CN111709029A - Data operation and privacy transaction method based on block chain and trusted computing network - Google Patents
Data operation and privacy transaction method based on block chain and trusted computing network Download PDFInfo
- Publication number
- CN111709029A CN111709029A CN202010407066.8A CN202010407066A CN111709029A CN 111709029 A CN111709029 A CN 111709029A CN 202010407066 A CN202010407066 A CN 202010407066A CN 111709029 A CN111709029 A CN 111709029A
- Authority
- CN
- China
- Prior art keywords
- data
- provider
- data operation
- requester
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention discloses a data operation and privacy transaction method based on a block chain and a trusted computing network, wherein in the whole data operation process, a requester provides a data operation request and only obtains a data operation result without touching the original data of a provider; the platform performs data operation and outputs a data operation result under a trusted execution environment on the premise of authorization of a provider, and the data operation process is real and trusted; after the data operation is completed, the provider can delete the authorized data in the data operation or encrypt and store the data, so that data leakage is avoided; according to the method, only a provider can see the statistical original data, only a requester can see the obtained data operation result, and the data operation is executed in a trusted environment, so that the privacy protection requirement in the data operation process can be met, and a real and reliable data operation result can be obtained.
Description
Technical Field
The invention relates to the technical field of data operation and privacy transaction, in particular to a data operation and privacy transaction method based on a block chain and a trusted computing network.
Background
The blockchain technology is a brand new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secures data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data. In the current blockchain system, all data are completely disclosed on the chain, and any data needing to be kept secret cannot be accepted and processed, so that the privacy problem exists.
In terms of addressing privacy, a Trusted Execution Environment (TEE) is one solution. The TEE can function as a black box in hardware, codes and data executed in the TEE cannot be peeped by an operating system layer, and the TEE can be operated only through an interface predefined in the codes. In the aspect of efficiency, due to the black box property of the TEE, plaintext data is operated in the TEE instead of complex cryptography operation in homomorphic encryption, efficiency loss does not exist in the calculation process, and therefore the safety and privacy of a block chain can be improved to a great extent on the premise of small performance loss by combining the TEE. The industry is concerned with TEE solutions, and almost all mainstream chip and Software consortiums have their own TEE solutions, including Software-oriented TPM (Trusted Platform Module) and hardware-oriented Intel SGX (Software Guard Extensions), ARM Trustzone (Trusted zone), and AMD PSP (Platform Security Processor).
The data operation process needs to protect the privacy of a data provider and protect the operation result of a data requester from being leaked. In the data operation process, the privacy of each participant needs to be protected, and the incidence relation between the participant and the data to be operated is specifically protected, that is, in the data operation process, only the participant needs to know the data provided by the participant and the data to be operated, but does not need to know which participant provides which data to be operated.
The Chinese patent application publication No. CN109325331A, 2, 12 in 2019, discloses a big data acquisition and transaction system based on a block chain and a trusted computing platform, and the main ideas are as follows: a PUF technology is used on a personal Internet of things equipment node to obtain an equipment hardware fingerprint as a 'pass' of hardware equipment admission authentication. And the private cloud platform embedded into the trusted platform module guarantees the credibility of a data link from the authenticated Internet of things node equipment to the private cloud platform by collecting integrity measurement and data decapsulation operations of the data code page. The data provider provides a public key address on a block chain bound with the authentication TPM to a data collection company in a direct anonymous attestation mode, and meanwhile, the anonymity of the data provider can be kept, and the purpose of privacy protection is achieved. Finally, under the support of a trusted third party, the data collection company can verify the credibility of the data provided by the data provider, and the data remuneration is paid fairly and fairly through an intelligent contract on the block chain. This patent application gathers to the credible big data of extensive personal thing networking device network, and the data of gathering are from the hardware physical equipment that passes through the certification, and it can guarantee the authenticity of data collection, keeps data provider's self anonymity, but can not guarantee that private cloud platform does not reveal data, and data provider also can not delete or download own data, can not avoid the data of provider because the leakage risk that private cloud platform owner's problem caused.
The special benefit of china with publication number CN110569666A in 2019, 12 and 13 discloses a method and an apparatus for data statistics based on a block chain, wherein a supervisory server decrypts each signature information by using a group private key of a statistical group, thereby obtaining data to be counted provided by a data server to be verified from the block chain, verifying the authenticity and rationality of the data provided by the data server to be verified, and ensuring the data validity in the data statistics process. And correspondingly writing the signature information and the data to be counted into a block chain, and providing the data which is not tampered with for the supervision server. The patent application is based on a block chain technology, can ensure the data effectiveness in the data statistics process, but cannot ensure that internal data is not touched by others because the operating environment is not in a black box (trusted environment), and has the risk of data leakage.
U.S. patent publication No. US20200058023a1, entitled 2.20.2020, discloses a blockchain-based decentralized data marketplace that allows data providers to sell their data to data requesters in exchange for token payments. The marketplace allows data to be sold securely and anonymously in a trusted environment that is fair to all participants, and enables data providers to control and monetize their own data (e.g., personal data). A notary with "ground truth" data access rights can verify data provided in the marketplace to ensure that it is not forged or falsified before the data purchaser purchases it. The marketplace implements blockchain-based intelligent contracts that work with cryptographic protocols to achieve an efficient, decentralized data market in which transactions can be conducted directly between data providers and data requesters, while remaining anonymous. The patent application aims at the purchase and sale of raw data, and is a transaction system of a one-to-one buyer and a one-to-one seller, and the original data of a provider is obtained by the transaction, so that the problem of data privacy protection does not exist.
In summary, the privacy of each participant is not effectively protected in the existing data operation process, and therefore an effective privacy protection method needs to be provided to meet the privacy protection requirement in the data operation process, so that a requester can obtain a desired data operation result, and a provider can effectively protect own data from being leaked.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a data operation and privacy transaction method based on a block chain and a trusted computing network, which is characterized in that after information that a provider audits and authorizes a data operation request of a requester is obtained, original data provided by the provider is called, data operation is carried out in a trusted execution environment, and a data operation result is output; the data operation result obtained by the method is only visible for a requester, and the original data for statistics is only visible for a provider, so that data leakage is avoided, and the privacy protection requirement in the data operation process can be met.
The invention is realized by the following technical scheme:
according to a first aspect of one or more embodiments of the present specification, there is provided a data operation and privacy transaction method based on a blockchain and a trusted computing network, including:
receiving a data operation request uploaded by a requester, wherein the data operation request comprises a data request and executable codes for operating the requested data;
receiving return information uploaded by a provider and used for auditing the data request;
if the returned information display provider authorizes the data request, calling data corresponding to the data request and executing the executable code;
and outputting a data operation result.
In the technical scheme, a requester sends a data operation request, and a provider audits the data operation request of the requester to determine whether the data operation request is authorized; when the data operation request is determined to be authorized, returning authorization information; after receiving the authorization information, the platform calls the data of the provider, runs the executable code of the data operation request in a trusted computing environment, and then outputs the data operation result. In the whole data operation process, a requester provides a data operation request and only obtains a data operation result without touching the original data of a provider; the platform performs data operation under a trusted execution environment on the premise of authorization of a provider and outputs a data operation result; after the data operation is completed, the provider can delete the authorized data in the data operation or encrypt and store the data, so that the data operation process of the invention does not touch the original data of the provider, only displays the final data operation result, avoids the risk of data leakage, and can meet the privacy protection requirement in the data operation process.
Furthermore, the executable code can be provided by a requester, and the requester provides corresponding executable code according to the data operation requirement of the requester. Alternatively, the executable code can also be provided by a platform, and different data operation templates are provided according to the data operation mode involved in the data operation; after logging in the platform, the requester can select a template required by the requester from the provided data operation templates, so that the process of writing data operation executable codes by the requester is omitted, and the data operation efficiency is improved.
Preferably, the transaction request includes a plurality of data requests, each corresponding to a different provider. The requester can simultaneously request data of a plurality of providers for data operation, and after the authorized permission of the plurality of providers is obtained, the platform calls the data of the plurality of providers and performs joint calculation under a trusted execution environment. The multiple providers are independent and do not share data with each other, and the data of each provider still has privacy.
As another embodiment, the transaction request includes a plurality of data requests, each corresponding to different data of the provider. And the provider audits the data requests respectively, determines data requests which can be authorized and data requests which cannot be authorized, and returns audit results.
Preferably, if the return information display provider does not authorize the data request, the executable code is not executed. When the provider does not audit the data request of the requester and determines not to authorize the data request, information which does not agree with authorization is returned; after receiving the information that the provider does not agree with the authorization, the platform does not call the data of the provider and does not execute the data operation code. And only under the condition of authorization of the provider, the data of the provider can be called, so that the data of the provider is ensured not to be leaked.
Preferably, the data operation result is encrypted and then sent to the requesting party, but the decryption key is not released to the requesting party; and releasing the decryption key for the requester after the payment of the requester is successful. After the requester obtains the encrypted data operation result, payment is required to be carried out according to the requirement of the provider, and after the payment is successful, the secret intelligent contract running on the block chain releases the decryption key to the requester to complete the transaction process of the data operation.
Preferably, the data uploading of the requester and the provider is end-to-end encryption, and the uploaded data is stored after being encrypted. The storage mode comprises the following steps: centralized storage, decentralized storage. As long as the user has access to the storage. Because end-to-end encryption is provided for the data of the requester and the provider, the data and the calculation result can only be seen by the requester and the provider; the requester can only see the data operation request sent by the requester and the final data operation result, and does not touch the original data of the provider, so that the data privacy protection in the data operation process is effectively ensured.
Preferably, a secret intelligent contract is written in the block chain, and unique corresponding data keys are respectively arranged between the secret intelligent contract and the requester and between the secret intelligent contract and the provider; through the data key, a requester and a provider manage, authorize and delete data; the secure intelligent contract runs within a trusted computing environment, executing authorized executable code. The code running in the trusted execution environment cannot be tampered and executed in an expected mode, and a requester can be guaranteed to obtain a data operation result wanted by the requester.
Preferably, the method provides a rights management mechanism for the individual user, by which the data can only be manipulated after obtaining the authorization of the individual user. The individual user can conduct data buying and selling in an authorized mode.
Specifically, a data key is provided between an individual user and a secure intelligent contract, and through the data key, the user can manage, authorize or delete data, can decide whether to authorize the data to a third-party service by himself, and can reasonably distribute the data value for profit. The user's data is not accessible to anyone or the service or platform without authorization from the user.
According to a second aspect of one or more embodiments of the present specification, there is provided a data operation and privacy transaction platform based on a blockchain and a trusted computing network, comprising:
the execution unit is used for executing the data operation request received from the requester and outputting a data operation result;
the input and output unit is used for encrypting and transmitting data uploaded by a requester and a provider;
and the storage unit is used for storing the encrypted data.
According to a third aspect of one or more embodiments of the present specification, there is provided a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method.
Compared with the prior art, the invention has the beneficial effects that:
(1) in the whole data operation process, a requester provides a data operation request and only obtains a data operation result without touching the original data of a provider; the platform performs data operation and outputs a data operation result under a trusted execution environment on the premise of authorization of a provider, and the data operation process is real and trusted; after the data operation is completed, the provider can delete the authorized data in the data operation or encrypt and store the data, so that data leakage is avoided; according to the method, only a provider can see the statistical original data, only a requester can see the obtained data operation result, and the data operation is executed in a trusted environment, so that the privacy protection requirement in the data operation process can be met, and a real and reliable data operation result can be obtained.
(2) The invention belongs the ownership and the management right of the data to the user through the authorization mechanism, and the user can manage the data of the user, can freely decide the authority of the third-party service for using the data and can reasonably distribute the data in the profit of the data value.
Drawings
Fig. 1 is a flowchart of a data operation and privacy transaction method based on a blockchain and a trusted computing network according to an embodiment of the present invention.
Fig. 2 is a flowchart of an implementation of a data operation and privacy transaction method based on a blockchain and a trusted computing network according to an embodiment of the present invention.
Fig. 3 is a block diagram of a data operation and privacy transaction platform based on a blockchain and a trusted computing network according to an embodiment of the present invention.
Detailed Description
The technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without any inventive step, are within the scope of the present invention. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
The trusted execution environment TEE is a CPU hardware-based security extension that is completely isolated from the outside. The trusted Execution environment provides an environment isolated from the current mobile end system running environment (REE) to store the sensitive information of the user, the trusted Execution environment can directly acquire the information of the REE, and the REE cannot acquire the information of the trusted Execution environment. The trusted execution environment can transmit encrypted information with the connected device, and because the trusted execution environment does not allow a user to directly read data stored in the trusted execution environment, only a user with a specific key can acquire the decrypted data. Through the trusted execution environment, the running code can be guaranteed not to be tampered, and a real and reliable running result is obtained.
An object of the present invention is to eliminate the dependence on centralized companies providing data operation services, solve decentralized uploading and management of data under a chain based on TEE blockchain technology, enable requesters and providers of data operation to manage their own data, including deletion, downloading, etc., enable free management of the authority of third-party services to use data, and enable reasonable distribution from data value earnings.
The implementation process of an embodiment of the data operation and privacy transaction method based on the blockchain and the trusted computing network according to the present specification is described below with reference to fig. 1:
step 1, receiving a data operation request uploaded by a requester, wherein the data operation request comprises a data request and an executable code for operating the requested data.
A secret intelligent contract is written in the block chain, and unique corresponding data keys are respectively arranged between the secret intelligent contract and the requester and between the secret intelligent contract and the provider; through the data key, a requester and a provider manage, authorize and delete data; the secure intelligent contract runs within a trusted computing environment, executing authorized executable code.
The data request can be submitted to the blockchain by the client, uploaded through a secret intelligent contract running in the trusted execution environment and displayed to the provider. For example, a user logs in at a client through a corresponding account and submits a data request, the data request triggers a secure intelligent contract, and the secure intelligent contract runs, uploads and displays the data request to a provider.
The requester can also submit a verification request, trigger a confidential intelligent contract and verify the authenticity and reliability of the data operation result in the trusted execution environment; the credible execution environment proves the authenticity and reliability of the data operation result in a mode of mathematic proof or third-party proof, and the authenticity and reliability of the data operation process are ensured.
The requesting party may write the executable code needed to run the requested data itself and submit the executable code while submitting the data request through the client. And the requester writes and submits different executable codes according to different data operation requirements.
The trusted execution environment can store a plurality of data operation templates which are respectively generated by executable codes for realizing different data operation purposes; if the requester submits the data request through the client and does not submit the executable code for running the requested data, the security intelligent contract can be triggered to call the stored data operation template.
As an embodiment, a requestor may submit multiple data requests simultaneously, each data request corresponding to a different provider. That is, one requester may correspond to one provider or multiple providers. And when one requester corresponds to a plurality of providers, the trusted execution environment calls the data of the plurality of providers to perform joint calculation to obtain a final data operation result. Multiple providers do not share data with each other, and the data of each provider remains private.
For example, if a requester needs data of a provider a, a provider B, a provider C and a provider D for data operation, the requester first submits a data request and executable codes for executing the requested data, the provider a, the provider B, the provider C and the provider D respectively audit the data request and return audit results, if the provider a, the provider B, the provider C and the provider D all authorize the data request to be used, a secret intelligent contract is triggered, the data of the provider a, the provider B, the provider C and the provider D are called and executed in a trusted execution environment, and the data of the provider a, the provider B, the provider C and the provider D are jointly calculated to obtain a final data operation result. Data is not shared among the provider A, the provider B, the provider C and the provider D, and the privacy of the respective data is still kept.
Further, if the provider A, the provider B and the provider D all authorize the use of the data request, and the provider C does not authorize the use of the data request, the auditing results of the provider A, the provider B and the provider D trigger a secret intelligent contract, the data of the provider A, the provider B and the provider D are called, the executable codes are executed in a trusted execution environment, and the data of the provider A, the provider B and the provider D are subjected to joint calculation to obtain a final data operation result. And the audit result returned by the provider C does not trigger the running of the confidential intelligent contract, and the confidential intelligent contract does not call the data of the provider C.
The multiple data requests submitted by the requester can also be multiple different data of the same provider, and after the authorization of the provider is obtained, the secret intelligent contract can be triggered, the multiple authorized data can be called to perform combined calculation, and a final data operation result can be obtained.
And 2, receiving returned information uploaded by a provider and used for auditing the data request.
And the provider submits an audit result through the client. For example, a provider logs in at a client through a corresponding account and submits an audit result, the audit result triggers a secure intelligent contract, and the secure intelligent contract executes to call provider data to perform operation or does not execute call and operation in a trusted execution environment.
The provider audits the data request uploaded by the requestor to determine whether use of the data request is authorized. If the use of the data request is authorized, then information is returned granting authorization, e.g., "YES" is returned. If the data request is deemed to be non-compliant and not authorized after the audit, information is returned that does not agree to authorization, e.g., "NO".
For example, for a takeout platform, an owner of the platform owns all data of a personal user, a merchant and the like, if a requester wants to use certain type of data of the takeout platform for data operation, the requester submits a data request, the platform owner audits the data request submitted by the requester, whether the data request is in compliance is judged, if the data request is in compliance, YES is returned, a returned YES signal triggers a secret intelligent contract, the secret intelligent contract calls the data of the takeout platform and operates in a trusted execution environment, and a data operation result aiming at the data of the takeout platform is obtained; if not, a "NO" is returned, and the returned "NO" signal does not trigger the secure intelligent contract. For the case of returning "YES", the requester will only obtain the final data operation result, and will not touch the original data of the takeaway platform.
And 3, if the returned information display provider authorizes the data request, calling data corresponding to the data request and executing the executable code.
Triggering a secret intelligent contract by an audit result returned by a provider, if YES is returned, triggering the secret intelligent contract to call data of the provider, operating a data request code provided by a requester in an executable environment, and finally outputting a data operation result; if "NO" is returned, the secure intelligent contract is not triggered. And only after receiving the authorization permission uploaded by the provider, triggering the secret intelligent contract to call the data of the provider and operating under the trusted execution environment. ,
and 4, outputting a data operation result.
The data operation result is encrypted and then sent to the requesting party, but the decrypting key is not released to the requesting party; and after the requester successfully pays according to the requirement of the provider, triggering the secret intelligent contract to release the decryption key to the requester, and completing the transaction process of data operation.
After obtaining the data operation result, the requester can submit a verification request, wherein the verification request triggers a secret intelligent contract to verify the authenticity and reliability of the data operation result in a trusted execution environment; the trusted execution environment proves the authenticity and reliability of the data operation result in a mode of mathematic proof or third-party proof.
The data calculation process needs a large amount of data and many data types, and most expected providers are providers with large data reserves, such as banks and large application platforms. For a provider with large data storage, a unique corresponding data key is arranged between the provider and a secret intelligent contract, the provider can manage, authorize and delete data through the data key, all data are only visible to the provider, and the purposes of data ownership and management right attribution to users are achieved. It is not possible for anyone or service other than the provider to reach the original data of the provider.
Because each analysis request is logged on the chain, the transaction amount of each data analysis is clearly visible, so the profit of the following new data operation task can be reasonably distributed to the provider, and the provider can obtain reasonable distribution from the profit of the data value.
For individual users, their own personal data may be transacted through a rights management mechanism. The data key is possessed between the individual user and the secret intelligent contract, and through the data key, the user can manage, authorize or delete data, can decide whether to authorize the data to be used by a third party service or not, and can obtain reasonable distribution from data value profit. For example, if a requester wants to purchase data of an individual user, the requester must be authorized by the individual user to trigger the smart contract to run in a trusted execution environment to complete the sale of the data. When the authorization of the individual user is not obtained, the personal data of the user cannot be sold, and the privacy is still kept.
The implementation process of an embodiment of the data operation and privacy transaction method based on the blockchain and the trusted computing network, which relates to the client and the web3 data platform, is described below with reference to fig. 2.
And the data provider uploads the encrypted log through the client. For example, the third party application owner, the third party gaming service owner, uploads the encryption log through the client. The client is provided with a data control module for managing data and authorization, and a user can log in a web3 data platform through the data control module to delete and download data in the privacy database.
And the data requester uploads a data operation request through a client, and after the data operation request is authorized by the provider, the secret intelligent contract calls the provider data to run the data operation code in the trusted execution environment and returns a data operation result to the requester. The requester manages data and authorization through the data control module, and the web3 data platform can call the authorization data of the user only after obtaining the authorization of the user.
The web3 data platform includes a privacy database, a privacy intelligence contract, and a tool module. The privacy database stores encrypted data of the user and an operation log of the confidential intelligent contract. The secure intelligent contract comprises access control and trusted computing, wherein the access control receives an access request uploaded by a user, a developer or a commercial service provider and controls authorization; after the access request of the data requester is authorized, performing trusted calculation on the submitted data calculation task authorized by the provider and returning a calculation result; after the access request of a developer is authorized, displaying the summary result after data operation through a display board; after the access request uploaded by the commerce service provider is authorized, a trade transaction of the user data is performed. The tool module is used for meeting the later development requirements of developers and meeting the data trading requirements of commercial service providers.
An embodiment of a data operation and privacy transaction platform based on a blockchain and a trusted computing network according to the present specification is described below with reference to fig. 3, including:
the execution unit is used for executing the data operation request received from the requester and outputting a data operation result;
the input and output unit is used for encrypting and transmitting data uploaded by a requester and a provider;
and the storage unit is used for storing the encrypted data.
Those skilled in the art will appreciate that many of the method flow improvements can now be seen as straightforward improvements in hardware circuit architecture. Generally, the skilled person will obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit, i.e. the improvement of the method flow may be implemented by hardware physical modules. For example, integrated circuits such as Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), etc., have logic functions determined by user programming of the device. A digital system is integrated on a PLD by self-programming by a technician without the need to design and fabricate specialized integrated circuit chips. Those skilled in the art will also appreciate that the hardware circuitry of the logical method flows can be implemented by logically programming the method flows through a hardware description language and into an integrated circuit.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method.
The processor may be implemented in any suitable manner, for example, the processor may take the form of, for example, a microprocessor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the microprocessor, logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: intel E-2274G, Intel i7-1060G7, Intel i5-1035G4, Intel M5-6Y54, AMD Epyc 7251, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing a processor as pure computer readable program code, the same functions may be implemented entirely by logically programming method steps such that the processor is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a processor may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The platform, device, module or unit illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, platforms (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the description herein, references to the description of the terms "one embodiment," "certain embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention.
Claims (10)
1. A data operation and privacy transaction method based on a block chain and a trusted computing network is characterized by comprising the following steps:
receiving a data operation request uploaded by a requester, wherein the data operation request comprises a data request and executable codes for operating the requested data;
receiving return information uploaded by a provider and used for auditing the data request;
if the returned information display provider authorizes the data request, calling data corresponding to the data request and executing the executable code;
and outputting a data operation result.
2. The blockchain and trusted computing network based data computing and privacy transaction method of claim 1, wherein the transaction request includes a plurality of data requests, and the plurality of data requests respectively correspond to different providers.
3. The blockchain and trusted computing network based data operation and privacy transaction method according to claim 1, wherein the transaction request includes a plurality of data requests, and the plurality of data requests respectively correspond to different data of a provider.
4. The blockchain and trusted computing network based data computing and privacy transaction method of claim 1, wherein the executable code is not executed if the returned information indicates that the data request is not authorized by the provider.
5. The blockchain and trusted computing network based data operation and privacy transaction method of claim 1, wherein the data operation result is encrypted and then sent to the requesting party without releasing a decryption key to the requesting party; and releasing the decryption key for the requester after the payment of the requester is successful.
6. The blockchain and trusted computing network based data operation and privacy transaction method according to claim 1, wherein data uploading of the requester and the provider is end-to-end encryption, and the uploaded data is stored after being encrypted.
7. The method for data operation and privacy transaction based on blockchain and trusted computing network of claim 1, wherein a secret intelligent contract is written on the blockchain, and the secret intelligent contract has a unique corresponding data key with a requester and a provider respectively; through the data key, a requester and a provider manage, authorize and delete data; the secure intelligent contract runs within a trusted computing environment, executing authorized executable code.
8. The blockchain and trusted computing network based data manipulation and privacy transaction method of claim 1, wherein the method provides an authority management mechanism for individual users, by which data of an individual user can be manipulated only after obtaining authorization thereof.
9. Data operation and privacy transaction platform based on block chain and trusted computing network, its characterized in that includes:
the execution unit is used for executing the data operation request received from the requester and outputting a data operation result;
the input and output unit is used for encrypting and transmitting data uploaded by a requester and a provider;
and the storage unit is used for storing the encrypted data.
10. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010407066.8A CN111709029A (en) | 2020-05-14 | 2020-05-14 | Data operation and privacy transaction method based on block chain and trusted computing network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010407066.8A CN111709029A (en) | 2020-05-14 | 2020-05-14 | Data operation and privacy transaction method based on block chain and trusted computing network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111709029A true CN111709029A (en) | 2020-09-25 |
Family
ID=72536992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010407066.8A Pending CN111709029A (en) | 2020-05-14 | 2020-05-14 | Data operation and privacy transaction method based on block chain and trusted computing network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111709029A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113077342A (en) * | 2021-04-06 | 2021-07-06 | 立旃(上海)科技有限公司 | Method and device for cross-border data use based on block chain |
| CN114036559A (en) * | 2021-11-16 | 2022-02-11 | 北京冲量在线科技有限公司 | Trusted Platform Control Module (TPCM) and heterogeneous trusted execution environment-based trusted privacy computing system |
| CN114189392A (en) * | 2022-02-15 | 2022-03-15 | 中电云数智科技有限公司 | Data privacy processing method and device based on executable environment |
| CN114398653A (en) * | 2022-01-13 | 2022-04-26 | 百度在线网络技术(北京)有限公司 | Data processing method, device, electronic equipment and medium |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| CN117010004A (en) * | 2023-10-08 | 2023-11-07 | 做实事科技服务(北京)有限公司 | Block chain-based intelligent processing method and device for customer investment data interaction |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829013A (en) * | 2018-12-27 | 2019-05-31 | 上海点融信息科技有限责任公司 | For running the method for intelligent contract in block chain network, storage medium, calculating equipment |
| CN110008736A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and node, storage medium of secret protection are realized in block chain |
| CN110020855A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, the node, storage medium of secret protection are realized in block chain |
| CN110457875A (en) * | 2019-07-31 | 2019-11-15 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN110473094A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN110473096A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on intelligent contract |
-
2020
- 2020-05-14 CN CN202010407066.8A patent/CN111709029A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829013A (en) * | 2018-12-27 | 2019-05-31 | 上海点融信息科技有限责任公司 | For running the method for intelligent contract in block chain network, storage medium, calculating equipment |
| CN110008736A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and node, storage medium of secret protection are realized in block chain |
| CN110020855A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, the node, storage medium of secret protection are realized in block chain |
| CN110457875A (en) * | 2019-07-31 | 2019-11-15 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN110473094A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on block chain |
| CN110473096A (en) * | 2019-07-31 | 2019-11-19 | 阿里巴巴集团控股有限公司 | Data grant method and device based on intelligent contract |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113077342A (en) * | 2021-04-06 | 2021-07-06 | 立旃(上海)科技有限公司 | Method and device for cross-border data use based on block chain |
| CN113077342B (en) * | 2021-04-06 | 2023-01-20 | 立旃(上海)科技有限公司 | Method and device for cross-border data use based on block chain |
| CN114036559A (en) * | 2021-11-16 | 2022-02-11 | 北京冲量在线科技有限公司 | Trusted Platform Control Module (TPCM) and heterogeneous trusted execution environment-based trusted privacy computing system |
| CN114036559B (en) * | 2021-11-16 | 2022-11-04 | 北京冲量在线科技有限公司 | Trusted Platform Control Module (TPCM) and heterogeneous trusted execution environment-based trusted privacy computing system |
| CN114398653A (en) * | 2022-01-13 | 2022-04-26 | 百度在线网络技术(北京)有限公司 | Data processing method, device, electronic equipment and medium |
| CN114398653B (en) * | 2022-01-13 | 2022-11-08 | 百度在线网络技术(北京)有限公司 | Data processing method, device, electronic equipment and medium |
| CN114189392A (en) * | 2022-02-15 | 2022-03-15 | 中电云数智科技有限公司 | Data privacy processing method and device based on executable environment |
| CN114189392B (en) * | 2022-02-15 | 2022-05-20 | 中电云数智科技有限公司 | Data privacy processing method and device based on executable environment |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| CN115085983B (en) * | 2022-06-02 | 2024-03-12 | 度小满科技(北京)有限公司 | Data processing method, data processing device, computer readable storage medium and electronic equipment |
| CN117010004A (en) * | 2023-10-08 | 2023-11-07 | 做实事科技服务(北京)有限公司 | Block chain-based intelligent processing method and device for customer investment data interaction |
| CN117010004B (en) * | 2023-10-08 | 2023-12-15 | 做实事科技服务(北京)有限公司 | Block chain-based intelligent processing method and device for customer investment data interaction |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6873270B2 (en) | Handling of transaction activities based on smart contracts in the blockchain Caution Methods and devices for protecting data | |
| US20200058023A1 (en) | Decentralized Data Marketplace | |
| CN111709029A (en) | Data operation and privacy transaction method based on block chain and trusted computing network | |
| CN111741036B (en) | Trusted data transmission method, device and equipment | |
| KR102008885B1 (en) | Data custodian and curation system | |
| KR20210041540A (en) | System and method for secure electronic transaction platform | |
| US20170213210A1 (en) | Asset transfers using a multi-tenant transaction database | |
| CN111931238B (en) | Block chain-based data asset transfer method, device and equipment | |
| CN110597832A (en) | Government affair information processing method and device based on block chain network, electronic equipment and storage medium | |
| US11521276B2 (en) | Decentralized computing with auditability and taxability | |
| CN110580245B (en) | Private data sharing method and device | |
| US11308234B1 (en) | Methods for protecting data | |
| Jaikaran | Blockchain: Background and policy issues | |
| US20190238319A1 (en) | Rights management of content | |
| CN110580411B (en) | Permission query configuration method and device based on intelligent contract | |
| CN110580412A (en) | Permission query configuration method and device based on chain codes | |
| CN111475850A (en) | Private data query method and device based on intelligent contract | |
| WO2022156594A1 (en) | Federated model training method and apparatus, electronic device, computer program product, and computer-readable storage medium | |
| CN115033919A (en) | Data acquisition method, device and equipment based on trusted equipment | |
| JP2023535013A (en) | Quantum secure payment system | |
| US20230360042A1 (en) | Method, system, and computer-readable medium for secured multi-lateral data exchange over a computer network | |
| US20240062301A1 (en) | Secure and trustworthy computing environments for exchanges | |
| CN110766548A (en) | Block chain based information processing method and device, storage medium and electronic equipment | |
| Fotiou et al. | A privacy-preserving statistics marketplace using local differential privacy and blockchain: An application to smart-grid measurements sharing | |
| CN114514550A (en) | Partitioning requests into blockchains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |