CN114546271B - Data read-write method, device and system based on block chain - Google Patents
Data read-write method, device and system based on block chain Download PDFInfo
- Publication number
- CN114546271B CN114546271B CN202210152331.1A CN202210152331A CN114546271B CN 114546271 B CN114546271 B CN 114546271B CN 202210152331 A CN202210152331 A CN 202210152331A CN 114546271 B CN114546271 B CN 114546271B
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- read
- target data
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000013523 data management Methods 0.000 claims abstract description 150
- 238000007726 management method Methods 0.000 claims abstract description 72
- 239000003999 initiator Substances 0.000 claims abstract description 26
- 230000000977 initiatory effect Effects 0.000 claims abstract description 9
- 230000004044 response Effects 0.000 claims abstract description 5
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 230000003993 interaction Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0604—Improving or facilitating administration, e.g. storage management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0637—Permissions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/067—Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
Abstract
One or more embodiments of the present disclosure provide a method, apparatus, and system for data reading and writing based on a blockchain. The system comprises: the system comprises a client, a data management platform and a blockchain system; the client is used for initiating a data read-write request to instruct the data management platform to read or write target data belonging to a target data packet; the data management platform is used for receiving the data read-write request and initiating a management transaction for the target data to the blockchain system under the condition that a request initiator account of the data read-write request has read-write authority for the target data packet based on the management authority information of a pre-recorded user account for each data packet; the block chain system is used for storing data belonging to each data packet submitted by the data management platform in a block chain; and performing a read operation or a write operation for the target data in response to the management transaction.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of blockchain, and in particular, to a method, an apparatus, and a system for reading and writing data based on blockchain.
Background
The blockchain technology (also called as distributed ledger technology) is a decentralised distributed database technology, has the characteristics of decentralization, disclosure transparency, non-tampering, trust and the like, and is suitable for application scenes with high demands on data reliability.
In view of the above advantages of blockchain technology, many users choose to store data to the blockchain system to ensure the security of the data.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide a method, apparatus, and system for data reading and writing based on a blockchain.
In order to achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, there is provided a blockchain-based data read-write system, comprising: the system comprises a client, a data management platform and a blockchain system; wherein,
the client is used for initiating a data read-write request to instruct the data management platform to read or write target data belonging to a target data packet;
the data management platform is used for receiving the data read-write request and initiating a management transaction for the target data to the blockchain system under the condition that a request initiator account of the data read-write request has read-write authority for the target data packet based on the management authority information of a pre-recorded user account for each data packet;
The block chain system is used for storing data belonging to each data packet submitted by the data management platform in a block chain; and performing a read operation or a write operation for the target data in response to the management transaction.
According to a second aspect of one or more embodiments of the present disclosure, a data read-write method based on a blockchain is provided, which is applied to a data management platform, and includes:
receiving a data read-write request initiated by a client, wherein the data read-write request is used for indicating the data management platform to read or write target data belonging to a target data packet;
in the case that the request initiator account of the data read-write request is determined to have read-write authority for the target data packet based on the pre-recorded management authority information of the user account for each data packet, initiating a management transaction for the target data to a blockchain system to instruct the blockchain system to execute a read operation or a write operation for the target data;
the block chain system is used for storing data submitted by the data management platform and belonging to each data packet in a block chain.
According to a third aspect of one or more embodiments of the present disclosure, there is provided a blockchain-based data writing and reading device, applied to a data management platform, including:
the receiving unit is used for receiving a data read-write request initiated by a client, wherein the data read-write request is used for indicating the data management platform to read or write target data belonging to a target data packet;
a determining unit that, in a case where it is determined that a request initiator account of the data read-write request has read-write authority for the target data packet based on management authority information of a user account recorded in advance for each data packet, initiates a management transaction for the target data to a blockchain system to instruct the blockchain system to perform a read operation or a write operation for the target data;
the block chain system is used for storing data submitted by the data management platform and belonging to each data packet in a block chain.
According to a fourth aspect of one or more embodiments of the present specification, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of the second aspect by executing the executable instructions.
According to a fifth aspect of one or more embodiments of the present description, there is provided a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to the second aspect.
Drawings
FIG. 1 is a schematic diagram of a data read-write system based on a blockchain in accordance with an exemplary embodiment.
FIG. 2 is a flowchart of a blockchain-based data read and write method provided by an exemplary embodiment.
FIG. 3 is an interaction diagram of a blockchain-based data writing method provided by an exemplary embodiment.
FIG. 4 is an interaction diagram of a blockchain-based data reading method provided by an exemplary embodiment.
Fig. 5 is a schematic diagram of an apparatus according to an exemplary embodiment.
FIG. 6 is a block diagram of a blockchain-based data read-write device provided by an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with aspects of one or more embodiments of the present description as detailed in the accompanying claims.
It should be noted that: in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. Furthermore, individual steps described in this specification, in other embodiments, may be described as being split into multiple steps; while various steps described in this specification may be combined into a single step in other embodiments.
When the related technology is used for storing data by adopting a blockchain technology, the security problems such as data leakage and the like are avoided by adopting a data encryption mode. This approach, while functioning to ensure data security, makes it difficult to share data between users.
To this end, those skilled in the art have proposed the concept of a federation chain in which only members within the federation can acquire encrypted data stored on the chain, while users outside the federation cannot acquire encrypted data stored on the chain. The members in the alliance acquire the plaintext of the encrypted data in a mode of transmitting the secret key under the chain.
It is readily apparent that the proposal of a federated chain, while enabling on-chain data sharing within a specified federated scope. However, this approach not only requires dividing the range of data sharing in chain units, but also requires frequent transfer of data keys under the chain for data sharing purposes. Once the key is compromised during the transfer, the risk of the data plaintext being stolen increases. In other words, the federation chain sacrifices data security to some extent while achieving data sharing. In addition, the key transmission process under the chain involves operations such as identity verification of both parties, which results in a complex sharing process.
Therefore, in order to achieve data sharing and reduce complexity of data sharing operation while considering data security, the present specification proposes a data read-write system based on blockchain.
FIG. 1 is a schematic diagram of a blockchain-based data read-write system in accordance with an exemplary embodiment. As shown in fig. 1, the system may include: a client 11, a data management platform 12, and a blockchain system 13; wherein,
a client 11, configured to initiate a data read-write request to instruct the data management platform 12 to read or write target data belonging to a target data packet;
a data management platform 12, configured to receive the data read-write request, and initiate a management transaction for the target data to a blockchain system 13 if it is determined that a request initiator account of the data read-write request has read-write authority for the target data packet based on management authority information of a pre-recorded user account for each data packet;
a blockchain system 13 for storing data belonging to each data packet submitted by the data management platform 12 in a blockchain; and performing a read operation or a write operation for the target data in response to the management transaction.
As can be seen from the above description, the related art cannot realize data sharing while guaranteeing data security, and the data sharing process is relatively complex, which is caused by that the related art realizes data sharing in units of chains, allows all members to acquire encrypted data, and realizes acquisition of plaintext data by transmitting a secret key under the chains.
In view of this, the present description no longer limits the scope of data sharing in units of chains, and on the other hand, data plaintext sharing is no longer achieved by means of under-chain key transfer.
In this specification, a data management platform 12 is introduced between a client 11 used by a user and a blockchain system 13. The data management platform 12 may be preset with several logical data packets, and record management authority information of the user account for each data packet. On this basis, the data management platform 12 can determine whether the request initiator account of the data read-write request has read-write authority for the target data packet based on the pre-recorded management authority information when receiving the data read-write request sent by the client 11, where only when the request initiator account has read-write authority, a management transaction for the target data indicated in the request is initiated to the blockchain system 13, and then the blockchain system 13 is instructed to read or write the target data.
It should be understood that, in the data management platform 12, a plurality of data packets are preset, and management authority information of the user accounts for each data packet is recorded, which is equivalent to specifying the read-write authority of each user account for the data belonging to each data packet, for example, assuming that A, B two packets are preset, it is possible to record which user accounts have the read-write authority for the data belonging to the data packet a and which user accounts have the read-write authority for the data belonging to the data packet B. Based on this, the person skilled in the art can realize the data sharing between partial user accounts by only allocating the read-write authority of the same data packet to the user accounts needing the data sharing.
Obviously, the method is equivalent to distributing the read-write permission of the data for each user account based on the logic grouping, and on the basis, the data management platform 12 is only required to judge the permission, so that whether the target data is read or written can be determined, and the problem of complicated data sharing operation caused by the fact that the data plaintext is acquired through the transmission of the key under the chain in the related art is avoided. Accordingly, the problem that data security cannot be considered while data sharing is realized due to key leakage in the related technology is avoided because the transmission of the key under the chain is not needed.
In this specification, after receiving a data read-write request sent by the client 11, the data management platform 12 initiates a management transaction for target data to the blockchain system 13 only if the request initiator account of the request has read-write authority for the target data packet. Then, before making the permission determination, the data management platform 12 first needs to determine the target data packet to which the target data to which the user request access belongs. In different scenarios, the specification can determine the target data packet to which the target data belongs in different manners.
In an embodiment, the data read-write request may include a packet identifier of the target data packet, and then, when the data read-write request is received, the data management platform 12 may read the packet identifier from the data read-write request, and determine the data packet corresponding to the packet identifier as the target data packet to which the target data belongs. The method of determining the target data packet according to this embodiment is generally applied to a case where the user who initiates the data read-write request knows which data packet the target data to be read from or written to belongs to.
For example, when the data read-write request is used to indicate to execute a write operation for target data, the user may write a packet identifier in the data read-write request to designate a target data packet to which the target data belongs, and on this basis, the data management platform 12 may read the packet identifier in the request, determine, based on the packet identifier, the target data packet to which the target data belongs, and further determine whether the account of the request initiator of the data read-write request has the read-write authority for the target data packet.
For another example, when the data read-write request is used to indicate that the read operation for the target data is performed, the user knows the target data packet to which the target data belongs, and then, the packet identifier of the target data packet may be written in the data read-write request, so that, when the data read-write request is received, the data management platform 12 determines the target data packet directly based on the packet identifier included in the data read-write request, and determines whether the account of the request initiator of the data read-write request has the read-write authority for the target data packet.
In another embodiment, the data management platform 12 may locally store the correspondence between the packet identifier and the data identifier, so that, when the data read-write request sent by the client 11 is received, the packet identifier corresponding to the data identifier may be queried from the stored correspondence according to the data identifier of the target data included in the data read-write request, and further determine the data packet corresponding to the queried packet identifier as the target data packet to which the target data belongs.
In practical applications, the method for determining the target data packet according to this embodiment is used for the data read-write request to indicate the data management platform 12 to read the data stored on the chain, that is, the target data is the data stored on the chain; accordingly, the correspondence between the data identifier of the stored data and the packet identifier of the data packet to which the stored data belongs in the chain may be recorded by the data management platform 12 when the stored data is stored.
Compared with the determination method of the target data packet in the previous embodiment, the determination method of the present embodiment can achieve the reading of the target data only by writing the data identifier of the target data in the data read-write request, thereby simplifying the operation of the requester of the target data. However, the data management platform 12 in this embodiment needs to additionally record the correspondence between the data identifier and the packet identifier, which occupies the storage space of the data management platform 12. The specific manner in which to determine the target data packet may be determined by one skilled in the art based on actual needs, and this specification is not limited in this regard.
In this specification, the blockchain system 13 may also maintain a correspondence between a data identifier of data stored in the blockchain and a packet identifier of a data packet to which the data belongs. On this basis, when the data read-write request sent by the client 11 is used to instruct the data management platform 12 to perform a read operation for the target data, the present specification can verify, according to the correspondence stored on the chain, whether the packet identifier determined in the data management platform 12 is indeed the packet identifier of the target data packet to which the target data belongs.
In one embodiment, the operation of verifying the packet identity determined in the data management platform 12 based on the correspondence stored on the chain may be performed by the blockchain system 13. Specifically, before the blockchain system 13 performs the reading operation on the target data, the data identifier of the target data included in the management transaction may be read preferentially, and based on the correspondence maintained in the blockchain system 13, the packet identifier corresponding to the target data is determined, on this basis, the determined packet identifier and the packet identifier in the management transaction may be further compared, and if the two identifiers are consistent, the target data is read, and the read target data is returned to the data management platform 12.
It should be understood that this embodiment is equivalent to comparing the packet identifier and the data identifier included in the management transaction with the record in the correspondence maintained in the blockchain system 13, and when the comparison result indicates that the packet identifier and the data identifier are consistent, allowing the read operation for the target data to be performed.
In another embodiment, the operation of verifying the packet identity determined in the data management platform 12 based on the correspondence stored on the chain may be performed by the data management platform 12. Specifically, when the blockchain system 13 performs a read operation for the target data, on the one hand, the target data stored on the chain may be acquired based on the data identifier of the target data included in the management transaction; on the other hand, the grouping identification corresponding to the target data can be determined according to the corresponding relation between the target data and maintenance contained in the management transaction. On the basis, the acquired target data and the determined grouping identifications can be returned to the data management platform; the data management platform 12 can compare the received packet identifier with the packet identifier corresponding to the locally determined data identifier of the target data after receiving the returned target data and the packet identifier, and if the received packet identifier and the received packet identifier are consistent, the locally determined packet identifier is proved to be the packet identifier of the target data packet to which the target data belongs, so that the target data returned by the blockchain system 13 can be forwarded to the client 11, if the received packet identifier and the received packet identifier are inconsistent, the locally determined packet identifier is proved to be incorrect, and the received packet identifier is not the packet identifier of the target data packet to which the target data belongs, and at the moment, the received packet identifier is not forwarded to the client 11, so that the data is prevented from being leaked to users without permission.
Of course, both the above embodiments are exemplary, and in actual operation, whether the packet identifier determined locally by the data management platform 12 needs to be verified, and which entity performs the verification operation, may be determined by those skilled in the art according to actual requirements, which is not limited in this specification.
It should be noted that the packet identifier determined locally by the data management platform 12, which is the object verified by the above two embodiments, may be a packet identifier determined by any of the manners described above, for example, may be a packet identifier read from the data read request as described above, or may be a packet identifier determined based on a correspondence relationship between the data identifier stored locally by the data management platform 12 and the packet identifier.
Where the data management platform 12 determines the group identity in different ways, the significance of verifying the group identity based on the correspondence maintained in the blockchain system 13 is different. Specific:
in the case where the locally determined packet identity is a packet identity read from a data read request, both the determination of the target data and the determination of the target data packet are based on the data read/write request determination, in other words, even if the request initiator account is proved to have read/write authority for the target data packet, it is not represented that it has read authority for the target data unless the data packet determined from the packet identity indicated in the data read/write request is proved to be the target data packet to which the target data belongs, and therefore, in this case, the verification of the determined packet identity based on the correspondence stored on the chain has the significance that: the data packet corresponding to the packet identifier included in the data read/write request is indeed "the target data packet to which the target data corresponding to the data identifier included therein belongs".
When the locally determined packet identifier is determined according to the corresponding relationship of the local record, the corresponding relationship of the local record may be tampered by an illegal molecule, and if the corresponding relationship of the local record is tampered by the illegal molecule, misjudgment of authority judgment is caused. Therefore, in this case, the meaning of verifying the determined packet identity based on the correspondence stored on the chain is that: the leakage of the data on the chain due to the falsification of the corresponding relationship recorded in the data management platform 12 is avoided.
In this specification, the data may also be encrypted to further improve the security of the data. Wherein the key used to encrypt the data may be obtained in a number of ways.
In one embodiment, the data management platform 12 may set a separate packet key for each data packet, so that when writing to the target data belonging to the target data packet is required, after encrypting the target data by the packet key, a management transaction for indicating writing to the encrypted target data is initiated to the blockchain system 13 based on the encrypted target data. In this embodiment, data corresponding to the same data packet is encrypted by a packet key corresponding to the data packet, and the encrypted data is uplinked.
In another embodiment, the data management platform 12 may also derive separate data keys for each data to further enhance the security of the data. In practice, the data management platform 12 may set an individual packet root key for each data packet, so as to derive a data key uniquely corresponding to the target data based on the packet root key corresponding to the target data packet when a write request for the target data belonging to the target data packet is received, and encrypt the target data based on the derived data key, and initiate a management transaction for instructing writing of the encrypted target data to the blockchain system 13. On this basis, the blockchain system 13 may store the target data encrypted via the data key in response to the received management transaction. It should be noted that, when the data key corresponding to the target data is actually derived, the derivation may be performed based on the packet root key and related information of the target data, for example, the related information may include at least one of several information such as hash and digest of the target data.
In this embodiment, the data management platform 12 may store the correspondence between the data identifier of each data and the data key thereof after deriving the data key uniquely corresponding to each data. Then, when the target data needs to be read, a management transaction for instructing the blockchain system 13 to return the target data encrypted by the data key to the data management platform 12 may be initiated, and after the encrypted target data is received, the target data is decrypted based on the data key uniquely corresponding to the target data, and then the decrypted target data is returned to the client 11.
In this embodiment, the data management platform 12 may store blockchain root keys that uniquely correspond to the blockchain system 13 for deriving the group root keys for each data group. If a management account with a data packet creation authority is further specified in the data management platform 12, when the data management platform 12 receives a data packet creation instruction sent by any client, it can determine whether the data packet creation instruction is initiated by the management account specified in the data management platform 12, if yes, a new added data packet is created, and a packet root key is derived for the new added data packet based on the stored blockchain root key.
In this specification, the data management platform 12 may also define a management account having account management authority. On this basis, the user having the account management authority can modify the management authority information of any data packet by sending an account management instruction to the data management platform 12. Specifically, after receiving an account management instruction for any data packet sent by any client, the data management platform 12 may determine whether the account management instruction is initiated by a specified management account, and if so, update management authority information of any data packet based on instruction information included in the account management instruction, so as to adjust an account having management authority of any data packet. For example, an account with administrative rights for either data packet may be increased or decreased.
It should be noted that the blockchain system in this specification may be deployed in different manners in different scenarios. For example, the blockchain system in this specification may be deployed using a conventional architecture of blockchain technology, i.e., all nodes in the blockchain system are formed by deploying blockchain code on respective physical devices, each node corresponding to one physical device in most cases; for another example, the blockchain system in the present specification may be deployed by adopting a BaaS (Blockchain as a Service) architecture in the blockchain technology, that is, all nodes in the blockchain system are formed by deploying blockchain codes on virtual machines implemented in the cloud through cloud services, and the blockchain nodes do not need to be in one-to-one correspondence with corresponding entity devices. Of course, the above deployment modes are all schematic, and the specific mode of deploying the blockchain system can be determined by those skilled in the art according to actual requirements, which is not limited in this specification.
According to the technical scheme, the data read-write system in the specification divides the data stored in the blockchain in a logic level by introducing the data management platform and arranging a plurality of data packets in the data management platform. Furthermore, the data management platform also records the management authority information of the user account on each data packet, so that the data management platform can discriminate whether the request initiator account has the read-write authority for the corresponding data or not based on the recorded management authority information under the condition that the data read-write request is received, and initiate the management transaction for the corresponding data to the blockchain system only under the condition that the corresponding account has the authority so as to instruct the blockchain system to execute the read operation or the write operation for the corresponding data.
The present description is equivalent to realizing data sharing in units of logical packets, avoiding the situation that the sharing range of data needs to be divided in units of chains in the related art. It should be understood that, the sharing range dividing manner in the related art not only needs to rely on the actually deployed blockchain, but also cannot realize the data sharing among part of users under the same blockchain, so that the expandability is poor. The shared range is divided based on the data packet, and the data packet belongs to the division of the logic level, so that the shared range is not limited by a storage structure, and the shared range can be divided again only by changing the management authority information of the data packet, so that the expandability is good.
In addition, in the data read-write system in the specification, the data management platform judges whether to acquire data from the blockchain according to the management authority information and returns the acquired data to the client, so that the problem that data security is sacrificed due to the fact that data ciphertext is directly returned to the client and an under-chain transfer key is needed to acquire data plaintext in the related art is avoided.
Further, when the data management platform in the present specification stores the data, the encrypted data may be further uplink to the blockchain after the data is encrypted. For example, an independent packet root key may be set for each data packet, so when any data is uplink, a unique corresponding data key may be derived for any data by preferentially using the packet root key of the data packet to which the any data belongs, so as to encrypt any data based on the derived data key, and then the encrypted data is uplink to the blockchain, thereby improving the security of the data.
The specification also provides a data read-write method based on the block chain, which is applied to the data management platform in the data read-write system. Most of the operation modes of this method, such as how to perform the permission determination, how to determine the target data packet, how to encrypt each data, etc., are described in detail above and will not be described in detail below.
FIG. 2 is a flow chart illustrating a blockchain-based data read and write method in accordance with an exemplary embodiment. The method is applied to a data management platform, as shown in fig. 2, and may include:
step 202, a data read-write request initiated by a client is received, where the data read-write request is used to instruct the data management platform to read or write target data belonging to a target data packet.
As described above, the present specification introduces a data management platform between clients used by users and blockchain systems. The data management platform can be preset with a plurality of data groups in a logic level, and records management authority information of a user account on each data group. On the basis, the data management platform can judge whether a request initiator account of the data read-write request has read-write permission for target data packets based on pre-recorded management permission information under the condition that the data read-write request sent by the client is received, wherein management transaction for target data indicated in the request is initiated to the blockchain system only under the condition that the request initiator account has the read-write permission, and then the blockchain system is instructed to read or write the target data.
As described above, before making the permission determination, the data management platform first needs to determine a target data packet to which target data to which the user requests access belongs. In different scenarios, the specification can determine the target data packet to which the target data belongs in different manners. In one case, the data read-write request may include a packet identifier of the target data packet, and then, when the data read-write request is received, the data management platform may read the packet identifier from the data read-write request, and determine the data packet corresponding to the packet identifier as the target data packet to which the target data belongs. In another case, the data management platform may locally store the correspondence between the packet identifier and the data identifier, so that, when the data read-write request sent by the client is received, the packet identifier corresponding to the data identifier may be queried from the stored correspondence according to the data identifier of the target data included in the data read-write request, and further, the data packet corresponding to the queried packet identifier may be determined as the target data packet to which the target data belongs.
Step 204, in the case that the request initiator account of the data read-write request has read-write authority for the target data packet based on the pre-recorded management authority information of the user account for each data packet, initiating a management transaction for the target data to a blockchain system to instruct the blockchain system to execute a read operation or a write operation for the target data; the block chain system is used for storing data submitted by the data management platform and belonging to each data packet in a block chain.
As described above, the blockchain system may also maintain a correspondence between the data identification of the data stored in the blockchain and the packet identification of the data packet to which the data belongs. On this basis, when the data read-write request sent by the client 11 is used to instruct the data management platform to perform a read operation for the target data, the present specification can verify, according to the correspondence stored on the chain, whether the packet identifier determined in the data management platform is actually the packet identifier of the target data packet to which the target data belongs.
In one case, the validation operation may be performed by a blockchain system. Specifically, before the blockchain system executes the reading operation for the target data, the blockchain system can preferentially read the data identifier of the target data contained in the management transaction, and determine the grouping identifier corresponding to the target data based on the correspondence maintained in the blockchain system, on the basis, the determined grouping identifier and the grouping identifier in the management transaction can be further compared, and under the condition that the two identifiers are consistent, the target data is read, and the read target data is returned to the data management platform.
In another case, the verification operation may be performed by the data management platform, and in particular, when the blockchain system performs a read operation for the target data, on the one hand, the target data stored on the chain may be obtained based on the data identifier of the target data included in the management transaction; on the other hand, the grouping identification corresponding to the target data can be determined according to the corresponding relation between the target data and maintenance contained in the management transaction. On the basis, the acquired target data and the determined grouping identifications can be returned to the data management platform; after receiving the returned target data and the packet identifier, the data management platform can compare the received packet identifier with the packet identifier corresponding to the locally determined data identifier of the target data, and if the received packet identifier and the locally determined packet identifier are consistent, the locally determined packet identifier is proved to be the packet identifier of the target data packet to which the target data belongs, so that the target data returned by the block chain system can be forwarded to the client, if the received packet identifier and the locally determined packet identifier are inconsistent, the locally determined packet identifier is proved to be incorrect and not the packet identifier of the target data packet to which the target data belongs, and at the moment, the target data returned by the block chain system is not forwarded to the client so as to avoid data leakage to a user without permission.
As described above, the instructions may also encrypt the data to further enhance the security of the data. Wherein the key used to encrypt the data may be obtained in a number of ways. For example, the data management platform may set an individual packet root key for each data packet to derive a data key uniquely corresponding to target data based on the packet root key corresponding to the target data packet when a write request for the target data belonging to the target data packet is received, and after encrypting the target data based on the derived data key, initiate a management transaction for instructing writing of the encrypted target data to the blockchain system.
As described above, the data management platform may store blockchain root keys that uniquely correspond to blockchain systems for deriving group root keys for individual data packets. And if so, creating a new data packet, and deriving a packet root key for the new data packet based on the stored blockchain root key.
As described above, the data management platform may also be provisioned with a management account having account management rights. On the basis, the user with the account management authority can modify the management authority information of any data packet by sending an account management instruction to the data management platform. Specifically, after receiving an account management instruction for any data packet sent by any client, the data management platform can determine whether the account management instruction is initiated by a specified management account, if yes, update management authority information of any data packet based on indication information included in the account management instruction, so as to adjust an account with management authority of any data packet. For example, an account with administrative rights for either data packet may be increased or decreased.
According to the technical scheme, when the data management platform receives the data read-write request initiated by the client, the data management platform can judge whether the request initiator account of the data read-write request has the read-write authority for the target data packet to which the target data belongs based on the recorded management authority information of the user account for each data packet, and only if so, the management transaction for the target data is initiated to the blockchain system to instruct the blockchain system to carry out read operation or write operation on the target data, so that the problem that data sharing can only be carried out among alliance chain members in the related art and the problem of data security reduction caused by the fact that under-chain key transmission is needed in the sharing process are avoided.
FIG. 3 is an interaction diagram illustrating a blockchain-based data writing method in accordance with an exemplary embodiment. As shown in fig. 3, the method may include the steps of:
in step 301, the client generates a data write request based on the destination data and the packet identification of the destination data packet.
In this embodiment, a user may log in a user account held by the user in an electronic device held by the user to form a client corresponding to the data management platform. When the user needs to store the target data into the blockchain, a certain operation can be performed in the client to specify which data packet the target data belongs to, on the basis, the client can generate a data writing request based on the target data to be stored and the packet identification of the specified target data packet, and the generated data writing request is sent to the data management platform.
In step 302, the client sends the generated data writing request to the data management platform.
In step 303, the data management platform reads the target data and the packet identifier.
In this embodiment, the data management platform may be preset with a plurality of data packets, so as to divide the read-write authority of each user account on the data stored in the blockchain. Then, the data management platform can determine whether the account of the request initiator has the read-write authority of the designated target data packet under the condition of receiving the data writing request.
For example, the data packets set in the data management platform, and the management authority information corresponding to each data packet may be as shown in table 1 below:
TABLE 1
As can be seen from table 1 above, account 1, account 3 and account 5 have read-write rights for data packet a; account 1, account 2 and account 4 have read-write rights for data packet B; account 2, account 3 and account 4 have read-write rights for data packet C.
Assume that the user account that initiated the data write request is account 1 and the packet contained in the data write request is identified as "B". Then, the data management platform may determine, based on the record of table 1 and the packet identification "B", that the request originator account of the data write request, i.e., account 1, has read-write rights for packet B.
Step 304, the data management platform judges whether the account of the request initiator has the read-write authority for the target data packet based on the packet identification; if yes, go to step 305.
In step 305, the data management platform derives a data key for the target data.
In this embodiment, after determining that the request initiator account has the read-write authority for the target data packet, the data key may be derived for the target data based on the packet root key corresponding to the target data packet, so as to encrypt the target data.
Taking the above example as an example, assume that the packet root key set by the data management platform for the packet a is the key a, the packet root key set for the packet B is the key B, the packet root key set for the packet C is the key C, and the target data is the data X. Then, after determining that account 1 has read-write rights to packet B, a uniquely corresponding data key X may be derived for data X based on key B.
In step 306, the data management platform encrypts the target data based on the derived data key.
With the above example in mind, after deriving the key X, the data X may be encrypted based on the key X and a write transaction may be generated based on the encrypted data X. Wherein the write transaction is sent to the blockchain system to instruct the blockchain system to perform a write operation on the encrypted data X.
In step 307, the data management platform generates a write transaction based on the packet identification and the encrypted target data.
The data management platform sends the write transaction to the blockchain system, step 308.
In step 309, the blockchain system stores the encrypted target data included in the write transaction.
In this embodiment, the blockchain system may write the encrypted target data included in the write transaction into the blockchain storage structure after receiving the write transaction. Meanwhile, a hash value uniquely corresponding to the target data can be generated to serve as a unique identifier on a chain of the target data. The hash value is stored in the blockchain in association with the packet identifier of the target data, so as to be used for marking the data packet to which the target data belongs.
With the above example in mind, after completing the storage of the encrypted data X, the blockchain system may generate a hash value X' uniquely corresponding to the data X as the unique identifier on the chain of the data X.
In step 310, the blockchain system generates a hash value uniquely corresponding to the target data, and stores the hash value in association with the packet identifier.
In step 311, the blockchain system returns the generated hash value to the data management platform.
In this embodiment, after generating the hash value uniquely corresponding to the target data, the hash value may be returned to the data management platform, so that the data management platform records the correspondence between the data number, the hash value, the data key, and the packet identifier of the target data packet.
In step 312, the data management platform records the correspondence of the data number, hash value, data key, and packet identifier.
It will be appreciated that in this embodiment, the data identification of the target data may be characterized by different forms at different stages. Specifically, when the blockchain system and the data management system interact, the hash value can be used as a data identifier of target data; when the data management platform interacts with the client, the data number of the target data itself can be used as the data identifier of the target data (the data number of the target data can be contained in the data writing request), for example, the bill number of the data, namely, the commodity bill, can be used as the data identifier of the data. Of course, the above examples are merely illustrative, and in particular, which stage is identified by which data may be determined by those skilled in the art according to actual needs, and the present embodiment is not limited thereto.
According to the technical scheme, when the data writing request for the target data is received, the data management platform can judge whether the request initiator account has the read-write authority for the target data packet or not based on the management authority information of the user account recorded in advance for each data packet, and only the target data is uplink to the blockchain under the condition of the authority, so that the situation that the data sharing range is required to be divided depending on the actual blockchain in the related technology is avoided.
FIG. 4 is an interaction diagram illustrating a blockchain-based data reading method in accordance with an exemplary embodiment. As shown in fig. 4, the method may include the steps of:
in step 401, the client generates a data read request based on the data number of the target data and the packet identification of the target data packet.
After storing the data to the blockchain by way of the above embodiment, the user can read the data belonging to the data packet having the read-write authority. Specifically, the user can log in the user account held by the user in the electronic device to form a client corresponding to the data management platform, and on the basis, the user can execute certain operation in the client to specify which data to execute the reading operation.
In step 402, the client sends the generated data read request to the data management platform.
In step 403, the data management platform reads the data number and the packet identifier.
Step 404, the data management platform determines whether the request initiator account has read-write permission for the target data packet based on the packet identification; if yes, go to step 405.
In this embodiment, since the data read request includes the packet identifier of the target data packet, when determining the authority, the target data packet to which the target data belongs can be determined only by reading the packet identifier from the data read request.
Taking the example of the above embodiment as an example, assuming that the user account held by the user who initiates the data read request is account 2 and the packet identifier included in the data read request is identifier "B", it can be determined that account 2 has the read-write authority for packet B according to the management authority information shown in table 1.
In step 405, the data management platform determines a hash value of the target data based on the data number.
By taking the above example, when it is determined that the account 2 has the read-write authority for the target data packet, the hash value of the target data may be further determined according to the correspondence recorded in the data writing process.
In step 406, the data management platform generates a read transaction based on the packet identification and the hash value.
Following the above example, after determining the hash value, a read transaction may be generated based on the packet identification and the hash value and sent to the blockchain system.
In step 407, the data management platform sends the read transaction to the blockchain system.
Step 408, the blockchain system queries the packet identifier corresponding to the hash value included in the read transaction in the maintained correspondence to verify the packet identifier in the read transaction; in case the two agree, step 408 is performed.
In this embodiment, when the blockchain system receives the read transaction, the packet identifier and the hash value included in the read transaction may be verified based on the corresponding relationship between the maintained hash value and the packet identifier. And when the two are consistent, acquiring the encrypted target data, and returning the acquired encrypted target data to the data management platform.
In step 409, the blockchain system obtains the encrypted target data based on the hash value included in the read transaction.
In step 410, the blockchain system returns the encrypted target data to the data management platform.
In step 411, the data management platform queries a data key uniquely corresponding to the target data based on the hash value.
For example, assume that the data number of the target data in the data read request is X, and the corresponding relationship among the recorded data number, the packet identifier, and the data key is shown in table 2 by the writing method of the previous embodiment:
TABLE 2
Then, the data key corresponding to the data X can be determined as the key X. On the basis, the encrypted data X returned by the blockchain system can be decrypted through the secret key X, so that the plaintext of the data X is obtained.
In step 412, the data management platform decrypts the encrypted target data returned by the blockchain system based on the queried data key.
In step 413, the data management platform returns the decrypted target data to the client.
By taking the above example, the plaintext of the decrypted data X may be returned to the client.
As can be seen from the above technical solution, in this embodiment, the data management platform grasps the data key of each data, so that if the data management platform determines that the account of the request initiator has the read-write authority in the process of data reading, the data management platform can directly decrypt the encrypted data returned by the blockchain system based on the locally stored data key and then forward the decrypted data to the client, thereby avoiding the problem of reduced data security caused by the need of carrying out the transmission of the downlink key in the related art.
Fig. 5 is a schematic block diagram of an apparatus according to an exemplary embodiment. Referring to fig. 5, at the hardware level, the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a nonvolatile memory 510, although other hardware may be included as needed for other services. One or more embodiments of the present description may be implemented in a software-based manner, such as by the processor 502 reading a corresponding computer program from the non-volatile storage 510 into the memory 508 and then running. Of course, in addition to software implementation, one or more embodiments of the present disclosure do not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but may also be hardware or a logic device.
Referring to fig. 6, the data read-write device based on the blockchain may be applied to the apparatus shown in fig. 5 to implement the technical solution of the present specification. The data read-write device based on the block chain can comprise:
a receiving unit 601, configured to receive a data read-write request initiated by a client, where the data read-write request is used to instruct the data management platform to read or write target data belonging to a target data packet;
A determining unit 602, in a case where it is determined that a request initiator account of the data read-write request has read-write authority for the target data packet based on management authority information of the user account recorded in advance for each data packet, that a management transaction for the target data is initiated to a blockchain system to instruct the blockchain system to perform a read operation or a write operation for the target data;
the block chain system is used for storing data submitted by the data management platform and belonging to each data packet in a block chain.
Alternatively to this, the method may comprise,
the determining unit 602 is further used for: when the data read-write request contains a packet identifier, determining the packet identifier contained in the data read-write request as a target data packet to which the target data belongs; or,
the determining unit 602 is further used for: and under the condition that the data read-write request contains the data identifier of the target data, inquiring the packet identifier corresponding to the data identifier contained in the data read-write request as the target data packet according to the corresponding relation between the locally stored packet identifier and the data identifier.
Optionally, the blockchain system is configured to maintain a correspondence between a data identifier of data stored in the blockchain and a packet identifier of a data packet to which the data belongs;
the receiving unit 601 is also used for: receiving the target data and the corresponding grouping identification thereof by the blockchain system based on the data identification contained in the management transaction; and forwarding target data returned by the blockchain system based on the data identifier to the client under the condition that the received packet identifier is consistent with the locally determined packet identifier corresponding to the data identifier.
Optionally, the method further comprises:
an encryption unit 603 that encrypts the target data based on a data key uniquely corresponding to the target data, the data key being derived from a packet root key corresponding to the target data packet;
the determining unit 602 is specifically configured to: based on the target data obtained by encryption of the data key, a management transaction for instructing the blockchain system to store the encrypted target data is generated, and the generated management transaction is transmitted to the blockchain system.
Alternatively to this, the method may comprise,
the receiving unit 601 is also used for: receiving a data packet creation instruction sent by any client;
Further comprises: a creation unit 604 that creates a new added data packet in the case where the data packet creation instruction is initiated by a management account specified in the data management platform; and a deriving unit 605 that derives a group root key for the newly added data group based on a blockchain root key corresponding to the blockchain system.
Alternatively to this, the method may comprise,
the receiving unit 601 is also used for: receiving an account management instruction aiming at any data packet sent by any client;
further comprises: and an updating unit 606 configured to update, when the account management instruction is initiated by a management account specified in the data management platform, management authority information corresponding to the arbitrary data packet based on instruction information included in the account management instruction, so as to adjust an account having management authority of the arbitrary data packet.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
The foregoing description of the preferred embodiment(s) is (are) merely intended to illustrate the embodiment(s) of the present invention, and it is not intended to limit the embodiment(s) of the present invention to the particular embodiment(s) described.
Claims (13)
1. A blockchain-based data read-write system, comprising: the system comprises a client, a data management platform and a blockchain system; wherein,
the client is used for initiating a data read-write request to instruct the data management platform to read or write target data belonging to a target data packet;
the data management platform is used for receiving the data read-write request and initiating a management transaction for the target data to the blockchain system under the condition that a request initiator account of the data read-write request has read-write authority for the target data packet based on the management authority information of a pre-recorded user account for each data packet; and encrypting the target data based on a data key uniquely corresponding to the target data, the data key derived from a packet root key corresponding to the target data packet;
The block chain system is used for storing data belonging to each data packet submitted by the data management platform in a block chain; and performing a read operation or a write operation for the target data in response to the management transaction;
the blockchain system performing a write operation for the target data, comprising: storing the target data encrypted by the data key;
the data management platform is further configured to:
receiving a data packet creation instruction sent by any client;
creating a new data packet in case the data packet creation instruction is initiated by a management account specified in the data management platform;
a packet root key is derived for the newly added data packet based on a blockchain root key corresponding to the blockchain system.
2. The data read-write system of claim 1, the data management platform further to:
when the data read-write request contains a packet identifier, determining the packet identifier contained in the data read-write request as a target data packet to which the target data belongs; or,
and under the condition that the data read-write request contains the data identifier of the target data, inquiring the packet identifier corresponding to the data identifier contained in the data read-write request as the target data packet according to the corresponding relation between the locally stored packet identifier and the data identifier.
3. The data read-write system according to claim 1, wherein the blockchain system is configured to maintain a correspondence between a data identifier of data stored in a blockchain and a packet identifier of a data packet to which the data belongs; the blockchain system performing a read operation for the target data, comprising:
determining a grouping identifier corresponding to the target data based on the data identifier of the target data and the corresponding relation contained in the management transaction;
and returning the target data to the data management platform under the condition that the determined grouping identification is consistent with the grouping identification contained in the management transaction.
4. The data read-write system according to claim 1, wherein the blockchain system is configured to maintain a correspondence between a data identifier of data stored in the blockchain and a packet identifier of a data packet to which the data belongs;
the blockchain system performing a read operation for the target data, comprising: based on the data identification of the target data contained in the management transaction, respectively acquiring the target data and the corresponding grouping identification thereof, and returning to the data management platform;
The data management platform is further configured to: and forwarding target data returned by the blockchain system based on the data identifier to the client under the condition that the packet identifier returned by the blockchain system is consistent with the locally determined packet identifier corresponding to the data identifier.
5. The data read-write system as claimed in claim 1,
the blockchain system performing a read operation for the target data, comprising: returning the target data encrypted by the data key to the data management platform;
the data management platform is further configured to: decrypting the encrypted target data returned by the blockchain system based on the data key, and returning the decrypted target data to the client.
6. The data read-write system of claim 1, the data management platform further to:
receiving an account management instruction aiming at any data packet sent by any client;
and when the account management instruction is initiated by a management account specified in the data management platform, updating management authority information corresponding to any one data packet based on the instruction information contained in the account management instruction so as to adjust an account with management authority of the any one data packet.
7. A data read-write method based on block chain is applied to a data management platform and comprises the following steps:
receiving a data read-write request initiated by a client, wherein the data read-write request is used for indicating the data management platform to read or write target data belonging to a target data packet;
in the case that the request initiator account of the data read-write request is determined to have read-write authority for the target data packet based on the pre-recorded management authority information of the user account for each data packet, initiating a management transaction for the target data to a blockchain system to instruct the blockchain system to execute a read operation or a write operation for the target data;
encrypting the target data based on a data key uniquely corresponding to the target data, the data key derived from a packet root key corresponding to the target data packet;
the block chain system is used for storing data belonging to each data packet submitted by the data management platform in a block chain;
the blockchain system performing a write operation for the target data, comprising: storing the target data encrypted by the data key;
The method further comprises the steps of:
receiving a data packet creation instruction sent by any client;
creating a new data packet in case the data packet creation instruction is initiated by a management account specified in the data management platform;
a packet root key is derived for the newly added data packet based on a blockchain root key corresponding to the blockchain system.
8. The method of claim 7, further comprising:
when the data read-write request contains a packet identifier, determining the packet identifier contained in the data read-write request as a target data packet to which the target data belongs; or,
and under the condition that the data read-write request contains the data identifier of the target data, inquiring the packet identifier corresponding to the data identifier contained in the data read-write request as the target data packet according to the corresponding relation between the locally stored packet identifier and the data identifier.
9. The method of claim 7, the blockchain system to maintain correspondence between a data identifier of data stored in a blockchain and a packet identifier of a data packet to which the data belongs; the method further comprises the steps of:
Receiving the target data and the corresponding grouping identification thereof by the blockchain system based on the data identification contained in the management transaction;
and forwarding target data returned by the blockchain system based on the data identifier to the client under the condition that the received packet identifier is consistent with the locally determined packet identifier corresponding to the data identifier.
10. The method of claim 7, further comprising:
receiving an account management instruction aiming at any data packet sent by any client;
and when the account management instruction is initiated by a management account specified in the data management platform, updating management authority information corresponding to any one data packet based on the instruction information contained in the account management instruction so as to adjust an account with management authority of the any one data packet.
11. A data read-write device based on block chain, which is applied to a data management platform and comprises:
the receiving unit is used for receiving a data read-write request initiated by a client, wherein the data read-write request is used for indicating the data management platform to read or write target data belonging to a target data packet;
A determining unit that, in a case where it is determined that a request initiator account of the data read-write request has read-write authority for the target data packet based on management authority information of a user account recorded in advance for each data packet, initiates a management transaction for the target data to a blockchain system to instruct the blockchain system to perform a read operation or a write operation for the target data; and encrypting the target data based on a data key uniquely corresponding to the target data, the data key derived from a packet root key corresponding to the target data packet;
the block chain system is used for storing data belonging to each data packet submitted by the data management platform in a block chain;
the block chain system is used for storing the target data encrypted by the data key;
the receiving unit is further configured to: receiving a data packet creation instruction sent by any client;
the apparatus further comprises: a creation unit configured to create a new added data packet in a case where the data packet creation instruction is initiated by a management account specified in the data management platform; and a deriving unit configured to derive a packet root key for the newly added data packet based on a blockchain root key corresponding to the blockchain system.
12. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of any of claims 7-10 by executing the executable instructions.
13. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of any of claims 7-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210152331.1A CN114546271B (en) | 2022-02-18 | 2022-02-18 | Data read-write method, device and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210152331.1A CN114546271B (en) | 2022-02-18 | 2022-02-18 | Data read-write method, device and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114546271A CN114546271A (en) | 2022-05-27 |
| CN114546271B true CN114546271B (en) | 2024-02-06 |
Family
ID=81675540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210152331.1A Active CN114546271B (en) | 2022-02-18 | 2022-02-18 | Data read-write method, device and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114546271B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110264354A (en) * | 2019-05-31 | 2019-09-20 | 阿里巴巴集团控股有限公司 | It creates block chain account and verifies the method and device of block chain transaction |
| CN111274599A (en) * | 2020-02-17 | 2020-06-12 | 深圳壹账通智能科技有限公司 | Data sharing method based on block chain and related device |
| CN111859443A (en) * | 2020-06-11 | 2020-10-30 | 上海简苏网络科技有限公司 | Account level block chain privacy data access authority control method and system |
| CN112800404A (en) * | 2021-03-30 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Cross-link access control method and device |
| CN113407954A (en) * | 2021-05-11 | 2021-09-17 | 支付宝(杭州)信息技术有限公司 | Data management method and device based on block chain |
| CN113987530A (en) * | 2021-10-21 | 2022-01-28 | 湖北邮电规划设计有限公司 | Data transmission method and system based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190238550A1 (en) * | 2016-12-26 | 2019-08-01 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Permission control method, apparatus and system for block chain, and node device |
| US11764950B2 (en) * | 2019-05-22 | 2023-09-19 | Salesforce, Inc. | System or method to implement right to be forgotten on metadata driven blockchain using shared secrets and consensus on read |
-
2022
- 2022-02-18 CN CN202210152331.1A patent/CN114546271B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110264354A (en) * | 2019-05-31 | 2019-09-20 | 阿里巴巴集团控股有限公司 | It creates block chain account and verifies the method and device of block chain transaction |
| CN111274599A (en) * | 2020-02-17 | 2020-06-12 | 深圳壹账通智能科技有限公司 | Data sharing method based on block chain and related device |
| CN111859443A (en) * | 2020-06-11 | 2020-10-30 | 上海简苏网络科技有限公司 | Account level block chain privacy data access authority control method and system |
| CN112800404A (en) * | 2021-03-30 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Cross-link access control method and device |
| CN113407954A (en) * | 2021-05-11 | 2021-09-17 | 支付宝(杭州)信息技术有限公司 | Data management method and device based on block chain |
| CN113987530A (en) * | 2021-10-21 | 2022-01-28 | 湖北邮电规划设计有限公司 | Data transmission method and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114546271A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475849B (en) | Private data query method and device based on blockchain account | |
| CN111222157B (en) | Method and device for inquiring block chain private data | |
| WO2021179743A1 (en) | Method and apparatus for querying account privacy information in blockchain | |
| CN111090875B (en) | Contract deployment method and device | |
| CN109936626B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| US10891384B2 (en) | Blockchain transaction device and method | |
| US10298555B2 (en) | Securing files under the semi-trusted user threat model using per-file key encryption | |
| CN111090874B (en) | Contract calling method and device | |
| CN109886040B (en) | Data processing method, data processing device, storage medium and processor | |
| CN111523110B (en) | Authority query configuration method and device based on chain codes | |
| CN110032885B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| CN109918925A (en) | Date storage method, back end and storage medium | |
| CN110020549B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| US7559090B2 (en) | Memory, information apparatus for access to the memory, and method for the information apparatus | |
| CN111475850B (en) | Intelligent contract-based privacy data query method and device | |
| WO2020233631A1 (en) | Transaction type-based receipt storage method and node | |
| CN111612462B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| CN110033265B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| US20220366030A1 (en) | Password Management Method and Related Apparatus | |
| US20230138102A1 (en) | Method and system for managing decentralized data using attribute-based encryption | |
| CN111291399B (en) | Data encryption method, system, computer system and computer readable storage medium | |
| US20190171841A1 (en) | Method and system for encrypting files and storing the encrypted files in a storage file system | |
| CN111639362B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| CN115001730A (en) | Role attribute-based access control system and method in distributed scene | |
| CN113886418A (en) | Data processing method and device, electronic equipment and machine-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |