CN110543784B - Big data resource open multi-party access control method based on block chain - Google Patents

Big data resource open multi-party access control method based on block chain Download PDF

Info

Publication number
CN110543784B
CN110543784B CN201910849562.6A CN201910849562A CN110543784B CN 110543784 B CN110543784 B CN 110543784B CN 201910849562 A CN201910849562 A CN 201910849562A CN 110543784 B CN110543784 B CN 110543784B
Authority
CN
China
Prior art keywords
data
access
block chain
party
contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910849562.6A
Other languages
Chinese (zh)
Other versions
CN110543784A (en
Inventor
崇志宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Jiangsu Fangtian Power Technology Co Ltd
Original Assignee
Southeast University
Jiangsu Fangtian Power Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University, Jiangsu Fangtian Power Technology Co Ltd filed Critical Southeast University
Priority to CN201910849562.6A priority Critical patent/CN110543784B/en
Publication of CN110543784A publication Critical patent/CN110543784A/en
Application granted granted Critical
Publication of CN110543784B publication Critical patent/CN110543784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A big data resource open multi-party access control method based on a block chain is characterized in that under open environments such as the Internet, a technical framework of a big data resource open multi-party access control system is divided into an inner layer and an outer layer; the open multi-party access control of big data resources is a data access interface in the inner layer of a technical framework, realizes a standard interface for data or resource access, realizes the isomerism of data and the storage and access of multiple modes, and ensures the horizontal expansibility and the access performance of a system; the inner layer provides data service; the outer layer is a data access control interception layer, and an authorization, responsibility and conflict resolution mechanism of data access is realized on the outer layer; the outer layer stores, tracks and verifies the access service of the data; the main body involved in the open multi-party access control of the big data resource based on the block chain comprises three parties including a data owner through data acquisition, storage and processing, a user of data access and a third-party related interest of the data.

Description

Big data resource open multi-party access control method based on block chain
Technical Field
The invention relates to a storage and access control method for big data of the Internet and the Internet of things, which is suitable for data access control and benefit protection and value transaction of the Internet background across organization boundaries.
Background
The development of internet and internet of things technology leads to large data resources with rapidly increasing scale, and a horizontally expandable large data system is adopted, including main representative systems such as HBASE and SPARK in a Mapreduce computing mode of a disk and a memory. The Apache Spark is a universal parallel framework of open-source Hadoop MapReduce-like, and Spark has the advantages of Hadoop MapReduce, but different from MapReduce, a Job intermediate output result can be stored in a memory, so that HDFS (Hadoop distributed file system) reading and writing is not needed, and Spark can be better suitable for MapReduce algorithms which need iteration, such as data mining, machine learning and the like.
Spark is an open source clustered computing environment similar to Hadoop, which is implemented in the Scala language, which uses Scala as its application framework. Unlike Hadoop, Spark and Scala can be tightly integrated, where Scala can manipulate distributed datasets as easily as manipulating local collection objects.
Meanwhile, the technical architecture relying on the block chain is required to define the right, obligation and rule of data access, maintain the consensus and consistency of data across organization boundaries and solve the conflict. The method has the advantages that migration of data from a private mode to a public mode is achieved through organic integration of a plurality of frameworks, the value of the data is achieved through the Internet, the rights and obligations of data resource owners, data resource users and related beneficiaries are protected, and the rights and obligations comprise multi-party authorization of access rights, multi-party monitoring of an access process and multi-party responsibility involved in access.
CN109543438A proposes a system for confirming identity information of a block chain based on big data, which includes a cloud storage module of the block chain and a user system; the block chain cloud storage module is used for storing various data information and identity information uploaded by a user on each block chain link point; the user system is used for enabling a user to upload data information and identity information to the block chain cloud storage module and regularly verify the identity information corresponding to the data information stored in the block chain cloud storage module.
CN108509514A proposes a big data analysis method based on block chain, which includes: judging the validity of data by the node and sending the valid data; receiving legal data and writing the legal data into a block chain; synchronizing the block chains by the nodes and obtaining legal data; and writing legal data into the block chain, wherein the legal data is written into the block chain in an index form.
The data is the influence of the objective world of the data on the information field, and the interest of multiple parties is involved in data acquisition, storage and access, including a subject for acquiring, storing and providing access service, a subject for accessing the data and an object for reflecting a content object by the data, and rights and obligations related to people and objects of third parties are involved by behavior data, health data and the like of people hidden in the data. The generation, use, and use of data in an open environment thus involves the benefits and obligations of multiple parties.
A big data analysis method based on a block chain generally comprises the steps that a node judges the legality of data and sends the legal data; receiving legal data and writing the legal data into a block chain; synchronizing the block chains by the nodes and obtaining legal data; and writing legal data into the block chain, wherein the legal data is written into the block chain in an index form. Wherein writing legal data into the blockchain in an index form comprises: obtaining an index value corresponding to legal data; the judging the validity of the data by the node comprises the following steps: generating a first address of a node, wherein the first address is a unique identifier for identifying the node by other nodes; generating a second address of the node, wherein the second address receives the first address and sends the first legal data; generating a third address of the node, wherein the third address receives the second address and sends second legal data; a preset first data verification condition is stored between the first address and the second address, and a preset second data verification condition is stored between the second address and the third address; the first legality means that the data meets a first data verification condition; the second legitimacy means that the data satisfies a second data verification condition. The first data verification condition is that the occupied space of the data is smaller than or equal to 1M, and the second data verification condition is whether the data format is in an index form.
Data generation, multi-party control protocols, rules, flows, defined by the blockchain. Particularly concerning the privacy protection requirements of the data objects, the revenue requirements of data acquisition and storage and processing, the access fees of the data users, and the limitation requirements of the dissemination. In the prior art, the storage and access control of big data are not considered to comprise two levels of contents: the data heterogeneity and multi-mode storage and access are realized in the inner layer, and the horizontal expansibility and the system access performance of the system are ensured; and the authorization, responsibility and conflict resolution mechanism of data access is realized at the outer layer. The block chain realizes consensus on the basis of identity authentication and tamper resistance based on cryptography, blocks Byzantine attacks of a few nodes, and realizes a definable data updating mechanism through contracts, so that access control of data writing and reading can be realized in an open environment, and the responsibility, obligation and flow of each party can be defined.
By means of heterogeneous multi-modal data modeling representation, expandability and performance optimization of a big data platform and combination of technical facilities of a block chain, big data storage and access caused by the Internet and the Internet of things are achieved, the expandability of processing is achieved, authorization, process control, responsibility and obligation programmatic definition of access and operation are achieved, and the basic technical method for data sharing, publishing, inquiring and recommending of big data in the Internet, the mobile Internet and the Internet of things in an open environment is achieved.
Disclosure of Invention
The invention aims to provide a big data resource open multi-party access control method based on a block chain, which not only meets the requirements on the safety of storage, storage and access control of big data, but also has a frame for realizing consensus and blocking few node attacks on the basis of decentralized of the block chain, identity authentication by adopting cryptography and tamper resistance; and a definable data updating mechanism is realized through contracts, so that the access control of data writing and reading can be realized in an open environment, and the responsibility, obligation and flow of each party can be defined.
The technical scheme of the invention is that a big data resource open multi-party access control method based on a block chain, under open environment such as Internet, the technical framework of the big data resource open multi-party access control system is divided into an inner layer and an outer layer (embodied by different program modules of the inner layer and the outer layer); the open multi-party access control of big data resources is a data access interface in the inner layer of a technical framework, realizes a standard interface for data or resource access, realizes the isomerism of data and the storage and access of multiple modes, and ensures the horizontal expansibility and the access performance of a system; the inner layer provides data service; the outer layer is a data access control interception layer, and an authorization, responsibility and conflict resolution mechanism of data access is realized on the outer layer; the outer layer stores, tracks and verifies the access service of the data;
the main body involved in the open multi-party access control of the big data resources based on the block chain comprises three parts, namely a data owner through data acquisition, storage and processing, a data access user and a third-party related interest of the data; the block chain is used as an infrastructure through an identity authentication, non-tampering and consensus mechanism, the block chain contract is combined to represent the interests and obligations of three parties, and programmable realization of the interests and obligations of the three parties is realized through contract deployment: the data owner comprises a data acquisition and storage party, has own control right on the data, needs an interface for issuing or sharing the data through the Internet, and simultaneously bears related rights and interests such as responsibility, income and the like. The users of the data include the subjects of typical application data generating value, and meanwhile, the users bear the cost and other related obligations of data use; the relevant stakeholders of the data comprise the subjects involved in the data content in the data acquisition and the privacy, income and other requirements of the subjects;
the information and the computing resources of the big data are on the nodes of the inner layer framework of the block chain; based on identity authentication, tamper resistance, consensus and contract of the block chain as basic technologies, rights, obligations, flow protocols and responsibilities are expressed as program description of block chain contract, and transparent implementation independent of a third party is achieved through a safety and consensus mechanism of the block chain;
the big data or other data management system provides an interface for local data access, the interface comprises data resources and an access interface, an access protocol is taken as a standard basis, and a blockchain is a programmable description framework basis for the right, obligation, flow and responsibility confirmation and execution of resource owners and users or other resource relatives;
the block chain is used as an agent layer and an access control layer of the multi-party different application main body control resources of the data resources; the consensus achieved by the different application main bodies of the data resources is represented as the contract consensus of the block chain, and the identity authentication, the non-tampering and the source tracing mechanism realized by the block chain depending on cryptography are realized, and the digitization of the rights, the obligations and the responsibilities of the different application main bodies of the data resources and the block chain calculation mode are realized;
the storage and access control of the big data resource of each of the three main bodies are as follows:
1) data owner (owner) part: issuing resource description, right of access authorization, obligation, agreement, responsibility and payment conditions, right content and result and responsibility; the issued data is stored in the blockchain and is used as a verifiable fact for data access control, and is synchronized to each participating node of the blockchain, so that a consensus of contents such as data access protocols, rules and the like which cannot be changed is formed; the data owner, namely the owner, describes the interface and the access protocol of the service through XML or RDF and expresses authorization, the protocol, the flow and the responsibility through a contract; the user issues the requirements and responsibilities described by XML or RDF and the service agreement procedure followed; the relevant stakeholders claim and can monitor whether the rights and interests are violated through rights and obligations and requirements of the process; the interface and access protocol of the service are described through XML or RDF, which can be freely selected by the system according to the protocol of the Internet or the self-defined protocol;
2) the data user part: a user of data access sends an access signal, and the access signal penetrates through a data access interface of the inner layer through interception and verification based on a block chain access interception layer; issuing the required data resource description, the access right, the obligation and responsibility and the flow requirement to the blockchain control layer, and achieving the consensus and the confirmation of the obligation and the qualification with other parties through the blockchain control layer;
3) the relevant stakeholder part of the data: issuing access limit and responsibility requirement for resources with right to the block chain control layer, and achieving common recognition that the block chain can not be tampered;
data owner: a control verification and access service request is made to the block link point; writing the collected, stored and processed data into the block chain nodes;
the data user: submitting identity identification, an access authority block chain certificate and query retrieval description to the block chain link points; the block chain link point returns access data, a block chain access record and a payment record;
and the third party object: the method comprises the steps of providing a request of interest control and privacy control to a block link point; the blockchain node returns the accessed record and the payment record.
The access flow is divided into three parts of initiation of an access request of an external visitor, access processing of a block chain and fault processing;
1) and (3) access request: the external access request is sent to a data visitor through a Q of an access function API, and comprises access content, a condition certificate and a failure processing mode; the access content can be described through keywords or SQL and SPARQL, and the mode is selected correspondingly according to the description of the access service interface; the conditional certificate proves that the identity authentication of the visitor and the access constraint are met, and the block chain certificate or the transaction number of the related block chain data or the mode of obtaining the block chain data is used for proving that the constraint condition is met; the failure processing requirement describes an authentication mode of failure or successful access and a processing mode after failure;
2) and (3) access processing: verifying that the access constraint meets the condition, and updating the data access state to start access according to the contract content defined by the rights and interests and obligations of the three parties; initiating access operation, including internal access operation or external operation, and setting access execution; the access service provider executes an operation, and sets an access state as execution start; after the execution is finished, sending back data, and updating the contract state into the execution end; the data accessor receives the data and sets an access ending state or a failure state;
3) failure treatment: the failure processing affirms the authentication content according to the contract access result to carry out failure confirmation, and the authentication method has two forms: (1) automatic authentication, such as timeout authentication; (2) other certifiable authentication means, such as authentication by the data owner or by the data recipient, also include authentication by a third party delegated by a contract; corresponding processing is carried out according to the processing content of the contract failure, and the general failure processing comprises several choices: 1) re-accessing; ending the access; indemnity terms, and the like.
Multi-party controlled data access three-party interaction relation
1. Data producer and access service: collecting, storing and accessing service; verifying the identity, authority and obeying rules of the visitor through the blockchain for the received service request, wherein the rules include third party limitation set by a third party on data, reading the data of the access request passing the verification and writing the data into an access file record, verifying the received access record through the blockchain, and performing related benefit or transaction payment; confirming according to the agreement of the three-party main body and through the rule expressed by the intelligent contract;
2. the data user: reading data access control through the blockchain, producing and sorting blockchain certificates meeting the access authority, and sending the blockchain certificates and the access content requests to an access service;
3. block chains: and controlling the access records in a rights and contract expression form, verifying rights and obligations meeting requirements of multiple parties, and performing benefit transfer or payment. Advertising access rights and obligation status changes by sending transaction information to the parties involved;
4. relevant third parties to the data: the right of the data related to interest is declared, the definition of control and access is carried out on the data related to interest, and the third-party right control of the data is realized through the confirmation of a data producer; confirming according to rules agreed by the three parties;
the application process based on the blockchain access control framework comprises three-party interests and obligations expressed by blockchain contracts, description of the process, process of data operation, failure and conflict processing:
the method has the advantages that the storage and access control of the big data specifically comprise two levels of contents, not only meets the requirements on the safety of the storage, storage and access control of the big data, but also has a framework of realizing consensus and blocking few node attacks on the basis of decentralized block chain, identity authentication by cryptography and tamper resistance; the data heterogeneity and multi-mode storage and access are realized in the inner layer of the technical framework, and the horizontal expansibility and the system access performance of the system are ensured; and the authorization, responsibility and conflict resolution mechanism of data access is realized at the outer layer. The block chain realizes consensus on the basis of identity authentication and tamper resistance based on cryptography, blocks Byzantine attacks of a few nodes, and realizes a definable data updating mechanism through contracts, so that access control of data writing and reading can be realized in an open environment, and the responsibility, obligation and flow of each party can be defined.
Drawings
FIG. 1 is a representative abstract block diagram of a multi-party interested party of the present invention;
FIG. 2 is a block chain-based architecture diagram of a big data resource open multi-party access system according to the present invention;
FIG. 3 is a three-party interactive relationship diagram for data access controlled by multiple parties in accordance with the present invention;
FIG. 4 illustrates the intelligent contract structure primary content of the present invention;
FIG. 5 is a flow chart of access in the process of the present invention;
fig. 6 is a transition process of the access state of fig. 5.
FIG. 7 is a relationship diagram of three parties of the present invention;
FIG. 8 is a specific flow chart of the present invention.
Detailed Description
The big data or other data management system provides an interface for local data access, and comprises a data resource and an access interface, and a programmable description framework basis which is based on the standard of an access protocol and represents the rights, obligations, flow and responsibility affirmation and execution of a resource owner and a user or other resource relatives in a block chain. A typical abstract description of a suitable multi-party interested party is shown in FIG. 1: owners, users and related stakeholders who aggregate resources around computing, storage, information, etc. resources all have different dimensions, levels of claims, obligation constraints and responsibilities. At the same time, their interaction requires programmable protocol and flow representation and execution.
A typical abstract description of a suitable multi-party interested party is shown in FIG. 1: owners, users and related stakeholders who aggregate resources around computing, storage, information, etc. resources all have different dimensions, levels of claims, obligation constraints and responsibilities. At the same time, their interaction requires programmable protocol and flow representation and execution. Different application entities of a multi-party data resource own different rights, obligations and operational requirements of the data, and key entities are abstracted to the owner, user and stakeholder of the resource.
Different application entities of a multi-party data resource own different rights, obligations and operational requirements of the data, and key entities are abstracted to the owner, user and stakeholder of the resource. The data owner comprises a data acquisition and storage party, has own control right on the data, needs an interface for issuing or sharing the data through the Internet, and simultaneously bears related rights and interests such as responsibility, income and the like. The user of the data includes the body of value for the typical application data, while bearing the cost and other related obligations of data usage. The relevant stakeholders of the data include the subjects involved in the data content of the data collection and their privacy, revenue, etc. claims.
The technical scheme adopted by the invention for solving the technical problems is as follows: a large data resource open multi-party access control method and system based on a block chain are disclosed, wherein rights, obligations, flow protocols and responsibilities are expressed as program description of block chain contract based on identity authentication, tamper resistance, consensus and contract of the block chain as basic technologies, and transparent implementation independent of a third party is achieved through a safety and consensus mechanism of the block chain.
The system architecture diagram is shown in fig. 2: the large data resource open multi-party access system based on the block chain takes the block chain as an agent layer and an access control layer of multi-party different application main body control resources of the data resources; the consensus achieved by the different application main bodies of the data resources is represented as the contract consensus of the block chain, and the identity authentication, the non-tampering and the source tracing mechanism realized by the block chain depending on cryptography are realized, and the digitization of the rights, the obligations and the responsibilities of the different application main bodies of the data resources and the block chain calculation mode are realized. The information and the computing resources of the big data are on the nodes of the inner layer framework of the block chain;
the access control technology framework under the open environment such as the internet is divided into an inner layer and an outer layer, the inner layer is a data access interface and a standard interface for realizing data or resource access, the outer layer is a data access control interception layer, access is sent from a user, and the access penetrates through the data access interface of the inner layer through interception and verification based on the block chain access interception layer. The inner layer provides data service, the outer layer stores, tracks and verifies the access service of the data, the main process of each main body is described as follows:
1) data owner (owner) part: issuing resource descriptions, rights to access authorizations, obligations, agreements,
Conditions such as responsibility and payment, rights content and outcome and responsibility. The issued data is stored in the blockchain part as a verifiable fact of data access control and is synchronized to each participating node of the blockchain, so that a consensus of contents such as data access protocols, rules and the like which cannot be changed is formed.
2) The data user part: the block chain is issued with the required resource description, the access right, the responsibility and the flow requirement, and the consensus and the right of each party main body and the confirmation of the obligation are achieved through the block chain control layer.
3) The relevant stakeholder part of the data: access restrictions and responsibility requirements for owning the rights resource are issued to the blockchain control layer and a consensus that it is not possible to tamper is achieved through the blockchain.
The data owner, namely the owner, describes the interface and the access protocol of the service through XML or RDF and expresses authorization, the protocol, the flow and the responsibility through a contract; the user issues the requirements and responsibilities described by XML or RDF and the service agreement procedure followed; the relevant stakeholders claim and can monitor whether the benefits are violated by rights and obligations and by the requirements of the process.
The structure diagram of the data access three-party interaction relationship controlled by multiple parties is shown in fig. 3:
1. data producer and access service: collecting, storing, accessing service. And verifying the identity, authority and obeying rules of the visitor through the blockchain for the received service request, wherein the rules comprise third party limits set by a third party on data, reading the data of the access request passing the verification and writing the data into an access file record, and verifying the received access record through the blockchain and carrying out related benefit or transaction payment.
2. The data user: and through the access control of the data read by the blockchain, producing and sorting blockchain certificates meeting the access authority and sending the blockchain certificates and the access content requests to the access service.
3. Block chains: and controlling the access records in a rights and contract expression form, verifying rights and obligations meeting requirements of multiple parties, and performing benefit transfer or payment. By sending transaction information to the parties involved, changes in access rights and obligations status are announced.
4. Relevant third parties to the data: and the right declaration is carried out on the data related to the interest, the definition of control and access is carried out on the data related to the interest, and the third-party right control of the data is realized through the confirmation of a data producer.
The application process based on the block chain access control framework comprises three-party interest and obligation expressed by a block chain contract, description of the process, the process of data operation, failure and conflict processing:
three-party subject rights and obligations are expressed and issued:
1) offline three-party benefit right and obligation civil contract signing and block chain publishing
2) The block chain intelligent contract is manually compiled from a civil contract and represents rights, obligations and manifolds and rules by three parts: 1. a data access constraint of the contract; 2. a data access operation of the contract; 3. a data access conflict or a failover protocol for a contract. The right obligation, the access rule and the flow are realized by three parts of access condition, access operation and conflict and combined with the state machine characteristic of the contract.
The intelligent contract representation structure comprises (as shown in FIG. 4):
a) data operating conditions
i. Authentication or derived blockchain credentials
Payment credentials
Operating mode constraints
Contract access failure status (as in FIG. 4)
b) Operation of
i. Validating operation constraint operations
Contract State transition operation
Space of blockchain internal data operations
Blockchain external operating space: issues external data access requests and attaches associated blockchain transaction numbers that satisfy access constraints
c) Conflict or fault resolution protocol
i. Authentication conflicts or failures and information access delay timeouts, information loss credentials
Executing a conflict and failover contract according to a failure protocol
1. Access control
a) Verifying access constraints
b) Issuing external access credentials and attestation credentials to satisfy access constraints
c) Waiting for access fulfillment credentials and attestation credentials
d) The contract state is changed to indicate successful or failed access of the contract and access procedure state.
2. Conflict resolution
Conflicts include access failures, network delays
a) Access conflict credentials
i. Failure voucher
Network delay credentials
b) Failure resolution on visitor demand
i. Re-access
ii, or abandoning the access
c) Block chain fault state modification
(II) data manipulation Processes and State transitions
The access flow is divided into three parts, namely initiation of an access request by an external visitor, access processing of a blockchain and fault processing, as shown in fig. 5.
And (3) access request: the external access request is made by the data accessor through the Q (content, conditional voucher, failure handling mode) of the access function API, where the content can be described by keyword or SQL and SPARQL for access to the content. Selecting a corresponding mode according to the description of the access service interface; the conditional certificate proves that the identity authentication of the visitor and the access constraint are met, and the block chain certificate or the transaction number of the related block chain data or the mode of obtaining the block chain data is used for proving that the constraint condition is met; the failure processing requirement describes an authentication mode of failure or successful access and a processing mode after failure;
and (3) access processing: verifying that the access constraint meets the condition, and updating the data access state to start access according to the contract content defined by the rights and interests and obligations of the three parties; initiating access operation, including internal access operation or external operation, and setting access execution; the access service provider executes an operation, and sets an access state as execution start; after the execution is finished, sending back data, and updating the contract state into the execution end; and the data visitor receives the data and sets an access ending state or a failure state. The transition process of the access state is thus as shown in fig. 6:
failure treatment: the failure processing affirms the authentication content according to the contract access result to carry out failure confirmation, and generally, there are two types of authentication modes: 1) automatic authentication, such as timeout authentication; 2) other certifiable authentication means, such as authentication by the data owner or by the data recipient, also include authentication by a third party delegated by a contract; corresponding processing is carried out according to the processing content of the contract failure, and the general failure processing comprises several choices: 1) re-accessing; ending the access; indemnity terms, and the like.
Application examples
Cell elevator maintenance scenario: the property has elevator operation record data and a fault repair user request, and elevator maintenance requirements including requirements of fault preliminary judgment, maintenance price, maintenance personnel qualification and the like are issued through a block chain. And dispatching maintenance personnel to the site for maintenance by the elevator maintenance company according to the query maintenance requirements and the requirements of maintenance fault types, maintenance personnel qualification and the like. The cell property company checks maintenance constraints such as qualification of maintenance personnel and checks and confirms whether the maintenance is successful, and pays a fee or re-requests maintenance to dispatch new personnel or changes the reason of maintenance failure. Three-party relationships are represented and enforced by two contracts: 1. maintaining a subject contract; 2. an execution contract is maintained. The relationship that they collectively define three parties is shown in FIG. 7: the specific process is shown in FIG. 8.
The multi-party agent and conflict resolution mechanism in this case:
1. property company's resource owner role: and collecting the elevator running record and the fault information, judging the fault type through local computing resources, and generating a maintenance requirement.
2. Data user role of elevator maintenance company: querying for maintenance needs and maintenance constraints.
3. Relative beneficiary role of maintenance personnel: the personnel performing the particular maintenance need to obtain the costs from the maintenance activities, and the benefit distribution principles are divided according to the cost distribution proportions previously agreed with the maintenance company.
4. And (3) conflict resolution: after the maintenance personnel arrive at the site, the maintenance personnel need to change the fault type and the charging standard according to the grasped new information, request the property company to confirm on the site, and change the maintenance type, the maintenance task target and the charging confirmation.

Claims (2)

1. A big data resource open multi-party access control method based on a block chain is characterized in that under the open environment of the Internet, a technical framework of a big data resource open multi-party access control system is divided into an inner layer and an outer layer; the open multi-party access control of big data resources is a data access interface in the inner layer of a technical framework, realizes a standard interface for data or resource access, realizes the isomerism of data and the storage and access of multiple modes, and ensures the horizontal expansibility and the access performance of a system; the inner layer provides data service; the outer layer is a data access control interception layer, and an authorization, responsibility and conflict resolution mechanism of data access is realized on the outer layer; the outer layer stores, tracks and verifies the access service of the data;
the main body involved in the open multi-party access control of the big data resources based on the block chain comprises three parts, namely a data owner through data acquisition, storage and processing, a data access user and a third-party related interest of the data; the block chain is used as an infrastructure through an identity authentication, non-tampering and consensus mechanism, represents the interests and obligations of three parties in combination with the block chain contract, and realizes the programmable three-party interests and obligations through contract deployment: the data owner comprises a data acquisition and storage party, has own control right on the data, needs an interface for issuing or sharing the data through the Internet, and simultaneously bears responsibility and income related rights and interests; the users of the data include the subjects of typical application data generating value, and meanwhile, the users bear the cost and other related obligations of data use; relevant stakeholders of the data include the subjects involved in the data content in the data collection and their privacy, revenue claims;
the information and the computing resources of the big data are on the nodes of the inner layer framework of the block chain; based on identity authentication, tamper resistance, consensus and contract of the block chain as basic technologies, rights, obligations, flow protocols and responsibilities are expressed as program description of block chain contract, and transparent implementation independent of a third party is achieved through a safety and consensus mechanism of the block chain;
the big data or other data management system provides an interface for local data access, the interface comprises data resources and an access interface, an access protocol is taken as a standard basis, and a blockchain is a programmable description framework basis for the right, obligation, flow and responsibility confirmation and execution of resource owners and users or other resource relatives;
the block chain is used as an agent layer and an access control layer of the multi-party different application main body control resources of the data resources; the consensus achieved by the different application main bodies of the data resources is represented as the contract consensus of the block chain, and the identity authentication, the non-tampering and the source tracing mechanism realized by the block chain depending on cryptography are realized, and the digitization of the rights, the obligations and the responsibilities of the different application main bodies of the data resources and the block chain calculation mode are realized;
the storage and access control of the big data resource of each of the three main bodies are as follows:
1) data owner section: publishing resource descriptions, rights to access authorizations, obligations, agreements, obligations and conditions of payment, rights content and results and obligations; the issued data is stored in the block chain and is used as a verifiable fact for data access control, and is synchronized to each participating node of the block chain, so that a common recognition of a data access protocol and rule contents which cannot be changed is formed; the data owner, namely the owner describes the interface and the access protocol of the service through XML or RDF, and expresses authorization, the protocol, the flow and the responsibility through a contract; the user issues the requirements and responsibilities described by XML or RDF and the service agreement procedure followed; the relevant stakeholders claim and can monitor whether the rights and interests are violated through rights and obligations and requirements of the process; the interface and the access protocol of the service are described through XML or RDF, which is freely selected by the system according to the protocol of the Internet or the self-defined protocol;
2) the data user part: a user of data access sends an access signal, and the access signal penetrates through a data access interface of the inner layer through interception and verification based on a block chain access interception layer; issuing the required data resource description, the access right, the obligation and responsibility and the flow requirement to the blockchain control layer, and achieving the consensus and the confirmation of the obligation and the qualification with other parties through the blockchain control layer;
3) the relevant stakeholder part of the data: issuing access limit and responsibility requirement for resources with right to the block chain control layer, and achieving common recognition that the block chain can not be tampered;
data owner: a control verification and access service request is made to the block link point; writing the collected, stored and processed data into the block chain nodes;
the data user: submitting identity identification, an access authority block chain certificate and query retrieval description to the block chain link points;
the block chain link point returns access data, a block chain access record and a payment record;
and the third party object: the method comprises the steps of providing a request of interest control and privacy control to a block link point;
the blockchain node returns the accessed record and the payment record.
2. The method for controlling the open multi-party access to the big data resource based on the block chain as claimed in claim 1, wherein the access process is divided into three parts, namely initiation of an access request of an external visitor, access processing of the block chain and fault processing;
1) and (3) access request: the external access request is sent to a data visitor through a Q of an access function API, and comprises access content, a condition certificate and a failure processing mode; the access content is described through keywords or SQL and SPARQL, and the mode is selected correspondingly according to the description of the access service interface; the conditional certificate proves that the identity authentication of the visitor and the access constraint are met, and the block chain certificate or the transaction number of the related block chain data or the mode of obtaining the block chain data is used for proving that the constraint condition is met; the failure processing requirement describes an authentication mode of failure or successful access and a processing mode after failure;
2) and (3) access processing: verifying that the access constraint meets the condition, and updating the data access state to start access according to the contract content defined by the rights and interests and obligations of the three parties; initiating access operation, including internal access operation or external operation, and setting access execution; the access service provider executes an operation, and sets an access state as execution start; after the execution is finished, sending back data, and updating the contract state into the execution end; the data accessor receives the data and sets an access ending state or a failure state;
3) failure treatment: the failure processing affirms the authentication content according to the contract access result to carry out failure confirmation, and has two forms of authentication modes: (1) automatic authentication and overtime authentication; (2) other certifiable authentication means, either by the data owner or by the data recipient, including authentication by a third party delegated by a contract; and performing corresponding processing according to the processing content of the contract failure: failure handling includes several options: 1) re-accessing; ending the access; and (5) processing indemnity terms.
CN201910849562.6A 2019-09-09 2019-09-09 Big data resource open multi-party access control method based on block chain Active CN110543784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910849562.6A CN110543784B (en) 2019-09-09 2019-09-09 Big data resource open multi-party access control method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910849562.6A CN110543784B (en) 2019-09-09 2019-09-09 Big data resource open multi-party access control method based on block chain

Publications (2)

Publication Number Publication Date
CN110543784A CN110543784A (en) 2019-12-06
CN110543784B true CN110543784B (en) 2022-06-07

Family

ID=68713004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910849562.6A Active CN110543784B (en) 2019-09-09 2019-09-09 Big data resource open multi-party access control method based on block chain

Country Status (1)

Country Link
CN (1) CN110543784B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881472B (en) * 2020-07-22 2024-04-26 云账户技术(天津)有限公司 Data access control method, system, authority management system and medium
CN113242230B (en) * 2021-05-07 2022-09-06 中国科学技术大学 Multi-level authentication and access control system and method based on intelligent contracts

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737348A (en) * 2017-04-21 2018-11-02 中国科学院信息工程研究所 A kind of internet of things equipment access control method of the intelligent contract based on block chain
CN109871669A (en) * 2019-03-14 2019-06-11 哈尔滨工程大学 A kind of data sharing solution based on block chain technology
CN110049066A (en) * 2019-05-23 2019-07-23 中国科学院软件研究所 A kind of resource access authorization method based on digital signature and block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737348A (en) * 2017-04-21 2018-11-02 中国科学院信息工程研究所 A kind of internet of things equipment access control method of the intelligent contract based on block chain
CN109871669A (en) * 2019-03-14 2019-06-11 哈尔滨工程大学 A kind of data sharing solution based on block chain technology
CN110049066A (en) * 2019-05-23 2019-07-23 中国科学院软件研究所 A kind of resource access authorization method based on digital signature and block chain

Also Published As

Publication number Publication date
CN110543784A (en) 2019-12-06

Similar Documents

Publication Publication Date Title
US20230119636A1 (en) Blockchain methods, nodes, systems and products
KR102288045B1 (en) Method and apparatus for managing subject data based on blockchain
Diallo et al. eGov-DAO: A better government using blockchain based decentralized autonomous organization
Peng et al. Blockchain for vehicular Internet of Things: Recent advances and open issues
Song et al. A supply-chain system framework based on internet of things using blockchain technology
Vatankhah Barenji A blockchain technology based trust system for cloud manufacturing
Mukne et al. Land record management using hyperledger fabric and ipfs
CN109472605A (en) A kind of mathematic for business capitalization management method and system based on block chain
Adel et al. Decentralizing construction AI applications using blockchain technology
CN112883116A (en) Supply chain finance AI DaaS algorithm warehouse platform based on block chain
Yadav et al. Blockchain-based digitization of land record through trust value-based consensus algorithm
US20200058163A1 (en) System and Method for Mapping a Virtual Building Model
CN110543784B (en) Big data resource open multi-party access control method based on block chain
Anthony Jr Deployment of distributed ledger and decentralized technology for transition to smart industries
CN111177766B (en) Block chain management system and management method applied to pipeline integrity management
Kumar et al. Decentralized storage of educational assets using NFTs and blockchain technology
Anthony Jnr A developed distributed ledger technology architectural layer framework for decentralized governance implementation in virtual enterprise
Nguyen et al. Towards blockchainizing land valuation certificate management procedures in Vietnam
Al-Madani et al. Implications of blockchain deployment in energy supply chain management: report integrity
Cao et al. Cross-chain data traceability mechanism for cross-domain access
US20200364709A1 (en) Networked Computer System for Multi-Party Payment Distribution and Pricing
KR102525193B1 (en) Method and apparatus for blockchain-based copyright management
CN110599384A (en) Organization relation transfer method, device, equipment and storage medium
Shahaab et al. A hybrid blockchain implementation to ensure data integrity and interoperability for public service organisations
Bhardwaj et al. Applications of blockchain in various domains

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant