CN110610101A

CN110610101A - Data storage method, device, equipment and storage medium

Info

Publication number: CN110610101A
Application number: CN201910874810.2A
Authority: CN
Inventors: 刘晓赫
Original assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Current assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Priority date: 2019-09-17
Filing date: 2019-09-17
Publication date: 2019-12-24

Abstract

The application discloses a data evidence storing method, a data evidence storing device, data evidence storing equipment and a data evidence storing storage medium, and relates to the technical field of block chains. The specific implementation scheme is as follows: when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, uploading the encrypted data to be stored to an out-of-link storage network, and obtaining an out-of-link storage identifier of the data to be stored; encrypting the storage key based on the account information of the data provider to generate a query key; and generating a data storage transaction request based on the out-of-link storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to the blockchain network, so that the blockchain nodes handle the data storage transaction request and uplink stores the data in the data storage transaction request. The embodiment of the application realizes decentralized storage of the data, improves the storage efficiency, reduces the storage cost, defines the attribution authority of the stored data and improves the safety of data storage.

Description

Data storage method, device, equipment and storage medium

Technical Field

The present application relates to computer technology, and more particularly, to the field of blockchain technology.

Background

The decentralized management technology meets the requirement of safer, more reliable and more controllable storage in a more decentralized network environment.

It is common in the art to use an open blockchain such as an etherhouse to store management data as an uplink of extra data for intra-block transactions. However, the above method has low storage efficiency and very high cost, and cannot store large files such as pictures and videos.

Disclosure of Invention

The embodiment of the application provides a data storage method, a device, equipment and a storage medium, which are used for improving the storage efficiency, reducing the storage cost and improving the safety of data storage in the process of decentralized data management.

In a first aspect, the present application provides a data storage method, applied to a client, including:

when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, and uploading the encrypted data to be stored to an out-of-link storage network to obtain an out-of-link storage identifier of the data to be stored;

encrypting the storage key based on the account information of the data provider to generate a query key;

and generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to a blockchain network, so that the blockchain nodes process the data storage transaction request and uplink data in the data storage transaction request is stored.

When a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, and uploading the encrypted data to be stored to an out-of-link storage network to obtain an out-of-link storage identifier of the stored data; encrypting the storage key based on the account information of the data provider to generate a query key; and generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to the blockchain network, so that the blockchain nodes process the data storage transaction request and uplink stores the data in the data storage transaction request. According to the technical scheme, the data to be stored is stored in the data main body through the off-chain storage network, and the mode of storing the associated information by combining the block chain is combined, so that the data is stored in a decentralized mode, the storage efficiency is improved, and the storage cost is reduced; meanwhile, the attribution authority of the stored data is determined by a storage mode combining the storage key and the block chain account, and the safety of data storage is improved.

Optionally, the method further includes:

when a data authorization instruction triggered by a data provider is detected, account information of an authorization applicant of data to be authorized is obtained;

and generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to a blockchain network, so that the blockchain nodes execute the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a blockchain in an associated manner.

In an optional implementation manner of the foregoing application, when a data authorization instruction triggered by a data provider is detected, account information of an authorized applicant of data to be authorized is obtained, and a data authorization transaction request is generated based on the account information of the authorized applicant and transmitted to a blockchain network, so that a blockchain node executes the data authorization transaction request, and stores data in the data authorization transaction request and the data to be authorized in a blockchain in an associated manner, so as to grant a usage right of the data to be authorized by the authorized applicant, thereby achieving a purpose of data sharing.

Optionally, before generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to the blockchain network, the method further includes:

acquiring a query key of data to be authorized from a block chain, and decrypting the acquired query key of the data to be authorized based on an account private key of the data provider to obtain a storage key of the data to be authorized;

based on the account information of the authorized application party, encrypting the storage key of the data to be authorized again;

correspondingly, generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to the blockchain network comprises the following steps:

and generating a data authorization transaction request based on the re-encrypted storage key and the account information of the authorization application party, and transmitting the data authorization transaction request to the blockchain network.

In an optional implementation manner of the foregoing application, before generating a data authorization transaction request based on account information of an authorization applicant and transmitting the data authorization transaction request to a blockchain network, obtaining an inquiry key of data to be authorized from a blockchain, decrypting the inquiry key based on an account private key of a data provider to obtain a storage key, re-encrypting the storage key based on account information of the authorization applicant, and generating a data authorization transaction request based on the re-encrypted storage key and the account information of the authorization applicant, so as to directly associate the account information of the authorization applicant with encrypted information of the data to be authorized, thereby facilitating subsequent direct processing of the authorization applicant on the data to be authorized.

Optionally, before generating a data storage transaction request based on the off-link storage identifier, the account information of the data provider, and the query key, the method further includes:

extracting fingerprint information of the data to be stored to obtain fingerprint data;

correspondingly, generating a data storage transaction request based on the off-link storage identifier and the account information of the data provider, including:

and generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the fingerprint data.

In an optional implementation manner of the above application, by extracting the fingerprint data of the data to be stored and embodying the fingerprint data in the data storage transaction request, a foundation is laid for subsequent verification of the correctness of the data to be stored based on the fingerprint data.

Optionally, the method further includes:

when a request authorization instruction triggered by an authorization applicant is detected, an authorization application transaction request is generated based on account information of the authorization applicant and account information of a data provider of data to be authorized and is transmitted to a blockchain network, so that blockchain nodes process the authorization application transaction request and send the account information of the authorization applicant to the data provider of the data to be authorized.

In an optional implementation manner of the application, when a request authorization instruction triggered by an authorization applicant is detected, an authorization application transaction request is generated based on account information of the authorization applicant and account information of a data provider of data to be authorized, so that the data provider is requested to provide account information of the authorization applicant by means of a blockchain, a foundation is laid for the data provider to grant a use permission of the data to be authorized to the authorization applicant, and a convenience is provided for unified management of data stored outside a chain by migrating an account information sending process to a blockchain network.

Optionally, before generating an authorization application transaction request based on the account information of the authorization application party and the account information of the data provider of the data to be authorized and transmitting the authorization application transaction request to the blockchain network, the method further includes:

when a data query request generated by an authorized applicant is detected, a data query transaction request is generated based on a query identifier of data to be authorized and is transmitted to a blockchain network, so that the blockchain nodes process the data query transaction request, account information of a data provider of the data to be authorized is obtained, and the account information is fed back to the authorized applicant.

In an optional implementation manner of the application, before an authorization application transaction request is generated based on account information of an authorization application party and account information of a data provider, an acquisition operation of the account information of the data provider is added, so that the on-chain acquisition of the account information of the data provider is realized, and by migrating an account information query process to a block chain network, convenience is provided for unified management of off-chain storage data.

Optionally, the generating a data query transaction request based on the data to be authorized and transmitting the data query transaction request to the blockchain network further includes:

generating a data query transaction request based on the data to be authorized and transmitting the data query transaction request to a blockchain network so that blockchain nodes process the data query transaction request and acquire and feed back storage association information of the data to be authorized; the storage association information comprises an off-chain storage identifier of the to-be-authorized data and a query key which is provided by the data provider and corresponds to the to-be-authorized account;

searching the data to be authorized in an out-of-chain storage network based on the out-of-chain storage identifier of the data to be authorized;

decrypting the obtained query key by using the account private key of the authorization applicant to obtain a storage key of the data to be authorized;

and decrypting the acquired data to be authorized based on the acquired storage key.

In an optional implementation manner of the foregoing application, when a data query transaction request is generated to acquire account information of a data provider, storage association information of data to be authorized may be acquired, so that the data to be authorized is acquired and decrypted from an off-link storage network through the storage association information, acquisition of the data to be authorized is achieved, verification of existence of the data to be authorized is achieved, a verification mechanism of the data to be authorized is perfected, and convenience is provided for unified management of the off-link storage data by adding relevant data of existence verification to a blockchain network.

Optionally, the storage association information further includes fingerprint data of the data to be authorized;

correspondingly, after decrypting the acquired data to be authorized based on the obtained storage key, the method further includes:

and extracting the fingerprint data of the data to be authorized, and verifying the correctness of the data to be authorized based on the extracted fingerprint data and the acquired fingerprint data.

In an optional implementation manner of the above application, by acquiring the fingerprint data of the data to be authorized and verifying the correctness of the data to be authorized based on the acquired fingerprint data of the data to be authorized, the verification mechanism of the data to be authorized is further improved, and by adding the data required in the correctness verification process to the blockchain network, convenience is provided for unified management of data stored outside the chain.

In a second aspect, an embodiment of the present application further provides a data evidence storing method, applied to a blockchain node, including:

receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored;

processing the data storage transaction request, and storing the data uplink in the data storage transaction request;

the inquiry key is generated by encrypting a storage key based on the account information of the data provider, and the storage key is used for encrypting data to be stored in an out-of-link storage network.

According to the method and the device, the data storage transaction request which is sent by the data provider and contains the off-link storage identifier corresponding to the to-be-stored data stored in the off-link storage network, the account information of the data provider and the query key obtained by encrypting the storage key through the account information of the data provider is received, the data storage transaction request is processed, and then the associated information of the to-be-stored data is linked and stored, so that the effects of storing the associated information on a main body of the off-link storage data and the link are achieved, the decentralized storage of the data is achieved, the storage efficiency of the data is improved, and the data storage cost is reduced; meanwhile, the attribution authority of the stored data is determined by a storage mode combining the storage key and the block chain account, and the safety of data storage is improved.

Optionally, the method further includes:

receiving a data authorization transaction request sent by a data provider; the data authorization transaction request comprises account information of an authorization applicant;

and processing the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a block chain in an associated manner.

In an optional implementation manner of the above application, by receiving and processing a data authorization transaction request including account information of an authorized applicant, management and storage of the account information of the authorized applicant and data to be authorized in a block chain are realized, so that a use permission of the data to be authorized of the authorized applicant is granted by means of the block chain network, a purpose of data sharing is achieved, and meanwhile, by migrating an authorization process to the block chain network, unified management of data stored outside the chain is facilitated.

Optionally, the data authorization transaction request further includes a storage key provided by the data provider and encrypted based on the account information of the authorization applicant.

In an optional implementation manner of the above application, a storage key obtained by encrypting account information of an authorized applicant provided by a data provider is added to a data granting transaction request, so that the authorized applicant can directly obtain authorized data from an off-link storage network according to a private key of its own account, and management of the authorized data by the authorized applicant is facilitated.

Optionally, the data storage transaction request further includes fingerprint data of the data to be stored, and the fingerprint data is obtained by extracting, by a data provider, fingerprint information of the data to be stored.

In an optional implementation manner of the foregoing application, by adding the fingerprint data of the data to be stored, which is extracted by the data provider, to the data storage transaction request, a foundation is laid for subsequent verification of the correctness of the data to be stored based on the fingerprint data.

Optionally, the method further includes:

receiving an authorized application transaction request sent by an authorized application party, wherein the authorized application transaction request comprises account information of the authorized application party and account information of the data provider;

and processing the authorization application transaction request so as to send account information of the authorization application party to a data provider corresponding to the data to be authorized.

In an optional implementation manner of the above application, by receiving and processing an authorization application transaction request including account information of an authorization application party and account information of a data provider, the data provider is requested to provide the account information of the authorization application party by means of a blockchain, so that the data provider can grant the authorization application party the use right of the data to be authorized, and by migrating the account information sending process to a blockchain network, unified management of data stored outside the chain is facilitated.

Optionally, before receiving the request for the authorized application transaction sent by the authorized application party, the method further includes:

receiving a data query transaction request sent by an authorized application party, wherein the data query transaction request comprises a query identifier of data to be authorized;

and processing the data query transaction request to acquire and feed back account information of a data provider corresponding to the data to be authorized according to the query identifier of the data to be authorized.

In an optional implementation manner of the above application, before receiving an authorization application transaction request sent by an authorization application party, receiving and processing a data query transaction request including a query identifier with authorization data is performed, so that account information of a data provider is queried by means of a blockchain network, a foundation is laid for granting a use permission to the authorization application party for the data provider for the data to be authorized, and convenience is provided for unified management of data stored outside a chain by migrating an account query process to the blockchain network.

Optionally, processing the data query transaction request further includes:

processing the data query transaction request to acquire storage association information of the data to be authorized; the storage association information comprises an out-of-link storage identifier and a storage key encrypted based on account information of the authorized application party;

and feeding back the storage association information of the data to be authorized to an authorization application party so that the authorization application party searches the encrypted data to be authorized in an off-link storage network based on the off-link storage identifier and decrypts the acquired data to be authorized based on a storage key in the storage association information.

In an optional implementation manner of the foregoing application, when the data query transaction request is processed to obtain account information of a data provider, the associated information of the data to be authorized is obtained, so that the associated information is stored to obtain and decrypt the data to be authorized from the off-link storage network, the data to be authorized is obtained, the verification of the existence of the data to be authorized is achieved, a verification mechanism of the data to be authorized is perfected, and convenience is provided for unified management of the off-link storage data by adding relevant data of the existence verification to the blockchain network.

correspondingly, the method for storing the association information of the data to be authorized is fed back to the authorized application party, and further comprises the following steps:

and feeding back the fingerprint data to an authorized applicant so that the authorized applicant extracts the fingerprint data of the data to be authorized, and verifying the correctness of the data to be authorized based on the fingerprint data of the data to be authorized and the fingerprint data in the storage association information.

In an optional implementation manner of the above application, by adding the fingerprint information of the data to be authorized in the storage association information and verifying the correctness of the data to be authorized based on the acquired fingerprint information of the data to be authorized, the verification mechanism of the data to be authorized is further improved, and by adding the data required in the correctness verification process to the blockchain network, convenience is provided for unified management of data stored outside the chain.

In a third aspect, an embodiment of the present application further provides a data storage device, configured at a client, and including:

the off-link storage module is used for encrypting the data to be stored by adopting a storage key when a data storage instruction triggered by a data provider is detected, and uploading the encrypted data to be stored to an off-link storage network to obtain an off-link storage identifier of the data to be stored;

the inquiry key generation module is used for encrypting the storage key based on the account information of the data provider to generate an inquiry key;

and the data storage request generating module is used for generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to the blockchain network, so that the blockchain nodes process the data storage transaction request and uplink data in the data storage transaction request is stored.

In a fourth aspect, an embodiment of the present application further provides a data evidence storing device configured at a blockchain node, including:

the data storage request receiving module is used for receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored;

a data storage request processing module, configured to process the data storage transaction request and store a data uplink in the data storage transaction request;

In a fifth aspect, an embodiment of the present application further provides an electronic device, including:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute a data archiving method provided by the embodiment of the first aspect.

In a sixth aspect, an embodiment of the present application further provides an electronic device, including:

at least one processor; and

the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute a data verification method as provided in an embodiment of the second aspect.

In a seventh aspect, an embodiment of the present application further provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute a data storage method as provided in the embodiment of the first aspect.

In an eighth aspect, embodiments of the present application further provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute a data storage method as provided in the second aspect.

Other effects of the above-described alternative will be described below with reference to specific embodiments.

Drawings

The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:

FIG. 1A is a system architecture diagram according to an embodiment of the present application;

fig. 1B is a flowchart of a data certification method in an embodiment of the present application;

fig. 2 is a flowchart of a data certification method in the second embodiment of the present application;

fig. 3 is a flowchart of a data certification method in the third embodiment of the present application;

fig. 4 is a flowchart of a data certification method in the fourth embodiment of the present application;

fig. 5 is a flowchart of a data certification method in the fifth embodiment of the present application;

fig. 6 is a flowchart of a data certification method in the sixth embodiment of the present application;

fig. 7 is a flowchart of a data certification method in a seventh embodiment of the present application;

fig. 8 is a flowchart of a data certification method in an eighth embodiment of the present application;

fig. 9 is a block diagram of a data evidence storage device in a ninth embodiment of the present application;

fig. 10 is a block diagram of a data certification device in the tenth embodiment of the present application;

fig. 11 is a block diagram of an electronic device for implementing the data certification method according to the embodiment of the present application.

Detailed Description

The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

For the purpose of clear introduction of technical solutions of the embodiments of the present application, a system framework related to the present application is first exemplified.

Referring to fig. 1A, a system framework diagram is shown, comprising a client 10, an out-of-chain storage network 20, and a blockchain network 30.

The client 10 is configured to enable a user to perform a triggering operation, for example, trigger management operations such as data storage, acquisition, and verification, generate a corresponding transaction request, and send the transaction request to the blockchain network for processing. The client can participate in the blockchain network in a form of deploying DAPP, or indirectly participate in the blockchain network by accessing other centralized blockchain nodes to send the transaction request.

And an off-link storage network 20 for storing data outside the blockchain network.

The blockchain network 30 is configured to receive each transaction request sent by the client 10, and complete a corresponding service by processing the transaction request, so as to migrate the data management service to the blockchain network, which is convenient for uniform management of data.

Example one

Fig. 1B is a flowchart of a data storage method in a first embodiment of the present application, where the embodiment of the present application is applicable to a case of performing data storage on data to be stored. The method is executed by a data storage device, which is realized by software and/or hardware and is specifically configured in a client.

As shown in fig. 1B, a data authentication method applied to a client includes:

s101, when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, uploading the encrypted data to be stored to an out-of-chain storage network, and obtaining an out-of-chain storage identifier of the data to be stored.

The storage key may be a symmetric key or an asymmetric key, and is randomly generated by a key generation algorithm.

The off-link storage network may be a cloud device providing storage service, such as an IPFS (internet platform File System). The off-link storage identifier is used for representing the storage position of the data to be stored in the off-link storage network, so that the stored data can be conveniently searched by the off-link storage network.

Illustratively, when a data storage instruction generated by a data provider triggering a set area in a client in a set manner is detected, a storage key is used to encrypt data to be stored, the encrypted data to be stored is uploaded to an off-link storage network for storage, and a storage address of the data to be stored in the off-link storage network is obtained as an off-link storage identifier. The setting area and/or the setting mode for triggering and generating the data storage instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

It should be noted that, when the storage key is a symmetric key, the storage key is used to encrypt the data to be stored, or the storage key may be directly used to encrypt the data to be stored; and when the storage key is an asymmetric key, encrypting the data to be stored by adopting a public key in the asymmetric key.

It should be noted that, before a data storage instruction is triggered, a data provider may import all data bodies into a client, and then the client sends the data bodies to the client; or the access address of the data body is imported into the client, and when the data is stored in the off-link storage system, the data body is acquired and transferred and stored through the access address.

For example, the storage key may be generated in advance by the client itself before encrypting the data to be stored; or the key is generated in advance by other electronic equipment which is in communication connection with the client, and the storage key is acquired from the electronic equipment when needed.

S102, encrypting the storage key based on the account information of the data provider to generate a query key.

The account information of the data provider can be an account address of the data provider in the blockchain network.

Wherein the lookup key is used to decrypt stored data retrieved from the off-link storage network. It should be noted that, when the storage key is a symmetric key, the storage key is encrypted through account information of the data provider, and an inquiry key is generated; and when the storage key is an asymmetric key, encrypting the private key of the storage key through account information of the data provider to generate an inquiry key.

S103, generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to a blockchain network, so that the blockchain nodes process the data storage transaction request, and uplink-store data in the data storage transaction request.

In the step, a data storage transaction request is generated based on the off-link storage identifier, the account information of the data provider and the query key as the storage association information of the data to be stored, and the data storage transaction request is transmitted to the blockchain network. Accordingly, the blockchain node receives and processes the data storage transaction request to store the data contained in the data storage transaction request to the blockchain network.

It can be understood that, when the data to be stored is large-capacity data such as pictures and videos, the data main body of the data to be stored is stored in an out-of-chain storage network outside the blockchain network, and the out-of-chain storage identifier of the data to be stored in the out-of-chain storage network is stored in the decentralized blockchain network, and the decentralized storage requirement is met by a storage mode of combining an upper chain and a lower chain. In addition, the data volume stored in the blockchain network is far smaller than the size of the data to be stored, so that the data storage cost in the blockchain network is reduced, the data transmission volume between the client and the blockchain network is greatly reduced, and the data storage efficiency is improved.

In addition, the data to be stored is encrypted through the storage key, and the storage key is encrypted through the account information of the data provider to generate the query key, so that the stored data is decrypted by combining the query key and an account private key corresponding to the account information of the data provider, the attribution authority of the stored data is determined, and the safety of data storage is further improved.

Example two

Fig. 2 is a flowchart of a data certification method in the second embodiment of the present application, and the second embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments.

Further, the following operation "when a request authorization instruction triggered by an authorization applicant is detected, an authorization application transaction request is generated based on account information of the authorization applicant and account information of a data provider of data to be authorized and transmitted to a blockchain network, so that the blockchain nodes process the authorization application transaction request and send the account information of the authorization applicant to the data provider of the data to be authorized" is added to the data storage method, so as to realize that the authorization applicant requests data authorization from the data provider.

A data certification method as shown in fig. 2 includes:

s201, when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, and uploading the encrypted data to be stored to an out-of-chain storage network to obtain an out-of-chain storage identifier of the data to be stored.

S202, encrypting the storage key based on the account information of the data provider to generate a query key.

S203, generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to a blockchain network, so that the blockchain nodes process the data storage transaction request, and uplink-store data in the data storage transaction request.

S204, when a request authorization instruction triggered by an authorization applicant is detected, an authorization application transaction request is generated based on the account information of the authorization applicant and the account information of the data provider of the data to be authorized and is transmitted to the blockchain network, so that the blockchain nodes process the authorization application transaction request and send the account information of the authorization applicant to the data provider of the data to be authorized.

When a request authorization instruction generated by triggering a set area in a client side by an authorization application party in a set mode is detected, an authorization application transaction request is generated based on account information of the authorization application party and account information of a data provider of data to be authorized, and the authorization application transaction request is transmitted to a blockchain network. Correspondingly, the block chain node receives and processes the authorization application transaction request so as to send account information of the authorization application party to the data provider of the data to be authorized, so that the data provider can conveniently grant data use permission to the authorization application party. The setting area and/or the setting mode for triggering and generating the request authorization instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

It should be noted that the authorized application party can search the data to be authorized by means of offline data collection; or, searching and acquiring the data to be authorized through the block chain network according to the summary information, the description information or other related attribute information of the required data.

Illustratively, the to-be-authorized data is searched and obtained through the blockchain network, a data search transaction request is generated from at least one of description information, summary information and other related attribute information of the required data, and the data search transaction request is transmitted to the blockchain network, so that the blockchain node receives and processes the data search transaction request, searches for the to-be-authorized data meeting the user requirement in the block, and feeds back a query identifier of the to-be-authorized data. Wherein, the query identification can be a block identification and/or a transaction data identification. The block identification is used for representing a block storing the storage association information of the data to be authorized; the transaction data identifier is used to characterize the transaction data stored when processing a data storage transaction request for data to be authorized.

It can be understood that the query process of the data to be authorized is migrated to the block chain network, so that the openness and the transparency of the queried data are improved, a foundation is laid for data sharing of the stored data, and the convenience in managing the related information of the stored data is improved.

It should be noted that the account information of the data provider may be obtained by the subscriber line of the authorization applicant, and may also be obtained by searching the account information of the data provider of the data to be authorized in the blockchain network.

For example, the account information of the data provider of the data to be authorized is searched and obtained through the blockchain network, and when a data query request generated by an authorized applicant is detected, a data query transaction request is generated based on a query identifier of the data to be authorized and transmitted to the blockchain network, so that the blockchain nodes process the data query transaction request, obtain the account information of the data provider of the data to be authorized, and feed the account information back to the authorized applicant.

It can be understood that the accuracy and the safety of the acquired account information of the data provider are improved by migrating the searching process of the account information of the data provider to the blockchain network, a foundation is laid for data sharing of stored data, and the convenience of managing the related information of the stored data is improved.

According to the method and the device, when a request authorization instruction triggered by an authorization applicant is detected, an authorization application transaction request is generated based on account information of the authorization applicant and account information of a data provider of data to be authorized, so that the data provider is requested to provide the account information of the authorization applicant by means of a block chain, a foundation is laid for the data provider to grant the use permission of the data to be authorized to the authorization applicant, and convenience is provided for unified management of data stored outside the chain by transferring an account information sending process to a block chain network.

EXAMPLE III

Fig. 3 is a flowchart of a data certification method in the third embodiment of the present application, and the third embodiment of the present application provides a preferred implementation manner based on the technical solutions of the foregoing embodiments.

Further, the following steps are added in the data storage method, namely when a data authorization instruction triggered by a data provider is detected, account information of an authorization applicant of data to be authorized is acquired; and generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to a blockchain network so as to enable blockchain nodes to execute the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a blockchain in a correlation manner, so that the data providing party authorizes the authorization applicant to grant the use permission of the data to be authorized.

A data certification method as shown in fig. 3 includes:

s301, when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, and uploading the encrypted data to be stored to an out-of-chain storage network to obtain an out-of-chain storage identifier of the data to be stored.

S302, encrypting the storage key based on the account information of the data provider to generate a query key.

S303, generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to a blockchain network, so that the blockchain nodes process the data storage transaction request, and uplink-store data in the data storage transaction request.

S304, when a data authorization instruction triggered by a data provider is detected, account information of an authorization applicant of the data to be authorized is obtained.

Illustratively, when a data provider receives related information that an authorization applicant needs to authorize a data request to be authorized, a set region in a client is triggered in a set mode to generate a data authorization instruction; and when a data authorization instruction is generated, account information of an authorization application party of the data to be authorized is obtained. The setting area and/or the setting mode for triggering and generating the data authorization instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

The data provider receives the relevant information that the authorization applicant needs to authorize the data request to be authorized, and can be implemented in a offline communication manner, and can also send the relevant information based on the blockchain according to the embodiment.

For example, the account information of the authorized applicant for obtaining the data to be authorized may be obtained locally at the client of the data provider, or in another electronic device or cloud end in communication connection with the client, and the account information of the authorized applicant for obtaining the data to be authorized may be obtained directly when needed.

The obtaining of the account information of the data applicant can also be achieved by processing, by the block link node, an authorized application transaction request generated by a client of the authorized applicant, which may be referred to in the foregoing embodiments specifically, and is not described herein again.

S305, generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to a blockchain network, so that the blockchain nodes process the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a blockchain in an associated manner.

Illustratively, a data authorization transaction request is generated based on account information of the authorized applicant and transmitted to the blockchain network. Correspondingly, the blockchain node receives and processes the data authorization transaction request so as to store the data in the data authorization transaction request and the data to be authorized in the blockchain network in an associated manner.

It can be understood that, because the data authorization transaction request includes the account information of the authorization applicant, correspondingly, the storage association information such as the link external storage identifier of the data to be authorized, the account information of the data provider, and the query key associated with the account of the data provider may be stored in the block in association with the account information of the authorization applicant, and by means of storing the account information of the authorization applicant in association with the storage association information of the block, the account information of the authorized user is stored in the block link, which facilitates the verification of the data provider and the authorization applicant.

It can be understood that although the account information of the authorized user is stored in the blockchain, the query key stored in the blockchain needs to be decrypted by the account private key of the data provider to obtain the storage key for decrypting the stored data in the storage network outside the blockchain, so that the authorized user still needs to obtain the authorized data by the data provider.

In order to facilitate an authorized user to bypass a data provider to directly use authorized data, the convenience of obtaining the authorized data is improved, and a query key of data to be authorized can be obtained from a blockchain in the process of data authorization of an authorized applicant by the data provider before a data authorization transaction request is generated based on account information of the authorized applicant and transmitted to a blockchain network, and the obtained query key of the data to be authorized is decrypted based on an account private key of the data provider to obtain a storage key of the data to be authorized; and based on the account information of the authorized application party, encrypting the storage key of the data to be authorized again. Correspondingly, generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to the blockchain network comprises the following steps: and generating a data authorization transaction request based on the re-encrypted storage key and the account information of the authorization application party, and transmitting the data authorization transaction request to the blockchain network.

The data providing direction acquires a query key of the data to be authorized from the block chain aiming at the query identifier of the data to be authorized; the query identifier may be at least one of description information, block identifier, transaction data identifier, and the like of the data to be authorized.

And the data provider decrypts the query key by adopting an account private key corresponding to the account information of the data provider to obtain a key for decrypting the data stored in the off-chain storage network. When the storage key is a symmetric key, the query key is decrypted by an account private key of the data provider to obtain the storage key; and when the storage key is an asymmetric key, the private key corresponding to the storage key is obtained after the inquiry key is decrypted by the account private key of the data provider. The storage key is taken as a symmetric key for an exemplary explanation.

And the data provider encrypts the decrypted storage key again by adopting the account information of the authorized applicant, and stores the encrypted storage key and the account information of the authorized applicant into the block chain. Because the storage key obtained by encrypting the account information of the authorized applicant and the account information of the authorized applicant is stored in the block chain in the authorization process, when the authorized applicant needs to use the authorized data, the storage key obtained by encrypting the account information of the authorized applicant is directly obtained, and the storage key for decrypting the authorized data can be obtained after the storage key is decrypted by the private key of the account of the authorized applicant; meanwhile, after the data corresponding to the out-of-link storage identification in the out-of-link storage network is decrypted by the storage key, the authorized data can be obtained without a data provider, and the convenience of obtaining the authorized data of the authorized user is improved.

According to the data authorization method and device, when the data authorization instruction triggered by the data provider is detected, the account information of the authorized applicant of the data to be authorized is obtained, the data authorization transaction request is generated based on the account information of the authorized applicant and is transmitted to the blockchain network, so that the blockchain nodes execute the data authorization transaction request, the data in the data authorization transaction request and the data to be authorized are stored in the blockchain in a correlation mode, the use permission of the data to be authorized of the authorized applicant is granted, the purpose of data sharing is achieved, and meanwhile, the authorization process is migrated to the blockchain network, and unified management of the data stored outside the chain is facilitated.

Example four

Fig. 4 is a flowchart of a data certification method in the fourth embodiment of the present application, and the embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments.

Further, a data query transaction request is generated based on query data of the data to be authorized and is transmitted to the blockchain network, so that the blockchain nodes process the data query transaction request, and storage association information of the data to be authorized is obtained and fed back; the storage association information comprises an off-chain storage identifier of the data to be authorized and a query key which is provided by the data provider and corresponds to the authorized applicant; searching the data to be authorized in an out-of-chain storage network based on the out-of-chain storage identifier of the data to be authorized; decrypting the obtained query key by using the account private key of the authorization applicant to obtain a storage key of the data to be authorized; and decrypting the acquired data to be authorized based on the acquired storage key so as to verify the existence of the data to be authorized.

A data certification method as shown in fig. 4 includes:

s401, when a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key, and uploading the encrypted data to be stored to an out-of-link storage network to obtain an out-of-link storage identifier of the data to be stored.

S402, encrypting the storage key based on the account information of the data provider to generate a query key.

And S403, generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to a blockchain network, so that the blockchain nodes process the data storage transaction request, and uplink-store data in the data storage transaction request.

S404, when a data query request generated by an authorized applicant is detected, generating a data query transaction request based on a query identifier of data to be authorized and transmitting the data query transaction request to a blockchain network, so that the blockchain nodes process the data query transaction request, and acquire and feed back storage related information of the data to be authorized; the storage association information comprises an off-chain storage identifier of the data to be authorized and a query key provided by the data provider and corresponding to the authorized applicant.

When detecting a data query request generated by an authorized application party in a set area of a client terminal in a set mode, generating a data query transaction request based on a query identifier of data to be authorized, and transmitting the data query transaction request to a blockchain network. Correspondingly, the block chain node receives the transaction request for inquiring the data to be inquired, acquires the storage association information of the data to be authorized in the block chain based on the inquiry identification of the data to be inquired, and feeds back the storage association information to the authorized application party. The setting area and/or the setting mode for triggering and generating the data query request can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

S405, searching the data to be authorized in an off-chain storage network based on the off-chain storage identification of the data to be authorized.

Because the storage associated information comprises the off-link storage identifier of the data to be authorized, the authorized application party can acquire the data to be authorized in the off-link storage network according to the acquired off-link storage identifier.

S406, decrypting the obtained query key by using the account private key of the authorization application party to obtain the storage key of the data to be authorized.

Because the storage associated information comprises the storage key encrypted by the account information of the authorized applicant, the acquired key can be decrypted by the account private key of the authorized applicant to obtain the storage key of the data to be authorized.

S407, decrypting the acquired data to be authorized based on the acquired storage key.

And decrypting the acquired data to be authorized through the acquired storage key to obtain the data to be authorized. When the data to be authorized is obtained after decryption, the required data to be authorized exists; and when the data to be authorized cannot be obtained after decryption, the required data to be authorized does not exist. Therefore, before the authorization applicant user applies for authorization to the data provider, the existence of the data to be authorized is verified in a self-query mode of the data to be authorized, and the safety of data transaction is improved.

Of course, in order to guarantee the rights of the data provider, before authorizing the authorized applicant, the data provided to the authorized applicant may be in a read-only mode or only display part of the data, so as to prevent the data from being stolen by the unauthorized applicant.

According to the method and the device, the storage association information of the data to be authorized can be acquired while the data query transaction request is generated to acquire the account information of the data provider, so that the data to be authorized is acquired and decrypted from the off-chain storage network through the storage association information, the acquisition of the data to be authorized is realized, the verification of the existence of the data to be authorized is realized, the verification mechanism of the data to be authorized is perfected, and convenience is provided for the unified management of the off-chain storage data by adding the relevant data with the verification of the existence to the block chain network.

In order to verify the correctness of the acquired data, in the technical solution of each embodiment, before generating a data storage transaction request based on the off-link storage identifier, the account information of the data provider, and the query key, the fingerprint information of the data to be stored may be extracted to obtain the fingerprint data. Accordingly, a data storage transaction request is generated based on the off-link storage identifier and the account information of the data provider, which may be a data storage transaction request generated based on the off-link storage identifier, the account information of the data provider, and the fingerprint data.

Then, when a data storage transaction request is processed at a blockchain node, fingerprint data of data to be authorized will also be stored in the transaction data of the blockchain. Correspondingly, the storage association information of the data to be authorized, which is obtained by processing the data query transaction request, also includes the fingerprint data of the data to be authorized. When the storage association information further comprises fingerprint data of the data to be authorized, the fingerprint data of the data to be authorized can be extracted after the acquired data to be authorized is decrypted based on the acquired storage key, and the correctness of the data to be authorized is verified based on the extracted fingerprint data and the acquired fingerprint data.

Specifically, when the extracted fingerprint data is the same as the fingerprint data in the acquired storage association information, it indicates that the data to be authorized acquired from the off-link storage network is correct; if the extracted fingerprint data is different from the fingerprint data in the acquired storage association information, the fact that the data to be authorized acquired from the off-link storage network is wrong is indicated, and therefore the correctness of the data to be authorized is verified.

EXAMPLE five

Fig. 5 is a flowchart of a data storage method in a fifth embodiment of the present application, where the fifth embodiment of the present application is applicable to a case where data to be stored is stored through a blockchain network, and the method is executed by a data storage device, where the device is implemented through software and/or hardware, and is specifically configured in an electronic device carrying a blockchain node.

As shown in fig. 5, a data evidence storing method applied to a blockchain node includes:

s501, receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored.

The storage key may be a symmetric key or an asymmetric key, and is randomly generated by a key generation algorithm. It should be noted that, when the storage key is a symmetric key, the storage key is used to encrypt the data to be stored, or the storage key may be directly used to encrypt the data to be stored; and when the storage key is an asymmetric key, encrypting the data to be stored by adopting a public key in the asymmetric key.

The out-of-link storage network may be a cloud device providing storage services, such as IPFS. The off-link storage identifier is used for representing the storage position of the data to be stored in the off-link storage network, so that the stored data can be conveniently searched by the off-link storage network.

When a data provider triggers a set area in a client in a set mode and generates a data storage instruction, a storage key is used for encrypting data to be stored, the encrypted data to be stored is uploaded to an out-of-chain storage network for storage, and meanwhile, a storage address of the data to be stored in the out-of-chain storage network is obtained and used as an out-of-chain storage identifier. And the client of the data provider encrypts the storage key based on the account information of the data provider to generate an inquiry key, and generates a data storage transaction request based on the out-of-link storage identifier, the account information of the data provider and the inquiry key to transmit the data storage transaction request to the blockchain network. Accordingly, the blockchain node receives the data storage transaction request. The setting area and/or the setting mode for triggering and generating the data storage instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

S502, the data storage transaction request is processed, and the data uplink in the data storage transaction request is stored.

The block chain node processes the data storage transaction request to store data in the data storage transaction request, for example, an off-chain storage identifier corresponding to data to be stored, which is stored in an off-chain storage network and included in the data storage transaction request, the account information of the data provider, and an inquiry key corresponding to the data to be stored, into the block chain. Illustratively, processing of data storage transaction requests may be accomplished by invoking a data storage intelligence contract.

EXAMPLE six

Fig. 6 is a flowchart of a data certification method in the sixth embodiment of the present application, and the embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments.

Further, in the data evidence storing method, additionally receiving an authorization application transaction request sent by an authorization application party, wherein the authorization application transaction request comprises account information of the authorization application party and account information of the data provider; and processing the authorization application transaction request to send account information of the authorization application party to a data provider corresponding to the data to be authorized, so as to migrate an account inquiry process of the data provider to the authorization application party to a block chain network.

A data certification method as shown in fig. 6 includes:

s601, receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored.

S602, processing the data storage transaction request, and storing the data uplink in the data storage transaction request.

S603, receiving an authorization application transaction request sent by an authorization application party, wherein the authorization application transaction request comprises account information of the authorization application party and account information of the data provider.

When a request authorization instruction generated by triggering a set area in a client side by an authorization application party in a set mode is detected, an authorization application transaction request is generated based on account information of the authorization application party and account information of a data provider of data to be authorized, and the authorization application transaction request is transmitted to a blockchain network. The setting area and/or the setting mode for triggering and generating the request authorization instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

For example, the data to be authorized is searched and obtained through the blockchain network, and a data search transaction request may be generated from at least one of description information, summary information, other related attribute information, and the like of the required data, and the data search transaction request is transmitted to the blockchain network; and the block chain node receives and processes the data search transaction request, searches for data to be authorized meeting the user requirement in the block, and feeds back the query identifier of the data to be authorized. Illustratively, processing of the data search transaction request may be accomplished by invoking a data search intelligence contract.

Wherein, the query identification can be a block identification and/or a transaction data identification. The block identification is used for representing a block storing the storage association information of the data to be authorized; the transaction data identifier is used to characterize the transaction data stored when processing a data storage transaction request for data to be authorized.

For example, the account information of the data provider of the data to be authorized is searched and obtained through the blockchain network, when a data query request generated by an authorized applicant is detected, a data query transaction request is generated based on a query identifier of the data to be authorized and is transmitted to the blockchain network. The method comprises the steps that a block chain node receives a data query transaction request sent by an authorized application party, wherein the data query transaction request comprises a query identifier of data to be authorized; and processing the data query transaction request to acquire and feed back account information of a data provider corresponding to the data to be authorized according to the query identifier of the data to be authorized. Illustratively, processing of data query transaction requests may be accomplished by invoking a data query intelligence contract.

S604, processing the authorization application transaction request to send account information of the authorization application party to a data provider corresponding to the data to be authorized.

And the block chain node processes the authorization application transaction request so as to send account information of the authorization application party to the data provider of the data to be authorized, so that the data provider can conveniently grant data use permission to the authorization application party. Illustratively, processing of the request for the authorization request for the application transaction may be accomplished by invoking an authorization request for the application intelligence contract.

According to the method and the device, the data provider is requested to provide the account information of the authorized applicant by the blockchain through receiving and processing the authorized application transaction request comprising the account information of the authorized applicant and the account information of the data provider, so that the data provider can grant the use permission of the data to be authorized to the authorized applicant, and the account information sending process is migrated to the blockchain network, so that unified management of data stored outside the chain is facilitated.

EXAMPLE seven

Fig. 7 is a flowchart of a data certification method in a seventh embodiment of the present application, and the embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments.

Further, a data authorization transaction request sent by a data provider is additionally received in the data evidence storage method; the data authorization transaction request comprises account information of an authorization applicant; and processing the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized into a block chain in a correlation manner so as to transfer the authorization process of the data to be authorized, which is carried out by the data providing party to the authorization application party, to the block chain network.

A data certification method as shown in fig. 7 includes:

s701, receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored.

S702, processing the data storage transaction request, and storing the data uplink in the data storage transaction request.

S703, receiving a data authorization transaction request sent by a data provider; the data authorization transaction request includes account information of an authorized applicant.

Illustratively, when a data provider receives related information that an authorization applicant needs to authorize a data request to be authorized, a set region in a client is triggered in a set mode to generate a data authorization instruction; when a data authorization instruction is generated, account information of an authorization application party of data to be authorized is obtained; and generating a data authorization transaction request based on the account information of the authorization applicant, and transmitting the generated data authorization transaction request to the blockchain network.

The setting area and/or the setting mode for triggering and generating the data authorization instruction can be set by a client developer according to development requirements, or can be set by a client user according to use requirements.

S704, processing the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a block chain in an associated manner.

The blockchain node processes the received data authorization transaction request to store data in the data authorization transaction request in association with data to be authorized in the blockchain.

It can be understood that, because the data authorization transaction request includes the account information of the authorization applicant, the storage association information such as the chain external storage identifier of the data to be authorized, the account information of the data provider, and the query key associated with the account of the data provider can be stored in the block in association with the account information of the authorization applicant, and by means of storing the account information of the authorization applicant in association with the storage association information of the authorized user, the account information of the authorized user is stored in the block chain, which facilitates the verification of the data provider and the authorization applicant.

In order to facilitate the authorized user to bypass the data provider to directly use the authorized data, the convenience of obtaining the authorized data is improved, and a storage key provided by the data provider and encrypted based on the account information of the authorized application party can be added to the data authorization transaction request.

For example, the data provider adds, in the data authorization transaction request, a storage key provided by the data provider and encrypted based on account information of the authorization applicant, which may be: in the process that a data provider authorizes an authorized applicant, before a data authorization transaction request is generated based on account information of the authorized applicant and transmitted to a blockchain network, the data provider acquires a query key of data to be authorized from a blockchain, and decrypts the acquired query key of the data to be authorized based on an account private key of the data provider to obtain a storage key of the data to be authorized; based on the account information of the authorized application party, encrypting the storage key of the data to be authorized again; and generating a data authorization transaction request based on the encrypted storage key and the account information of the authorization application party.

The detailed scheme of the data provider for encrypting the storage key again based on the account information of the authorized applicant can be referred to the foregoing embodiment, and is not described herein again.

It can be understood that, since the storage key obtained by encrypting the account information of the authorized applicant is added to the data authorization transaction request, after the data authorization transaction request is processed at the block link node, the account information of the authorized applicant and the storage key obtained by encrypting the account information of the authorized applicant are stored in the block chain. Then, when the authorized application party needs to use the authorized data, the storage key and the out-of-chain storage identifier after the account information of the authorized application party is encrypted are directly obtained, the storage key for decrypting the authorized data can be obtained after the storage key is decrypted by the own account private key, and meanwhile, after the storage key is adopted to decrypt the data corresponding to the out-of-chain storage identifier in the out-of-chain storage network, the authorized data can be obtained without a data provider, so that the authorized data obtaining convenience of the authorized user is improved.

According to the method and the device, the management and storage of the account information of the authorized applicant and the data to be authorized in the block chain are realized through the receiving and processing of the data authorization transaction request including the account information of the authorized applicant, so that the use permission of the data to be authorized of the authorized applicant is granted by means of the block chain network, the purpose of data sharing is achieved, and meanwhile, the authorization process is migrated to the block chain network, and unified management of the data stored outside the chain is facilitated.

Example eight

Fig. 8 is a flowchart of a data certification method in an eighth embodiment of the present application, and the embodiment of the present application performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments.

Further, the data query transaction request is additionally processed in the data evidence storage method so as to obtain the storage association information of the data to be authorized; the storage association information comprises an out-of-link storage identifier and a storage key encrypted based on account information of the authorized application party; and feeding back the storage associated information of the data to be authorized to an authorized application party so that the authorized application party searches the encrypted data to be authorized in an off-chain storage network based on the off-chain storage identifier, and decrypts the acquired data to be authorized based on a storage key in the storage associated information so as to migrate the verification process of the data to a block chain network.

A data certification method as shown in fig. 8 includes:

s801, receiving a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored.

S802, processing the data storage transaction request, and storing the data uplink in the data storage transaction request.

S803, receiving a data query transaction request sent by an authorized application party, wherein the data query transaction request comprises a query identifier of data to be authorized.

When detecting a data query request generated by an authorized application party in a set area of a client terminal in a set mode, generating a data query transaction request based on a query identifier of data to be authorized, and transmitting the data query transaction request to a blockchain network.

S804, processing the data query transaction request to obtain the storage association information of the data to be authorized; the storage association information comprises an out-of-link storage identifier and a storage key encrypted based on account information of the authorized application party.

And the block chain node receives and processes the transaction request to be queried so as to acquire storage association information of the data to be authorized in the block chain based on the query identifier of the data to be queried.

S805, the storage association information of the data to be authorized is fed back to an authorized application party, so that the authorized application party searches for the encrypted data to be authorized in an out-of-chain storage network based on the out-of-chain storage identifier, and decrypts the acquired data to be authorized based on a storage key in the storage association information.

And the block chain link point feeds back the acquired storage association information of the data to be authorized to the authorized application party. Because the storage associated information comprises the off-link storage identifier of the data to be authorized, the authorized application party can acquire the data to be authorized in the off-link storage network according to the acquired off-link storage identifier.

Because the storage associated information comprises the storage key encrypted by the account information of the authorized applicant, the obtained key can be decrypted by the account private key of the authorized applicant to obtain the storage key of the data to be authorized.

According to the method and the device, the data query transaction request is processed to acquire the account information of the data provider, the associated information of the data to be authorized is acquired, the associated information is stored to acquire and decrypt the data to be authorized from the off-link storage network, the data to be authorized is acquired, the verification of the existence of the data to be authorized is realized, the verification mechanism of the data to be authorized is perfected, and the convenience is provided for the unified management of the off-link storage data by adding the data related to the existence verification to the blockchain network.

In order to verify the correctness of the acquired data, in the technical solution of the foregoing embodiments, fingerprint data of the data to be stored may be further added to the data storage transaction request, where the fingerprint data is obtained by extracting, by a data provider, fingerprint information of the data to be stored.

Then, when a data storage transaction request is processed at a blockchain node, fingerprint data of data to be authorized will also be stored in the transaction data of the blockchain. Correspondingly, the storage association information of the data to be authorized, which is obtained by processing the data query transaction request, also includes the fingerprint data of the data to be authorized. When the storage associated information further comprises fingerprint data of data to be authorized, feeding back the storage associated information of the data to be authorized to an authorized application party, further comprising: and feeding back the fingerprint data to an authorized applicant so that the authorized applicant extracts the fingerprint data of the data to be authorized, and verifying the correctness of the data to be authorized based on the fingerprint data of the data to be authorized and the fingerprint data in the storage association information.

Example nine

Fig. 9 is a structural diagram of a data storage device in a ninth embodiment of the present application, where the embodiment of the present application is applied to a case of storing data in data to be stored. The device is realized by software and/or hardware and is specifically configured in the client.

A data certification device 900 as shown in fig. 9 includes: an out-of-link storage module 901, a query key generation module 902, and a data storage request generation module 903.

The off-link storage module 901 is configured to encrypt data to be stored by using a storage key when a data storage instruction triggered by a data provider is detected, and upload the encrypted data to be stored to an off-link storage network to obtain an off-link storage identifier of the data to be stored;

a query key generation module 902, configured to encrypt the storage key based on the account information of the data provider, and generate a query key;

a data storage request generating module 903, configured to generate a data storage transaction request based on the off-link storage identifier, the account information of the data provider, and the query key, and transmit the data storage transaction request to a blockchain network, so that a blockchain node processes the data storage transaction request, and uplink stores data in the data storage transaction request.

When a data storage instruction triggered by a data provider is detected, encrypting data to be stored by using a storage key through an off-link storage module, uploading the encrypted data to be stored to an off-link storage network, and obtaining an off-link storage identifier of the stored data through an inquiry key generation module; encrypting the storage key based on the account information of the data provider to generate a query key; and generating a data storage transaction request based on the off-chain storage identifier, the account information of the data provider and the query key through a data storage request generation module, and transmitting the data storage transaction request to the blockchain network, so that the blockchain nodes process the data storage transaction request, and uplink data in the data storage transaction request is stored. According to the technical scheme, the data to be stored is stored in the data main body through the off-chain storage network, and the mode of storing the associated information by combining the block chain is combined, so that the data is stored in a decentralized mode, the storage efficiency is improved, and the storage cost is reduced; meanwhile, the attribution authority of the stored data is determined by a storage mode combining the storage key and the block chain account, and the safety of data storage is improved.

Further, the device also comprises

The system comprises an applicant account acquisition module, a data provider and a data authorization module, wherein the applicant account acquisition module is used for acquiring account information of an authorized applicant of data to be authorized when a data authorization instruction triggered by the data provider is detected;

and the data authorization request generating module is used for generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to the blockchain network so as to enable the blockchain nodes to execute the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized into the blockchain in an associated manner.

Further, the apparatus further comprises:

the storage key acquisition module is used for acquiring a query key of the data to be authorized from the blockchain before generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to the blockchain network, and decrypting the acquired query key of the data to be authorized based on an account private key of the data provider to obtain a storage key of the data to be authorized;

the storage key encryption module is used for encrypting the storage key of the data to be authorized again based on the account information of the authorized application party;

correspondingly, the data authorization request generation module, when executing the data authorization transaction request generated based on the account information of the authorization applicant and transmitting the data authorization transaction request to the block chain network, is specifically configured to:

Further, the apparatus further comprises:

the fingerprint data extraction module is used for extracting the fingerprint information of the data to be stored to obtain fingerprint data before generating a data storage transaction request based on the off-link storage identifier, the account information of the data provider and the query key;

correspondingly, the data storage request generating module 903, when executing generating a data storage transaction request based on the off-link storage identifier and the account information of the data provider, is specifically configured to:

Further, the apparatus further comprises:

and the authorization application request generating module is used for generating an authorization application transaction request based on the account information of the authorization application party and the account information of the data provider of the data to be authorized and transmitting the authorization application transaction request to the blockchain network when a request authorization instruction triggered by the authorization application party is detected, so that the blockchain nodes process the authorization application transaction request and send the account information of the authorization application party to the data provider of the data to be authorized.

Further, the apparatus further includes an authorization application request generation module, configured to:

before generating an authorization application transaction request based on the account information of the authorization applicant and the account information of the data provider of the data to be authorized and transmitting the authorization application transaction request to the blockchain network, when a data query request generated by the authorization applicant is detected, generating a data query transaction request based on a query identifier of the data to be authorized and transmitting the data query transaction request to the blockchain network, so that the blockchain nodes process the data query transaction request, acquire the account information of the data provider of the data to be authorized and feed back the account information to the authorization applicant.

Further, the authorization application request generation module is further configured to:

generating a data query transaction request based on the query identifier of the data to be authorized and transmitting the data query transaction request to the blockchain network so that the blockchain nodes process the data query transaction request and acquire and feed back storage association information of the data to be authorized; the storage association information comprises an off-chain storage identifier of the data to be authorized and a query key which is provided by the data provider and corresponds to the authorized applicant;

Further, the storage association information further comprises fingerprint data of the data to be authorized;

correspondingly, the device further comprises a correct-definite verification module for:

after the acquired data to be authorized is decrypted based on the acquired storage key, fingerprint data of the data to be authorized is extracted, and the correctness of the data to be authorized is verified based on the extracted fingerprint data and the acquired fingerprint data.

The data evidence storing device can execute the data evidence storing method provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of executing the data evidence storing method.

Example ten

Fig. 10 is a structural diagram of a data storage device in an embodiment of the present application, where the embodiment of the present application is applicable to a case where data to be stored is stored through a blockchain network, and the device is implemented through software and/or hardware and is specifically configured in an electronic device carrying a blockchain node.

A data certification device 1000 as shown in fig. 10 includes: a data storage request receiving module 1001 and a data storage request processing module 1002. Wherein the content of the first and second substances,

a data storage request receiving module 1001, configured to receive a data storage transaction request sent by a data provider; the data storage transaction request comprises an off-link storage identifier corresponding to data to be stored in an off-link storage network, account information of the data provider and a query key corresponding to the data to be stored;

a data storage request processing module 1002, configured to process the data storage transaction request, and store a data uplink in the data storage transaction request;

According to the data storage request receiving module, the data storage transaction request which is sent by the data provider and contains the off-link storage identifier corresponding to the to-be-stored data stored in the off-link storage network, the account information of the data provider and the query key obtained by encrypting the storage key through the account information of the data provider is received, the data storage transaction request is processed through the data storage request processing module, and then the associated information of the to-be-stored data is stored in an up-link mode, so that the effects of storing the associated information on the off-link storage data main body and the link are achieved, the decentralized storage of the data is achieved, the storage efficiency of the data is improved, and the data storage cost is reduced; meanwhile, the attribution authority of the stored data is determined by a storage mode combining the storage key and the block chain account, and the safety of data storage is improved.

Further, the apparatus further comprises:

the data authorization request receiving module is used for receiving a data authorization transaction request sent by a data provider; the data authorization transaction request comprises account information of an authorization applicant;

and the data authorization request processing module is used for processing the data authorization transaction request and storing the data in the data authorization transaction request and the data to be authorized in a block chain in an associated manner.

Further, the data authorization transaction request also comprises a storage key provided by the data provider and encrypted based on the account information of the authorization applicant.

Further, the data storage transaction request also includes fingerprint data of the data to be stored, and the fingerprint data is obtained by extracting fingerprint information of the data to be stored by a data provider.

Further, the apparatus further comprises:

an authorized application request receiving module, configured to receive an authorized application transaction request sent by an authorized application party, where the authorized application transaction request includes account information of the authorized application party and account information of the data provider;

and the authorization application request processing module is used for processing the authorization application transaction request so as to send the account information of the authorization application party to the data provider corresponding to the data to be authorized.

Further, the apparatus further comprises:

the data query request receiving module is used for receiving a data query transaction request sent by an authorized applicant before receiving the authorized application transaction request sent by the authorized applicant, wherein the data query transaction request comprises a query identifier of data to be authorized;

and the data query request processing module is used for processing the data query transaction request so as to acquire and feed back account information of a data provider corresponding to the data to be authorized according to the query identifier of the data to be authorized.

Further, the data query request processing module is further configured to:

correspondingly, the data query request processing module is further configured to:

EXAMPLE eleven

According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.

Fig. 11 is a block diagram of an electronic device that executes the data certification method according to the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.

As shown in fig. 11, the electronic apparatus includes: one or more processors 1101, a memory 1102, and interfaces for connecting the various components, including a high speed interface and a low speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 11, a processor 1101 is taken as an example.

The memory 1102 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by at least one processor to cause the at least one processor to perform the data validation method provided herein. The non-transitory computer readable storage medium of the present application stores computer instructions for causing a computer to perform the data credentialing method provided by the present application.

The memory 1102, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method of data management in the embodiments of the present application (for example, the data certification device 900 including the out-of-link storage module 901, the query key generation module 902, and the data storage request generation module 903, or the data certification device 1000 including the data storage request reception module 1001 and the data storage request processing module 1002). The processor 1101 executes various functional applications of the server and data processing by running non-transitory software programs, instructions and modules stored in the memory 1102, that is, implements the data storage method in the above-described method embodiment.

The memory 1102 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device that performs the data credentialing method, and the like. Further, the memory 1102 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 1102 may optionally include memory located remotely from the processor 1101, which may be connected over a network to an electronic device performing the data credentialing method. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The electronic device executing the data credentialing method may further include: an input device 1103 and an output device 1104. The processor 1101, the memory 1102, the input device 1103 and the output device 1104 may be connected by a bus or other means, and are exemplified by being connected by a bus in fig. 11.

The input device 1103 may receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic apparatus performing the data credentialing method, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer, one or more mouse buttons, a track ball, a joystick, or other input devices. The output devices 1104 may include a display device, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

According to the technical scheme of the embodiment of the application, when a data storage instruction triggered by a data provider is detected, a storage key is adopted to encrypt data to be stored, the encrypted data to be stored is uploaded to an out-of-link storage network, and an out-of-link storage identifier of the stored data is obtained; encrypting the storage key based on the account information of the data provider to generate a query key; and generating a data storage transaction request based on the out-of-chain storage identifier, the account information of the data provider and the query key, and transmitting the data storage transaction request to the blockchain network, so that the blockchain nodes process the data storage transaction request and uplink stores the data in the data storage transaction request. According to the technical scheme, the data to be stored is stored in the data main body through the off-chain storage network, and the mode of storing the associated information by combining the block chain is combined, so that the data is stored in a decentralized mode, the storage efficiency is improved, and the storage cost is reduced; meanwhile, the attribution authority of the stored data is determined by a storage mode combining the storage key and the block chain account, and the safety of data storage is improved.

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.

The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims

1. A data storage method is applied to a client side and is characterized by comprising the following steps:

2. The method of claim 1, further comprising:

and generating a data authorization transaction request based on the account information of the authorization applicant and transmitting the data authorization transaction request to a blockchain network, so that the blockchain nodes process the data authorization transaction request, and storing the data in the data authorization transaction request and the data to be authorized in a blockchain in an associated manner.

3. The method of claim 2, wherein prior to generating and transmitting a data authorization transaction request to a blockchain network based on account information of the authorizing requestor, the method further comprises:

4. The method of claim 1, wherein prior to generating a data storage transaction request based on the off-chain storage identification, the account information of the data provider, and the query key, the method further comprises:

5. The method according to any one of claims 1-4, further comprising:

6. The method of claim 5, wherein before generating and transmitting an authorization application transaction request to the blockchain network based on the account information of the authorization application party and the account information of the data provider of the data to be authorized, the method further comprises:

7. The method of claim 6, wherein generating a data query transaction request based on the query identification of the data to be authorized and transmitting the data query transaction request to the blockchain network further comprises:

8. The method according to claim 7, wherein the storage association information further comprises fingerprint data of the data to be authorized;

9. A data evidence storing method is applied to a block chain node and is characterized by comprising the following steps:

10. The method of claim 9, further comprising:

11. The method of claim 10, wherein the data authorization transaction request further comprises a storage key provided by a data provider and encrypted based on account information of the authorization applicant.

12. The method according to claim 9, wherein the data storage transaction request further includes fingerprint data of the data to be stored, and the fingerprint data is obtained by extracting fingerprint information of the data to be stored by a data provider.

13. The method according to any one of claims 9-12, further comprising:

14. The method of claim 13, wherein prior to receiving the request for an authorization application transaction sent by the authorization application party, the method further comprises:

15. The method of claim 14, wherein processing the data query transaction request further comprises:

16. The method according to claim 15, wherein the storage association information further comprises fingerprint data of the data to be authorized;

17. A data storage device configured at a client, comprising:

18. A data authentication device configured at a blockchain node, comprising:

19. An electronic device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data validation method according to any one of claims 1-8.

20. An electronic device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data validation method according to any one of claims 9-16.

21. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform a data credentialing method as recited in any one of claims 1-8.

22. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform a data credentialing method of any one of claims 9-16.