CN115186033A

CN115186033A - Data processing method based on block chain, authorization method and device and electronic equipment

Info

Publication number: CN115186033A
Application number: CN202210902591.6A
Authority: CN
Inventors: 肖凯; 周海京; 杨毅
Original assignee: Industrial and Commercial Bank of China Ltd ICBC; ICBC Technology Co Ltd
Current assignee: Industrial and Commercial Bank of China Ltd ICBC; ICBC Technology Co Ltd
Priority date: 2022-07-28
Filing date: 2022-07-28
Publication date: 2022-10-14

Abstract

The disclosure provides a data processing method, an authorization method and an authorization device based on a block chain, and an electronic device, which can be applied to the technical field of the block chain and also can be applied to the technical field of finance. The data processing method based on the block chain comprises the following steps: acquiring summary information of target data from a blockchain network, wherein the summary information is issued to the blockchain network through a data authorization party, the summary information comprises a target request address associated with the target data, and the target request address is linked to a data storage party; initiating a data sharing request to the data depositor by accessing the target request address; and receiving the target data from the data storage party, wherein the target data is sent under the condition that the data storage party passes the authentication verification of the data request party according to the on-chain target authorization record.

Description

Data processing method based on block chain, authorization method and device and electronic equipment

Technical Field

The present disclosure relates to the field of blockchain technology, and in particular, to a data processing method, an authorization method, an apparatus, a device, a medium, and a program product based on a blockchain.

Background

For the multi-party data sharing and changing scene, most of the related technologies are based on the centralized service of the data owner, and after the data owner performs online or offline negotiation with the data operator, the data operator acquires and analyzes the data to perform operations such as data changing. Because of the need of multi-party negotiation, the communication cost is high and an effective credible mechanism is lacked. Although the method for realizing data sharing through the block chain in the related art can solve the problem of communication cost, the data sharing is basically realized through the block chain, and certain security risks exist in the data.

Disclosure of Invention

In view of the above, the present disclosure provides a block chain-based data processing method, an authorization method, an apparatus, a device, a medium, and a program product.

In one aspect of the present disclosure, a data processing method based on a block chain is provided, including:

acquiring summary information of target data from a blockchain network, wherein the summary information is issued to the blockchain network through a data authorization party, the summary information comprises a target request address associated with the target data, and the target request address is linked to a data storage party;

initiating a data sharing request to a data storage party by accessing a target request address;

and receiving target data from the data storage party, wherein the target data is sent under the condition that the data storage party passes the authentication verification of the data request party according to the target authorization record on the chain.

According to an embodiment of the present disclosure, the method further includes:

changing data information of the target data;

and sending the changed data information to the block chain network, so that the data storage party updates the target data according to the changed data information after the block chain network pushes a change notice to the data storage party.

According to the embodiment of the present disclosure, the data information of the target data includes a value of an extension field associated with the target data, wherein the extension field is used for characterizing the attribute type of the target data.

According to an embodiment of the present disclosure, the summary information further includes a name of an extension field associated with the target data, and the changing the data information of the target data includes:

reading the name of the extension field from the abstract information;

determining a target attribute type needing to change target data according to the name of the extension field;

determining a target attribute value of the target data under the target attribute type;

the initial value of the extension field is changed to the target attribute value.

According to an embodiment of the present disclosure, wherein sending the changed data information to the blockchain network includes:

accessing a target authorization record on a chain by using the sub-certificate, wherein the target authorization record and the sub-certificate are issued by a data authority, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword;

and updating the target attribute value obtained after the initial value of the extension field is changed to the target authorization record.

According to an embodiment of the present disclosure, wherein:

the summary information also comprises at least one of the following: the data source name, the data identification, the data source hash abstract, the data owner, the data on-chain module and the data brief description of the target data.

A data processing method based on a block chain comprises the following steps:

receiving a data sharing request initiated by a data requester through an access target request address, wherein the data sharing request is used for requesting target data, the target request address is contained in summary information associated with the target data, and the summary information is issued to a blockchain network through a data authorizer;

determining a target authorization record associated with the data requestor and the target data from a plurality of authorization records in the blockchain network, wherein the target authorization record is issued by the data authorizer;

the data requesting party is authenticated according to the target authorization record;

and in the case that the right of the right is passed, sending the target data to the data requester.

According to an embodiment of the present disclosure, wherein determining a target authorization record associated with a data requestor and target data from a plurality of authorization records in a blockchain network comprises:

acquiring a sub-certificate of a data requester, wherein the sub-certificate is issued by a data authorizer, the sub-certificate carries a keyword, and the sub-certificate is associated with a target authorization record through the keyword;

and taking the authorization record associated with the keyword of the sub-certificate in the plurality of authorization records as a target authorization record associated with the data requester and the target data.

According to the embodiment of the disclosure, the target authorization record comprises the requestable times and requestable time periods of the target data requested by the authorized data requester;

the method for determining the right of the data requester according to the target authorization record comprises the following steps:

and based on the target authorization record, determining that the data requester currently has the request authority of the target data under the condition that the requested times of the data requester for the target data are less than the requestable times and the current request time period of the data requester is within the range of the requestable time period.

A blockchain based authorization method, comprising:

the method comprises the steps that summary information of target data is issued to a block chain network, so that a data requesting party initiates a data sharing request to a data storing party according to a target request address related to the target data and contained in the summary information;

receiving a data authorization request from a data requester;

generating a target authorization record associated with the data requestor and the target data in response to the data authorization request;

and issuing the target authorization record to the block chain network, so that the data storage party sends the target data to the data request party after the data request party passes the right verification according to the target authorization record obtained from the chain.

and issuing a sub-certificate associated with the target authorization record to the data requester so that the data requester accesses the target authorization record by using the sub-certificate, wherein the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword.

Another aspect of the present disclosure provides a block chain-based data processing apparatus, including:

the acquisition module is used for acquiring summary information of target data from a blockchain network, wherein the summary information is issued to the blockchain network through a data authorization party, the summary information comprises a target request address related to the target data, and the target request address is linked to a data storage party;

the request module is used for initiating a data sharing request to the data storage party by accessing the target request address;

the first receiving module is used for receiving target data from a data storage party, wherein the target data is sent under the condition that the data storage party passes the right confirmation and verification of the data requesting party according to the target authorization record on the chain.

According to an embodiment of the present disclosure, the apparatus further includes:

the change module is used for changing the data information of the target data;

and the first sending module is used for sending the changed data information to the block chain network, so that the data storage party updates the target data according to the changed data information after the block chain network pushes the change notification to the data storage party.

According to an embodiment of the present disclosure, the data information of the target data includes a value of an extension field associated with the target data, wherein the extension field is used for characterizing an attribute type of the target data.

According to the embodiment of the disclosure, the summary information further includes a name of an extension field associated with the target data, and the changing module includes:

the reading unit is used for reading the name of the extension field from the summary information;

the first determining unit is used for determining a target attribute type needing to change the target data according to the name of the extension field;

the second determining unit is used for determining a target attribute value of the target data under the target attribute type;

and the changing unit is used for changing the initial value of the extension field into the target attribute value.

According to an embodiment of the present disclosure, wherein the first transmitting module includes:

the access unit is used for accessing the target authorization record on the chain by using the sub-certificate, wherein the target authorization record and the sub-certificate are issued by a data authority, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword;

and the updating unit is used for updating the target attribute value obtained after the initial value of the extension field is changed to the target authorization record.

According to an embodiment of the present disclosure, wherein:

A blockchain-based data processing apparatus comprising:

a second receiving module, configured to receive a data sharing request initiated by a data requestor through an access target request address, where the data sharing request is used to request target data, where the target request address is included in summary information associated with the target data, and the summary information is issued to the blockchain network through a data authorizer;

a determining module for determining a target authorization record associated with the data requestor and the target data from a plurality of authorization records in the blockchain network, wherein the target authorization record is issued by the data authorizer;

the right confirming module is used for confirming the right of the data request party according to the target authorization record;

and the second sending module is used for sending the target data to the data requester under the condition that the right is confirmed to pass.

According to an embodiment of the present disclosure, wherein the determining module includes:

the acquisition unit is used for acquiring a sub-certificate of a data requester, wherein the sub-certificate is issued by a data authorizer, carries a keyword, and is associated with a target authorization record through the keyword;

and the third determining unit is used for taking the authorization record associated with the keyword of the sub-certificate in the authorization records as a target authorization record associated with the data requester and the target data.

the right confirming module comprises a right confirming unit used for confirming that the data requester currently has the request right of the target data under the condition that the requested times of the data requester to the target data are less than the requested times and the current request time period of the data requester is within the requested time period range based on the target authorization record.

A blockchain-based authorization apparatus, comprising:

the first publishing module is used for publishing the summary information of the target data to the block chain network so that the data requester can initiate a data sharing request to the data storage party according to a target request address which is contained in the summary information and is associated with the target data;

the third receiving module is used for receiving a data authorization request from a data requester;

the generation module is used for responding to the data authorization request and generating a target authorization record associated with the data requester and the target data;

and the second issuing module is used for issuing the target authorization record to the block chain network so that the data storage party sends the target data to the data requesting party after the data storage party passes the right confirmation and verification of the data requesting party according to the target authorization record obtained from the chain.

and the issuing module is used for issuing a sub-certificate associated with the target authorization record to the data requester so that the data requester accesses the target authorization record by using the sub-certificate, wherein the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword.

Another aspect of the present disclosure provides an electronic device including: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described data processing method.

Another aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions, which when executed by a processor, cause the processor to perform the above-mentioned data processing method.

Another aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described data processing method.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates an application scenario diagram of a data processing method, apparatus, device, medium and program product according to embodiments of the disclosure;

FIG. 2 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure;

FIG. 3 schematically illustrates a system diagram for data sharing and data updating by blockchain among multiple parties, according to an embodiment of the present disclosure;

FIG. 4 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure;

FIG. 5 schematically illustrates a flow chart of an authorization method according to an embodiment of the disclosure;

FIG. 6 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure;

FIG. 7 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure;

FIG. 8 schematically illustrates a block diagram of an authorization device according to an embodiment of the present disclosure;

fig. 9 schematically shows a block diagram of an electronic device adapted to implement a data processing method according to an embodiment of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.

Where a convention analogous to "A, B and at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

For the multi-party data sharing and changing scene, most of the related technologies are based on the centralized service of the data owner, and after the data owner performs online or offline negotiation with the data operator, the data operator acquires and analyzes the data to perform operations such as data changing. Because of the multi-party negotiation, the communication cost is high, an effective credible mechanism is lacked, and the centralized service has no expandability. Although the method for realizing data sharing through the block chain in the related art can solve the problem of communication cost, the data sharing is basically realized through the block chain, and certain security risks exist in the data.

In view of this, the embodiments of the present disclosure provide a trusted data processing method with multiple access parties by using the multi-party mutual trust cooperation capability of a block chain, and are applicable to a scenario of multi-party data sharing, change and interoperation.

The data processing method based on the block chain provided by the embodiment of the disclosure comprises the following steps:

and receiving target data from the data storage party, wherein the target data is sent under the condition that the data storage party passes the authentication verification of the data request party according to the on-chain target authorization record.

Fig. 1 schematically illustrates an application scenario diagram of a data processing method, apparatus, device, medium, and program product according to embodiments of the present disclosure.

As shown in fig. 1, the application scenario 100 according to this embodiment may include a blockchain network 101, a data authorizer 102, a data requestor 103, and a data store 104.

The blockchain corresponding to the blockchain network 101 may be a blockchain associated with a service contract. The data authorizer 102, the data requestor 103, and the data store 104 may each include a plurality of nodes of the access blockchain network 101.

Through the blockchain network 101, the data authorizer 102, the data requestor 103, and the data store 104 may implement data sharing. A network connection may be established between each node for data transfer over the network connection.

The data authorizer 102 may publish summary information of the data to the blockchain network, so that the data requestor 103 may know basic information of the data by reading the summary information. The data authorizer 102 may also issue a sub-certificate for accessing the blockchain network 101 to the data requestor 103 based on a data authorization request of the data requestor 103.

The summary information includes a target request address associated with the target data, where the target request address is linked to the data storage party 104, and after the data request party 103 learns the basic information of the data by reading the summary information, the data request party can initiate a data sharing request to the data storage party 104 by accessing the target request address.

After receiving the data sharing request initiated by the data requestor 103, the data storage party 104 authenticates the data requestor 103 through the blockchain network 101, and after the authentication is passed, sends the data to the data requestor 103 through a chain.

The data requester 103 may also be a data changer, and may perform data change if authorized, and upload the changed data to the blockchain network 101, and the blockchain network 101 may notify the data authorizer 102 and the data repository 104 of a message of the data change.

It should be understood that the data authorizer 102 and the data depositor 104 may be the same node or may be different nodes. The data authorizer 102, the data requestor 103, and the data store 104 may include a plurality of nodes, respectively, or may include only one node.

It should be noted that the data processing method, the authorization method, and the apparatus of the present disclosure may be used in the field of blockchain technology, may also be used in the field of financial technology, and may also be used in any field other than the field of blockchain technology and the field of financial technology.

In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated.

In the technical scheme of the disclosure, before the personal information of the user is obtained or collected, the authorization or the consent of the user is obtained.

The data processing method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 9 based on the scenario described in fig. 1.

Fig. 2 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure. Fig. 3 schematically illustrates a system diagram for data sharing and data updating by blockchains for multiple parties according to an embodiment of the present disclosure. The method of the embodiment of the present disclosure is described below with reference to fig. 2 and 3.

As shown in fig. 2, the block chain-based data processing method of this embodiment includes operations S201 to S203.

In operation S201, summary information of target data is acquired from a blockchain network, where the summary information is issued to the blockchain network by a data authorizer, and the summary information includes a target request address associated with the target data, where the target request address is linked to a data storage party;

initiating a data sharing request to the data storage side by accessing the target request address in operation S202;

in operation S203, target data from the data storage party is received, wherein the target data is transmitted in a case that the data storage party passes the authentication verification of the data requester according to the on-chain target authorization record.

As shown in fig. 3, according to the embodiment of the present disclosure, in which the data processing method is implemented based on a blockchain, there may be multiple parties accessing a blockchain network, which may include, but are not limited to, a data authorizer, a data requestor, a data storer, a data changer, and the like. Multiple parties can access the medium to the blockchain data authorization center through the blockchain, and the data authorizer, the data requester, the data storage party and the data changer can comprise one or more nodes of the access blockchain network. As shown in fig. 3, the scalable data sources of the data authority accessing the block chain may include, but are not limited to, a data center, a storage system, a government affairs sharing system … ….

According to the embodiment of the disclosure, the data requesting party may also serve as a data changing party, performs data change under the condition of obtaining authorization, and uploads the changed data to the blockchain network, and the blockchain network may notify the data authorizing party and the data storing party of the message of the data change. It should be understood that the data authorizer and the data stores may be the same node or different nodes.

The data processing method based on the blockchain in this embodiment may be executed by a data requester or a data changer, and the data requester and the data changer may be the same execution subject or different execution subjects.

As shown in fig. 3, a data requestor or data changer may request target data through a blockchain network. The data authorizer may publish summary information of the target data to the blockchain network data authorization center, where the summary information may include, but is not limited to, a data source name of the target data, a data identifier (primary key of data), a hash summary of the data source, an owner of the data, a module to which the data belongs in a chain, a brief description of the data, and so on, so that a data requester or a data changer may know basic information of the data by reading the summary information. The data summary information disclosed in the chain can be authorized by the data authorized party and the authorization information can be linked up. The summary information comprises a target request address associated with target data, wherein the target request address is linked to a data storage party.

After the data requesting party or the data modifying party acquires the summary information of the target data from the chain, whether the data is required to be requested or not can be determined according to the acquired basic information of the data, and a data sharing request can be initiated to the data storing party by accessing the target request address.

And after the authentication is passed, the data is sent to the data requester or the data changer through the link.

According to the embodiment of the present disclosure, as shown in fig. 3, the data storage side authenticates the data request, for example, the data storage side can authenticate the data requester according to the target authorization record on the chain. The target authorization record is issued by a data authorizer, and may be a data authorizer that responds to a data authorization request after a data requestor or a data changer initiates a data authorization request for requesting target data to the data authorizer, generates a target authorization record associated with the data requestor and the target data, and chains the target authorization record. The target authorization record may include the number of requestable times, the requestable time period, etc. that the data requestor is authorized to request the target data.

According to the embodiment of the disclosure, when authenticating a data requester or a data changer, a data storage party can determine whether a target authorization record associated with the data requester and target data exists in a block chain network by accessing a block chain, and if so, further determine whether the data requester or the data changer currently has a data request authority according to information such as the requestable times and the requestable time periods recorded in the target authorization record, and if the data requester or the data changer passes the authentication, the data storage party sends the target data to the data requester or the data changer through the chain.

According to the embodiment of the disclosure, unlike the method in the related art in which multiple parties share data through a blockchain network, the data processing method in the embodiment of the disclosure only shares summary information of the data through the blockchain network, but does not share entity data. By sharing the summary information of the data, it is convenient for multiple parties accessing the block chain to know the basic information of the data so as to determine whether the data needs to be requested according to respective actual requirements. Under the condition that data is required to be requested, the data requester can initiate a data request to the data storage party through the request address shared in the summary information, and further the data storage party performs authentication through the block chain and then entity data is transmitted under the chain. It can be seen that, in the data processing method of the embodiment of the present disclosure, the block chain network shares summary information of data, but does not share entity data, and the entity data is transmitted through point-to-point transmission under the chain, so that the security of the data can be ensured, further, the entity data is transmitted under the chain only when authenticated through the block chain network, so that the security of the data is further improved, and multiple parties realize respective functions (authorization by a data authorizer, authentication by a data storage party, and data request data) through the block chain, thereby implementing a trusted data sharing method with multiple parties participating in.

According to the embodiment of the present disclosure, as shown in fig. 3, the summary information issued by the data authorizer to the target data on the chain may include, but is not limited to, information content such as a data source name of the target data, a data identifier (data primary key), a data source hash summary, a data owner, a data module on the chain, a data brief description, and the like.

In the summary information, a data source hash summary is a unique character string generated by source data through a summary algorithm and used for data verification and confirmation, after a data requester or a data changer acquires target data, a character string is generated by running a related summary algorithm, and whether the generated character string is consistent with the data source hash summary in the summary information on the chain is determined.

According to the embodiment of the present disclosure, the data authorizer may authorize the data requestor or the data changer to change the data information of the target data, such as the price, the data type, the data verification result, and the like of the change target data, according to the specific use scenario of the target data. In particular, the data authorizer can authorize a data requestor or data changer to change a value of an extension field associated with the target data, such as changing a value of an extension field "price," changing a type value of a "data type," and so forth.

According to the embodiment of the disclosure, based on the above data change scenario, the summary information may include a name of an extension field associated with the target data, so that the data changer knows the data change requirement of the data authorizer.

According to the embodiment of the present disclosure, as shown in fig. 3, a data authorizer needs to perform data source registration in advance on a chain, the data authorizer sends data source information (registration) to a block chain, the data authorizer includes application names, application keywords, module names, field extension names, and the like, the chain may include a plurality of data modules, different data modules may be used for registering different types of data sources, for example, an enterprise a registers some user information in a user information module, and an enterprise B registers some financial data in a financial module. Each module on the chain stores information related to the data source, such as a data source keyword, a data source name, a module name and the like, and each module is also configured with a changeable extension field name for indicating the data change requirement of a data authority based on the scene of the data change. The same module may define a plurality of extension fields, i.e. field names that may be authorized to be modified by others.

Based on the above data registration scenario, as shown in fig. 3, the summary information of the target data may further include name information of a module to which the data source belongs on the chain, for indicating registration information of the data source.

According to the embodiment of the disclosure, based on the scenario of the data change, the method further includes that, when the data authorizer is obtained, the data changer changes the data information of the target data, and sends the changed data information to the blockchain network, so that the data storage party updates the target data according to the changed data information after the blockchain network pushes the change notification to the data storage party.

Specifically, the data information of the target data includes a value of an extension field associated with the target data, where the extension field is used to characterize an attribute type of the target data, it should be noted that the meaning of the extension field is not limited to the attribute type of the target data, but may also be any other meaning related to a change requirement, for example, in a scenario where enterprise a authorizes enterprise B to price some personal consumption information data of enterprise a, the extension field is "price"; in the case where enterprise a authorizes enterprise B to perform data verification for some financial data of enterprise a, the extension field is "data verification result".

According to an embodiment of the present disclosure, on the premise that the summary information includes a name of an extension field associated with the target data, the data information of the target data changed by the data changer specifically includes:

reading the name of the extension field from the abstract information;

According to the embodiment of the disclosure, for example, in a scenario where an enterprise a (data authorizer) authorizes an enterprise B (data changer) to price some personal consumption information data of the enterprise a, an extension field in summary information on a chain is "price", the data changer may read the summary information on the chain in a case of obtaining authorization of the data authorizer, request data from an enterprise C (data storage, which may also be the enterprise a) through a data access address in the summary information, the enterprise C accepts the request and initiates authentication to a blockchain, performs right confirmation verification on the data requester through an authorization record on the chain, and after the verification is passed, the enterprise C returns the data to the enterprise B.

It should be noted that the data requested by the data access address in the summary information may be sample data of the target data, not entity data, or may be only a data introduction of the target data, and may be flexibly set according to the specific service scenario and the security and privacy requirements of the data. Therefore, in the scenario where the example changes the price of data, the data returned by the C enterprise to the B enterprise may be sample data of personal consumption information data, not real personal information data.

Still taking the above example as an example, after receiving the sample data of the personal consumption information data returned by the enterprise C, the enterprise B may determine the data price by analyzing the sample data, that is, change the value of the corresponding "price" of the extension field, and update its chain to the chain, where receiving the update of the extension field on the chain triggers a notification, pushing the updated extension field to the enterprise C for data change, and the enterprise C changes the specified extension field value according to the business requirement.

According to the embodiment of the disclosure, by the data processing method, on the basis of realizing data sharing, data change can be realized, and different from the method of changing entity data or part of entity data through a block chain in the related art, the method of the embodiment of the disclosure changes the extension field of the entity data only through the block chain, and does not change the entity data through the block chain, so that the security of the data is further ensured, and based on the data change scenario of the embodiment of the disclosure, because the data change scenario needs to be changed instead of the entity data, the data change is only the sample data of the target data, the data profile of the target data, and the like, and the target data returned to the data storage party can be changed instead of the entity data on the premise that the data change party does not contact the entity data, so that the security of the data is improved.

According to the embodiment of the disclosure, by the data processing method, the credible capability of multi-party expansion (data source expansion, service scene expansion and service field expansion) is realized based on the characteristics of the block chain, the trace of each use of the data is realized based on the traceability capability of the block chain, the follow-up supervision is facilitated, the data changing party can realize the changing operation of the data without contacting with the complete data, and the privacy and the safety of the data are fully protected.

According to an embodiment of the present disclosure, as shown in fig. 3, after the data changer changes the extension field of the target data, sending the changed data information to the blockchain network includes: and updating the target attribute value obtained after the initial value of the extension field is changed to the target authorization record on the chain. The data changer accesses the target authorization record on the chain by using the sub-certificate, wherein the target authorization record and the sub-certificate are issued by the data authorizer, the sub-certificate carries a keyword, the sub-certificate is associated with the target authorization record through the keyword, and the corresponding authorization record can be accessed through the sub-certificate. After the changed data information is updated to the block chain network authorization record, the block chain network data authorization center pushes a change notice to the data storage party, and the data storage party updates the target data according to the changed data information.

According to the embodiment of the disclosure, the data processing method realizes convenient authorization, sharing and interoperation by using the certificate characteristics, and the data authorizer can complete authorization and data change only by issuing the authorization record and issuing the sub-certificate. The sub-certificate is provided with keywords which are associated with the authorization records one by one, so that the differential authority management of different sub-certificate owners can be realized.

Another aspect of the present disclosure provides a data processing method based on a blockchain, which is performed by a data storage side.

Fig. 4 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure.

As shown in fig. 4, the block chain-based data processing method of this embodiment includes operations S401 to S404.

In operation S401, a data sharing request initiated by a data requestor through an access target request address is received, where the data sharing request is used to request target data, where the target request address is included in summary information associated with the target data, and the summary information is issued to a blockchain network by a data authorizer;

in operation S402, determining a target authorization record associated with a data requestor and target data from a plurality of authorization records in a blockchain network, wherein the target authorization record is issued by the data authorizer;

in operation S403, the data requester is authenticated according to the target authorization record;

in operation S404, in case the right to confirm passes, the target data is transmitted to the data requester.

Based on the description of the data processing method executed by the data requester or the data changer in the above embodiment, the data storage party is mainly configured to authenticate the data requester or the data changer through the block chain network after receiving the data sharing request initiated by the data requester, and send the data to the data requester or the data changer through the chain after the authentication is passed.

According to the embodiment of the present disclosure, as shown in fig. 3, the data storage side authenticates the data request, for example, the data storage side can authenticate the data requester according to the target authorization record on the chain. The target authorization record is issued by a data authorizer, and may be a data authorizer that responds to a data authorization request after a data requestor or a data changer initiates a data authorization request for requesting target data to the data authorizer, generates a target authorization record associated with the data requestor and the target data, and chains the target authorization record.

When the data storage party authenticates the data request party or the data change party, whether a target authorization record associated with the data request party and the target data exists in the block chain network can be determined through accessing the block chain, if so, whether the data request party or the data change party has the data request authority is further determined according to information recorded in the target authorization record, and the data storage party sends the target data to the data request party or the data change party through the chain under the condition that the authentication is passed.

According to the embodiment of the disclosure, under the condition that a data requester requests data, the data is transmitted under a link only when the data is authenticated by a data storage party, so that the security of the data is improved, the authorization and the right confirmation of the data are both realized through a block chain network, specifically, a data authorizer issues an authorization record and uplinks the data, a data storage party authenticates the request of the requester according to the on-link authorization record, and the block chain is passed, so that a credible and multi-party participating data sharing method is realized, the characteristic of multi-party participation and expandability is provided, and the data sharing and interoperation capabilities are endowed.

According to an embodiment of the present disclosure, when authenticating a data requester or a data changer, a data storage determines whether a target authorization record associated with the data requester and target data exists in a blockchain network by accessing a blockchain, which may specifically include:

According to the embodiment of the disclosure, on the premise that the data authorizer issues the authorization record to the data requester or the data changer, the data authorizer may issue a sub-certificate for accessing the authorization record in the block chain to the data requester or the data changer based on the request of the data requester or the data changer. The sub-certificate carries keywords, is associated with the target authorization record through the keywords, and can access the corresponding authorization record through the sub-certificate.

When the data storage party authenticates the data requesting party or the data changing party, whether the target authorization record associated with the data requesting party and the target data exists in the block chain network can be determined by accessing the block chain, and specifically, whether the target authorization record associated with the data requesting party and the target data exists can be further searched from the block chain network according to the sub-certificate of the data requesting party or the data changing party and based on the keyword in the sub-certificate. For example, the sub-certificate issued by the data authorizer to the data requestor a enterprise includes a keyword "enterprise a", and the authorization record issued by the data authorizer to the data requestor a enterprise may include the keyword "enterprise a" of the sub-certificate, and may further include a name of the data source: XX data, and as such, may associate a sub-certificate with an authorization record. When the data storage party authenticates the data request party or the data change party, whether a target authorization record of the keyword 'A enterprise' including the sub-certificate exists in the block chain network can be searched through the keyword 'A enterprise'.

According to the embodiment of the present disclosure, as shown in fig. 3, the target authorization record may include, in addition to the key word of the sub-certificate, a data source name, an authorization object, a data source digest main key, an operation mode (e.g., readable or writable), an initial value of an extension field that can authorize change, the number of requestable times that an authorized data requester requests target data, a requestable time period, the number of requested times, and the like.

According to the embodiment of the disclosure, if a target authorization record associated with a data requester and target data exists in a blockchain network, it is further determined whether the data requester or the data modifier currently has data request permission according to information such as the number of requestable times and the requestable time period described in the target authorization record, for example, it may be determined that the data requester currently has the request permission of the target data based on the target authorization record in the case that the number of requested times of the target data by the data requester is less than the number of requestable times and the current request time period of the data requester is within the range of the requestable time period. And in the case of passing the authentication, the data storage party sends the target data to the data request party or the data change party through the link.

According to the embodiment of the disclosure, the data storage party may further determine whether the data requesting party has corresponding authority according to an operation mode, such as readable or writable, described in the target authorization record, where the readable representative data requesting party has authority to read data, and the writable representative data requesting party has authority to change the data extension field.

Another aspect of the present disclosure provides a block chain based authorization method performed by a data authorizer.

Fig. 5 schematically shows a flow chart of an authorization method according to an embodiment of the present disclosure.

As shown in fig. 5, the authorization method according to the embodiment of the present disclosure includes operations S501 to S504.

In operation S501, the summary information of the target data is published to the blockchain network, so that the data requester initiates a data sharing request to the data depositor according to a target request address associated with the target data included in the summary information;

receiving a data authorization request from a data requester in operation S502;

in operation S503, in response to the data authorization request, generating a target authorization record associated with the data requestor and the target data;

in operation S504, the target authorization record is issued to the blockchain network, so that the data storage side sends the target data to the data requester after the data requester passes the right verification according to the target authorization record obtained from the chain.

According to the embodiments of the present disclosure, based on the description of the above embodiments about the data processing method performed by the data requester or the data changer and the data storage, the data authorizer is mainly used for requesting authorization to the data requester or the data changer, and when receiving a data authorization request from the data requester, generates a target authorization record associated with the data requester and the target data and links the authorization record, so that the data storage authenticates the data requester according to the target authorization record obtained from the chain.

According to the embodiment of the disclosure, the premise of data sharing between the data requesting party and the data storing party is based on authorization of the data authorizing party, and through authorization, the security of data transmission is ensured, further, a data sharing mechanism with multi-party participation is established based on the block chain network, and the data sharing mechanism with multi-party participation has the characteristic of multi-party participation expandability, and can realize respective different functions based on the multi-party of the block chain network, and realize ordered and credible data sharing.

In the aspect of authorization and verification logic, a user system of the block chain is realized based on certificates, organizations participating in the block chain provide root certificate public keys to respective nodes, and a user can access a block chain network through sub-certificates issued by the organization root certificates. The data changer fills in the authorization record according to the data abstract issued by the data authorizer to apply for authorization, as long as the data authorizer confirms that the authorization sub-certificate passes the supplementary authentication mode (sub-certificate) information and issues the authorization sub-certificate to the data changer.

The issued sub-certificate may be accompanied by a "keyword", and a specified "keyword" may be constrained in advance. As shown in fig. 3, on the premise that the data authorizer issues an authorization record (including a certificate "keyword" information) to the data requestor or the data changer, the data authorizer issues a sub-certificate with a specified "keyword" to the data requestor or the data changer, the data requestor or the data changer may obtain a data access address from the sub-certificate access block chain, request data from the data storage party through the data access address, initiate authentication to obtain the authorization record to the block chain network, verify the sub-certificate and the authorization times/timeliness, and return specific data after the verification is passed.

According to the embodiment of the disclosure, the sub-certificates are associated with the authorization records one by one through keywords, and different authorization records record different permissions of the authorized request data, for example, the sub-certificate issued by the data authorizer to the data requestor a enterprise contains a keyword "a enterprise", the authorization record issued by the data authorizer to the a enterprise may include the keyword "a enterprise" of the sub-certificate, and the number of times of recording the requested target data 1 is 100 times; the sub-certificate issued by the data authorizer to the enterprise of the data requestor B contains a keyword 'enterprise B', the authorization record issued by the data authorizer to the enterprise B can contain the keyword 'enterprise B' of the sub-certificate, and the number of times that the target data 2 can be requested is recorded as 2000 times; therefore, through the sub-certificate and the authorization record, the differential management of the authority of different data requesters is realized, the refined authority control is facilitated, and the data security is effectively ensured.

Based on the data processing method, the disclosure also provides a data processing device. The apparatus will be described in detail below with reference to fig. 6.

Fig. 6 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.

As shown in fig. 6, the data processing apparatus based on a blockchain according to this embodiment includes an obtaining module 601, a requesting module 602, and a first receiving module 603.

An obtaining module 601, configured to obtain summary information of target data from a blockchain network, where the summary information is issued to the blockchain network by a data authorizer, and the summary information includes a target request address associated with the target data, where the target request address is linked to a data storage party;

a request module 602, configured to initiate a data sharing request to a data storage party by accessing a target request address;

a first receiving module 603, configured to receive target data from the data storage, where the target data is sent when the data storage passes the authentication verification of the data requester according to the linked target authorization record.

According to the embodiment of the disclosure, the summary information of the target data acquired by the acquiring module 601 from the blockchain is different from how many parties share the entity data through the blockchain network in the related art. The request module 602 can initiate a data request to the data storage party through the shared request address in the summary information, further implement entity data link down transmission after authentication is performed through the first receiving module 603 through the block link, so as to ensure the security of the data, further, the entity data is transmitted under the link only when the authentication is passed through the block link network, so as to further improve the security of the data, and multiple parties can implement respective functions (authorization by the data authorization party, authentication by the data storage party, data request data) through the block link, so that a trusted data sharing method with multiple parties is implemented, which has the characteristic of multiple parties participating in and being extensible, and simultaneously endows the capabilities of data sharing and interoperation, thereby providing a reference for trusted circulation of the data.

According to the embodiment of the disclosure, the device further comprises a changing module and a first sending module.

The change module is used for changing the data information of the target data; and the first sending module is used for sending the changed data information to the block chain network, so that the data storage party updates the target data according to the changed data information after the block chain network pushes the change notification to the data storage party.

According to the embodiment of the disclosure, the summary information further includes a name of an extension field associated with the target data, and the change module includes a reading unit, a first determining unit and a changing unit.

The reading unit is used for reading the name of the extension field from the summary information; the first determining unit is used for determining the target attribute type needing to change the target data according to the name of the extension field; the first determining unit is used for determining a target attribute value of the target data under the target attribute type; and the changing unit is used for changing the initial value of the extension field into the target attribute value.

According to the embodiment of the disclosure, the first sending module comprises an accessing unit and an updating unit.

The access unit is used for accessing the target authorization record on the chain by using the sub-certificate, wherein the target authorization record and the sub-certificate are issued by a data authority, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword; and the updating unit is used for updating the target attribute value obtained after the initial value of the extension field is changed to the target authorization record.

According to the embodiment of the disclosure, the summary information further includes at least one of the following: the name of a data source of the target data, the identification of the data, a hash abstract of the data source, the belonger of the data, the module to which the data belong on the chain and the brief description of the data.

Based on the data processing method, the disclosure also provides a data processing device. The apparatus will be described in detail below with reference to fig. 7.

Fig. 7 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.

As shown in fig. 7, the data processing apparatus based on the blockchain according to this embodiment includes a second receiving module 701, a determining module 702, a weight determining module 703, and a second sending module 704.

The second receiving module 701 is configured to receive a data sharing request from a data requestor, where the data sharing request is initiated by accessing a target request address, where the data sharing request is used to request target data, where the target request address is included in summary information associated with the target data, and the summary information is issued to the blockchain network by a data authorizer;

a determining module 702, configured to determine a target authorization record associated with a data requestor and target data from a plurality of authorization records in a blockchain network, wherein the target authorization record is issued by the data authorizer;

the right confirming module 703 is configured to confirm the right of the data requestor according to the target authorization record;

and a second sending module 704, configured to send the target data to the data requester if the right of the acknowledgement passes.

According to the embodiment of the disclosure, under the condition that a data requester requests data, the data is transmitted under a chain through the determining module 702 and the right confirming module 703 under the condition that the data passes the authentication of the data storage party, so that the security of the data is improved, the authorization and the right confirming of the data are realized through a block chain network, specifically, the data authorizer issues an authorization record and uploads the authorization record, and the right confirming module 703 authenticates the request of the requester according to the uplink authorization record, so that the block chain is passed, a credible data sharing method with multi-party participation is realized, the characteristic of multi-party participation and expandability are achieved, and the data sharing and interoperation capabilities are endowed.

According to the embodiment of the disclosure, the determining module comprises an obtaining unit and a third determining unit.

The system comprises an acquisition unit, a target authorization record generation unit and a data authorization record generation unit, wherein the acquisition unit is used for acquiring a sub-certificate of a data requester, the sub-certificate is issued by a data authorizer, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword; and a third determining unit, configured to use an authorization record associated with the keyword of the sub-certificate in the multiple authorization records as a target authorization record associated with the data requester and the target data.

Based on the block chain-based authorization method, the disclosure also provides a block chain-based authorization device. The apparatus will be described in detail below with reference to fig. 8.

Fig. 8 schematically shows a block diagram of an authorization apparatus according to an embodiment of the present disclosure.

As shown in fig. 8, the block chain-based authorization apparatus of this embodiment includes a first publishing module 801, a third receiving module 802, a generating module 803, and a second publishing module 804.

A first publishing module 801, configured to publish summary information of the target data to a blockchain network, so that a data requester initiates a data sharing request to a data storage according to a target request address associated with the target data and included in the summary information;

a third receiving module 802, configured to receive a data authorization request from a data requestor;

a generating module 803, configured to generate a target authorization record associated with the data requester and the target data in response to the data authorization request;

the second issuing module 804 is configured to issue the target authorization record to the blockchain network, so that the data storage party sends the target data to the data requesting party after the data requesting party passes the right verification according to the target authorization record obtained from the chain.

According to the embodiment of the disclosure, the premise of data sharing between the data requester and the data storage is that based on authorization of the data authorizer, the target authorization record associated with the data requester and the target data is generated through the third receiving module 802 and the generating module 803 for authorization, so as to ensure the security of data transmission, further, the target authorization record is issued to the block chain network through the second issuing module 804, a data sharing mechanism with multi-party participation is established based on the block chain network, and the data sharing mechanism with multi-party participation expandable characteristic is provided, so that different functions can be realized based on multiple parties of the block chain network, and ordered and credible data sharing is realized.

According to the embodiment of the disclosure, the apparatus further includes an issuing module, configured to issue a sub-certificate associated with the target authorization record to the data requestor, so that the data requestor accesses the target authorization record by using the sub-certificate, where the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record by using the keyword.

According to the embodiment of the present disclosure, any multiple modules of the fetching module 601, the requesting module 602, the first receiving module 603, the second receiving module 701, the determining module 702, the right determining module 703, the second sending module 704, the first publishing module 801, the third receiving module 802, the generating module 803, and the second publishing module 804 may be combined to be implemented in one module, or any one of the modules may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to the embodiment of the present disclosure, at least one of the fetching module 601, the requesting module 602, the first receiving module 603, the second receiving module 701, the determining module 702, the right determining module 703, the second sending module 704, the first publishing module 801, the third receiving module 802, the generating module 803, and the second publishing module 804 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or in a suitable combination of any of them. Alternatively, at least one of the fetching module 601, the requesting module 602, the first receiving module 603, the second receiving module 701, the determining module 702, the right determining module 703, the second sending module 704, the first publishing module 801, the third receiving module 802, the generating module 803, and the second publishing module 804 may be implemented at least in part as a computer program module, which may perform corresponding functions when executed.

As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.

In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.

Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.

The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist alone without being assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the data processing method provided by the embodiment of the disclosure.

The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.

In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.

In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

It will be appreciated by a person skilled in the art that various combinations or/and combinations of features recited in the various embodiments of the disclosure and/or in the claims may be made, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. A data processing method based on a block chain comprises the following steps:

initiating a data sharing request to the data depositor by accessing the target request address;

and receiving the target data from the data storage party, wherein the target data is sent under the condition that the data storage party passes the authentication verification of the data request party according to the on-chain target authorization record.

2. The method of claim 2, further comprising:

changing data information of the target data;

3. The method of claim 2, wherein:

the data information of the target data comprises a value of an extension field associated with the target data, wherein the extension field is used for characterizing the attribute type of the target data.

4. The method of claim 3, wherein the summary information further includes a name of an extension field associated with the target data, and the altering the data information of the target data includes:

reading the name of the extension field from the summary information;

determining a target attribute type needing to change the target data according to the name of the extension field;

changing the initial value of the extension field to the target attribute value.

5. The method of claim 4, wherein the sending the changed data information to the blockchain network comprises:

accessing the target authorization record on a chain by using a sub-certificate, wherein the target authorization record and the sub-certificate are issued by the data authority, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword;

6. The method of claim 1, wherein:

the summary information further comprises at least one of the following: the data source name, the data identification, the data source hash abstract, the data owner, the data chain module and the data brief description of the target data.

7. A data processing method based on a block chain comprises the following steps:

the data requester is authorized according to the target authorization record;

and in the case of passing the right confirmation, sending the target data to the data requester.

8. The method of claim 7, wherein the determining a target authorization record associated with the data requestor and the target data from a plurality of authorization records in the blockchain network comprises:

acquiring a sub-certificate of the data requester, wherein the sub-certificate is issued by the data authorizer, the sub-certificate carries a keyword, and the sub-certificate is associated with the target authorization record through the keyword;

and taking the authorization record associated with the keyword of the sub-certificate in the authorization records as a target authorization record associated with the data requester and the target data.

9. The method of claim 7, wherein the target authorization record includes a number of requestable times, a requestable time period for authorizing the data requestor to request the target data;

the determining the right of the data requester according to the target authorization record comprises:

and based on the target authorization record, determining that the data requester currently has the request authority of the target data under the condition that the requested times of the data requester for the target data are less than the requestable times and the current request time period of the data requester is within the requestable time period range.

10. A blockchain based authorization method, comprising:

the method comprises the steps that summary information of target data is issued to a block chain network, so that a data requester initiates a data sharing request to a data storage side according to a target request address which is contained in the summary information and is associated with the target data;

receiving a data authorization request from the data requestor;

and issuing the target authorization record to the block chain network, so that the data storage party sends the target data to the data request party after the data request party passes the right confirmation and verification according to the target authorization record obtained from the chain.

11. The method of claim 10, further comprising:

12. A blockchain-based data processing apparatus comprising:

the system comprises an acquisition module, a data storage module and a processing module, wherein the acquisition module is used for acquiring summary information of target data from a blockchain network, the summary information is issued to the blockchain network through a data authorization party, the summary information comprises a target request address related to the target data, and the target request address is linked to the data storage party;

a request module for initiating a data sharing request to the data repository by accessing the target request address;

the first receiving module is used for receiving the target data from the data storage party, wherein the target data is sent under the condition that the data storage party passes the right confirmation and verification of the data request party according to the target authorization record on the chain.

13. A blockchain-based data processing apparatus comprising:

a second receiving module, configured to receive a data sharing request from a data requestor, where the data sharing request is initiated by accessing a target request address, where the data sharing request is used to request target data, where the target request address is included in summary information associated with the target data, and the summary information is issued to a blockchain network by a data authorizer;

a determining module, configured to determine a target authorization record associated with the data requestor and the target data from a plurality of authorization records in the blockchain network, wherein the target authorization record is issued by the data authorizer;

14. A blockchain-based authorization apparatus, comprising:

the first publishing module is used for publishing the summary information of the target data to the block chain network so that a data requesting party can initiate a data sharing request to a data storing party according to a target request address which is contained in the summary information and is associated with the target data;

a third receiving module, configured to receive a data authorization request from the data requestor;

a generating module, configured to generate a target authorization record associated with the data requester and the target data in response to the data authorization request;

and the second issuing module is used for issuing the target authorization record to the block chain network so that the data storage party sends the target data to the data requesting party after the data requesting party passes the right confirmation and verification according to the target authorization record obtained from the chain.

15. An electronic device, comprising:

one or more processors;

a storage device to store one or more programs,

wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in any of claims 1-6.

16. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 6.

17. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 6.