CN114239044A

CN114239044A - Decentralized traceable shared access system

Info

Publication number: CN114239044A
Application number: CN202111224033.0A
Authority: CN
Inventors: 田桂申; 李尧; 任春雷; 白雪娇; 屈春一; 刘丽娟; 曹阳; 朱继阳; 李琰; 赵璐
Original assignee: China Times Economic Publishing House Co ltd; State Grid Inner Mongolia East Electric Power Co ltd Comprehensive Service Branch; Information and Telecommunication Branch of State Grid East Inner Mogolia Electric Power Co Ltd; State Grid Eastern Inner Mongolia Power Co Ltd
Current assignee: China Times Economic Publishing House Co ltd; State Grid Inner Mongolia East Electric Power Co ltd Comprehensive Service Branch; Information and Telecommunication Branch of State Grid East Inner Mogolia Electric Power Co Ltd; State Grid Eastern Inner Mongolia Power Co Ltd
Priority date: 2021-10-18
Filing date: 2021-10-18
Publication date: 2022-03-25
Anticipated expiration: 2041-10-18
Also published as: CN114239044B

Abstract

The invention provides a decentralized traceable shared access system, which comprises: an authentication node and a consensus node; the authentication node is used for realizing management of users, management of document data and services and maintenance of data access information based on each functional module deployed on the node; the shared access system is based on the block chain technology, guarantees the authenticity and contract execution force of data, achieves decentralization and achieves safe data management of data sharing.

Description

Decentralized traceable shared access system

Technical Field

The invention relates to the technical field of data security, in particular to a decentralized traceable shared access system.

Background

In the operation process of the management information system, a large amount of data is generated, the data relates to a plurality of subsystems associated with the management information system, the data is subjected to system management, and even when the data is shared externally, the legality of data sharing is solved, for example, the data in enterprise audit may relate to department special conditions, and the problem of how to share the data when facing uncertain risks or regulations; the security and rights of data are solved: when the data is used by a target user, risks of being copied, stored and tampered exist, and the data cannot be guaranteed. If data is not shared, each user or service system can form an information isolated island, and extra workload can be brought to the management information system.

Data management schemas that manage information systems generally include a data hosting schema and a data summarization schema. In the hosting mode, data are hosted to a central database of a specific business system, and the central database is used for unified management and operation and maintenance. In the summary mode, data of different service systems are connected through an API (application programming interface), and a data transfer system interacts with a data owner and returns a query result.

However, the disadvantage in the managed mode is that the security of the data is not high, and the rights of use of the user are all dependent on the integrity of the managed system. The data of different business systems seems to be managed independently in the summarization mode, but the final data summarization has complete capability and also has an opportunity to retain the data of each business system.

Disclosure of Invention

In order to solve the problems in the prior art, the invention provides a decentralized traceable shared access system, which comprises an authentication node and a consensus node;

the authentication node is used for managing users, document data and services and maintaining data access information based on each functional module deployed on the authentication node;

the consensus node is used for carrying out safety management on users accessing the consensus node, initiating a data sharing request and providing data sharing service according to the data sharing request based on each function module deployed on the consensus node;

wherein the consensus node is further configured to receive a statistical profile, wherein the statistical profile comprises a network location of the consensus node and a performance specification of the consensus node, and wherein the shared access system implements a de-centric architecture comprising a plurality of types of peer-to-peer connections layered over a CDN network having a plurality of CDN servers for providing a first set of segments of document data to the consensus node;

wherein when the CDN server receives a caching instruction sent by a consensus node, the CDN server returns a subset of the first set of segments of the document data, wherein the caching instruction is generated based on the statistical profile;

when a data user in the shared access system sends a request for accessing a plurality of target fragments of document data to the CDN server, the CDN server extracts the content type of the requested document data and the network position of the data user from the received request; selecting a plurality of consensus nodes from the consensus nodes currently active in the shared access system to provide access to a plurality of target segments of document data, generating a cache list, wherein the plurality of consensus nodes are selected based on a network location of a data consumer user, a network location of a consensus node, and a content type of the requested document data; and transmits the generated cache list to the data user.

Preferably, the authentication node further determines an optimal distribution state of the plurality of pieces of document data to two or more common nodes of the network;

wherein the optimal distribution state defines an identity of each of the two or more consensus nodes needing to download the plurality of segments of the document data from the CDN server; caching a plurality of target fragments of the document data by a plurality of common identification nodes in the cache list;

the caching instructions are further generated based on a content priority of the document data;

the consensus node, in response to receiving a request for an identity of a user, transmits the identity to the user for use in the shared access system.

Preferably, the consensus node in the cache list confirms that the payment authorization certificate of the authentication node is received before being authorized to share the document data with the data consumer user, and after the user receives the target segments of the document data from the consensus nodes, the consensus node receives the service response signed by the data consumer user and then sends updated off-chain transactions to the consensus nodes, wherein the off-chain transactions accumulate total payment amount for determining the payment amount in the target segments comprising the document data.

Preferably, the functional modules deployed on the authentication node and the consensus node include: the intelligent contract management system comprises a physical module, an intelligent contract module, a dynamic module, a front-end module and an application module;

the physical module is used for packaging all infrastructure supporting the realization of the intelligent contract;

the intelligent contract module is used for encapsulating static contract data;

the dynamic module is used for packaging dynamic operation on the static contract data in the intelligent contract module;

the front-end module is used for encapsulating a protocol and a voting mechanism;

the application module is used for encapsulating each scene and application in the service flow.

Preferably, the physical module comprises: a distributed ledger, development environment and a predictive machine;

the distributed account book is used for recording all data processing process data on the shared access system;

the development environment comprises a starting node realized based on computer codes, a contract deployment and a contract calling;

and the predicting machine carries out security management on the data source of the encryption storage system based on the security rule of the block chain.

Preferably, the initiating the data sharing request includes:

when a data user needs to use project information of a certain participated service, searching whether a corresponding index exists on a block chain or not;

if so, the data user initiates a data request to the data owner based on the block chain; otherwise, the data consumer initiates a data request based on the block chain.

Preferably, the providing of the data sharing service according to the data sharing request includes:

and after the data owner extracts the public key information and confirms that the data user is in a legal role, the data meeting the standard requirement is encrypted by using the public key and signed by using a private key to generate an encrypted data packet, and the encrypted data packet is sent based on the block chain.

Preferably, said confirming that the data consumer is in a legitimate role comprises: the confirmed data user is a legal user.

Preferably, the managing the user includes: and auditing the roles and attributes of the users who join the block chain.

Preferably, the maintaining data access information includes:

auditing the data information in the block chain, sending a data certificate and storing the data certificate;

establishing index information for the data information in the block chain and storing the index information;

storing data sharing requests initiated by data users and storing data sharing services provided by data owners.

Compared with the prior art, the invention has the beneficial effects that:

1. the shared access system constructed by the invention is based on the block chain technology, thereby ensuring the authenticity of data and contract execution power, realizing decentralization and realizing the data management method of data sharing;

2. the sharing access system constructed by the invention is applied to a business system, the effective management of enterprise document data is realized, the document data is safely shared by a business subsystem, the process is public and transparent, the integrity, the authority confirmation and the traceability of the data are ensured by the whole process;

3. the technical scheme provided by the invention has the advantages that the judgment on the legal role comprises data flow validity verification and data use permission verification, and the double verification ensures the data use safety and conforms to the stricter safety limit of the service on the data.

Drawings

FIG. 1 is a schematic diagram of a decentralized traceable shared access system architecture according to the present invention;

FIG. 2 is a diagram of an intelligent contract model architecture of the present invention;

FIG. 3 is a flow chart of a data management implementation of the present invention;

FIG. 4 is a diagram of data indexing information provided by the present invention;

fig. 5 shows the operation of the system of the present invention.

Detailed Description

The invention utilizes the decentralized data management mode provided by the block chain to establish a plurality of service systems of the management information system and the alliance chain of external users, establishes an intelligent contract on the block chain through a predetermined identification mechanism, automatically identifies the reasonability of the audit behavior of the users in the whole audit process, generates and chains blocks through the common identification of a plurality of main bodies on the alliance chain, applies and processes data of each user to form data blocks, and performs automatic authentication, wherein each data block contains a batch of network interaction information, thereby preventing the document data from being falsified or forged, and realizing that the access records of the document data can trace and verify the validity of the information.

Because of the characteristics of distrust removal, decentralization, collective maintenance and reliable database based on the block chain technology, all related business system users are participated in the whole process of data management on the aspect of constructing a shared access system and applying the shared access system to the data management of a management information system, so that the work flow is in a transparent and supervised state, and all operations can not be falsified.

For a better understanding of the present invention, reference is made to the following description taken in conjunction with the accompanying drawings and examples.

Example 1:

the invention provides a decentralized traceable shared access system, which adopts a block chain technology, as shown in figure 1, and consists of a plurality of nodes, wherein the nodes are used for connecting a plurality of service systems, and the main functions of the nodes comprise receiving messages of the service systems; finishing the generation and submission of a block chain of self-owned data information; and the safety of the communication process is ensured. The method comprises an authentication node and a consensus node.

1) Common area on chain: the main service system is used as a public area, the connection between the personnel is realized by organizing a user authority system, and the management of the original members and the newly added members is realized by an authentication mechanism. The method comprises the steps of (adopting a multi-ticket passing principle, for example, adding a member to a chain, requiring the confirmation of the personnel on the existing chain, and after most of the members are confirmed, representing a legal added member, and similarly, other members operate, such as delete, and change the authority) realizing the recording of the data change process by maintaining a common record block chain, and establishing a data specification, a use rule and data tracing. The authentication node is assumed by the authentication node, and the authentication node is elected by members on the chain or directly designated.

2) Member region on chain: each member will keep a backup of the public record block chain, supervise the correctness of the data record of the block chain in the main service flow, and simultaneously maintain the document data used for sharing by the member, which is realized by each consensus node.

The authentication node further determines an optimal distribution state of the plurality of pieces of the document data to two or more consensus nodes of the network;

The common identification nodes in the cache list confirm that the payment authorization certificate of the authentication node is received before being authorized to share the document data to the data user, and after the user receives the target fragments of the document data from the common identification nodes, the common identification nodes receive the service response signed by the data user, and then send updated off-link transactions to the common identification nodes, wherein the total payment amount is accumulated in the off-link transactions and is used for determining the payment amount in the target fragments comprising the document data.

In the preprocessing stage of the consensus process, the consensus node collects the transactions in the transaction memory pool, packages the transactions into blocks and broadcasts the blocks to other nodes for consensus. The current consensus node broadcasts < precons, h, dig, block, s > pre-consensus messages to other nodes, wherein: precons represents that the message type is a pre-consensus message; h represents the block height; dig represents the digest of the block, i.e., the block hash value, which is the content of the entire block, including the collected transactions and the signatures of all transactions.

After all other common identification nodes receive the precons message sent by the current common identification node, the message is verified firstly, the digest, the block height and the signature validity are checked, all transactions in the message are verified after the verification is finished, the signed message < convs, h, dig, i > is sent to the current common identification node after the verification is error-free, and the convs represents that the message type is a common identification ready message.

When the convs information sent by each consensus node is monitored, the current consensus node verifies each convs information, and the verification is collected when the verification is passed. Once the master node collects 2f +1 signatures, verifies the batch of signatures and assembles the verified signatures into a signature, and broadcasts a submission message of < h, d, asign, n >, wherein asign is the synthesized signature after the summarization, n refers to the ID list of all the consensus nodes participating in the summarized signature, and f is the number of all the consensus nodes; the nodes which receive the submitted message later can utilize the public key of the nodes which participate in the signature to verify whether the signature is correct, and at the moment, after all the common identification nodes receive the summary signature of the current common identification node, if the signature is correct, the block is linked to the chain tail of the block chain, so that the synchronization is completed, and the fact that all the common identification nodes can verify the authenticity of the summary signature according to the public key of the nodes which participate in the signature under the condition that full broadcast communication is not needed is achieved.

In the final confirmation phase, in order to send information to the consensus master node of the next round, a timeout threshold t is set, and if the next round of nodes receives more than half of the confirmation messages before t, which proves that most nodes are ready, the consensus process of the next block can be entered in advance. If the message of more than half of the nodes is not received within the overtime threshold t, the completed consensus result is retransmitted to the other consensus nodes, and then the next round of consensus process is performed.

In order to prevent a certain consensus node from intentionally not answering, if each consensus node does not receive the response of the current consensus node within the designated time t, the current consensus node is considered to have a fault, a next round of new consensus node is selected, and the next round of new consensus node continuously monitors the messages sent by each consensus node to verify whether the block heights in the messages are consistent. After 2f +1 messages are collected, the signatures of the messages are verified, the verified signatures are gathered into a summary signature, and common identification node change messages (next, v, h, asign, n) are packaged and broadcast to all common identification nodes, wherein n refers to a list of all nodes participating in the summary signature, verification of all common identification nodes is facilitated, and next represents that the message type is a message for changing the common identification node into the next round of common identification node. Finally, after receiving the next message sent by the next round of common identification nodes, each common identification node verifies the collected signature, and after the verification is finished, a verification response message is sent to the main node of the next round to indicate that the verification is passed, and the main node of the next round starts to pack blocks and starts to perform block common identification of the new round.

Example 2:

each node on the block chain adopts an intelligent contract scheme, and is realized by using an intelligent contract model shown in fig. 2, and the method specifically comprises the following steps:

a physical module: all infrastructures supporting intelligent contract implementation are packaged, including distributed accounts, development environments, language prediction machines and the like.

Distributed account book: the execution and interaction of the intelligent contract need to be realized by technologies such as a consensus algorithm, a communication network and the like, and the final execution result is recorded into a distributed ledger maintained by all nodes. In the invention, the data content of the access system is shared by using the distributed account book records.

And (3) developing environment: the intelligent contract can be regarded as a computer program running on a block chain, and as the computer program, development, deployment and debugging relate to a development environment.

Prediction machine: to ensure the security of the blockchain network, the intelligent contract is generally operated in an isolated sandbox execution environment, and the prediction machine may provide a trusted sandbox external data source for outside contract query or triggering contract execution. Meanwhile, in order to keep the contract execution results of the distributed nodes consistent, the intelligent contract also realizes randomness by inquiring the prediction machine. In the invention, the prediction machine is a data source for ensuring a credible encryption storage system.

The intelligent contract module: static contract data is packaged, including contract terms agreed by contract parties, auditing methods, coded context-response rules, contract and external interaction criteria specified by a contract creator, contract-to-contract interaction criteria and the like. The intelligent contract module can be regarded as a static database of the intelligent contract and encapsulates all intelligent contract invoking, executing and communication rules.

A dynamic module: a series of dynamic operations of the static contract data in the intelligent contract module are packaged, and the dynamic operations comprise mechanism design, form verification, security check and the like. The application of the intelligent contract usually concerns the interests of every department of an enterprise, the malicious, wrong and leaked intelligent contract brings huge loss, and the dynamic module is the key for ensuring that the intelligent contract can operate correctly, safely and efficiently according to the will of a designer.

A front-end module: encapsulating the intelligent agent in a form embodied in the application of the invention. Including Decentralized application (DApp), Decentralized organization (DAO); a decentralized application is a contract or set of contracts that are executed according to conditions set on the blockchain based on the transaction protocol defined by the etherhouse. Decentralized organization is a node-based voting mechanism used in the present invention.

An application module: the intelligent contract is packaged in the application scene of the invention, and the access system is shared.

In the execution stage of the intelligent contract, the authentication node firstly records the current version of the first intelligent contract locally; upon executing a current version of a first smart contract using a plurality of parameters that identify an authentication node to be retrieved and the first authentication data, and configuring a second smart contract to include authentication data from the authentication node based on an access transaction of the authentication node and based on attributes of a blockchain ledger entry address that identifies a candidate authentication node different from the current authentication node, thereby enabling an access transaction of a second smart contract based on the first authentication data from the authentication node and based on the blockchain ledger entry address.

In a preferred embodiment, executing the current version of the first smart contract further comprises: cyclically monitoring a plurality of consensus nodes for a plurality of data visitor user-specified documents of interest, wherein the plurality of data visitor user-specified documents of interest comprise asset transfers for a data visitor user-specified digital wallet; and transmitting results of access transactions of a second intelligent contract to a plurality of consensus nodes based on the first authentication data from the authentication node and based on the blockchain ledger entry address. Transmitting a result of the second smart contract to an encrypted digital wallet configured to receive a portion of a dedicated encrypted token.

In executing the current version of the first smart contract, a plurality of requesting user-specified document of interest information of the plurality of consensus nodes is cyclically monitored by cyclically executing the access transactions of the second smart contract only when the predefined confidence indication reaches a threshold value, wherein the plurality of data visitor user-specified document of interest information includes transactions pertaining to a data visitor user-specified digital wallet.

After executing the current version of the first intelligent contract, an access transaction of a second intelligent contract is transmitted to the candidate authentication node.

Example 3:

the users in the invention have 3 roles, the data users and the data service parties are other business systems, and the data owners are main business systems.

1) Data owner: and the data of each business system is used for tracking the use process of the data as required by maintaining the data of the shared document and providing external data query service.

2) The data user: the business system initiates data usage requirements and obtains marked data usage rights.

3) The data service side: meanwhile, the owner and the user are served, the circulation order is maintained and the relevant conditions are recorded by recording the data circulation process.

As shown in fig. 3, another aspect of the present invention provides a data management implementation method, including:

the first step is as follows: the service system carries out system implementation and deployment and publishes a public key, a data access rule, access content, an access mode and a standard format of data sharing of the system.

The second step is that: and the user of the related service system joins the block chain and passes the audit.

The third step: and sending the data certificate to a business system.

The fourth step: and submitting data index information. Fig. 4 shows an example diagram of data index information.

The fifth step: and verifying all received index information, summarizing verified records, and adding the summarized records into the block to form a block chain.

Example 4:

based on this, the operation process of the shared access system of the present invention is as follows:

1. when a data user needs to use project information of a certain participating service, whether a corresponding index exists on a block chain is searched first, and real data content is not acquired. If the index exists, all information of the index is obtained, including information description, key information (public key and private key), signature and the like. The encryption algorithm adopted by the private key comprises the following steps: DES, 3DES, TDEA, Blowfish, Scr2, Scr4, Scr5, IDEA, PKIPJACK, AES, etc.; the encryption algorithm adopted by the public key comprises the following steps: RSA, Elgamal, knapsack Algorithm, Rabin, D-H, ECC, etc.;

2. the data user initiates a data request through the service main system, the data request comprises a HASH value of a data service main keyword generated by a HASH algorithm, key information, request requirements and the like, if a corresponding index exists, the data request is sent to a department needing to provide data, and if the corresponding index does not exist, the data user initiates a request to wait for the data owner user to complete the service and then responds to the request.

3. After the data owner user extracts the public key information and confirms that the data user is a legal role (the legal role includes that the confirmed data user is a legal user), the data meeting the standard requirement is encrypted by using the public key and signed by using a private key to generate an encrypted data packet, and the encrypted data packet is sent to the service main system.

4. The service main system uses the private key to decrypt the record and check whether the record is the requested HASH value after the public key is extracted and the validity is verified, and if the record is the requested HASH value, the data is used to form a transaction record. The process is shown in fig. 5. In fig. 5, Block1 represents a distributed Block; header indicates a main key information index, Body indicates information content, and Signature is a Signature and indicates personal information. The data user appoints users for the data service and comprises the following steps: determining project information according to the primary key words of the data service, extracting related users from a pre-stored user information list participating in the data service in the service, determining whether the data visitor user belongs to the related users, and if so, considering that the data user designates the user for the data service. The role verification of the invention comprises double verification of data flow validity verification and data use permission verification, and the data use safety is ensured on the basis of ensuring the safety of the audit flow.

In the invention, after public key encryption and private key signature, an encrypted data packet is generated.

In a preferred embodiment, the authentication node of the shared access system and the service main system jointly generate a key SK and a re-encryption key based on a smart contract; and sending the data related to the user attribute to a service main system and a shared access system, and finishing re-encryption by using a decentralized shared access system.

Firstly, a service main system generates a system public key and sends the system public key to a data owner; the data owner encrypts the data by using a system public key and an access strategy and uploads the data to the shared access system; the data owner returns the data identifier and the access strategy to the service main system, and the service main system writes the data identifier and the access strategy into the block chain;

the data accessor sends a registration request to the system, the authentication node performs attribute verification on the data accessor and sends a user key, and then an attribute set is written into a block; the business main system reads the users and the attribute sets thereof in the blocks and sends attribute keys to the corresponding users; the service main system compares the data identification and the access strategy in the block and sends the re-encrypted key to the shared access system; the data accessor downloads the re-encrypted text stored on the shared access system and performs a decryption operation.

The node identity is described in a tree structure, and the identity is verified in a certificate chain mode. The intelligent contract codes running on the nodes all participate in the authentication and authorization blockchain operation. The node identity certificate consists of three parts: [ Scr, psk, ppk ], namely the self-signed certificate Scr, the system private key psk and the system public key ppk. Scr contains a document with attributes related to the certificate holder and a digital signature encrypted by a psk, ppk being used to verify the validity of the root certificate.

HGN [ i, j ] may take the value 1 or 0, and when it is 0, it indicates that the ith row organization does not have the authority of the jth column in its channel, otherwise, it has the authority.

Example 5:

the shared access system of the present invention further includes a data supervision process. The supervision content comprises the normalization and the quality of data provided by a data owner user, whether a service system is used maliciously or not and whether the risk of data leakage exists or not in the process. The preferred procedure is as follows:

the data owner first interacts with the authentication node and obtains global authentication parameters. The data owner then generates a finite field and a distribution function F. Then, the data owner initializes the hierarchical structure of the business system users and allocates two-dimensional tensor (A) to each business system user_i，B_i). And finally, calculating a connection matrix in the global authentication parameters by the data owner through the operation of the distribution function F on the tensor. Tensor B per service system user_iThe product of the corresponding public tensor is its corresponding encryption key

If the two business systems do not have a hierarchical relationship, the tensor product associated with the two is zero. If the user has the hierarchical relationship, the encryption key of the user of the next-level service system can be calculated and obtained through the tensor of the user of the previous-level service system.

The connection matrix is obtained by the following process:

the data owner is a service system user V_iRandomly selecting tensor A_i＝(a_i，1，a_i，2) And B_i＝(b_i，₁，b_i，2). All tensors A_iMapping to a new tensor W by a distribution function F_i。

Data owner will B_iConversion to an n-dimensional tensor F_i。γ_i，1＝b_i，1、γ_i，2＝b_i，iAnd gamma for j ≠ 1, i_i，j0; obtaining a set gamma of n-dimensional tensors₁＝(γ_1，1，γ_1，2，0，…，0)；Γ₂＝(γ_2，1，γ_2，2，0，…，0)；Γ_n＝(γ_n，1，0，…，0，γ_n，n)；

Computing matrices

Judging tensor gamma₁，Γ₂…Γ_nWhether or not it is relevant. If so, reselect B₁，B₂…B_n. Otherwise, an encryption key is selected for each class and a connection matrix A is calculated. I.e. for each service system user V_iThe data owner randomly selects its own encryption key

Definition of

And Φ ═ Φ₁，…，Φ_n]^TIf the gamma is equal to phi, then the gamma is multiplied by A;

solving the equation set in the step to obtain A ═ Γ^-1×Φ；

The data owner will pass through the secure channel

V sent to service system user_iAnd sends F and a to the authentication node.

The method of the invention can produce the following beneficial effects:

1) all the information on the index chain contains a specific service system key, and the original text cannot be derived, so that the risk of leakage is avoided.

2) Data request and response between the operating system and the data owner are realized, no third party participates, and no leakage risk exists in the process.

3) The data packet can be decrypted only by the private key of the service system, and the risk of third party disclosure is avoided.

4) The final use result of the data is generated into a transaction chain of a business system, so that the trace marking is realized and the traceability is realized.

It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on a variety of computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The present invention is not limited to the above embodiments, and any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of the present invention are included in the scope of the claims of the present invention which are filed as the application.

Claims

1. A decentralized traceable shared access system is characterized by comprising an authentication node and a consensus node;

2. The system of claim 1, wherein the authentication node further determines an optimal distribution state of the plurality of pieces of document data to two or more consensus nodes of the network;

3. The system of claim 1, wherein a consensus node in the cache list confirms receipt of the payment authorization certificate of the authentication node before being authorized to share document data to a data consumer subscriber, and after the subscriber receives target segments of document data from a plurality of consensus nodes, the consensus node receives a service response signed by the data consumer subscriber and then sends updated off-link transactions to the plurality of consensus nodes, the off-link transactions accumulating total payment credits for determining payment credits in the target segments including the document data.

4. The system of claim 1, wherein the respective functional modules deployed on the authentication node and the consensus node comprise: the intelligent contract management system comprises a physical module, an intelligent contract module, a dynamic module, a front-end module and an application module;

the intelligent contract module is used for encapsulating static contract data;

5. The system of claim 4, wherein the physical module comprises: a distributed ledger, development environment and a predictive machine;

6. The system of claim 5, wherein the initiating the data sharing request comprises:

7. The system of claim 5, wherein the providing the data sharing service according to the data sharing request comprises:

8. The system of claim 7, wherein confirming that the data consumer is a legitimate role comprises: the confirmed data user is a legal user.

9. The system of claim 5, wherein said managing the user comprises: and auditing the roles and attributes of the users who join the block chain.

10. The system of claim 5, wherein the maintaining data access information comprises: