CN114884679B

CN114884679B - Intellectual property right authorizing method and device based on blockchain

Info

Publication number: CN114884679B
Application number: CN202210527738.8A
Authority: CN
Inventors: 刘倩; 吴祥柏; 姜明佐; 高俊亮; 张代雨; 崔健
Original assignee: Jiangsu University of Science and Technology
Current assignee: Jiangsu University of Science and Technology
Priority date: 2022-05-16
Filing date: 2022-05-16
Publication date: 2024-01-19
Anticipated expiration: 2042-05-16
Also published as: CN114884679A

Abstract

The invention relates to the technical field of computers, in particular to an intellectual property right authorization method and device based on a blockchain, wherein the method is applied to a alliance blockchain and comprises the following steps: the first account node sends a data authorization request to the second account node and receives a data authorization result corresponding to the data authorization request; the data authorization request includes an authorization data identifier; when the first account node judges that the data authorization result meets the preset requirement, the authorization record is sent to the alliance block chain to be uplink; when the second account node judges that the authorization record is uplink, encrypting target authorization data, and uploading the encrypted authorization data to the cloud; and when the first account node judges that the encryption authorization data is stored in the cloud, acquiring the encryption authorization data from the cloud.

Description

Intellectual property right authorizing method and device based on blockchain

Technical Field

The invention relates to the technical field of computers, in particular to an intellectual property right authorization method and device based on a blockchain.

Background

With the rapid development of intellectual property, the importance of the intellectual property is higher and higher, the inventor is often not a user, and more intellectual property inventors need to meet the needs of the user by authorizing own intellectual property, so as to obtain corresponding benefits.

In practical applications, since intellectual property is usually carried by text, pictures, audio and video or structured data, these carriers are very easy to copy, which results in that intellectual property is easily stolen or abused.

It is important to provide a blockchain-based intellectual property rights granting method to improve the security and efficiency of the intellectual property rights granting.

Disclosure of Invention

The invention provides a block chain-based intellectual property right authorization method and a block chain-based intellectual property right authorization device, which can be based on the characteristic that a block chain transaction record cannot be tampered, improve the efficiency of intellectual property right authorization and transaction, simplify procedures such as evidence collection and evidence collection of a supervision party, ensure rights of an authorized party and an intellectual property right user, reduce the cost of authorization or transaction, simultaneously well connect block chain nodes, reduce block chain up-link and maintenance time by using a consensus algorithm, further improve the accuracy and efficiency of an authorization process, provide better privacy protection, and improve the flexibility and universality of the scheme.

To solve the above technical problem, a first aspect of the present invention discloses a blockchain-based intellectual property rights granting method, which is applied to a federated blockchain, and includes:

The method comprises the steps that a first account node sends a data authorization request to a second account node and receives a data authorization result corresponding to the data authorization request returned by the second account node; the data authorization request comprises an authorization data identifier;

the first account node judges whether the data authorization result meets a preset requirement or not;

when the first account node judges that the data authorization result meets the preset requirement, transmitting an authorization record corresponding to the authorization result to all consensus nodes of the alliance blockchain so that the alliance blockchain uplinks the authorization record;

the second account node judges whether the authorization record is uplink or not, encrypts target authorization data corresponding to the authorization data identifier when the judgment result is yes, and uploads the encrypted authorization data to the cloud;

and the first account node judges whether the encryption authorization data is stored in the cloud end, and when the judgment result is yes, an acquisition request is sent to the cloud end to acquire the encryption authorization data.

As an optional implementation manner, in the first aspect of the present invention, before the first account node sends the data authorization request to the second account node, the method further includes:

Creating a first asymmetric key by a first account, wherein the first asymmetric key comprises a first private key and a first public key; when the alliance block link receives a first node creation request sent by the first account, creating a first account node corresponding to the first account, and binding the first public key;

creating a second asymmetric key by the second account, wherein the second asymmetric key comprises a second private key and a second public key; when the alliance block link receives a second node creation request sent by the second account, creating a second account node corresponding to the second account, and binding the second public key.

As an optional implementation manner, in the first aspect of the present invention, encrypting the target authorization data corresponding to the authorization data identifier includes:

the second account node calculates target Hash information of target authorization data corresponding to the authorization data identifier;

the second account node encrypts the target authorization data by using the second public key to obtain encrypted authorization data corresponding to the target authorization data; or,

when the second account node stores the first public key, encrypting the target authorization data by using the first public key to obtain encrypted authorization data corresponding to the target authorization data;

The second account node uploads the encrypted authorization data to the cloud, including:

the second account node uploads encrypted information to the cloud, wherein the encrypted information comprises the encrypted authorization data and identification information corresponding to the encrypted authorization data, and the identification information corresponding to the encrypted authorization data is the target Hash information.

As an optional implementation manner, in the first aspect of the present invention, after the sending an acquisition request to the cloud end to acquire the encrypted authorization data, the method further includes:

when the encryption key of the encryption authorization data acquired by the first account node is the first public key, analyzing the encryption authorization data by using the first public key to acquire target authorization data in the encryption authorization data;

when the encryption key of the encryption authorization data acquired by the first account node is the second public key and the second public key is stored in the first account node, the encryption authorization data is analyzed by using the first public key so as to acquire target authorization data in the encryption authorization data.

As an optional implementation manner, in the first aspect of the present invention, after encrypting the target authorization data corresponding to the authorization data identifier, the method further includes:

The first account node writes target Hash information of the target authorization data into the alliance blockchain so that the target Hash information is uplink;

the first account node determining whether the encrypted authorization data is stored in the cloud end includes:

the first account node acquires target Hash information of the target authorization data stored on a chain, and judges whether the cloud end stores authorization data matched with the target Hash information or not;

and when the judgment result is yes, the first account node determines that the encryption authorization data is stored in the cloud.

In an optional implementation manner, in a first aspect of the present invention, the determining, by the first account node, whether the data authorization result meets a preset requirement includes:

the first account node judges whether the first time period corresponding to the target authorization data and the second time period corresponding to the data authorization request overlap or not, and when the judgment result is yes, the data authorization result is determined to meet the preset requirement; and/or the number of the groups of groups,

the first account node judges whether first price information corresponding to the target authorization data is smaller than or equal to second price information corresponding to the authorization request, and when the judgment result is yes, the data authorization result is determined to meet the preset requirement; and/or the number of the groups of groups,

The first account node acquires a plurality of historical authorization records of the second account node;

the first account node screens out successful authorization records in the plurality of historical authorization records to obtain a plurality of historical successful authorization records; the history successful authorization record is a record that the corresponding two account nodes in the history authorization record complete the intellectual property authorization;

the first account node calculates the ratio of the number of the history successful authorization records to the total number of all the history authorization records to obtain the history authorization success rate;

the first account node calculates vector similarity of the authorization data corresponding to each history successful authorization record and the target authorization data, and calculates the sum of the vector similarity corresponding to all the history successful authorization records to obtain similarity weight;

the first account node calculates the product of the historical authorization success rate and the similarity weight to obtain a credibility parameter corresponding to the second account node;

and the first account node judges whether the credibility parameter is larger than a preset credibility threshold value, and when the judgment result is yes, the data authorization result is determined to meet the preset requirement.

As an alternative embodiment, in the first aspect of the present invention, the method further includes:

in the process of completing the authorization corresponding to the data authorization request, creating a special communication channel bound with the data authorization request in the communication process between any two objects of the first account node, the second account node, the alliance blockchain and the cloud end so as to realize the isolated transmission of all communication data corresponding to the data authorization request;

and, said creating a dedicated communication channel bound to said data authorization request, comprising:

determining the data volume of communication data corresponding to the communication process; the communication data comprises at least one of the data authorization request, the data authorization result, the authorization record and the encrypted authorization data;

determining the data uploading success rate of at least one object corresponding to the communication process; the success rate of data transmission is the success rate of the object to transmit data to another object in a historical time period;

determining the number of first communication channels corresponding to the data volume according to a preset data volume-channel number corresponding relation;

Judging whether the data uploading success rate is smaller than a preset success rate threshold value, if so, multiplying the first communication channel number by a first proportion to obtain a second communication channel number; the first ratio is greater than 1; the first ratio is inversely proportional to the data upload success rate;

for the communication process, a dedicated communication channel having a number of channels equal to the number of second communication channels is established.

the second account node judges whether the target authorization data is completely acquired or not;

when the judgment result is yes, the second account node determines that the authorization process corresponding to the data authorization request is completed, and sends authorization completion information to all consensus nodes of the alliance blockchain so that the alliance blockchain updates the authorization record;

and the second account node judges whether the target authorization data is completely acquired or not, including:

the second account node obtains first segment identifiers corresponding to a plurality of first data segments of the target authorization data, and obtains uploading time of uploading the encrypted authorization data corresponding to the target authorization data to a cloud;

After the first account node acquires target authorization data in the encrypted authorization data, second segment identifiers of a plurality of second data segments in the acquired target authorization data and acquisition time information are sent to the second account node;

after receiving the second segment identifier and acquiring time information, the second account node matches the second segment identifier with the first segment identifier to obtain a first matching result;

the second account node calculates the time difference between the acquired time information and the uploading time, and judges whether the time difference is smaller than a historical time difference threshold value or not to obtain a first judgment result; the historical time difference is an average of the time differences of the first account node and the second account node performing the intellectual property rights granting method in a plurality of historical time periods;

and when the first matching result and the first judging result are both yes, the second account node judges that the target authorization data is completely acquired.

A second aspect of the present invention discloses a blockchain-based intellectual property rights granting system for use with a federated blockchain, the system comprising:

The data authorization request module is used for sending a data authorization request to a second account node by a first account node and receiving a data authorization result corresponding to the data authorization request returned by the second account node; the data authorization request comprises an authorization data identifier;

the first judging module is used for judging whether the data authorization result meets the preset requirement or not by the first account node;

the first sending module is used for sending an authorization record corresponding to the authorization result to all consensus nodes of the alliance blockchain when the first judging module judges that the data authorization result meets the preset requirement, so that the alliance blockchain uplinks the authorization record;

the second judging module is used for judging whether the authorization record is uplink or not by the second account node;

the encryption module is used for encrypting the target authorization data corresponding to the authorization data identifier and uploading the encrypted authorization data to the cloud end when the judgment result of the second judgment module is yes;

the third judging module is used for judging whether the encryption authorization data are stored in the cloud end or not by the first account node;

and the acquisition module is used for sending an acquisition request to the cloud end to acquire the encryption authorization data when the judgment result of the third judgment module is yes.

As an alternative embodiment, in the second aspect of the present invention, the system further includes:

a first distribution module for creating a first asymmetric key by a first account before the data authorization request module, the first asymmetric key including a first private key and a first public key; when the alliance block link receives a first node creation request sent by the first account, creating a first account node corresponding to the first account, and binding the first public key;

a second distribution module for creating a second asymmetric key by a second account prior to the data authorization request module, the second asymmetric key comprising a second private key and a second public key; when the alliance block link receives a second node creation request sent by the second account, creating a second account node corresponding to the second account, and binding the second public key.

As an optional implementation manner, in the second aspect of the present invention, the specific manner of encrypting, by the encryption module, the target authorization data corresponding to the authorization data identifier is:

the decryption module is used for analyzing the encrypted authorization data by using the first public key when the encryption key of the encrypted authorization data acquired by the first account node is the first public key after the acquisition module so as to acquire target authorization data in the encrypted authorization data;

The decryption module is further configured to, after the obtaining module, parse the encrypted authorization data by using the first public key when the encrypted key of the encrypted authorization data obtained by the first account node is the second public key and the first account node stores the second public key, so as to obtain target authorization data in the encrypted authorization data.

the second sending module is used for writing target Hash information of the target authorization data into the alliance blockchain by the first account node after the encryption module so as to enable the target Hash information to be uplink;

the specific way that the third judging module judges whether the encryption authorization data is stored in the cloud end is as follows:

In a second aspect of the present invention, the specific manner of determining, by the first determining module, whether the data authorization result meets the preset requirement is:

As an optional implementation manner, in the second aspect of the present invention, the apparatus further includes a channel establishment module, configured to create, in a communication process between any two objects of the first account node, the second account node, the alliance blockchain, and the cloud, a dedicated communication channel bound to the data authorization request in order to implement isolated transmission of all communication data corresponding to the data authorization request in an authorization process that completes the data authorization request;

and the specific mode of creating the special communication channel bound with the data authorization request by the channel creation module comprises the following steps:

the third sending module is used for judging whether the target authorization data is completely acquired by the second account node after the acquisition module;

and the second account node judges whether the target authorization data is completely acquired or not, which comprises the following steps:

A third aspect of the present invention discloses another blockchain-based intellectual property rights granting system, the system comprising:

a memory storing executable program code;

a processor coupled to the memory;

the processor invokes the executable program code stored in the memory to perform some or all of the steps of any of the blockchain-based intellectual property rights granting methods disclosed in the first aspect of the invention.

A fourth aspect of the invention discloses a computer storage medium storing computer instructions which, when invoked, are operable to perform part or all of the steps of any of the blockchain-based intellectual property rights granting methods disclosed in the first aspect of the invention.

Compared with the prior art, the invention has the following beneficial effects:

the invention discloses an intellectual property right authorizing method based on a blockchain, which is applied to a alliance blockchain and comprises the following steps: the first account node sends a data authorization request to the second account node and receives a data authorization result corresponding to the data authorization request; the data authorization request includes an authorization data identifier; when the first account node judges that the data authorization result meets the preset requirement, the authorization record is sent to the alliance block chain to be uplink; when the second account node judges that the authorization record is uplink, encrypting target authorization data, and uploading the encrypted authorization data to the cloud; and when the first account node judges that the encryption authorization data is stored in the cloud, acquiring the encryption authorization data from the cloud. Therefore, the invention can improve the efficiency of the authorization and transaction of the intellectual property based on the characteristic that the blockchain transaction record is not tamperable, is beneficial to simplifying procedures such as evidence collection and the like of the supervision party, is beneficial to guaranteeing rights and interests of the authorization party and the intellectual property user, reduces the authorization or transaction cost, can well connect blockchain nodes, reduces the blockchain uploading and maintenance time by using a consensus algorithm, further improves the accuracy and efficiency of the authorization process, provides better privacy protection, and improves the flexibility and the universality of the scheme.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a blockchain-based intellectual property rights granting method in accordance with an embodiment of the present invention;

FIG. 2 is a flow chart of another blockchain-based intellectual property rights granting method disclosed in an embodiment of the invention;

FIG. 3 is a schematic diagram of a blockchain-based intellectual property rights granting system in accordance with an embodiment of the present invention;

FIG. 4 is a schematic diagram of another blockchain-based intellectual property rights granting system in accordance with an embodiment of the disclosure;

fig. 5 is a schematic diagram of a block chain based intellectual property rights granting system according to an embodiment of the disclosure.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

The invention discloses a blockchain-based intellectual property right authorization method and a blockchain-based intellectual property right authorization system, which can be based on the characteristic that a blockchain transaction record is not tamperable, improve the efficiency of intellectual property right authorization and transaction, simultaneously facilitate the simplification of procedures such as evidence collection, evidence collection and the like of a supervision party, ensure the rights of an authorized party and an intellectual property right user, reduce the cost of authorization or transaction, simultaneously realize good connection of blockchain nodes, reduce blockchain uploading and maintenance time by using a consensus algorithm, further improve the accuracy and efficiency of an authorization process, provide better privacy protection, and improve the flexibility and the universality of the scheme. The following will explain in detail.

Example 1

Referring to fig. 1, fig. 1 is a flowchart of a blockchain-based intellectual property rights granting method according to an embodiment of the present invention. The method described in fig. 1 may be applied to a blockchain-based intellectual property rights authorization system, where the system may be a distributed system formed by linking a client and a plurality of nodes (computing devices in any form of access network, such as servers and user terminals) through a network communication form, and embodiments of the present invention are not limited. As shown in fig. 1, the blockchain-based intellectual property rights granting method may include the operations of:

101. the first account node sends a data authorization request to the second account node and receives a data authorization result corresponding to the data authorization request returned by the second account node.

In the embodiment of the present invention, the first account node is a node corresponding to a data (i.e. intellectual property) user, the second account node is a node corresponding to a data authorizer, and the data user sends a data authorization request to the data authorizer, where the data authorization request may include an authorized data identifier, for example, a unique identifier code after the intellectual property is authorized, or key information corresponding to the intellectual property, and the embodiment of the present invention is not limited. And then, the data authorizing party returns the data authorizing result to the data using party.

102. The first account node judges whether the data authorization result meets the preset requirement.

In the embodiment of the invention, the data user judges whether the received data authorization result meets the preset requirement.

103. When the first account node judges that the data authorization result meets the preset requirement, the authorization record corresponding to the authorization result is sent to all consensus nodes of the alliance blockchain.

In the embodiment of the invention, the first account node sends the authorization record corresponding to the authorization result to the consensus node of the alliance blockchain, and the consensus node completes the accounting or the uplink operation by adopting a consensus algorithm (such as a consensus algorithm of Kafka, SBTF and the like).

104. The second account node determines whether the authorization record is already in the chain.

105. And when the judgment result is yes, encrypting the target authorization data corresponding to the authorization data identifier, and uploading the encrypted authorization data to the cloud.

106. The first account node determines whether the encrypted authorization data is stored in the cloud.

107. And when the judgment result is yes, sending an acquisition request to the cloud to acquire the encryption authorization data.

Therefore, the method described by the embodiment of the invention can be based on the characteristic that the blockchain transaction record is not tamperable, thereby improving the efficiency of the authorization and transaction of the intellectual property rights, being beneficial to simplifying procedures such as evidence collection and the like of a supervisor, being beneficial to guaranteeing rights and interests of the authorizer and the intellectual property rights user, reducing the cost of authorization or transaction, simultaneously, the blockchain nodes can be well connected, the blockchain uploading and maintenance time can be reduced by using a consensus algorithm, the accuracy and efficiency of the authorization process can be further improved, better privacy protection can be provided, and the flexibility and the universality of the scheme can be improved.

In this alternative embodiment, the method for determining, by the first account node, whether the data authorization result meets the preset requirement may include the following operations:

the first account node judges whether first price information corresponding to the target authorization data is smaller than or equal to second price information corresponding to the authorization request, and when the judgment result is yes, the data authorization result is determined to meet the preset requirement.

In the embodiment of the invention, the first account node can determine whether the first time period corresponding to the target authorization data and the second time period corresponding to the data authorization request overlap or not by judging, and when the judgment result is yes, the data authorization result is determined to meet the preset requirement. For example, the validity period (i.e. the first time period) of the target authorization data of the data authorizer is 2022, 3 months, to 2032, 3 months, and the expected use time (i.e. the second time period) of the data user is 2022, 3 months, to 2024, 3 months, and the two times overlap, so that the preset requirement is satisfied.

In this optional embodiment, the first account node may further determine whether the first price information corresponding to the target authorization data is less than or equal to the second price information corresponding to the authorization request, and when the determination result is yes, determine that the data authorization result meets the preset requirement. For example, the data authorizer issues an authorized price (first price information) of 1000 yuan, and the data user expects a use price (second price information) of 800 yuan, which does not satisfy the preset requirement.

the method comprises the steps that a first account node obtains a plurality of historical authorization records of a second account node;

the first account node calculates the vector similarity of the authorization data corresponding to each history successful authorization record and the target authorization data, and calculates the sum of the vector similarities corresponding to all the history successful authorization records to obtain a similarity weight;

The first account node calculates the product of the historical authorization success rate and the similarity weight to obtain a reliability parameter corresponding to the second account node;

Alternatively, the vector similarity may be euclidean distance or cosine similarity, which is not limited in the present invention.

Alternatively, the confidence threshold may be determined by an operator based on an empirical or experimental value and subsequently adjusted based on actual results.

Therefore, the method described by the embodiment of the invention can provide diversified methods for judging whether the data authorization result meets the preset requirement, can be added or integrated with other judging methods according to actual conditions, improves the universality and applicability of the method, further improves the authorization suitability of the authorizer and the user, and is beneficial to improving the efficiency and the authorization accuracy of the authorization process.

In another alternative embodiment, the method may further comprise, before the first account node sends the data authorization request to the second account node:

creating a first asymmetric key by the first account, the first asymmetric key comprising a first private key and a first public key; when the alliance block link receives a first node creation request sent by a first account, creating a first account node corresponding to the first account, and binding a first public key;

Creating a second asymmetric key by the second account, the second asymmetric key comprising a second private key and a second public key; when the alliance block link receives a second node creation request sent by the second account, a second account node corresponding to the second account is created, and the second public key is bound.

Therefore, the method described by the embodiment of the invention can adopt a mode of creating the asymmetric key to create different key information for different accounts, thereby ensuring the confidentiality of the authorization process, providing a basis for the subsequent encryption and decryption processes, further improving the security of the authorization process and providing better privacy protection.

In yet another alternative embodiment, encrypting the target authorization data corresponding to the authorization data identification may include the operations of:

the second account node uploads the encrypted information to the cloud, wherein the encrypted information comprises encrypted authorization data and identification information corresponding to the encrypted authorization data, and the identification information corresponding to the encrypted authorization data is target Hash information.

In the embodiment of the invention, the second account node calculates the Hash value of the target authorization data corresponding to the authorization data identifier, and then encrypts the target authorization data, wherein the encryption process can be performed by using the second public key (public key of the authorized party) or by using the first public key (public key of the authorized party). And uploading the encrypted information to the cloud end by the second account node, wherein the encrypted information can comprise the encrypted authorization data and Hash information corresponding to the target authorization data.

Therefore, the method described by the embodiment of the invention can provide various flexible encryption modes for encrypting the target authorization data, so that the flexibility and the universality of the scheme are improved, the accuracy and the efficiency of the authorization process are improved, better privacy protection is provided, and the security level of the scheme is further improved.

In yet another alternative embodiment, after sending the acquisition request to the cloud end to acquire the encrypted authorization data, the method may further include the following operations:

when the encryption key of the encryption authorization data acquired by the first account node is a first public key, analyzing the encryption authorization data by using the first public key to acquire target authorization data in the encryption authorization data;

when the encryption key of the encryption authorization data acquired by the first account node is the second public key and the second public key is stored in the first account node, the encryption authorization data is analyzed by the first public key so as to acquire target authorization data in the encryption authorization data.

Therefore, the method described by the embodiment of the invention can provide different decryption modes corresponding to different encryption modes to realize the decryption operation of the target authorization data, so that the flexibility and the universality of the scheme are improved, the accuracy and the efficiency of the authorization process are improved, better privacy protection is provided, and the security level of the scheme is further improved.

In yet another alternative embodiment, after encrypting the authorization data identifying the corresponding target authorization data, the method may further include the operations of:

the first account node writes target Hash information of target authorization data into the alliance blockchain so as to enable the target Hash information to be uplink;

The first account node judges whether the encrypted authorization data is stored in the cloud end or not, and the method comprises the following steps:

the method comprises the steps that a first account node obtains target Hash information of target authorization data stored in a chain, and judges whether the cloud end stores authorization data matched with the target Hash information or not;

In the embodiment of the invention, first, the first account node can also send the Hash value corresponding to the target authorization data to the alliance block chain, so that the Hash information is recorded in a uplink manner. After that, the first account node can inquire whether the authorization data matched with the Hash information exists in the cloud through the Hash information stored in the chain, and when the judgment result is yes, the encrypted authorization data can be determined to be stored in the cloud.

Therefore, the method described by the embodiment of the invention can only use the Hash information field with extremely small occupied space as key information of the target authorization data, acquire the Hash information stored on the chain, and further inquire whether the cloud end stores the matched encrypted authorization data or not through the Hash information, thereby realizing quick matching and inquiry, being beneficial to improving the accuracy and efficiency of the authorization process, providing better privacy protection and improving the flexibility and universality of the scheme.

In yet another alternative embodiment, the method may further comprise the operations of:

in the process of completing the authorization corresponding to the data authorization request, a special communication channel bound with the data authorization request is created in the communication process between any two objects of the first account node, the second account node, the alliance blockchain and the cloud end, so that the isolated transmission of all communication data corresponding to the data authorization request is realized.

In the embodiment of the invention, in the process of completing the authorization process corresponding to the data authorization request, a special communication Channel is required to be established in the process of all communication terminals for communication so as to realize the isolated transmission of data.

Optionally, the method for creating the dedicated communication channel bound with the data authorization request includes:

Therefore, the method described by the embodiment of the invention can realize the isolated transmission of data by providing the special communication channel, ensure that the authorization process can only be seen by the authorized party and the user corresponding to the receipt authorization request, avoid the occurrence of information leakage, improve the flexibility and the universality of the scheme, improve the accuracy and the efficiency of the authorization process, provide better privacy protection and further improve the security level of the scheme.

And when the judgment result is yes, the second account node determines that the authorization process corresponding to the data authorization request is completed, and sends authorization completion information to all consensus nodes of the alliance blockchain so as to enable the alliance blockchain to update the authorization record.

In the embodiment of the invention, after the second account node acquires the complete target authorization data, the second account node sends the authorization completion information to the consensus node of the alliance blockchain to update the authorization record stored in the blockchain.

Optionally, the method for determining whether the target authorization data is completely acquired by the second account node may include:

the second account node acquires first fragment identifiers corresponding to a plurality of first data fragments of the target authorization data, and acquires uploading time of uploading the encrypted authorization data corresponding to the target authorization data to the cloud;

after the first account node acquires the target authorization data in the encrypted authorization data, the first account node sends second segment identifiers of a plurality of second data segments in the acquired target authorization data and acquisition time information to the second account node;

The second account node calculates the time difference between the acquired time information and the uploading time, and judges whether the time difference is smaller than a historical time difference threshold value or not to obtain a first judgment result; the historical time difference is an average value of time differences of the first account node and the second account node for executing the intellectual property right authorization method in a plurality of historical time periods;

Therefore, the method described by the embodiment of the invention can complete the closed loop of the whole authorization process by updating the authorization completion information to the authorization record on the chain, is beneficial to other nodes to accurately acquire the completion progress of the authorization process, ensures the integrity of the authorization process, is convenient for an authorized party to monitor whether the authorization process is completed in time, and is beneficial to improving the flexibility and the universality of the scheme.

Example two

Referring to fig. 2, fig. 2 is a flow chart of another intellectual property rights granting method based on blockchain according to the embodiment of the invention. The method described in fig. 2 may be applied to a blockchain-based intellectual property rights authorization system, where the system may be a distributed system formed by linking a client and a plurality of nodes (computing devices in any form of access network, such as servers and user terminals) through a network communication, and embodiments of the present invention are not limited. As shown in fig. 2, the blockchain-based intellectual property rights granting method may include the operations of:

201. The authorizer creates an authorizer asymmetric key.

202. The authorizer creates a node on the blockchain and binds the authorizer public key.

203. The party creates a party asymmetric key.

204. The party creates a node on the blockchain and binds the party public key.

205. The data authorization request is initiated by the party authorized.

206. And when the user judges that the authorization result returned by the authorization party meets the requirement, the authorization record corresponding to the authorization result is uplink.

207. The blockchain sends the public key of the party user to the authorizer.

Alternatively, step 207 may be omitted, in which case, when step 207 is omitted, the public key used in the encryption process of step 209 is the public key of the authorizer, and the public key used in the decryption process of step 216 is also the public key of the authorizer.

208. And the authorizer calculates Hash information of the target authorization data corresponding to the data authorization request.

209. The authorizer encrypts the target authorization data using the public key of the user.

210. The authorized party uploads the encrypted information to the cloud, wherein the encrypted information comprises encrypted authorization data and identification information corresponding to the encrypted authorization data, and the identification information corresponding to the encrypted authorization data is Hash information of target authorization data.

211. The authorizer writes the Hash of the target authorization data into the blockchain.

212. Authorization information is queried using a directional blockchain.

Alternatively, the authorization information may be an authorization record stored on the chain at step 206.

213. The user obtains a Hash of the target authorization data stored on the chain.

214. The user inquires the encrypted information corresponding to the Hash information from the cloud through the Hash of the target authorization data.

215. And the cloud returns the encrypted information to the user.

216. The user decrypts the encrypted information using the user's public key.

217. The user writes authorization completion information to the blockchain.

Example III

Referring to fig. 3, fig. 3 is a schematic diagram of a block chain-based intellectual property rights granting system according to an embodiment of the present invention. In the blockchain-based intellectual property authorization system described in fig. 3, the system may be a distributed system formed by linking a client and a plurality of nodes (computing devices in any form in an access network, such as servers and user terminals) through a network communication form, which is not limited by the embodiment of the present invention. It should be noted that, the blockchain-based intellectual property authorization system refers to the steps in the blockchain-based intellectual property authorization method described in the first embodiment and the second embodiment, and detailed description will not be repeated in this embodiment, as shown in fig. 3, the blockchain-based intellectual property authorization system may include:

the data authorization request module 301 is configured to send a data authorization request to the second account node by using the first account node, and receive a data authorization result corresponding to the data authorization request returned by the second account node; the data authorization request includes an authorization data identifier;

the first judging module 302 is configured to judge, by using the first account node, whether the data authorization result meets a preset requirement;

The first sending module 303 is configured to send, when the first judging module 302 judges that the data authorization result meets a preset requirement, an authorization record corresponding to the authorization result to all consensus nodes of the alliance blockchain, so that the alliance blockchain uplinks the authorization record;

a second judging module 304, configured to judge whether the authorization record is already uplink by using a second account node;

the encryption module 305 is configured to encrypt the target authorization data corresponding to the authorization data identifier and upload the encrypted authorization data to the cloud end when the determination result of the second determination module 304 is yes;

a third determining module 306, configured to determine, by the first account node, whether the encrypted authorization data is stored in the cloud end;

the obtaining module 307 is configured to send an obtaining request to the cloud end to obtain the encrypted authorization data when the determination result of the third determining module 306 is yes.

Therefore, the system described by the embodiment of the invention can be based on the characteristic that the blockchain transaction record is not tamperable, thereby improving the efficiency of the authorization and transaction of the intellectual property rights, being beneficial to simplifying procedures such as evidence collection and the like of a supervisor, being beneficial to guaranteeing rights and interests of the authorizer and the intellectual property rights user, reducing the cost of authorization or transaction, simultaneously, the blockchain nodes can be well connected, the blockchain and maintenance time can be reduced by using a consensus algorithm, the accuracy and efficiency of the authorization process can be further improved, better privacy protection can be provided, and the flexibility and the universality of the scheme can be improved.

In an alternative embodiment, as shown in fig. 4, the specific manner of determining, by the first determining module 302, whether the data authorization result meets the preset requirement is:

Therefore, the system described in the embodiment of the invention can provide diversified methods for judging whether the data authorization result meets the preset requirement, and can be added or integrated with other judging methods according to actual conditions, so that the universality and applicability of the system are improved, the authorization suitability of an authorized party and a user is further improved, and the efficiency and the authorization accuracy of the authorization process are improved.

In another alternative embodiment, as shown in fig. 4, the system may further include:

a first distribution module 308 for creating, prior to the data authorization request module 301, a first asymmetric key by the first account, the first asymmetric key comprising a first private key and a first public key; when the alliance block link receives a first node creation request sent by a first account, creating a first account node corresponding to the first account, and binding a first public key;

A second distribution module 309 for creating, prior to the data authorization request module 301, a second asymmetric key for the second account, the second asymmetric key comprising a second private key and a second public key; when the alliance block link receives a second node creation request sent by the second account, a second account node corresponding to the second account is created, and the second public key is bound.

Therefore, the system described by the embodiment of the invention can create different key information for different accounts by adopting a mode of creating an asymmetric key, thereby ensuring the confidentiality of the authorization process, providing a basis for the subsequent encryption and decryption processes, further improving the security of the authorization process and providing better privacy protection.

In yet another alternative embodiment, as shown in fig. 4, the specific manner in which the encryption module 305 encrypts the target authorization data corresponding to the authorization data identifier is:

Therefore, the system described by the embodiment of the invention can provide various flexible encryption modes for encrypting the target authorization data, so that the flexibility and the universality of the scheme are improved, the accuracy and the efficiency of the authorization process are improved, better privacy protection is provided, and the security level of the scheme is further improved.

In yet another alternative embodiment, as shown in fig. 4, the system may further include:

the decryption module 310 is configured to, after the obtaining module 307, parse the encrypted authorization data with the first public key when the encryption key of the encrypted authorization data obtained by the first account node is the first public key, so as to obtain target authorization data in the encrypted authorization data;

the decryption module 310 is further configured to, after the obtaining module 307, parse the encrypted authorization data with the first public key when the encryption key of the encrypted authorization data obtained by the first account node is the second public key and the first account node stores the second public key, so as to obtain the target authorization data in the encrypted authorization data.

Therefore, the system described by the embodiment of the invention can provide different decryption modes corresponding to different encryption modes to realize the decryption operation of the target authorization data, so that the flexibility and the universality of the scheme are improved, the accuracy and the efficiency of the authorization process are improved, better privacy protection is provided, and the security level of the scheme is further improved.

the second sending module 311 is configured to, after the encryption module 305, write, by the first account node, target Hash information of the target authorization data into the coalition blockchain, so that the target Hash information is uplink;

the specific manner in which the third determining module 311 determines whether the encrypted authorization data is stored in the cloud is as follows:

Therefore, the system described by the embodiment of the invention can only use the Hash information field with extremely small occupied space as key information of target authorization data, acquire Hash information stored on a chain, and further inquire whether the cloud end stores matched encrypted authorization data or not through the Hash information, so that quick matching and inquiry are realized, the accuracy and efficiency of an authorization process are improved, better privacy protection is provided, and the flexibility and the universality of the scheme are improved.

In still another optional embodiment, the device further includes a channel establishment module, configured to create a dedicated communication channel bound to the data authorization request during a communication process between any two objects of the first account node, the second account node, the alliance blockchain, and the cloud end in order to implement isolated transmission of all communication data corresponding to the data authorization request in an authorization process corresponding to the data authorization request.

Optionally, the specific manner of creating the dedicated communication channel bound to the data authorization request by the channel creation module includes:

determining the data quantity of communication data corresponding to the communication process; the communication data comprises at least one of a data authorization request, a data authorization result, an authorization record and encrypted authorization data;

determining the data uploading success rate of at least one object corresponding to the communication process; the success rate of data transmission is the success rate of an object transmitting data to another object in a historical time period;

judging whether the data uploading success rate is smaller than a preset success rate threshold value, if so, multiplying the number of the first communication channels by a first proportion to obtain the number of the second communication channels; the first ratio is greater than 1; the first ratio is inversely proportional to the data upload success rate;

for the communication process, a dedicated communication channel is established having a number of channels equal to the number of second communication channels.

a third sending module 312, configured to determine, after the obtaining module 307, whether the second account node completely obtains the target authorization data;

Optionally, the method for determining whether the second account node completely acquires the target authorization data by using the second account node may include:

Therefore, the system described by the embodiment of the invention can complete the closed loop of the whole authorization process by updating the authorization completion information to the authorization record on the chain, thereby being beneficial to other nodes to accurately acquire the completion progress of the authorization process, ensuring the integrity of the authorization process, facilitating the authorized party to monitor whether the authorization process is completed in time and being beneficial to improving the flexibility and the universality of the scheme.

Example IV

Referring to fig. 5, fig. 5 is a schematic diagram of another block chain-based intellectual property rights granting device according to an embodiment of the present invention. As shown in fig. 5, the blockchain-based intellectual property rights granting system may include:

a memory 401 storing executable program codes;

a processor 402 coupled with the memory 401;

processor 402 invokes executable program code stored in memory 401 to perform some or all of the steps in the blockchain-based intellectual property authorization method disclosed in either embodiment one or embodiment two of the present invention.

Example five

The embodiment of the invention discloses a computer storage medium which stores computer instructions for executing the steps in the blockchain-based intellectual property rights granting method disclosed in the first or second embodiment of the invention when the computer instructions are called.

The system embodiments described above are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.

It should be noted that the computer program code required for operation of portions of the present description may be written in any one or more programming languages, including an object oriented programming language such as Java, scala, smalltalk, eiffel, JADE, emerald, C ++, c#, VB NET, python, etc., a conventional programming language such as C language, visual Basic, fortran2003, perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, ruby and Groovy, or other programming languages. The program code may run entirely on the computer (PC, embedded smart device, etc.), on the user's computer as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any form of network, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or the use of services such as software as a service (SaaS) in a cloud computing environment.

Finally, it should be noted that: the embodiment of the invention discloses a block chain-based intellectual property right authorization method and system, which are disclosed by the embodiment of the invention only for illustrating the technical scheme of the invention, but not limiting the technical scheme; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims

1. A blockchain-based intellectual property rights granting method, the method being applied to a federated blockchain, the method comprising: the method comprises the steps that a first account node sends a data authorization request to a second account node and receives a data authorization result corresponding to the data authorization request returned by the second account node; the data authorization request comprises an authorization data identifier; the first account node judges whether the data authorization result meets a preset requirement or not; when the first account node judges that the data authorization result meets the preset requirement, transmitting an authorization record corresponding to the authorization result to all consensus nodes of the alliance blockchain so that the alliance blockchain uplinks the authorization record; the second account node judges whether the authorization record is uplink or not, encrypts target authorization data corresponding to the authorization data identifier when the judgment result is yes, and uploads the encrypted authorization data to the cloud; the first account node judges whether the encryption authorization data is stored in the cloud end, and when the judgment result is yes, an acquisition request is sent to the cloud end to acquire the encryption authorization data;

Before the first account node sends the data authorization request to the second account node, the method further comprises:

creating a first asymmetric key by a first account, wherein the first asymmetric key comprises a first private key and a first public key; when the alliance block link receives a first node creation request sent by the first account, creating a first account node corresponding to the first account, and binding the first public key; creating a second asymmetric key by the second account, wherein the second asymmetric key comprises a second private key and a second public key; when the alliance block link receives a second node creation request sent by the second account, creating a second account node corresponding to the second account, and binding the second public key;

the encrypting the target authorization data corresponding to the authorization data identifier comprises the following steps:

the second account node calculates target Hash information of target authorization data corresponding to the authorization data identifier; the second account node encrypts the target authorization data by using the second public key to obtain encrypted authorization data corresponding to the target authorization data; or when the second account node stores the first public key, encrypting the target authorization data by using the first public key to obtain encrypted authorization data corresponding to the target authorization data;

the second account node uploads encrypted information to a cloud end, wherein the encrypted information comprises the encrypted authorization data and identification information corresponding to the encrypted authorization data, and the identification information corresponding to the encrypted authorization data is the target Hash information;

after the sending an acquisition request to the cloud end to acquire the encrypted authorization data, the method further includes:

when the encryption key of the encryption authorization data acquired by the first account node is the second public key and the second public key is stored in the first account node, analyzing the encryption authorization data by using the second public key to acquire target authorization data in the encryption authorization data;

after encrypting the target authorization data corresponding to the authorization data identifier, the method further comprises:

The second account node writes target Hash information of the target authorization data into the alliance blockchain so that the target Hash information is uplink;

when the judgment result is yes, the first account node determines that the encryption authorization data is stored in the cloud;

the first account node judging whether the data authorization result meets a preset requirement or not, comprising:

2. The blockchain-based intellectual property authorization method of claim 1, further comprising:

determining the data uploading success rate of at least one object corresponding to the communication process; the data uploading success rate is the success rate of the object transmitting data to another object in a historical time period;

3. The blockchain-based intellectual property authorization method of claim 2, wherein after the sending the acquisition request to the cloud to acquire the encrypted authorization data, the method further comprises: