CN115048672A - Data auditing method and device based on block chain, processor and electronic equipment - Google Patents

Data auditing method and device based on block chain, processor and electronic equipment Download PDF

Info

Publication number
CN115048672A
CN115048672A CN202210682657.5A CN202210682657A CN115048672A CN 115048672 A CN115048672 A CN 115048672A CN 202210682657 A CN202210682657 A CN 202210682657A CN 115048672 A CN115048672 A CN 115048672A
Authority
CN
China
Prior art keywords
target
authority
data information
target user
auditing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210682657.5A
Other languages
Chinese (zh)
Inventor
罗伟彬
刘朝伟
夏琼
吴业骏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210682657.5A priority Critical patent/CN115048672A/en
Publication of CN115048672A publication Critical patent/CN115048672A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a data auditing method and device based on a block chain, a processor and electronic equipment, and relates to the field of block chains. The method comprises the following steps: acquiring a transaction request of a target user for block chain data auditing; according to the transaction request, calling a target intelligent contract of the block chain node to obtain target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through the target authority secret key of the target user to obtain the data information corresponding to the target user; and performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result. Through the application, the problem that the accuracy of data auditing is low due to the fact that the auditing skill mastered by an auditor is mainly relied on when data are audited in the related technology is solved.

Description

Data auditing method and device based on block chain, processor and electronic equipment
Technical Field
The application relates to the technical field of block chains, in particular to a data auditing method and device based on a block chain, a processor and electronic equipment.
Background
At present, the blockchain technology is continuously created, the blockchain industry is initially formed, and the blockchain technology is quickly applied to the fields of supply chain finance, credit investigation, product traceability, copyright transaction, digital identity, electronic evidence and the like, and is becoming an important force for promoting an economic system to realize technology change, organization change and efficiency change. At present, the work of the related block chain audit business also needs to depend on a traditional IT audit mode, and as a block chain business scene relates to the sharing and data association of business data of a plurality of organizations, an independent audit department or a third-party audit organization needs to visit and review records in information systems of different organizations, auditors and internal personnel of enterprises need to communicate in a large quantity, and the completion degree of the audit depends on the audit skills mastered by the auditors, so that the problems of low audit efficiency, strong audit subjectivity and the like exist.
Aiming at the problem that the accuracy of data auditing is low due to the fact that auditing skills mastered by auditors are mainly relied on when data are audited in the related technology, an effective solution is not provided at present.
Disclosure of Invention
The application mainly aims to provide a data auditing method and device based on a block chain, a processor and electronic equipment, so that the problem that the accuracy of data auditing is low due to the fact that data auditing is mainly dependent on auditing skills mastered by auditors when data are audited in the related technology is solved.
In order to achieve the above object, according to one aspect of the present application, a data auditing method based on a blockchain is provided. The method comprises the following steps: acquiring a transaction request for auditing the blockchain data by a target user, wherein the transaction request at least comprises: authority information of the target user; calling a target intelligent contract of a block chain node according to the transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes; and performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
Further, before invoking a target intelligent contract of a blockchain node to obtain target data information according to the transaction request, the method further comprises: obtaining an auditing rule of the target data information and an auditing step of the target data information; converting the audit rules and the audit steps into the target intelligent contract; and embedding the target intelligent contract into the block chain node.
Further, before invoking a target intelligent contract of a blockchain node to obtain target data information according to the transaction request, the method further comprises: and generating the public key and the master key through the block chain node according to a randomness algorithm.
Further, according to the transaction request, invoking a target intelligent contract of the blockchain node to obtain target data information includes: acquiring initial data information from the block chain node through the target intelligent contract according to the transaction request; acquiring an access authority policy tree of the target data information; and encrypting the initial data information through the public key and the access authority strategy tree according to the randomness algorithm to obtain the target data information.
Further, determining whether the target user has the decryption right on the target data information according to the right information of the target user and the access right policy tree comprises: acquiring a prime number domain, a prime number mapping table and an authority mapping table of the target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs of multiple users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority; obtaining an authority set of the access authority policy tree by accessing leaf nodes of the access authority policy tree; and determining whether the target user has the decryption authority for the target data information according to the prime number domain, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
Further, the transaction request further includes: determining, by the target identity ID of the target user, whether the target user has a decryption right to the target data information according to the prime number field, the prime number mapping table, the right mapping table of the target user, and the right set of the access right policy tree includes: if the authority set of the access authority policy tree is in the range of the authority information of the target user, acquiring a first target numerical value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table; acquiring a target prime number from the prime number mapping table according to the target identity ID of the target user, and performing modulo processing on the first target value and the target prime number to determine whether each authority in the authority set of the access authority policy tree is valid; and if each authority in the authority set of the access authority policy tree is effective, the target user is indicated to have the decryption authority for the target data information.
Further, modulo the first target value and the target prime number to determine whether each right in the set of rights of the access rights policy tree is valid comprises: performing modulus processing on the first target numerical value and the target prime number to obtain a calculation result; and if the calculation result is not a preset value, the authority corresponding to the first target value is valid.
Further, if the target user has a decryption right for the target data information, decrypting the target data information by using a target right key of the target user, and obtaining the data information corresponding to the target user includes: generating the target authority key through the block link points according to the public key, the master key and the authority information of the target user; and according to the target authority secret key and the public key, decrypting the target data information through a deterministic algorithm to obtain data information corresponding to the target user.
Further, the associating and cross-verifying the data information corresponding to the target user through the target intelligent contract to obtain the auditing result includes: based on the Merkel tree of the block chain nodes, organizing and associating the data information corresponding to the target user through a zero-knowledge proof algorithm to obtain processed data information; performing cross validation on the processed data information to obtain a validation result; calculating the processed data information through the target intelligent contract to obtain a calculation result; and obtaining the auditing result according to the verifying result and the calculating result.
In order to achieve the above object, according to another aspect of the present application, there is provided a data auditing apparatus based on a blockchain. The device comprises: the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a transaction request for auditing block chain data by a target user, and the transaction request at least comprises: authority information of the target user; a calling unit, configured to call a target intelligent contract of a block link node according to the transaction request to obtain target data information, where the target intelligent contract is obtained by an audit rule and an audit step of the target data information, and the target data information is data information encrypted by a public key and an access authority policy tree of the target data information; a determining unit, configured to determine whether the target user has a decryption right for the target data information according to the right information of the target user and the access right policy tree; the decryption unit is used for decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user if the target user has decryption authority on the target data information, wherein the target authority key is generated through block chain link points; and the auditing unit is used for carrying out association and cross validation on the data information corresponding to the target user through the target intelligent contract so as to obtain an auditing result.
Further, the apparatus further comprises: a second obtaining unit, configured to obtain an auditing rule of the target data information and an auditing step of the target data information before calling a target intelligent contract of a block link node to obtain the target data information according to the transaction request; the conversion unit is used for converting the auditing rule and the auditing step into the target intelligent contract; and the processing unit is used for internally arranging the target intelligent contract in the block chain node.
Further, the apparatus further comprises: and the generating unit is used for generating the public key and the master key through the block chain node according to a randomness algorithm before calling the target intelligent contract of the block chain node according to the transaction request to obtain the target data information.
Further, the calling unit includes: the first acquisition subunit is used for acquiring initial data information from the block chain node through the target intelligent contract according to the transaction request; the second acquisition subunit is used for acquiring the access authority policy tree of the target data information; and the encryption subunit is used for encrypting the initial data information through the public key and the access authority policy tree according to the randomness algorithm to obtain the target data information.
Further, the determining unit includes: a third obtaining subunit, configured to obtain a prime number field, a prime number mapping table, and an authority mapping table of the target user, where the prime number field is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs of multiple users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used to determine validity of each authority; the access subunit is used for obtaining the authority set of the access authority policy tree by accessing the leaf nodes of the access authority policy tree; and the first determining subunit is configured to determine whether the target user has a decryption right for the target data information according to the prime number field, the prime number mapping table, the right mapping table of the target user, and the right set of the access right policy tree.
Further, the transaction request further includes: the target identity, ID, of the target user, the determining subunit comprising: a first obtaining module, configured to obtain, from the permission mapping table, a first target value corresponding to each permission in the permission set of the access permission policy tree if the permission set of the access permission policy tree is within the range of the permission information of the target user; a second obtaining module, configured to obtain a target prime number from the prime number mapping table according to the target identity ID of the target user, and perform modulo processing on the first target value and the target prime number to determine whether each right in the right set of the access right policy tree is valid; and the determining module is used for indicating that the target user has the decryption authority for the target data information if each authority in the authority set of the access authority policy tree is valid.
Further, the second obtaining module includes: the calculation submodule is used for carrying out modulus processing on the first target numerical value and the target prime number to obtain a calculation result; and the determining submodule is used for indicating that the authority corresponding to the first target value is valid if the calculation result is not the preset value.
Further, the decryption unit includes: the generation subunit is configured to generate the target authority key through the block link point according to the public key, the master key, and the authority information of the target user; and the decryption subunit is used for decrypting the target data information through a deterministic algorithm according to the target authority secret key and the public key to obtain the data information corresponding to the target user.
Further, the audit unit includes: the association subunit is configured to organize and associate, by using a zero-knowledge proof algorithm, the data information corresponding to the target user based on the merkel tree of the block chain node, so as to obtain processed data information; the verification subunit is used for performing cross verification on the processed data information to obtain a verification result; the calculating subunit is used for calculating the processed data information through the target intelligent contract to obtain a calculation result; and the second determining subunit is used for obtaining the auditing result according to the verification result and the calculation result.
In order to achieve the above object, according to an aspect of the present application, there is provided a processor configured to execute a program, where the program executes to perform any one of the above block chain-based data auditing methods.
To achieve the above object, according to one aspect of the present application, there is provided an electronic device, which includes one or more processors and a memory, where the memory is used for storing the one or more processors to implement the block chain based data auditing method according to any one of the above.
Through the application, the following steps are adopted: acquiring a transaction request of a target user for block chain data auditing, wherein the transaction request at least comprises the following steps: authority information of the target user; calling a target intelligent contract of a block chain node according to a transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes; the data information corresponding to the target user is correlated and cross-verified through the target intelligent contract to obtain an auditing result, and the problem that the accuracy of data auditing is low due to the fact that data auditing is mainly dependent on auditing skills mastered by auditors when data is audited in the related technology is solved. The decryption authority of the target user is determined through the authority information of the target user and the access authority policy tree, the data information corresponding to the target user is obtained through decryption of the target authority secret key of the target user, and then the obtained data information is audited through the target intelligent contract to obtain an auditing result.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
FIG. 1 is a flow chart of a block chain based data auditing method provided according to an embodiment of the present application;
FIG. 2 is a flowchart of an alternative block chain based data auditing method provided in accordance with an embodiment of the present application;
FIG. 3 is a schematic diagram of a block chain-based data auditing apparatus provided according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a block chain based data auditing system provided according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an administration console 2 provided in accordance with an embodiment of the present application;
FIG. 6 is a schematic diagram of an audit node 3 provided according to an embodiment of the present application;
fig. 7 is a schematic diagram of a consensus accounting node 4 provided according to an embodiment of the present application;
FIG. 8 is an interaction diagram of auditing intelligent contracts 5 provided according to an embodiment of the present application;
fig. 9 is a schematic diagram of an electronic device provided according to an embodiment of the application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions of the present application better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the accompanying drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data that are authorized by the user or sufficiently authorized by various parties. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
The present invention is described below with reference to preferred implementation steps, and fig. 1 is a flowchart of a block chain-based data auditing method provided in an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
step S101, a transaction request of a target user for block chain data auditing is obtained, wherein the transaction request at least comprises: and the authority information of the target user.
And step S102, calling a target intelligent contract of the block link node according to the transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information.
And step S103, determining whether the target user has the decryption authority for the target data information according to the authority information of the target user and the access authority policy tree.
And step S104, if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain the data information corresponding to the target user, wherein the target authority key is generated through the block chain nodes.
And S105, performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
Specifically, the target user needs to perform auditing work, the target user accesses and initiates a user certificate and a key of a transaction through a block chain, block chain authority authentication is performed at a block chain link point to obtain an access certificate, an auditing request (namely the transaction request) is initiated to an auditing node through the access certificate, and the transaction request needs to include authority information of the target user.
And calling a target intelligent contract in the block chain intelligent contract according to the transaction request to acquire target data information. The target intelligent contract can accurately acquire data information needing auditing from the block chain, and for the safety of the data information, the target data information is encrypted through a public key and an access authority strategy tree of the target data information.
After the target data information is obtained, whether the target user has the decryption authority is determined through the access authority strategy tree of the target data information and the authority information of the target user, and after the target user is determined to have the decryption authority of the target data information, the target data information is decrypted through the target authority key of the target user to obtain the data information aiming at the target user, wherein the target authority key is obtained through the authority information of the target user. And then the data information is stored in a sandbox of the audit node, and the data in the sandbox can not leave the audit node. Here, obtaining the data information for the target user means that the decryption degrees of different users are different when performing decryption, that is, the decrypted data obtained by different users are different. The target data information is subjected to encryption access control with granularity which can be refined to the authority level, and the data security is further improved.
After the data information corresponding to the target user is obtained, a zero-knowledge proof algorithm is used in the target intelligent contract to perform association and cross validation of different attribute fields on the data information, for example, by taking enterprise financing information as an example, through the relation of order + invoice validation and audit contract, the relation of invoice + logistics validation and audit transaction authenticity, and the relation of order + financing validation and audit whether financing is repeated or not. And synchronously performing multi-party collaborative calculation in the target intelligent contract by adopting a plug-in hot loading mode to finally obtain an audit result.
In summary, the decryption authority of the target user is determined through the authority information of the target user and the access authority policy tree, the data information corresponding to the target user is obtained through decryption of the target authority key of the target user, and then the obtained data information is audited through the target intelligent contract to obtain the auditing result.
The target intelligent contract is crucial to the data auditing method based on the block chain provided by the embodiment of the application, so that the target intelligent contract is obtained by adopting the following method in the data auditing method based on the block chain provided by the embodiment of the application: obtaining an auditing rule of the target data information and an auditing step of the target data information; converting the auditing rule and the auditing step into a target intelligent contract; and the target intelligent contract is built in the block chain node.
Specifically, the auditing rule and the auditing step of the target data information are converted into intelligent contract codes (namely the target intelligent contract) on the block chain, and the intelligent contract codes are built into the system intelligent contract of the block chain, so that the full life cycle management of the target intelligent contract is realized through the system intelligent contract. The steps ensure that the data information can be acquired and accurately audited through the target intelligent contract.
Since the target data information is data information encrypted by a public key and an access authority policy tree, in the block chain-based data auditing method provided by the embodiment of the application, the following technical means are adopted to obtain the public key and the target data information encrypted by the public key and the access authority policy tree: and generating a public key and a master key through the block chain nodes according to a random algorithm. Acquiring initial data information from the block chain node through a target intelligent contract according to the transaction request; acquiring an access authority policy tree of target data information; and encrypting the initial data information through a public key and an access authority strategy tree according to a randomness algorithm to obtain target data information.
Specifically, a public key PK and a master key MK are generated on the block chain node through a randomness algorithm, wherein the public key PK and the master key MK are coded by X509 and are attached with attribute information of an organization, such as user GID of the organization, and the like, so that the public key PK and the master key MK can be stored in the account book data of the block chain accounting node through a target intelligent contract in the following process.
The method comprises the steps of firstly, acquiring initial data information from a blockchain node through a target intelligent contract according to a transaction request. And then obtaining an access authority strategy tree of the target data information. The data owner defines the strategy for accessing the target data information, the attribute set (namely the authority information) is associated with the access resource, and the data user can access the target data information according to the authorized authority information. The data owner can decide which authority information the person who owns can access the target data information by setting policy, which is equivalent to the encryption access control of the target data information with granularity which can be refined to attribute level. And finally, encrypting the initial data information by using a public key and an access authority strategy tree through a randomness algorithm to obtain target data information.
Through the steps, the encryption access control of the target data information on the block chain can be refined to the attribute level by one granularity, and the auditing personnel can determine the operation authority of the target data information only by providing the authority information, so that the auditing efficiency is greatly improved.
How to determine whether the target user has the decryption right to the target data information according to the right information of the target user and the access right policy tree is very important, so the block chain-based data auditing method provided by the embodiment of the application adopts the following steps to process so as to determine whether the target user has the decryption right to the target data information: acquiring a prime number domain, a prime number mapping table and an authority mapping table of a target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs (identities) of a plurality of users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority; obtaining an authority set of the access authority policy tree by accessing leaf nodes of the access authority policy tree; and determining whether the target user has the decryption authority for the target data information according to the prime number field, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
If the authority set of the access authority policy tree is in the range of the authority information of the target user, acquiring a first target value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table; acquiring a target prime number from a prime number mapping table according to a target Identity (ID) of a target user, and performing modulo processing on a first target value and the target prime number to determine whether each authority in an authority set of an access authority policy tree is effective; and if each authority in the authority set of the access authority policy tree is effective, the target user has the decryption authority for the target data information. Modulo the first target value and the target prime number to determine whether each right in the set of rights to access the rights policy tree is valid comprises: performing modulus processing on the first target numerical value and the target prime number to obtain a calculation result; if the calculation result is not the preset value, the authority corresponding to the first target value is valid.
Specifically, a block chain generation element number field is used, the prime number field is composed of a plurality of 256-bit (namely the preset number) prime numbers, a prime number prime is applied for a target user in the prime number field, the prime numbers prime in the prime number field are deleted, it is ensured that prime numbers acquired by different users are different, and then a target identity ID of the target user and the corresponding prime number prime are stored in a prime number mapping table. And then calculating a corresponding numerical value for each authority of the target user by using the prime number prime, and storing the authority and the corresponding numerical value in an authority mapping table. Whether the authority is valid can be determined through the value corresponding to each authority.
Therefore, whether the target user has the decryption authority on the target data information or not is determined through the prime number field, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority strategy tree.
And (3) accessing leaf nodes of the policy tree, wherein i is att (x), x represents the leaf nodes of the access authority policy tree, and a function att (x) returns the authority corresponding to the leaf node x. And obtaining a permission set corresponding to the access policy tree by using i-att (x). And judging whether the authority information of the target user contains an authority set corresponding to the access policy tree, and if the authority information of the target user contains the authority set corresponding to the access policy tree, obtaining a first target value corresponding to each authority in the authority set of the access policy tree from the authority mapping table of the target user. And obtaining the prime number prime of the target user from the prime number mapping table, then carrying out modulus processing on the first target value and the prime number prime of the target user to obtain a calculation result, and if the calculation result is not 0 (namely the preset value), indicating that the authority is valid. The method is adopted to confirm each authority in the authority set of the access authority policy tree, and if each authority in the authority set of the access authority policy tree is valid, the target user is indicated to have decryption authority on the target data information.
In an alternative embodiment, the user's rights may be revoked on the blockchain node. The method specifically comprises the following steps: and determining target authority (att) to be revoked of the target user and a numerical value (list) corresponding to the target authority. And obtaining a corresponding prime number prime from the prime number mapping table through the target identity ID of the target user. And calculating list ', namely list multiplied by prime, taking list' as the latest value of the target authority (att), and updating the latest value into the authority mapping table.
In an alternative embodiment, the user's rights may be restored on the blockchain node. The method specifically comprises the following steps: and determining target authority (att) to be revoked of the target user and a numerical value (list) corresponding to the target authority. And obtaining a corresponding prime number prime from the prime number mapping table through the target identity ID of the target user, calculating list ═ list ÷ prime, taking list' as the latest value of the target authority (att), and updating the latest value into the authority mapping table.
Through the steps, the acquisition of each authority needs to be authorized, the safety of data on the block chain is guaranteed, and the phenomenon that high-value data assets are lost can be effectively avoided.
When decryption is performed, the decryption degrees of different users are different, that is, the decrypted data obtained by different users are different. This is because the decryption is performed by the target authority key of the target user, and specifically includes the following steps: generating a target authority key through the block chain nodes according to the public key, the master key and the authority information of the target user; and according to the target authority secret key and the public key, decrypting the target data information through a deterministic algorithm to obtain the data information corresponding to the target user.
Specifically, a target authority key associated with the authority information is generated for the target user according to the public key, the master key and the authority information submitted by the target user. And decrypting the target data information by using the target authority secret key and the public key through a deterministic algorithm to obtain the data information corresponding to the target user. Because the authority information is different, the target authority key of each user is different, and further, the decrypted data information is also different. Such a manner further ensures the security of high-value data.
The auditing of the data information is an important content of the application, and in the block chain-based data auditing method provided by the embodiment of the application, the following steps are adopted to audit the data information to obtain an auditing result: organizing and associating data information corresponding to a target user through a zero-knowledge proof algorithm based on a Merkel tree of a block chain node to obtain processed data information; performing cross validation on the processed data information to obtain a validation result; calculating the processed data information through the target intelligent contract to obtain a calculation result; and obtaining an auditing result according to the verification result and the calculation result.
Specifically, after the data information corresponding to the target user is obtained, a zero-knowledge proof algorithm is used in the target intelligent contract to perform association and cross validation of different attribute fields on the data information based on the merkel tree, for example, taking enterprise financing information as an example, the contract relationship is validated and audited through "order + invoice", "invoice + logistics" validation and audit transaction authenticity ", and" order + financing "validation and audit are performed to determine whether financing is repeated. And synchronously performing multi-party collaborative calculation in the target intelligent contract by adopting a plug-in hot loading mode to finally obtain an audit result.
After the data information is obtained, automatic auditing is carried out through the target intelligent contract, the auditing skill mastered by an auditor is not required to be relied on, and the auditing efficiency and accuracy are improved.
And after the audit result is obtained, chaining the audit result by a target intelligent contract to store the common identification certificate, and taking a third-party audit organization as a participant of the alliance chain to obtain the audit result information recorded by the block chain and publicizing the audit result information through a formal channel.
In an alternative embodiment, as shown in fig. 2, a flow chart of an alternative blockchain-based data auditing method is provided. The detailed process is as follows:
t201, user equipment acquires a user certificate and a secret key for accessing a block chain and initiating a transaction;
t202, performing block chain authority authentication by adjusting block chain nodes to obtain an access certificate, wherein the access certificate is used for accessing storage resources and storing data assets;
after the user side acquires the certificate through user authority authentication, the T203 user side initiates an audit request to an audit node, and the request carries the authority information of the user and the certificate information returned through block chain node authentication;
t204 calls a target intelligent contract in the block chain intelligent contract and acquires target data information through the target intelligent contract.
And T205, determining the decryption authority of the user to the target data information according to the authority information of the user. And decrypting the data information through the authority secret key and the public key of the user to obtain the data information corresponding to the user, wherein the data information is stored in a sandbox of the audit node, and the data information in the sandbox cannot leave the audit node.
T206 uses zero knowledge proof algorithm to carry out association and cross validation of different attribute fields on data information in the target intelligent contract, judges whether the data information is in compliance or not by combining the auditing rule of the target intelligent contract, synchronously carries out multi-party collaborative calculation in the target intelligent contract by adopting a plug-in hot loading mode to obtain an auditing result, and then links the auditing result to a chain common identification proof through the target intelligent contract.
And T207, taking the third-party audit organization as a participant of the alliance chain to obtain audit result information of the block chain record, and disclosing the audit result information through a formal channel.
According to the data auditing method based on the blockchain, provided by the embodiment of the application, the transaction request of the target user for the blockchain data auditing is obtained, wherein the transaction request at least comprises the following steps: authority information of the target user; calling a target intelligent contract of a block chain node according to a transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes; the data information corresponding to the target user is correlated and cross-verified through the target intelligent contract to obtain an auditing result, and the problem that the accuracy of data auditing is low due to the fact that data auditing is mainly dependent on auditing skills mastered by auditors when data is audited in the related technology is solved. The decryption authority of the target user is determined through the authority information of the target user and the access authority policy tree, the data information corresponding to the target user is obtained through decryption of the target authority secret key of the target user, and then the obtained data information is audited through the target intelligent contract to obtain an auditing result.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than here.
The embodiment of the present application further provides a data auditing apparatus based on a block chain, and it should be noted that the data auditing apparatus based on a block chain according to the embodiment of the present application may be used to execute the data auditing method based on a block chain provided in the embodiment of the present application. The block chain-based data auditing device provided by the embodiment of the application is introduced below.
Fig. 3 is a schematic diagram of a data auditing apparatus based on a blockchain according to an embodiment of the present application. As shown in fig. 3, the apparatus includes: a first acquisition unit 301, a call unit 302, a determination unit 303, a decryption unit 304 and an auditing unit 305.
A first obtaining unit 301, configured to obtain a transaction request for block chain data auditing by a target user, where the transaction request at least includes: authority information of the target user;
a calling unit 302, configured to call a target intelligent contract of a block link node according to a transaction request to obtain target data information, where the target intelligent contract is obtained by an audit rule and an audit step of the target data information, and the target data information is data information encrypted by a public key and an access authority policy tree of the target data information;
a determining unit 303, configured to determine whether the target user has a decryption right for the target data information according to the right information of the target user and the access right policy tree;
the decryption unit 304 is configured to decrypt the target data information through a target authority key of the target user to obtain data information corresponding to the target user if the target user has a decryption authority for the target data information, where the target authority key is generated through block link points;
and the auditing unit 305 is configured to perform association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
The data auditing device based on the blockchain provided by the embodiment of the application acquires a transaction request for block chain data auditing by a target user through a first acquisition unit 301, wherein the transaction request at least comprises: authority information of the target user; the calling unit 302 calls a target intelligent contract of the block link node according to the transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information; the determining unit 303 determines whether the target user has a decryption right to the target data information according to the right information of the target user and the access right policy tree; if the target user has the decryption authority for the target data information, the decryption unit 304 decrypts the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block link points; the auditing unit 305 performs association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result, and solves the problem that the accuracy of data auditing is low due to the fact that the auditing skill mastered by an auditor is mainly relied on when data is audited in the related technology. The decryption authority of the target user is determined through the authority information of the target user and the access authority policy tree, the data information corresponding to the target user is obtained through decryption of the target authority secret key of the target user, and then the obtained data information is audited through the target intelligent contract to obtain an auditing result.
Optionally, in the data auditing apparatus based on a blockchain provided in the embodiment of the present application, the apparatus further includes: the second acquisition unit is used for acquiring an auditing rule of the target data information and an auditing step of the target data information before calling a target intelligent contract of the block link node to obtain the target data information according to the transaction request; the conversion unit is used for converting the auditing rule and the auditing step into a target intelligent contract; and the processing unit is used for internally arranging the target intelligent contract in the block chain node.
Optionally, in the data auditing apparatus based on a blockchain provided in the embodiment of the present application, the apparatus further includes: and the generating unit is used for generating a public key and a master key through the block chain nodes according to a random algorithm before calling the target intelligent contract of the block chain nodes to obtain the target data information according to the transaction request.
Optionally, in the data auditing apparatus based on the blockchain provided in this embodiment of the present application, the invoking unit 302 includes: the first acquisition subunit is used for acquiring initial data information from the block chain node through a target intelligent contract according to the transaction request; the second acquisition subunit is used for acquiring an access authority policy tree of the target data information; and the encryption subunit is used for encrypting the initial data information through the public key and the access authority policy tree according to a randomness algorithm to obtain target data information.
Optionally, in the data auditing apparatus based on a block chain provided in this embodiment of the present application, the determining unit 303 includes: the third acquiring subunit is used for acquiring a prime number domain, a prime number mapping table and an authority mapping table of a target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs (identity IDs) of a plurality of users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority; the access subunit is used for obtaining an authority set of the access authority policy tree by accessing leaf nodes of the access authority policy tree; and the first determining subunit is used for determining whether the target user has the decryption authority for the target data information according to the prime number field, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
Optionally, in the data auditing apparatus based on the blockchain provided in the embodiment of the present application, the transaction request further includes: the target identity, ID, of the target user, the determining subunit comprising: the first acquisition module is used for acquiring a first target value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table if the authority set of the access authority policy tree is in the authority information range of the target user; the second acquisition module is used for acquiring a target prime number from the prime number mapping table according to the target identity ID of the target user, and performing modulo processing on the first target value and the target prime number to determine whether each authority in the authority set of the access authority policy tree is valid; and the determining module is used for indicating that the target user has the decryption authority for the target data information if each authority in the authority set of the access authority policy tree is effective.
Optionally, in the data auditing apparatus based on a blockchain provided in the embodiment of the present application, the second obtaining module includes: the calculation submodule is used for carrying out modulus processing on the first target numerical value and the target prime number to obtain a calculation result; and the determining submodule is used for indicating that the authority corresponding to the first target value is valid if the calculation result is not the preset value.
Optionally, in the data auditing apparatus based on the blockchain provided in this embodiment of the present application, the decryption unit 304 includes: the generation subunit is used for generating a target authority key through the block link points according to the public key, the master key and the authority information of the target user; and the decryption subunit is used for decrypting the target data information through a deterministic algorithm according to the target authority secret key and the public key to obtain the data information corresponding to the target user.
Optionally, in the data auditing apparatus based on a blockchain provided in this embodiment of the present application, the auditing unit 305 includes: the association subunit is used for organizing and associating the data information corresponding to the target user through a zero-knowledge proof algorithm based on the Merkel tree of the block chain node to obtain the processed data information; the verification subunit is used for performing cross verification on the processed data information to obtain a verification result; the calculating subunit is used for calculating the processed data information through the target intelligent contract to obtain a calculation result; and the second determining subunit is used for obtaining an auditing result according to the verification result and the calculation result.
The data auditing device based on the block chain comprises a processor and a memory, wherein the first acquiring unit 301, the calling unit 302, the determining unit 303, the decrypting unit 304, the auditing unit 305 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can set one or more than one, and auditing work of the block chain data is realized by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
As shown in fig. 4, a data auditing system based on a block chain is provided according to an embodiment of the present application. The system comprises a user side 1, a management console 2, an auditing node 3, a consensus accounting node 4 and an auditing contract 5.
The user side 1 comprises various terminals held by a user, including a PC terminal, a mobile terminal, edge equipment, a cloud server and the like, and performs multi-party management of the block chain audit network through the audit console 2.
The management console 2 is an interactive management platform supporting management of the blockchain consensus nodes and storage nodes in the blockchain decentralized scenario.
And the auditing node 3 is a decentralized multi-party auditing system based on a block chain. The system is a decentralized peer-to-peer distributed block chain auditing system, supports the consensus of multiple parties, and provides safe and credible multi-party data sharing and circulation based on attribute encryption and zero knowledge certification.
The consensus bookkeeping node 4 is a block chain alliance chain network with the characteristics of multi-party efficient consensus, a strong security contract engine, reliable privacy protection, cross-chain interconnection and intercommunication and the like, can support other open-source main flows, provide alliance chains and public chains such as programmable intelligent contract and the like, is used for providing multi-party data circulation and management of data asset identification, provides basic access authorization and authentication, supports different business scenes of different organizations to perform physical and logical isolation of the data asset, and ensures the safety and credibility of data.
The intelligent contract 5 (i.e. the above-mentioned target intelligent contract) is audited, the core of the blockchain network is realized, so that the decentralized (distributed) blockchain system has programmability, the intelligent contract defines rules among different organizations in executable code, and is also a computer protocol aiming at propagating verification or executing contracts in an information-based mode, and transaction records are generated to the blockchain ledger through the intelligent contract, so that the transaction can be carried out without a third party, and the transaction can be tracked, cannot be tampered and cannot be reversed.
As shown in fig. 5, the management console 2 includes a service interface module 21, a core API module 22, an interworking module 22, a data service subsystem 24, a multiple hash subsystem 25, and a data routing subsystem 26.
As shown in fig. 6, the schematic diagram of the audit node 3, the processing request transceiver 31, the audit rule processing device 32, the full encryption security processing device 33 and the block chain processing device 34. And the processing request transceiver 31 is configured to receive a rule operation request of the audit rule processing device 32, a security processing request of the full encryption security processing module 33, and a data processing request of the audit data processing module 34.
The auditing rule processing device 32 realizes the regularization of auditing steps and contents, converts the auditing steps and contents into target intelligent contract codes to be built in the intelligent contracts of the block chain system, and realizes the full life cycle management of rules through the intelligent contracts of the system, and comprises a rule loading module 321, a rule query module 322, a rule updating module 323 and a rule unloading module 324.
The full encryption security processing device 33 includes a right authentication module 331, an attribute encryption module 332, an association verification module 333 and an authorization association module 334. The authority authentication module 331 implements an authentication system based on RBAC and ACL authority control and PKI foundation; the attribute encryption module 332 encrypts data and stores the data in a chain, so that privacy protection of the data can be realized, and a data owner specifies a policy for accessing target data information.
The association verification module 333 organizes and associates data information of different dimensions based on the merkel tree by using a zero knowledge proof algorithm in the system intelligent contract, and performs cross verification in the blockchain network, for example, by using enterprise financing information as an example, through an order + invoice verification and audit contract relationship, "invoice + logistics" verification and audit transaction authenticity, "order + financing" verification and audit whether financing is repeated.
The audit data processing device 34 includes a block link point calling module 341, an intelligent contract calling module 342, an attribute policy access module 343, and an external data batching module 344. The block link node calling module 341 is configured to query a state of a block link node, and the intelligent contract calling module 342 is configured to call a transaction logic interface implemented by an intelligent contract; the attribute policy access module 343 implements the call of the system intelligent contract and integrates in the block chain, and is used for the integrated deployment and configuration of the system intelligent contract at the node of the block chain; the external data batching module 344 enables correlation and analysis of the on-chain data and the external data.
As shown in fig. 7, the consensus accounting node 4 is a schematic diagram including a transaction request device 41, a certificate management module 42, a consensus accounting module 43 and a data storage device 44.
As shown in fig. 8, a schematic diagram of interaction of an audit intelligence contract 5 (i.e. the above-mentioned target intelligence contract) includes state data of block chain accounting node attributes, a business intelligence contract and a system intelligence contract, the business intelligence contract focuses on operation association of actual business data, and the system audit contract focuses on operation association of business intelligence contract key interface node data for interception and security encryption management, and at the same time, performs trusted interaction with an external audit system. The service intelligent contract realizes the interaction of the shared attribute set in the block chain alliance mechanism through the system intelligent contract, and ensures the safe encrypted storage and controllable data circulation of actual service data in the alliance chain.
The embodiment of the invention provides a processor, which is used for running a program, wherein a data auditing method based on a block chain is executed when the program runs.
As shown in fig. 9, an embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor executes the program to implement the following steps: acquiring a transaction request of a target user for block chain data auditing, wherein the transaction request at least comprises the following steps: authority information of the target user; calling a target intelligent contract of a block chain node according to a transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes; and performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
Optionally, before invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request, the method further includes: obtaining an auditing rule of the target data information and an auditing step of the target data information; converting the auditing rules and the auditing steps into a target intelligent contract; and the target intelligent contract is built in the block chain node.
Optionally, before invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request, the method further includes: and generating a public key and a master key through the block chain nodes according to a random algorithm.
Optionally, invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request includes: acquiring initial data information from the block chain node through a target intelligent contract according to the transaction request; acquiring an access authority strategy tree of target data information; and encrypting the initial data information through a public key and an access authority strategy tree according to a randomness algorithm to obtain target data information.
Optionally, determining whether the target user has the decryption right on the target data information according to the right information of the target user and the access right policy tree includes: acquiring a prime number domain, a prime number mapping table and an authority mapping table of a target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs (identities) of a plurality of users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority; obtaining an authority set of an access authority strategy tree by accessing leaf nodes of the access authority strategy tree; and determining whether the target user has the decryption authority for the target data information according to the prime number field, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
Optionally, the transaction request further includes: determining whether the target user has the decryption right to the target data information according to the prime number field, the prime number mapping table, the right mapping table of the target user and the right set of the access right policy tree by the target identity ID of the target user comprises: if the authority set of the access authority policy tree is in the range of the authority information of the target user, acquiring a first target value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table; acquiring a target prime number from a prime number mapping table according to a target Identity (ID) of a target user, and performing modulo processing on a first target value and the target prime number to determine whether each authority in an authority set of an access authority policy tree is effective; and if each authority in the authority set of the access authority policy tree is effective, the target user has the decryption authority for the target data information.
Optionally, performing a modulo process on the first target value and the target prime number to determine whether each right in the set of rights of the access rights policy tree is valid comprises: performing modulus processing on the first target numerical value and the target prime number to obtain a calculation result; if the calculation result is not the preset value, the authority corresponding to the first target value is valid.
Optionally, if the target user has a decryption right for the target data information, decrypting the target data information by using a target right key of the target user, and obtaining the data information corresponding to the target user includes: generating a target authority key through the block chain nodes according to the public key, the master key and the authority information of the target user; and according to the target authority secret key and the public key, decrypting the target data information through a deterministic algorithm to obtain the data information corresponding to the target user.
Optionally, the associating and cross-verifying the data information corresponding to the target user through the target intelligent contract to obtain the audit result includes: organizing and associating data information corresponding to a target user through a zero-knowledge proof algorithm based on a Meckel tree of a block chain node to obtain processed data information; performing cross validation on the processed data information to obtain a validation result; calculating the processed data information through the target intelligent contract to obtain a calculation result; and obtaining an auditing result according to the verification result and the calculation result.
The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: acquiring a transaction request of a target user for block chain data auditing, wherein the transaction request at least comprises the following steps: authority information of the target user; according to the transaction request, calling a target intelligent contract of the block link node to obtain target data information, wherein the target intelligent contract is obtained by auditing rules and steps of the target data information, and the target data information is data information encrypted by an access authority strategy tree of a public key and the target data information; determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority strategy tree; if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes; and performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
Optionally, before invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request, the method further includes: obtaining an auditing rule of the target data information and an auditing step of the target data information; converting the auditing rule and the auditing step into a target intelligent contract; and the target intelligent contract is built in the block chain node.
Optionally, before invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request, the method further comprises: and generating a public key and a master key through the block chain nodes according to a random algorithm.
Optionally, invoking the target intelligent contract of the blockchain node to obtain the target data information according to the transaction request includes: acquiring initial data information from the block chain node through a target intelligent contract according to the transaction request; acquiring an access authority policy tree of target data information; and encrypting the initial data information through a public key and an access authority strategy tree according to a randomness algorithm to obtain target data information.
Optionally, determining whether the target user has the decryption right on the target data information according to the right information of the target user and the access right policy tree includes: acquiring a prime number domain, a prime number mapping table and an authority mapping table of a target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs (identities) of a plurality of users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority; obtaining an authority set of the access authority policy tree by accessing leaf nodes of the access authority policy tree; and determining whether the target user has the decryption authority for the target data information according to the prime number field, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
Optionally, the transaction request further includes: determining whether the target user has the decryption right to the target data information according to the prime number field, the prime number mapping table, the right mapping table of the target user and the right set of the access right policy tree by the target identity ID of the target user comprises: if the authority set of the access authority policy tree is in the range of the authority information of the target user, acquiring a first target value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table; acquiring a target prime number from a prime number mapping table according to a target Identity (ID) of a target user, and performing modulo processing on a first target value and the target prime number to determine whether each authority in an authority set of an access authority policy tree is effective; and if each authority in the authority set of the access authority policy tree is effective, the target user has the decryption authority for the target data information.
Optionally, performing a modulo process on the first target value and the target prime number to determine whether each right in the set of rights of the access rights policy tree is valid comprises: performing modulus processing on the first target numerical value and the target prime number to obtain a calculation result; if the calculation result is not the preset value, the authority corresponding to the first target value is valid.
Optionally, if the target user has a decryption right for the target data information, decrypting the target data information by using a target right key of the target user, and obtaining the data information corresponding to the target user includes: generating a target authority key through the block chain nodes according to the public key, the master key and the authority information of the target user; and according to the target authority secret key and the public key, decrypting the target data information through a deterministic algorithm to obtain the data information corresponding to the target user.
Optionally, the associating and cross-verifying the data information corresponding to the target user through the target intelligent contract to obtain the audit result includes: organizing and associating data information corresponding to a target user through a zero-knowledge proof algorithm based on a Merkel tree of a block chain node to obtain processed data information; performing cross validation on the processed data information to obtain a validation result; calculating the processed data information through the target intelligent contract to obtain a calculation result; and obtaining an auditing result according to the verification result and the calculation result.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (12)

1. A data auditing method based on a block chain is characterized by comprising the following steps:
acquiring a transaction request for auditing the blockchain data by a target user, wherein the transaction request at least comprises: authority information of the target user;
calling a target intelligent contract of a block chain node according to the transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information;
determining whether the target user has decryption authority on the target data information or not according to the authority information of the target user and the access authority policy tree;
if the target user has the decryption authority for the target data information, decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user, wherein the target authority key is generated through block chain nodes;
and performing association and cross validation on the data information corresponding to the target user through the target intelligent contract to obtain an auditing result.
2. The method of claim 1, wherein prior to invoking a target intelligent contract for a blockchain node to obtain target data information in accordance with the transaction request, the method further comprises:
obtaining an auditing rule of the target data information and an auditing step of the target data information;
converting the audit rules and the audit steps into the target intelligent contract;
and embedding the target intelligent contract into the block chain node.
3. The method of claim 1, wherein prior to invoking a target intelligent contract for a blockchain node to obtain target data information in accordance with the transaction request, the method further comprises:
and generating the public key and the master key through the block chain node according to a randomness algorithm.
4. The method of claim 3, wherein invoking a target smart contract for a blockchain node to obtain target data information in accordance with the transaction request comprises:
acquiring initial data information from the block chain node through the target intelligent contract according to the transaction request;
acquiring an access authority policy tree of the target data information;
and encrypting the initial data information through the public key and the access authority strategy tree according to the randomness algorithm to obtain the target data information.
5. The method of claim 4, wherein determining whether the target user has decryption rights to the target data information according to the rights information of the target user and the access rights policy tree comprises:
acquiring a prime number domain, a prime number mapping table and an authority mapping table of the target user, wherein the prime number domain is composed of prime numbers with preset digits, the prime number mapping table is composed of identity IDs of multiple users and prime numbers corresponding to the identity IDs, the authority mapping table of the target user is composed of each authority in authority information of the target user and a numerical value corresponding to each authority, and the numerical value corresponding to each authority is used for determining the effectiveness of each authority;
obtaining an authority set of the access authority policy tree by accessing leaf nodes of the access authority policy tree;
and determining whether the target user has the decryption authority for the target data information according to the prime number domain, the prime number mapping table, the authority mapping table of the target user and the authority set of the access authority policy tree.
6. The method of claim 5, wherein the transaction request further comprises: determining, by the target identity ID of the target user, whether the target user has a decryption right for the target data information according to the prime number field, the prime number mapping table, the right mapping table of the target user, and the right set of the access right policy tree includes:
if the authority set of the access authority policy tree is in the range of the authority information of the target user, acquiring a first target numerical value corresponding to each authority in the authority set of the access authority policy tree from the authority mapping table;
acquiring a target prime number from the prime number mapping table according to the target identity ID of the target user, and performing modulo processing on the first target value and the target prime number to determine whether each authority in the authority set of the access authority policy tree is valid;
and if each authority in the authority set of the access authority policy tree is effective, the target user is indicated to have the decryption authority for the target data information.
7. The method of claim 6, wherein modulo the first target value and the target prime number to determine whether each right in the set of rights of the access rights policy tree is valid comprises:
performing modulus processing on the first target numerical value and the target prime number to obtain a calculation result;
and if the calculation result is not a preset value, the authority corresponding to the first target value is valid.
8. The method according to claim 6, wherein if the target user has a decryption right for the target data information, decrypting the target data information by using a target right key of the target user to obtain the data information corresponding to the target user comprises:
generating the target authority key through the block link points according to the public key, the master key and the authority information of the target user;
and according to the target authority secret key and the public key, decrypting the target data information through a deterministic algorithm to obtain data information corresponding to the target user.
9. The method of claim 1, wherein associating and cross-validating data information corresponding to the target user by the target intelligent contract to obtain an audit result comprises:
based on the Merkel tree of the block chain nodes, organizing and associating the data information corresponding to the target user through a zero-knowledge proof algorithm to obtain processed data information;
performing cross validation on the processed data information to obtain a validation result;
calculating the processed data information through the target intelligent contract to obtain a calculation result;
and obtaining the auditing result according to the verifying result and the calculating result.
10. A data auditing device based on a blockchain is characterized by comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a transaction request for auditing block chain data by a target user, and the transaction request at least comprises: authority information of the target user;
the calling unit is used for calling a target intelligent contract of a block chain node according to the transaction request to obtain target data information, wherein the target intelligent contract is obtained by an auditing rule and an auditing step of the target data information, and the target data information is encrypted by a public key and an access authority policy tree of the target data information;
a determining unit, configured to determine whether the target user has a decryption right for the target data information according to the right information of the target user and the access right policy tree;
the decryption unit is used for decrypting the target data information through a target authority key of the target user to obtain data information corresponding to the target user if the target user has decryption authority on the target data information, wherein the target authority key is generated through block chain link points;
and the auditing unit is used for carrying out association and cross validation on the data information corresponding to the target user through the target intelligent contract so as to obtain an auditing result.
11. A processor, configured to execute a program, wherein the program executes the method for block chain based data auditing according to any one of claims 1 to 9.
12. An electronic device comprising one or more processors and memory storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the blockchain based data auditing method of any one of claims 1-9.
CN202210682657.5A 2022-06-16 2022-06-16 Data auditing method and device based on block chain, processor and electronic equipment Pending CN115048672A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210682657.5A CN115048672A (en) 2022-06-16 2022-06-16 Data auditing method and device based on block chain, processor and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210682657.5A CN115048672A (en) 2022-06-16 2022-06-16 Data auditing method and device based on block chain, processor and electronic equipment

Publications (1)

Publication Number Publication Date
CN115048672A true CN115048672A (en) 2022-09-13

Family

ID=83161554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210682657.5A Pending CN115048672A (en) 2022-06-16 2022-06-16 Data auditing method and device based on block chain, processor and electronic equipment

Country Status (1)

Country Link
CN (1) CN115048672A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI812510B (en) * 2022-10-17 2023-08-11 可立可資安股份有限公司 Blockchain audit system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI812510B (en) * 2022-10-17 2023-08-11 可立可資安股份有限公司 Blockchain audit system

Similar Documents

Publication Publication Date Title
US11314891B2 (en) Method and system for managing access to personal data by means of a smart contract
CN111475849B (en) Private data query method and device based on blockchain account
WO2021184963A1 (en) Contract calling method and apparatus
CN110580413B (en) Private data query method and device based on down-link authorization
CN113255005B (en) Block chain-based data asset circulation method, device and equipment
CN111523110B (en) Authority query configuration method and device based on chain codes
CN109450910A (en) Data sharing method, data sharing network and electronic equipment based on block chain
KR20190042567A (en) Dynamic access control on block chaining
CN111475850B (en) Intelligent contract-based privacy data query method and device
CN109829333B (en) OpenID-based key information protection method and system
CN111460400B (en) Data processing method, device and computer readable storage medium
Zichichi et al. Data governance through a multi-dlt architecture in view of the gdpr
CN112149077B (en) Supply chain billing method, system and computer equipment based on block chain technology
CN112967054B (en) Data management method, device and equipment
WO2022206453A1 (en) Method and apparatus for providing cross-chain private data
CN111460420A (en) Method, device and medium for using electronic seal based on block chain
Kaaniche et al. Prov-trust: towards a trustworthy SGX-based data provenance system
CN115065542A (en) Permission verification method and device, processor and electronic equipment
Sharma A framework of big data as service platform for access control & privacy protection using blockchain network
WO2022132718A1 (en) Technologies for trust protocol with immutable chain storage and invocation tracking
CN114239044A (en) Decentralized traceable shared access system
CN115048672A (en) Data auditing method and device based on block chain, processor and electronic equipment
CN116522356A (en) Data query method and device
CN113901498B (en) Data sharing method, device, equipment and storage medium
CN114239043A (en) Shared encryption storage system constructed based on block chain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination