CN113360458B - Distributed file storage sharing system based on alliance chain - Google Patents

Distributed file storage sharing system based on alliance chain Download PDF

Info

Publication number
CN113360458B
CN113360458B CN202110627869.9A CN202110627869A CN113360458B CN 113360458 B CN113360458 B CN 113360458B CN 202110627869 A CN202110627869 A CN 202110627869A CN 113360458 B CN113360458 B CN 113360458B
Authority
CN
China
Prior art keywords
file
alliance
module
node
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110627869.9A
Other languages
Chinese (zh)
Other versions
CN113360458A (en
Inventor
彭绍亮
刘浩
崔永辉
徐旸
肖霞
张兴龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN202110627869.9A priority Critical patent/CN113360458B/en
Publication of CN113360458A publication Critical patent/CN113360458A/en
Application granted granted Critical
Publication of CN113360458B publication Critical patent/CN113360458B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to the field of computer science, and discloses a distributed file storage sharing system based on a alliance chain. The invention realizes the distributed storage, file retrieval and file authorization of the alliance files with identity access through the alliance chain data interface module, the alliance file storage module, the alliance identity authentication module, the alliance authority control module and the node Web service module, and ensures the safe sharing of the files among alliance organizations. The invention provides an inter-alliance file distributed storage sharing solution with an identity authentication mechanism for overcoming the defects of the existing blockchain file sharing technology system, and provides development practice for solving the problem of data island by opening a data barrier for inter-alliance data sharing.

Description

Distributed file storage sharing system based on alliance chain
Technical Field
The invention relates to a distributed file storage sharing system based on a alliance chain, belonging to the field of computer science.
Background
Since the publication of bitcon white paper in 2008, blockchains have evolved as a way for decentralised, untrusted peer organizations to securely store and transfer trusted data. Prior to the advent of distributed ledger technology, data sharing was typically implemented through data systems. Large organizations, particularly government departments and large financial institutions, can build organization-level data warehouses or large data systems, etc., to implement centralized collection, processing, storage and application of data within an organization. However, if there are a plurality of organizations, especially organizations with peer-to-peer relationships, there are very few cases where data sharing is achieved by building a unified data-concentration system, because no participant is willing to actively share data.
The new data sharing mode based on the blockchain technology can effectively solve a plurality of problems of data sharing among peer-to-peer mechanisms through mechanisms such as distributed account book, data privacy security, data accurate right, intelligent contract incentive and the like.
Blockchain systems can be largely categorized into public chains and federated chains, depending on whether there is admission control. Distributed file systems built on public chains are also typically distributed file systems without admission control, many of which are known as IPFS, swarm, storj, etc. On the one hand, public chain systems without admission control are difficult to supervise, so these systems do not substantially lift any wave in the domestic market. On the other hand, in today's big data age, the value of data tends to be much greater than the value of the physical devices storing the data, and such modes of operation where these systems only consider selling storage space are simply not of focus.
While distributed storage systems based on federated chains are less productive, one major reason is that some existing distributed storage systems cannot be used directly because the storage system wants to implement a compatible authentication mechanism with the blockchain. The distributed storage system combined with the alliance chain has higher association degree because the identity authentication systems of the two systems are compatible, and an integral implementation scheme needs to be provided instead of simply splicing the public chain and the distributed file system as in the case of a file storage system based on the public chain.
Disclosure of Invention
Aiming at the problem of data storage sharing among the existing alliance organizations, the invention develops a distributed storage system based on an alliance chain, introduces an identity authentication mechanism compatible with a blockchain in a storage node, and develops a set of file retrieval, application and authorization services.
A distributed file storage sharing system based on a alliance chain comprises an alliance chain data interface module, an alliance file storage module, an alliance identity authentication module, an alliance authority control module, an alliance file retrieval module and a node web service module.
The alliance chain data interface module provides a trusted metadata storage access service for constructing a file storage sharing system among alliances; the alliance chain data interface module is realized through a blockchain intelligent contract, interfaces for providing metadata of some operation files in the intelligent contract, and alliance members update and inquire metadata information corresponding to a certain file by calling the intelligent, wherein the metadata provides data basis for the alliance file storage module and the alliance authority control module; since these file metadata obtained from the federation chain are signed by federation members and stored in a distributed ledger form, these data are trusted, providing a trusted basis for rights control.
The alliance file storage module is used for storing files of the organization in the alliance, and simultaneously storing file pieces of other organizations in the alliance and files downloaded from other organizations; each alliance member is provided with an alliance file storage module, and users of the alliance organization log in a file storage node and then operate files in the storage node; from the system perspective, each file storage node is peer-to-peer in nature, i.e., the storage node of the organization can access the file storage nodes of other organizations, and download file pieces stored on the other organizations; the file slices stored on the organization can be accessed by the storage nodes of other organizations in a peer-to-peer manner, wherein whether other organizations are authorized to access the file slices needs to pass through the alliance identity authentication module and the alliance authority control module.
The alliance identity authentication module is used for realizing the identity access of the storage node, and only the node passing the identity authentication can be added into the file system; the alliance identity authentication module comprises an identity issuer and an identity verifier, wherein the identity issuer can issue identity certificates to nodes and users, and the identity verifier can verify the correctness of the certificates issued by the identity issuer.
The alliance authority control module is used for verifying whether an organization has authority to access a certain file or not, and simultaneously, the alliance authority control module can authorize the authority of the organization to access the certain file; the alliance authority control module consists of two parts: rights granter, rights verifier; the rights granter is a component on the file storage node, and needs to grant access rights of self-organizing files to other organizations with the identity of a certain organization, and the grant rights are used for notifying that the files can be accessed by a certain node in a alliance chain; the rights verifier is also a component in the file storage node that verifies, by accessing the blockchain, whether a visitor requesting a piece of a file corresponding to the file has rights to access the file.
The alliance file retrieval module is used for enabling alliance members to find files of other alliance members needed by the alliance members; the alliance file retrieval module is divided into a file feature generation component and a feature-based file retrieval component; the file feature generation needs to be uploaded in the picture file, namely the global feature of the image is extracted through an all-pass image feature extraction algorithm, and then the feature is stored as metadata on a alliance chain; the file retrieval component can obtain the entire file metadata record by matching features on the federation chain to the file of interest to further request authorization to obtain the file.
The node Web service module is used for providing a user operation interface of a file system for users of alliance organization members; the user can access the module by using a browser, and the module provides user login, file uploading and downloading, file searching, file request authorization and authorization service for the user based on five modules of a alliance chain data interface module, an alliance file storage module, an alliance identity authentication module, an alliance authority control module and an alliance file searching module; in order to facilitate users to use the system and promote data security sharing, the node Web service module provides a set of searching, application authorization and authorization service flows, so that alliance members can find files of interest and then propose file use applications to file owners; after receiving the file use application, the alliance member file node can manually click to determine that the corresponding file is authorized to the application organization, and the application organization can download the file after obtaining the authorization.
The invention provides a distributed storage sharing solution for files among alliances with an identity authentication mechanism, and actually develops the feasibility of the system proving scheme, thereby providing development practice for data sharing among alliances, opening up data barriers and solving the problem of data island.
Drawings
FIG. 1 is a diagram of an overall architecture of a distributed file storage sharing system based on a federated chain in accordance with an embodiment of the present invention;
FIG. 2 is a flow chart of a federated identity authentication module in accordance with an embodiment of the present invention;
FIG. 3 is a flow chart of file storage by a member of a federation in accordance with an embodiment of the present invention;
FIG. 4 is a flow chart of file authorization and downloading by a member of the federation in accordance with an embodiment of the present invention.
Detailed Description
The invention will be described in further detail with reference to the drawings and the specific examples.
The distributed file storage sharing system based on the alliance chain is a point-to-point structured distributed storage system and is used for solving the problem of file sharing among organizations, and the overall framework of the distributed file storage sharing system is shown in figure 1. Where "organization" refers to a physical organization entity such as an enterprise, government, etc. "federation" refers to a group of organizational entities jointly established. A "blockchain" is a type of blockchain that only allows organizations in the federation to access and modify this blockchain.
An organization in the federation maintains a federation chain and a distributed file storage sharing system based on the federation chain together, each federation member needs to deploy its own blockchain file storage node, and since each file storage node is a peer-to-peer relationship, which is referred to as a "peer file node" in the figure, the peer file nodes of each organization jointly form the distributed file storage sharing system (hereinafter referred to as a "system") based on the federation chain. Each peer-to-peer file node is provided with a alliance chain data interface module, an alliance file storage module, an alliance identity authentication module, an alliance authority control module, an alliance file retrieval module and a node Web service module. In addition, each organization needs to deploy a CA node for issuing a digital certificate, and the identity of the certificate identification is the basis of the authentication identity of other organizations.
The federated identity authentication module implementation architecture is shown in FIG. 2, and the module is mainly composed of two parts, namely a CA certificate authority and MSP membership provider. Each organization has its own CA, and each peer node and federation chain has its own MSP. The user login is organized, the file storage nodes are accessed, the file storage nodes and the alliance chain data interaction are all based on identities, the alliance identity authentication module is a basis for realizing an alliance chain data interface module, an alliance file storage module, an alliance authority control module and an alliance authority control module, and only the alliance file retrieval module is not required to be based on the alliance identity authentication module.
The CA mechanism issues three identity certificates, namely a User identity, an Admin identity and a initiator identity. The MSP membership provider component verifies the validity of the visitor certificate and provides the identity to the visitor. The CA organization issues User identity certificates to the organization users and delivers the public keys of the corresponding CA signatures to peer file node MSP components of the organization. A client having a User identity, which is the basis for implementing a node Web service module, may log onto a peer file node using a Web service provided by the file node. The CA organization issues the initiator identity and the Admin identity to the peer file nodes, and delivers the public key corresponding to the CA signature to the MSP component of the alliance chain and the peer file node MSP components of each organization. Peer file nodes having Admin identities that are the basis for implementing the federation chain data interface module and the federation rights control module may access the federation chain. A peer file node having a initiator identity, which is the basis for implementing a federated file storage module, may log onto other peer file nodes.
The process of the identity authentication by the alliance identity authentication module of the peer file node is as follows:
a User (User identity or initiator identity User) requests access to B;
b, sending a random value to enable the user A to sign the random value and the timestamp;
after receiving the signature, the B verifies the signature by using a public key corresponding to the identity of the A statement, and if the signature is correct, the identity authentication is completed;
after authenticating the identity of A, B sends a Token for authorizing login to A, A can log in B based on the Token in a period of time, and signature authentication is not needed to be entered again.
The alliance chain data interface module is a module for carrying out data interaction between the peer file node and the alliance chain, and the module consists of two parts, namely an intelligent contract of the alliance chain and an intelligent contract data access layer.
The federation chain intelligence contracts are deployed on a federation chain in which file metadata information and node metadata are stored, which can provide users with normalized transactional operations that access and modify these metadata. The file metadata fields stored in the federation chain include: file hash value, file name, file feature, timestamp, file size, file status, organization to which the file belongs, file authorization service organization, and file piece storage organization. The node metadata fields stored in the federation chain include: node MspId, node address, node port, node load, node liability, node status. Transactional operations provided by the federated chain intelligence contract include:
InertFile: a piece of file metadata is inserted, and the transaction ensures that the organization to which the inserted file belongs and the organization submitting the transaction are consistent.
AddAuthoridzedOrganization: updating a piece of file metadata for a user having access to the file, the transaction guaranteeing that the transaction was submitted by the organization owning the file.
Adduserorganisation: the user using the file in a piece of file metadata is updated, and the transaction ensures that the presenter has access to the file.
DeleteFile: updating a piece of file metadata to a deleted state ensures that only the file owner can delete.
SelectFile: and acquiring corresponding file metadata according to the Hash of the input file, wherein the transaction has no authority control.
SelectAllFile: and acquiring metadata of all files, wherein the transaction has no authority control.
InertNode: a piece of node metadata is inserted and the transaction ensures that the inserted node must belong to the organization that submitted the transaction.
SelectAllnode: and acquiring metadata of all nodes, wherein the transaction has no authority control.
The intelligent contract data access layer is a component of the peer file node and is used for interacting with the alliance chain intelligent contract to provide blockchain data access for the peer file node. The realization of the upper intelligent contract data access layer firstly needs to use a alliance identity authentication module to acquire an Admin identity certificate of the node to log in a alliance chain. The federated chain client component is then used to access the federated chain, invoking the federated chain smart contract. The module provides services for the file storage module, and when the peer file node stores the file metadata in the fourth step, the peer file node calls services provided by the intelligent contract data access layer as shown in fig. 3.
The alliance file storage module is used for storing file slices in the system. The basic unit of the stored file in the system is a file slice, and the file slice is generated by a alliance file storage module of the peer-to-peer file node. The files uploaded by the user are processed through the alliance file storage module, the files are cached to the local, then the files are symmetrically encrypted, then three file pieces are generated through the erasure code technology, and then the file pieces are stored on each peer file node. FIG. 3 illustrates a process of generating file blocks and storing file blocks by a peer-to-peer file node's federated file storage module, one peer-to-peer file node's federated file storage module providing file block storage services to other peer-to-peer file nodes in the system, while caching files accessed by an organization user for the organization user. Taking the alliance member Org1 as an example in the figure, after Client1 of Org1 logs in, uploading the file to its own FileNode1, and the FileNode1 will perform the following operations:
1. caching the file locally;
2. extracting file fingerprints and file features;
3. determining the load and liability of each file storage node through a block chain, and selecting three file storage nodes;
4. storing metadata of the file onto a federation chain;
5. encrypting the file, encoding the file into three parts using an erasure code, and distributing the three parts to selected file storage nodes,
The coping strategies when other nodes receive the file slice storage request are as follows:
1. inquiring whether a file piece of the file in the block chain needs to be stored in a local node or not;
2. checking whether the sender identity of the document piece is the document owner;
3. and storing the file piece when the file pieces are yes.
The alliance authority control module provides authority control service for the alliance file storage module, and the realization is based on the alliance identity authentication module and the alliance chain data interface module. When the alliance file storage module receives the file access request, the alliance file storage module calls the alliance authority control module to verify whether the user has authority to do corresponding operation on the file or the file piece. The alliance authority control module can obtain the identity of the file visitor through the alliance identity authentication module, and can obtain the file authorization information through the alliance chain data interface module. The rights control rules of the alliance rights control module are as follows:
file upload: only the User of an organization to which the peer-to-peer file node belongs can upload the file, because the peer-to-peer file node only belongs to the organization, and only the organization can upload the file.
File download: only User users of an organization to which the peer file node belongs can download files. If the file can be found locally, it is downloaded directly, if it cannot be checked whether there is authority to download the file, if so, the encrypted file block is pulled from the system.
File delete: only the User of an organization to which the peer file node belongs can delete the file, which deletes any file on the machine, regardless of whether the organization to which the file belongs is the organization. When deleting a file of the organization, the file should be deleted from the system together.
File block upload: any legal initiator user can upload file blocks, and peer-to-peer file nodes need to verify that the file has records on the alliance chain, and the user to which the file belongs and the user uploading the file blocks should be consistent, so that no additional file can be uploaded, and the file blocks are uploaded by the user to which the file belongs, so that false file blocks should not be received.
File block download: only the file owner user of the organization and the file authorization organization's Viactor user can download the file blocks.
File block delete: only the initiator user of the file owner may delete the file blocks.
The alliance authority control module simultaneously provides file authorization service for the alliance file storage module. And when the file authorization request occurs to the alliance file storage module, the alliance authority control module is called to authorize the file. The alliance authority control module can call the alliance data interface module to add an organization MspId needing authorization to the file authorization organization field of the corresponding file. FIG. 4 is a flowchart of a process for authorizing and downloading a file by a member of a federation, in which, in an example, client1 requests to access a file to FileNode1, fileNode1 checks whether the file is locally available, if not, checks whether the file is authorized to be accessed, if so, two file pieces of the file are obtained, and the original file can be restored by using the erase code feature of the two file pieces. The authorization flow of the FileNode1 for obtaining a certain file of the FileNode2 is as follows:
1, the FileNode1 initiates a file authorization request to the FileNode2;
after logging in the peer-to-peer file node, the user of FileNode2 discovers a file authorization request, can grant the request, call an intelligent contract to grant Org1 for the access right of the file, and send the key of the file to FileNode1.
The alliance file retrieval module is used for enabling alliance members to retrieve files of interest from the system, and the retrieval is realized by performing approximate matching based on file characteristics. The alliance file retrieval module comprises two components, namely an image feature extraction component and an image feature retrieval component.
The image feature extraction component extracts global features of the image file using the image global feature extraction algorithm SaCoCo. When storing files, the alliance storage module firstly calls the component to extract image file characteristics, and the image file characteristics are stored on an alliance chain as file characteristic fields in file metadata.
The feature retrieval component caches the file features and corresponding file hash values of all files in the current system, which is called a alliance file feature list. When a search request occurs, the file search module firstly extracts image file characteristics of the search request image, then matches a plurality of files which are most similar to the file in the alliance file characteristic list, and obtains file fingerprints of the files.
The node Web service module provides Web services such as user login, file uploading and downloading, file searching, file request authorization and authorization for an organization user based on the five modules. The organization user uses the browser to log in the node Web service module of the organization with the identity of the organization.
The user main interface displays the files uploaded by the organization and the files of other organizations which the organization is authorized to access, each row displays one file, the user can download the displayed files, delete the files uploaded by the organization and authorize the files which other users request to be authorized.
The user clicks the uploading file, pops up the uploading file dialog box, then the user can upload the file, the uploaded file belongs to all the organizations, and all the users of the organizations can view the file.
The user clicks the file fingerprint of the corresponding file, pops up the file detail dialog box, and can see the metadata information of the corresponding file stored in the blockchain.
The user clicks the check file, pops up a check file dialog box, and the user uploads the file acquired from other places to check the integrity of the file to see whether the file is tampered.
The user clicks on the search file, pops up a file search dialog. The user uploads the search request picture file, and the picture similar to the picture in the system can be searched out by using the service of the alliance file search module. The user may view the metadata of all the result files, but the user cannot download unauthorized files.
The user clicks the application authorization, pops up a corresponding file authorization dialog box for confirming the application, and requests the authorization of the file from the file owner after clicking confirmation. If other organizations request authorization to use the file, an authorization button appears on the file line of the file owner, and a pop-up authorization dialog box is clicked, wherein all the organizations requesting authorization to use the file are listed in the dialog box, and a user can select whether to authorize the organization in the dialog box.
Finally, it should be noted that the above embodiments are only for illustrating the technical solution of the present invention, and are not intended to limit the scope of the present invention. Those skilled in the art will appreciate and readily recognize from this description of the embodiments and make various modifications and substitutions to the embodiments of the invention without departing from the spirit and scope of the invention.

Claims (7)

1. The distributed file storage sharing system based on the alliance chain is characterized by comprising an alliance chain data interface module, an alliance file storage module, an alliance identity authentication module, an alliance authority control module, an alliance file retrieval module and a node web service module;
the alliance chain data interface module provides a trusted metadata storage access service for constructing a file storage sharing system among alliances; the alliance chain data interface module is realized through a blockchain intelligent contract, interfaces for providing metadata of some operation files in the intelligent contract, and alliance members update and inquire metadata information corresponding to a certain file by calling the intelligent, wherein the metadata provides data basis for the alliance file storage module and the alliance authority control module; since the file metadata obtained from the federation chain is signed by the federation members and stored in a distributed ledger form, the data is trusted, providing a trusted basis for rights control;
the alliance file storage module is used for storing files of the organization in the alliance, and simultaneously storing file pieces of other organizations in the alliance and files downloaded from other organizations; each alliance member is provided with an alliance file storage module, and users of the alliance organization log in a file storage node and then operate files in the storage node; from the system perspective, each file storage node is peer-to-peer in nature, i.e., the storage node of the organization can access the file storage nodes of other organizations, and download file pieces stored on the other organizations; the peer-to-peer file pieces stored on the organization can be accessed by storage nodes of other organizations, wherein whether other organizations are authorized to access the file pieces needs to pass through the alliance identity authentication module and the alliance authority control module;
the alliance identity authentication module is used for realizing identity access of the storage node, and only the node passing the identity authentication can be added into the blockchain file storage sharing system; the alliance identity authentication module comprises an identity issuer and an identity verifier, wherein the identity issuer can issue identity certificates to nodes and users, and the identity verifier can verify the correctness of the certificates issued by the identity issuer;
the alliance authority control module is used for verifying whether an organization has authority to access a certain file or not, and simultaneously, the alliance authority control module can authorize the authority of the organization to access the certain file; the alliance authority control module consists of two parts: rights granter, rights verifier; the rights granter is a component on the file storage node, and needs to grant access rights of self-organizing files to other organizations with the identity of a certain organization, and the grant rights are used for notifying that the files can be accessed by a certain node in a alliance chain; the authority verifier is also a component in the file storage node and verifies whether a visitor requesting a file piece corresponding to a certain file has authority to access the file by accessing the blockchain;
the alliance file retrieval module is used for enabling alliance members to find files of other alliance members needed by the alliance members; the alliance file retrieval module is divided into a file feature generation component and a feature-based file retrieval component; the file feature generation needs to be uploaded in the picture file, namely the global feature of the image is extracted through an all-pass image feature extraction algorithm, and then the feature is stored as metadata on a alliance chain; the file retrieval component can acquire the metadata record of the whole file by matching the characteristics on the alliance chain to the file of interest so as to further request authorization to acquire the file;
the node Web service module is used for providing a user operation interface of a file system for users of alliance organization members; the user can access the module by using a browser, and the module provides user login, file uploading and downloading, file searching, file request authorization and authorization service for the user based on five modules of a alliance chain data interface module, an alliance file storage module, an alliance identity authentication module, an alliance authority control module and an alliance file searching module; in order to facilitate users to use the system and promote data security sharing, the node Web service module provides a set of searching, application authorization and authorization service flows, so that alliance members can find files of interest and then propose file use applications to file owners; after receiving the file use application, the alliance member file node can manually click to determine that the corresponding file is authorized to the application organization, and the application organization can download the file after obtaining the authorization.
2. The distributed file storage sharing system based on the alliance chain as claimed in claim 1, wherein the alliance chain data interface module is composed of two parts, namely an alliance chain intelligent contract and an intelligent contract data access layer; file metadata and node metadata are stored in the federation chain, and a federation chain intelligent contract is located in the federation chain for manipulating the metadata, and an intelligent contract data access layer is located in the peer file node for invoking the federation chain intelligent contract.
3. The distributed file storage sharing system based on the alliance chain as claimed in claim 1, wherein in the alliance file storage module, the alliance file storage module of each peer file node stores the file of the organization as negative and is responsible for storing the file slices of other organizations; the alliance file storage module can encode files into three file blocks through encryption and erasure codes and distribute the three file blocks into the alliance file storage modules of other peer file nodes, and the alliance file storage module can use the alliance authority control module to verify the legitimacy of file slices when storing the file slices.
4. The distributed file storage sharing system based on a federated chain of claim 1, wherein the federated identity authentication module is comprised of two-part components, a CA certificate authority and an MSP membership provider, respectively; the CA certificate issuing organization issues User, admin, visitor three types of certificates to the organization, which are respectively used for organizing user access file nodes, organizing file node access alliance chains and organizing file node access file nodes of other organizations in the alliance; the MSP membership provider is used to verify certificates issued by CA authorities, providing corresponding identities.
5. The distributed file storage sharing system based on the alliance chain according to claim 1, wherein the alliance authority control module is implemented based on an alliance identity authentication module and an alliance chain data interface module, and the authority control is implemented by matching a user identity and a file authorization field through a predefined authority control rule.
6. The distributed file storage sharing system based on the alliance chain as claimed in claim 1, wherein the alliance file searching module comprises two components, namely an image feature extracting component and an image feature searching component, the image feature extracting component can extract global features of image files, file features of all files in the current system and corresponding file hash values are cached in the feature searching component, and the searching is realized by approximate matching based on the file features.
7. The distributed file storage sharing system based on the alliance chain according to claim 1, wherein in the node Web service module, a user performs file uploading and downloading, file searching, file request authorization and authorization after logging in to the module, wherein the user can search similar image files, an unauthorized image file user cannot download, but the user can select an interested image request to obtain authorization, an authorized party user can authorize a requester to access the file after confirmation, and the user can download the image file after authorization.
CN202110627869.9A 2021-06-05 2021-06-05 Distributed file storage sharing system based on alliance chain Active CN113360458B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110627869.9A CN113360458B (en) 2021-06-05 2021-06-05 Distributed file storage sharing system based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110627869.9A CN113360458B (en) 2021-06-05 2021-06-05 Distributed file storage sharing system based on alliance chain

Publications (2)

Publication Number Publication Date
CN113360458A CN113360458A (en) 2021-09-07
CN113360458B true CN113360458B (en) 2023-05-26

Family

ID=77532564

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110627869.9A Active CN113360458B (en) 2021-06-05 2021-06-05 Distributed file storage sharing system based on alliance chain

Country Status (1)

Country Link
CN (1) CN113360458B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114189595A (en) * 2021-11-19 2022-03-15 临沂大学 Image secret sharing method based on alliance chain
CN114172735B (en) * 2021-12-11 2023-07-14 中国人民解放军战略支援部队信息工程大学 Double-chain hybrid block chain data sharing method and system based on intelligent contracts
CN114386095B (en) * 2021-12-28 2022-09-16 中国铁道科学研究院集团有限公司 Railway signal equipment safety authentication data storage system based on alliance chain
CN115277147B (en) * 2022-07-21 2024-06-11 深圳壹账通智能科技有限公司 File tracing verification method, electronic equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109858259A (en) * 2018-12-29 2019-06-07 中国科学院合肥物质科学研究院 The data protection of community health service alliance and sharing method based on HyperLedger Fabric
CN112486933A (en) * 2020-12-10 2021-03-12 浙江大学德清先进技术与产业研究院 Remote sensing data sharing and exchanging method based on alliance chain
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PL3571825T3 (en) * 2018-12-21 2021-08-16 Advanced New Technologies Co., Ltd. Verifying integrity of data stored in a consortium blockchain using a public sidechain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109858259A (en) * 2018-12-29 2019-06-07 中国科学院合肥物质科学研究院 The data protection of community health service alliance and sharing method based on HyperLedger Fabric
CN112486933A (en) * 2020-12-10 2021-03-12 浙江大学德清先进技术与产业研究院 Remote sensing data sharing and exchanging method based on alliance chain
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
人文社科数据共享模型的设计与实现――以联盟链技术为例;谷俊;许鑫;;情报学报(04);全文 *

Also Published As

Publication number Publication date
CN113360458A (en) 2021-09-07

Similar Documents

Publication Publication Date Title
US11611560B2 (en) Systems, methods, and apparatuses for implementing consensus on read via a consensus on write smart contract trigger for a distributed ledger technology (DLT) platform
US11588619B2 (en) Generating customized smart contracts
US11934540B2 (en) System and method for multiparty secure computing platform
US11431693B2 (en) Systems, methods, and apparatuses for seeding community sidechains with consent written onto a blockchain interfaced with a cloud based computing environment
CN113360458B (en) Distributed file storage sharing system based on alliance chain
US20230342734A1 (en) Systems, methods, and apparatuses for implementing smart flow contracts using distributed ledger technologies in a cloud based computing environment
US11238543B2 (en) Payroll based blockchain identity
AU2022226929B2 (en) Advanced non-fungible token blockchain architecture
US20190236562A1 (en) Systems, methods, and apparatuses for implementing document interface and collaboration using quipchain in a cloud based computing environment
US20190238316A1 (en) Systems, methods, and apparatuses for implementing intelligent consensus, smart consensus, and weighted consensus models for distributed ledger technologies in a cloud based computing environment
US20190236606A1 (en) Systems, methods, and apparatuses for implementing a virtual chain model for distributed ledger technologies in a cloud based computing environment
US20210406386A1 (en) System and method for multiparty secure computing platform
US20160239683A1 (en) System and method for securely storing files
CN111475836B (en) File management method and device based on alliance block chain
EP3864552A1 (en) Blockchain smart contracts for digital asset access
US20190392407A1 (en) Encrypted asset transfer system and method for facilitating transfer of digital assets
Kikitamara et al. Digital identity management on blockchain for open model energy system
CN111291394A (en) False information management method, false information management device and storage medium
KR102426124B1 (en) Method, apparatus and system for operating personal information based on blockchain
Mounnan et al. Efficient distributed access control using blockchain for big data in clouds
US20240029034A1 (en) Generating Smart Contracts for Electronic Notarization Using Synthetically Generated Invisible Fingerprint Metadata
US20240029183A1 (en) Automatic Tagging of Smart Contracts for Electronic Notarization in a Decentralized Finance System
US20240031159A1 (en) Generating Synthetic Invisible Fingerprints for Metadata Security and Document Verification Using Generative Artifical Intelligence
KR102628944B1 (en) Blockchain-based Legal Archive Authentication System and Method Using the Same
Jain et al. Enhancing trust in a blockchain-based system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant