CN113379547A - Supply chain transaction data safety supervision method and system based on double chains - Google Patents

Supply chain transaction data safety supervision method and system based on double chains Download PDF

Info

Publication number
CN113379547A
CN113379547A CN202110704969.7A CN202110704969A CN113379547A CN 113379547 A CN113379547 A CN 113379547A CN 202110704969 A CN202110704969 A CN 202110704969A CN 113379547 A CN113379547 A CN 113379547A
Authority
CN
China
Prior art keywords
chain
transaction
fund
record
double
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110704969.7A
Other languages
Chinese (zh)
Inventor
徐杨
向阳芬
李东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN202110704969.7A priority Critical patent/CN113379547A/en
Publication of CN113379547A publication Critical patent/CN113379547A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Technology Law (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a supply chain transaction data safety supervision method and a supply chain transaction data safety supervision system based on double chains, wherein the method comprises a data coarse-grained access control scheme, and the data coarse-grained access control scheme comprises the following steps of transaction data uplink: separately storing a block chain double-chain model consisting of a commodity chain and a fund chain and transaction data into double chains, and performing chain judgment on the transaction data; and the transaction data security association step: and calculating the encrypted order number, acquiring a product circulation record and a capital circulation record, merging the records and the like. The invention provides a coarse-grained access control scheme of data, which is a double-chain structure consisting of a commodity chain and a fund chain, utilizes the double chain to isolate commodity circulation information and fund circulation information in complete transaction data, and provides different circulation information for different supervision departments, so that the privacy security of enterprise transaction sensitive data can be better protected on the premise of meeting the supervision requirements of the supervision departments, and the coarse-grained access control scheme can be widely applied to the field of block chain technology and application.

Description

Supply chain transaction data safety supervision method and system based on double chains
Technical Field
The invention relates to the field of block chain technology and application, in particular to a supply chain transaction data safety supervision method and system based on double chains.
Background
Applying the blockchain to supply chain supervision may give higher security to the supervision data. At present, in the project of applying the blockchain to supply chain supervision, most of the original data reported by enterprises are stored in a central database, and a hash value of the original data is calculated by a central server and stored in the blockchain to prevent the data from being tampered. There are problems in this:
1) the enterprises report the incoming and sales records respectively, two records exist in a database of a supervision department for one transaction in a supply chain, and the inconsistency of the two records can be caused by the self-reporting mode of the transaction data and the tendency of the enterprises to protect the transaction data, so that the reliability of the supervision data is low.
2) The large amount of transaction data is saved in a central database, so that the security of the supervision data is low.
3) The process of utilizing the central server to calculate the transaction data hash has the possibility that the data is tampered and the data before being tampered cannot be recovered.
Disclosure of Invention
In order to solve at least one of the technical problems in the prior art to a certain extent, the present invention aims to provide a supply chain transaction data security supervision method and system based on double chains.
The technical scheme adopted by the invention is as follows:
a supply chain transaction data security supervision method based on double chains comprises a data coarse-grained access control scheme, wherein the data coarse-grained access control scheme comprises a transaction data uplink step and a transaction data security association step;
the transaction data uplink step comprises the following steps:
dividing the complete transaction data into a product circulation record and a fund circulation record;
submitting the product circulation record to a double-chain model;
acquiring random numbers of both transaction parties, and submitting the random numbers to a double-chain model; the two transaction parties comprise a transaction buyer and a transaction seller;
submitting the fund flow record to a double-chain model;
judging whether the capital circulation record is successfully stored or not, and if the capital circulation record is successfully stored, setting the product circulation record state corresponding to the capital circulation record as valid; otherwise, setting the product flow record state corresponding to the fund flow record as invalid;
the double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on a supply chain, and the fund chain only stores fund circulation information on the supply chain;
the transaction data security association step comprises the following steps:
generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction; when the first party of the transaction is a transaction buyer, the second party of the transaction is a transaction seller; when the first party of the transaction is a transaction seller, the second party of the transaction is a transaction buyer;
encrypting the order number according to the secret key to obtain an encrypted order number;
reading a product circulation record from a commodity chain according to the order number, and reading a fund circulation record from a fund chain according to the encrypted order number;
and combining the product circulation record and the fund circulation record to obtain complete transaction data.
Further, the supply chain transaction data security supervision method based on the double chain further comprises a fine-grained access control scheme of data, and the fine-grained access control scheme comprises the following steps:
setting an accessible authority node list according to each subfield on the commodity chain and the fund chain;
transmitting the complete original data of each field to a node in an accessible authority node list;
and transmitting the hash value of each field to a node which is not in the accessible authority node list, thereby realizing authority control of different fields of the record, and enabling all nodes in the non-sensitive part in the record to be viewable, and only authority nodes in the sensitive part to be viewable.
Further, submitting the product flow record to a double-chain model comprises:
the transaction buyer signs the product circulation record Rp1 by using a signature algorithm phi according to a preset private key priK, and submits the obtained signature information phi priK (Rp1) to the transaction seller;
submitting the product circulation record Rp2 and the signature phi priK (Rp1) of the transaction buyer to the commodity chain by the transaction seller;
and the commodity chain decrypts the signature information phi priK (Rp1) by using the public key pubK of the transaction buyer, judges whether the decryption result is consistent with the product circulation record Rp2, and stores the product circulation record to the commodity chain by taking the order number as a number if the decryption result is consistent with the product circulation record Rp 2.
Further, the acquiring the random numbers of the two transaction parties and submitting the random numbers to the double-chain model includes:
for each order, both trading parties corresponding to the order need to generate a pair of random numbers, wherein the pair of random numbers comprises a public random number and a private random number;
and uploading a pair of random numbers generated by the two transaction parties to a fund chain in the double-chain model.
Further, the submitting the fund flow record to a double chain model comprises:
the transaction buyer signs the fund flow record Rf1 by using a signature algorithm phi according to a preset private key priK, and submits the obtained signature information phi priK (Rf1) to the transaction seller;
submitting the fund flow record Rf2 and the signature Phiprk (Rf1) of the transaction buyer to the fund chain by the transaction seller;
the commodity chain decrypts the signature information phi priK (Rf1) by using the public key pubK of the transaction buyer, judges whether the decryption result is consistent with the fund flow record Rf2, if so, obtains the public random number of the transaction buyer about the order and the private random number of the transaction seller about the order from the fund chain, calculates a secret key according to the random numbers, encrypts the order number by using the secret key to obtain an encrypted order number, and stores the fund flow record to the fund chain by taking the encrypted order number as a serial number.
Further, the transaction data security association step further includes the following steps:
before the transaction data is required to be completely recorded, the identity of the calling node needs to be judged, and only enterprises of two transaction parties and a transaction supervision department can successfully associate and store transaction records on a commodity chain and a fund chain.
Further, the generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction includes:
if the transaction supervision department requests to acquire complete transaction data, the transaction supervision department acquires a private random number of any party for transaction trading and a public random number of the other party, and generates a key according to the acquired random numbers;
if the transaction seller or the transaction buyer requests to acquire the complete transaction data, the private random number of the first party of the transaction and the public random number of the second party of the transaction are acquired, and a secret key is generated according to the acquired random numbers.
Further, the commodity chain and the fund chain in the double-chain model refer to two independent block chains, and the commodity chain and the fund chain maintain state data and block chain data of the commodity chain and the fund chain respectively.
The other technical scheme adopted by the invention is as follows:
a supply chain transaction data security supervision system based on double chains comprises a coarse-grained access control module, wherein the coarse-grained access control module comprises a transaction data uplink unit and a transaction data security association unit;
the transaction data uplink unit is configured to perform the following steps:
dividing the complete transaction data into a product circulation record and a fund circulation record;
submitting the product circulation record to a double-chain model;
acquiring random numbers of both transaction parties, and submitting the random numbers to a double-chain model; the two transaction parties comprise a transaction buyer and a transaction seller;
submitting the fund flow record to a double-chain model;
judging whether the capital circulation record is successfully stored or not, and if the capital circulation record is successfully stored, setting the product circulation record state corresponding to the capital circulation record as valid; otherwise, setting the product flow record state corresponding to the fund flow record as invalid;
the double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on a supply chain, and the fund chain stores fund circulation information on the supply chain;
the transaction data security association unit is used for executing the following steps:
generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction;
encrypting the order number according to the secret key to obtain an encrypted order number;
reading a product circulation record from a commodity chain according to the order number, and reading a fund circulation record from a fund chain according to the encrypted order number;
and combining the product circulation record and the fund circulation record to obtain complete transaction data.
The other technical scheme adopted by the invention is as follows:
a supply chain transaction data security supervision system based on double chains, comprising: the system comprises an enterprise submitting transaction module, an enterprise inquiry historical transaction module, a quality supervision department product tracing module, a fund supervision department average price counting module and a transaction supervision department inquiry historical transaction module;
the enterprise submission transaction module is used for signing transaction data by a transaction buyer; the system is used for the transaction seller to submit the product circulation record and the signature information to the blockchain;
the enterprise inquiry history transaction module is used for generating a secret key by utilizing the private random number and the public random number of the enterprise, and calculating according to the secret key to obtain an encryption single number; acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain historical transaction data;
the product tracing module of the quality supervision department records the relationship between each batch number and the order number of the product to trace the product and inquires the whole circulation process from the beginning of the product appearing on the supply chain to the time the product leaves the supply chain;
the fund supervision department average price counting module is used for traversing the fund flow record of the product and counting the average price of the product in a preset time;
the transaction supervision department inquires a historical transaction module and is used for generating a secret key by utilizing a private random number of an enterprise of any party and a public random number of an enterprise of the other party in transaction, and an encrypted single number is obtained through calculation according to the secret key; and acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain the complete historical transaction data of the enterprise.
The invention has the beneficial effects that: the invention provides a coarse-grained access control scheme of data, which is a double-chain structure consisting of a commodity chain and a fund chain, utilizes the double chain to isolate commodity circulation information and fund circulation information in complete transaction data, and provides different circulation information to different supervision departments by analyzing supervision requirements of different supervision departments, so that the privacy security of enterprise transaction sensitive data can be better protected on the premise of meeting the supervision requirements of the supervision departments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description is made on the drawings of the embodiments of the present invention or the related technical solutions in the prior art, and it should be understood that the drawings in the following description are only for convenience and clarity of describing some embodiments in the technical solutions of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for secure supervision of supply chain transaction data based on double chains in an embodiment of the present invention;
FIG. 2 is a diagram of a supply chain model in an embodiment of the invention;
FIG. 3 is a network structure diagram of a double-chain model in an embodiment of the present invention;
fig. 4 is a schematic diagram of a transaction data security association scheme in an embodiment of the invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
In the description of the present invention, it should be understood that the orientation or positional relationship referred to in the description of the orientation, such as the upper, lower, front, rear, left, right, etc., is based on the orientation or positional relationship shown in the drawings, and is only for convenience of description and simplification of description, and does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention.
In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present invention, unless otherwise explicitly limited, terms such as arrangement, installation, connection and the like should be understood in a broad sense, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
As shown in fig. 1, the present embodiment provides a method for monitoring and managing supply chain transaction data credibility and security based on a double chain, which includes a coarse-grained access control scheme for data and a fine-grained access control scheme for data, where the coarse-grained access control scheme for data includes a transaction data uplink step and a transaction data security association step.
Wherein, the step of transaction data uplink comprises the following steps:
and S1, dividing the complete transaction into a product circulation record and a fund circulation record.
And S2, submitting the product circulation record to the double-chain model by using the data uplink scheme of the three steps of signature, submission and verification.
The step S2 includes the following steps:
s2.1, the transaction buyer signs the product circulation record Rp1 by using a signature algorithm phi through the private key priK of the transaction buyer, and submits signature information phi priK (Rp1) to the transaction seller;
s2.2, submitting the product circulation record Rp2 and the signature phi priK (Rp1) of the transaction buyer to a commodity chain together by the transaction seller;
and S2.3, the commodity chain decrypts the signature information phi priK (Rp1) by using the public key pubK of the transaction buyer, judges whether the result is consistent with the result Rp2, stores the product circulation record to the commodity chain by using the order number as a serial number if the result is consistent with the result, sets a record access right, and ensures that only two transaction parties and a quality and transaction supervision department can check the record content.
And S3, generating random numbers of the two transaction parties about the order number based on the Diffie-Hellman algorithm, and submitting the random numbers to the fund chain in the double-chain model.
And S4, submitting the fund flow record to the double-chain model by using the data uplink scheme of the three steps of signature, submission and verification.
The step S4 includes the following steps:
s4.1, the transaction buyer signs the fund flow record Rf1 by using a signature algorithm phi by using a private key priK of the transaction buyer, and submits signature information phi priK (Rf1) to the transaction seller;
s4.2, submitting the fund flow record Rf2 and the signature phi priK (Rf1) of the transaction buyer to a fund chain together by the transaction seller;
s4.3, the commodity chain decrypts the signature information phi priK (Rf1) by using the public key pubK of the transaction buyer, judges whether the result is consistent with Rf2, if so, requests the public random number of the transaction buyer about the order and the private random number of the transaction seller about the order from the fund chain, calculates to obtain a secret key, encrypts the order number by using the secret key to obtain an encrypted order number, saves the fund circulation record to the fund chain by using the encrypted order number as a serial number, sets a record access right, ensures that only the transaction two parties, the fund and a transaction supervision department can check the record content, and the association between the commodity chain and the record on the fund chain is shown in figure 4.
And S5, judging whether the fund flow record passes through the data uplink scheme and is successfully stored, if so, setting the product flow record state of the transaction record to be valid, otherwise, setting the product flow record state of the transaction record to be invalid.
The double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on the supply chain, and the fund chain only stores fund circulation information on the supply chain. The construction method of the double-chain model is specifically as follows, taking the supply chain model shown in fig. 2 as an example:
all enterprises in the supply chain need to provide two computer nodes, one for building a commodity chain and maintaining product circulation records, and the other for building a fund chain and maintaining fund circulation records. The quality supervision department provides a node to build a commodity chain, the fund supervision node provides a node to build a fund chain, and the transaction supervision node provides two nodes to respectively build the commodity chain and the fund chain.
The network structure of the double chain model is shown in fig. 3, wherein P1pro and P1fun are nodes of a supplier 1, P2pro and P2fun are nodes of a supplier 2, P3pro and P3fun are nodes of a supply chain 3, M1pro and M1fun are nodes of a manufacturer 1, M2pro and M2fun are nodes of a manufacturer 2, R1pro and R2fun are nodes of a retailer 1, R2pro and R2fun are nodes of a retailer 2, R3pro and R3fun are nodes of a retailer 3, Spro is a quality supervision node, and Sfun is a fund supervision node. P1pro, P2pro, P3pro, M1pro, M2pro, R1pro, R2pro, R3pro and Spro nodes (P1fun, P2fun, P3fun, M1fun, M2fun, R1fun, R2fun, R3fun and Sfun nodes) on the commodity chain (fund chain) are simultaneously used as endorsements and verification nodes on the commodity chain (fund chain) to participate in the transaction uplink process on the commodity chain (fund chain), and each stage is used for storing complete block chain data and world state data. Nodes P1pro, P2pro, ·, R3pro, Spro are client nodes in the commodity chain for supplier 1, supplier 2,. and retailer 3, respectively, and quality supervision department, and nodes P1fun, P2fun,. and R3fun are client nodes in the fund chain for supplier 1, supplier 2,. and retailer 3, respectively. The enterprise at least needs to have one node added into the commodity chain and one node added into the fund chain as a client node, and can initiate a request to access the commodity chain or the fund chain to the client node, so as to submit data to the block chain or read the data. The commodity chain and the fund chain share the same sequencing node, the sequencing node is only responsible for sequencing all transactions by utilizing a consensus algorithm according to the time of the occurrence of the transactions, is completely independent of the endorsement and verification stage of the transactions, does not have any commodity chain or world state on the fund chain, and does not need to know the specific content of the transactions. Therefore, the commodity chain and the fund chain share the same sequencing node without influencing data isolation between the commodity chain and the fund chain.
The data security association steps are as follows:
t1, judging the identity of the trader requiring the integrity, and returning a refusal request if the trader is a trading irrelevant party, a quality supervision department and a fund supervision department.
T2, transaction supervision generates a key using the private random number of either party to the transaction about the order and the public random number of the counterparty to the transaction, and both parties to the transaction generate a key using their own private random number about the order and the public random number of the counterparty to the transaction.
If the transaction supervision department requests to acquire complete transaction data, the transaction supervision department acquires a private random number of any party for transaction trading and a public random number of the other party, and generates a key according to the acquired random numbers;
if the transaction seller or the transaction buyer requests to acquire the complete transaction data, the private random number of the first party of the transaction and the public random number of the second party of the transaction are acquired, and a secret key is generated according to the acquired random numbers.
And T3, encrypting the single number by using the key to obtain an encrypted single number.
And T4, reading the product circulation record from the commodity chain by using the non-encrypted single number as the serial number, and reading the fund circulation record from the fund chain by using the encrypted single number as the serial number.
T5, combining the product flow record and the fund flow record to obtain the complete transaction data.
The fine-grained access control scheme of the data specifically comprises the following steps:
p1, setting an accessible authority node list according to each subfield on the commodity chain and the fund chain;
p2, transmitting the complete original data of each field to the node in the accessible authority node list;
p3, transmitting the hash value of each field to the node not in the accessible authority node list, thereby realizing authority control of different fields of the record, so that all nodes in the non-sensitive part of the record can be viewed, and only authority nodes in the sensitive part can be viewed.
When the records on the commodity chain and the fund chain are written, an accessible authority node list is set for the sensitive fields in the records, and the list comprises information of all nodes which can access the field data. In the process of uplink of the sensitive field, the sensitive field data is only transmitted to the nodes in the accessible authority node list, and the hash value of the sensitive field data is transmitted to the nodes in the block chain network except the accessible authority node list.
In this embodiment, the quality supervision department can acquire information of circulation of products between enterprises in the supply chain from the commodity chain, the fund supervision department can acquire information of fund exchange and product price fluctuation between enterprises in the supply chain from the fund chain, and the transaction supervision department can acquire original transaction data before the enterprises in the supply chain. Supply chain transaction information is divided into two types of information of product circulation and fund circulation by analyzing the supervision requirements of different supervision departments and is respectively provided for different supervision departments, so that enterprise privacy can be better protected while the supervision requirements of the supervision departments are fully met, meanwhile, the correctness and the safety of the data on the chain are ensured by the steps of data chaining, safety association, authority control and the like, and the safety supervision of the supply chain transaction data is realized.
In summary, compared with the prior art, the method of the present embodiment has the following beneficial effects:
(1) the embodiment provides a coarse-grained access control scheme of data, a double-chain structure consisting of a commodity chain and a fund chain is adopted, commodity circulation information and fund circulation information in complete transaction data are isolated by the double chains, and different circulation information is provided for different supervision departments by analyzing supervision requirements of different supervision departments. Therefore, the privacy security of the enterprise transaction sensitive data can be better protected on the premise of meeting the supervision requirements of the supervision department.
(2) In the data uplink step proposed on the basis of the double-chain model, the steps of transaction buyer signature, transaction seller submission and block chain verification can ensure the correctness of transaction original data on the block chain, so that the reliability of supervision data is improved; the transaction data security association step provided on the basis of the double-chain model ensures that the transaction unrelated party cannot associate the enterprise product circulation record and the fund circulation record, and further improves the privacy security of the enterprise transaction data.
(3) After an transaction is divided into a product flow record and a fund flow record to be stored in a commodity chain and a fund chain, the embodiment provides that a data fine-grained access control scheme is used for performing finer-grained access control on records in a single chain, an accessible authority node list is used for realizing authority control of different fields of a single record, complete data is transmitted to an authorized node, and a hash value of the data is transmitted to an unauthorized node. Finer-grained access control can reduce data storage overhead to some extent while protecting enterprise transaction data privacy security.
The embodiment also provides a supply chain transaction data security supervision system based on the double chains, which comprises a coarse-grained access control module, wherein the coarse-grained access control module comprises a transaction data uplink unit and a transaction data security association unit;
the transaction data uplink unit is configured to perform the following steps:
dividing the complete transaction data into a product circulation record and a fund circulation record;
submitting the product circulation record to a double-chain model;
acquiring random numbers of both transaction parties, and submitting the random numbers to a double-chain model; the two transaction parties comprise a transaction buyer and a transaction seller;
submitting the fund flow record to a double-chain model;
judging whether the capital circulation record is successfully stored or not, and if the capital circulation record is successfully stored, setting the product circulation record state corresponding to the capital circulation record as valid; otherwise, setting the product flow record state corresponding to the fund flow record as invalid;
the double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on a supply chain, and the fund chain stores fund circulation information on the supply chain;
the transaction data security association unit is used for executing the following steps:
generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction;
encrypting the order number according to the secret key to obtain an encrypted order number;
reading a product circulation record from a commodity chain according to the order number, and reading a fund circulation record from a fund chain according to the encrypted order number;
and combining the product circulation record and the fund circulation record to obtain complete transaction data.
The supply chain transaction data safety supervision system based on the double chains can execute the supply chain transaction data safety supervision method based on the double chains provided by the method embodiment of the invention, can execute any combination implementation steps of the method embodiment, and has corresponding functions and beneficial effects of the method.
The embodiment further provides a supply chain transaction data security supervision system based on the double chains, which includes: the system comprises an enterprise submitting transaction module, an enterprise inquiry historical transaction module, a quality supervision department product tracing module, a fund supervision department average price counting module and a transaction supervision department inquiry historical transaction module;
the enterprise submission transaction module is used for signing transaction data by a transaction buyer; the system is used for the transaction seller to submit the product circulation record and the signature information to the blockchain;
the enterprise inquiry history transaction module is used for generating a secret key by utilizing the private random number and the public random number of the enterprise, and calculating according to the secret key to obtain an encryption single number; acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain historical transaction data;
the product tracing module of the quality supervision department records the relationship between each batch number and the order number of the product to trace the product and inquires the whole circulation process from the beginning of the product appearing on the supply chain to the time the product leaves the supply chain;
the fund supervision department average price counting module is used for traversing the fund flow record of the product and counting the average price of the product in a preset time;
the transaction supervision department inquires a historical transaction module and is used for generating a secret key by utilizing a private random number of an enterprise of any party and a public random number of an enterprise of the other party in transaction, and an encrypted single number is obtained through calculation according to the secret key; and acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain the complete historical transaction data of the enterprise.
The supply chain transaction data safety supervision system based on the double chains can execute the supply chain transaction data safety supervision method based on the double chains provided by the method embodiment of the invention, can execute any combination implementation steps of the method embodiment, and has corresponding functions and beneficial effects of the method.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flow charts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present invention is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the described functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in a separate physical device or software module. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary for an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the invention, which is defined by the appended claims and their full scope of equivalents.
In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A supply chain transaction data security supervision method based on double chains is characterized by comprising a data coarse-grained access control scheme, wherein the data coarse-grained access control scheme comprises a transaction data uplink step and a transaction data security association step;
the transaction data uplink step comprises the following steps:
dividing the complete transaction data into a product circulation record and a fund circulation record;
submitting the product circulation record to a double-chain model;
acquiring random numbers of both transaction parties, and submitting the random numbers to a double-chain model; the two transaction parties comprise a transaction buyer and a transaction seller;
submitting the fund flow record to a double-chain model;
judging whether the capital circulation record is successfully stored or not, and if the capital circulation record is successfully stored, setting the product circulation record state corresponding to the capital circulation record as valid; otherwise, setting the product flow record state corresponding to the fund flow record as invalid;
the double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on a supply chain, and the fund chain only stores fund circulation information on the supply chain;
the transaction data security association step comprises the following steps:
generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction;
encrypting the order number according to the secret key to obtain an encrypted order number;
reading a product circulation record from a commodity chain according to the order number, and reading a fund circulation record from a fund chain according to the encrypted order number;
and combining the product circulation record and the fund circulation record to obtain complete transaction data.
2. The double-chain-based supply chain transaction data security supervision method according to claim 1, wherein the double-chain-based supply chain transaction data security supervision method further comprises a fine-grained access control scheme of data, comprising:
setting an accessible authority node list according to each subfield on the commodity chain and the fund chain;
transmitting the complete original data of each field to a node in an accessible authority node list;
the hash values for the fields are transmitted to nodes that are not in the list of accessible authority nodes so that all nodes in the non-sensitive portion of the record are viewable and only the authority nodes in the sensitive portion are viewable.
3. The double-chain-based supply chain transaction data security supervision method according to claim 1, wherein the submitting the product flow records to a double-chain model comprises:
the transaction buyer signs the product circulation record Rp1 by using a signature algorithm phi according to a preset private key priK, and obtains signature information phipriK(Rp1) submitting to hand-overAn easy seller;
the transaction seller records Rp2 the product flow and the transaction buyer's signature ΦpriK(Rp1) submitting to a commodity chain;
the commodity chain decrypts the signature information phi by using the public key pubK of the transaction buyerpriK(Rp1), judging whether the decryption result is consistent with the product circulation record Rp2, if so, storing the product circulation record with the order number as the number into the commodity chain.
4. The supply chain transaction data security supervision method based on the double chain according to claim 1, wherein the obtaining of the random numbers of both transaction parties and submitting the random numbers to the double chain model comprises:
for each order, both trading parties corresponding to the order need to generate a pair of random numbers, wherein the pair of random numbers comprises a public random number and a private random number;
and uploading a pair of random numbers generated by the two transaction parties to a fund chain in the double-chain model.
5. The double-chain-based supply chain transaction data security supervision method according to claim 1, wherein the submitting of the fund flow record to the double-chain model comprises:
the transaction buyer signs the fund flow record Rf1 by using a signature algorithm phi according to a preset private key priK, and obtains signature information phipriK(Rf1) submitting to a transaction seller;
transaction seller records Rf2 fund flow and signature Φ of transaction buyerpriK(Rf1) submitting to a fund chain;
the commodity chain decrypts the signature information phi by using the public key pubK of the transaction buyerpriK(Rf1), judging whether the decryption result is consistent with the fund flow record Rf2, if so, obtaining the public random number of the transaction buyer and the private random number of the transaction seller about the order from the fund chain, calculating a secret key according to the random numbers, encrypting the order number by using the secret key to obtain an encrypted order number, and storing the fund flow record to the fund chain by taking the encrypted order number as a serial number.
6. The supply chain transaction data security supervision method based on double chains according to claim 1, wherein the transaction data security association step further comprises the following steps:
before the transaction data is required to be completely recorded, the identity of the calling node needs to be judged, and only enterprises of two transaction parties and a transaction supervision department can successfully associate and store transaction records on a commodity chain and a fund chain.
7. The supply chain transaction data security supervision method based on double chain according to claim 1, wherein the generating of the key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction comprises:
if the transaction supervision department requests to acquire complete transaction data, the transaction supervision department acquires a private random number of any party for transaction trading and a public random number of the other party, and generates a key according to the acquired random numbers;
if the transaction seller or the transaction buyer requests to acquire the complete transaction data, the private random number of the first party of the transaction and the public random number of the second party of the transaction are acquired, and a secret key is generated according to the acquired random numbers.
8. The supply chain transaction data security supervision method based on double chains as claimed in claim 1, wherein the commodity chain and the fund chain in the double chain model are two independent block chains, and each of the commodity chain and the fund chain maintains its own state data and block chain data.
9. A supply chain transaction data security supervision system based on double chains is characterized by comprising a coarse-grained access control module, wherein the coarse-grained access control module comprises a transaction data uplink unit and a transaction data security association unit;
the transaction data uplink unit is configured to perform the following steps:
dividing the complete transaction data into a product circulation record and a fund circulation record;
submitting the product circulation record to a double-chain model;
acquiring random numbers of both transaction parties, and submitting the random numbers to a double-chain model; the two transaction parties comprise a transaction buyer and a transaction seller;
submitting the fund flow record to a double-chain model;
judging whether the capital circulation record is successfully stored or not, and if the capital circulation record is successfully stored, setting the product circulation record state corresponding to the capital circulation record as valid; otherwise, setting the product flow record state corresponding to the fund flow record as invalid;
the double-chain model is a block chain double-chain model comprising a commodity chain and a fund chain, wherein the commodity chain only stores inter-enterprise product circulation information on a supply chain, and the fund chain stores fund circulation information on the supply chain;
the transaction data security association unit is used for executing the following steps:
generating a key according to the private random number of the first party of the transaction and the public random number of the second party of the transaction;
encrypting the order number according to the secret key to obtain an encrypted order number;
reading a product circulation record from a commodity chain according to the order number, and reading a fund circulation record from a fund chain according to the encrypted order number;
and combining the product circulation record and the fund circulation record to obtain complete transaction data.
10. A supply chain transaction data security supervision system based on double chains is characterized by comprising: the system comprises an enterprise submitting transaction module, an enterprise inquiry historical transaction module, a quality supervision department product tracing module, a fund supervision department average price counting module and a transaction supervision department inquiry historical transaction module;
the enterprise submission transaction module is used for signing transaction data by a transaction buyer; the system is used for the transaction seller to submit the product circulation record and the signature information to the blockchain;
the enterprise inquiry history transaction module is used for generating a secret key by utilizing the private random number and the public random number of the enterprise, and calculating according to the secret key to obtain an encryption single number; acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain historical transaction data;
the product tracing module of the quality supervision department records the relationship between each batch number and the order number of the product to trace the product and inquires the whole circulation process from the beginning of the product appearing on the supply chain to the time the product leaves the supply chain;
the fund supervision department average price counting module is used for traversing the fund flow record of the product and counting the average price of the product in a preset time;
the transaction supervision department inquires a historical transaction module and is used for generating a secret key by utilizing a private random number of an enterprise of any party and a public random number of an enterprise of the other party in transaction, and an encrypted single number is obtained through calculation according to the secret key; and acquiring a product circulation record from a commodity chain by using the order number, acquiring a fund circulation record from a fund chain by using the encryption order number, and combining the product circulation record and the fund circulation record to obtain the complete historical transaction data of the enterprise.
CN202110704969.7A 2021-06-24 2021-06-24 Supply chain transaction data safety supervision method and system based on double chains Pending CN113379547A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110704969.7A CN113379547A (en) 2021-06-24 2021-06-24 Supply chain transaction data safety supervision method and system based on double chains

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110704969.7A CN113379547A (en) 2021-06-24 2021-06-24 Supply chain transaction data safety supervision method and system based on double chains

Publications (1)

Publication Number Publication Date
CN113379547A true CN113379547A (en) 2021-09-10

Family

ID=77578945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110704969.7A Pending CN113379547A (en) 2021-06-24 2021-06-24 Supply chain transaction data safety supervision method and system based on double chains

Country Status (1)

Country Link
CN (1) CN113379547A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801710A (en) * 2012-07-04 2012-11-28 北京天龙融和软件有限公司 Networked transaction method and system
CN109102285A (en) * 2018-07-30 2018-12-28 上海淳麒金融信息服务有限公司 Supply chain finance implementation method and its control system based on block chain duplex structure
CN111144844A (en) * 2019-12-26 2020-05-12 广州中国科学院软件应用技术研究所 Supply chain management system with separated fund and logistics
CN111538786A (en) * 2020-04-24 2020-08-14 上海简苏网络科技有限公司 Block chain data desensitization and tracing storage method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801710A (en) * 2012-07-04 2012-11-28 北京天龙融和软件有限公司 Networked transaction method and system
CN109102285A (en) * 2018-07-30 2018-12-28 上海淳麒金融信息服务有限公司 Supply chain finance implementation method and its control system based on block chain duplex structure
CN111144844A (en) * 2019-12-26 2020-05-12 广州中国科学院软件应用技术研究所 Supply chain management system with separated fund and logistics
CN111538786A (en) * 2020-04-24 2020-08-14 上海简苏网络科技有限公司 Block chain data desensitization and tracing storage method and device

Similar Documents

Publication Publication Date Title
US11636216B2 (en) System and methods for tamper proof interaction recording and timestamping
WO2021017433A1 (en) Data authorization method and device employing smart contract
CN110620810B (en) Non-linked ownership of continuous asset transfer over blockchain
JP6697008B2 (en) System and method for updating distributed ledger based on partial authorization of transaction
EP3509006B1 (en) Information sharing system
WO2021175023A1 (en) Electronic warehouse receipt source tracing method and apparatus, computer device, and storage medium
Navadkar et al. Overview of blockchain technology in government/public sectors
US11720689B2 (en) Data registration method, data decryption method, data structure, computer, and program
WO2020143318A1 (en) Data verification method and terminal device
CN113169866A (en) Techniques to prevent collusion using simultaneous key distribution
CN112231284A (en) Block chain-based big data sharing system, method, device and storage medium
CN111460525A (en) Data processing method and device based on block chain and storage medium
Li et al. A decentralized and secure blockchain platform for open fair data trading
US20220329436A1 (en) Token-based identity validation via blockchain
US20210117916A1 (en) Upstream visibility in supply-chain
WO2021169767A1 (en) Data processing method and apparatus, device and medium
CN111818186B (en) Information sharing method and system
US20220029801A1 (en) Master key escrow process
CN115147224A (en) Transaction data sharing method and device based on alliance chain
CN114969786A (en) Block chain-based insurance function data processing method, node and system
US20210117909A1 (en) Upstream visibility in supply-chain
CN111079190A (en) Block chain supply chain transaction hiding dynamic supervision system and method
CN116057554A (en) Method for managing transaction data sets, participant unit, transaction register and payment system
CN114514550A (en) Partitioning requests into blockchains
CN112884485A (en) Symmetric encryption traceability transaction method, system and storage medium based on block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210910

RJ01 Rejection of invention patent application after publication