CN117319083A

CN117319083A - Cross-chain sharing method, device, system and equipment for heterogeneous privacy data

Info

Publication number: CN117319083A
Application number: CN202311588183.9A
Authority: CN
Inventors: 王晓燕; 孙福辉; 朱箭飞; 吴斌; 周喆
Original assignee: People's Court Information Technology Service Center
Current assignee: People's Court Information Technology Service Center
Priority date: 2023-11-27
Filing date: 2023-11-27
Publication date: 2023-12-29
Anticipated expiration: 2043-11-27
Also published as: CN117319083B

Abstract

The embodiment of the specification relates to the technical field of blockchains, in particular to a cross-chain sharing method, device, system and equipment of heterogeneous private data. The method comprises the steps that a source chain sends a heterogeneous data acquisition request to a target chain; the method comprises the steps that a data unique identifier in a heterogeneous data acquisition request generated by a target chain generates a corresponding encrypted data acquisition interface and a data extraction code; sending the acquired interface, the decryption key and the data extraction code to a cross-chain bridge; transmitting the data extraction code to a source chain; the source chain generates a data extraction request by taking the data extraction code as a parameter and sends the data extraction request to the cross-chain bridge; the cross-chain bridge sends the obtained interface, the decryption key and the heterogeneous data mapping table between the source chain and the target chain to the source chain; the source chain acquires the encrypted data by using the acquisition interface, and performs format conversion by using the heterogeneous data mapping table after decryption. Through the embodiment of the specification, the problem that the prior art cannot realize cross-chain sharing of heterogeneous privacy data is solved.

Description

Cross-chain sharing method, device, system and equipment for heterogeneous privacy data

Technical Field

The embodiment of the specification relates to the technical field of blockchains, in particular to a cross-chain sharing method, device, system and equipment of heterogeneous private data.

Background

With the development of computer technology, blockchain (Blockchain) technology is applied in various fields. Because the blockchain technology has the characteristics of no dependence on a third party, network data storage, verification, transmission, communication and the like through self distributed nodes, the blockchain technology is a sharable and untampered distributed account book, and transaction record and asset tracking flow in a specific business network can be realized. A blockchain is a data recording system that stores large numbers of data in a fully ordered relationship in a distributed environment. The data and the operations on the data are stored within the block and managed at the granularity of the block.

However, the internal data of each subsystem is sensitive and private data, and if encryption processing is not performed, the data is transmitted across chains, so that privacy leakage is caused, and unnecessary trouble is caused. In addition, the internal data of each subsystem are heterogeneous, the volume of the data is large, the data formats are not uniform, and the cross-chain sharing of heterogeneous privacy data cannot be realized at present.

A method for sharing heterogeneous private data by crossing links is needed at present, so that the problem that the prior art cannot realize the sharing of heterogeneous private data by crossing links is solved.

Disclosure of Invention

In order to solve the problem that the prior art cannot realize cross-link sharing of heterogeneous private data, the embodiment of the specification provides a cross-link sharing method, device, system and equipment of heterogeneous private data, which adopt a data transmission mode of combining the links up and down and generate and send a heterogeneous data mapping table on a cross-link bridge, and after a source link acquires encrypted data of a target link from the link down and decrypts the encrypted data, format conversion is performed on the decrypted data by using the heterogeneous data mapping table generated by the cross-link bridge, so that cross-link sharing of the heterogeneous private data is completed.

In order to solve the above technical problems, the specific technical solutions of the embodiments of the present specification are as follows:

in one aspect, embodiments of the present disclosure provide a method for cross-chain sharing of heterogeneous private data, performed by a cross-chain bridge, the method comprising:

receiving an acquisition interface of encrypted data sent by a target chain, a decryption key of the encrypted data and a data extraction code, wherein the acquisition interface is an acquisition interface of the encrypted data generated by a unique data identifier in a generated heterogeneous data acquisition request after the target chain receives a heterogeneous data acquisition request sent by a source chain and performs first verification, the data extraction code is a data extraction code generated by the target chain and corresponding to the acquisition interface and the decryption key, and the target chain stores a first corresponding relation between the acquisition interface and the unique user identifier in the heterogeneous data acquisition request on the target chain and sends the data extraction code to the source chain;

When a data extraction request sent by the source chain and taking the data extraction code as a parameter is received, carrying out second verification on the data extraction code sent by the source chain by utilizing the data extraction code sent by the target chain, and sending the acquisition interface, the decryption key and a heterogeneous data mapping table between the source chain and the target chain to the source chain under the condition that a second verification result is passed, wherein the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to take the unique user identifier as a parameter, an acquisition request is sent to the target chain through the acquisition interface, after the target chain receives the acquisition request, the stored first corresponding relation is utilized to carry out third verification on the unique user identifier, and after the third verification is passed, the encrypted data is sent to the source chain through the acquisition interface; and the source chain decrypts the received encrypted data by using the decryption key, performs format conversion on the decrypted data by using the heterogeneous data mapping table, and provides the data after format conversion for the user corresponding to the unique user identifier.

Further, in the case that the data extraction code transmitted by the source chain is subjected to the second verification by using the data extraction code transmitted by the target chain, the method further includes:

and generating the heterogeneous data mapping table according to the data semantic features corresponding to the target chain and the semantic features corresponding to the source chain, wherein the heterogeneous data mapping table is further used for describing a second corresponding relation between semantic elements of heterogeneous data on the source chain and the target chain.

Further, after receiving the acquisition interface of the encrypted data, the decryption key of the encrypted data and the data extraction code sent by the target chain, the method further includes:

recording a third corresponding relation between the acquisition interface and the decryption key and the data extraction code;

performing second verification on the data extraction code sent by the source chain by using the data extraction code sent by the target chain further comprises:

searching whether the recorded data extraction code transmitted by the target chain has the same data extraction code as the data extraction code transmitted by the source chain, if so, the result of the second verification is passing;

in the case that the second verification result is passing, the method further includes:

And determining the acquisition interface and the decryption key corresponding to the data extraction code sent by the source chain according to the third corresponding relation.

Based on the same inventive concept, the embodiments of the present disclosure further provide a method for cross-link sharing of heterogeneous private data, which is performed by a target link, the method comprising:

after receiving a heterogeneous data acquisition request sent by a source chain and performing first verification, generating a corresponding encrypted data acquisition interface by using a data unique identifier in the generated heterogeneous data acquisition request;

generating a data extraction code corresponding to a decryption key of the encrypted data;

storing a first correspondence between the acquisition interface and a user unique identifier in the heterogeneous data acquisition request on the target chain;

transmitting the acquired interface, the decryption key and the data extraction code to a cross-chain bridge;

transmitting the data extraction code to the source chain; the source chain is convenient to generate a data extraction request by taking the data extraction code as a parameter and send the data extraction request to the cross-chain bridge, when the cross-chain bridge receives the data extraction request, the data extraction code sent by the target chain is utilized to carry out second verification on the data extraction code in the data extraction request sent by the source chain, and the acquisition interface, the decryption key and the heterogeneous data mapping table between the source chain and the target chain are sent to the source chain when a second verification result is passed; the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to send an acquisition request to the target chain through the acquisition interface by taking the unique user identifier as a parameter;

After the acquisition request is received, carrying out third verification on the unique user identifier by utilizing the stored first corresponding relation, and after the third verification is passed, sending the encrypted data to the source chain through the acquisition interface; the source chain decrypts the received encrypted data by using the decryption key, format-converts the decrypted data by using the heterogeneous data mapping table, and provides the format-converted data for the user corresponding to the unique identifier of the user.

Further, the acquisition interface is an acquisition link address corresponding to the encrypted data;

after receiving the heterogeneous data acquisition request sent by the source chain and performing first verification, the method further comprises:

encrypting the data corresponding to the unique data identifier by using an encryption key corresponding to the decryption key to obtain the encrypted data;

and generating an acquisition link address of the encrypted data according to the unique user identifier, the unique data identifier and the decryption key.

Further, the acquisition request is an access request of the acquisition link address sent by the source chain, and the access request comprises the unique user identifier;

After the third verification is passed, the method further comprises:

establishing a long connection with the source chain;

transmitting the encrypted data to the source chain through the acquisition interface further comprises:

the encrypted data is sent to the source chain over the long connection.

On the other hand, the embodiment of the specification also provides a cross-link sharing device of heterogeneous private data, which comprises,

the target chain data interaction unit is used for receiving an acquisition interface of encrypted data sent by a target chain, a decryption key of the encrypted data and a data extraction code, wherein the acquisition interface is used for generating the corresponding acquisition interface of the encrypted data by a data unique identifier in a generated heterogeneous data acquisition request after the target chain receives a heterogeneous data acquisition request sent by a source chain and performs first verification, the data extraction code is a data extraction code corresponding to the acquisition interface and the decryption key generated by the target chain, and the target chain stores a first corresponding relation between the acquisition interface and a user unique identifier in the heterogeneous data acquisition request on the target chain and sends the data extraction code to the source chain;

The source chain data interaction unit is used for carrying out second verification on the data extraction code sent by the source chain by utilizing the data extraction code sent by the target chain when receiving a data extraction request taking the data extraction code as a parameter sent by the source chain, and sending the acquisition interface, the decryption key and a heterogeneous data mapping table between the source chain and the target chain to the source chain when a second verification result is passed, wherein the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to take the unique user identifier as a parameter, an acquisition request is sent to the target chain through the acquisition interface, after the target chain receives the acquisition request, the stored first corresponding relation is utilized to carry out third verification on the unique user identifier, and after the third verification is passed, the encrypted data is sent to the source chain through the acquisition interface; and the source chain decrypts the received encrypted data by using the decryption key, performs format conversion on the decrypted data by using the heterogeneous data mapping table, and provides the data after format conversion for the user corresponding to the unique user identifier.

Based on the same inventive concept, the embodiment of the present disclosure further provides a cross-link sharing device for heterogeneous private data, including:

the acquisition interface generation unit is used for generating an acquisition interface of corresponding encrypted data by a data unique identifier in the generated heterogeneous data acquisition request after receiving the heterogeneous data acquisition request sent by the source chain and performing first verification;

a data extraction code generation unit for generating a data extraction code corresponding to the acquisition interface and a decryption key of the encrypted data;

the uplink storage unit is used for storing a first corresponding relation between the acquisition interface and a unique user identifier in the heterogeneous data acquisition request on a target chain;

the cross-chain bridge data interaction unit is used for sending the acquisition interface, the decryption key and the data extraction code to the cross-chain bridge;

a data extraction code transmitting unit, configured to transmit the data extraction code to the source chain; the source chain is convenient to generate a data extraction request by taking the data extraction code as a parameter and send the data extraction request to the cross-chain bridge, when the cross-chain bridge receives the data extraction request, the data extraction code sent by the target chain is utilized to carry out second verification on the data extraction code in the data extraction request sent by the source chain, and the acquisition interface, the decryption key and the heterogeneous data mapping table between the source chain and the target chain are sent to the source chain when a second verification result is passed; the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to send an acquisition request to the target chain through the acquisition interface by taking the unique user identifier as a parameter;

The encrypted data sending unit is used for carrying out third verification on the unique user identifier by utilizing the stored first corresponding relation after receiving the acquisition request, and sending the encrypted data to the source chain through the acquisition interface after the third verification is passed; the source chain decrypts the received encrypted data by using the decryption key, format-converts the decrypted data by using the heterogeneous data mapping table, and provides the format-converted data for the user corresponding to the unique identifier of the user.

On the other hand, the embodiment of the specification also provides a cross-link sharing system of heterogeneous private data, which comprises a source link, a cross-link bridge and a target link;

the source chain is used for sending a heterogeneous data acquisition request to the target chain, wherein the heterogeneous data acquisition request comprises a user unique identifier and a data unique identifier;

the target chain is used for generating a corresponding encrypted data acquisition interface by a data unique identifier in the generated heterogeneous data acquisition request after receiving a heterogeneous data acquisition request sent by the source chain and performing first verification; generating a data extraction code corresponding to a decryption key of the encrypted data; storing a first correspondence between the acquisition interface and a user unique identifier in the heterogeneous data acquisition request on the target chain; transmitting the acquired interface, the decryption key and the data extraction code to a cross-chain bridge; transmitting the data extraction code to the source chain;

The cross-link bridge is used for receiving an acquisition interface of encrypted data sent by a target link, a decryption key of the encrypted data and a data extraction code;

the source chain is further used for generating a data extraction request by taking the data extraction code as a parameter and sending the data extraction request to the cross-chain bridge;

the cross-link bridge is further configured to perform a second verification on the data extraction code in the data extraction request sent by the source link by using the data extraction code sent by the target link when the data extraction request sent by the source link uses the data extraction code as a parameter, and send the acquisition interface, the decryption key and a heterogeneous data mapping table between the source link and the target link to the source link if the second verification result is passed, where the heterogeneous data mapping table is used to describe a second correspondence between heterogeneous data on the source link and the target link;

the source chain is further used for sending an acquisition request to the target chain through the acquisition interface by taking the unique user identifier as a parameter;

the target chain is further used for carrying out third verification on the unique user identifier by utilizing the stored first corresponding relation after receiving the acquisition request, and sending the encrypted data to the source chain through the acquisition interface after the third verification is passed;

The source chain is further used for decrypting the received encrypted data by using the decryption key, performing format conversion on the decrypted data by using the heterogeneous data mapping table, and providing the data after format conversion for the user corresponding to the unique identifier of the user.

In another aspect, embodiments of the present disclosure further provide a computer device, including a memory, a processor, and a computer program stored on the memory, where the processor implements the method described above when executing the computer program.

By using the embodiment of the specification, the source chain sends the heterogeneous data request to the target chain, and the target chain responds to the heterogeneous data request, but because the data of the target chain and the data of the source chain are heterogeneous, the target chain in the embodiment of the specification does not directly send the data to the source chain, but generates an acquisition interface corresponding to the encrypted data, provides the acquisition interface and a decryption key of the encrypted data to the cross-chain bridge, simultaneously generates an extraction code of the encrypted data, and sends the extraction code to the source chain and the cross-chain bridge, namely, the cross-chain bridge is responsible for the identity verification work of the source chain, the distribution work of the acquisition interface and the heterogeneous data of the target chain. When the source chain acquires heterogeneous data of the target chain, a data extraction request is generated by taking the data extraction code as a parameter and is sent to the cross-chain bridge, the cross-chain bridge verifies the data extraction code, a corresponding acquisition interface, a decryption key and a heterogeneous data mapping table between the source chain and the target chain are sent to the source chain, the source chain acquires encrypted data from the target chain through the acquisition interface and decrypts the acquired encrypted data to obtain decrypted data, and finally format conversion is carried out on the decrypted data by utilizing the heterogeneous data mapping table sent by the cross-chain bridge, so that cross-chain sharing of the heterogeneous data is completed. Compared with the traditional method that the target chain transmits data to the cross-chain bridge and format conversion is carried out by the cross-chain bridge to adapt to the source chain, the embodiment of the specification adopts the mode of acquiring the interface to enable the target chain to directly transmit encrypted data to the source chain, and the cross-chain bridge only provides the source chain with the heterogeneous data mapping table, so that the cross-chain bridge cannot acquire data stored in the target chain all the time, and even if the cross-chain bridge is attacked maliciously, the data in the target chain cannot be leaked. In addition, the cross-chain bridge is responsible for the authentication work of the source chain, the distribution work of the acquisition interface and the heterogeneous data of the guiding source chain to adapt to the target chain, and the target chain does not need to store heterogeneous data mapping tables corresponding to all the source chains, so that the processing pressure of the target chain can be reduced.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic diagram of an implementation system of a cross-link sharing method of heterogeneous private data according to an embodiment of the present disclosure;

FIG. 2 is a first flowchart of a cross-link sharing method of heterogeneous private data according to an embodiment of the present disclosure;

FIG. 3 is a second flowchart of a cross-link sharing method of heterogeneous private data according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram of a specific verification process of a data extraction code sent by a cross-chain bridge to a source chain in an embodiment of the present disclosure;

FIG. 5 is a schematic flow chart of encrypting data by a target chain and generating an obtained link address according to an embodiment of the present disclosure;

FIG. 6 is a schematic flow chart of a destination chain sending encrypted data to a source chain by acquiring a link address according to an embodiment of the present disclosure;

Fig. 7 is a schematic diagram of a first structure of a cross-link sharing device for heterogeneous private data according to an embodiment of the present disclosure;

fig. 8 is a schematic diagram of a second structure of a cross-link sharing device for heterogeneous private data according to an embodiment of the present disclosure;

FIG. 9 is a data flow diagram of a cross-chain sharing system for heterogeneous private data according to an embodiment of the present disclosure;

fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.

[ reference numerals description ]:

101. a source chain;

102. a cross-chain bridge;

103. a target chain;

701. a target chain data interaction unit;

702. a source chain data interaction unit;

801. an acquisition interface generation unit;

802. a data extraction code generation unit;

803. a ul storage unit;

804. a cross-chain bridge data interaction unit;

805. a data extraction code transmitting unit;

806. an encrypted data transmission unit;

1002. a computer device;

1004. a processing device;

1006. storing the resource;

1008. a driving mechanism;

1010. an input/output module;

1012. an input device;

1014. an output device;

1016. a presentation device;

1018. a graphical user interface;

1020. a network interface;

1022. a communication link;

1024. a communication bus.

Detailed Description

The technical solutions of the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.

It should be noted that the terms "first," "second," and the like in the description and claims herein and in the foregoing figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the present description described herein may be capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or device.

It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.

Fig. 1 is a schematic diagram of an implementation system of a cross-link sharing method of heterogeneous private data according to an embodiment of the present disclosure, which may include: the source chain 101, the cross-chain bridge 102, and the target chain 103 communicate between the source chain 101, the target chain 103, and the cross-chain bridge 102 via a network, which may include a local area network (Local Area Network, abbreviated as LAN), a wide area network (Wide Area Network, abbreviated as WAN), the internet, or a combination thereof, and is connected to a website, user devices (e.g., computing devices), and backend systems. The cross-chain bridge 102 is responsible for authentication work of the source chain 101, distribution work of the acquisition interface, and heterogeneous data guiding the source chain 101 to adapt to the target chain. Where the source chain 101 or the target chain 103 may process traffic through one or more servers on which the data processing system is deployed. Alternatively, the servers may be nodes of a cloud computing system (not shown), or each server may be a separate cloud computing system, including multiple computers interconnected by a network and operating as a distributed processing system. The server may run any suitable computing system that is capable of acting as a node in the blockchain network of the source chain 101 or the target chain 103.

In addition, it should be noted that, fig. 1 is only an application environment provided by the present disclosure, in practical application, other application environments may also be included, for example, cross-link transactions for multiple systems (such as a traffic management system, a vehicle management system, and a traffic police management system) may also be implemented on the source chain 101, the cross-link bridge 102, and the target chain 103 shown in fig. 1, and the multiple source chains 101 may initiate cross-link file acquisition requests to the multiple target chains 103, which is not limited in this specification.

Specifically, the embodiment of the specification provides a cross-link sharing method of heterogeneous private data, which adopts a data transmission mode of combining the uplink and the downlink of a link, and generates and transmits a heterogeneous data mapping table on a cross-link bridge, and after a source link acquires encrypted data of a target link from the downlink and decrypts the encrypted data, format conversion is performed on the decrypted data by using the heterogeneous data mapping table generated by the cross-link bridge, so that cross-link sharing of heterogeneous private data is completed. Fig. 2 is a flowchart of a cross-link sharing method of heterogeneous private data according to an embodiment of the present disclosure. The cross-chain acquisition process of heterogeneous private data is described in this figure, but may include more or fewer operational steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When a system or apparatus product in practice is executed, it may be executed sequentially or in parallel according to the method shown in the embodiments or the drawings. Specifically, as shown in fig. 2, the method may include:

Step 201: an acquisition interface for receiving encrypted data sent by a target chain, a decryption key of the encrypted data and a data extraction code;

in this step, the acquiring interface generates an acquiring interface of corresponding encrypted data for a unique data identifier in the heterogeneous data acquiring request generated after the target chain receives the heterogeneous data acquiring request sent by the source chain and performs a first verification, the data extracting code is a data extracting code corresponding to the acquiring interface and the decryption key generated by the target chain, and the target chain stores a first corresponding relation between the acquiring interface and the unique user identifier in the heterogeneous data acquiring request on the target chain and sends the data extracting code to the source chain;

step 202: when a data extraction request which is sent by the source chain and takes the data extraction code as a parameter is received, carrying out second verification on the data extraction code which is sent by the source chain by utilizing the data extraction code which is sent by the target chain, and sending the acquisition interface, the decryption key and the heterogeneous data mapping table between the source chain and the target chain to the source chain when a second verification result is passed.

In this step, the heterogeneous data mapping table is used to describe a second correspondence between heterogeneous data on the source chain and the target chain; the source chain is convenient to take the unique user identifier as a parameter, an acquisition request is sent to the target chain through the acquisition interface, after the target chain receives the acquisition request, the stored first corresponding relation is utilized to carry out third verification on the unique user identifier, and after the third verification is passed, the encrypted data is sent to the source chain through the acquisition interface; and the source chain decrypts the received encrypted data by using the decryption key, performs format conversion on the decrypted data by using the heterogeneous data mapping table, and provides the data after format conversion for the user corresponding to the unique user identifier.

Correspondingly, the embodiment of the present disclosure further provides a method for cross-link sharing of heterogeneous private data, which is executed by a target link, as shown in fig. 3, and the method includes:

step 301: after receiving a heterogeneous data acquisition request sent by a source chain and performing first verification, generating a corresponding encrypted data acquisition interface by using a data unique identifier in the generated heterogeneous data acquisition request;

Step 302: generating a data extraction code corresponding to a decryption key of the encrypted data;

step 303: storing a first correspondence between the acquisition interface and a user unique identifier in the heterogeneous data acquisition request on the target chain;

step 304: transmitting the acquired interface, the decryption key and the data extraction code to a cross-chain bridge;

step 305: transmitting the data extraction code to the source chain;

the source chain generates a data extraction request by taking the data extraction code as a parameter and sends the data extraction request to the cross-chain bridge, when the cross-chain bridge receives the data extraction request, the data extraction code sent by the target chain is utilized to carry out second verification on the data extraction code in the data extraction request sent by the source chain, and the acquisition interface, the decryption key and a heterogeneous data mapping table between the source chain and the target chain are sent to the source chain when a second verification result is passed; the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to send an acquisition request to the target chain through the acquisition interface by taking the unique user identifier as a parameter;

Step 306: and after the third verification is passed, sending the encrypted data to the source chain through the acquisition interface.

And the source chain decrypts the received encrypted data by using the decryption key, performs format conversion on the decrypted data by using the heterogeneous data mapping table, and provides the data after format conversion for the user corresponding to the unique user identifier.

In this embodiment of the present disclosure, the source chain directly requests to the target chain to acquire heterogeneous data stored on the target chain, where the target chain first verifies whether a user requesting the heterogeneous data on the source chain is legal, for example, the source chain sends a unique user identifier requesting the heterogeneous data from the target chain and a unique data identifier of the request to the target chain, and the target chain determines whether a user corresponding to the unique user identifier has an authority for acquiring data corresponding to the unique data identifier, and if no authority is acquired, the source chain is notified. If the acquisition permission exists, an acquisition interface of the encrypted data corresponding to the unique data identifier is generated, so that the source chain can acquire the encrypted data through the acquisition interface.

However, since the target chain may have multiple source chains to acquire data at the same time, and since the data format stored on the target chain is different from the data format of the source chain, the source chain needs to perform format conversion after acquiring the data of the target chain again, and therefore, in view of the processing efficiency of the source chain and the target chain, the target chain cannot store the data conversion policies corresponding to all the source chains, and the source chain cannot store the data conversion policies corresponding to all the target chains. And the target chain cannot respond to data acquisition requests of all source chains. Therefore, the embodiment of the specification is responsible for all of the authentication work of the source chain, the distribution work of the acquisition interface and the heterogeneous data of the target chain for guiding the source chain to adapt to the target chain by the cross-chain bridge.

In order to ensure that the source chain identity of an acquisition interface for acquiring encrypted data from a cross-chain bridge is legal, a target chain also generates a data extraction code corresponding to the acquisition interface and a decryption key of the encrypted data, the data extraction code is respectively sent to the source chain and the cross-chain bridge, and meanwhile, the acquisition interface and the decryption key of the encrypted data are also sent to the cross-chain bridge.

The source chain then holds the data extraction code and requests the acquisition interface and decryption key from the cross-chain bridge. When the cross-chain bridge receives the data extraction request taking the data extraction code as a parameter from the source chain, the data extraction code transmitted by the source chain is verified by utilizing the data extraction code of the target chain transmission amount, for example, whether the data extraction code and the data extraction code are identical or not is verified, if the data extraction code and the data extraction code are identical, the user for acquiring the acquisition interface and the decryption key from the cross-chain bridge is consistent with the user for requesting the encrypted data from the target chain, and the cross-chain bridge can transmit the acquisition interface and the decryption key corresponding to the data extraction code to the source chain.

Meanwhile, in order that the source chain can convert the encrypted data into a form which can be recognized by the source chain after acquiring the encrypted data through the acquisition interface, the cross-chain bridge also transmits a heterogeneous data mapping table to the source chain, wherein the heterogeneous data mapping table is used for describing the corresponding relation between heterogeneous data on the source chain and heterogeneous data on the target chain, and the source chain can convert the data acquired on the target chain into the form which can be recognized by the source chain by utilizing the heterogeneous data mapping table.

In order to avoid malicious interception during sending the acquisition interface to the source chain by the cross-chain bridge, the interceptor needs to take the unique user identifier as a parameter, send an acquisition request to the target chain by the acquisition interface, verify the unique user identifier in the acquisition request by using the unique user identifier based on which the acquisition interface is generated after the acquisition request is received by the target chain, indicate that the user who initially requests data to the target chain is consistent with the user who calls the acquisition interface request data at this time after verification is passed, and send encrypted data to the source chain by the acquisition interface without forwarding the cross-chain bridge.

After the source link receives the encrypted data sent by the target link through the acquisition interface, the source link decrypts the encrypted data by using a decryption key sent by the previous cross-link bridge, and format conversion is carried out on the decrypted data by using a heterogeneous data mapping table sent by the previous cross-link bridge.

It can be understood that, by the method of the embodiment of the present disclosure, the cross-link bridge is only responsible for the distribution of the obtaining interface of the encrypted data on the target link and the distribution of the heterogeneous data mapping table, but is not responsible for the forwarding of the encrypted data on the target link, and even if the cross-link bridge is attacked maliciously, the cross-link bridge will not cause the leakage of the encrypted data on the target link.

In addition, the source chain also needs to hold the data extraction code sent by the target chain to extract the acquisition interface, the decryption key and the heterogeneous data mapping table from the cross-chain bridge, so that the data such as the acquisition interface generated by the target chain cannot be acquired by other users on the source chain from the cross-chain bridge, and the security of the data such as the acquisition interface is ensured.

Furthermore, although the source chain acquires the acquisition interface of the encrypted data on the target chain, the source chain does not acquire the encrypted data on the target chain at this time, in order to acquire the encrypted data on the target chain, the source chain also needs to send an acquisition request to the target chain through the acquisition interface by taking the unique user identifier, the target chain verifies the unique user identifier in the acquisition request, the encrypted data is sent to the source chain only when verification is passed, namely, the last verification defense line of the encrypted data sent by the target chain is completed by the source chain, and the target chain provides the encrypted data of the source chain only after the last verification defense line is completed, so that the safety of the data on the target chain is greatly improved.

In this embodiment of the present disclosure, the destination chain may generate a hash code according to the unique user identifier, the unique data identifier, the user address, and other data sent by the source chain, and use the generated hash code as the data extraction code. It should be noted that, the data extraction code is used to verify, across the chain bridge, a user of the source chain to which the data on the target chain is acquired, and the embodiment of the present disclosure does not limit a specific generation manner of the data extraction code.

After receiving the data extraction request sent by the source chain, the cross-chain bridge can also perform validity verification on the user address, for example, whether the user address is in a preconfigured legal user address list, and after the validity of the user address and the verification of the data extraction code are passed, an acquisition interface and the like are sent to the source chain.

According to one embodiment of the present disclosure, as shown in fig. 4, a specific verification process of a data extraction code sent by a cross-chain bridge to a source chain may include the following steps:

step 401: recording a third corresponding relation between the acquisition interface and the decryption key and the data extraction code;

step 402: searching whether the recorded data extraction code transmitted by the target chain has the same data extraction code as the data extraction code transmitted by the source chain, if so, the result of the second verification is passing;

step 403: and determining the acquisition interface and the decryption key corresponding to the data extraction code sent by the source chain according to the third corresponding relation.

In this embodiment of the present disclosure, the cross-link bridge may generate a heterogeneous data mapping table between a target link and a source link, and specifically, the cross-link bridge may generate the heterogeneous data mapping table according to a data semantic feature corresponding to the target link and a semantic feature corresponding to the source link, where the heterogeneous data mapping table is further used to describe a second correspondence between semantic elements of heterogeneous data on the source link and the target link.

Illustratively, each chain may provide semantic features of its own stored data to a cross-chain bridge in advance, which builds a heterogeneous data mapping table from the semantic features provided by each chain.

According to an embodiment of the present disclosure, in order to meet a transmission requirement of a large file, the acquiring interface is an acquiring link address corresponding to the encrypted target file.

As shown in fig. 5, after receiving the heterogeneous data acquisition request sent by the source chain and performing the first verification, the method further includes:

step 501: encrypting the data corresponding to the unique data identifier by using an encryption key corresponding to the decryption key to obtain the encrypted data;

step 502: and generating an acquisition link address of the encrypted data according to the unique user identifier, the unique data identifier and the decryption key.

As shown in fig. 6, after the third verification is passed, the method further includes:

step 601: establishing a long connection with the source chain;

step 602: the encrypted data is sent to the source chain over the long connection.

In the embodiment of the present specification, the acquisition link address may be a url address, through which the source link downloads the encrypted target file.

Specifically, the target chain can start an ftp or tftp server, after the first verification is passed, the data corresponding to the unique data identifier can be encrypted by using the encryption key corresponding to the decryption key sent to the source chain to obtain encrypted data, then the acquisition link address of the encrypted data is generated according to the unique user identifier, the unique data identifier and the decryption key, namely the acquisition link address comprises the unique user identifier, the unique data identifier and the decryption key, and the corresponding intelligent contract is written to verify the unique user identifier and the like, so that the acquisition link address is only used for the user corresponding to the unique user identifier to acquire the encrypted data, and other users are invalid when acquiring the data or the user acquires other encrypted data.

After the source chain acquires the acquired link address sent by the cross-chain bridge, the unique user identifier and the unique data identifier are used as parameters, and an access request is generated to access the acquired link address.

After the target chain receives the access request, the pre-written intelligent contract verifies the unique user identifier and the unique data identifier, after the verification is passed, the ftp or tftp server establishes long connection with the source chain, and the encrypted data is sent to the source chain through the long connection.

Compared with the traditional mode of forwarding the encrypted data to the source chain through the cross-chain bridge, even if the encrypted data is large, stable transmission can be ensured, and retransmission from an error position can be realized under the condition of transmission error.

Based on the same inventive concept, the embodiment of the specification also provides a cross-link sharing device of heterogeneous private data, which can be applied to a cross-link bridge. Specifically, as shown in fig. 7, including,

the target chain data interaction unit 701 is configured to receive an acquisition interface of encrypted data sent by a target chain, a decryption key of the encrypted data, and a data extraction code, where the acquisition interface is an acquisition interface of encrypted data generated by a unique data identifier in a generated heterogeneous data acquisition request after the target chain receives a heterogeneous data acquisition request sent by a source chain and performs a first verification, and the data extraction code is a data extraction code generated by the target chain and corresponding to the acquisition interface and the decryption key, and the target chain stores a first correspondence between the acquisition interface and a unique user identifier in the heterogeneous data acquisition request on the target chain and sends the data extraction code to the source chain;

A source chain data interaction unit 702, configured to, when receiving a data extraction request sent by the source chain and having the data extraction code as a parameter, perform a second verification on the data extraction code sent by the source chain by using the data extraction code sent by the target chain, and send the acquisition interface, the decryption key, and a heterogeneous data mapping table between the source chain and the target chain to the source chain if the second verification result is passed, where the heterogeneous data mapping table is used to describe a second correspondence between heterogeneous data on the source chain and the target chain; the source chain is convenient to take the unique user identifier as a parameter, an acquisition request is sent to the target chain through the acquisition interface, after the target chain receives the acquisition request, the stored first corresponding relation is utilized to carry out third verification on the unique user identifier, and after the third verification is passed, the encrypted data is sent to the source chain through the acquisition interface; and the source chain decrypts the received encrypted data by using the decryption key, performs format conversion on the decrypted data by using the heterogeneous data mapping table, and provides the data after format conversion for the user corresponding to the unique user identifier.

Based on the same inventive concept, the embodiment of the present disclosure further provides a cross-link sharing device of heterogeneous private data, which may be applied to a target link, as shown in fig. 8, where the device includes:

an acquisition interface generating unit 801, configured to generate an acquisition interface of corresponding encrypted data according to a unique data identifier in a generated heterogeneous data acquisition request after receiving a heterogeneous data acquisition request sent by a source chain and performing first verification;

a data extraction code generating unit 802, configured to generate a data extraction code corresponding to the acquisition interface and a decryption key of the encrypted data;

a uplink storage unit 803, configured to store a first correspondence between the acquisition interface and a user unique identifier in the heterogeneous data acquisition request on a target chain;

a cross-chain bridge data interaction unit 804, configured to send the acquisition interface, the decryption key, and the data extraction code to a cross-chain bridge;

a data extraction code transmitting unit 805 configured to transmit the data extraction code to the source chain; the source chain is convenient to generate a data extraction request by taking the data extraction code as a parameter and send the data extraction request to the cross-chain bridge, when the cross-chain bridge receives the data extraction request, the data extraction code sent by the target chain is utilized to carry out second verification on the data extraction code in the data extraction request sent by the source chain, and the acquisition interface, the decryption key and the heterogeneous data mapping table between the source chain and the target chain are sent to the source chain when a second verification result is passed; the heterogeneous data mapping table is used for describing a second corresponding relation between heterogeneous data on the source chain and the target chain; the source chain is convenient to send an acquisition request to the target chain through the acquisition interface by taking the unique user identifier as a parameter;

An encrypted data sending unit 806, configured to perform a third verification on the unique identifier of the user by using the stored first correspondence after receiving the acquisition request, and send the encrypted data to the source chain through the acquisition interface after the third verification passes; the source chain decrypts the received encrypted data by using the decryption key, format-converts the decrypted data by using the heterogeneous data mapping table, and provides the format-converted data for the user corresponding to the unique identifier of the user.

Since the principle of the device for solving the problem is similar to that of the method, the implementation of the device can be referred to the implementation of the method, and the repetition is omitted.

Fig. 9 is a data flow diagram of a cross-link sharing system for heterogeneous private data according to an embodiment of the present disclosure, including the following steps:

step 901: the source chain sends a heterogeneous data acquisition request to the target chain;

in this step, the heterogeneous data acquisition request includes a user unique identifier and a data unique identifier.

Step 902: the target chain performs first verification on the heterogeneous data acquisition request;

step 903: the unique data identifier in the heterogeneous data acquisition request generated by the target chain generates a corresponding encrypted data acquisition interface;

Step 904: the target chain generates a data extraction code corresponding to the decryption key of the encrypted data and the acquisition interface;

step 905: the target chain stores a first corresponding relation between the acquisition interface and a unique user identifier in the heterogeneous data acquisition request on the target chain;

step 906: the target chain sends the acquired interface, the decryption key and the data extraction code to the cross-chain bridge;

step 907: the target chain sends the data extraction code to the source chain;

step 908: the source chain generates a data extraction request by taking the data extraction code as a parameter and sends the data extraction request to the cross-chain bridge;

step 909: the cross-chain bridge performs second verification on the data extraction code in the data extraction request sent by the source chain by utilizing the data extraction code sent by the target chain;

in this step, the cross-link bridge may further generate a heterogeneous data mapping table between the target link and the source link, and specifically, the cross-link bridge may generate a heterogeneous data mapping table according to the semantic features of the data corresponding to the target link and the semantic features corresponding to the source link, where the heterogeneous data mapping table is used to describe a correspondence between semantic elements of heterogeneous data on the source link and the target link.

Step 910: the cross-link bridge sends the acquired interface, the decryption key and the heterogeneous data mapping table between the source link and the target link to the source link under the condition that the second verification result is passed;

Step 911: the source chain takes the unique user identifier as a parameter, and sends an acquisition request to the target chain through an acquisition interface;

step 912: the target chain performs third verification on the unique user identifier by using the stored first corresponding relation;

step 913: after the third verification is passed, the target chain sends the encrypted data to the source chain through the acquisition interface;

step 914: the source chain decrypts the received encrypted data by using the decryption key, and format-converts the decrypted data by using the heterogeneous data mapping table.

Fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure, where an apparatus in the embodiment of the present disclosure may be the computer device in the embodiment of the present disclosure, and perform a method of the embodiment of the present disclosure. The computer device 1002 may include one or more processing devices 1004, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 1002 may also include any storage resources 1006 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, storage resources 1006 may include any one or more of the following combinations: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any storage resource may store information using any technology. Further, any storage resource may provide volatile or non-volatile retention of information. Further, any storage resources may represent fixed or removable components of computer device 1002. In one case, when the processing device 1004 executes associated instructions stored in any storage resource or combination of storage resources, the computer device 1002 can perform any of the operations of the associated instructions. The computer device 1002 also includes one or more drive mechanisms 1008, such as a hard disk drive mechanism, an optical disk drive mechanism, and the like, for interacting with any storage resources.

The computer device 1002 may also include an input/output module 1010 (I/O) for receiving various inputs (via input device 1012) and for providing various outputs (via output device 1014). One particular output mechanism may include a presentation device 1016 and an associated Graphical User Interface (GUI) 1018. In other embodiments, input/output module 1010 (I/O), input device 1012, and output device 1014 may not be included as just one computer device in a network. Computer device 1002 may also include one or more network interfaces 1020 for exchanging data with other devices via one or more communication links 1022. One or more communication buses 1024 couple the above-described components together.

The communication link 1022 may be implemented in any manner, for example, through a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. Communication links 1022 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.

Note that when the method described in this embodiment is implemented for the computer device 1002 described in this embodiment by the source chain, the cross-chain bridge, or the on-chain nodes of the target chain, the presentation device 1016 and the associated Graphical User Interface (GUI) 1018, etc. may not be included. Such as a computer minimal system comprising only processor 1004, memory 1006, and network interface 1020.

The present description embodiment also provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described method.

The present description also provides computer-readable instructions, wherein the program therein causes a processor to perform the above-described method when the processor executes the instructions.

It should be understood that, in various embodiments of the present disclosure, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation of the embodiments of the present disclosure.

It should also be understood that, in the embodiments of the present specification, the term "and/or" is merely one association relationship describing the association object, meaning that three relationships may exist. For example, a and/or B may represent: a exists alone, A and B exist together, and B exists alone. In the embodiment of the present specification, the character "/", generally indicates that the front and rear associated objects are in an "or" relationship.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the various illustrative elements and steps have been described above generally in terms of function in order to best explain the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments herein.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided in the specification, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purposes of the embodiments of the present description.

In addition, each functional unit in each embodiment of the present specification may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present specification is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present specification. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The principles and embodiments of the present specification are explained in this specification using specific examples, the above examples being provided only to assist in understanding the method of the present specification and its core ideas; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope based on the ideas of the present specification, the present description should not be construed as limiting the present specification in view of the above.

Claims

1. A method of cross-chain sharing of heterogeneous private data, performed by a cross-chain bridge, the method comprising:

2. The method of claim 1, wherein in the event that the data extraction code transmitted by the source chain is second validated using the data extraction code transmitted by the target chain, the method further comprises:

3. The method of claim 1, wherein after receiving the acquisition interface of the encrypted data, the decryption key of the encrypted data, and the data extraction code sent by the destination chain, the method further comprises:

4. A method of cross-chain sharing of heterogeneous private data, performed by a target chain, the method comprising:

5. The method of claim 4, wherein the acquisition interface is an acquisition link address corresponding to the encrypted data;

6. The method of claim 5, wherein the get request is an access request for the get link address sent by the source chain, the access request including the unique user identifier;

After the third verification is passed, the method further comprises:

establishing a long connection with the source chain;

the encrypted data is sent to the source chain over the long connection.

7. A cross-chain sharing apparatus for heterogeneous private data, comprising:

8. A cross-chain sharing apparatus for heterogeneous private data, comprising:

9. A cross-link sharing system of heterogeneous private data, wherein the system comprises a source link, a cross-link bridge and a target link;

10. A computer device comprising a memory, a processor, and a computer program stored on the memory, characterized in that the processor, when executing the computer program, implements the method of any of claims 1-6.