CN114626849A - Data protection method and protection device based on block chain - Google Patents

Abstract

The invention discloses a data protection method based on a block chain, which comprises the following steps: s1, collecting multi-source heterogeneous data; s2, processing the collected multi-source heterogeneous data into a data stream with a specified format, extracting start time, end time and service type from the data stream, and generating a data fingerprint; s3, assembling the obtained start time, end time, service type and data fingerprint into a message; and S4, storing the generated message on the block chain, wherein the original data is still stored in a local database and/or a local file. The multi-source heterogeneous data is converted into the message only containing the start time, the end time, the service type and the data fingerprint and stored in the block chain, the technical problem that in the prior art, the overhead of computing resources, storage resources and bandwidth resources of the block chain is overlarge due to the fact that all data need to be recorded and linked up one by one is solved, and the problems that interactive data of a client and a security company are easy to delete and tamper and the safety and completeness of the data cannot be guaranteed can be solved.

Description

Blockchain-based data protection method and protection device

technical field

The present application belongs to the technical field of information data security, and specifically relates to a data protection method and protection device based on blockchain.

Background technique

As the business scope of securities companies becomes wider and wider, there are more and more interactive data between customers and securities companies, such as customer transaction data, customer operation behavior, and customer browsing records. Information systems are becoming more and more complex, and electronic data is easy to delete and tamper with. When a customer disagrees with the data, it is difficult for securities companies to prove that their data is credible, and it is difficult to protect the legitimate rights and interests of customers.

Under normal circumstances, a variety of interactive data occurs between a client and a securities company, and the securities company directly stores the interactive data in the databases, local files, and logs of multiple business systems. However, the centralized storage method of securities companies is easy to lose and tamper with data, cannot guarantee the completeness and security of data, and lacks third-party supervision.

Securities companies can usually desensitize the interaction data between customers and securities companies and upload them directly to the public chain or alliance chain platform. Most of the service or transaction information recorded in the blockchain comes from the customer, including the customer's individual identity, transaction records, time and place and other related sensitive information. If these private data are illegally obtained and applied, it will greatly damage the customer's own identity. rights and interests, resulting in personal and property safety risks. Although the blockchain ledger itself is shared between nodes, and the ledger records all service-related information on the entire blockchain, although the information on the blockchain ledger will undergo necessary processing such as encryption, there is still a relatively large risk It is cracked, resulting in the leakage of customer privacy data. The existing solution has the following two shortcomings: on the one hand, the amount of interaction between customers and securities companies is large, and the amount of data transmitted to the public chain or alliance chain is large, and the synchronization is not timely; Obtain, such as the number of daily active customers, the number of daily clicks, resulting in the leakage of trade secrets.

SUMMARY OF THE INVENTION

In view of this, on the one hand, the technical solutions disclosed in some embodiments are data protection methods based on blockchain, which are used to enhance the credibility of various types of interactive data between securities companies and customers, and the data protection methods based on blockchain include steps :

S1. Collect multi-source heterogeneous data;

S2. Process the collected multi-source heterogeneous data into a data stream with a specified format, and extract the start time, end time, and service type from the data stream to generate a data fingerprint;

S3. Assemble the obtained start time, end time, service type and data fingerprint into a message;

S4. The assembled message is stored on the blockchain, and the original data is still stored in the local database and/or local file.

Further, the blockchain-based data protection method disclosed in some embodiments further includes the steps:

S5, according to the selected start time, end time, and business type, generate the data fingerprint to be verified from the data in the local database and the local file;

S6. Compare the generated data fingerprint to be verified with the data fingerprint stored in the block chain in the message corresponding to the selected start time, end time, and service type. If the two are consistent, the local database and/or The data in the local file is trusted.

In the blockchain-based data protection method disclosed in some embodiments, the data fingerprint is an MD5 value.

In the blockchain-based data protection method disclosed in some embodiments, the data stream in the specified format includes a data stream in a unified format or a data stream in a specific format, wherein the unified format includes JSON format and avro format, and the specific format includes text format, picture format, voice format, video format.

In the blockchain-based data protection method disclosed in some embodiments, the local database includes a relational database and a non-relational database.

On the other hand, some embodiments disclose a blockchain-based data protection device for executing a blockchain-based data protection method, the protection device comprising:

Data acquisition module, configured to collect multi-source heterogeneous data;

The data processing module is configured to process the collected multi-source heterogeneous data into a data stream with a specified format, and extract the start time, end time, and service type from the data stream to generate a data fingerprint;

The encapsulation module is configured to assemble the obtained start time, end time, service type and data fingerprint into a message;

The data uploading module is configured to transfer the generated message to the blockchain.

Further, the blockchain-based data protection device disclosed in some embodiments further includes a data authentication module configured to generate a data fingerprint to be verified from the data in the local database and the local file according to the selected start time, end time, and business type ; Compare the generated data fingerprint to be verified with the data fingerprint stored on the blockchain in the message corresponding to the selected start time, end time, and business type. If the two are consistent, the local database and/or local The data in the file can be trusted.

The blockchain-based data protection device disclosed in some embodiments further includes a data cache module configured to store the message to be uploaded on the chain in the message middleware.

The blockchain-based data protection device disclosed in some embodiments further includes a scheduling module configured to control data collection by the data collection module.

In the blockchain-based data protection device disclosed in some embodiments, the data uploading module specifically includes:

The authority authentication unit, which is used to authenticate the authority of the checker;

The request unit is used to initiate a connection request to the blockchain server;

A connection unit for establishing a connection to the requested blockchain server;

The uploading unit is used to upload messages to the blockchain server.

The blockchain-based data protection method disclosed in the embodiment of the present application converts multi-source heterogeneous data into messages containing only the start time, end time, service type and data fingerprint, and stores them on the blockchain, which alleviates the problem of existing In the technology, it is necessary to record all the data and upload it one by one. The technical problem of excessive overhead of computing resources, storage resources and bandwidth resources of the blockchain is caused by the process. It can also solve the problem that the interactive data between customers and securities companies is easy to delete and easy to delete. The problem of tampering and inability to ensure the security and completeness of data.

Description of drawings

Figure 1 is a schematic flowchart of a data protection method based on blockchain;

Figure 2 is a schematic diagram of the composition of a data protection device based on blockchain.

Detailed ways

Where the word "embodiment" is used exclusively herein, any embodiment described as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. In the performance index test in the examples of this application, unless otherwise specified, conventional test methods in the field are used. It should be understood that the terms described in this application are only used to describe particular embodiments, and are not used to limit the content disclosed in this application.

Unless otherwise specified, the technical and scientific terms used herein have the same meaning as commonly understood by those of ordinary skill in the technical field to which this application belongs; as other test methods and technical means not specifically noted in this application, all refer to the common sense in the art The experimental methods and technical means commonly used by technicians.

As used herein, the terms "substantially" and "approximately" are used to describe small fluctuations. For example, they may mean less than or equal to ±5%, such as less than or equal to ±2%, such as less than or equal to ±1%, such as less than or equal to ±0.5%, such as less than or equal to ±0.2%, such as less than or equal to ± 0.1%, such as less than or equal to ±0.05%. Numerical data expressed or presented herein in a range format is used for convenience and brevity only, and should therefore be flexibly construed to include not only the values expressly recited as the limits of the range, but also all individual values subsumed within the range or sub range. For example, a numerical range of "1 to 5%" should be construed to include not only the expressly recited value of 1% to 5%, but also individual values and subranges within the indicated range. Accordingly, individual values, such as 2%, 3.5%, and 4%, and subranges, such as 1%-3%, 2%-4%, 3%-5%, and the like, are included in this numerical range. The same principle applies to ranges reciting only one numerical value. Furthermore, such interpretations apply regardless of the breadth of the range or the characteristics described. The time zone referred to herein is generally a period of time determined by a start time and an end time.

In this document, including the claims, conjunctions such as "comprising", "including", "with", "having", "containing", "involving", "containing" and the like are to be understood as being open-ended , which means "including but not limited to". Only the conjunctions "consisting of" and "consisting of" are closing conjunctions.

In order to better illustrate the content of the present application, numerous specific details are given in the following specific embodiments. It should be understood by those skilled in the art that the present application may be practiced without certain specific details. In the embodiments, some methods, means, instruments, equipment, etc. that are well known to those skilled in the art are not described in detail, so as to highlight the gist of the present application.

On the premise of no conflict, the technical features disclosed in the embodiments of the present application can be combined arbitrarily, and the obtained technical solutions belong to the contents disclosed in the embodiments of the present application.

The block chain-based data protection method and protection device will be further exemplified below with reference to the embodiment and FIG. 1 .

In some embodiments, a blockchain-based data protection method includes the steps of:

S1, a data collection step, collecting multi-source heterogeneous data;

S2. The data processing step: process the collected multi-source heterogeneous data into a data stream with a specified format, extract the start time, end time, and service type from the data stream, and protect the data of the start time, end time, and service type segment to generate data fingerprints; generally, query the specified start time and end time, convert all data of the corresponding service type in the time area, convert all data into byte streams, and then generate the data fingerprints of this byte stream; this paper The time zone mentioned in the embodiment is usually a period of time determined by the start time and the end time;

S3, the data encapsulation step, assembling the obtained start time, end time, service type and data fingerprint into a message;

S4, the data uploading step, store the assembled message on the blockchain, and the original data is still stored in the local database and/or local file.

Generally, the interaction data between customers and securities companies includes: business handling, important notices, investor education, suitability management, agreement signing, rule learning, SMS, WeChat and telephone communication content, risk reminders and other important interaction behaviors. Processing will generate a large amount of background data. Data types include: pictures, voice, database records, log files, etc. Depending on the customer's data type, it is stored in different places. For example, the customer's transaction flow data is stored in the database, and the customer's agreement signing file is stored in a local file. Behavioral data such as click to read and browse are stored in the big data platform, and real-time data is stored in message queues such as Kafka. These multi-source heterogeneous data are collected and processed uniformly, and the collected raw large-scale data is processed into a data stream including start time, end time, business type and data fingerprint, and a unified message format is generated. After distributed data cache , upload the message to the blockchain, and the original multi-source heterogeneous data is still stored in the local database and local files of each business system of the securities company, avoiding abuse by other participants on the blockchain; it is necessary to verify whether the data can be When the customer selects the time and business type, since the start time and end time of each business type when producing data fingerprints are stored in the original system, the start time and end time of the specified time can be found from the original system to obtain the business. All data whose type is between the start time and the end time generate a data fingerprint to be verified, which is compared with the data fingerprint on the blockchain. If the data is consistent, it proves that the data is credible. On the one hand, it is used to solve the problems of easy deletion and tampering of the interactive data between customers and securities companies, and the inability to ensure the security and completeness of the data, so as to improve the protection of investors' rights and interests; The technical problem of excessive overhead of computing resources, storage resources and bandwidth resources of the blockchain caused by the process of recording all the data and uploading it to the chain one by one.

As an optional embodiment, all relevant data are selected according to the set service type and time interval, all relevant data in the time interval are formed into a data stream, and a data fingerprint generator is used to generate a data fingerprint of the regional data.

Select all relevant data by business type and time interval. All relevant data refers to all record information of a certain business in the selected time interval. The time interval can be a time period determined by any timing unit, such as month, day , hours, etc.; for example, the stock transaction data of all customers on January 20, 2022, the fund transaction data of all customers on January 20, 2022, and the account opening data of all customers on January 20, 2022. It can also be a more fine-grained time area, such as minutes, seconds, etc., such as the stock transaction data of all customers from 9:30 to 9:35 on January 20, 2022, aiming to reduce data processing when generating data fingerprints once It also reduces the amount of data and computation required by customers to verify whether the data is credible.

As an optional embodiment, the data fingerprint generator preferably uses an MD5 value generating function, and the generated data fingerprint is an MD5 value.

As an optional embodiment, the data stream generated by the blockchain-based data protection method has a set format. Generally, the data stream includes a data stream in a unified format or a data stream in a specific format, wherein the unified format includes JSON format, avro format, specific formats include file format, picture format, voice format, and video format.

As an optional embodiment, the original data of the blockchain-based data protection method is stored in a local database and/or a local file, where the local database includes a relational database and a non-relational database.

As an optional embodiment, the blockchain-based data protection method further includes a data authentication step, which specifically includes:

S5. Generate a data fingerprint to be verified from the data in the local database and the local file according to the selected start time, end time, and business type; generally, it is necessary to verify whether the data in the local database and/or the local file has been tampered with or whether it can be verified. A specific time zone and a specific service type can be selected, and then all the data of the service type in the time zone can be used to generate the data fingerprint to be verified; generally, the selected specific time zone is relatively short, so that the The time area contains a small amount of data, which shortens the processing time for generating data fingerprints, improves data transmission efficiency, and improves verification efficiency; generally, data segmentation at a finer time granularity can verify whether the local data is credible. .

S6. Compare the generated data fingerprint to be verified with the data fingerprint stored in the block chain in the message corresponding to the start time, end time, and service type. If the two are consistent, then the local database and/or local file The data in can be trusted. Generally, the start time and end time included in the data fingerprint to be verified correspond to the start time and end time included in the data fingerprint stored on the blockchain.

As an optional embodiment, the blockchain-based data protection method further includes a data caching step of storing the generated message to be uploaded in the message middleware. A more preferred embodiment is stored in Kafka to prevent the blockchain system from being overloaded due to the excessive amount of data during data interaction. All data streams can be put into one Kafka topic, or divided into multiple topics by business.

As an optional embodiment, the process of transferring the message to the blockchain includes:

In the authorization authentication step, the data verifier enters the application authorization for identity and authorization verification;

The request step is to initiate a connection request to the blockchain server;

The connection step is to establish a connection with the requested blockchain server;

Upload step, upload the message to the selected blockchain server.

As an optional embodiment, the blockchain-based data protection device further includes a data scheduling step, which takes the business system data as a data collection object, adds the data collection object to the scheduling list, and sets the time interval and data for data monitoring. Collection time interval. Collect relevant business system data according to the preset time. As an optional embodiment, different time intervals are set for the collection time of different business system data. For example, the collection interval of some business systems is set to every 5 minutes, and the The collection interval is set to every hour, and the collection interval of some business systems is set to all day.

A blockchain-based data protection device disclosed in some embodiments is used to execute a blockchain-based data protection method, and the data protection device includes:

The data collection module is configured to collect multi-source heterogeneous data; generally, the interaction data between customers and securities companies includes: business processing, important notices, investor education, suitability management, agreement signing, rule learning, SMS, WeChat and telephone communication For important interactive behaviors such as content and risk warnings, the processing of each business will generate a large amount of background data; data types include: pictures, voices, database records, log files, etc. Depending on the type of customer data, it is stored in different places. For example, the customer's transaction flow data is stored in the database, and the customer's agreement signing file is stored in the local file; behavior data such as click, read and browse are stored in the big data platform, and real-time data is stored in the message queue. Such as Kafka;

The data processing module is configured to process the collected multi-source heterogeneous data into a data stream with a specified format, and extract the start time, end time, and service type of the time zone from the data stream, and generate a data stream of data fingerprints; In an optional embodiment, all relevant data are selected according to a set service type and time interval, all relevant data in the time interval are formed into a data stream, and a data fingerprint generator is used to generate a data fingerprint of the regional data. Generally, all relevant data are selected according to the service type and time interval, and the all relevant data refers to all the record information of a certain service in the selected time interval, and the time interval can be a time period determined by any timing unit, for example, Month, day, hour, etc.; for example, the stock transaction data of all customers on January 20, 2022, the fund transaction data of all customers on January 20, 2022, and the account opening data of all customers on January 20, 2022. It can also be a more fine-grained time area, such as minutes, seconds, etc., such as the stock transaction data of all customers from 9:30 to 9:35 on January 20, 2022, aiming to reduce data processing when generating data fingerprints once It also reduces the amount of data and calculation required by customers to verify whether the data is credible;

As an optional embodiment, the data fingerprint generator preferably MD5 value generation function;

The encapsulation module is configured to generate a uniform format message from the obtained time zone start time, end time, service type and data fingerprint data stream; for example, the encapsulation module extracts the target data and encapsulates the extracted target data field into the message, This field contains service type, start time, end time, and data fingerprint;

The data uploading module is configured to transfer the generated message to the blockchain. Generally, the data uploading module reads the message from the message middleware, and transfers the message encapsulated with the target data field to the blockchain platform. For example, a credible blockchain platform such as SSE is preferable.

As an optional embodiment, the blockchain-based data protection device further includes a data authentication module, configured to generate a data fingerprint to be verified from the data in the local database and the local file according to the selected start time, end time, and business type; The generated data fingerprint to be verified is compared with the data fingerprint in the message corresponding to the selected start time, end time, and business type stored on the blockchain. data is credible.

The blockchain-based data protection device collects multi-source heterogeneous data for unified processing, processes the collected original large-scale data into a data stream including start time, end time, business type and data fingerprint, and generates a unified message Format, through distributed data caching, the message is uploaded to the blockchain, and the original multi-source heterogeneous data is still stored in the local database and local files of each business system of the securities company, avoiding other participants on the blockchain. Abuse; when it is necessary to verify whether the data is credible, the customer selects the time zone and business type to generate the data fingerprint to be verified, and compares it with the data fingerprint on the blockchain. If the data is consistent, it proves that the data is credible.

As an optional embodiment, the blockchain-based data protection device further includes a data cache module configured to store the message to be uploaded on the chain in the message middleware. A more preferred embodiment is that the message to be uploaded is stored in Kafka to prevent the blockchain system from being overloaded due to the excessive amount of data during data interaction. You can put all the packets into one kafka topic, or you can put all the packets into multiple topics by business division. It implements the classification and caching of packets and provides a packet output interface.

As an optional embodiment, the blockchain-based data protection device further includes a scheduling module configured to control the data collection of the data collection module. Specifically, the business system data is used as the data collection object, and the data collection object is added to the scheduling list, and set the data monitoring time interval and data collection time interval. Collect relevant business system data according to the preset time. As an optional embodiment, different time intervals are set for the collection time of different business system data. For example, the collection interval of some business systems is set to every 5 minutes, and the The collection interval is set to every hour, and the collection interval of some business systems is set to all day.

As an optional embodiment, the data uploading module specifically includes: an authority authentication unit, used to authenticate the authority of the checker; a request unit, used to initiate a connection request to the blockchain server; a connection unit, used to request the blockchain The server establishes a connection; the uploading unit is used to upload messages to the blockchain server. For example, a data upload request is sent to the blockchain in the form of POST, and a return message is received; if the failure information is found, the data upload request can be made again; if the status code returned by the server is 1, it means that the chain is successful, if -1 means failure.

The blockchain-based data protection method disclosed in the embodiment of the present application converts multi-source heterogeneous data into messages containing only the start time, end time, service type and data fingerprint, and stores them on the blockchain, which alleviates the problem of existing In the technology, it is necessary to record all the data and upload it one by one. The technical problem of excessive overhead of computing resources, storage resources and bandwidth resources of the blockchain is caused by the process. It can also solve the problem that the interactive data between customers and securities companies is easy to delete and easy to delete. The problem of tampering and inability to ensure the security and completeness of data.

The technical solutions disclosed in the application and the technical details disclosed in the examples are only illustrative of the inventive concept of the application, and do not constitute a limitation on the technical solutions of the application. Any conventional changes and replacements made to the technical details disclosed in the application Or combinations, etc., all have the same inventive concept as the present application, and all fall within the protection scope of the claims of the present application.

Claims (10)

1. A data protection method based on blockchain, characterized in that it comprises the steps: S1. Collect multi-source heterogeneous data; S2, processing the collected multi-source heterogeneous data into a data stream with a specified format, and extracting the start time, end time, and service type from the data stream to generate a data fingerprint; S3. Assemble the obtained start time, end time, service type and data fingerprint into a message; S4. Store the assembled message on the blockchain, and the original data is still stored in the local database and/or local file. 2. The blockchain-based data protection method according to claim 1, further comprising the steps of: S5. Generate a data fingerprint to be verified from the data in the local database and/or the local file according to the selected start time, end time, and business type; S6. Compare the generated data fingerprint to be verified with the data fingerprint stored in the block chain in the message corresponding to the start time, end time, and service type. If the two are consistent, then the local database and/or local file The data in can be trusted. 3. The blockchain-based data protection method according to claim 1, wherein the data fingerprint is an MD5 value. 4. The data protection method based on blockchain according to claim 1, wherein the data stream of the specified format comprises a data stream of a unified format or a data stream of a specific format, wherein the unified format comprises JSON Format, avro format, the specific format includes text format, picture format, voice format, video format. 5 . The data protection method based on blockchain according to claim 1 , wherein the local database includes a relational database and a non-relational database. 6 . 6. A block chain-based data protection device for implementing the data protection method according to any one of claims 1 to 5, characterized in that, comprising: Data acquisition module, configured to collect multi-source heterogeneous data; The data processing module is configured to process the collected multi-source heterogeneous data into a data stream with a specified format, and extract the start time, end time, and service type from the data stream to generate a data fingerprint; The encapsulation module is configured to assemble the obtained start time, end time, service type and data fingerprint into a message; The data uploading module is configured to transfer the assembled message to the blockchain. 7. The blockchain-based data protection device according to claim 6, further comprising: The data authentication module is configured to generate a data fingerprint to be verified from the data in the local database and/or local file according to the selected start time, end time and business type; The data fingerprints in the packets corresponding to the start time, end time, and service type are compared, and if the two are consistent, the data in the local database and/or the local file is credible. 8 . The blockchain-based data protection device according to claim 6 , further comprising a data cache module configured to store the messages to be uploaded on the chain in the message middleware. 9 . 9 . The blockchain-based data protection device according to claim 6 , further comprising a scheduling module configured to control data collection of the data collection module. 10 . 10. The blockchain-based data protection device according to claim 6, wherein the data uploading module specifically comprises: The authority authentication unit, which is used to authenticate the authority of the checker; The request unit is used to initiate a connection request to the blockchain server; A connection unit for establishing a connection to the requested blockchain server; The uploading unit is used to upload messages to the blockchain server.

Images