this time, when the first user node or other user nodes needing to access the sensitive data determine that the sensitive data stored in the cloud database is missing, the same sensitive data can be searched from the block chain according to the data index, and then the searched same sensitive data is stored in the cloud database again, so that the stored data in the cloud database is rapidly recovered, and the long-term stable operation of the block chain cloud audit system is maintained.
It can be understood that the first and second embodiments of the data storage method based on the blockchain shown in fig. 8 to 10 may be applied to any user node in the blockchain network, that is, any user node may filter sensitive data by setting a sensitive field for the data to be stored, and store the sensitive data in the blockchain and the cloud database; and further storing the structured data in the sensitive data in a direct encryption storage mode, and storing the unstructured data in a digital fingerprint calculation mode.
Further, please refer to fig. 11, fig. 11 is a block chain-based data sharing method according to a first embodiment of the present application. The data sharing method of this embodiment may be applied to the blockchain network shown in fig. 3, and may also be applied to the blockchain cloud auditing system shown in fig. 7, which is not limited in this embodiment. As shown in fig. 11, the data sharing method of this embodiment at least includes the following steps:
in step S41, the first user node broadcasts a first access request corresponding to the data to be accessed to the blockchain.
In this embodiment, data to be accessed is generated by the second user node, and data whose ownership is attributed to the second user node is taken as an example for explanation. For convenience of understanding, a user node corresponding to an auditing mechanism can be used as a first user node, and a user node corresponding to an audited unit can be used as a second user node; the data to be accessed is audit data generated by the second user node based on own economic activities, or corresponding audit data such as audit evaluation reports, audit opinion books and the like.
The first user node can carry out retrieval based on the shared data resource catalog according to the access requirement of the first user node, and the second user node corresponding to the data to be accessed, the storage address of the data to be accessed and other related information are obtained according to the retrieval result. Thus, the first access request can be created based on the search result, and the first access request can be broadcasted to the blockchain. The first access request may include a public key of the first user node.
In step S42, the submitting node generates a corresponding sharing token based on the first access request and feeds back the sharing token to the first user node.
And the submitting node in the block chain can acquire the first access request and perform identity authentication on the first user node according to the first access request. After the identity of the first user node is confirmed, a corresponding sharing token can be generated, and the generated sharing token is fed back to the first user node. Wherein the shared token may comprise at least the public key of the first user node encrypted with the public key of the second user node.
In this embodiment, the behavior that the first user node broadcasts the first access request may be regarded as a transaction request, the submitting node is a transaction party corresponding to the transaction request, and the shared token generated by the submitting node may be regarded as transaction confirmation information created in response to the transaction request, so that a transaction random number may be generated based on the transaction request. The shared token of this embodiment may include the transaction random number corresponding to the first access request encrypted by the public key of the second user node.
Further, as shown in fig. 12, step S42 may include at least the following steps:
in step S421, the submitting node obtains a corresponding data access policy based on the first access request matching.
The submitting node performs identity authentication on the first user node according to the first access request, and can further acquire identity information of the first user node, so that a corresponding data access strategy can be obtained according to the identity information matching of the first user node. In this embodiment, the data access policy may be an intelligent contract, which is a data script that is deployed in the blockchain and can be automatically executed by setting a preset trigger condition. The data access policy specifies data access conditions and related specifications related to the identity information of the user node, and sets preset conditions.
In step S422, the first access request is made to trigger a preset condition of the data sharing policy, the sharing token is generated, and the sharing token is fed back to the first user node.
Further, the submitting node matches the first access request with the data sharing policy so that the request information contained in the first access request triggers a preset condition of the data sharing policy, the preset condition is triggered to indicate that the first user node can utilize the first access request, a second access request for data to be accessed is initiated based on the data sharing policy, and a corresponding sharing token is generated at the moment.
In step S43, the first user node initiates a second access request to a second user node corresponding to the data to be accessed using the shared token and the access authorization contract.
And after receiving the sharing token fed back by the submitting node, the first user node confirms that the first user node can initiate data access to the second user node, wherein the sharing token is used as confirmation information corresponding to the first access request. At this time, the first user node can also generate an access authorization policy according to the access requirement of the first user node on the data to be accessed, and encrypt the access authorization policy by using a private key of the first user node to form an access authorization contract. Therefore, the first user node can carry the sharing token and the access authorization contract to initiate a second access request to the second user node.
The access authorization policy is generated by the first user node according to the access requirement of the first user node on the data to be accessed, and the access authorization policy includes access requirements of the first user node on the access time period, the access duration, whether downloading is needed, whether adding new content is needed, and the like of the data to be accessed.
In step S44, the second user node verifies the first access request based on the sharing token, and evaluates the access authorization contract to obtain an evaluation result.
And the second user node receives a second access request carrying a shared token and an access authorization contract, wherein the shared token comprises the public key of the first user node and the transaction random number encrypted by the public key of the second user node. Thus, the second user node may validate the first access request based on the transaction random number, the public key of the first user node, and the access authorization contract, and evaluate the access authorization contract.
Further, as shown in fig. 13, step S44 may include the following steps:
in step S441, the second user node decrypts the shared token by using its own private key, obtains the public key and the transaction random number of the first user node included in the shared token, and obtains the identity information of the first user node.
The shared token comprises the public key of the first user node and the transaction random number encrypted by the public key of the second user node, so that the second user node can decrypt the shared token by using the private key of the second user node to further obtain the public key of the first user node and the transaction random number contained in the shared token. Wherein the transaction random number is a random number generated based on the first access request for preventing the request from being repeated.
In step S442, the first access request is verified according to the transaction random number, and a verification result is obtained.
The second user node verifies the first access request using the transaction random number. Specifically, when a first access request is generated in the blockchain, the first access request is regarded as a transaction request, so that a transaction random number (nonce) is generated, the numerical value of the transaction random number is increased from 0 along with the increase of the transaction times, 1 is added to the numerical value of the transaction random number every time the transaction times are increased, and in the blockchain, only after the transaction processing corresponding to the transaction random number with the smaller previous numerical value is completed, the transaction corresponding to the transaction random number with the larger subsequent numerical value is processed. Therefore, whether the numerical value of the transaction random number corresponding to the first access request at the moment is larger than the numerical value of the transaction random number corresponding to the access request processed before or whether a jump interval occurs in the numerical value of the transaction random number can be judged, the first access request is verified, if the numerical value of the transaction random number is larger than the numerical value of the transaction random number corresponding to the access request processed before and the jump interval does not occur in the numerical value of the transaction random number, the verification result of verifying the first access request is verification pass, and the subsequent step S443 can be continuously executed based on the first access request, otherwise, the verification result of verifying the first access request is verification fail, and the subsequent step is not executed based on the first access request.
In step S443, the access authorization contract is decrypted by using the obtained public key of the first user node, and a corresponding access authorization policy is obtained.
When the verification result obtained in step S442 is that the verification passes, the second user node further decrypts the access authorization contract by using the public key of the first user node obtained in step S441 to obtain a corresponding access authorization policy; and proceeds to step S444 based on the access authorization policy.
In step S444, the access authorization contract is evaluated by using the identity information of the first user node and the access authorization policy, and an evaluation result is obtained.
The second user node evaluates the access authorization contract according to the identity information of the first user node obtained in step S441 and the access authorization policy obtained in step S443, and obtains an evaluation result.
Further, as shown in fig. 14, the step S444 may include the steps of:
in step S4441, the data access right specified by the block chain to the first user node is confirmed according to the identity information of the first user node.
The block chain is provided with corresponding data access authority according to the unused identity information of the user node, for example, the user node with the identity information of an audit part can have larger data access authority, the access time period of the data to be accessed can be any time period, the access time period can be half a month or even one month, and the like, and the data to be accessed can be downloaded, and new content can be added; the access time period of the user node with the identity information of the common data user to the data to be accessed can only be a specified certain time period, the access time can be days or a week, the data to be accessed cannot be downloaded, new contents cannot be added, and the like.
Therefore, the second user node can acquire the specified data access authority of the first user node from the block chain according to the identity information of the first user node.
In step S4442, it is determined whether the access requirement for the data to be accessed included in the access authorization policy matches the data access right.
Further, whether an access authorization policy formed by the first user node according to the access requirement of the first user node is within a data access authority of a specified first user node is judged, for example, whether an access time period recorded in the access authorization policy is within a time period specified in the data access authority, whether an access duration recorded in the access authorization policy does not exceed an access duration specified in the data access authority, and the like are judged, and whether the access authorization policy is matched with the data access authority is further judged. If the access request recorded in the access authorization policy is within the data access authority of the specified first user node, continuing to execute step S4443; otherwise, step S4444 is performed.
In step S4443, it is determined that the evaluation result is that the access authorization contract passes the evaluation.
If the access request recorded in the access authorization policy is within the data access right of the predetermined first user node, it indicates that the access request of the first user node does not exceed the predetermined data access right, and the evaluation result indicates that the access authorization contract passes the evaluation, so that the step S35 may be continuously executed.
In step S4444, it is determined that the evaluation result is that the access authorization contract is not evaluated.
If the access request recorded in the access authorization strategy exceeds the data access authority of the specified first user node, if the evaluation result is that the access authorization contract is not evaluated, the subsequent steps are stopped to be executed, and information that the access request does not accord with the specification can be fed back to the first user node.
In step S45, when the evaluation result is that the access authorization contract passes the evaluation, the first user node accesses the data to be accessed according to the access authorization contract.
When the evaluation result is that the access authorization contract passes the evaluation, that is, the second user node completes the identity authentication of the first user node and the approval of the access request, so that the first user node can access the data to be accessed according to the access requirement specified in the access authorization contract, and can correspondingly perform operations such as sharing, downloading, content adding and the like on the data to be accessed.
Further, in this embodiment, the data that the second user node needs to store may be stored in the manner described in the first embodiment and the second embodiment of the block chain based data storage method shown in fig. 8 to fig. 10, that is, all data of the second user node is stored in the cloud database, further, the sensitive data is also stored in the block chain, the first type of sensitive data is directly encrypted and stored in the block chain, and the second type of sensitive data is stored in the block chain in the manner of digital fingerprint. Correspondingly, when the first user node accesses the second user node, the first user node can preferentially acquire required data from the cloud database, so that the data acquisition process can be simplified; if the data in the cloud database is missing, the data can be further acquired from the block chain, and the acquired data is stored in the cloud database again.
In this embodiment, the first user node needs to broadcast a transaction corresponding to data access to the whole network, and after the submitting node authenticates the first user node according to the transaction, a sharing token is generated; the first user node can initiate a data access request to the second user node based on the shared token after obtaining the shared token, and can perform data access after the second user node is verified and evaluated, so that the safety and the compliance of data circulation in the blockchain network are improved.
Further, please refer to fig. 15, fig. 15 is a flowchart illustrating a block chain-based data sharing method according to a second embodiment of the present invention. The data sharing method of the present embodiment is proposed on the basis of the data sharing methods shown in fig. 11 to 14, and as shown in fig. 15, the present embodiment may include the following steps:
in step S51, the first user node broadcasts a first access request corresponding to the data to be accessed to the blockchain.
In step S52, the submitting node generates a corresponding sharing token based on the first access request and feeds back the sharing token to the first user node.
In step S53, the first user node initiates a second access request to a second user node corresponding to the data to be accessed using the shared token and the access authorization contract.
In step S54, the second user node verifies the first access request based on the sharing token, evaluates the access authorization contract, and sends the evaluation result to the submitting node.
Steps S51 to S53 in this embodiment are the same as steps S41 to S43 in the first embodiment of the data sharing method shown in fig. 11 to 13, and are not repeated herein. Further, step S54 is similar to step 44 shown in fig. 11 to 14, except that after obtaining the evaluation result, the second user node sends the evaluation result to the submitting node, and the submitting node allows or disallows the first user node to access the data to be accessed according to the evaluation result.
In step S55, the commit node passes the data sharing interface for the first user node to the data to be accessed.
After the submitting node obtains the evaluation result sent by the second user node, if the evaluation result is that the access authorization contract passes the evaluation, the data sharing interface of the data to be accessed by the first user node is released, and thus the step S56 is continued.
In step S56, the first user node accesses the data to be accessed according to the access authorization contract.
After the submitting node releases the data sharing interface of the first user node for the data to be accessed, the first user node can access the data to be accessed through the data sharing interface according to the access authorization contract.
In step S57, the commit node blocks the data sharing interface of the first user node to the data to be accessed.
And after the submitting node acquires the evaluation result sent by the second user node, if the evaluation result is that the access authorization contract does not pass the evaluation, blocking the data sharing interface of the first user node to the data to be accessed, and ending the process.
Further, please refer to fig. 16, fig. 16 is a schematic structural diagram of an embodiment of an electronic device according to the present application. As shown in fig. 16, the electronic device 160 of this embodiment may be the user node 411, the accounting node 412, the submitting node 313, or the management node 314 shown in fig. 3 or fig. 7. The electronic device 160 may be embodied as a computer, a mobile phone, a tablet computer, or the like corresponding to the user node 411, the accounting node 412, the submitting node 313, or the management node 314. The electronic device 160 of the present embodiment is deployed with a blockchain platform infrastructure as shown in fig. 1 or a blockchain cloud auditing infrastructure as shown in fig. 6, and can join in a blockchain network as a node in the blockchain network.
Further, the electronic device 160 of the present embodiment may include a processor 1601 and a memory 1602 disposed inside the electronic device 160, wherein the processor 1601 and the memory 1602 are connected by a bus. The memory 1602 stores computer instructions executable by the processor 1601, and the processor 1601 executes the computer instructions to implement any one or more of the first embodiment of the blockchain-based data processing method shown in fig. 4 to 5, the first and second embodiments of the blockchain-based data storage method shown in fig. 8 to 10, and the first and second embodiments of the blockchain-based data sharing method shown in fig. 11 to 15.
Further, please refer to fig. 17, fig. 17 is a schematic structural diagram of an embodiment of a storage medium according to the present application. As shown in fig. 17, the storage medium 170 in this embodiment stores therein a computer instruction 1701 capable of being executed, and the computer instruction 1701 is executed to implement any one or more of the first embodiment of the block chain based data processing method shown in fig. 4 to 5, the first and second embodiments of the block chain based data storage method shown in fig. 8 to 10, and the first and second embodiments of the block chain based data sharing method shown in fig. 11 to 15.
In this embodiment, the storage medium 170 may be a storage medium with a storage function, such as a storage module of an intelligent terminal, a mobile storage device (e.g., a mobile hard disk, a usb disk, etc.), a network cloud disk, an application storage platform, or a server. In addition, the storage medium may also be a storage device of a terminal corresponding to the user node 311 shown in fig. 3 or fig. 7, or a server corresponding to the accounting node 312, the submitting node 313, and the management node 314; or memory 1602 as shown in figure 16.
The scheme can realize the following beneficial effects:
(1) the audit data are encrypted by using an asymmetric encryption algorithm in the circulation process, only the private key of the authorization node can be decrypted to obtain corresponding audit data, and part of the audit data are subjected to uplink storage in a digital fingerprint mode, so that the data decryption difficulty is further increased, the data security is strengthened, and the data feasibility is improved.
(2) Key financial certificates, receipts and major contracts are stored as digital assets in a chaining mode through sensitive fields, different consulting authorities are set according to the responsibility of an auditing main body, the data are communicated in a multi-party secure sharing mode across time and space while the auditing data privacy is protected, a shared log cannot be tampered and traced, besides, an auditing result is recorded into a block chain and is associated with an audited unit, digital preservation is achieved, a real-time decision-making basis is provided for benefit relatives, and therefore data circulation load is reduced, and auditing time is saved.
(3) After being identified, the abstract content of the audit data is booked on a block chain, the authenticity of an audit data source is checked through cross check, and meanwhile, the abnormal record is automatically marked and processed, so that real-time audit is completed; the highly programmable script is used for coding the audit model, relevant audit data cleaning and data analysis are automatically executed according to a specific audit object and a preset time period, subjective audit data validity judgment of an audit worker is eliminated, and the whole audit process and results are more fair, objective and reliable.
(4) Distributed storage of block chain cloud audit system, every node all possess unanimous data account book, not only solve traditional audit when carrying out this frequency data processing, system load is high, the functioning speed is slow scheduling problem, can also improve audit speed, reduce the high volume fortune dimension expense of server through sharing audit work load to different nodes.
(5) The chain audit data is associated with a producer of the audit data, a programmable data access strategy is formulated by an audit main body, when data transaction is initiated, the data transaction needs to be broadcast to the whole network and approved by a certain number of nodes, and then the data transaction is allowed to be effectively accessed, so that the use compliance and safety of the audit data are ensured.
In the description above, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

Claims (8)

1. A data storage method based on a block chain is characterized by comprising the following steps:
the first user node divides the data to be stored into first class data and second class data according to the data content;
the first user node encrypts the second type of data by using a private key of the first user node to form a corresponding second type of data ciphertext and sends the second type of data ciphertext to a second user node, so that the second user node transfers the ownership of the second type of data from the first user node to the second user node based on the second type of data ciphertext;
the first user node screens out sensitive data from first type data to be stored by using a preset sensitive field;
the first user node divides the sensitive data to be stored into first type sensitive data and second type sensitive data according to the data structure type;
encrypting the first type of sensitive data and storing the encrypted first type of sensitive data in a block chain;
and generating a corresponding digital fingerprint for the second type of sensitive data, and encrypting the digital fingerprint and storing the encrypted digital fingerprint in the block chain.
2. The data storage method of claim 1,
the data structure type of the first type of sensitive data is structured data; the data structure type of the second type of sensitive data is unstructured data.
3. The data storage method of claim 1,
the data storage method further comprises the following steps:
and storing the first type of data in a cloud database.
4. The data storage method of claim 3,
the data storage method further comprises the following steps:
when the first user node determines that the sensitive data stored in the cloud database are missing, corresponding sensitive data are obtained from the block chain according to the data index, and the obtained corresponding sensitive data are stored in the cloud database again.
5. The data storage method of claim 1,
the encrypting the first type of sensitive data and storing the encrypted first type of sensitive data in a block chain includes:
encrypting the first type of sensitive data by using an elliptic curve algorithm, and storing the encrypted first type of sensitive data in a block chain;
generating a corresponding digital fingerprint for the second type sensitive data, encrypting the digital fingerprint and storing the encrypted digital fingerprint in the block chain, wherein the steps of:
and performing Hash calculation on the second type of sensitive data to generate corresponding digital fingerprints, and encrypting the digital fingerprints and then storing the encrypted digital fingerprints in the block chain.
6. The data storage method of claim 5,
the elliptic curve algorithm encryption of the first type of sensitive data comprises the following steps:
carrying out elliptic curve algorithm encryption on the first type of sensitive data by using a private key of the first user node;
the encrypting the digital fingerprint and storing the encrypted digital fingerprint in the block chain includes:
and encrypting the digital fingerprint by using a private key of the first user node and then storing the encrypted digital fingerprint in the block chain.
7. An electronic device comprising a memory and a processor coupled to each other, wherein,
the memory is used for storing computer instructions executed by the processor;
the processor is configured to execute the computer instructions stored by the memory to implement the data storage method of any one of claims 1-6.
8. A storage medium storing computer instructions executable by a processor to perform the data storage method of any one of claims 1 to 6.
CN201811418529.XA 2018-11-26 2018-11-26 Block chain-based data storage method, electronic device and storage medium Active CN109525671B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811418529.XA CN109525671B (en) 2018-11-26 2018-11-26 Block chain-based data storage method, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811418529.XA CN109525671B (en) 2018-11-26 2018-11-26 Block chain-based data storage method, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN109525671A CN109525671A (en) 2019-03-26
CN109525671B true CN109525671B (en) 2021-05-14

Family

ID=65793822

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811418529.XA Active CN109525671B (en) 2018-11-26 2018-11-26 Block chain-based data storage method, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN109525671B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110020553A (en) * 2019-04-12 2019-07-16 山东浪潮云信息技术有限公司 A kind of method and system for protecting sensitive data
CN110263031A (en) * 2019-05-07 2019-09-20 深圳壹账通智能科技有限公司 Trading platform data processing method, device, computer equipment and storage medium
CN111066019B (en) * 2019-05-15 2023-05-16 创新先进技术有限公司 Processing data elements stored in a blockchain network
CN110245947B (en) * 2019-05-20 2021-08-24 创新先进技术有限公司 Receipt storage method and node combining conditional restrictions of transaction and user types
CN110264193B (en) * 2019-05-20 2021-05-18 创新先进技术有限公司 Receipt storage method and node combining user type and transaction type
WO2020233421A1 (en) * 2019-05-20 2020-11-26 创新先进技术有限公司 Object-level receipt storage method and node based on code marking
CN110334536A (en) * 2019-05-30 2019-10-15 深圳壹账通智能科技有限公司 Data save method, device and computer equipment based on block chain
CN110675145A (en) * 2019-08-22 2020-01-10 中国平安财产保险股份有限公司 Data processing method and device based on block chain, terminal and storage medium
CN110784521B (en) * 2019-09-30 2022-05-27 远光软件股份有限公司 Block chain consensus method, electronic device and storage medium
CN111147575B (en) * 2019-12-25 2022-12-13 山东公链信息科技有限公司 Data storage system based on block chain
CN111506651A (en) * 2020-04-15 2020-08-07 中国银行股份有限公司 Data storage method and device
CN111538786B (en) * 2020-04-24 2021-01-05 上海简苏网络科技有限公司 Block chain data desensitization and tracing storage method and device
CN112566109A (en) * 2020-06-05 2021-03-26 宗陈星 Communication data processing method, system and platform based on artificial intelligence and block chain
CN111858520B (en) * 2020-07-21 2024-03-22 杭州溪塔科技有限公司 Method and device for separately storing block chain node data
CN112153047B (en) * 2020-09-24 2021-05-18 国网区块链科技(北京)有限公司 Block chain-based network security operation and maintenance and defense method and system
CN112468577B (en) * 2020-11-25 2021-11-02 上海欧冶金融信息服务股份有限公司 Data controllable sharing method and system based on data mapping relation
CN112507355B (en) * 2020-12-04 2024-04-02 钟爱健康科技(广东)有限公司 Personal health data storage system based on block chain
CN112506860B (en) * 2020-12-15 2024-02-27 中国银行股份有限公司 Collaborative audit method, device and system based on blockchain
CN113268763B (en) * 2020-12-28 2023-09-15 上海零数众合信息科技有限公司 Distributed privacy data storage method based on blockchain
CN113051625B (en) * 2021-03-24 2024-02-20 中国工商银行股份有限公司 Data storage method and device based on blockchain
CN114860730A (en) * 2022-05-17 2022-08-05 北京新五好农业科技有限公司 Land data storage method, system and storage medium based on block chain
CN115277593A (en) * 2022-07-13 2022-11-01 葛莺燕 Method and system for safely storing data under link based on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN107368750A (en) * 2017-06-23 2017-11-21 雷虹 The implementation method and device of electronic health record based on block chain
CN107426170A (en) * 2017-05-24 2017-12-01 阿里巴巴集团控股有限公司 A kind of data processing method and equipment based on block chain
CN108197505A (en) * 2017-12-29 2018-06-22 泰康保险集团股份有限公司 Block chain business data processing method, device and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016160850A1 (en) * 2015-03-30 2016-10-06 Iperial, Inc. System and method for authenticating digital content

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN107426170A (en) * 2017-05-24 2017-12-01 阿里巴巴集团控股有限公司 A kind of data processing method and equipment based on block chain
CN107368750A (en) * 2017-06-23 2017-11-21 雷虹 The implementation method and device of electronic health record based on block chain
CN108197505A (en) * 2017-12-29 2018-06-22 泰康保险集团股份有限公司 Block chain business data processing method, device and electronic equipment

Also Published As

Publication number Publication date
CN109525671A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
CN109450910B (en) Data sharing method based on block chain, data sharing network and electronic equipment
CN109525671B (en) Block chain-based data storage method, electronic device and storage medium
CN109753815B (en) Data processing method based on block chain, data processing network and electronic equipment
US11580240B2 (en) Protecting sensitive data
KR20220044306A (en) Partially-aligned blockchain
US20210029163A1 (en) Security layer for configuring blockchain
US11269863B2 (en) Index structure for blockchain ledger
US11949794B2 (en) Data anonymization of blockchain-based processing pipeline
US11228424B2 (en) Blu-ray copy service
US20220138550A1 (en) Blockchain for artificial intelligence training
US20220329411A1 (en) Blockchain processing offload to network device
CN114357490A (en) Data sharing method, device and system based on block chain
KR20230005353A (en) Sanctioned Events in a Decentralized Database
US11310311B2 (en) Media obfuscation
US11271742B2 (en) Decentralized secure data sharing
US11356260B2 (en) Decentralized secure data sharing
CN113597608A (en) Trusted platform based on block chain
CN113302612A (en) Trusted platform based on block chain
US20230091686A1 (en) Digital asset platform with hsm verification
US20230208640A1 (en) Selective audit process for privacy-preserving blockchain
US11343085B2 (en) Threshold encryption for broadcast content
US11088833B1 (en) Decentralized secure data sharing
US11379594B2 (en) Media obfuscation
US20210342291A1 (en) Data archive
Alhazmi Blockchain-based System for Big Data Security and Management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant