Disclosure of Invention
The purpose of the present disclosure is to provide a distributed management system for data ownership based on a block chain, so as to solve the problem of errors in the distributed management of data ownership in the related art.
In order to achieve the above object, an embodiment of the present disclosure provides a distributed management system for data ownership based on a block chain, where the system includes: the device comprises a writing module, a generating module, a configuration module and a management module;
the write-in module is used for acquiring target data of a target block chain node, writing the target data of the target block chain node into a contract database, and generating a data pointer identifier of the target data according to a time point and a write-in duration of the target data;
the generation module is used for acquiring an encryption configuration information set of the target block chain node from an affiliated metadata base of the target block chain node according to the affiliated relationship information of the target block chain node in a block chain network, and generating a hash value of configuration information of the target block chain node in an access node according to the relative trust between the target block chain node and a plurality of block chain nodes in the encryption configuration information set, wherein the encryption configuration information set is obtained according to the number of the block chain nodes and the relative trust between the block chain nodes;
the dividing module is configured to divide the target data written in the contract database into a target number of data segments, where the number of the target number is consistent with the number of participant block link points in the encryption configuration information set, where the relative confidence level is greater than a preset threshold, the length of each data segment is positively correlated with the relative confidence level between the target block link point and the participant block link point in the encryption configuration information set, and an ownership secret key segment corresponding to each data segment is generated according to the length of each data segment, the hash value of the configuration information of the target block link node in the access node, and the relative confidence level between the target block link point and the participant block link point in the encryption configuration information set;
the management module is configured to perform data packing on each data segment and the data pointer identifier of the target data, perform data encryption on each data segment after data packing according to the ownership key segment corresponding to each data segment and configuration information of the participant block link point in the access node corresponding to the participant block link point in the encryption configuration information set, and when data encryption of the data segment is completed, write the data segment after data encryption into the participant block link point in the encryption configuration information set according to a functional interface address of the participant block link point in the encryption configuration information set, and generate ownership configuration information of the target data according to a functional interface address of each participant block link node, each key segment, and configuration information of the target block link node in the access node when writing the data segment after data encryption into the participant block link point in the encryption configuration information set is successful, where the ownership configuration information of the target data is used as the ownership configuration information for verifying that the target block is changed according to the target block.
Preferably, the relative trust level is determined according to a correlation between data traffic types of the blockchain nodes, and accordingly, the generating a hash value of the configuration information of the target blockchain node at the target node according to the relative trust level between the target blockchain node and the plurality of blockchain nodes in the encryption configuration information set includes:
determining the data service type of the target data of the block link node to obtain the target data service type;
performing probe matching on the target data service type according to the matching degree of the target data service type and probes of a plurality of preset core services to obtain a plurality of probe matching degrees consistent with the number of the plurality of preset core services, wherein each preset core service is determined according to the core service voting number of each block chain node in the block chain network;
determining a data service matching value of each probe matching degree and each block chain node according to each probe matching degree and digital signature data corresponding to a plurality of block chain nodes in the encrypted configuration information set;
and taking the data service matching value with the maximum matching value in each block chain node as the relative trust between the block chain node and the target block chain node, and generating a hash value of the configuration information of the target block chain node at the target node according to the digital signature information of the target block chain node at the target node and each relative trust.
Preferably, the metadata database is established by the following method:
taking any block chain node as an initial block chain node, taking the initial block chain node as a starting point, and sending handshake data to each block chain node connected with the initial block node;
acquiring node identification information of the block chain node aiming at the block chain node successfully handshaking with the initial block chain node, and judging whether the node identification information of the block chain node comprises a target node identification created based on the handshaking data sent by the initial block chain node and a virtual node identification created by a sequence number corresponding to the initial block chain node;
and under the condition that the node identification information of the block chain node comprises a target node identification created based on the handshake data sent by the initial block chain node and a virtual node identification created relative to the sequence number of the initial block chain node, determining that the block chain node and the initial block chain node belong to the same metadata database.
Optionally, the number of the metadata bases is multiple, and in a case where the first block chain node is the initial block chain node, it is determined that the second block chain link point and the first block chain node do not belong to the same metadata base, and it is determined whether the first block chain link point and the second block chain link point belong to another metadata base without affecting the case where the second block chain node is the initial block chain node.
Preferably, the system further comprises: a monitoring operation module to:
under the condition of generating ownership configuration information of the target data, broadcasting hash values of the configuration information of the target block chain nodes in the access nodes to block chain nodes in the block chain network, so that each block chain node in the block chain network takes the hash values as calculated feedback hash values;
receiving the feedback hash value sent by each blockchain node, performing consistency verification on the ownership configuration information based on the hash value and the feedback hash value, determining that the consistency verification is passed when determining that the proportion value of the number of the feedback hash values which are the same as the hash value to the total amount of all the feedback hash values is greater than the number of the data segments, and determining that the consistency verification is not passed when determining that the proportion value of the number of the feedback hash values which are the same as the hash value to the total amount of all the feedback hash values is less than or equal to the number of the data segments;
if the consistency verification passes, determining that ownership configuration information of the target block link point for the target data is valid;
and under the condition that the consistency verification is not passed, adding verification time point information to the target data of the target block chain node, and writing the target data added with the verification time point information into the contract database as new target data.
Through the technical scheme, the following technical effects can be at least achieved:
the target data is divided into a target number of data segments, each data segment is encrypted through a corresponding ownership key segment and is stored in a corresponding participant block chain node, and ownership configuration information of the target data is generated according to a function interface address of each participant block chain node, each ownership key segment and configuration information of the target block chain node in an access node, so that the safety of distributed management of the ownership of the data can be improved on the basis of ensuring the accuracy of distributed management of the ownership of the data.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Detailed Description
The following detailed description of the embodiments of the disclosure refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
In view of the fact that the embodiment of the present invention provides a distributed management system for data ownership based on block chain, fig. 1 is a block diagram illustrating a distributed management system for data ownership based on block chain of the system according to an example, where the distributed management system 100 for data ownership based on block chain includes: a writing module 110, a generating module 120, a configuration module 130, and a management module 140;
the write-in module 110 is configured to obtain target data of a target block chain node, write the target data of the target block chain node into a contract database, and generate a data pointer identifier of the target data according to a time point and a write-in duration of writing the target data;
the generating module 120 is configured to obtain an encryption configuration information set of the target blockchain node from an attribute database of the target blockchain node according to attribute relationship information of the target blockchain node in a blockchain network, and generate a hash value of configuration information of the target blockchain node in an access node according to a relative trust level between the target blockchain node and a plurality of blockchain nodes in the encryption configuration information set, where the encryption configuration information set is obtained according to the number of blockchain nodes and a relative trust level between blockchain nodes;
the dividing module 130 is configured to divide the target data written in the contract database into a target number of data segments, where the number of the target number is consistent with the number of participant block link points in the encryption configuration information set, where the relative confidence level is greater than a preset threshold, a length of each data segment is positively correlated with the relative confidence level between the target block link point and the participant block link point in the encryption configuration information set, and generate an ownership secret key segment corresponding to each data segment according to the length of each data segment, a hash value of configuration information of the target block link node in the access node, and the relative confidence level between the target block link point and the participant block link point in the encryption configuration information set;
the management module 140 is configured to perform data packaging on each data segment and the data pointer identifier of the target data, perform data encryption on each data segment after data packaging according to the ownership key segment corresponding to each data segment and the configuration information of the participant block link point in the access node corresponding to the participant block link point in the encryption configuration information set, and, when data encryption on the data segment is completed, write the data segment after data encryption into the participant block link point in the encryption configuration information set according to the functional interface address of the participant block link point in the encryption configuration information set, and, when the data segment after data encryption is successfully written into the participant block link point in the encryption configuration information set, generate the configuration information of ownership of the target data according to the functional interface address of each participant block link node, each secret key segment, and the configuration information of the target block link node in the access node, where the ownership configuration information of the target data is used as the ownership configuration information of the target block for changing the ownership of the data segment according to the ownership key segment.
In this way, the target data is divided into a target number of data segments, each data segment is encrypted by the corresponding ownership key segment and is stored in the corresponding participant block chain node, and the ownership configuration information of the target data is generated according to the functional interface address of each participant block chain node, each ownership key segment and the configuration information of the target block chain node in the access node, so that the security of distributed management of the ownership of the data can be improved on the basis of ensuring the accuracy of distributed management of the ownership of the data.
Preferably, the relative trust level is determined according to a correlation degree between data traffic types of the blockchain nodes, accordingly, fig. 2 is a flowchart illustrating an exemplary process of generating the hash value of the configuration information of the target blockchain node at the target node, as shown in fig. 2, the generating the hash value of the configuration information of the target blockchain node at the target node according to the relative trust level between the target blockchain node and the plurality of blockchain nodes in the encryption configuration information set includes the following steps:
in step S201, determining a data service type of the target data of the block chain node to obtain a target data service type;
in step S202, performing probe matching on the target data service type according to the matching degree between the target data service type and probes of a plurality of preset core services, to obtain a plurality of probe matching degrees consistent with the number of the plurality of preset core services, where each preset core service is determined according to the core service vote number of each block chain node in the block chain network;
in step S203, determining a data service matching value between each probe matching degree and each block link node according to each probe matching degree and digital signature data corresponding to a plurality of block link points in the encrypted configuration information set;
in step S204, the data service matching value with the maximum matching value in each block chain node is used as the relative trust between the block chain node and the target block chain node, and a hash value of the configuration information of the target block chain node at the target node is generated according to the digital signature information of the target block chain node at the target node and each relative trust.
Preferably, fig. 3 is a flow chart illustrating the creation of the affiliated metadata database according to an exemplary embodiment, and as shown in fig. 3, the affiliated metadata database is created as follows:
in step S301, taking any block chain node as an initial block chain node, and taking the initial block chain node as a starting point, sending handshake data to each block chain node connected to the initial block node;
in step S302, node identification information of the blockchain node is obtained for a blockchain node that has successfully performed handshake with the initial blockchain node, and it is determined whether the node identification information of the blockchain node includes a target node identification created based on the handshake data sent by the initial blockchain node and a virtual node identification created by a sequence number corresponding to the initial blockchain node;
in step S303, when the node identification information of the block chain node includes a target node identification created based on the handshake data sent by the initial block chain node and a virtual node identification created with respect to the sequence number of the initial block chain node, it is determined that the block chain link and the initial block chain node belong to the same metadata database.
In step S304, in a case where the node identification information of the block chain node does not include a target node identification created based on the handshake data sent by the initial block chain node or does not include a virtual node identification created with respect to the order number of the initial block chain node, it is determined that the block chain node and the initial block chain node do not belong to the same belonging metadata library.
Optionally, the number of the metadata bases is multiple, and in a case where the first block chain node is the initial block chain node, it is determined that the second block chain link point and the first block chain node do not belong to the same metadata base, and it is determined whether the first block chain link point and the second block chain link point belong to another metadata base without affecting the case where the second block chain node is the initial block chain node.
It should be noted that whether two blockchain nodes belong to the same metadata library needs to be determined by using each of the two blockchain nodes as an initial blockchain node. For example, in the case where the a block chain node is used as the initial block chain node, it is determined that the B block chain link point and the a block chain node do not belong to the same belonging metadata library, and it is determined whether the a block chain link point and the B block chain link point belong to the same belonging metadata library without affecting the case where the B block chain node is used as the initial block chain node.
Illustratively, in a case where an a block chain node is used as an initial block chain node, handshake data is transmitted to each block chain node connected to the a block chain node, using the a block chain node as a starting point, and in a case where node identification information of a B block chain node does not include a target node identification created based on the handshake data transmitted by the a block chain node or a virtual node identification created with respect to a sequence number of the a block chain node, it is determined that the B block chain node and the a block chain node do not belong to the same belonging metadata repository a.
However, when the B block chain node is used as the initial block chain node, the B block chain node is used as the starting point, and the handshake data is transmitted to each block chain link point connected to the B block chain link point, and when the node identification information of the a block chain node includes the target node identification created based on the handshake data transmitted by the B block chain node and the virtual node identification created with respect to the sequence number of the B block chain node, it may be determined that the a block chain link point and the B block chain link point belong to the same belonging metadata base B.
It is understood that the metadata database a and the metadata database b are two different metadata databases. That is, the composition of the belonging metadata base is related to the block link point as the initial block node.
By adopting the technical scheme, whether the block chain link points in the block chain network run target node marks created based on handshake data sent by the initial block chain nodes and virtual node marks created corresponding to the sequence number of the initial block chain nodes can be determined, the authentication accuracy among the block chain link points can be improved, and the accuracy of distributed management of the ownership of data is further improved.
Preferably, fig. 4 is a block diagram illustrating another distributed management system for data ownership based on block chains in the system according to an example, and referring to fig. 4, the system 100 further includes: a monitoring operation module 150 configured to:
under the condition that ownership configuration information of the target data is generated, broadcasting hash values of the configuration information of the target block chain nodes in the access nodes to the block chain nodes in the block chain network, so that each block chain node in the block chain network takes the hash value as a calculated feedback hash value;
receiving the feedback hash value sent by each blockchain node, performing consistency verification on the ownership configuration information based on the hash value and the feedback hash value, determining that the consistency verification is passed when determining that the proportion value of the number of the feedback hash values which are the same as the hash value to the total amount of all the feedback hash values is greater than the number of the data segments, and determining that the consistency verification is not passed when determining that the proportion value of the number of the feedback hash values which are the same as the hash value to the total amount of all the feedback hash values is less than or equal to the number of the data segments;
determining that ownership configuration information of the target block link point for the target data is valid if the consistency verification passes;
and under the condition that the consistency verification is not passed, adding verification time point information to the target data of the target block chain node, and writing the target data added with the verification time point information into the contract database as new target data.
By adopting the technical scheme, whether ownership of the target block chain node is approved by other block chain nodes can be determined through consistency verification, and the validity of the data ownership of the target block chain node is further ensured. And in the case that the validity is invalid, the step of generating the data ownership is carried out again.
Moreover, it should be noted that, for convenience and brevity of description, all the embodiments described in the specification belong to the preferred embodiments, and the related parts are not necessarily essential to the present invention, for example, the first parameter determining module and the second parameter determining module may be the same executing module to execute the steps of the method in the specific implementation, and the disclosure is not limited thereto.
The preferred embodiments of the present disclosure are described in detail above with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details in the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.