CN110096542A - Data verification processing method, device, system and the medium of decentralization - Google Patents
Data verification processing method, device, system and the medium of decentralization Download PDFInfo
- Publication number
- CN110096542A CN110096542A CN201910357691.3A CN201910357691A CN110096542A CN 110096542 A CN110096542 A CN 110096542A CN 201910357691 A CN201910357691 A CN 201910357691A CN 110096542 A CN110096542 A CN 110096542A
- Authority
- CN
- China
- Prior art keywords
- data
- computing device
- trust computing
- unit
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses data verification processing method, device, system and the media of a kind of decentralization.This method comprises: receiving the data analysis request that data user initiates;According to data analysis request, from one or more data centers, by the reading data of at least one data unit needed for analysis to the trusted storage space of trust computing device;Based on the data fingerprint of each data unit stored in block chain network, the data of reading are verified, if the verification passes, then confirm that the data of reading are effective;The data of reading are analyzed and processed based on the parser run in trust computing device according to data analysis request, to generate processing result, are stored in the trusted storage space;Processing result is fed back into data user.Technical solution provided in an embodiment of the present invention may be implemented data aggregate analysis processing, and ensure the credibility and safety of Data Analysis Services process, while reducing the calculation amount of data verification.
Description
Technical field
The present embodiments relate to data processing technique more particularly to a kind of data verification processing method of decentralization,
Device, system and medium.
Background technique
In big data era, various initial data, secondary treatment data are all the intangible assets for having economic value.All kinds of enterprises
Between industry user, oneself some data can either be provided, it is also desirable to which other enterprise customers share some data, therefore number occur
According to center.The data of oneself are provided to data center by various users, for other users payment or free trial.
In data center, data are all centralized processings.Sharing can not only be facilitated, additionally it is possible to carry out based on more parts of data
Conjoint Analysis processing, this greatly improves the ability and efficiency of data processing, also provides the side of richer data processing
Formula.
But there is also certain defects for the processing mode of data center: all data to be handled must quilt
Data center is stored, data center could be handled based on respective algorithms, output processing result.However, in big data
Generation, data are all the wealth of enterprise's preciousness, and enterprise is not desired to that the data center not controlled by itself data can not be put into, has gone
At data analysis and process.However, there is the demand that data are carried out to Conjoint Analysis between enterprise again.The prior art needs to provide
It is a kind of to solve above-mentioned contradictory data processing scheme.
Summary of the invention
The embodiment of the present invention provides data verification processing method, device, system and the medium of a kind of decentralization, to realize
Data aggregate analysis processing, and ensure the credibility and safety of Data Analysis Services process, while reducing data verification
Calculation amount.
In a first aspect, the embodiment of the invention provides a kind of data verification processing methods of decentralization, by trust computing
Device executes, and the trust computing device is based on hardware realization trusted computation environment, this method comprises:
Receive the data analysis request that data user initiates;
According to the data analysis request, from one or more data centers, by least one data needed for analysis
The reading data of unit is to the trusted storage space of the trust computing device;
Based on the data fingerprint of each data unit stored in block chain network, the data of reading are tested
Card, if the verification passes, then confirms that the data of reading are effective;
According to the data analysis request, based on the parser run in the trust computing device, to the number of reading
According to being analyzed and processed, to generate processing result, it is stored in the trusted storage space;
The processing result is fed back into the data user.
Second aspect, the embodiment of the invention also provides a kind of data verification processing units of decentralization, and being configured at can
Believe in computing device, the trust computing device is based on hardware realization trusted computation environment, which includes:
Analysis request receiving module, the data analysis request that user initiates for receiving data;
Data read module is used for according to the data analysis request, from one or more data centers, by analyzing
The reading data of at least one data unit needed is to the trusted storage space of the trust computing device;
Data Verification module, for the data fingerprint based on each data unit stored in block chain network, to reading
The data verified, if the verification passes, then confirm that the data of reading are effective;
Data processing module, for being divided based on what is run in the trust computing device according to the data analysis request
Algorithm is analysed, the data of reading are analyzed and processed, to generate processing result, are stored in the trusted storage space;
Processing result feedback module, for the processing result to be fed back to the data user.
The third aspect, the embodiment of the invention also provides a kind of trust computing devices, comprising:
One or more processors;
One or more memories, as trusted storage space, for storing one or more programs, wherein the place
Device and the memory is managed to realize based on reliable computing technology;
When one or more of programs are executed by one or more of processors, so that one or more of processing
Device realizes the data verification processing method of decentralization described in first aspect.
Fourth aspect, the embodiment of the invention also provides a kind of data verification processing system of decentralization, the system packets
It includes:
Multiple data centers, the privately owned memory space of each data center is for storing data;
One or more trust computing devices, the trust computing device is using the dress of trust computing described in the third aspect
It sets.
5th aspect, the embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer
Program realizes the data verification processing method of decentralization described in first aspect when the program is executed by processor.
Data verification processing method, device, system and the medium of decentralization provided in an embodiment of the present invention, pass through basis
The data analysis request that the data user received initiates, can be required at least by analysis from one or more data centers
The reading data of one data unit is to the trusted storage space of trust computing device;Later, based on being stored in block chain network
Each data unit data fingerprint, the data of reading are verified, if the verification passes, then confirm that the data of reading have
Effect;And in the case where confirming the effective situation of data, according to the data analysis request, calculated based on the analysis run in trust computing device
Method is analyzed and processed the data read from one or more data centers, and then generates processing result, is stored in credible
Memory space simultaneously feeds back to data user.This programme can be guaranteed in each data center by utilizing trust computing device
Data will not be stored in the insincere memory space of other data centers;It can also be achieved data aggregate analysis processing simultaneously, and
Ensure the credibility and safety of Data Analysis Services process;And the data fingerprint of each link is recorded using block chain network
Deng, it is ensured that data fingerprint is not tampered, and convenient for the inquiry such as data center, data user and trust computing device and
Verifying.In addition, the present embodiment by data unit as a whole, carry out the verifying of data fingerprint, it is possible to reduce data fingerprint
Calculation amount, and then the demand to trusted storage free storage capacity can be reduced.
Detailed description of the invention
Fig. 1 is a kind of data processing system architecture diagram for decentralization that the embodiment of the present invention is applicable in;
Fig. 2 is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention one;
Fig. 3 A is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention two;
Fig. 3 B is a kind of schematic diagram of the B-tree tree provided in the embodiment of the present invention two;
Fig. 4 is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention three;
Fig. 5 is a kind of structural representation of the data verification processing unit of the decentralization provided in the embodiment of the present invention four
Figure;
Fig. 6 is a kind of structural schematic diagram of the trust computing device provided in the embodiment of the present invention five;
Fig. 7 is a kind of data verification processing system structural schematic diagram of the decentralization provided in the embodiment of the present invention six.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Before introducing various embodiments of the present invention, first system architecture involved in the embodiment of the present invention is illustrated.Such as
Shown in Fig. 1, the data processing system framework 100 of the decentralization of the present embodiment may include: multiple data centers 110, one
Or multiple trust computing devices 120.
Wherein, each data center 110 belongs to the main body of a publication data, such as some enterprise, corresponding, data
Center can be the calculating equipment or cluster device that the enterprise dominant is possessed, and the data for being issued the enterprise dominant are deposited
Storage is controlled in privately owned memory space, and by the management of the enterprise dominant, and then can guarantee data in controlled range.Further
, data center 110 is believable for owned enterprise's main body, but is incredible for other main bodys.
Trust computing be calculate and communication system etc. in be widely used based on credible under hardware security module support
Platform is calculated, to improve the safety of system entirety;Trust computing device 120 can be the equipment configured with credible device, such as band
The calculating equipment of the processor (being suitable for Internet environment) of SGX (Software Guard Extensions), or have
The mobile terminal etc. of TEE (Trusted Execution Environment).The features such as big based on Data Analysis Data amount, this
In embodiment, trust computing device 120 is preferably the calculating equipment configured with credible device.Further, trust computing device
120 can be based on a kind of trusted computation environment of hardware realization, realize specifically by hardware technology and guarantee memory space and calculating
The believable environment of process, trusted computation environment can protect operate in code therein and data etc. will not be by any external software
It distorts and steals.
Illustratively, trust computing device 120 can be one, and the data that can read all data centers 110 are gone forward side by side
Row Conjoint Analysis processing;It can also be multiple, it can be based on existing parallel processing manner collaboration processing data, to improve data
Analyze the efficiency etc. of processing.In the present embodiment, using trust computing device, it can guarantee that the data in each data center will not deposit
Enter in the insincere memory space of other data centers;Simultaneously in the present embodiment, one or more trusted computation environments are equivalent to
Virtual combination Modeling Platform based on multiple data centers is, it can be achieved that data aggregate analysis is handled, and is ensured at data analysis
The credibility and safety of reason process.In addition, trust computing device can be the calculating independently of data center in the present embodiment
Equipment can also be the local space being integrated in inside data center, guarantee credibility by hardware technology.
Optionally, the data processing system framework of the decentralization of the present embodiment can also include block chain network 130, use
In recording the data fingerprint and relevant information of each link, for example, can be used for recording the data fingerprint of the issued data of data center
With relevant data specifying-information, it is convenient for data center and the inquiry of trust computing device and verifying etc..In addition, also based on block chain
It is capable of the entire process of monitoring data Conjoint Analysis processing, and then guarantees the orderly progress of entire process for using.
Optionally, the data processing system framework of the decentralization of the present embodiment can also include that (Fig. 1 is not by data user
It shows).Wherein, data user refers to the main body for needing to be analyzed and processed using data, such as some enterprise etc..It is exemplary
, data user can be the enterprise of some data center, and corresponding data center can be the data for constituting decentralization
One in processing system framework, and then data user can be participated in the system based on the data center belonging to it, be realized
Data analyzes demand;In addition, data user may not be the affiliated main body of data center, it can not be composition and go to center
Any one of the data processing system framework of change data center, data user can be advised based on the participation of the default
Then, it participates in the system, accesses, and then realize that data analyzes demand.
Embodiment one
Fig. 2 is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention one, this
Embodiment is applicable to the situation for being analyzed and processed, verifying to data etc., is particularly suitable at the data based on decentralization
Manage one or more trust computing devices, multiple data centers, data user and the block chain network etc. in system architecture
Between interaction data are analyzed and processed and analysis is handled needed for the scene verified of data, to solve existing base
In the contradictory data processing method of data center.The technical solution of the embodiment of the present invention is executed by trust computing device,
In, trust computing device is based on hardware realization trusted computation environment.This method can be by the data verification processing unit of decentralization
It executes, which can be configured in the calculating equipment of trust computing device, realized in a manner of hardware and/or software.
Referring to fig. 2, this method can specifically include:
S210 receives the data analysis request that data user initiates.
In the present embodiment, data analysis request can be data user when with data analysis requirements, to credible meter
Calculate the request that device is initiated.It is specifically as follows data user when with data analysis requirements, passes through the data belonging to it
Center, based on the communication mechanism of setting to request transmitted by trust computing device;There can also be number for data user
When according to analysis demand, the request initiated by block chain network to trust computing device, for requesting block chain network should
Data analysis request is stored in block chain, and the data analysis request is sent to trust computing device;It can also be data
For user when with data analysis requirements, the communication mechanism based on setting is directly to request transmitted by trust computing device
Deng.
In the present embodiment, it is empty that the data that each data center can issue its affiliated main body are stored in local privately owned storage
Between in, while can based on the data fingerprint method of determination of setting, determine publication data data fingerprint;Then can according to really
The storage location of fixed data fingerprint and relevant data specifying-information such as data, storage time, Data Identification, publisher's mark
Knowledge and outline information introduction etc. generate data publication transactions requests, and are sent to block chain network, to request block chain network
By data fingerprint and relevant data specifying-information associated storage.Wherein, Data Identification is one and plays the role of unique identification
Identifier, if data in the privately owned memory space of data center are stored based on key-value pair, Data Identification be can be
Key mark;Publisher's mark can be the uniqueness identifier for proving data publisher's identity, such as can be publisher
ID, corresponding if publisher is enterprise, publisher's mark can be enterprise ID etc.;Outline information introduction is for briefly introducing number
According to purposes (that is data can be used for that does), the field that can be applied etc..
Data user can be inquired from block chain when with data analysis requirements by interacting with block chain network
The data specifying-information of each data center publication, to know that each data center can provide depositing for which data and data
Storage space is set, and then can be according to the actual analysis demand etc. of itself, data needed for determining analysis;Meanwhile data user can
By being interacted with trust computing device, to know parser that trust computing device is capable of providing;It then can be according to itself
Actual analysis demand, analyze the parser that required data and trust computing device are capable of providing, determine analysis mould
Type;And the data analysis request including analysis model is generated, and initiate to trust computing device.And then trust computing device can connect
The data analysis request that data user initiates is received, includes analysis model in data analysis request optionally.
S220, according to data analysis request, from one or more data centers, by least one data needed for analysis
The reading data of unit is to the trusted storage space of trust computing device.
In the present embodiment, the trusted storage space of trust computing device refers to that trust computing device is preset, can use
In storage from storage medium required for the data that each data center reads, can be any large capacity can be by each data
The storage equipment that center is trusted such as can be memory storage space, caching etc..There is the access rate etc. being exceedingly fast due to caching
Characteristic, therefore convenient for quickly analyzing data, the trusted storage space of trust computing device is preferably slow in the present embodiment
It deposits.
It should be noted that if some trust computing device is located at the calculating equipment or cluster device of a data center
In, since the data that the trust computing device is read may be other data centers, leaking data in order to prevent, usually
Trust computing device is not allowed the data in caching to be written in the privately owned memory space such as disk of the data center where it.But
It is that under some special screnes, such as security classification requires lower data, can be written into.
In the present embodiment, data unit is data center according to actual demand, and the granularity of division for the data issued to it is true
Fixed.Illustratively, data unit can be the minimum unit of physical storage data structure.For example, physical storage data structure
For key-value pair storage organization, then minimum unit is key-value pair.Further, the data that data center can also be issued divide
It is stored for multiple data blocks, then data unit can also be that data block, each data block may include multiple minimum units.
Specifically, trust computing device receive data user initiation data analysis request after, can basis
The data of at least one data unit specified by analysis model and its storage location etc. in data analysis request, from storage location
It is read data in trusted storage space in one or more data centers at place.
Illustratively, according to data analysis request, from one or more data centers, at least one required will be analyzed
The trusted storage space of the reading data of data unit to trust computing device may include, according to data analysis request, determining
It can provide one or more data centers of data needed for analyzing, and be sent to it data read request, which is used for one
Or data are transferred to the trusted storage space of trust computing device by multiple data centers from privately owned memory space.
S230 tests the data of reading based on the data fingerprint of each data unit stored in block chain network
Card, if the verification passes, then confirms that the data of reading are effective.
In the present embodiment, data fingerprint is a kind of anti-fake signature scheme, has uniqueness effect;Optionally, each data
It may include the data of one or more data units in every part of data of center publication, each data unit uniquely corresponds to one
Data fingerprint.Specifically, if a data unit is a data block, each data center, the every number that can be issued
According to multiple data blocks are divided into, for each data block, one can be generated according to set algorithm based on the full dose content of the data block
A data fingerprint;If a data unit is a minimum unit, each data center, in every part of data of its publication
Each minimum unit, a data fingerprint can be generated according to set algorithm based on the data content of the minimum unit.Wherein,
Set algorithm is that each data center makes an appointment, and for generating the algorithm of data fingerprint, such as can be hash algorithm.
Specifically, in order to guarantee read data be it is effective, trust computing device from one or more data centers,
After the reading data to the trusted storage space of trust computing device of at least one data unit needed for analysis, Ke Yicong
The data fingerprint of at least one data unit needed for obtaining analysis in block chain;And based on each data unit needed for analysis
Full dose content calculate the data fingerprint of each data unit according to set algorithm;The data fingerprint being then calculated,
The data fingerprint of each data unit needed for analyzing with the acquisition obtained from block chain carries out uniformity comparison, if unanimously,
Then determine that read data are effective;It is inconsistent if it exists, that is to say, that some/data fingerprints of certain data units not
Unanimously, then the inconsistent data unit of data fingerprint can be lost.
Further, it is also possible to be number of the trust computing device from one or more data centers one data unit of every reading
According to then the full dose content based on the data unit calculates the data fingerprint of the data unit according to set algorithm, then will meter
The data fingerprint of the data unit stored in obtained data fingerprint, with block chain carries out uniformity comparison.According to this behaviour
Make, until all data needed for analysis all read and verified.
It should be noted that as a whole by data unit such as data block, carrying out data fingerprint in the present embodiment
When verifying, the calculating of a data fingerprint need to be only carried out, it is possible to reduce the calculation amount of data fingerprint, and then can reduce and be deposited to credible
Store up the demand of free storage capacity.
S240, according to data analysis request, based on the parser run in trust computing device, to the data of reading into
Row analysis processing, to generate processing result, is stored in trusted storage space.
In the present embodiment, parser refers in system architecture creation or in operational process, by the most of participation
Negotiate to approve under the approval of number/all data centers such as line, the data analysis algorithm that determining trust computing device can be supported;
Convenient for subsequent use, the analysis code for the parser that approved by most of/all data centers participated in can be written can
Believe computing device.Illustratively, in the present embodiment, the data processing method of decentralization can also include: to receive by multiple
The parser of data center's confirmation, is saved in the trusted storage space of trust computing device.It is specifically as follows, multiple data
Center is held consultation common recognition, and parser is sent to trust computing device, and then trust computing by one of data center
Device can directly receive the parser of data center transmission confirmed by multiple data centers, and be saved in credible meter
In the trusted storage space for calculating device, later, each data center for participating in negotiating determination can be to write-in trust computing device
The analysis code of parser is checked, and then reduces the probability etc. that parser is tampered.
Further, in order to guarantee that the fair and just of processing can not be distorted and be analyzed to parser, in decentralization
In the case that data processing system framework includes block chain network, data center can be by the analysis by the confirmation of multiple data centers
Algorithm is added on chain in store transaction request, and store transaction request on the chain is sent to block chain network, to request area
The parser is written in block chain block chain network.Illustratively, the parser by the confirmation of multiple data centers is received,
Be saved in the trusted storage space of trust computing device may include: that multiple data center's confirmations are obtained from block chain network
Parser, be saved in the trusted storage space of trust computing device.It is specifically as follows, trust computing device can be from area
The parser of multiple data center's confirmations is obtained in block chain network, and acquired parser is saved to trust computing and is filled
In the trusted storage space set.
Specifically, trust computing device can according to the parser specified by analysis model in data analysis request, from
The parser is called in the trusted storage space of trust computing device;Then using the data of reading as the ginseng of the parser
Number, and the parser is run in trusted storage space, to generate processing result, and by the processing result in trusted storage sky
Between.
Processing result is fed back to data user by S250.
Specifically, trust computing device is calculated according to data analysis request based on the analysis run in trust computing device
Method is analyzed and processed the data of reading, and after generating processing result, processing result can be fed back to data user.
Further, in order to guarantee the safety of data transmission, trust computing device can preferentially use preset encryption
Strategy, which encrypts processing result, then to be fed back.It illustratively, can be with before processing result being fed back to data user
It include: to encrypt processing result using the public key of data user.
Specifically, trust computing device is calculated according to data analysis request based on the analysis run in trust computing device
Method is analyzed and processed the data of reading, can be from local or interact and obtain with data user after generating processing result
Access then encrypts processing result using the public key of data user according to the public key of user, and by the processing of encryption
As a result data user is fed back to, so that data user is decrypted using the processing result of the private key pair encryption of itself, into
And obtain processing result.
In the present embodiment, trust computing device can also be encrypted processing result using other Encryption Algorithm.Example
Property, it can also include: based on preset Encryption Algorithm, by processing result before processing result is fed back to data user
It is encrypted using the public key of data user.Specifically, can be using the public key of data user as the input of Encryption Algorithm
Parameter then encrypts processing result using the Encryption Algorithm with input parameter, the processing result encrypted.Data
After user gets the processing result of encryption, using its own private key as the input parameter of Encryption Algorithm, band is then used
There is the Encryption Algorithm of input parameter that processing result is decrypted, and then obtains processing result.
It illustratively, can also include: calculation processing knot while processing result being fed back to data user or later
The respective data fingerprint of at least one data unit in fruit, is uploaded in block chain network and is stored;Wherein, block chain network
The data fingerprint of the processing result of middle storage, for being verified for data user to the processing result received.
In the present embodiment, trust computing device, can be with while processing result is fed back to data user or later
According to preset data fingerprint method of determination, the data fingerprint of each data unit in calculation processing result, and will calculate
The data fingerprint of obtained processing result is added on chain in store transaction request, is generated and is tied in block chain network send chain
The request of fruit data fingerprint store transaction can be with to request block chain network that block chain is written in the data fingerprint of processing result
It is that request block chain network is medium in block chain by the data fingerprint associated storage of data analysis request and processing result.And then number
According to user after the processing result for getting the transmission of trust computing device, the data fingerprint of the processing result can be calculated, and
Afterwards by the data fingerprint for the processing result being calculated, one is carried out with the data fingerprint of the processing result obtained from block chain network
Cause property compares, if unanimously, it is determined that processing result is effective, otherwise in vain.
It should be noted that processing result can also be equivalent to the data newly issued, therefore, by the data fingerprint of processing result
It is stored in block chain network, later other data user, when needing using the data, can be sent to trust computing device
Data analysis request, so that data fingerprint of the trust computing device based on the processing result stored in block chain network, there is it
Effect property is verified.
Trace to the source for the ease of subsequent, inquire and/or update processing result etc., trust computing device generate processing result it
Afterwards, data analysis request, processing result and the incidence relation needed for analyzing between data can also be established, and by the incidence relation
It is sent to block chain network, to request block chain network by processing result and data needed for analyzing, and is stored in block chain network
In the corresponding storage of data analysis request.Illustratively, data analysis request is stored in block chain network, and processing result and
Data needed for analyzing, storage corresponding with data analysis request.In turn, if some data be proved to be mistake, be tampered with,
Or upgrading has updated, then the processing result generated based on this data can be found according to incidence relation, to these processing results
It is updated.
Technical solution provided in an embodiment of the present invention is asked by the data analysis initiated according to the data user received
It asks, can fill the reading data of at least one data unit needed for analysis to trust computing from one or more data centers
The trusted storage space set;Later, the data fingerprint based on each data unit stored in block chain network, to the number of reading
According to being verified, if the verification passes, then confirm that the data of reading are effective;And in the case where confirming the effective situation of data, according to this
Data analysis request, based on the parser run in trust computing device, to what is read from one or more data centers
Data are analyzed and processed, and then generate processing result, are stored in trusted storage space and are fed back to data user.We
Case, by utilizing trust computing device, can guarantee that the data in each data center will not be stored in other data centers can not
Believe in memory space;Simultaneously can also be achieved data aggregate analysis processing, and ensure Data Analysis Services process credibility and
Safety;And the data fingerprint etc. of each link is recorded using block chain network, it is ensured that data fingerprint is not tampered, and just
It inquires and verifies in data center, data user and trust computing device etc..In addition, the present embodiment using data unit as
One entirety, carries out the verifying of data fingerprint, it is possible to reduce the calculation amount of data fingerprint, and then can reduce to trusted storage space
The demand of memory capacity.
Embodiment two
Fig. 3 A is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention two, this
Embodiment on the basis of the above embodiments, in the case where data unit is data block, is further asked to according to data analysis
It asks, from one or more data centers, the reading data of at least one data unit needed for analysis to trust computing is filled
The trusted storage space set is explained.Referring to Fig. 3 A, this method be can specifically include:
S310 receives the data analysis request that data user initiates.
S320 determines address of the data in minimum unit needed for analyzing according to data analysis request, will include analysis institute
Need the minimum unit of data as target data unit.
In the present embodiment, the address in minimum unit is alternatively referred to as pointer, for being directed toward the storage location of minimum unit.It can
Choosing, if physical storage data structure is key-value pair storage organization, minimum unit is key-value pair, then the address of minimum unit can be with
It is identified for the key of key-value pair.The minimum unit of data needed for analyzing can be one or more;And the data needed for analyzing are most
In the case that junior unit is multiple, minimum unit be can be stored in one or more data centers;And then target data unit can
Think one or more.
Specifically, trust computing device can be according at least one data specified by analysis model in data analysis request
Data and its storage location of unit etc. determine address of the data in minimum unit needed for analyzing, and will include needed for analysis
The minimum unit of data is as target data unit.
S330 determines that the data block where target data unit, data block are stored in the privately owned of data center according to address
In memory space.
In the present embodiment, for each data center, privately owned memory space refers to for storing its affiliated main body
Storage medium required for the data of publication can be the storage equipment of any large capacity, such as can be memory storage space,
It can be disk storage space etc..Since the data saved after disk power-off will not lose, and it is permanent in the case where not removing
It saves, and the data that the affiliated main body of data center is issued have the demand for maintaining secrecy and permanently storing etc., therefore, the present embodiment
It is preferred that privately owned memory space is disk storage space.
Since target data unit can be one or more, the data block where target data unit can be
It is one or more;And data block can be in the privately owned memory space of one or more data centers.
Convenient for quickly finding the data block where target data unit, in the present embodiment, in settable each data block
The quantity for the minimum unit that can be stored is identical, and such as 100, and in each data block, the address of each minimum unit is logically
It is linked in sequence;The address of the minimum unit stored in adjacent data block is logically linked in sequence.Optionally, it is deposited in data block
The address of the minimum unit of storage can be a digital scope, for example, a data include 3 data blocks, each data block can
To include 100 minimum units, then the address of minimum unit corresponding in the 1st data block can be 0001-0100, the 2nd
The address of corresponding minimum unit can be 0101-0200 in a data block.The address of the minimum unit stored in data block
It can also be the character string section for meeting dictionary sequence, such as abcd-efgh.In addition, the minimum unit stored in data block
Address can also be other definition sequence.
Specifically, trust computing device determines ground of the data in minimum unit needed for analyzing according to data analysis request
Location, and using include analyze needed for data minimum unit as target data unit after, can be according to target data unit
Address determines the data block where target data.
If physical storage data structure is key-value pair storage organization, minimum unit is key-value pair, and the address of minimum unit can
Think the key mark of key-value pair.Illustratively, the data block where target data unit is determined according to address may include: basis
The key of target data unit identifies, and the number where determining target data unit is inquired in the index block based on B+ tree index strategy
According to block.
For the ease of quickly searching and accessing data, the privately owned memory space of each data center can be based on B+ tree index strategy
(i.e. B-tree index strategy) building B-tree tree storing data block, B+ tree index strategy are that access and locating file (are referred to as remembered
Record or key assignments) a kind of data structure.One B-tree tree can be made of multiple index blocks according to tree form, each index block
It can be embodied directly in the form of index block key-value pair, i.e. the key mark of the key domain storage index block of index block key-value pair, it can be with
It is the number of index block, if an index block is the 3rd piece, the key mark of the index block can be 003;Codomain can store one
Or multiple key-value pairs, the key mark of other one or more index blocks can also be stored.In addition, respectively being indexed in a B-tree tree
In block, the key mark of each key-value pair is logically linked in sequence, and therefore, it is right can be directly targeted to key mark institute according to key mark
The key-value pair answered is in the position of privately owned memory space.In addition, the quantity of the key-value pair stored in each index block can be identical,
It can be different.
If an index block is root node, codomain can store one or more key-value pairs, and one or more sons
The key of node index block identifies, and the key mark of multiple child node index blocks can sequential storage, can also be deposited by key-value pair interval
Storage;As a kind of optional way of the embodiment of the present invention, identifies in the key of multiple child node index blocks and deposited by key-value pair interval
In the case where storage, for each child node index block, next child node of the child node index block, the child node index block
Index block etc. can be used for sequential storage up to leaf node index block, the key of the key-value pair after child node index block key mark
Key-value pair before mark, or it is located at the key mark that the child node index block key identifies the key-value pair of two sides for sequential storage
Between key-value pair, or for sequential storage be located at the child node index block key mark before key-value pair key mark after
Key-value pair etc..
If an index block is child node index block, codomain can store multiple key-value pairs and multiple next sub- sections
The key mark of point index block or the key mark of multiple leaf node index blocks;For each next child node index block, under this
Next child node index block etc. under one child node index block, next child node index block is until leaf node index block can be used for
Sequential storage, the key-value pair before the key mark of the key-value pair after next child node index block key mark, or be used for
Sequential storage is located at the key-value pair between the key mark of the key-value pair of next child node index block key mark two sides, or is used for
Sequential storage is located at the key-value pair etc. after the key mark of the key-value pair before next child node index block key mark.If a rope
Drawing block is leaf node index block, then codomain can store multiple key-value pairs.
For example, a kind of B-tree tree as shown in Figure 3B based on B+ tree index construction of strategy, stores 2 with each index block
It is illustrated for key-value pair.Index block 1 is root node index block, and codomain is stored with 2 keys that key identifies 0009 and 0018
Value pair, and it is stored with the key mark of 3 child node index blocks (i.e. index block 2,3 and 4), wherein P1 stores the key mark of index block 2
Know, the key mark of the key mark of P2 storage index block 3 and P3 storage index block 4;Index block 2 is child node index block, codomain
2 key-value pairs that key is identified as 0003 and 0006 are stored with, and are stored with the key of 3 leaf node index blocks (index block 5,6 and 7)
Mark;And index block 5 its codomain is stored with 2 key-value pairs that key is identified as 0001 and 0002, its codomain of index block 6 is stored with key
0004 and 0,005 2 key-value pairs are identified as, its codomain of index block 7 is stored with 2 key-value pairs that key is identified as 0007 to 0008
Deng.
In the present embodiment, an index block can store one or more data blocks;Optionally, in an index block storage one
In the case where a data block, a data block directly can be can be used as into an index block, that is to say, that can wrap in a data block
Multiple key-value pairs are included, can also include key mark of other one or more data blocks etc..If an index block stores multiple numbers
According to block, such as the position of key-value pair in Fig. 3 B can be replaced with to data block, and each data block can be by multiple key mark sequence phases
Key-value pair composition even.
It can be according to the key mark of target data unit after the key mark for determining target data unit based on foregoing description
Know and inquired in the index block based on B-tree tree constructed by B+ tree index strategy, can quickly navigate to target data list
Index block where first, the characteristics of being then based on index block storing data block, can be directly using index block as data block, Huo Zhecong
Index block determines a data block.
S340 reads data block to the trusted storage space of trust computing device.
Specifically, trust computing device after determining the data block where target data unit according to address, can incite somebody to action
Data block is read from the privately owned memory space of the data center where it into the trusted storage space of trust computing device.
Illustratively, the data block where target data unit is determined according to address, and data block is read to trust computing
The trusted storage space of device can also include: that trust computing device can send packet to the data center for analyzing required data is provided
The data read request of target data unit address is included, to request the data center to determine target data unit place according to address
Data block, and by the trusted storage space of transmission of data blocks to trust computing device.
S350 tests the data of reading based on the data fingerprint of each data unit stored in block chain network
Card, if the verification passes, then confirms that the data of reading are effective, wherein data unit is data block.
S360, according to data analysis request, based on the parser run in trust computing device, to the data of reading into
Row analysis processing, to generate processing result, is stored in trusted storage space.
Processing result is fed back to data user by S370.
Technical solution provided in an embodiment of the present invention is asked by the data analysis initiated according to the data user received
It asks, it may be determined that address of the data in minimum unit needed for analyzing;Then according to address and the spy of data center's storing data
Point etc. can quickly determine the data block where the minimum unit of data needed for analyzing, and the data block is read to trust computing
The trusted storage space of device, this programme with address be index can quick search arrive required data storage location, and then acquisition
Data;And subsequently through trust computing device is utilized, it can guarantee that the data in each data center will not be stored in other data
In the insincere memory space at center;It can also be achieved data aggregate analysis processing simultaneously, and ensure Data Analysis Services process
Credibility and safety;And the data fingerprint etc. of each link is recorded using block chain network, it is ensured that data fingerprint is not
It is tampered, and convenient for the inquiry such as data center, data user and trust computing device and verifying.In addition, the present embodiment will
Data block as a whole, carries out the verifying of data fingerprint, it is possible to reduce the calculation amount of data fingerprint, and then can reduce to can
Believe the demand of memory space memory capacity.
Embodiment three
Fig. 4 is a kind of flow chart of the data verification processing method of the decentralization provided in the embodiment of the present invention three, this
Embodiment on the basis of the above embodiments, advanced optimizes.Referring to fig. 4, this method can specifically include:
S410 receives the data analysis request that data user initiates.
S420 determines address of the data in minimum unit needed for analyzing according to data analysis request, will include analysis institute
Need the minimum unit of data as target data unit.
S430 determines that the data block where target data unit, data block are stored in the privately owned of data center according to address
In memory space.
S440 reads data block to the trusted storage space of trust computing device.
S450 tests the data of reading based on the data fingerprint of each data unit stored in block chain network
Card, if the verification passes, then confirms that the data of reading are effective, wherein data unit is data block.
S460, from trusted storage space, by the number of other minimum units in data block in addition to target data unit
According to removing.
In the present embodiment, due to the restriction of trusted storage free storage capacity, trust computing device can be according to memory space
Using strategy, trusted storage space is purged.For example, trust computing device is in the number to reading into trusted storage space
After verifying according to block, the data dump of other minimum units in data block in addition to target data unit can only be retained mesh
The data of data cell are marked, trusted storage space is discharged with this.
It should be noted that for the data being retained in trusted storage space, although its affiliated data block does not exist
In trusted storage space, but it had been verified, therefore subsequent if desired data can directly be read from trusted storage space
And use, without verifying again;And the data for being read from data center again, it need to be verified.
In the case where trusted storage space is caching, since the access frequency of target data unit may be higher,
Permanent is retained in target data unit in trusted storage space, can reduce the verifying number of data.It illustratively, can be with
It is higher than the caching reservation priority of other minimum units for the data configuration of target data unit;Wherein, caching retains priority
For distinguishing removing strategy of the data in trusted storage space.
In the present embodiment, priority can be retained in advance for buffer setting, caching retains priority and exists for distinguishing data
Removing strategy in trusted storage space.And then trust computing device is verified to the data block read into trusted storage space
Later, the data of target data unit can be stored in caching to retain in the high spatial cache of priority, it can be longer
Long stays in the buffer;And the data of other minimum units in data block are stored in caching and retain the lower caching sky of priority
Between in.Therefore, when needing to be purged trusted storage space, preferential caching of removing can be retained the low caching sky of priority
Between in data, trusted storage space is discharged with this.
In addition, trust computing device is after to the data block read into trusted storage space verifying, it can in real time be mesh
The data configuration for marking data cell is higher than the caching reservation priority of other minimum units, and then is needing to trusted storage space
When being purged, it preferential can will remove caching and retain the low data of priority, trusted storage space etc. is discharged with this.
S470, according to data analysis request, based on the parser run in trust computing device, to the data of reading into
Row analysis processing, to generate processing result, is stored in trusted storage space.
Processing result is fed back to data user by S480.
Technical solution provided in an embodiment of the present invention, trust computing device is in the data to reading into trusted storage space
After block verifying, by only retaining mesh for the data dump of other minimum units in data block in addition to target data unit
Mark the data of data cell, releasable trusted storage space, to reduce the demand to trusted storage free storage capacity;Together
When target data unit is retained in trusted storage space, the verifying number of follow-up data can be reduced.
Example IV
Fig. 5 is a kind of structural schematic diagram of the data verification processing unit for decentralization that the embodiment of the present invention four provides,
The device is configured in the calculating equipment of trust computing device, and decentralization provided by any embodiment of the invention can be performed
Data verification processing method, have the corresponding functional module of execution method and beneficial effect.Wherein, trust computing device is based on
Hardware realization trusted computation environment, as shown in figure 5, the device can specifically include:
Analysis request receiving module 510, the data analysis request that user initiates for receiving data;
Data read module 520 is used for according to data analysis request, from one or more data centers, by analyzing
The reading data of at least one data unit needed is to the trusted storage space of trust computing device;
Data Verification module 530, for the data fingerprint based on each data unit stored in block chain network, to reading
The data taken are verified, and if the verification passes, then confirm that the data of reading are effective;
Data processing module 540, for being calculated based on the analysis run in trust computing device according to data analysis request
Method is analyzed and processed the data of reading, to generate processing result, is stored in trusted storage space;
Processing result feedback module 550, for processing result to be fed back to data user.
Technical solution provided in an embodiment of the present invention is asked by the data analysis initiated according to the data user received
It asks, can fill the reading data of at least one data unit needed for analysis to trust computing from one or more data centers
The trusted storage space set;Later, the data fingerprint based on each data unit stored in block chain network, to the number of reading
According to being verified, if the verification passes, then confirm that the data of reading are effective;And in the case where confirming the effective situation of data, according to this
Data analysis request, based on the parser run in trust computing device, to what is read from one or more data centers
Data are analyzed and processed, and then generate processing result, are stored in trusted storage space and are fed back to data user.We
Case, by utilizing trust computing device, can guarantee that the data in each data center will not be stored in other data centers can not
Believe in memory space;Simultaneously can also be achieved data aggregate analysis processing, and ensure Data Analysis Services process credibility and
Safety;And the data fingerprint etc. of each link is recorded using block chain network, it is ensured that data fingerprint is not tampered, and just
It inquires and verifies in data center, data user and trust computing device etc..In addition, the present embodiment using data unit as
One entirety, carries out the verifying of data fingerprint, it is possible to reduce the calculation amount of data fingerprint, and then can reduce to trusted storage space
The demand of memory capacity.
Illustratively, data unit can be the minimum unit of physical storage data structure or data unit is data block,
Each data block includes multiple minimum units.
Illustratively, data read module 520 can specifically include:
Target data unit determination unit, for determining data needed for analyzing in minimum unit according to data analysis request
In address, will include analyze needed for data minimum unit as target data unit;
Data block determination unit, for determining that the data block where target data unit, data block are stored according to address
In the privately owned memory space of data center;
Data block reading unit, for reading data block to the trusted storage space of trust computing device.
Illustratively, physical storage data structure is key-value pair storage organization, and minimum unit is key-value pair, then data block is true
Order member specifically can be used for:
It is identified according to the key of target data unit, is inquired in the index block based on B+ tree index strategy and determine target data
Data block where unit.
Illustratively, above-mentioned apparatus can also include:
Data dump module is used for if the verification passes, then after confirming that the data of reading are effective, from trusted storage space
In, by the data dump of other minimum units in data block in addition to target data unit;Or
Priority configuration module, for being then target data list after confirming that the data of reading are effective if the verification passes
The caching that the data configuration of member is higher than other minimum units retains priority;Wherein, caching retains priority for distinguishing data
Removing strategy in trusted storage space.
Illustratively, above-mentioned apparatus can also include:
Result data fingerprint transmission module while for processing result to be fed back to data user or later, calculates
The respective data fingerprint of at least one data unit in processing result, is uploaded in block chain network and is stored;Wherein, block
The data fingerprint of the processing result stored in chain network, for being verified for data user to the processing result received.
Embodiment five
Fig. 6 is a kind of structural schematic diagram for trust computing device that the embodiment of the present invention five provides.Fig. 6, which is shown, to be suitable for using
Come realize embodiment of the present invention exemplary trusted computing device 612 block diagram.The trust computing device 612 that Fig. 6 is shown is only
Only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.Optionally, trust computing fills
Setting typical case can be calculating equipment.
As shown in fig. 6, trust computing device 612 is showed in the form of universal computing device.The group of trust computing device 612
Part can include but is not limited to: one or more processor or processing unit 616, one or more memories 628, connection
The bus 618 of different system components (including memory 628 and processing unit 616).Wherein, one or more processor or
Processing unit 616 and memory 628 are realized based on reliable computing technology;Memory 628 is used as trusted storage space, memory
628 preferably cache.
Bus 618 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller,
Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.It lifts
For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC)
Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Trust computing device 612 typically comprises a variety of computer system readable media.These media can be any energy
Enough usable mediums accessed by trust computing device 612, including volatile and non-volatile media, it is moveable and irremovable
Medium.
Memory 628 may include the computer system readable media of form of volatile memory, such as arbitrary access is deposited
Reservoir (RAM) 630 and/or cache memory 632.Trust computing device 612 may further include it is other it is removable/no
Movably, volatile/non-volatile computer system storage medium.Only as an example, storage system 634 can be used for reading and writing
Immovable, non-volatile magnetic media (Fig. 6 do not show, commonly referred to as " hard disk drive ").It, can although being not shown in Fig. 6
To provide the disc driver for reading and writing to removable non-volatile magnetic disk (such as " floppy disk "), and it is non-volatile to moving
Property CD (such as CD-ROM, DVD-ROM or other optical mediums) read and write CD drive.In these cases, each drive
Dynamic device can be connected by one or more data media interfaces with bus 618.Memory 628 may include at least one journey
Sequence product, the program product have one group of (for example, at least one) program module, these program modules are configured to perform this hair
The function of bright each embodiment.
Program/utility 640 with one group of (at least one) program module 642, can store in such as memory
In 628, such program module 642 includes but is not limited to operating system, one or more application program, other program modules
And program data, it may include the realization of network environment in each of these examples or certain combination.Program module 642
Usually execute the function and/or method in embodiment described in the invention.
Trust computing device 612 can also be with one or more external equipments 614 (such as keyboard, sensing equipment, display
624 etc.) it communicates, the equipment interacted with the trust computing device 612 can be also enabled a user to one or more and is communicated, and/
Or with any equipment (such as net that the trust computing device 612 is communicated with one or more of the other calculating equipment
Card, modem etc.) communication.This communication can be carried out by input/output (I/O) interface 622.Also, credible meter
Calculating device 612 can also be by network adapter 620 and one or more network (such as local area network (LAN), wide area network
(WAN) and/or public network, for example, internet) communication.As shown, network adapter 620 passes through bus 618 and credible meter
Calculate other modules communication of device 612.It should be understood that although not shown in the drawings, it can be used in conjunction with trust computing device 612
Its hardware and/or software module, including but not limited to: microcode, device driver, redundant processing unit, external disk driving
Array, RAID system, tape drive and data backup storage system etc..
The program that processing unit 616 is stored in memory 628 by operation, thereby executing various function application and number
According to processing, such as realize the data verification processing method of decentralization provided by the embodiment of the present invention.
Embodiment six
Fig. 7 is a kind of data verification processing system structural schematic diagram of the decentralization provided in the embodiment of the present invention six.
The system 700 can realize the data verification processing method of the decentralization of any embodiment of that present invention, specifically, the system 700
It may include: multiple data centers 710, and one or more trust computing devices 720.Wherein, each data center 710
Privately owned memory space is for storing data;Trust computing device 720 is using trust computing device described in embodiment five.
Further, which can also include: block chain network 730, and data fingerprint for storing data supplies
Data center and the inquiry of trust computing device.
Illustratively, data center 710 is deployed in individual physical devices;
Trust computing device 720 is deployed in the physical equipment of any one or more data centers 710 or trust computing
Device 720 is deployed in other physical equipments independently of data center 710.
Technical solution provided in an embodiment of the present invention can be guaranteed in each data center by utilizing trust computing device
Data will not be stored in the insincere memory space of other data centers;It can also be achieved data aggregate analysis processing simultaneously, and
And ensure the credibility and safety of Data Analysis Services process;And the data fingerprint of each link is recorded using block chain network
Deng, it is ensured that data fingerprint is not tampered, and convenient for the inquiry such as data center, data user and trust computing device and
Verifying.In addition, the present embodiment by data unit as a whole, carry out the verifying of data fingerprint, it is possible to reduce data fingerprint
Calculation amount, and then the demand to trusted storage free storage capacity can be reduced.
Embodiment seven
The embodiment of the present invention seven additionally provides a kind of computer readable storage medium, is stored thereon with computer program, should
Program can realize the data verification processing method of decentralization described in above-mentioned any embodiment when being executed by processor.The calculating
Machine readable storage medium storing program for executing can be configured on trust computing device.
The computer storage medium of the embodiment of the present invention, can be using any of one or more computer-readable media
Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable
Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or
Device, or any above combination.The more specific example (non exhaustive list) of computer readable storage medium includes: tool
There are electrical connection, the portable computer diskette, hard disk, random access memory (RAM), read-only memory of one or more conducting wires
(ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-
ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage
Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device
Using or it is in connection.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By the use of instruction execution system, device or device or program in connection.
The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited
In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
The computer for executing operation of the present invention can be write with one or more programming languages or combinations thereof
Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++,
Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with
It fully executes, partly execute on the user computer on the user computer, being executed as an independent software package, portion
Divide and partially executes or executed on a remote computer or server completely on the remote computer on the user computer.?
Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including local area network (LAN) or
Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as mentioned using Internet service
It is connected for quotient by internet).
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (12)
1. a kind of data verification processing method of decentralization, which is characterized in that executed by trust computing device, the credible meter
It calculates device and is based on hardware realization trusted computation environment, which comprises
Receive the data analysis request that data user initiates;
According to the data analysis request, from one or more data centers, by least one data unit needed for analysis
Reading data to the trusted storage space of the trust computing device;
Based on the data fingerprint of each data unit stored in block chain network, the data of reading are verified, such as
Fruit is verified, then confirms that the data of reading are effective;
According to the data analysis request, based on the parser run in the trust computing device, to the data of reading into
Row analysis processing, to generate processing result, is stored in the trusted storage space;
The processing result is fed back into the data user.
2. the method according to claim 1, wherein the data unit is the minimum of physical storage data structure
Unit or the data unit are data block, and each data block includes multiple minimum units.
3. according to the method described in claim 2, it is characterized in that, according to the data analysis request, from one or more numbers
According in center, the trusted storage that will analyze reading data to the trust computing device of at least one required data unit is empty
Between, comprising:
According to the data analysis request, address of the data in the minimum unit needed for analyzing is determined, will include analysis institute
Need the minimum unit of data as target data unit;
Determine that the data block where the target data unit, the data block are stored in the data center according to the address
Privately owned memory space in;
The data block is read to the trusted storage space of the trust computing device.
4. according to the method described in claim 3, it is characterized in that, the physical storage data structure is key-value pair storage knot
Structure, the minimum unit are key-value pair, then the data block where the target data unit is determined according to the address, comprising:
It is identified according to the key of the target data unit, inquiry determines the target in the index block based on B+ tree index strategy
Data block where data cell.
5. according to the method described in claim 3, it is characterized in that, if the verification passes, then confirming that the data of reading have
After effect, further includes:
From the trusted storage space, by other minimum units in the data block in addition to the target data unit
Data dump;Or
It is higher than the caching reservation priority of other minimum units for the data configuration of the target data unit;Wherein, described slow
It deposits and retains priority for distinguishing removing strategy of the data in trusted storage space.
6. the method according to claim 1, wherein the processing result is fed back to the data user's
Simultaneously or after, further includes:
The respective data fingerprint of at least one data unit in the processing result is calculated, is uploaded in block chain network and is deposited
Storage;Wherein, the data fingerprint of the processing result stored in the block chain network, for for the data user to receiving
Processing result verified.
7. a kind of data verification processing unit of decentralization, which is characterized in that it is configured in trust computing device, it is described credible
Computing device is based on hardware realization trusted computation environment, and described device includes:
Analysis request receiving module, the data analysis request that user initiates for receiving data;
Data read module is used for according to the data analysis request, from one or more data centers, needed for analyzing
The reading data of at least one data unit is to the trusted storage space of the trust computing device;
Data Verification module, for the data fingerprint based on each data unit stored in block chain network, to the institute of reading
It states data to be verified, if the verification passes, then confirms that the data of reading are effective;
Data processing module, for being calculated based on the analysis run in the trust computing device according to the data analysis request
Method is analyzed and processed the data of reading, to generate processing result, is stored in the trusted storage space;
Processing result feedback module, for the processing result to be fed back to the data user.
8. a kind of trust computing device characterized by comprising
One or more processors;
One or more memories, as trusted storage space, for storing one or more programs, wherein the processor
It is realized with the memory based on reliable computing technology;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
Now such as the data verification processing method of decentralization as claimed in any one of claims 1 to 6.
9. a kind of data verification processing system of decentralization characterized by comprising
Multiple data centers, the privately owned memory space of each data center is for storing data;
One or more trust computing devices, the trust computing device use trust computing device according to any one of claims 8.
10. system according to claim 9, which is characterized in that further include:
Block chain network, data fingerprint for storing data are inquired for the data center and the trust computing device.
11. system according to claim 9, which is characterized in that
The data center section is deployed in individual physical devices;
The trust computing device is deployed in the physical equipment of any one or more data centers or the credible meter
Device is calculated to be deployed in other physical equipments independently of the data center section.
12. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The data verification processing method such as decentralization as claimed in any one of claims 1 to 6 is realized when execution.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910357691.3A CN110096542A (en) | 2019-04-29 | 2019-04-29 | Data verification processing method, device, system and the medium of decentralization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910357691.3A CN110096542A (en) | 2019-04-29 | 2019-04-29 | Data verification processing method, device, system and the medium of decentralization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110096542A true CN110096542A (en) | 2019-08-06 |
Family
ID=67446575
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910357691.3A Pending CN110096542A (en) | 2019-04-29 | 2019-04-29 | Data verification processing method, device, system and the medium of decentralization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110096542A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111460429A (en) * | 2020-03-30 | 2020-07-28 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and medium based on trusted execution environment |
CN111782656A (en) * | 2020-06-30 | 2020-10-16 | 北京海益同展信息科技有限公司 | Data reading and writing method and device |
CN113378174A (en) * | 2020-03-10 | 2021-09-10 | 续科天下(北京)科技有限公司 | Trusted computing method and device |
CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
WO2023029414A1 (en) * | 2021-08-30 | 2023-03-09 | 华为云计算技术有限公司 | Data analysis method and apparatus |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN107220559A (en) * | 2017-06-11 | 2017-09-29 | 南京安链数据科技有限公司 | A kind of encryption storage method for that can not tamper with a document |
CN109246137A (en) * | 2018-10-23 | 2019-01-18 | 北京航空航天大学 | The safety protecting method and device of naval warfare data based on block chain |
CN109660358A (en) * | 2019-01-08 | 2019-04-19 | 余炀 | A kind of data circulation method based on block chain and secure execution environments |
-
2019
- 2019-04-29 CN CN201910357691.3A patent/CN110096542A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN107220559A (en) * | 2017-06-11 | 2017-09-29 | 南京安链数据科技有限公司 | A kind of encryption storage method for that can not tamper with a document |
CN109246137A (en) * | 2018-10-23 | 2019-01-18 | 北京航空航天大学 | The safety protecting method and device of naval warfare data based on block chain |
CN109660358A (en) * | 2019-01-08 | 2019-04-19 | 余炀 | A kind of data circulation method based on block chain and secure execution environments |
Non-Patent Citations (1)
Title |
---|
师金钢 等: "《实时数据仓库技术》", 31 May 2018, 东北大学出版社 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113378174A (en) * | 2020-03-10 | 2021-09-10 | 续科天下(北京)科技有限公司 | Trusted computing method and device |
CN111460429A (en) * | 2020-03-30 | 2020-07-28 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and medium based on trusted execution environment |
CN111460429B (en) * | 2020-03-30 | 2024-01-02 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and medium based on trusted execution environment |
CN111782656A (en) * | 2020-06-30 | 2020-10-16 | 北京海益同展信息科技有限公司 | Data reading and writing method and device |
CN111782656B (en) * | 2020-06-30 | 2024-04-12 | 京东科技信息技术有限公司 | Data reading and writing method and device |
WO2023029414A1 (en) * | 2021-08-30 | 2023-03-09 | 华为云计算技术有限公司 | Data analysis method and apparatus |
CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
CN115085983B (en) * | 2022-06-02 | 2024-03-12 | 度小满科技(北京)有限公司 | Data processing method, data processing device, computer readable storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110083610A (en) | Data processing method, device, system, trust computing device, equipment and medium | |
US11115418B2 (en) | Registration and authorization method device and system | |
CN108418795B (en) | Data access method, device, system and the computer-readable medium of transregional piece of chain | |
US10924285B2 (en) | Method and server for providing notary service with respect to file and verifying file recorded by the notary service | |
CN110096542A (en) | Data verification processing method, device, system and the medium of decentralization | |
US11469891B2 (en) | Expendable cryptographic key access | |
CN109684375B (en) | Method, accounting node and medium for querying transaction information in blockchain network | |
US10235538B2 (en) | Method and server for providing notary service for file and verifying file recorded by notary service | |
US20210083856A1 (en) | Improved hardware security module management | |
CN104252375B (en) | Method and system for sharing USB Key positioned at multiple virtual machines of different main frames | |
CN108921556A (en) | A kind of verification method, device, equipment and the storage medium of block chain | |
US10956584B1 (en) | Secure data processing | |
EP3777093A2 (en) | Blockchain-based service rental method, apparatus, and system, and electronic device | |
CN108810006A (en) | resource access method, device, equipment and storage medium | |
CN108985772A (en) | A kind of verification method, device, equipment and the storage medium of block chain | |
US20210049715A1 (en) | Blockchain-based data procesing method, apparatus, and electronic device | |
CN108923908A (en) | authorization processing method, device, equipment and storage medium | |
CN110992027A (en) | Efficient transaction method and device for realizing privacy protection in block chain | |
CN108898021B (en) | Threat information processing method, system and computing device based on block chain | |
KR101798119B1 (en) | Method and server for registering stockholder's list, recording transfer of stock ownership and verifying the registered stockholder's list file | |
JP2023542681A (en) | Integrating device identity into blockchain permission frameworks | |
CN107124271A (en) | A kind of data encryption, decryption method and equipment | |
WO2023005862A1 (en) | Data governance apparatus and method, computer device, and storage medium | |
CN110070300A (en) | Data audit and acquisition methods, device, system, equipment and medium | |
JP2023538497A (en) | editable blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |