CN117176367A

CN117176367A - Application sharing method based on block chain, file sharing method and device

Info

Publication number: CN117176367A
Application number: CN202210586736.6A
Authority: CN
Inventors: 何山
Original assignee: Delta Electronics Shanghai Co Ltd
Current assignee: Delta Electronics Shanghai Co Ltd
Priority date: 2022-05-26
Filing date: 2022-05-26
Publication date: 2023-12-05
Also published as: TW202347354A

Abstract

The invention provides an application sharing method, a file sharing method and a device based on a block chain, wherein the application sharing method comprises the following steps: in response to a request of the first partner for use of the second partner application, the second partner packages the native application to generate a first sandboxed application; issuing application authorization information on the first blockchain distributed ledger authorizing the first partner to use the first sandboxed application; the method comprises the steps of obtaining application authorization information, encrypting to generate a sandbox token, storing the sandbox token into a service node of a first partner through a blockchain network, and authorizing the first partner to uniquely access the sandbox token; installing a first sandbox application on a business node of a first partner to obtain a sandbox token; the first sandboxed application decrypts the sandboxed token and compares the sandboxed token with the application authorization information to determine whether the first sandboxed application is compliant. The method realizes asset sharing among partners.

Description

Application sharing method based on block chain, file sharing method and device

Technical Field

The present invention relates to the field of blockchain technologies, and in particular, to a blockchain-based application sharing method, a file sharing method, a device, a medium, and an electronic apparatus.

Background

With the rapid development of artificial intelligence and the internet of things, in the development process of products and solutions, multiple partners often need to share assets such as data, knowledge, applications and the like among the partners so as to push the development process to be more rapid and effective. These shared and derivative assets need to be well protected and certified to protect the interests of the parties and thus enhance trust.

Generally, a conventional resource sharing method is to build a dedicated communication line between partners to transmit assets to be shared, or to transmit the assets in a more complex offline manner. In recent years, as blockchain technology is widely used and developed, more and more methods and devices for using blockchain shared resources are used, but basically no processing of application asset sharing is involved. However, the method of sharing private data or files is often also a method of storing data in a distributed account book through encryption, which is not ideal for large files.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides an application sharing method, a file sharing method, a device, a medium and electronic equipment based on a blockchain.

To achieve the above object, in one aspect, the present invention provides a blockchain-based application sharing method, where a blockchain network includes a plurality of blockchain distributed ledgers, each of the blockchain distributed ledgers is commonly maintained by at least two partners, each of the partners provides at least one service node, each of the service nodes has a right to register information and query information on the plurality of blockchain distributed ledgers maintained by itself, and the partners at least include a first partner and a second partner;

the application sharing method comprises the following steps:

in response to a request of the first partner for use of a second partner application, the second partner packages a native application to generate a first sandboxed application;

issuing application authorization information on a first blockchain distributed ledger authorizing the first partner to use the first sandboxed application;

broadcasting the application authorization information to all service nodes added into the first blockchain distributed account book through a blockchain network;

acquiring the application authorization information, performing mixed encryption with the current timestamp, and generating a sandbox token;

Storing the generated sandbox token into a service node of the first partner through the blockchain network, and authorizing the first partner to uniquely access the sandbox token;

installing the first sandbox application on a service node of the first partner to acquire the sandbox token;

and the first sandbox application decrypts the sandbox token, compares the sandbox token with the application authorization information and the current time stamp, and determines whether the first sandbox application is compliant.

Optionally, the second partner packages the native application to generate the first sandboxed application, and further includes:

generating a first application public and private key special for the first sandbox application authorization and a unique identification code, and storing the first application public and private key on the second partner service node, wherein the first application public and private key comprises a first application public key and a first application private key which correspond to each other;

and integrating the first application public and private key and the unique identification code with the native application to generate the first sandboxed application.

Optionally, randomly generating a unique identification code of the first sandboxed application; or alternatively

Given one of the partners as an authority, a unique identification code of the whole network is distributed as the unique identification code of the first sandboxed application through the authority.

Optionally, the application authorization information includes identity information of the first partner, identity information of the second partner, and a unique identification code, an authorization time limit, an upper limit value of the number of instances, and a frozen state of the first sandboxed application;

the authorization time limit is used for identifying the validity period of the authorization;

the instance number upper limit value is used for identifying the maximum instance number of the first sandboxed application starting;

the frozen state is used for identifying that all instances of the first sandboxed application authorized for use are forced to be closed when the authorization is in the frozen state.

Optionally, the performing hybrid encryption on the application authorization information and the current timestamp to generate a sandbox token includes:

encrypting the application authorization information and the current timestamp through the first application private key to generate the sandbox token;

the sandbox token comprises a unique identification code and user information of the first sandbox application, and a generation date and a valid period of the sandbox token.

Optionally, the installing the first sandboxed application at the service node of the first partner, and obtaining the sandboxed token includes:

the first partner deploys the generated first sandboxed application on the service node of the first partner and opens a node access link;

And the first sandbox application calls the audited chain code on the service node of the first partner through the node access link periodically to acquire the sandbox token.

Optionally, the first sandboxed application decrypts the sandboxed token, compares the sandboxed token with the application authorization information and the current timestamp, and determines whether the first sandboxed application is compliant, including:

comparing whether the unique identification codes of the first sandboxed application are consistent;

comparing whether the identity information of the authorized user of the first sandboxed application and the identity information of the first partner are consistent;

comparing whether the number of the instances of the first sandboxed application exceeds an upper limit value of the number of the instances;

comparing whether the authorization time of the first sandboxed application exceeds an authorization time limit;

and comparing whether the first sandboxed application authorization is in a frozen state or not.

The invention also provides a file sharing method based on the block chain, which comprises the following steps:

in response to a request of a first partner for using a second partner file, the second partner uploads the shared file to a special storage device deployed by a service node through a second sandboxed application;

Authorizing the access rights of the second sandboxed application installed on the business node of the first partner to the shared file, and generating file authorization information;

the first partner downloads the shared file from the special storage device through the second sandboxed application, and authenticates access to the shared file according to the file authorization information under the condition that compliance of the second sandboxed application is verified.

Optionally, when the second partner has a function of developing a file remote access service application, the dedicated storage device is deployed on a service node of the second partner.

Optionally, in response to the request of the first partner for using the second partner file, before the second partner uploads the native file to the dedicated storage device deployed by the service node through the second sandboxed application, the method further includes:

giving one partner as an authority, wherein the special storage device is deployed on a service node of the authority;

the authority is responsible for constructing a file remote access service application, and packaging the file remote access service application to generate the second sandbox application;

The second partner generates a unique public-private file key for each shared file, and encrypts the original file by using a private key in the public-private file keys.

Optionally, in response to the request of the first partner for using the second partner file, after the second partner uploads the shared file to the dedicated storage device deployed by the service node through the second sandboxed application, the method further includes:

issuing application authorization information on a second blockchain distributed ledger authorizing the first partner to use the second sandboxed application;

broadcasting the application authorization information to all service nodes added into the second blockchain distributed account book through a blockchain network;

installing the second sandbox application on a service node of the first partner to acquire the sandbox token;

And the second sandbox application decrypts the sandbox token, compares the sandbox token with the application authorization information and the current time stamp, and determines whether the second sandbox application is compliant.

Optionally, the file sharing method further includes:

the first partner generates a first partner public-private key special for authorization for the second sandboxed application, wherein the first partner public-private key comprises a corresponding first partner public key and a first partner private key;

the first partner publishes the first partner public key to the second blockchain distributed ledger through the second sandboxed application;

the second partner encrypts the public key of the public and private file key according to the public key of the first partner to generate a file authorization token, and the file authorization token is contained in the file authorization information.

Optionally, the file sharing method further includes:

issuing file sharing information on a second blockchain distributed ledger, and broadcasting the file sharing information to all service nodes added into the second blockchain distributed ledger through a blockchain network;

the second sandboxed application deployed on all service nodes uses file sharing information to identify whether the shared file has been tampered with.

Optionally, the file sharing information includes identity information of the second partner, and the unique identification code, the file name, the file version number and the file check code of the second sandbox application;

the file check code is a check value of the file after uploading encryption, and the check value calculated by the second partner is identical to the check value calculated by the authorization authority.

Optionally, the file sharing method further includes:

the second partner issues the file authorization information on a second blockchain distributed ledger and broadcasts the file authorization information to all service nodes added into the second blockchain distributed ledger through a blockchain network;

the first partner uses the first partner private key to decrypt the file authorization token in the file authorization information to obtain the public key of the file public private key, and uses the public key of the file public private key to read the original file.

Optionally, the file sharing method further includes:

and publishing the access record of the shared file on a second blockchain distributed ledger for registration.

In another aspect, the present invention also provides an application sharing apparatus based on a blockchain, including:

The sandboxed application generating module is used for responding to a use request of the first partner for the second partner application, and the second partner packages the native application to generate the first sandboxed application;

the authorization management module is used for issuing application authorization information for authorizing the first partner to use the sandboxed application on a first blockchain distributed ledger, and broadcasting the application authorization information to all service nodes added into the first blockchain distributed ledger through a blockchain network;

the password generation module is used for acquiring the application authorization information, carrying out mixed encryption with the current timestamp, generating a sandbox token, and storing the generated sandbox token into a service node of the first partner through the blockchain network;

the authorization management module is further used for authorizing the unique access right of the first partner to the sandbox token;

the life cycle module is used for installing the first sandbox application on the service node of the first partner to acquire the sandbox token; and decrypting the sandbox token, comparing the sandbox token with the application authorization information and the current timestamp, and determining whether the first sandbox application is compliant.

Optionally, the generating sandboxed application module is further configured to:

Optionally, randomly generating a unique identification code of the sandboxed application; or alternatively

Optionally, the password generating module is further configured to:

Optionally, the life cycle module is further configured to:

In another aspect, the present invention also provides a file sharing device based on a blockchain, including:

the file storage module is used for responding to a use request of the first partner for the second partner file, and the second partner uploads the shared file to a special storage device deployed by the service node through a second sandbox application;

the authorization management module is used for authorizing the access authority of the second sandboxed application installed on the business node of the first partner to the shared file and generating file authorization information;

the file storage module is also used for storing the file authorization information to the special storage device;

and the life cycle module is used for downloading the shared file from the special storage device by the first partner through the second sandboxed application, and authenticating and accessing the shared file according to the file authorization information under the condition of verifying the compliance of the second sandboxed application.

Optionally, the first partner generates a first partner public-private key special for authorization for the second sandboxed application, where the first partner public-private key includes a corresponding first partner public key and a first partner private key;

and the second partner encrypts a public key in the public and private keys of the file according to the public key of the first partner to generate a file authorization token, and the file authorization token is contained in the file authorization information.

Optionally, publishing file sharing information on a second blockchain distributed ledger, and broadcasting the file sharing information to all service nodes added into the second blockchain distributed ledger through a blockchain network;

Optionally, the second partner issues the file authorization information on a second blockchain distributed ledger, and broadcasts the file authorization information to all service nodes joining the second blockchain distributed ledger through a blockchain network;

Optionally, the access record of the shared file is issued on a second blockchain distributed ledger for registration.

Another aspect of the present invention also provides a storage medium storing a computer program for executing the above blockchain-based application sharing method; and/or

For storing a computer program for performing the blockchain-based file sharing method described above.

In another aspect, the invention provides an electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor;

the processor, when executing the computer program, implements the blockchain-based application sharing method described above, and/or

The file sharing method based on the block chain.

The advantages of the invention are as follows:

according to the blockchain-based application sharing method, when a first partner responds to a use request of a second partner application, the second partner packages a native application to generate a sandbox application; issuing application authorization information for authorizing the first partner to use sandboxed application on a first blockchain distributed ledger, and broadcasting the application authorization information to all business nodes joining the blockchain distributed ledger through a blockchain network; the application authorization information and the current timestamp are subjected to mixed encryption to generate a sandbox token, the generated sandbox token is stored into a service node of the first partner through a blockchain network, and the unique access right of the first partner to the sandbox token is authorized; and then, installing the packed sandbox application on a service node of the first partner, acquiring a sandbox token, decrypting the sandbox token through the sandbox application, comparing the sandbox token with application authorization information and a current time stamp, and determining compliance of the sandbox application. In the method, the authorization of the shared application is recorded by the blockchain, authorization data is transmitted through the blockchain network, and on the basis of protecting the application safety of the provider, the application is deployed to the user and can only carry out network communication through the blockchain codes approved by the partners, so that the exposure of the application to the data of the user is prevented, and the data safety of the user of the application is protected.

Drawings

FIG. 1 is a block chain network architecture diagram;

FIG. 2 is a flowchart of a block chain based application sharing method according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating a blockchain-based file sharing method according to a second embodiment of the present invention;

FIG. 4 is a block chain based application sharing apparatus of the present invention;

FIG. 5 is a block chain based file sharing apparatus of the present invention;

FIG. 6 is a schematic diagram of an electronic device;

FIG. 7 is a schematic diagram of a hardware configuration of an electronic device;

wherein:

101-blockchain distributed ledger;

102-partner;

103-service node;

400-blockchain-based application sharing means;

401-generating a sandboxed application module;

402-an authorization management module;

403 a password generation module;

404-lifecycle module;

500-a blockchain-based file sharing device;

501, generating a file storage module;

502-an authorization management module;

503-lifecycle module;

600-an electronic device;

601-a processor;

602-a memory;

700-an electronic device;

701-a network module;

702 an audio output unit;

703-a display unit;

7031-a display panel;

704-a user input unit;

7041-a touch panel;

7042-other input devices;

705-interface unit;

706-memory;

707-a processor.

Detailed Description

In order to make the above features and effects of the present invention more clearly understood, the following specific examples are given with reference to the accompanying drawings.

The blockchain is a distributed shared billing technology, the blockchain network comprises a plurality of blockchain distributed ledgers, the ledgers can record a plurality of sites, different geographic positions and different partners, the data resources are required to be stored and shared by the network formed by the two sites, the system architecture is shown in fig. 1, the blockchain network comprises a plurality of blockchain distributed ledgers 101, each blockchain distributed ledger 101 is commonly maintained by at least two partners 102, and the partners can be natural people users, and can also be related institutions, non-profit organizations or companies of the partners. Each partner 102 provides at least one service node 103, each having the authority to register information and query information on its own maintained number of the blockchain distributed ledgers, which can be used as a provider of an application, to register application authorization information with a blockchain, or as a consumer of a sandboxed application, to query its authorized application information. The invention provides an application sharing method and a file sharing method based on the blockchain network so as to realize asset sharing among different partners.

Specifically, referring to fig. 2, fig. 2 shows a flowchart of a blockchain-based application sharing method according to an embodiment of the present invention.

A method for sharing applications based on a blockchain includes a plurality of blockchain distributed ledgers, each of which is commonly maintained by at least two partners, wherein the partners can be natural human users or related institutions, non-profit organizations or companies of the partners. Each partner provides at least one service node, and each service node has the authority of registering information and inquiring information on a plurality of block chain distributed account books maintained by the service node, and the service node can be used as a provider of an application, registering application authorization information with a block chain and can also be used as a user of a sandbox application to inquire authorized application information of the application.

The application sharing method comprises the following steps:

and S11, responding to a use request of the first partner for the second partner application, and packaging the native application by the second partner to generate the first sandboxed application.

In a specific implementation, when any partner needs an application using other partners, for example, the first partner, partner B, wants to use the application APP1 of the second partner, partner a, the first partner acts as a user and the second partner acts as a publisher, explaining the second partner's ability to accompany application development and integrate and package existing applications with lifecycle modules into a sandboxed application. Sandboxes (sandbox) are virtual system programs that allow you to run a browser or other program in a sandbox environment so that changes made to the run can be later removed. It creates a sandbox-like independent working environment, and the programs running inside it cannot permanently affect the hard disk. Which is a stand-alone virtual environment that can be used to test untrusted applications or internet surfing behavior. The native application in this embodiment may be a program under any operating system that is executable on any electronic device. Meanwhile, in this embodiment, the first partner and the second partner are any two partners.

Specifically, the second partner packages the native application to generate the first sandboxed application, and further includes:

and generating a first application public and private key special for the first sandbox application authorization and a unique identification code, storing the first application public and private key and the unique identification code in an authorization management module deployed on the second partner service node, and registering the first sandbox application and recording the corresponding first application public and private key by the authorization management module and publishing the first sandbox application information on a blockchain. And then, packaging the generated public and private keys of the first application and the unique identification code together with the life cycle module so as to ensure that the public and private keys of the first application and the unique identification code can be read when the life cycle module runs, wherein the life cycle module is used for verifying whether the current first sandbox application is compliant or not, and the first sandbox application which is not compliant is forcibly terminated. And finally, integrating the packaged life cycle module with the native application to generate the first sandboxed application.

Furthermore, an asymmetric encryption algorithm may be used to generate a first application public-private key specific to the first sandboxed application authorization. In some embodiments, the unique identification code for the first sandboxed application may be generated by randomly generating the unique identification code for the sandboxed application. In other embodiments, to increase the security of the blockchain network, the technology level requirements for each partner may be reduced, one partner with a higher information technology level may be selected as the authority, a common partner other than the first partner and the second partner may be selected as the authority, or one of the first partner and the second partner may be selected as the authority. The authority is not granted higher rights, but instead needs to provide more technical support services to help reduce operating costs and increase network governance levels. And allocating a unique identification code of the whole network as the unique identification code of the first sandboxed application through the authorization authority.

In a specific implementation, in order to protect sandboxed applications, methods such as code confusion and the like can be used for preventing cracking; meanwhile, for ease of deployment, the first sandboxed application may be packaged using techniques such as virtualization.

S12, issuing application authorization information for authorizing the first partner to use the first sandboxed application on a first blockchain distributed ledger;

broadcasting the application authorization information to all service nodes joining the first blockchain distributed ledger through a blockchain network.

In a specific implementation, an authorization management module deployed on a business node of the second partner is responsible for publishing information on a first blockchain distributed ledger accessible to both the publisher and the user, the first blockchain distributed ledger being one of a number of blockchain distributed ledgers. For example, the second partner uses the authorization management module to issue application authorization information of the first sandboxed application on the first blockchain distributed ledger, wherein the application authorization information comprises identity information of the first partner, identity information of the second partner, and unique identification code, authorization time limit, upper limit value of number of instances and freezing state of the first sandboxed application. The authorization time limit is used for identifying the validity period of the authorization; the upper limit value of the number of the instances is used for identifying the maximum number of the instances started by the sandboxed application; the frozen state is used for identifying that all instances of the first sandboxed application authorized for use are forced to be closed when the authorization is in the frozen state. In this embodiment, the application authorization information issued here should not contain confidential and private information so that all partners maintaining the blockchain distributed ledger can query this information. Wherein the identity of the publisher may be refined to a natural person in the second partner or an account associated therewith as an initiator of the application sharing to be authenticated on the first blockchain distributed ledger. In this embodiment, there may be other compliance configurations of related applications, which may be implemented in the authorization management module, and they are not described in detail herein. Then, through blockchain broadcasting, all service nodes joining the first blockchain distributed ledger can query the registered application authorization information of the first sandboxed application, and all the first sandboxed applications deployed on the service nodes can use the application authorization information to identify the validity of the first sandboxed application.

S13, acquiring the application authorization information, and performing mixed encryption with the current timestamp to generate a sandbox token;

in a specific implementation, a password generation module deployed on a second partner service node periodically acquires application authorization information of a first sandbox application through an authorization management module, encrypts the application authorization information and a current timestamp through the first application private key, and generates the sandbox token; the sandbox token comprises a unique identification code and user information of the first sandbox application, a generation date and a validity period of the sandbox token and the like. In this embodiment, authentication information of other related applications may be implemented in the password generation module, which is not described in detail herein.

And S14, storing the generated sandbox token into a service node of the first partner through the blockchain network, and authorizing the first partner to have unique access rights to the sandbox token.

In a specific implementation, the password generating module deployed on the second partner service node stores the generated sandbox token into the private data of the service node of the first partner through the blockchain network, and in this embodiment, the content of the sandbox token is not stored on the blockchain ledger, and other partners except the first partner of the user cannot obtain the sandbox token data.

S15, installing the first sandbox application on a service node of the first partner to acquire the sandbox token;

in a specific implementation, installing the first sandbox application at a service node of the first partner, and acquiring the sandbox token includes:

the first partner deploys the generated first sandbox application on the service node of the first partner, opens a node access link, namely a link for accessing the blockchain service node, and a life cycle module in the first sandbox application can call a chain code which is checked by the first partner on the blockchain service node of the first partner through the node access link periodically to acquire the sandbox token.

S16, the first sandbox application decrypts the sandbox token, compares the sandbox token with the application authorization information and the current time stamp, and determines whether the first sandbox application is compliant.

In a specific implementation, the first sandboxed application decrypts the sandboxed token by using a life cycle module, compares the decrypted sandboxed token with the application authorization information and a current timestamp, and determines whether the first sandboxed application is compliant, including:

In this embodiment, there may be other compliance comparison algorithms applied in the lifecycle module, which are not described in detail herein.

According to the blockchain-based application sharing method provided by the embodiment, authorization of a shared application is recorded by a blockchain, authorization data is transmitted through a blockchain network, and particularly when a first partner responds to a use request of a second partner application, the second partner packages a native application to generate a sandbox application; issuing application authorization information for authorizing the first partner to use sandboxed application on a first blockchain distributed ledger, and broadcasting the application authorization information to all business nodes joining the blockchain distributed ledger through a blockchain network; the application authorization information and the current timestamp are subjected to mixed encryption to generate a sandbox token, the generated sandbox token is stored into a service node of the first partner through a blockchain network, and the unique access right of the first partner to the sandbox token is authorized; and then, installing the packed sandbox application on a service node of the first partner, acquiring a sandbox token, decrypting the sandbox token through the sandbox application, comparing the sandbox token with application authorization information and a current time stamp, and determining compliance of the sandbox application. The method uses the audited chain code to execute the authorization and authentication algorithm, and on the basis of ensuring the application permission safety of the application provider in quasi-real time, the data of the application user is not separated from the data warehouse, so that the data safety is improved. Meanwhile, the password generating module and the life cycle module are used for maintaining, and on the basis of protecting the application safety of the provider, the application is deployed to the user and can only carry out network communication through the blockchain codes approved by the partners, so that the exposure of the application to the data of the user is prevented, and the data safety of the user of the application is protected.

According to the above-mentioned application sharing method based on the blockchain, the present invention further provides a file sharing method based on the blockchain, specifically, referring to fig. 3, fig. 3 shows a flowchart of a file sharing method based on the blockchain according to the second embodiment of the present invention.

A blockchain-based file sharing method, comprising:

and S21, responding to a use request of the first partner for the second partner file, and uploading the shared file to a special storage device deployed by the service node by the second partner through a second sandboxed application.

In a specific implementation, when any partner needs to use the files of other partners, for example, a first partner needs to use the files of a second partner, the first partner acts as a file user and the second partner acts as a file publisher. In some embodiments, the dedicated storage device is deployed on a business node of the second partner when the second partner has the capability to develop a file remote access service application and integrate and deploy file storage.

In addition, in other embodiments, given that the technical level of each partner is the same, the specific storage device is deployed on a service node of the authority, where the authority is responsible for setting up a file remote access service application, and packaging the file remote access service application to generate a second sandbox application, where the file sharing sandbox application is defined as a second sandbox application, which is generated for the file sharing of the second partner, and is distinguished from the first sandbox application shared by the application of the above embodiments. Meanwhile, in order to ensure that file contents are not revealed by an authorized authority, a second partner generates a unique file public and private key for each shared file in advance, and encrypts the shared file by using a private key in the file public and private keys. After the second partner uploads the shared file to the authority through the second sandboxed application, the file storage module is responsible for storing the encrypted file content on its dedicated storage device, where the dedicated storage device may be any secure storage device, such as a file storage cabinet, a database, an HDFS, or a shared cloud storage.

Then, referring to the embodiment of application sharing shown in fig. 1, issuing application authorization information on the second blockchain distributed ledger, which authorizes the first partner to use to package the file remote access service application to generate a second sandboxed application, and broadcasting the application authorization information to all service nodes joining the second blockchain distributed ledger through a blockchain network; acquiring the application authorization information, performing mixed encryption with the current timestamp, and generating a sandbox token; storing the generated sandbox token into a service node of the first partner through the blockchain network, and authorizing the first partner to uniquely access the sandbox token; installing the second sandbox application on a service node of the first partner to acquire the sandbox token; and the second sandbox application decrypts the sandbox token, compares the sandbox token with the application authorization information and the current time stamp, and determines whether the second sandbox application is compliant. Through the process, the second sandboxed application is deployed on the service nodes of the first partner and the second partner, so that application sharing is realized. In practical application, the second blockchain distributed ledger is one of a plurality of blockchain distributed ledgers, which is used for publishing, storing and the like of the file sharing related information, and is shown as a first blockchain distributed ledger in an embodiment shared with the application, the second blockchain distributed ledger and the first blockchain distributed ledger can be the same blockchain distributed ledger, or may be different blockchain distributed ledgers, and the embodiment does not limit the disclosure. Meanwhile, the file remote access service application herein may be any secure file transfer protocol, such as SFTP, HTTPS, DOIP, etc.

In some embodiments, while the second partner uploads the shared file to the dedicated storage device deployed by the service node through the second sandboxed application, the file storage module also issues file sharing information on the blockchain distributed ledger accessible to both the issuer and the user through the authorization management module, and broadcasts the file sharing information to all service nodes joining the blockchain distributed ledger through the blockchain network, and all service nodes joining the second blockchain distributed ledger can query the file sharing information. The second sandboxed application deployed on all of these service nodes can use this file sharing information to identify whether the shared file has been tampered with. The file sharing information comprises the identity information of the second partner, and the unique identification code, the file name, the file version number, the file check code and the like of the sandbox application. The file-sharing information should not contain confidential and private information because it is queried by all partners maintaining the second blockchain distributed ledger. The file check code is a check value of the file after uploading encryption, and any check algorithm known to all parties can be used here, such as MD5, SHA1, CRC32, SHA256, CKSUM, etc. In practice, the check value calculated by the second partner should be the same as the check value calculated by the authority, so as to avoid errors in the transmission process.

S22, authorizing the access authority of the second sandboxed application installed on the service node of the first partner to the shared file, and generating file authorization information.

In a specific implementation, the second sandboxed application installed on the service node of the first partner is authorized to access the shared file, file authorization information is generated, the file authorization information can be directly stored in a special storage device of an authorization authority, or the file authorization information is issued on the blockchain distributed ledger through the second partner, and the file authorization information is broadcasted to all service nodes joining the second blockchain distributed ledger through a blockchain network.

Meanwhile, the first partner generates a first partner public-private key special for authorization for the second sandboxed application, wherein the first partner public-private key comprises a corresponding first partner public key and a first partner private key; the first partner publishes the first partner public key to the second blockchain distributed ledger through the second sandboxed application, and the first partner private key is stored by the first partner and cannot be revealed to any other party. The second partner may query, via the second sandboxed application, all sandboxed application authorization information recorded on the second blockchain distributed ledger, such as the second sandboxed application authorization information of the first partner. Meanwhile, the first partner can also be queried to read the public key of the first partner, the public key in the public and private keys of the file is encrypted through the public key of the first partner to generate a file authorization token, and the file authorization token is used as a part of the file authorization information, namely, the second partner shares the shared file to a part of the authorization information of the first partner.

In addition, the shared file may also be authorized for a group member holding a particular token in a sandboxed application. In this embodiment, one partner may also generate multiple key pairs, and the second sandboxed application publishes the public key of the key pair to the second blockchain distributed ledger. It will be appreciated that the public key of the public-private key of the file is encrypted by a different public key to generate a file authorization token, in effect being authorized to the partner holding the particular token.

S23, the first partner downloads the shared file from the special storage device through the second sandboxed application, and authenticates and accesses the shared file according to the file authorization information under the condition that the compliance of the second sandboxed application is verified.

In this embodiment, when the first partner downloads the encrypted shared file from the authority through the second sandboxed application, the authority should verify the compliance of the second sandboxed application through the authorization management module, and the compliance verification method is as shown in the embodiment of application sharing described above, and in the case of verifying the compliance of the second sandboxed application, the first partner reads the file authorization information of the shared file stored in the dedicated storage device of the authority or the second blockchain distributed ledger, and then authenticates the download, and accesses the shared file according to the file authorization information, for example, reads the private key of the first partner by using the file, decrypts the public key of the shared file from the file authorization information, and obtains the original data of the shared file after decrypting the shared file by using the public key.

Preferably, an authority may issue the access and download records of the shared file on the second blockchain distributed ledger for registration for certification.

According to the file sharing method based on the blockchain, when a first partner responds to a using request of a second partner file, the second partner uploads the shared file to a special storage device deployed by a service node through a second sandbox application; simultaneously, authorizing the access authority of a second sandboxed application installed on the service node of the first partner to the shared file, and generating file authorization information; the first partner then downloads the shared file from the dedicated storage device via the second sandboxed application, and authenticates access to the shared file based on the file authorization information if compliance of the second sandboxed application is verified. In this embodiment, the content of the shared file may be stored in any electronic device that may provide storage, i.e. a dedicated storage device, instead of a blockchain, through the file storage module, so there is no limitation on the size of the file, and the reading performance of the file is not limited by the blockchain. The special storage device only needs to be deployed on the authorized organ, thereby reducing the operation pressure of the partner and the possibility of generating unexpected loopholes. Meanwhile, the shared file is accessed through the shared sandboxed application, and the sandboxed application can flexibly register file access information into the blockchain storage certificate, so that the safety, tamper resistance and traceability of the file are ensured.

The above embodiments of the present application may be applied to a terminal device of a blockchain-based application or a file sharing function, where the terminal device may include a personal terminal, an upper computer terminal, and the like, and the embodiments of the present application are not limited thereto. The terminal can support Windows, android (android), IOS, windowsPhone and other operating systems.

Referring to fig. 4, fig. 4 illustrates a blockchain-based application sharing apparatus 400, which may implement the blockchain-based application sharing method illustrated in fig. 2, and the application sharing apparatus 400 provided in the embodiment of the present application may implement each process implemented by the blockchain-based application sharing method, and at least includes a sandbox application generation module 401, an authorization management module 402, a password generation module 403, and a lifecycle module 404.

A blockchain-based application sharing apparatus 400, comprising:

a sandboxed application generation module 401, configured to, in response to a use request of a second partner by a first partner, package a native application into a first sandboxed application by the second partner;

an authorization management module 402, configured to issue, on a first blockchain distributed ledger, application authorization information for authorizing the first partner to use the sandboxed application, and broadcast the application authorization information to all service nodes joining the first blockchain distributed ledger through a blockchain network;

The password generating module 403 is configured to obtain the application authorization information, perform hybrid encryption with a current timestamp, generate a sandbox token, and store the generated sandbox token into a service node of the first partner through the blockchain network;

the authorization management module 402 is configured to authorize a unique access right of the first partner to the sandboxed token;

a life cycle module 404, configured to install the first sandboxed application at a service node of the first partner, and obtain the sandboxed token; and decrypting the sandbox token, comparing the sandbox token with the application authorization information and the current timestamp, and determining whether the first sandbox application is compliant.

Optionally, the sandboxed application generating module 401 is further configured to:

Optionally, randomly generating a unique identification code of the sandboxed application; or, given one of the partners as an authority, assigning a unique identifier code of the whole network as the unique identifier code of the first sandboxed application by the authority.

Optionally, the application authorization information includes identity information of the first partner, identity information of the second partner, and a unique identification code, an authorization time limit, an upper limit value of the number of instances, and a frozen state of the first sandboxed application; the authorization time limit is used for identifying the validity period of the authorization; the instance number upper limit value is used for identifying the maximum instance number of the first sandboxed application starting; the frozen state is used for identifying that all instances of the first sandboxed application authorized for use are forced to be closed when the authorization is in the frozen state.

Optionally, the password generating module 403 is further configured to:

and encrypting the application authorization information and the current timestamp through the first application private key to generate the sandbox token.

Optionally, the life cycle module 404 is further configured to:

Therefore, according to the blockchain-based application sharing apparatus 400 of the embodiment of the present application, the authorization of the shared application is recorded by the blockchain, the authorization data is transmitted through the blockchain network, and maintained by the password generation module and the life cycle module, and on the basis of protecting the application security of the provider, the application is deployed to the user and can only perform network communication through the blockchain code approved by the partner, thereby preventing the application from exposing the data of the user, and protecting the data security of the user of the application.

It should be appreciated that the descriptions of the blockchain-based application sharing method are equally applicable to the blockchain-based application sharing device 400 according to the embodiment of the present application, and will not be described in detail to avoid repetition.

Referring to fig. 5, fig. 5 illustrates a blockchain-based file sharing device 500, and it should be noted that the file sharing device 500 of the present embodiment may implement all functions of the application sharing device 400, and as a further extension of the application sharing device 400, it may implement the blockchain-based file sharing method illustrated in fig. 3 and the blockchain-based application sharing method illustrated in fig. 2, and the file sharing device 500 provided in the embodiment of the present application may implement the blockchain-based file sharing method and the respective processes implemented by the application sharing method. The file sharing apparatus 500 includes at least a generated file storage module 501, an authorization management module 502, and a lifecycle module 503.

A blockchain-based file sharing device 500, comprising at least:

a file storage module 501, configured to, in response to a request for use of a second partner file by a first partner, upload, by the second partner, the shared file to a dedicated storage device deployed by a service node through a second sandboxed application;

An authorization management module 502, configured to authorize access rights of the second sandboxed application installed on a service node of the first partner to the shared file, and generate file authorization information;

a file storage module 501, configured to store the file authorization information in the dedicated storage device;

and a life cycle module 503, configured to download the shared file from the dedicated storage device by the first partner through the second sandboxed application, and authenticate access to the shared file according to the file authorization information if compliance of the second sandboxed application is verified.

It should be noted that the authorization management module and the lifecycle module of the file sharing device 500 in this embodiment are further functional extensions of the corresponding modules of the application sharing device 400.

Optionally, the second partner issues the file authorization information on a second blockchain distributed ledger, and broadcasts the file authorization information to all service nodes joining the second blockchain distributed ledger through a blockchain network; the first partner uses the first partner private key to decrypt the file authorization token in the file authorization information to obtain the public key of the file public private key, and uses the public key of the file public private key to read the original file.

Therefore, according to the blockchain-based file sharing device 500 in the embodiment of the application, the content of the shared file can be stored on any electronic device capable of providing storage, namely, a special storage device, instead of the blockchain, and the special storage device only needs to be deployed on an authorized organ, so that the operation pressure of a partner and the possibility of generating unexpected vulnerabilities are reduced. Meanwhile, the shared file is accessed through the shared sandboxed application, and the sandboxed application can flexibly register file access information into the blockchain storage card, so that the safety, tamper resistance and traceability of the file are ensured.

It should be understood that the descriptions of the above-described blockchain-based application sharing method and the file sharing method are equally applicable to the file sharing apparatus 500 according to the embodiment of the present application, and at the same time, the descriptions of the above-described blockchain-given application sharing apparatus 400 are equally applicable to the file sharing apparatus 500 according to the embodiment of the present application, and will not be described in detail to avoid redundancy.

Further, it should be understood that in the application sharing device 400 and the file sharing device 500 according to the embodiments of the present application, only the above-described division of each functional module is illustrated, and in practical applications, the above-described function allocation may be performed by different functional modules according to needs, that is, the application sharing device 400 and the file sharing device 500 may be divided into different functional modules from the above-described illustrated modules, so as to perform all or part of the above-described functions.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

As shown in fig. 6, an embodiment of the present application further provides an electronic device 600, including a processor 601, a memory 602, and a program or an instruction stored in the memory 602 and capable of running on the processor 601, where the program or the instruction implements the steps of the blockchain-based application sharing method and the file sharing method described above when executed by the processor 601, and achieves the same technical effects.

It should be noted that, the electronic device in the embodiment of the present application may include a mobile electronic device and a non-mobile electronic device.

Fig. 7 is a schematic diagram of a specific hardware structure of an electronic device according to an embodiment of the present application.

Referring to fig. 7, an electronic device 700 includes, but is not limited to: a network module 701, an audio output unit 702, a display unit 703, a user input unit 704, an interface unit 705, a memory 706, a processor 707, and the like.

It should be appreciated that in embodiments of the present application, the electronic device 700 provides wireless broadband internet access to the user via the network module 701, such as helping the user to send and receive e-mail, browse web pages, access streaming media, and the like.

The audio output unit 702 may convert audio data received by the network module 701 or stored in the memory 707 into an audio signal and output as sound. Also, the audio output unit 702 may also provide audio output (e.g., call signal reception sound, message reception sound, etc.) related to a particular function performed by the electronic device 700. The audio output unit 702 includes a speaker, a buzzer, a receiver, and the like.

The display unit 703 is used to display information input by a user or information provided to the user. The display unit 703 may include a display panel 7031, and the display panel 7031 may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 704 may be used to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 704 includes a touch panel 7041 and other input devices 7042. The touch panel 7041, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 7041 or thereabout using any suitable object or accessory such as a finger, stylus, etc.). The touch panel 7041 may include two parts, a touch detection device and a touch controller. Other input devices 7042 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and so forth, which are not described in detail herein. The interface unit 705 is an interface to which an external device is connected to the electronic apparatus 700. For example, the external devices may include a wired or wireless headset port, an external power (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 705 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the electronic apparatus 700 or may be used to transmit data between the electronic apparatus 700 and an external device.

The memory 706 may be used to store software programs as well as various data. The memory 706 may mainly include a storage program area that may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), and a storage data area; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, the memory 706 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The processor 707 is a control center of the electronic device that utilizes various interfaces and wiring to connect various portions of the overall electronic device, performing various functions of the electronic device and processing data by running or executing software programs and/or modules stored in the memory 706, and invoking data stored in the memory 706, thereby performing overall monitoring of the electronic device. The processor 707 can include one or more processing units; preferably, the processor 707 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 707. Those skilled in the art will appreciate that the electronic device 700 may further include a power source (e.g., a battery) for powering the various components, which may be logically connected to the processor 707 by a power management system to perform functions such as managing charging, discharging, and power consumption by the power management system. The electronic device structure shown in fig. 7 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than shown, or may combine certain components, or may be arranged in different components, which are not described in detail herein. In the embodiment of the application, the electronic equipment comprises, but is not limited to, a local terminal, an upper computer terminal and the like.

Specifically, the processor 707 performs at least the steps of:

in response to a request of a first partner for use of a second partner application, the second partner packages a native application to generate a first sandboxed application;

And/or

The embodiment of the application also provides a readable storage medium, wherein the readable storage medium stores a program or an instruction, and the program or the instruction realizes the steps of the application sharing method and the file sharing method when being executed by a processor, and can achieve the same technical effect.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Furthermore, it should be noted that the scope of the methods and apparatus in the embodiments of the present application is not limited to performing the functions in the order shown or discussed, but may also include performing the functions in a substantially simultaneous manner or in an opposite order depending on the functions involved, e.g., the described methods may be performed in an order different from that described, and various steps may also be applied, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a computer software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.

The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.

Claims

1. An application sharing method based on a blockchain comprises a plurality of blockchain distributed account books, wherein each blockchain distributed account book is commonly maintained by at least two partners, each partner provides at least one service node, each service node has the authority of registering information and inquiring information on the blockchain distributed account book maintained by the service node, and the partners at least comprise a first partner and a second partner;

the application sharing method is characterized by comprising the following steps:

2. The application sharing method of claim 1, wherein the second partner packages a native application to generate a first sandboxed application, further comprising:

3. The application sharing method of claim 2, wherein,

randomly generating a unique identification code of the first sandboxed application; or alternatively

4. The application sharing method according to claim 2, wherein the application authorization information includes identity information of the first partner, identity information of a second partner, and a unique identification code, an authorization time limit, an instance number upper limit, a frozen state of the first sandboxed application;

5. The application sharing method according to claim 2, wherein the application authorization information is mixed-encrypted with a current timestamp to generate a sandbox token, comprising:

6. The application sharing method of claim 1, wherein the installing the first sandboxed application at the service node of the first partner, obtaining the sandboxed token, comprises:

7. The application sharing method of claim 4, wherein the first sandboxed application decrypting the sandboxed token, comparing with the application authorization information and a current timestamp, determining whether the first sandboxed application is compliant comprises:

8. A blockchain-based file sharing method, comprising:

9. The method for sharing files as claimed in claim 8, wherein,

when the second partner has the function of developing a file remote access service application, the special storage device is deployed on a service node of the second partner.

10. The file sharing method of claim 8, wherein in response to a request by a first partner for use of a second partner file, the second partner, prior to uploading the native file to a dedicated storage device deployed by the service node via a second sandboxed application, further comprises:

11. The method of claim 10, wherein in response to a request from a first partner to use a second partner file, the second partner, after uploading the shared file to a dedicated storage device deployed by a service node via a second sandboxed application, further comprises:

12. The file sharing method of claim 10, further comprising:

13. The file sharing method of claim 8, further comprising:

14. The method for sharing files of claim 13, wherein,

the file sharing information comprises the identity information of the second partner, and the unique identification code, the file name, the file version number and the file check code of the second sandbox application;

15. The file sharing method of claim 12, further comprising:

16. The file sharing method of claim 8, further comprising:

17. A blockchain-based application sharing apparatus, comprising:

18. The application sharing apparatus of claim 17, wherein the generate sandboxed application module is further configured to:

19. The application sharing apparatus of claim 18 wherein,

randomly generating a unique identification code of the sandboxed application; or alternatively

20. The application sharing apparatus of claim 18, wherein the application authorization information includes identity information of the first partner, identity information of a second partner, and a unique identification code, an authorization time limit, an instance number upper limit, a frozen state of the first sandboxed application;

21. The application sharing apparatus of claim 18, wherein the password generation module is further configured to:

22. The application sharing apparatus of claim 17, wherein the lifecycle module is further configured to:

23. The application sharing apparatus of claim 17, wherein the lifecycle module is further to:

24. A blockchain-based file sharing apparatus, comprising:

25. The file sharing device of claim 24 wherein the file sharing means,

26. The file sharing device of claim 24, wherein in response to a request by a first partner for use of a second partner file, the second partner, prior to uploading the native file to the dedicated storage device deployed by the service node via the second sandboxed application, further comprises:

27. The file sharing device of claim 24, wherein in response to a request by a first partner for use of a second partner file, the second partner, after uploading the shared file to a dedicated storage device deployed by a service node via a second sandboxed application, further comprises:

28. The file sharing device of claim 26 wherein,

29. The file sharing device of claim 24 wherein the file sharing means,

30. The file sharing device of claim 29 wherein the file sharing means,

31. The file sharing device of claim 28 wherein the file sharing means,

32. The file sharing device of claim 24 wherein the file sharing means,