CN113821808A - Block chain-based Internet of things data sharing model and management and control method - Google Patents
Block chain-based Internet of things data sharing model and management and control method Download PDFInfo
- Publication number
- CN113821808A CN113821808A CN202110958642.2A CN202110958642A CN113821808A CN 113821808 A CN113821808 A CN 113821808A CN 202110958642 A CN202110958642 A CN 202110958642A CN 113821808 A CN113821808 A CN 113821808A
- Authority
- CN
- China
- Prior art keywords
- data
- block chain
- information
- request
- provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The invention discloses an Internet of things data sharing model and a control method based on a block chain. The scheme is realized by taking an Internet of things data sharing platform as a carrier. The platform is realized in a front-end and back-end separation mode, the front end is realized by an Vue framework, and the back end is used for front-end page calling in a restful API interface service mode realized based on Springboot + Mybatis. Compared with the traditional data sharing scheme, the data sharing method and the data sharing system remove a centralized data management center, release data to a data provider, avoid the problem of single-point failure, and have the characteristics of decentralized management and transaction traceability. The invention has higher flexibility and expandability, realizes distributed access control and better conforms to the data sharing scene of the Internet of things. The invention ensures the authenticity of data through an asymmetric encryption technology and a digital signature technology, and effectively avoids network attack and data leakage in the transaction process.
Description
Technical Field
The invention relates to the field of data sharing, in particular to a data sharing model and a control method based on access control model design of a block chain and energy under the scene of data sharing of the Internet of things.
Background
With the development and maturity of the technology of the internet of things, the internet of things is gradually developed from an initial concept and permeates into various fields, such as intelligent transportation, medical care, environmental monitoring and other multi-industry fields. Hundreds of millions of internet-of-things equipment begins to be widely applied to social life of people, generated internet-of-things data is exponentially increased, and the era of the data is coming. The data of the internet of things is the core driving force of the internet of things, huge value is reserved behind the data, and the most important means for releasing the value of the data is to enable the data to flow. In order to accelerate the process of sharing and circulating data and enable the data to better serve various fields such as education, business, infrastructure and the like, in recent years, China has promoted the construction and development of data to national strategy and is actively transformed to digital economy.
Under the drive of policies, data sharing research of the internet of things is more and more, a batch of data sharing application cases emerge, but most of schemes adopt a centralized data management mode, the sharing degree is low, data cannot be changed, and therefore the value of the data cannot be released. The reason is that a reliable, open and transparent data sharing atmosphere is lacked just because more problems are exposed in the data sharing transaction process at present. The problems exposed in the data sharing process mainly include the following aspects:
(1) centralizing the data sharing problem. In a traditional data sharing case of the internet of things, a centralized data sharing model is generally adopted. This pattern allows data to be mostly concentrated in an organization or individual's hand, and the phenomenon of "data islanding" still exists. In addition, the centralized data sharing model is easy to cause the problem of single point failure, and the availability and stability of data and service are poor. Therefore, a decentralized data sharing model of the internet of things is designed, and the decentralized data sharing model is particularly important for a subsequent data sharing interaction link.
(2) And (5) data management and control problems. In the whole process of data sharing and circulation, data management and control run through each sub-link. In the context of data, i.e., assets, it is important to whom the data is managed. At present, in the data transaction process, most of data is stored on a large-scale data sharing platform in a centralized manner, and once an owner of the data shares out own data, subsequent transaction links are difficult to participate organically, so that the privacy of the data is easy to leak, which is also a reason that the data sharing is difficult at present. Most of common management and control mechanisms such as role-based access control RBAC and attribute-based access control mechanism ABAC depend on a centralized authorization decision server excessively, so that the problem of single-point failure is easily caused, the flexibility and expansibility are poor, and the requirements under the environment of the Internet of things cannot be met. And the access control mechanism CapBAC based on the capability can realize lightweight and distributed access control through a point-to-point management and control mode, and has great advantages in the aspect of access control of resources in the environment of the Internet of things.
In view of the above, the invention designs an internet of things data sharing model based on a block chain based on the technologies of the block chain, the IPFS and the like, and designs a capacity access control method based on the block chain based on the model. The decentralized data sharing is realized by introducing a block chain technology, and the data management and control problem in the data sharing process is realized by combining a capability access control technology.
Disclosure of Invention
The invention mainly aims to provide a block chain-based Internet of things data sharing model and a control method, and aims to solve the problems of centralized data sharing and data control. The system structure is shown in fig. 1.
The technical scheme adopted by the invention is the combination of the access control model based on the capability and the block chain, so that the sharing and circulation of the data of the Internet of things are realized. The scheme is realized by taking an Internet of things data sharing platform as a carrier. The platform is realized in a front-end and back-end separation mode, the front end is realized by an Vue framework, and the back end is used for front-end page calling in a restful API interface service mode realized based on Springboot + Mybatis. And for the selection of the block chain types, the characteristics of private chains, public chains and alliance chains are considered, and the combination networking data share a special scene, so the scheme selects the alliance chain as a bottom chain, establishes an alliance chain network in a Docker container mode, selects the development language of a chain code contract to be Go, stores the data on the chain into a LevelDB database on a block chain link point, and realizes the storage on the chain, the storage under the chain and the inquiry audit through Mysql and the alliance chain.
As shown in fig. 2, the block chain-based data sharing model of the internet of things mainly includes the following roles:
1 data consumers and providers
The data demand party refers to people or organizations with demands on the data of the internet of things, and the data demand party comprises scientific research organizations, government organs, universities, enterprises and the like. The data provider refers to a holder of the data set of the internet of things, including a company, a research institute, a government organization and the like, and shares ownership of the data.
2 sharing platform client
The two transaction parties interact through functions of data request, data release, data browsing and the like provided by the platform client.
3 System service (RESTful service)
The system service serves as an intermediate layer of the platform client and the block chain, provides RESTful interface calling for the shared platform client and is responsible for interacting with the block chain.
4IPFS distributed storage system
The IPFS distributed file system is responsible for storing the acquisition mode information of the data sets of the Internet of things, and comprises the format of data, the acquisition path of the data, the use method of the data and the like.
5-blockchain network
And the block chain stores the metadata information of the shared data set and the transaction data in the sharing process through related intelligent contracts.
A detailed flow chart of this model is shown in fig. 3.
Step one, data set publishing. The data provider issues metadata information such as a data type, a data purpose, a data owner, a data acquisition tool, a data summary and the like of a data set to be shared to a block chain through a data sharing platform, as shown in fig. 3.
And step two, issuing data acquisition path information. The data provider encrypts information such as the capacity size, the data format and the data acquisition address of the data through a key, uploads the information to the IPFS storage system in a file form to obtain an IPFS address, the sharing platform writes the IPFS address into the block chain, and the IPFS address is associated with metadata of a data set issued by the data provider through a contract, for example, the second step in FIG. 3 is performed.
And step three, requesting a data set. The data requiring party queries the existing data set through the data sharing platform, fills in data request information and initiates a data request, and the data sharing platform issues the data request to the block chain, as shown in fig. 3.
And step four, requesting authorization by the data set. The data request transaction triggers a corresponding intelligent contract on the chain, the block chain broadcasts and notifies the data request to a corresponding data provider node, and the data provider performs verification and authorization, for example, the fourth step in fig. 3.
And step five, the data request is passed. The data provider analyzes the received data request information, after authorization is granted, an authorization grant transaction is initiated to the block chain, the transaction carries key information, and the key is used for decrypting the encrypted file stored in the IPFS system, as shown in the fifth step in FIG. 3.
And step six, authorization information feedback. After receiving the authorized transaction information of the data provider, the blockchain encrypts the key through the digital certificate of the data demander, and returns the encrypted key and the IPFS address information to the data demander, as shown in fig. 3.
And seventhly, acquiring a data set. After receiving the encrypted key and the IPFS address, the data demander obtains the encrypted file through the IPFS address, then obtains the plaintext information of the file through decryption of the digital certificate, obtains the corresponding access information of the data, including the data obtaining mode, the data format, and the like, finally obtains the data set, calculates the summary information of the data set, and verifies whether the data is complete, as shown in (c) in fig. 3.
On the basis of model design, a block chain-based capability access control mechanism is fused for data management and control in a data sharing process, and the mechanism is shown in fig. 4 and mainly comprises the following steps:
step one, a data provider abstracts metadata information of a data set to be shared, wherein the metadata information comprises a data set name, a data set hash, an acquisition tool and the like, packages the metadata information and then issues the data to a block chain, and simultaneously encrypts an acquisition path of the data and then issues the encrypted data to an IPFS network in a file form, such as the first step in FIG. 4.
Step two, the data demand side browses the published data set and initiates a data request, wherein the request comprises the contact information and the affiliated unit of the demand side, the name of the requested data, the purpose of the data, the digital certificate of the demand side and the like, and the step two is as shown in fig. 4.
And step three, the block chain network informs the data provider node of the data request in a broadcasting mode, the provider receives the request, creates a capability token, encrypts the token and the secret key by the requester certificate, then issues the encrypted token and the encrypted secret key to the block chain, and transmits the encrypted token and the encrypted secret key to the data requester by the block chain broadcasting, as shown in the third step in fig. 4.
And step four, after the data requester obtains the capability token, the data requester re-initiates the data access request with the token, and after the data access request passes the verification, the block chain sends the IPFS address storing the data set acquisition path to the data requester, such as the address in the fourth step in FIG. 4.
And finally, the data requester obtains the encrypted data information file by accessing the IPFS address, obtains a key by decrypting the encrypted data information file through a certificate of the data requester, obtains a real acquisition address of the data by decrypting the encrypted data information file through the key, and acquires the data from the data provider.
Compared with the existing Internet of things data sharing model and control method, the Internet of things data sharing model and control method based on the block chain have the following advantages:
compared with the traditional data sharing scheme, the block chain-based Internet of things data sharing model removes a centralized data management center, returns data to a data provider, avoids the problem of single-point failure, and has the characteristics of decentralized management and transaction traceability.
Based on the design of the data sharing model of the internet of things based on the block chain, the data management and control method based on the block chain has higher flexibility and expandability compared with the traditional management and control method, realizes distributed access control, and better conforms to the data sharing scene of the internet of things.
2, the invention introduces CA certificate service in the data sharing and control process, guarantees the authenticity of data through asymmetric encryption technology and digital signature technology, and effectively avoids network attack and data leakage in the transaction process.
Drawings
FIG. 1 is a system architecture diagram
FIG. 2 is a diagram of a data sharing model
FIG. 3 is a data sharing interaction diagram
FIG. 4 is a diagram of data capability management
FIG. 5 is a diagram illustrating a certificate application
FIG. 6 is a schematic diagram of data distribution
FIG. 7 is a schematic diagram of a data request
FIG. 8 is a schematic diagram of token creation
FIG. 9 is a schematic diagram of a data request
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings. The specific steps of the implementation case are as follows:
step 001: and applying for the certificate. The data demand side and the data supply side open the certificate application service website to apply for the digital certificate, as shown in fig. 5.
Step 002: and (6) data publishing. The data demand side logs in the data sharing platform of the internet of things, clicks a data publishing page, fills in data related information and publishes data, and the data sharing platform is shown in fig. 6.
Step 003: and (6) requesting data. The data demander browses the existing data set list of the platform, clicks a data application page, and fills data request information including data demander, use time, token information and the like, as shown in fig. 7.
Step 004: and (4) token creation. After receiving the data request, the data provider creates a capability token and authorizes the capability token to the data demander through the block chain, as shown in fig. 8.
Step 005: carrying token request data. And after receiving the permission token, the data demand party carries the token to initiate the data request again. After the block chain is verified, the block chain is returned to the data demand side to obtain the mode, as shown in fig. 9.
Step 006: after the data demand side and the data supply side reach the transaction, the transaction detail record can be inquired through the data sharing platform client.
In the implementation case of the invention, the data is selected from the internet of things data collected in a university campus, including data such as temperature, humidity and illumination intensity, a Fabric block chain network is built on 4 Centos 7 servers, and a CA service is built on a Window Server 2008 Server. The data provider issues data through step 002, the data requester browses the data sets issued by the platform, the data request is initiated through step 003, the data provider creates a token through step 004 to perform authorization, the data demander acquires the data sets through step 005, and the data demander and the data provider inquire the transaction records through step 006.
Claims (4)
1. The utility model provides a thing networking data sharing mode system based on block chain which characterized in that: the following roles are included:
1) data demander and provider
The data demand party refers to people or organizations with demands on the data of the Internet of things, and the data demand party comprises scientific research organizations, government organs, universities, enterprises and the like; the data provider refers to a holder of the data set of the Internet of things, including a company, a research institute, a government organization and the like, and shares ownership of the data;
2) shared platform client
The two transaction parties interact through functions of data request, data release, data browsing and the like provided by the platform client;
3) system service
The system service is used as a middle layer of the platform client and the block chain, provides RESTful interface calling for the shared platform client and is responsible for interacting with the block chain;
4) IPFS distributed storage system
The IPFS distributed file system is responsible for storing the acquisition mode information of the data set of the Internet of things, including the format of the data, the acquisition path of the data and the use method of the data;
5) block chain network
And the block chain stores the metadata information of the shared data set and the transaction data in the sharing process through related intelligent contracts.
2. The system of claim 1, wherein the system comprises: the method of implementation of the system is as follows,
step one, publishing a data set; the data provider issues metadata information such as data type, data use, data owner, data acquisition tool, data abstract and the like of a data set to be shared into a block chain through a data sharing platform;
step two, data acquisition path information is issued; the data provider encrypts information such as the capacity, the data format and the data acquisition address of data through a key, uploads the information to an IPFS storage system in a file form to obtain an IPFS address, and the sharing platform writes the IPFS address into a block chain and is associated with metadata of a data set issued by the data provider through a contract;
step three, requesting a data set; a data demand party inquires an existing data set through a data sharing platform, fills in data request information and initiates a data request, and the data sharing platform issues the data request to a block chain;
step four, the data set requests authorization; the data request transaction triggers a corresponding intelligent contract on the chain, the block chain broadcasts and notifies the data request to a corresponding data provider node, and the data provider performs verification and authorization;
step five, the data request passes; the data provider analyzes the received data request information, and initiates an authorization agreement transaction to the block chain after the authorization agreement, wherein the transaction carries key information, and the key is used for decrypting an encrypted file stored in the IPFS system;
step six, authorization information feedback; after receiving the authorized transaction information of the data provider, the blockchain encrypts the key through the digital certificate of the data demanding party and returns the encrypted key and the IPFS address information to the data demanding party;
step seven, acquiring a data set; after receiving the encrypted key and the IPFS address, the data requiring party acquires the encrypted file through the IPFS address, then decrypts the encrypted file through the digital certificate to acquire plaintext information of the file, acquires corresponding access information of the data, including a data acquisition mode and a data format, and finally acquires a data set, calculates summary information of the data set, and verifies whether the data is complete.
3. The system of claim 1, wherein the system comprises: the method is used for controlling data in a data sharing process and comprises the following steps:
the method comprises the steps that firstly, a data provider abstracts metadata information of a data set to be shared, wherein the metadata information comprises a data set name, a data set hash, an acquisition tool and the like, packages the metadata information and then issues the metadata information to a block chain, and simultaneously encrypts an acquisition path of data and then issues the encrypted data to an IPFS network in a file form;
secondly, browsing the published data set by the data demand side, and initiating a data request, wherein the request comprises a contact way and a unit of the request side, a data name of the request, a data purpose and a digital certificate of the request side;
step three, the block chain network informs the data provider node of the data request in a broadcasting mode, the provider receives the request, creates a capability token, encrypts the token and the secret key by a requester certificate, then issues the encrypted token and the encrypted secret key to a block chain, and transmits the encrypted token and the encrypted secret key to the data requester by the block chain broadcasting;
after the data requester obtains the right token, the data requester carries the token to initiate a data access request again, and after the data access request passes the verification, the block chain sends the IPFS address storing the data set acquisition path to the data requester;
and finally, the data requester obtains the encrypted data information file by accessing the IPFS address, obtains a key by decrypting the encrypted data information file through a certificate of the data requester, obtains a real acquisition address of the data by decrypting the encrypted data information file through the key, and acquires the data from the data provider.
4. The system of claim 1, wherein the system comprises: the system comprises the following specific steps:
step 001: applying for a certificate; a data demand side and a data provider side open a certificate application service website to apply for a digital certificate;
step 002: data are issued; a data demand party logs in the Internet of things data sharing platform, clicks a data release page, fills in data related information and releases data;
step 003: requesting data; the data demander browses the existing data set list of the platform, clicks a data application page, and fills data request information including the data demander, the service time and the token existence information;
step 004: creating a token; after receiving the data request, the data provider creates a capability token and authorizes the capability token to the data demander through a block chain;
step 005: carrying token request data; after receiving the right token, the data demand party carries the token to initiate a data request again; after the block chain is checked, returning the block chain to a data demand side for obtaining a mode;
step 006: after the data demand side and the data supply side reach the transaction, the transaction detail record is inquired through the data sharing platform client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110958642.2A CN113821808A (en) | 2021-08-20 | 2021-08-20 | Block chain-based Internet of things data sharing model and management and control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110958642.2A CN113821808A (en) | 2021-08-20 | 2021-08-20 | Block chain-based Internet of things data sharing model and management and control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113821808A true CN113821808A (en) | 2021-12-21 |
Family
ID=78923075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110958642.2A Pending CN113821808A (en) | 2021-08-20 | 2021-08-20 | Block chain-based Internet of things data sharing model and management and control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113821808A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860707A (en) * | 2023-06-13 | 2023-10-10 | 北京科技大学 | Material genetic engineering big data safe sharing method and system based on block chain |
-
2021
- 2021-08-20 CN CN202110958642.2A patent/CN113821808A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860707A (en) * | 2023-06-13 | 2023-10-10 | 北京科技大学 | Material genetic engineering big data safe sharing method and system based on block chain |
| CN116860707B (en) * | 2023-06-13 | 2024-02-13 | 北京科技大学 | Material genetic engineering big data safe sharing method and system based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111914269B (en) | Data security sharing method and system in blockchain and cloud storage environment | |
| CN109858258A (en) | Government data based on block chain exchanges method and device | |
| CN110109930A (en) | Government data storage, querying method and system based on block chain duplex structure | |
| CN112036886B (en) | Block chain-based power big data exchange method and system | |
| CN101977184B (en) | Multi-identity selection landing device and service system | |
| CN111061982B (en) | News information publishing and managing system based on block chain | |
| CN110636057B (en) | Application access method and device and computer readable storage medium | |
| CN114205136A (en) | Traffic data resource sharing method and system based on block chain technology | |
| Gudymenko et al. | Privacy-preserving blockchain-based systems for car sharing leveraging zero-knowledge protocols | |
| CN109003207A (en) | Residence permit information processing method and platform based on block chain | |
| CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
| Yang et al. | Application of blockchain in internet of things | |
| Khan et al. | Enhanced decentralized management of patient-driven interoperability based on blockchain | |
| Jiang et al. | Research on the application of blockchain in copyright protection | |
| CN113821808A (en) | Block chain-based Internet of things data sharing model and management and control method | |
| Yánez et al. | Architecting internet of things systems with blockchain: A catalog of tactics | |
| Palaniappan et al. | Generation of multiple key based on monitoring the user behavior | |
| Zhang et al. | A traceable and revocable multi-authority attribute-based access control scheme for mineral industry data secure storage in blockchain | |
| CN116842573A (en) | Hierarchical encryption privacy protection method based on blockchain | |
| KR102419853B1 (en) | Permission type blockchain platform authentication method and system using DID certificate based on blockchain | |
| KR20200048708A (en) | Method for providing encryption communication in a distributed computing resource shring system based on block chain | |
| CN115664760A (en) | Data transmission system based on cross-chain architecture and identity privacy protection | |
| Sabzmakan et al. | An improved distributed access control model in cloud computing by blockchain | |
| CN111682934A (en) | Storage, access and sharing method and system for comprehensive energy metering data | |
| Tariq et al. | Leveraging Fine-Grained Access Control in Blockchain-Based Healthcare System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |