CN110493220B - Data sharing method and device based on block chain and storage medium - Google Patents

Data sharing method and device based on block chain and storage medium Download PDF

Info

Publication number
CN110493220B
CN110493220B CN201910760147.3A CN201910760147A CN110493220B CN 110493220 B CN110493220 B CN 110493220B CN 201910760147 A CN201910760147 A CN 201910760147A CN 110493220 B CN110493220 B CN 110493220B
Authority
CN
China
Prior art keywords
user
login user
target file
identity
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910760147.3A
Other languages
Chinese (zh)
Other versions
CN110493220A (en
Inventor
王强
申子熹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910760147.3A priority Critical patent/CN110493220B/en
Publication of CN110493220A publication Critical patent/CN110493220A/en
Application granted granted Critical
Publication of CN110493220B publication Critical patent/CN110493220B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A data sharing method based on a block chain comprises the following steps: the method comprises the steps of obtaining a login password input by a login user, generating an identity certificate of the login user according to identity information of the login user and a first digital signature after the verification is passed, sending the identity certificate of the login user to a client, receiving an obtaining request message sent by second node equipment in a block chain after the verification of the identity certificate is passed, carrying out signature verification on a second digital signature, sending an obtaining response message to the second node equipment after the verification is passed, wherein the obtaining response message comprises a target file matched with a target file identifier and a block chain address of the target file. Therefore, the second node device can acquire the file storage certificate of the target file according to the block chain address, and verify the validity of the target file. On one hand, identity authentication between mechanisms is realized based on the block chain, and on the other hand, the safety and reliability of the data sharing process are ensured based on the anti-tampering performance of the block chain, so that the normal progress of the service is ensured.

Description

Data sharing method and device based on block chain and storage medium
Technical Field
The present application relates to the field of block chain technologies, and in particular, to a data sharing method and apparatus based on a block chain, and a storage medium.
Background
At present, in many scenes, there are demands for multi-organization cooperation and data credible mutual recognition, for example, in a traditional public service system, multiple organizations are needed to cooperate to provide business handling services for users, mutual identity authentication is needed among the multiple organizations, relevant businesses are handled for a sponsor after the identity authentication is passed, the sponsor needs to repeatedly submit various certification data among the multiple organizations in the business handling process, various materials are repeatedly submitted for many times, the submitting process is very complex and low in efficiency, and safe and reliable data sharing cannot be achieved among the multiple organizations.
In the conventional public service system, in order to improve efficiency and simplify a flow, an identity authentication center is configured among all organizations to realize identity authentication so as to realize data sharing, but data independent storage management among all organizations needs to ensure the safety of the organizations, the hardware and software investment is huge, and even in practical application, the existing data is hardly tampered by external or internal factors, and the service handling is directly influenced by the data tampering.
In addition to the public service system, there are many other scenarios that require the service party to participate in data exchange, which also have the above-mentioned problems.
Disclosure of Invention
The embodiment of the application provides a data sharing method based on a block chain, which realizes data sharing among different service systems by using the block chain and ensures the safety of the sharing process. Corresponding apparatus, devices, media and computer program products are also provided.
A first aspect of the present application provides a data sharing method based on a block chain, where the method includes:
acquiring a login password input by a login user, and verifying the legality of the login password input by the login user according to the login password of a registered user stored in a local service system, wherein the login password and identity information of the registered user are stored in the local service system;
after the login password input by the login user passes verification, generating an identity certificate of the login user according to the identity information of the login user and the first digital signature, and sending the identity certificate of the login user to a client of the login user;
receiving an acquisition request message sent by a second node device in the block chain after the authentication of the identity credential of the login user passes, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature;
and performing signature verification on the second digital signature, and after the second digital signature passes the verification, sending an acquisition response message to the second node device, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
A second aspect of the present application provides a method for sharing data based on a block chain, where the method includes:
acquiring an identity certificate of a login user, wherein the identity certificate of the login user comprises identity information of the login user and a first digital signature, and the first digital signature is generated by signing the identity information of the login user by first node equipment in a block chain after the login password of the login user is verified;
acquiring the identity card of the login user from the block chain, and verifying the identity certificate of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card;
after the verification is passed, sending an acquisition request message to the first node device, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature;
receiving an acquisition response message sent by the first node device after the second digital signature verification passes, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file;
acquiring a file storage certificate of the target file from the block chain according to the block chain address of the target file, and verifying the legality of the target file according to the file storage certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
A third aspect of the present application provides a first node device, the device comprising:
the first verification module is used for acquiring a login password input by a login user and verifying the legality of the login password input by the login user according to the login password of a registered user stored in a local service system, wherein the login password and identity information of the registered user are stored in the local service system; the sending module is used for generating the identity certificate of the login user according to the identity information of the login user and the first digital signature after the login password input by the login user passes the verification, and sending the identity certificate of the login user to the client of the login user;
a receiving module, configured to receive an acquisition request message sent by a second node device in the block chain after the authentication of the identity credential of the login user passes, where the acquisition request message includes a user identifier of the login user, a target file identifier, and a second digital signature;
and the second verification module is used for performing signature verification on the second digital signature and sending an acquisition response message to the second node device after the second digital signature passes the verification, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
A fourth aspect of the present application provides a second node device, including:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring an identity certificate of a login user, the identity certificate of the login user comprises identity information of the login user and a first digital signature, and the first digital signature is generated by at least signing the identity information of the login user after a first node device in a block chain verifies that a login password of the login user passes;
the first verification module is used for acquiring the identity card of the login user from the block chain and verifying the identity certificate of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card;
the sending module is used for sending an acquisition request message to the first node equipment after the verification is passed, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature;
a receiving module, configured to receive an acquisition response message sent by the first node device after the second digital signature verification passes, where the acquisition response message includes a target file corresponding to the login user and matching the target file identifier and a block chain address of the target file;
the second verification module is used for acquiring the file storage certificate of the target file from the block chain according to the block chain address of the target file and verifying the legality of the target file according to the file storage certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
A fifth aspect of the present application provides a node device, comprising a processor and a memory:
the memory is used for storing a computer program;
the processor is configured to perform the steps of the data sharing method according to the first or second aspect according to the computer program.
A sixth aspect of the present application provides a computer-readable storage medium for storing a computer program for executing the data sharing method of the first or second aspect.
A seventh aspect of the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the first or second aspect described above.
According to the technical scheme, the embodiment of the application has the following advantages:
the embodiment of the application provides a data sharing method based on a block chain, which combines a service system with the block chain, stores login passwords and identity information of registered users in a local service system, stores an identity card generated based on the identity information of the registered users and a file card generated based on files uploaded locally by the registered users on the block chain, when a user transacts services to a certain organization, first node equipment corresponding to the organization transacts other services before accessing through the login passwords acquires identity certificates generated by the node equipment through the identity information of the registered users and a first digital signature, second node equipment corresponding to the organization to transact services realizes identity mutual authentication through verifying the identity certificates, and sends an acquisition request message to the first node equipment after passing the verification to request to login target files corresponding to the users, after the second digital signature in the acquisition request message is verified, the first node device sends an acquisition response message carrying the target file and the block chain address thereof to the second node device, so that the second node device can acquire the file storage certificate of the target file according to the block chain address and verify the validity of the target file. On one hand, identity authentication between mechanisms is realized based on the block chain, and on the other hand, the safety and reliability of the data sharing process are ensured based on the anti-tampering performance of the block chain, so that the normal progress of the service is ensured.
Drawings
Fig. 1 is a scene architecture diagram of a data sharing method based on a block chain in an embodiment of the present application;
FIG. 2A is a flowchart of a block chain based data sharing method according to an embodiment of the present disclosure;
FIG. 2B is a flowchart of a block chain-based data sharing method according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of a block chain-based data sharing method according to an embodiment of the present application;
fig. 4 is a schematic view of an application scenario of the data sharing method based on the block chain in the embodiment of the present application;
FIG. 5 is an interaction flowchart of a method for sharing data based on a blockchain according to an embodiment of the present application;
FIG. 6A is a diagram illustrating inter-facility identity authentication in an embodiment of the present application;
FIG. 6B is a diagram illustrating user identity authentication in an embodiment of the present application;
FIG. 7A is a diagram illustrating data sharing in an embodiment of the present application;
FIG. 7B is a schematic diagram of an audit trail chain in an embodiment of the present application;
fig. 8 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 9 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 10 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 11 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 12 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 13 is a schematic structural diagram of a first node device in an embodiment of the present application;
fig. 14 is a schematic structural diagram of a second node device in the embodiment of the present application;
fig. 15 is a schematic structural diagram of a second node device in the embodiment of the present application;
fig. 16 is a schematic structural diagram of a second node device in the embodiment of the present application;
fig. 17 is a schematic structural diagram of a terminal in the embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Aiming at the problems that an identity authentication center is configured among various mechanisms in the traditional public service system to realize identity authentication so as to realize data sharing, but a large amount of hardware and software are required to be invested to ensure safety, and the existing data is difficult to be prevented from being tampered by external or internal factors in practical application, the application provides a data sharing method based on a block chain based on the shareability and the anti-tampering characteristics of a block chain technology, specifically, a login password and identity information of a registered user are stored in a local service system, an identity card generated based on the identity information of the registered user and a file card generated based on a file uploaded by the registered user in the local are stored in the block chain, the user can carry out identity authentication by inputting the login password, and a user identity certificate generated by a first node device according to the identity information of the user and a first digital signature is obtained, after the identity mutual authentication is passed, the target file and the block chain address thereof can be acquired from the first node equipment by sending an acquisition request message, and the file certificate of the target file is acquired based on the block chain address so as to verify the legality of the target file, thereby ensuring the safety of the target file sharing process.
The data sharing method can be applied to business handling of public service institutions, for example, when enterprises are started, institutions such as industry and commerce administration, public security bureaus, banks and tax can realize identity mutual authentication and safety data sharing, so that a user does not need to make a repeated submission and make a round trip among multiple institutions for submitted data, the business handling efficiency is greatly improved, and the time and the energy of the user are saved. The data sharing method can be applied to the medical field to realize patient data management among different medical institutions such as different hospitals and drugstores, or applied to the financial field such as property transfer and other scenes to realize transaction information sharing among banks, brokers, government officers, buyers and sellers. For ease of understanding, the following is illustrative of a business-initiated scenario.
Specifically, the data sharing method may be applied to a blockchain network, where the blockchain network at least includes two node devices, specifically, a first node device sharing data and a second node device sharing data. The node device may be any computing device with data processing capability, including a terminal or a server, where the terminal may specifically be a desktop, a notebook, a tablet, or a smart phone, and the like.
The data sharing method provided by the application can be stored in the node device of the block chain network in the form of a computer program, and the first node device and the second node device realize the data sharing method by running the computer program. The computer program may be a stand-alone program, or may be a program integrated with another device, such as a functional module, a plug-in, or an applet.
In practical applications, the block chain-based data sharing method provided by the present application can be applied, but is not limited to, in the application environment as shown in fig. 1.
As shown in fig. 1, the blockchain network 100 includes a plurality of node devices, such as a first node device 101 corresponding to an organization a and a second node device 102 corresponding to an organization B, a user may input a login password in a client running on a terminal 200 owned by the user to access the first node device 101, the first node device 101 obtains the login password input by the login user, verifies the validity of the login password input by the login user according to the login password of a registered user stored in a local business system, after the login password input by the login user is verified, the first node device 101 generates an identity credential of the login user according to the identity information of the login user and a first digital signature, sends the identity credential of the login user to the client of the login user, wherein the identity credential may be presented in a form of a two-dimensional code, so that the second node device 102 may scan the two-dimensional code to obtain the identity credential of the login user, and then, the identity certificate of the login user is verified, after the identity certificate passes the verification, an acquisition request message is sent to the first node device 101, then an acquisition response message sent after the second digital signature verification of the first node device 101 is passed is received, the file storage certificate of the target file is acquired from the block chain according to the block chain address of the target file in the acquisition response message, and the validity of the target file is verified according to the file storage certificate of the target file.
In order to make the technical solution of the present application clearer and easier to understand, the following describes in detail a data sharing method from the perspective of a first node device and a second node device, respectively.
Referring to fig. 2A, a flow chart of a block chain-based data sharing method is shown, where the method includes:
s201, obtaining the login password input by the login user, and verifying the legality of the login password input by the login user according to the login password of the registered user stored in the local service system.
Specifically, each mechanism for data sharing has a corresponding local service system and a node device in the blockchain network. Referring to fig. 2B, the user registers in the local service system, and locally uploads files required for handling the service, such as an identity document, various qualification documents, and the like, after the registration is successful, so that the local service system handles the service for the user based on the files.
In this embodiment, the local service system stores a login password and identity information of a registered user, where the login password may specifically be a character or a pattern set by the user, and may also be biometric information such as a fingerprint, a face, an iris, and a voiceprint, and it is obvious that the biometric information is used as the login password for login authentication, so that on one hand, user operation can be simplified, and the user can perform authentication without memorizing the password, and on the other hand, the biometric information has low falsification and high reliability, and the identity information may be information representing the user identity, including name, age, gender, occupation, affiliated unit, contact way, identification number, and the like, input by the user during registration.
In consideration of the data sharing requirement, the first node device further stores an identity card generated based on the identity information of the registered user and a file card generated based on a file uploaded locally by the registered user on the blockchain. The process of storing the identity card and the file card in the block chain by the first node device may be referred to as an identity card uplink and a file card uplink.
Specifically, the identity card uplink can be realized by the following method: acquiring identity information input by the registered user, storing the identity information of the registered user in the local service system, then performing hash operation on the identity information of the registered user to obtain a hash value, taking the hash value as an identity card of the registered user, and finally broadcasting the identity card of the registered user to the blockchain by the first node equipment so as to store the identity card of the registered user on the blockchain. The document storage certificate uplink process can be referred to as an identity storage certificate uplink process, and is not further described herein.
When a user transacts a corresponding service in another organization, the user can access the first node device through a unified entry, such as an exclusive application program or an applet, specifically, the user can input a user name and a login password in a login interface of the exclusive application program or the applet, so that the first node device can acquire the user name and the login password, compare the user name and the login password with the user name and the login password of a registered user stored in a local service system, if the user name and the login password are consistent, the user passes verification and login is allowed, and if the user name and the login password are not consistent, the user name or the login password are wrong, the first node device can return a prompt message to the client to remind the user of logging in again.
S202, after the login password input by the login user passes the verification, generating the identity certificate of the login user according to the identity information of the login user and the first digital signature, and sending the identity certificate of the login user to the client of the login user.
For the first node device, if the login password input by the login user passes the verification, the login user is trusted, and the first node device may generate an identity certificate for the login user so as to implement mutual identity authentication between organizations based on the identity certificate.
In specific implementation, the first node device applies for a key pair (a public key and a private key) to the electronic authentication service CA, it can be understood that node devices corresponding to other organizations, such as the second node device, know the public key of the first node device, and the first node device can perform signature calculation on information including the identity information of the login user by using a signature algorithm according to the private key of the first node device to generate a first digital signature, and then package the identity information of the login user and the first digital signature to generate an identity credential of the login user.
In some cases, the user can also selectively disclose the information required to be disclosed according to different services, so that the illegal leakage of sensitive information is avoided. Specifically, before generating the user identity credential of the login user, the first node device may obtain the target file identification specified by the login user, where the target file identification may uniquely identify the target file as formulated by the user, as an example, it can be the name and number of the file, and certainly considering that the file type in some business handling processes has uniqueness, the type identification of the target file can also be used as the identification of the target file, such as an identity card, a business license and the like, then, the first node device may sign the identity information of the login user and the target file identifier specified by the login user by using a local private key to generate the first digital signature, and package the identity information of the login user, the target file identifier specified by the login user and the first digital signature to generate the user identity credential of the login user.
The style of the user identity credential may be set according to actual requirements, for example, a combination of the identity information and the first digital signature may be directly used as the identity credential, or the identity credential may be encoded, for example, the user identity credential of the login user is generated in a two-dimensional code form. Through the two-dimensional code, the operation convenience can be improved on the one hand, and on the other hand can ensure the security of identity information and avoid information leakage.
S203, receiving an acquisition request message sent by the second node equipment in the block chain after the authentication of the identity credential of the login user passes.
Specifically, the second node device may obtain the identity credential of the login user, for example, obtain the identity credential by scanning a two-dimensional code, then verify a first digital signature in the identity credential by using a public key of the first node device, so as to implement authentication of the organization identity by the second node device, if the first digital signature passes verification, the organization identity is trusted, the first node device obtains the identity card of the login user from the block chain, and authenticates the validity of the identity information in the user identity credential according to the identity card of the login user, thereby implementing authentication of the user identity by the second node device. If the second node device passes the authentication of the identity credential of the login user, the second node device may send an acquisition request message to the first node device to acquire the target file from the first node device.
The obtaining request message comprises the user identifier of the login user, the target file identifier and a second digital signature, wherein the second digital signature is generated by the second node device performing signature calculation on information comprising the user identifier of the login user and the target file identifier by using a signature algorithm according to a private key of the second node device, and a specific calculation process of the second digital signature can refer to a calculation process of the first digital signature. The first node device may instruct the second node device to return the target file corresponding to the user represented by the user identifier by carrying the user identifier and the target file identifier in the acquisition request message.
And S204, performing signature verification on the second digital signature, and after the second digital signature passes the verification, sending an acquisition response message to the second node device, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
Specifically, the first node device may perform signature calculation locally on information including a user identifier of the login user and a target file identifier by using a signature algorithm according to a public key of the second node device, compare the signature with the received second digital signature, and if the signature is consistent with the received second digital signature, verify that the second digital signature passes, otherwise, verify that the second digital signature does not pass.
When the second digital signature passes verification, the acquisition request message is indicated to be authentic, the first node device can acquire a target file corresponding to the login user and matched with the target file identifier according to the user identifier and the target file identifier, acquire a block chain address of the target file, namely a storage address of a file certificate of the target file in a block chain network, package the target file and the block chain address thereof to generate an acquisition response message, and send the acquisition response message to the second node device. Therefore, the second node device can not only obtain the target file, but also obtain the file deposit certificate according to the block chain address, and then obtain the hash value of the target file through hash calculation on the target file, and compare the hash value with the file deposit certificate to verify the validity of the target file.
In some possible implementations, in consideration of data security and traceability, the first node device may also chain a file acquisition activity record of the user, so as to maintain a view record of the file for the user, so that the user can trace back through the record when a security event occurs. Specifically, the first node device may generate an obtaining behavior log according to a behavior record of the second node device, perform hash operation on the obtaining behavior log to obtain a hash value, use the hash value as a read credential of the target file, and broadcast the read credential of the target file to the block chain, so as to store the read credential of the target file on the block chain.
In consideration of traceability integrity, the first node device may also uplink the local operation log to provide a data base for the audit task. Specifically, the first node device may further perform a hash operation on the operation behavior log of the local service system to obtain a hash value, which is used as a local operation credential, and then broadcast the local operation credential to the block chain, so as to store the local operation credential of the target file on the block chain. Therefore, when auditing node equipment for realizing the auditing function in the block chain network is used for auditing all organizations, the operation voucher of each organization can be acquired from the block chain so as to verify the authenticity of the operation log provided by each organization, and the audit result is issued based on the operation logs of each organization after the verification is passed, so that each organization can check the audit result in time.
In view of the above, an embodiment of the present application provides a data sharing method, in which a service system is combined with a block chain, a login password and identity information of a registered user are stored in a local service system, an identity card generated based on the identity information of the registered user and a file card generated based on a file uploaded locally by the registered user are both stored in the block chain, when a user transacts a service to a certain organization, a first node device corresponding to an organization transacting other services before accessing through the login password is enabled to obtain an identity certificate generated by the node device through the identity information of the login user and a first digital signature, a second node device corresponding to the organization to be transacted realizes mutual identity authentication through authentication of the identity certificate, and after the authentication is passed, an acquisition request message is sent to the first node device to request to log in a target file corresponding to the user, after the second digital signature in the acquisition request message is verified, the first node device sends an acquisition response message carrying the target file and the block chain address thereof to the second node device, so that the second node device can acquire the file storage certificate of the target file according to the block chain address and verify the validity of the target file. On one hand, identity authentication between mechanisms is realized based on the block chain, and on the other hand, the safety and reliability of the data sharing process are ensured based on the anti-tampering performance of the block chain, so that the normal progress of the service is ensured.
Next, a data sharing method provided in the embodiment of the present application is described from the perspective of the second node device.
Referring to the flow chart of the data sharing method shown in fig. 3, the method includes:
s301, obtaining the identity certificate of the login user.
The identity certificate of the login user comprises identity information of the login user and a first digital signature, wherein the first digital signature is generated by a first node device in a block chain signing the identity information of the login user after the login password of the login user is verified.
In a specific implementation, referring to fig. 2B, a user may access the first node device through a unified entry provided by the client, and the first node device returns the identity credential of the login user to the client after verifying that the login password of the login user passes, so that the second node device may obtain the identity credential of the login user from the client. Specifically, the user identity credential may exist in a form of a two-dimensional code, and thus, the second node device may obtain the identity credential of the login user in a code scanning manner.
S302, obtaining the identity card of the login user from the block chain, and verifying the identity certificate of the login user according to the identity card of the login user.
Specifically, an identity card generated based on identity information of a registered user uploaded by each node device in the blockchain network is stored in the blockchain, and the user can realize dual authentication of the user identity and the organization identity based on the identity card. When identity authentication is carried out, the public key of the first node equipment can be firstly utilized to carry out signature verification on the first digital signature in the identity certificate of the login user, after the first digital signature verification is passed, the identity card of the login user is obtained from the block chain, and the validity of the identity information in the identity certificate of the user is verified according to the identity card of the login user.
And S303, after the verification is passed, sending an acquisition request message to the first node equipment.
The acquisition request message comprises the user identification of the login user, the target file identification and the second digital signature. And the second digital signature is generated by the second node equipment performing signature calculation on information including the user identification of the login user and the target file identification by using a signature algorithm according to a private key of the second node equipment.
For the target file identifier, it may be specified by the user, that is, the second node device obtains the service file identifier specified by the login user, and uses the service file identifier as the target file identifier, and certainly, the target file identifier may also be obtained automatically by the second node device from the service system, and if an organization customizes the target file type in the service system, the second node device may automatically obtain the service file identifier specified by the local service system, that is, the type identifier of the customized target file type in the service system, such as an "identity card", "business license", and then uses the service file identifier as the target file identifier.
In practical application, a data sharing party such as the first node device or a data sharing party such as the second node device provides a designated interface for a user, and the user selects a target file through a selection control on the designated interface. That is, the second node device may display a user operation interface after the identity credential of the login user passes verification, and determine that the service file identifier specified by the login user is used as the target file identifier according to a selection operation triggered by the login user on the user operation interface.
In some possible implementation manners, the second node device may also obtain, from a specified field in the identity credential of the login user, a service file identifier specified by the login user as a target file identifier after the identity credential of the login user passes verification.
S304, receiving an acquisition response message sent by the first node device after the second digital signature verification is passed.
Specifically, the first node device may perform local signature calculation on information including a user identifier of a login user and a target file identifier by using a signature algorithm according to a private key of the first node device, compare a calculation result with the second digital signature, if the calculation result is consistent with the second digital signature, the second digital signature passes verification, and the first node device may send an acquisition response message, and if the calculation result is inconsistent with the second digital signature, the second digital signature fails verification.
And the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file. The block chain address is specifically an address of a file of the target file in the block chain.
S305, acquiring the file storage certificate of the target file from the block chain according to the block chain address of the target file, and verifying the legality of the target file according to the file storage certificate of the target file.
And the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user. Based on this, the second node device may verify the legitimacy of the target file based on the file storage of the target file.
Specifically, the second node device may calculate a hash value of the target file, compare the hash value with a file certificate of the target file acquired from the block chain according to the block chain address of the target file, and determine that the target file is legal if the hash value is consistent with the file certificate of the target file, otherwise determine that the target file is illegal.
The second node device may also chain the local operation log to provide a trusted data base for auditing in view of information traceability. Specifically, the second node device performs hash operation on the operation behavior log of the local service system to obtain a hash value, which is used as a local operation credential, and then broadcasts the local operation credential to the block chain, so as to store the local operation credential of the target file on the block chain.
In view of the above, an embodiment of the present application provides a data sharing method, in which a service system is combined with a block chain, a login password and identity information of a registered user are stored in a local service system, an identity card generated based on the identity information of the registered user and a file card generated based on a file uploaded locally by the registered user are both stored in the block chain, when a user transacts a service to a certain organization, a first node device corresponding to an organization transacting other services before accessing through the login password is enabled to obtain an identity certificate generated by the node device through the identity information of the login user and a first digital signature, a second node device corresponding to the organization to be transacted realizes mutual identity authentication through authentication of the identity certificate, and after the authentication is passed, an acquisition request message is sent to the first node device to request to log in a target file corresponding to the user, after the second digital signature in the acquisition request message is verified, the first node device sends an acquisition response message carrying the target file and the block chain address thereof to the second node device, so that the second node device can acquire the file storage certificate of the target file according to the block chain address and verify the validity of the target file. On one hand, identity authentication between mechanisms is realized based on the block chain, and on the other hand, the safety and reliability of the data sharing process are ensured based on the anti-tampering performance of the block chain, so that the normal progress of the service is ensured.
The data sharing method of the present application is described in detail below with reference to a specific application scenario of a development enterprise. Firstly, referring to a scene schematic diagram of the data sharing method shown in fig. 4, the scene includes mechanisms such as a business administration, tax, bank, public security, etc., the business administration collects data such as business license of the business and the like according to the job and performs related data aggregation, the tax institution shares data such as tax payment certificate of companies and personal tax payment data according to the job, shares data such as unit official seal, financial seal, legal seal, lease contract, house property certificate copy and the like according to the job authority, the mechanisms share data in a block chain, and the public security organization can look up the data shared by the mechanisms in the block chain according to the job authority, thereby facilitating supervision.
As shown in fig. 3, each enterprise may deploy federation chain services to form node devices 410 in the blockchain network, each node device stores shared data in a database 420 in a block form, and a user may access the blockchain network through a block browser 430 to view the block data.
The data sharing process of the present application will be described below by taking data sharing between two organizations as an example. For convenience of description, the organization a is referred to as one of the organizations of the business administration, the tax administration, the bank, the public security, and the like, and the organization B is referred to as the other of the organizations. Referring to an interaction flowchart of the data sharing method shown in fig. 5, the method specifically includes the following steps:
1. a, B register Identity in the alliance chain system, obtain Identity (Identity, ID) and certificate file;
2. the method comprises the steps that a user registers complete identity in an organization A, and information of a clerk/enterprise is filled in, and specifically comprises the steps of inputting basic information of the user and biological information such as a human face and a fingerprint, wherein the biological information can be used as a login password of the user;
3. the organization A stores related user information and an qualification file AA;
4. the user goes to the organization B to handle the service BB;
5. firstly, inputting a login password through a client operated by a mobile phone, requesting a first node device corresponding to a mechanism A to perform biological identification, and requesting the mechanism A to acquire an identity certificate;
6. the mechanism A compares a login password input by a user with a pre-stored login password of a registered user to verify the legality of the login password, if the verification is passed, an identity certificate is generated according to user identity information and a first digital signature, and the identity certificate is returned to the client;
7. the user presents the identity certificate to second node equipment corresponding to the mechanism B;
8. the mechanism B reads the identity certificate of the user through the transaction window in a code scanning mode, and verifies the identity of the mechanism A and the user based on the identity certificate;
9. if the verification is passed, sending an acquisition request message to the mechanism A to request to acquire a qualification file AA;
10. a first node device corresponding to the mechanism A links up a call log of a mechanism B calling a qualification file AA and other audit information;
11. a first node device corresponding to a mechanism A returns an acquisition response message to a second node device corresponding to a mechanism B, wherein the acquisition response message comprises a qualification file AA and a block chain address of the qualification file AA;
12. the second node equipment corresponding to the mechanism B acquires the file deposit certificate of the qualification file AA from the block chain according to the block chain address, performs hash calculation on the qualification file AA to obtain a hash value, and then compares the hash value with the file deposit certificate to verify the validity of the qualification file AA;
13. if it is legal, the user may continue to transact business at organization B.
For the Identity authentication between organizations, please refer to fig. 6A, each organization may register the Identity of the organization in the federation chain System, generate a Tencent User Security Infrastructure Identity (TUSI-ID), then apply for a public Key certificate on a Key Management System (KMS) of TUSI, and privately deploy a private Key in SGX, which is a secure environment for data operation under Intel technology architecture, and encapsulate operations on sensitive data (such as encryption keys, passwords, User data, etc.) in a "small black box", which cannot be accessed by malicious software, and index the public Key data between the federation organizations through the TUSI-ID, when performing the Identity authentication between organizations, the public Key is signed by the private Key, and then the public Key is used to verify the signature, for example, the organization A confirms the Identity with a message loaded with the TUSI-ID and an operation event to organization B, agency B authenticates by TUSI-ID indexing the public key. In the process, an integrity check code can be added to the message to realize integrity check, and a timestamp is added to the message to realize replay attack prevention.
For the identity authentication of the enterprise clerk, please refer to fig. 6B, first register the identity of the clerk in the alliance chain system, generate TUSI-ID, perform hash calculation on the user identity information, and then use the hash calculation as an identity chain, and at the same time store the user biometric information, such as a fingerprint, in the business system.
For the data sharing process, specifically, referring to fig. 7A, when a block chain service platform is built, a federation chain is built between enterprises requiring data sharing, each structure can be accessed as a node, and the accessed enterprises can be allocated as a write node and an observation node (i.e., the above-mentioned audit node) according to different authorities. Wherein the write node has the right to initiate a transaction/contract, i.e.: the monitoring node has the accounting right and is suitable for alliance chain data sharing organizations, such as the above-mentioned organizations for bank, business management and the like, and the organization A, the organization B, the organization C and the organization D are used for replacing the organization A, the organization B, the organization C and the organization D in the graph 7A, and the monitoring node can check the synchronized data in real time and is suitable for a monitoring organization and a third party organization.
The mechanism for sharing data, that is, the data holding mechanism such as the mechanism a, may initiate an agreement contract, package data to be shared in an agreement, and then node devices in the blockchain network determine a billing node according to a consensus algorithm such as a byzantine algorithm, and the billing node may package blocks according to the agreement contract, record the blocks in the blockchain, and implement data synchronization between the nodes through a Peer-to-Peer network (P2P).
In addition, the operations of data synchronization, data sharing, pushing, consulting and the like initiated by each node can form an audit log in a contract form and send the audit log to each node of the alliance chain, and the audit log cannot be deleted or tampered. Namely, an audit alliance chain of the data sharing application system can be constructed based on the block chain technology, and unified data circulation service is achieved.
Specifically, referring to fig. 7B, a 4A system is accessed in the alliance chain network, where the 4A system is a system providing Authentication, Authorization and Authorization, Accounting and Audit audio services, the identity Authorization of an organization is realized through a service node of the 4A system, and a CA management system provided by the TUSI block chain platform itself is used to issue a digital certificate for each service node to access the block chain platform securely, so as to ensure the validity of the uplink of the Audit record. For data flow and major accidents between the organizations A and B, adding audit records of logs, wherein the audit records comprise the date and time of the emergency, users, event types, whether the events are successful or not and other information related to auditing, taking a data extraction application node as an observation node to realize data pulling and big data statistical service, taking audit supervision of data safety as an audit node to access an audit alliance chain to realize uniform safety audit of all systems of a big data center, and carrying out audit tracing based on the safety events.
It should be noted that, in actual application, at least one node may also be reserved as an extensible node when a federation chain is deployed, so as to be used when a new service is extended.
The foregoing is a specific implementation manner of the data sharing method provided in the embodiment of the present application, and the embodiment of the present application further provides a first node device and a second node device for implementing the method, which will be described in detail in terms of function modularization.
Referring to the schematic structural diagram of the first node apparatus shown in fig. 8, the first node apparatus 800 includes:
the first verification module 810 is configured to obtain a login password input by a login user, and verify the validity of the login password input by the login user according to a login password of a registered user stored in a local service system, where the login password and identity information of the registered user are stored in the local service system;
a sending module 820, configured to generate an identity credential of the login user according to the identity information of the login user and the first digital signature after the login password input by the login user passes verification, and send the identity credential of the login user to the client of the login user;
a receiving module 830, configured to receive an obtaining request message sent by a second node device in the block chain after the authentication of the identity credential of the login user passes, where the obtaining request message includes a user identifier of the login user, a target file identifier, and a second digital signature;
a second verification module 840, configured to perform signature verification on the second digital signature, and send an acquisition response message to the second node device after the signature verification is passed, where the acquisition response message includes a target file corresponding to the login user and matching the target file identifier and a block chain address of the target file.
Optionally, referring to fig. 9, fig. 9 is a schematic structural diagram of a first node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 8, the first node device 800 further includes:
an identity information obtaining module 851, configured to obtain the identity information input by the registered user, and store the identity information of the registered user in the local service system;
an operation module 852, configured to perform a hash operation on the identity information of the registered user to obtain a hash value, which is used as the identity card of the registered user;
an identity card storing module 853, configured to broadcast the identity card of the registered user to the blockchain, so as to store the identity card of the registered user on the blockchain.
Optionally, referring to fig. 10, fig. 10 is a schematic structural diagram of a first node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 8, the first node device 800 further includes:
and the acquisition module 860 is used for acquiring the biological characteristics input by the registered user and taking the biological characteristics as the login password of the registered user.
Optionally, referring to fig. 11, fig. 11 is a schematic structural diagram of a first node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 8, the first node device 800 further includes:
a log generating module 871, configured to generate an obtaining behavior log according to a behavior record of the second node device obtaining the target file;
the file certificate storage module 872 is configured to perform hash operation on the obtained behavior log to obtain a hash value, and the hash value is used as a reading certificate of the target file; broadcasting the read voucher of the target file to the block chain so as to store the read voucher of the target file on the block chain.
Optionally, referring to fig. 12, fig. 12 is a schematic structural diagram of a first node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 8, the first node device 800 further includes:
an operation credential generating module 881, configured to perform hash operation on the operation behavior log of the local service system to obtain a hash value, which is used as a local operation credential;
an operation credential storing module 882, configured to broadcast the local operation credential to the blockchain, so as to store the local operation credential of the target file on the blockchain.
Optionally, referring to fig. 13, fig. 13 is a schematic structural diagram of a first node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 8, the first node device 800 further includes:
a target file identifier obtaining module 890, configured to obtain a target file identifier specified by the login user;
the sending module 820 is specifically configured to:
signing the identity information of the login user and the target file identification appointed by the login user by using a local private key to generate the first digital signature;
and generating a user identity certificate of the login user by using the identity information of the login user, the target file identifier appointed by the login user and the first digital signature.
Optionally, the sending module 820 generates the user identity credential of the login user in a two-dimensional code form.
Next, referring to the schematic structural diagram of the second node device shown in fig. 14, the second node device 1400 includes:
an obtaining module 1410, configured to obtain an identity credential of a login user, where the identity credential of the login user includes identity information of the login user and a first digital signature, and the first digital signature is generated by a first node device in a block chain signing the identity information of the login user after a login password of the login user is verified;
a first verification module 1420, configured to obtain the identity card of the login user from the blockchain, and verify the identity credential of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card;
a sending module 1430, configured to send an acquisition request message to the first node device after the verification is passed, where the acquisition request message includes a user identifier of the login user, a target file identifier, and a second digital signature;
a receiving module 1440, configured to receive an acquisition response message sent by the first node device after the second digital signature verification passes, where the acquisition response message includes a target file corresponding to the login user and matching the target file identifier and a block chain address of the target file;
a second verifying module 1450, configured to obtain a file deposit certificate of the target file from the block chain according to the block chain address of the target file, and verify the validity of the target file according to the file deposit certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
Optionally, referring to fig. 15, fig. 15 is a schematic structural diagram of a second node device according to an embodiment of the present application, and based on the structure shown in fig. 14, the first verification module 1420 includes:
a signature verification sub-module 1421, configured to perform signature verification on the first digital signature in the identity credential of the login user by using the public key of the first node device;
the identity information verification sub-module 1422 is configured to, after the first digital signature verification passes, obtain the identity card of the login user from the block chain, and verify the validity of the identity information in the user identity credential according to the identity card of the login user.
Optionally, the obtaining module 1410 is further configured to:
acquiring a service file identifier specified by a local terminal service system, and taking the service file identifier as the target file identifier; or,
and acquiring a service file identifier appointed by the login user, and taking the service file identifier as the target file identifier.
Optionally, the obtaining module 1410 is further configured to:
after the identity certificate of the login user passes the verification, acquiring a service file identifier appointed by the login user from an appointed field in the identity certificate of the login user; or,
and after the identity certificate of the login user passes the verification, displaying a user operation interface, and determining the service file identifier appointed by the login user according to the selection operation triggered by the login user on the user operation interface.
Optionally, referring to fig. 16, fig. 16 is a schematic structural diagram of a second node device provided in the embodiment of the present application, and on the basis of the structure shown in fig. 14, the second node device 1400 further includes:
an operation module 1460, configured to perform hash operation on the operation behavior log of the local service system to obtain a hash value, which is used as a local operation credential;
a storing module 1470 configured to broadcast the local operation credential to the blockchain, so as to store the local operation credential of the target file on the blockchain.
For ease of understanding, the first node device and the second node device provided in the embodiments of the present application will be described below from the perspective of hardware implementation.
As shown in fig. 17, for convenience of description, only the portions related to the embodiments of the present application are shown, and details of the specific techniques are not disclosed, please refer to the method portion of the embodiments of the present application. The terminal may be any terminal device including a desktop, a notebook computer, a tablet computer, a mobile phone, a Personal Digital Assistant (hereinafter, referred to as "Personal Digital Assistant"), a vehicle-mounted computer, etc., taking the terminal as the desktop as an example:
fig. 17 is a block diagram illustrating a partial structure of a desktop computer related to a terminal provided in an embodiment of the present application. Referring to fig. 17, the desktop includes: radio Frequency (RF) circuit 1710, memory 1720, input unit 1730, display unit 1740, sensor 1750, audio circuit 1760, wireless fidelity (WiFi) module 1770, processor 1780, and power supply 1790. Those skilled in the art will appreciate that the desktop configuration shown in FIG. 17 is not intended to be a limitation of a desktop and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The following describes each component of the desktop computer in detail with reference to fig. 17:
the RF circuit 1710 can be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing the received downlink information of the base station in the processor 1780; in addition, the data for designing uplink is transmitted to the base station. In general, RF circuit 1710 includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (Low Noise Amplifier; LNA), a duplexer, and the like.
The memory 1720 may be used to store software programs and modules, and the processor 1780 may execute various functional applications of the desktop computer and data processing by operating the software programs and modules stored in the memory 1720. The memory 1720 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, and the like), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the desktop computer, and the like. Further, the memory 1720 may include high-speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 1730 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the desktop computer. Specifically, the input unit 1730 may include a touch panel 1731 and other input devices 1732. The touch panel 1731 may collect touch operations performed by a user on or near the touch panel 1731 (e.g., operations performed by the user on the touch panel 1731 or near the touch panel 1731 by using any suitable object or accessory such as a finger or a stylus), and drive a corresponding connection device according to a preset program. The input unit 1730 may include other input devices 1732 in addition to the touch panel 1731. In particular, other input devices 1732 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 1740 may be used to display information input by or provided to the user and various menus of the desktop computer. The Display unit 1740 may include a Display panel 1741, and optionally, the Display panel 1741 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 1731 may cover the display panel 1741, and when the touch panel 1731 detects a touch operation on or near the touch panel 1731, the touch panel is transmitted to the processor 1780 to determine the type of the touch event, and then the processor 1780 provides a corresponding visual output on the display panel 1741 according to the type of the touch event. Although in FIG. 17, touch panel 1731 and display panel 1741 are shown as two separate components to implement desktop input and output functions, in some embodiments, touch panel 1731 and display panel 1741 may be integrated to implement desktop input and output functions.
The desktop may also include at least one sensor 1750, such as a light sensor, among other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 1741 according to the brightness of ambient light; as for the desktop, other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor may be further configured, which are not described herein.
Audio circuitry 1760, speakers 1761, and microphone 1762 may provide an audio interface between the user and the desktop. The audio circuit 1760 may transmit the electrical signal converted from the received audio data to the speaker 1761, and the electrical signal is converted into a sound signal by the speaker 1761 and output; on the other hand, the microphone 1762 converts the collected sound signals into electrical signals, which are received by the audio circuit 1760 and converted into audio data, which are processed by the audio data output processor 1780 and then passed through the RF circuit 1710 for transmission to, for example, another desktop computer, or for output to the memory 1720 for further processing.
WiFi belongs to short-range wireless transmission technology, and the desktop can help the user send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 1770, which provides the user with wireless broadband internet access. Although fig. 17 shows the WiFi module 1770, it is understood that it does not belong to the essential constitution of the desktop computer, and may be omitted entirely as needed within the scope not changing the essence of the invention.
Processor 1780 is the control center of the desktop, interfaces and lines to connect the various parts of the overall desktop, and performs the overall monitoring of the desktop by running or executing software programs and/or modules stored in memory 1720, as well as invoking data stored in memory 1720, performing various functions of the desktop and processing the data. Optionally, processor 1780 may include one or more processing units; preferably, the processor 1780 may integrate an application processor, which primarily handles operating systems, user interfaces, application programs, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 1780.
The desktop computer also includes a power supply 1790 (e.g., a battery) to power the various components, which may preferably be logically connected to the processor 1780 via a power management system to manage charging, discharging, and power consumption management functions via the power management system.
Although not shown, the desktop may further include a camera, a bluetooth module, etc., which will not be described herein.
In this embodiment, when the terminal is used as the first node device, the processor 1780 included in the terminal further has the following functions:
acquiring a login password input by a login user, and verifying the legality of the login password input by the login user according to the login password of a registered user stored in a local service system, wherein the login password and identity information of the registered user are stored in the local service system;
after the login password input by the login user passes verification, generating an identity certificate of the login user according to the identity information of the login user and the first digital signature, and sending the identity certificate of the login user to a client of the login user;
receiving an acquisition request message sent by a second node device in the block chain after the authentication of the identity credential of the login user passes, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature;
and performing signature verification on the second digital signature, and after the second digital signature passes the verification, sending an acquisition response message to the second node device, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
Optionally, the processor 1780 is further configured to execute the steps of any implementation manner of the data sharing method provided in the embodiment of the present application.
When the terminal is used as the second node device, the processor 1780 included in the terminal further has the following functions:
acquiring an identity certificate of a login user, wherein the identity certificate of the login user comprises identity information of the login user and a first digital signature, and the first digital signature is generated by signing the identity information of the login user by first node equipment in a block chain after the login password of the login user is verified;
acquiring the identity card of the login user from the block chain, and verifying the identity certificate of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card;
after the verification is passed, sending an acquisition request message to the first node device, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature;
receiving an acquisition response message sent by the first node device after the second digital signature verification passes, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file;
acquiring a file storage certificate of the target file from the block chain according to the block chain address of the target file, and verifying the legality of the target file according to the file storage certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
Optionally, the processor 1780 is further configured to execute the steps of any implementation manner of the data sharing method provided in the embodiment of the present application.
The embodiment of the present application further provides a computer-readable storage medium for storing a program code, where the program code is used to execute any one implementation of the data sharing method described in the foregoing embodiments.
The present application further provides a computer program product including instructions, which when run on a computer, causes the computer to execute any one of the embodiments of a data sharing method described in the foregoing embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (16)

1. A method for sharing data based on block chains is characterized by comprising the following steps:
acquiring a login password input by a login user, and verifying the legality of the login password input by the login user according to the login password of a registered user stored in a local service system, wherein the login password and identity information of the registered user are stored in the local service system;
after the login password input by the login user passes verification, generating an identity certificate of the login user according to the identity information of the login user and the first digital signature, and sending the identity certificate of the login user to a client of the login user;
receiving an acquisition request message sent by a second node device in the block chain after the authentication of the identity credential of the login user passes, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature, and the second digital signature is generated by the second node device through signature calculation on information comprising the user identifier of the login user and the target file identifier by using a signature algorithm according to a private key of the second node device; and performing signature verification on the second digital signature, and after the second digital signature passes the verification, sending an acquisition response message to the second node device, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
2. The method of claim 1, further comprising:
acquiring identity information input by the registered user, and storing the identity information of the registered user in the local service system;
carrying out hash operation on the identity information of the registered user to obtain a hash value which is used as the identity card of the registered user;
and broadcasting the identity card of the registered user to the block chain so as to store the identity card of the registered user on the block chain.
3. The method of claim 1, further comprising:
and collecting the biological characteristics input by the registered user, and taking the biological characteristics as the login password of the registered user.
4. The blockchain-based data sharing method according to any one of claims 1 to 3, wherein after sending the acquisition response message to the second node device in the blockchain, the method further comprises:
generating an obtaining behavior log aiming at the behavior record of the second node equipment for obtaining the target file;
performing hash operation on the acquired behavior log to obtain a hash value, wherein the hash value is used as a reading certificate of the target file; broadcasting the read voucher of the target file to the block chain so as to store the read voucher of the target file on the block chain.
5. The blockchain-based data sharing method according to any one of claims 1 to 3, wherein the method further comprises:
performing hash operation on the operation behavior log of the local service system to obtain a hash value as a local operation certificate;
broadcasting the local operation credential onto the blockchain to store the local operation credential of the target file on the blockchain.
6. The blockchain-based data sharing method according to claim 1, wherein before the generating of the user identity credential of the login user according to the identity information of the login user and the first digital signature, the method further comprises:
acquiring a target file identifier specified by the login user;
generating a user identity credential of the login user according to the identity information of the login user and the first digital signature comprises:
signing the identity information of the login user and the target file identification appointed by the login user by using a local private key to generate the first digital signature;
and generating a user identity certificate of the login user by using the identity information of the login user, the target file identifier appointed by the login user and the first digital signature.
7. The blockchain-based data sharing method according to any one of claims 1 to 3, wherein the user identity credential of the login user is generated in a form of a two-dimensional code.
8. A method for sharing data based on block chains is characterized by comprising the following steps:
acquiring an identity certificate of a login user, wherein the identity certificate of the login user comprises identity information of the login user and a first digital signature, and the first digital signature is generated by at least signing the identity information of the login user by a first node device in a block chain after the login password of the login user is verified;
acquiring the identity card of the login user from the block chain, and verifying the identity certificate of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card; after the verification is passed, sending an acquisition request message to the first node device, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature, and the second digital signature is generated by the second node device by utilizing a signature algorithm to perform signature calculation on information comprising the user identifier of the login user and the target file identifier according to a private key of the second node device;
receiving an acquisition response message sent by the first node device after the second digital signature verification passes, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file;
acquiring a file storage certificate of the target file from the block chain according to the block chain address of the target file, and verifying the legality of the target file according to the file storage certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
9. The data sharing method according to claim 8, wherein the obtaining the identity card of the login user from the blockchain, and verifying the identity credential of the login user according to the identity card of the login user comprises:
utilizing the public key of the first node equipment to carry out signature verification on the first digital signature in the identity certificate of the login user;
and after the first digital signature passes the verification, acquiring the identity card of the login user from the block chain, and verifying the validity of the identity information in the user identity certificate according to the identity card of the login user.
10. The data sharing method of claim 8, wherein the target file identification is determined by:
acquiring a service file identifier specified by a local terminal service system, and taking the service file identifier as the target file identifier; or,
and acquiring a service file identifier appointed by the login user, and taking the service file identifier as the target file identifier.
11. The data sharing method according to claim 10, wherein the obtaining the service file identifier specified by the login user comprises:
after the identity certificate of the login user passes the verification, acquiring a service file identifier appointed by the login user from an appointed field in the identity certificate of the login user; or,
and after the identity certificate of the login user passes the verification, displaying a user operation interface, and determining the service file identifier appointed by the login user according to the selection operation triggered by the login user on the user operation interface.
12. The data sharing method according to any one of claims 8 to 11, wherein the method further comprises:
performing hash operation on an operation behavior log of a local service system to obtain a hash value as a local operation certificate;
broadcasting the local operation credential onto the blockchain to store the local operation credential of the target file on the blockchain.
13. A first node device, comprising:
the first verification module is used for acquiring a login password input by a login user and verifying the legality of the login password input by the login user according to the login password of a registered user stored in a local service system, wherein the login password and identity information of the registered user are stored in the local service system; the sending module is used for generating the identity certificate of the login user according to the identity information of the login user and the first digital signature after the login password input by the login user passes the verification, and sending the identity certificate of the login user to the client of the login user;
the receiving module is used for receiving an acquisition request message which is sent by second node equipment in a block chain after the authentication of the identity certificate of the login user passes, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature, and the second digital signature is generated by the second node equipment through signature calculation on information comprising the user identifier of the login user and the target file identifier by using a signature algorithm according to a private key of the second node equipment;
and the second verification module is used for performing signature verification on the second digital signature and sending an acquisition response message to the second node device after the second digital signature passes the verification, wherein the acquisition response message comprises a target file corresponding to the login user and matched with the target file identifier and a block chain address of the target file.
14. A second node device, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring an identity certificate of a login user, the identity certificate of the login user comprises identity information of the login user and a first digital signature, and the first digital signature is generated by at least signing the identity information of the login user after a first node device in a block chain verifies that a login password of the login user passes;
the first verification module is used for acquiring the identity card of the login user from the block chain and verifying the identity certificate of the login user according to the identity card of the login user; the block chain is stored with identity information which is uploaded by each node device in the block chain network and is based on the registered user to generate an identity card;
the sending module is used for sending an acquisition request message to the first node equipment after the verification is passed, wherein the acquisition request message comprises a user identifier of the login user, a target file identifier and a second digital signature, and the second digital signature is generated by the second node equipment through signature calculation on information comprising the user identifier of the login user and the target file identifier by using a signature algorithm according to a private key of the second node equipment;
a receiving module, configured to receive an acquisition response message sent by the first node device after the second digital signature verification passes, where the acquisition response message includes a target file corresponding to the login user and matching the target file identifier and a block chain address of the target file;
the second verification module is used for acquiring the file storage certificate of the target file from the block chain according to the block chain address of the target file and verifying the legality of the target file according to the file storage certificate of the target file; and the block chain also stores a file deposit certificate which is uploaded by each node device in the block chain network and is generated based on the file uploaded by the user.
15. A node device, comprising a processor and a memory;
the memory is used for storing a computer program;
the processor is configured to run the computer program to perform the data sharing method of any one of claims 1 to 12.
16. A computer-readable storage medium for storing a computer program for executing the data sharing method according to any one of claims 1 to 12.
CN201910760147.3A 2019-08-16 2019-08-16 Data sharing method and device based on block chain and storage medium Active CN110493220B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910760147.3A CN110493220B (en) 2019-08-16 2019-08-16 Data sharing method and device based on block chain and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910760147.3A CN110493220B (en) 2019-08-16 2019-08-16 Data sharing method and device based on block chain and storage medium

Publications (2)

Publication Number Publication Date
CN110493220A CN110493220A (en) 2019-11-22
CN110493220B true CN110493220B (en) 2021-05-25

Family

ID=68551811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910760147.3A Active CN110493220B (en) 2019-08-16 2019-08-16 Data sharing method and device based on block chain and storage medium

Country Status (1)

Country Link
CN (1) CN110493220B (en)

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110868424A (en) * 2019-11-26 2020-03-06 深圳市信联征信有限公司 Data sharing method and device based on block chain, computer equipment and storage medium
CN112884562B (en) * 2019-11-30 2024-03-19 腾讯科技(深圳)有限公司 Mortgage processing method and device based on blockchain and readable storage medium
CN111241592A (en) * 2019-12-30 2020-06-05 航天信息股份有限公司 Business registration method and system based on block chain technology
CN111212074B (en) * 2020-01-02 2024-03-01 腾讯科技(深圳)有限公司 Blockchain-based qualification identification method, device, equipment and storage medium
CN111343249A (en) * 2020-02-14 2020-06-26 哈希未来(北京)科技有限公司 Data sharing method and device based on block chain system and storage medium
CN111448565B (en) * 2020-02-14 2024-04-05 支付宝(杭州)信息技术有限公司 Data authorization based on decentralised identification
CN111404896B (en) * 2020-03-06 2022-03-04 杭州云象网络技术有限公司 Non-central identity authentication method based on SGX
CN111429250A (en) * 2020-03-16 2020-07-17 普洛斯科技(重庆)有限公司 Data management method and device in escort scene
CN111459899B (en) * 2020-03-27 2024-06-07 中国平安人寿保险股份有限公司 Log sharing method and device and terminal equipment
CN111552676A (en) * 2020-04-26 2020-08-18 北京众享比特科技有限公司 Block chain based evidence storing method, device, equipment and medium
CN111523862B (en) * 2020-04-27 2024-02-23 广东电网有限责任公司培训与评价中心 Method and related equipment for acquiring talent data
CN111415162A (en) * 2020-04-29 2020-07-14 陈议尊 Transaction method and system based on block chain public chain
CN111475582B (en) * 2020-05-07 2023-05-09 广州欧科信息技术股份有限公司 Terminal equipment and cultural relic information processing method for accessing blockchain
CN111861686B (en) * 2020-06-12 2024-07-09 金财互联智链研究院(青岛)有限公司 Financial accounting method and system based on blockchain
CN111861688B (en) * 2020-06-12 2024-01-12 金财互联智链研究院(青岛)有限公司 Electronic tax registration method and system based on blockchain
CN111783154B (en) * 2020-07-03 2023-05-16 福建正孚软件有限公司 Old people electronic license generation method and system
CN111769941B (en) * 2020-07-15 2022-11-04 北京金山云网络技术有限公司 Business processing method and device and integrated business service system
CN112052434A (en) * 2020-07-30 2020-12-08 中国建设银行股份有限公司 Electronic file verification method and device, electronic equipment and readable storage medium
CN111985399A (en) * 2020-08-20 2020-11-24 重庆中科云从科技有限公司 Area monitoring method, system, machine readable medium and equipment based on biological feature recognition
CN114079578B (en) * 2020-08-21 2023-05-16 腾讯科技(深圳)有限公司 Login information processing method and device, storage medium and electronic equipment
CN112287361A (en) * 2020-09-11 2021-01-29 杭州鸽子蛋网络科技有限责任公司 Data governance method, system, electronic device and storage medium
CN112163191A (en) * 2020-09-15 2021-01-01 广东工业大学 Education resource sharing method and system based on national secret block chain
CN114430329B (en) * 2020-10-15 2024-03-19 中国移动通信集团浙江有限公司 Data authentication method, authentication side chain node and system
CN112261112B (en) * 2020-10-16 2023-04-18 华人运通(上海)云计算科技有限公司 Information sharing method, device and system, electronic equipment and storage medium
CN112380269B (en) * 2020-10-28 2022-03-22 杭州链城数字科技有限公司 Identity card information inquiry and evidence fixing and obtaining method based on block chain
CN112507352B (en) * 2020-11-30 2023-01-17 中国联合网络通信集团有限公司 Data sharing method and system based on block chain
CN112463749A (en) * 2020-12-03 2021-03-09 平安普惠企业管理有限公司 File sharing method, device, medium and electronic equipment
CN112491914B (en) * 2020-12-04 2022-06-24 山西特信环宇信息技术有限公司 Block chain bidirectional authentication method, communication method and system
CN112560093B (en) * 2020-12-17 2023-03-14 杭州趣链科技有限公司 File management method, device, equipment and storage medium based on block chain
CN112580075B (en) * 2020-12-17 2024-02-27 杭州趣链科技有限公司 Data sharing method, device, equipment and storage medium
CN112685721A (en) * 2020-12-23 2021-04-20 深圳供电局有限公司 Electric energy meter authority authentication method and device, computer equipment and storage medium
CN112307455B (en) * 2020-12-28 2021-10-22 支付宝(杭州)信息技术有限公司 Identity authentication method and device based on block chain and electronic equipment
CN112784228A (en) * 2021-01-05 2021-05-11 中交智运有限公司 Identity authentication method and system based on block chain
CN112862589B (en) * 2021-01-08 2024-04-23 北京金山云网络技术有限公司 Authentication method, device and system in financial scene
CN112765622B (en) * 2021-01-13 2024-04-16 中国外运股份有限公司 Digital certificate management method, device, equipment and medium for electronic bill of lading
CN112508578B (en) * 2021-02-04 2021-06-04 支付宝(杭州)信息技术有限公司 Resource transfer request verification and sending method and device based on block chain
CN112966304B (en) * 2021-03-15 2024-04-19 陕煤集团榆林化学有限责任公司 Tamper-proof method and device for flow document, computer equipment and medium
CN112989300A (en) * 2021-03-15 2021-06-18 京东数科海益信息科技有限公司 Digital identity information processing method and device and electronic equipment
CN112861090B (en) * 2021-03-18 2023-01-31 深圳前海微众银行股份有限公司 Information processing method, device, equipment, storage medium and computer program product
CN113469854A (en) * 2021-06-22 2021-10-01 光载互联(杭州)科技有限公司 Information sharing system and method, medium and electronic device
CN113468600B (en) * 2021-06-30 2023-04-28 建信金融科技有限责任公司 Data authorization method, device and equipment
CN113297625B (en) * 2021-07-23 2021-11-02 北京笔新互联网科技有限公司 Data sharing system and method based on block chain and electronic equipment
CN113765674B (en) * 2021-09-02 2024-02-09 杭州溪塔科技有限公司 Cross-platform registration method and device based on blockchain
CN113836592B (en) * 2021-09-07 2024-08-09 前海人寿保险股份有限公司 Data acquisition and delivery method, system, equipment and computer readable storage medium
CN113676492B (en) * 2021-09-26 2022-06-07 东南大学 Multi-protocol access airport internet of things data forwarding system
CN116167030A (en) * 2021-11-25 2023-05-26 华为技术有限公司 Information processing system, method, apparatus, and storage medium
CN114553432B (en) * 2022-01-28 2023-08-18 中国银联股份有限公司 Identity authentication method, device, equipment and computer readable storage medium
CN114338232B (en) * 2022-02-25 2024-07-23 中国人民解放军国防科技大学 Edge data sharing method and device and computer equipment
CN114760111B (en) * 2022-03-24 2024-06-14 标信智链(杭州)科技发展有限公司 File confidentiality method and file confidentiality device based on block chain
CN114866249B (en) * 2022-04-19 2024-02-20 立芯科技股份有限公司 Block chain-based lead sealing lock system with multiple groups of electronic tags and interaction method
CN115022820B (en) * 2022-05-31 2023-11-14 微位(深圳)网络科技有限公司 Verification method, terminal and system of 5G message
CN115189928B (en) * 2022-06-25 2023-10-17 中国人民解放军战略支援部队信息工程大学 Dynamic security migration method and system for password service virtual machine
CN115484065B (en) * 2022-08-18 2024-08-13 蚂蚁区块链科技(上海)有限公司 Identity verification method, device and equipment based on blockchain
CN115499138B (en) * 2022-11-16 2023-03-24 成都同步新创科技股份有限公司 High-performance storage tamper-proof verification method and storage system combined with block chain
CN115580495B (en) * 2022-12-09 2023-03-10 北京邮电大学 Data auditing method and device, electronic equipment and storage medium
CN115801815B (en) * 2023-02-03 2023-05-05 安徽中科晶格技术有限公司 Plant growth status sharing method and device based on blockchain and storage medium
CN115964733B (en) * 2023-03-15 2023-05-12 中国信息通信研究院 Block chain-based data sharing method and device, electronic equipment and storage medium
CN118157839B (en) * 2024-03-20 2024-08-20 人民数据管理(北京)有限公司 Public data operation authorization method and system based on people chain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108805573A (en) * 2018-04-21 2018-11-13 深圳市元征科技股份有限公司 A kind of Information Authentication method, server and storage medium
CN110060037A (en) * 2019-04-24 2019-07-26 上海能链众合科技有限公司 A kind of distributed digital identification system based on block chain

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018120121A1 (en) * 2016-12-30 2018-07-05 深圳前海达闼云端智能科技有限公司 Block chain permission control method, device, and node apparatus
CN107067255B (en) * 2017-02-27 2019-02-26 腾讯科技(深圳)有限公司 The treating method and apparatus of account in block chain
CN106936585B (en) * 2017-03-09 2020-04-17 布比(北京)网络技术有限公司 Method and system for splitting and combining information certificates of distributed data
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
EP3740890A4 (en) * 2018-01-19 2022-01-12 Nasdaq, Inc. Systems and methods of digital content certification and verification using cryptography and blockchain
CN108712259B (en) * 2018-05-02 2020-12-22 西南石油大学 Identity-based cloud storage efficient auditing method capable of uploading data by proxy

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108805573A (en) * 2018-04-21 2018-11-13 深圳市元征科技股份有限公司 A kind of Information Authentication method, server and storage medium
CN110060037A (en) * 2019-04-24 2019-07-26 上海能链众合科技有限公司 A kind of distributed digital identification system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链技术的高效跨域认证方案;周致成;《计算机应用》;20180329;全文 *

Also Published As

Publication number Publication date
CN110493220A (en) 2019-11-22

Similar Documents

Publication Publication Date Title
CN110493220B (en) Data sharing method and device based on block chain and storage medium
CN110519062B (en) Identity authentication method, authentication system and storage medium based on block chain
KR102054410B1 (en) Method for providing reward for delegating computing power for blockchain service management
US11018869B2 (en) Blockchain-based digital identity management (DIM) system
US9397838B1 (en) Credential management
CN101414909B (en) System, method and mobile communication terminal for verifying network application user identification
CN110826043B (en) Digital identity application system and method, identity authentication system and method
AU2017313687A1 (en) Dynamic cryptocurrency aliasing
US11550950B2 (en) Individual data unit and methods and systems for enhancing the security of user data
EP4178155A1 (en) Blockchain-based certification audit data sharing and integrity verification system, device, and method thereof
CN111552955A (en) Personal identity authentication method and device based on block chain and IPFS
CN112115205B (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
JP2023535013A (en) Quantum secure payment system
CN111325585B (en) Asset transfer method, device and computer readable storage medium
CN112448946A (en) Log auditing method and device based on block chain
Awalu et al. Development of a distributed blockchain evoting system
CN110674531A (en) Residence information management method, device, server and medium based on block chain
JP5413048B2 (en) Personal authentication system, personal authentication method
Perez et al. Improving end-to-end verifiable voting systems with blockchain technologies
CN109818965B (en) Personal identity verification device and method
Olaniyi et al. A Secure Electronic Voting System Using Multifactor Authentication and Blockchain Technologies
Shakiba et al. ESIV: an end-to-end secure internet voting system
Aitsam et al. Blockchain technology, technical challenges and countermeasures for illegal data insertion
Park et al. Secure device control scheme with blockchain in a smart home
KR101936941B1 (en) Electronic approval system, method, and program using biometric authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40016894

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant