CN118246917A - Block chain-based data sharing method and device - Google Patents
Block chain-based data sharing method and device Download PDFInfo
- Publication number
- CN118246917A CN118246917A CN202410357518.4A CN202410357518A CN118246917A CN 118246917 A CN118246917 A CN 118246917A CN 202410357518 A CN202410357518 A CN 202410357518A CN 118246917 A CN118246917 A CN 118246917A
- Authority
- CN
- China
- Prior art keywords
- data
- information
- shared
- service chain
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 230000005540 biological transmission Effects 0.000 claims abstract description 46
- 238000013500 data storage Methods 0.000 claims abstract description 46
- 238000005516 engineering process Methods 0.000 claims abstract description 30
- 238000012795 verification Methods 0.000 claims description 89
- 238000013507 mapping Methods 0.000 claims description 67
- 238000012545 processing Methods 0.000 claims description 38
- 238000003860 storage Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 20
- 238000012384 transportation and delivery Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 description 62
- 230000008520 organization Effects 0.000 description 23
- 230000008569 process Effects 0.000 description 23
- 230000003993 interaction Effects 0.000 description 18
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 230000000694 effects Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000002688 persistence Effects 0.000 description 4
- 230000007474 system interaction Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002243 precursor Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application provides a data sharing method and device based on a blockchain, which can be used in the technical field of blockchains or the financial field. The method comprises the following steps: encrypting the shared data by using the encryption key to generate encrypted data; sending the encrypted data to a data storage system, wherein the data storage system stores the encrypted data; transmitting the data catalogue of the shared data to a service chain for certification; and according to a data sharing request of a data receiver, using an careless transmission technology to share decryption information of the shared data to the data receiver through the service chain, wherein the data receiver is used for acquiring the encrypted data in a data storage system according to a data directory stored on the service chain, and decrypting the encrypted data by using the decryption information to obtain the shared data. The data sharing method and device based on the blockchain can protect privacy of a receiver on the basis of tracing the whole flow of data circulation.
Description
Technical Field
The application relates to the technical field of blockchains, in particular to a data sharing method and device based on blockchains.
Background
The blockchain network is a solution for realizing peer-to-peer communication by using a P2P communication technology, realizing billing legality by using a consensus mechanism and jointly billing by using a chained structure to store data. When the data sharing scene based on the blockchain falls to the ground, the business system deploys business intelligent contracts written based on business rules to each blockchain node in the blockchain business chain system, and after a business system transaction request is received, each blockchain link point carries out transaction consensus, transaction execution and data persistence, namely transaction records and results are stored on the chain, account book data of the participants are disclosed on the chain, and meanwhile, in order to protect data privacy protection requirements among the participants, source data security can be ensured through a mode of hashing the data to be uplink.
The data sharing solution based on the blockchain can solve the trust problem between a data sender and a receiver by using a sharing flow and a data hash uplink, but the risk of data leakage is also brought to the interactive flow and the data hash uplink, for example, a sender A mechanism shares the same data for a receiver B mechanism and a receiver C mechanism in sequence, in the two sharing flows, the A mechanism can store the hash information of the data on the link to mark the current data sharing record, the B mechanism and the C mechanism can find that the data hash records in the two transactions are the same through the link account book tracing, other mechanisms can also apply for obtaining the same data, and the consequences of service management risk are possibly caused by the information leakage of the data sharing record.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the application provides a data sharing method and device based on a block chain, which can at least partially solve the problems in the prior art.
In a first aspect, the present application provides a data sharing method based on a blockchain, including:
Encrypting the shared data by using the encryption key to generate encrypted data;
Transmitting the encrypted data to a data storage system, wherein the data storage system stores the encrypted data;
Transmitting the data catalogue of the shared data to a service chain for certification;
And according to a data sharing request of a data receiver, using an careless transmission technology to share decryption information of the shared data to the data receiver through the service chain, wherein the data receiver is used for acquiring the encrypted data in a data storage system according to a data catalog stored on the service chain, and decrypting the encrypted data by using the decryption information to obtain the shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the sharing decryption information of the shared data to the data receiver through the service chain according to the data sharing request of the data receiver by using an unintentional transmission technology includes:
Acquiring inadvertently transmitted key information of a data receiver stored on the service chain according to a data sharing request of the data receiver;
processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encryption information;
and sharing the encryption information to the data receiver through the service chain.
In some embodiments, the obtaining, according to the data sharing request of the data receiver, the inadvertently transmitted key information that the data receiver has demonstrated on the service chain includes:
Verifying authority of a data receiver according to a data sharing request of the data receiver to generate verification result information, wherein the data receiver is used for generating inadvertently-transmitted key information when verification passing information is included in the verification result information, and sending the inadvertently-transmitted key information to the service chain for verification;
And acquiring the inadvertently transmitted key information on the service chain.
In some embodiments, when the verification result information includes verification passing information, the data receiving side generates inadvertently transmitted key information, including:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, the processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encrypted information includes:
acquiring first encryption information on the service chain;
Decrypting the first encrypted information by using the private key of the data provider to obtain a mapping relation group;
Decrypting the inadvertently transmitted key information by using the private key of the data provider and the mapping relation group to obtain a delivery key of the shared data;
and encrypting the decryption key of the shared data in the data storage system by using the delivery key to obtain encryption information.
In a second aspect, the present application provides a data sharing method based on a blockchain, including:
obtaining decryption information of shared data shared by a data sender through a service chain by using an unintentional transmission technology;
Acquiring a data catalog of the shared data on a service chain;
Acquiring encrypted data of the shared data from a data storage system according to the data directory;
And decrypting the encrypted data by using the decryption information to obtain shared data.
In some embodiments, the method further comprises:
Transmitting a data sharing request to a data transmitting party through a service chain, wherein the data transmitting party is used for verifying the authority of a data receiving party transmitting the data sharing request to generate verification result information;
Acquiring verification result information sent by a data sender through a service chain;
generating inadvertently transmitted key information when verification passing information is included in the verification result information;
And sending the inadvertently transmitted key information to the service chain for certification.
In some embodiments, when the verification result information includes verification passing information, generating the inadvertently transmitted key information includes:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, decrypting the encrypted data using the decryption information to obtain shared data includes:
Decrypting the decryption information by using the second random number to obtain a decryption key of the shared data to be acquired;
And decrypting the encrypted data by using the decryption key to obtain shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the data directory includes a data hash value; after decrypting the encrypted data using the decryption information to obtain shared data, the method further comprises:
calculating the hash value of the shared data obtained by decryption;
performing consistency check on the calculated hash value and the hash value of the shared data to be acquired;
if the consistency check is passed, the successful data sharing is determined.
In a third aspect, the present application provides a blockchain-based data sharing apparatus, including:
the encryption module is used for encrypting the shared data by utilizing the encryption key to generate encrypted data;
the first sending module is used for sending the encrypted data to a data storage system, and the data storage system stores the encrypted data;
the second sending module is used for sending the data catalogue of the shared data to a service chain for certification;
And the sharing module is used for sharing the decryption information of the shared data to the data receiver through the service chain by using an careless transmission technology according to the data sharing request of the data receiver, wherein the data receiver is used for acquiring the encrypted data in the data storage system according to the data catalog stored on the service chain and decrypting the encrypted data by using the decryption information to obtain the shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the sharing module is specifically configured to:
Acquiring inadvertently transmitted key information of a data receiver stored on the service chain according to a data sharing request of the data receiver;
processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encryption information;
and sharing the encryption information to the data receiver through the service chain.
In some embodiments, the obtaining, according to the data sharing request of the data receiver, the inadvertently transmitted key information that the data receiver has demonstrated on the service chain includes:
Verifying authority of a data receiver according to a data sharing request of the data receiver to generate verification result information, wherein the data receiver is used for generating inadvertently-transmitted key information when verification passing information is included in the verification result information, and sending the inadvertently-transmitted key information to the service chain for verification;
And acquiring the inadvertently transmitted key information on the service chain.
In some embodiments, when the verification result information includes verification passing information, the data receiving side generates inadvertently transmitted key information, including:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, the sharing module processes the decryption key of the shared data according to the inadvertently transmitted key information to generate encrypted information, including:
acquiring first encryption information on the service chain;
Decrypting the first encrypted information by using the private key of the data provider to obtain a mapping relation group;
Decrypting the inadvertently transmitted key information by using the private key of the data provider and the mapping relation group to obtain a delivery key of the shared data;
and encrypting the decryption key of the shared data in the data storage system by using the delivery key to obtain encryption information.
In a fourth aspect, the present application provides a blockchain-based data sharing device, including:
the first acquisition module is used for acquiring decryption information of shared data shared by a data sender through a service chain by using an unintentional transmission technology;
the second acquisition module is used for acquiring the data catalogue of the shared data on a service chain;
a third acquisition module for acquiring the encrypted data of the shared data from the data storage system according to the data directory;
and the decryption module is used for decrypting the encrypted data by utilizing the decryption information to obtain shared data.
In some embodiments, the apparatus further comprises:
the first sending module is used for sending a data sharing request to a data sender through a service chain, wherein the data sender is used for verifying the authority of a data receiver sending the data sharing request and generating verification result information;
A fourth acquisition module for acquiring verification result information sent by the data sender through the service chain;
the generation module is used for generating inadvertently-transmitted key information when the verification result information comprises verification passing information;
and the second sending module is used for sending the inadvertently transmitted key information to the service chain for certification.
In some embodiments, the generating module is specifically configured to:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, the decryption module is specifically configured to:
Decrypting the decryption information by using the second random number to obtain a decryption key of the shared data to be acquired;
And decrypting the encrypted data by using the decryption key to obtain shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the data directory includes a data hash value; the apparatus further comprises:
the calculating module is used for calculating the hash value of the shared data obtained by decryption;
The verification module is used for carrying out consistency verification on the calculated hash value and the hash value of the shared data to be acquired;
and the determining module is used for determining that the data sharing is successful at the present time if the consistency check is passed.
The embodiment of the application also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the block chain-based data sharing method in any embodiment when executing the program.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the blockchain-based data sharing method of any of the above embodiments.
Embodiments of the present application also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments.
According to the data sharing method and device based on the blockchain, a data sender mechanism and a data receiver mechanism which participate in the data sharing alliance form a service alliance chain, when the data sender and the data receiver need to share information, all data catalogues representing the sharing range can be firstly disclosed on the chain by the data sender, decryption information of the shared data is shared to the data receiver through the service chain by using an unintentional transmission technology, and therefore blind processing can be carried out on data transmission records in the process of storing on the data circulation chain by combining an unintentional transmission technology concept in the data sharing process, and further, the effect that specific data received by the data receiver cannot be retrieved and traced by other receiver mechanisms is achieved, and the privacy of the receiver is protected on the basis of tracing the data circulation whole-flow storage.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
fig. 1 is a schematic structural diagram of a blockchain certification data privacy protection system according to an embodiment of the present application.
FIG. 2 is a block chain node according to one embodiment of the present application.
Fig. 3 is a schematic structural diagram of a service system according to an embodiment of the present application.
FIG. 4 is a flowchart illustrating a block chain based data sharing method according to an embodiment of the present application.
FIG. 5 is a partial flow chart of a block chain based data sharing method according to an embodiment of the present application.
FIG. 6 is a partial flow chart of a block chain based data sharing method according to an embodiment of the application.
FIG. 7 is a partial flow chart of a block chain based data sharing method according to an embodiment of the application.
FIG. 8 is a partial flow chart of a block chain based data sharing method according to an embodiment of the present application.
FIG. 9 is a flowchart illustrating a block chain based data sharing method according to an embodiment of the present application.
FIG. 10 is a partial flow chart of a block chain based data sharing method according to an embodiment of the present application.
FIG. 11 is a partial flow chart of a block chain based data sharing method according to an embodiment of the application.
FIG. 12 is a partial flow chart of a block chain based data sharing method according to an embodiment of the present application.
FIG. 13 is a flowchart illustrating a block chain based data sharing method according to an embodiment of the present application.
FIG. 14 is a block chain based data sharing device according to an embodiment of the present application.
FIG. 15 is a block chain based data sharing device according to an embodiment of the present application.
Fig. 16 is a schematic physical structure of an electronic device according to an embodiment of the application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present application and their descriptions herein are for the purpose of explaining the present application, but are not to be construed as limiting the application. It should be noted that, without conflict, the embodiments of the present application and features in the embodiments may be arbitrarily ordered with respect to each other.
The terms "first," "second," … …, and the like, as used herein, do not denote a particular order or sequence, nor are they intended to be limiting of the application, but rather are merely used to distinguish one element or operation from another in the same technical terms.
As used herein, the terms "comprising," "including," "having," "containing," and the like are intended to be inclusive and mean an inclusion, but not limited to.
As used herein, "and/or" includes any or all ordering of such things.
For a better understanding of the present application, technical terms related to the present application will be explained in detail.
Alliance chain: and constructing a block chain alliance network according to the service requirement, extracting the service rule as a service intelligent contract, and deploying the service intelligent contract to the block chain alliance network to endorse specific service data.
And (3) evidence storage: based on the cryptography characteristic of the blockchain, the common accounting solution of the chain structure for storing data in time sequence is utilized to ensure that the information and the data recorded on the chain are traceable and cannot be tampered.
Inadvertent transmission: the method is a cryptography technology, and a receiver can obtain information of the sender carelessly so as to achieve the purpose of protecting privacy of the sender and the receiver.
In some embodiments, the blockchain-based data sharing method provided by the application is implemented based on the following federated chain system.
The application provides a block chain certificate data privacy protection system, which comprises a service alliance chain constructed by a data sender mechanism and a data receiver mechanism participating in a data sharing alliance, wherein each mechanism registers and generates a public and private key pair representing the identity of the mechanism, the public key pair and the mechanism information are disclosed in the alliance, when the data sender and the receiver need to share information, the data sender can firstly disclose all data catalogues in a sharing range on the chain, the data receiver generates a corresponding mapping relation according to an information retrieval sequence number on the catalogue, and directionally encrypts and discloses the mapping relation on the chain, and when actual key data information is transmitted, corresponding data interaction is carried out by using an careless transmission technology, so that the privacy protection effect of specific data information acquired by the receiver on other alliance mechanisms on the chain is achieved. As shown in fig. 1, the blockchain certification data privacy protection system includes a service chain 1, a blockchain node 2, a service system 3, and a data storage system 4.
The service chain 1 is formed by constructing a data sender and a data receiver mechanism according to data sharing demands, the chain comprises a plurality of block chain nodes 2, all the block chain nodes belong to member nodes of the service chain, the total number of the block chain nodes in the service chain is 3f+1, f represents the number of supportable fault-tolerant nodes, the minimum value is 1, requests and service requests are commonly identified by adopting pbft Bayesian fault-tolerant algorithm, one common identification request must receive at least 2f+1 identical confirmation messages from other verification nodes at each verification node in the service chain, the transaction can be completed, the common identification of the current stage is completed, the service request is executed, the execution result can be used as legal data to generate a new block and persistence, all the member nodes commonly account for having the same account copy of the data, and the specific transaction request information and the interaction information of the data sender and the receiver are included.
The blockchain node 2 is used for processing data sharing requests by on-chain senders and receivers, including that the data senders and receivers will upload public key information representing their identities, and that the data senders and the data receivers will upload information related to data sharing processes and data sharing privacy protection processing. The transaction of the account book writing operation on the chain needs to be subjected to the consensus transaction of the consensus nodes on the service chain 1, each blockchain node 2 can complete the consensus after receiving the coincidence confirmation messages of 2f+1 other blockchain nodes 2 in the consensus process, generates new blockdata according to the data processed by logic in the contract, and triggers the related service flow after the contract is executed; the query class read operation transaction directly acquires corresponding world state data from the corresponding blockchain node without consensus.
The service system 3 is a service operation contact transaction system facing to users, and completes data sharing service logic processing including identity private key uplink, data catalog generation, data encryption storage, data acquisition information interaction and the like through integrating a password security component and an on-chain interaction component which are transmitted carelessly.
The data storage system 4 is a shared data storage medium facing the data provider and the data receiver, the data sender encrypts and stores sharable data on the data storage system, and a data directory sharing certificate composed of information such as a data acquisition address, a data Hash fingerprint, a data description and the like is on a chain, after the data receiver applies for sharing and obtains authorization, the data receiver shares file decryption information to the data receiver through an inadvertent transmission encryption mode, and the data receiver acquires an encrypted file from the data storage system according to the address on the chain, the Hash and the obtained decryption information, decrypts the encrypted file into a plaintext file, and performs verification and verification with the Hash on the chain.
Fig. 2 is a schematic block chain node 2, which includes a transaction request access device 11, a transaction consensus and execution device 12.
The transaction request access device 11 is responsible for connection authentication and establishment with the blockchain node 2 of other alliance participating institutions on the service chain 1 and the service system 3 in the institution, and performs corresponding transaction request access processing, and specifically comprises an initialization module 111 and a transaction access module 112.
The initialization module 111 is responsible for storing and verifying the identity certificate of the blockchain node 2, and initiating and receiving the inter-node connection request. The certificate refers to a trusted node identity certificate issued when the service chain 1 and the service system 3 perform system initialization, the security verification of the connection between the chain nodes is ensured, the certificate generates a public key and private key cipher pair by an elliptic curve encryption algorithm, and the public key is broadcast to all block chain nodes on the chain and the identity verification authentication of the user node of the service system of the organization.
The transaction access module 112 is responsible for receiving a blockchain service transaction request initiated by the service system 3, performing access authority verification and transaction signature verification, wherein the transaction signature is verified by using identity public key information registered on a chain by an organization, and after verification, the transaction request is routed to the transaction routing and executing device 12, corresponding data circulation intelligent contracts are executed, and transaction consensus and account data persistence are completed.
The transaction consensus and execution device 12 is responsible for verifying the validity of the smart contract transaction request parameters, executing the smart contract transaction consensus and writing the transaction execution result into the world state and the block account book, and comprises a transaction consensus module 121 and a transaction execution module 122.
The transaction consensus module 121 is responsible for performing point-to-point consensus information interaction with all the blockchain nodes 2 in the service chain 1, and completing a core module of transaction consensus, and performs consensus on a transaction result, specifically, a three-stage consensus process of a bayer consensus, wherein the first stage is a pre-preparation consensus, the second stage is a preparation consensus, the third stage is a commit consensus, the three stages are sequentially executed, the consensus of the current stage is completed after the current stage receives the consensus acknowledgement messages of at least 2f+1 other transaction consensus nodes in an accumulated manner, and the next stage is entered, and the consensus of the three stages is completely completed to represent that the requested transaction is legal, so that the transaction execution module 122 can be entered.
The transaction execution module 122 is responsible for completing intelligent contract request execution and ledger persistence, storing successful transaction information, transaction result information and block consensus SeqNo completed by the transaction consensus module 121 into a block, recording a transaction log, sending a block execution success event, performing strong consistency check (block height, precursor and current Hash) of the block chain node 2, and finally updating world state information, wherein the stored information is transaction information sent by a business organization and signature information of the transaction information.
Fig. 3 is a schematic diagram of the architecture of the business system 3, comprising system initialisation means 21, data processing means 22 and on-chain interaction means 23.
The system initializing device 21 refers to that the service system performs module starting and parameter loading, and public and private key information representing the identity of the current alliance organization needs to be generated or read when the service system is started and activated for the first time. The organization information, the roles of the organization in the federation, and the public key information of the organization are together authenticated by the in-chain interaction device 24.
The data processing device 22 refers to a service system, according to the role of its mechanism in data sharing circulation, and according to user trigger, performs related data sharing circulation processing as a data sender or a data receiver, including shared data copy generation and encryption storage, data catalog generation, on-link interactive information encryption and decryption processing, data verification, and the like, so as to facilitate a trusted closed loop for performing data circulation on the premise of protecting the privacy of the receiver. The method specifically comprises the following steps:
A data copy generation module 221, a data catalog generation module 222, a catalog mapping processing module 223, a cryptography processing module 224, a storage system interaction module 225, and a data authentication processing module 226.
The data copy generation module 221 is used as an organization of the data sender to package the sharable data copy according to the agreement achieved by each alliance cooperative organization on the service chain 1, and includes extracting the fingerprint hash of the shared data, encrypting the shared data, uploading the encrypted shared data to the data storage system 4 through the storage system interaction module 225, and storing the decryption key of the data copy and the access address of the data copy on the data storage system 4 in the data processing device 22 locally.
The data catalog generation module 222 is a catalog index generated by an organization acting as a data sender to generate all data which can be shared to other organizations of data receivers on the service chain 1, wherein catalog index information comprises data resource description, fingerprint hash of the data and access address of the data in a storage system, and catalog information is stored in a linking and interaction device 23 in a linking and interaction mode and is disclosed to all other alliance participating organizations on the service chain 1.
The catalog mapping processing module 223 is an input source for performing unintentional transmission confusion when the organization serving as the data receiving side applies for data sharing to the organization of the data sending side, the data receiving side organization generates a random number corresponding to the number of data indexes in the data catalog published by the data sending side organization, and the association relationship between the random number and the description information of the data source is encrypted by the identity public key disclosed on the chain by the corresponding data sending side organization, and then the chain is used for uploading and storing the certificate through the on-chain interaction device 23. When the data sharing is processed, the data sender mechanism firstly acquires the mapping directory association relation data of the data receiver mechanism applying for the data from the chain, and uses the data sender mechanism to decrypt the data by using the own identity private key to be used as an input source for careless transmission confusion. To ensure security, the data receiver may update its mapped random value periodically.
The cryptography processing module 224 is an unintentional transmission process performed when data sharing and circulation is performed between the data sender and the data receiver, and the interaction flow is mainly described as follows:
1) Random array generation: the data receiving side mechanism obtains the data catalogue disclosed by the data sending side mechanism on the chain from the service chain 1, selects the data which is expected to be obtained according to the data source information disclosed in the data catalogue, and generates a random array (m 0,m1,m2......mn) for the data which is encrypted by means of careless transmission.
2) Random array uplink: the identity public key pair (e, n) of the data sender mechanism is obtained on the chain, after the mapping relation group M{[m0,D0],[m1,D1],[m2,D2]......[mn,Dn]} of the data directory and the random number is encrypted, the encrypted message M 'is stored on the service chain 1 through the on-chain interaction device 23, wherein M' =m e (mod n).
3) Random number selection processing: the data receiving side mechanism selects the shared data resource which needs to be applied for, selects a random number such as m 0 corresponding to the data resource, generates a random number r of the data sharing interaction, adds the selected random number m 0, combines the identity public key pair (e, n) of the data sending side mechanism, generates a new key value V=m 0+re (mod n), and provides V to the data sending side mechanism through the on-link sharing mode.
4) Transmission key generation: the data sender mechanism obtains a random array from the chain according to the transmission key value V of the receiver mechanism, and decrypts the V by using the private key (d, N) of the data sender mechanism and the random array on the chain to obtain N keys k 0,k1,k2....kn of the data to be delivered:
k0=(V-m0)d modn=(m0+remodn-m0)d modn=r
k1=(V-m1)d modn=(m0+remodn-m1)d modn
...
kn=(V-mn)d modn=(m0+remodn-mn)d modn
5) Message encryption: the data sender mechanism encrypts the decryption key { key 0......keyn } on the data storage system 4 for the shared data { D 0......Dn } with the derived delivery data key { k 0......kn } to obtain the transmitted encrypted information { Mkey 0......Mkeyn }:
...
6) Decrypting the message: after the data receiving mechanism obtains the transmitted encrypted information { Mkey 0......Mkeyn }, the data receiving mechanism can decrypt the transmitted encrypted information { Mkey 0......Mkeyn } by using the random number r, and obtain a decryption key 0 of the random number m 0 corresponding to the data resource D 0. And according to the data catalog information obtained from the chain, a corresponding encrypted data copy is obtained from the data storage system 4, and after decryption by a decryption key, the data copy is obtained.
The storage system interaction module 225 is a storage medium module for sharing data between the data sender mechanism and the data receiver mechanism, the data sender mechanism encrypts the data copy, stores the data copy in the data storage system 4 through the module, and stores the storage acquisition address on a chain, and the data receiver mechanism acquires the encrypted copy from the data storage system 4 through the module according to the data sharing requirement, and decrypts the encrypted copy to acquire the data.
The data authentication processing module 226 is configured to decrypt the encrypted data copy downloaded from the storage system interaction module 225 by using the data copy decryption key obtained by the data receiver mechanism by using the cryptographic processing module 224, calculate a data fingerprint hash for the decrypted data copy, compare the data fingerprint hash with the data copy hash revealed by the data sender mechanism on the chain, and prove that the data is true and valid if the data fingerprint hash is consistent with the data fingerprint hash.
The on-chain interaction device 24 mainly completes on-chain interaction, serves as a business participant mechanism to send a transaction request and a transaction signature to the blockchain node 2 of the business chain 1, and the blockchain node 2 of the business chain 1 performs legal verification on signature identity information, and the verification is processed by uplink authentication, on-chain information inquiry and the like according to the transaction request.
The execution subject of the blockchain-based data sharing method provided by the application includes, but is not limited to, a computer.
Fig. 4 is a flowchart of a blockchain-based data sharing method according to an embodiment of the present application, as shown in fig. 4, where the blockchain-based data sharing method according to the embodiment of the present application may be applied to a data sender, and the method includes:
s101, encrypting shared data by using an encryption key to generate encrypted data;
S102, sending the encrypted data to a data storage system, wherein the data storage system stores the encrypted data;
S103, sending the data catalogue of the shared data to a service chain for certification;
S104, according to a data sharing request of a data receiver, using an careless transmission technology to share decryption information of the shared data to the data receiver through the service chain, wherein the data receiver is used for acquiring the encrypted data in a data storage system according to a data catalog stored on the service chain, and decrypting the encrypted data by using the decryption information to obtain the shared data.
The application provides a data sharing method based on a blockchain, which is characterized in that a data sender mechanism and a data receiver mechanism participating in a data sharing alliance construct a service alliance chain, when the data sender and the data receiver need to share information, all data catalogues representing the sharing range can be firstly disclosed on the chain by the data sender, and decryption information of shared data is shared to the data receiver by the service chain by using an unintentional transmission technology, so that blind processing can be carried out on data transmission records in the process of storing on a data flow chain by combining the unintentional transmission technology concept in the data sharing process, and further, the specific data received by the data receiver can not be searched and traced by other receiver mechanisms, thereby achieving the effect of protecting the privacy of the receiver on the basis of the whole flow of data flow.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
As shown in fig. 5, in some embodiments, the sharing decryption information of the shared data to the data receiver through the service chain according to the data sharing request of the data receiver by using an unintentional transmission technology includes:
S1041, acquiring inadvertently transmitted key information of a certificate stored on the service chain by a data receiver according to a data sharing request of the data receiver;
S1042, processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encryption information;
s1043, sharing the encryption information to the data receiver through the service chain.
As shown in fig. 6, in some embodiments, the obtaining, according to the data sharing request of the data receiver, the inadvertently transmitted key information that the data receiver has demonstrated on the service chain includes:
s10411, verifying authority of a data receiver according to a data sharing request of the data receiver to generate verification result information, wherein the data receiver is used for generating inadvertently transmitted key information when verification passing information is included in the verification result information, and sending the inadvertently transmitted key information to the service chain for verification;
s10412, acquiring the inadvertently transmitted key information on the service chain.
As shown in fig. 7, in some embodiments, when the verification result information includes verification passing information, the data receiving side generates inadvertently transmitted key information, including:
S2071, when verification passing information is included in the verification result information, generating an inadvertently transmitted encrypted random array according to a data catalog on a service chain, wherein the number of random numbers in the random array is equal to the number of the data catalog;
S2072, establishing a one-to-one mapping relation between a data catalog and random numbers in the random array;
S2073, generating a mapping relation group according to the mapping relation between each data catalog and the random number;
S2074, encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
S2075, the first encryption information is sent to the service chain for certification;
S2076, determining the shared data to be acquired according to the data catalogue on the service chain;
s2077, searching a first random number corresponding to the data catalog of the shared data in the mapping relation group;
S2078, generating a second random number;
S2079, generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
As shown in fig. 8, in some embodiments, the processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encrypted information includes:
s10421, obtaining first encryption information on the service chain;
S10422, decrypting the first encryption information by using the private key of the data provider to obtain a mapping relation group;
s10423, decrypting the inadvertently transmitted key information by using the private key of the data provider and the mapping relation group to obtain a delivery key of the shared data;
S10424, encrypting the decryption key of the shared data in the data storage system by using the delivery key to obtain encryption information.
Fig. 9 is a flowchart of a blockchain-based data sharing method according to an embodiment of the present application, as shown in fig. 9, where the blockchain-based data sharing method according to the embodiment of the present application may be applied to a data receiving party, and the method includes:
S201, obtaining decryption information of shared data shared by a data sender through a service chain by using an unintentional transmission technology;
S202, acquiring a data catalog of the shared data on a service chain;
S203, acquiring encrypted data of the shared data from a data storage system according to the data catalog;
s204, decrypting the encrypted data by using the decryption information to obtain shared data.
The application provides a data sharing method based on a blockchain, which is characterized in that a data sender mechanism and a data receiver mechanism participating in a data sharing alliance construct a service alliance chain, when the data sender and the data receiver need to share information, all data catalogues representing the sharing range can be firstly disclosed on the chain by the data sender, and decryption information of shared data is shared to the data receiver by the service chain by using an unintentional transmission technology, so that blind processing can be carried out on data transmission records in the process of storing on a data flow chain by combining the unintentional transmission technology concept in the data sharing process, and further, the specific data received by the data receiver can not be searched and traced by other receiver mechanisms, thereby achieving the effect of protecting the privacy of the receiver on the basis of the whole flow of data flow.
As shown in fig. 10, in some embodiments, the method further comprises:
s205, sending a data sharing request to a data sender through a service chain, wherein the data sender is used for verifying the authority of a data receiver sending the data sharing request and generating verification result information;
s206, acquiring verification result information sent by a data sender through a service chain;
S207, when verification passing information is included in the verification result information, generating inadvertently-transmitted key information;
S208, sending the inadvertently transmitted key information to the service chain for certification.
As shown in fig. 7, in some embodiments, when the verification result information includes verification passing information, generating the inadvertently transmitted key information includes:
S2071, when verification passing information is included in the verification result information, generating an inadvertently transmitted encrypted random array according to a data catalog on a service chain, wherein the number of random numbers in the random array is equal to the number of the data catalog;
S2072, establishing a one-to-one mapping relation between a data catalog and random numbers in the random array;
S2073, generating a mapping relation group according to the mapping relation between each data catalog and the random number;
S2074, encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
S2075, the first encryption information is sent to the service chain for certification;
S2076, determining the shared data to be acquired according to the data catalogue on the service chain;
s2077, searching a first random number corresponding to the data catalog of the shared data in the mapping relation group;
S2078, generating a second random number;
S2079, generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
As shown in fig. 11, in some embodiments, the decrypting the encrypted data using the decryption information to obtain shared data includes:
S2041, decrypting the decryption information by using the second random number to obtain a decryption key of the shared data to be acquired;
S2042, decrypting the encrypted data by using the decryption key to obtain shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
As shown in fig. 12, in some embodiments, the data directory includes a data hash value; after decrypting the encrypted data using the decryption information to obtain shared data, the method further comprises:
s209, calculating a hash value of the shared data obtained through decryption;
s210, carrying out consistency check on the calculated hash value and the hash value of the shared data to be acquired;
s211, if the consistency check is passed, determining that the data sharing is successful.
For a better understanding of the present application, a detailed description of a blockchain-based data sharing method according to an embodiment of the present application is provided below.
Fig. 13 is an overall flow chart of a data sharing method based on blockchain, as shown in fig. 13, where the method includes:
S301: the service chain 1 is assembled by the data sender and the data receiver which support the data sharing circulation, each party organization and the like are transferred into the alliance through the organization identity verification mode, the admitted service participant organization deploys the blockchain node 2, and the own organization service system 3 is accessed to the blockchain node 2 of the organization. The service chain 1 is initialized and started, the node certificate is exchanged, and the organization information configured by each organization is read.
S302: the service system 3 performs system initialization according to the federation agreement, including generating a public-private key pair representing the current entity identity, and uplink information such as entity identification ID, entity identity public key, entity service role information, and communication address of the data storage system 4 to be docked, etc. to each entity in the federation for disclosure.
S303: the service system 3 of the data sender organization generates sharable data catalog information according to alliance agreement, wherein the data catalog comprises information such as a data storage system communication address, a data resource number, a data resource description, a data hash, a data resource acquisition link and the like, and the data catalog is opened to all alliance organizations on the chain through the certificate on the service chain 1.
S304: the service system 3 of the data receiving party mechanism applies for a sharable data range according to the alliance, generates a corresponding random array for the data interaction flow after obtaining authority approval, encrypts the mapping relation between the random array and the number of the digital resource in the data catalog by using the on-chain identity public key of the data receiving party mechanism, and then uploads the encrypted on-chain memory card, and the data receiving party mechanism with the identity private key decrypts the encrypted on-chain memory card to obtain specific information.
S305: the service system 3 of the data receiving side mechanism selects the data resource to be received, searches the random number corresponding to the number of the data resource, simultaneously regenerates a random number key of the shared interaction, and generates the inadvertently transmitted key information of the time after encryption processing by the identity public key of the data sending side mechanism.
S306: after acquiring the information of the accidental transmission key, the data sender structural service system 3 acquires a random array of the certificate of the data sender mechanism from the chain, acquires a corresponding data resource copy decryption key according to the data resource number in the random array, processes the data copy decryption key by the accidental transmission key generated by the data receiver mechanism respectively, and shares the encrypted information to the data receiver mechanism on the chain.
S307: after the service system 3 of the data receiving party obtains the decryption information, the decryption information is sequentially decrypted by using the self-generated careless transmission key, and the decryption key of the encrypted copy of the data resource corresponding to the data resource number obtained by application is obtained.
S308: the service system 3 of the data receiving party downloads and connects the data resource encrypted copy according to the data resource catalog information provided by the data transmitting party mechanism acquired from the chain, and the fingerprint hash of the data resource copy, acquires the corresponding data resource encrypted copy from the data storage system 4, decrypts the data by using the decryption key, obtains the fingerprint hash of the decrypted data, and performs consistency check with the fingerprint hash registered by the data resource catalog on the chain.
Therefore, the data sharing method based on the blockchain provided by the embodiment can meet the privacy protection requirement of the data receiver on one hand: the decryption information of the delivered data copy is encrypted through an careless transmission technology, the encrypted information is stored in the chain, and other institutions on the chain cannot infer the information received by the data receiver according to records such as data hash verification and the like so as to protect the privacy of the receiver. On the other hand, the whole process traceability of the data process can be ensured: the chain records the encrypted interaction information, but the real credibility of the whole process can be ensured by means of the technical characteristics of multi-party cooperation, traceability, tamper resistance and the like of the block chain through the real identity endorsement of the data provider and the carelessly transmitted processing flow uplink, so that the requirement of post supervision audit can be met.
In general, the embodiment provides a data sharing method based on a blockchain, and by combining an unintentional transmission technology concept in a data sharing process, blind processing can be performed on a data transmission record in a process of storing on a data circulation chain, so that specific data received by a data receiver cannot be retrieved and traced by other receiver institutions, and the effect of protecting privacy of the receiver on the basis of the source tracing of the data circulation whole process storage.
Based on the same inventive concept, the present application also provides a data sharing device based on a blockchain, as shown in fig. 14, where the data sharing device based on a blockchain provided by the embodiment of the present application includes:
An encryption module 41 for encrypting the shared data with an encryption key to generate encrypted data;
A first transmitting module 42, configured to transmit the encrypted data to a data storage system, where the data storage system stores the encrypted data;
a second sending module 43, configured to send the data directory of the shared data to a service chain for certification;
The sharing module 44 is configured to share decryption information of the shared data to the data receiver through the service chain according to a data sharing request of the data receiver by using an unintentional transmission technology, where the data receiver is configured to obtain the encrypted data in the data storage system according to a data directory that is authenticated on the service chain, and decrypt the encrypted data by using the decryption information to obtain the shared data.
The application provides a data sharing device based on a blockchain, which is characterized in that a data sender mechanism and a data receiver mechanism participating in a data sharing alliance construct a service alliance chain, when the data sender and the data receiver need to share information, all data catalogues representing the sharing range can be firstly disclosed on the chain by the data sender, and decryption information of shared data is shared to the data receiver by the service chain by using an unintentional transmission technology, so that blind processing can be carried out on data transmission records in the process of storing on a data flow chain by combining the unintentional transmission technology concept in the data sharing process, and further, the specific data received by the data receiver can not be searched and traced by other receiver mechanisms, thereby achieving the effect of protecting the privacy of the receiver on the basis of the whole flow of data flow.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the sharing module is specifically configured to:
Acquiring inadvertently transmitted key information of a data receiver stored on the service chain according to a data sharing request of the data receiver;
processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encryption information;
and sharing the encryption information to the data receiver through the service chain.
In some embodiments, the obtaining, according to the data sharing request of the data receiver, the inadvertently transmitted key information that the data receiver has demonstrated on the service chain includes:
Verifying authority of a data receiver according to a data sharing request of the data receiver to generate verification result information, wherein the data receiver is used for generating inadvertently-transmitted key information when verification passing information is included in the verification result information, and sending the inadvertently-transmitted key information to the service chain for verification;
And acquiring the inadvertently transmitted key information on the service chain.
In some embodiments, when the verification result information includes verification passing information, the data receiving side generates inadvertently transmitted key information, including:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, the sharing module processes the decryption key of the shared data according to the inadvertently transmitted key information to generate encrypted information, including:
acquiring first encryption information on the service chain;
Decrypting the first encrypted information by using the private key of the data provider to obtain a mapping relation group;
Decrypting the inadvertently transmitted key information by using the private key of the data provider and the mapping relation group to obtain a delivery key of the shared data;
and encrypting the decryption key of the shared data in the data storage system by using the delivery key to obtain encryption information.
Based on the same inventive concept, the present application also provides a data sharing device based on a blockchain, as shown in fig. 15, where the data sharing device based on a blockchain provided by the embodiment of the present application includes:
A first obtaining module 51, configured to obtain decryption information of shared data shared by a data sender through a service chain using an unintentional transmission technology;
a second obtaining module 52, configured to obtain a data directory of the shared data on a service chain;
a third obtaining module 53 that obtains encrypted data of the shared data from the data storage system according to the data directory;
And the decryption module 54 is configured to decrypt the encrypted data by using the decryption information, so as to obtain shared data.
The application provides a data sharing device based on a blockchain, which is characterized in that a data sender mechanism and a data receiver mechanism participating in a data sharing alliance construct a service alliance chain, when the data sender and the data receiver need to share information, all data catalogues representing the sharing range can be firstly disclosed on the chain by the data sender, and decryption information of shared data is shared to the data receiver by the service chain by using an unintentional transmission technology, so that blind processing can be carried out on data transmission records in the process of storing on a data flow chain by combining the unintentional transmission technology concept in the data sharing process, and further, the specific data received by the data receiver can not be searched and traced by other receiver mechanisms, thereby achieving the effect of protecting the privacy of the receiver on the basis of the whole flow of data flow.
In some embodiments, the apparatus further comprises:
the first sending module is used for sending a data sharing request to a data sender through a service chain, wherein the data sender is used for verifying the authority of a data receiver sending the data sharing request and generating verification result information;
A fourth acquisition module for acquiring verification result information sent by the data sender through the service chain;
the generation module is used for generating inadvertently-transmitted key information when the verification result information comprises verification passing information;
and the second sending module is used for sending the inadvertently transmitted key information to the service chain for certification.
In some embodiments, the generating module is specifically configured to:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
In some embodiments, the decryption module is specifically configured to:
Decrypting the decryption information by using the second random number to obtain a decryption key of the shared data to be acquired;
And decrypting the encrypted data by using the decryption key to obtain shared data.
In some embodiments, the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
In some embodiments, the data directory includes a data hash value; the apparatus further comprises:
the calculating module is used for calculating the hash value of the shared data obtained by decryption;
The verification module is used for carrying out consistency verification on the calculated hash value and the hash value of the shared data to be acquired;
and the determining module is used for determining that the data sharing is successful at the present time if the consistency check is passed.
The embodiment of the apparatus provided in the embodiment of the present application may be specifically used to execute the above-mentioned processing flow applied to each method embodiment, and the functions thereof are not described herein again, and may refer to the detailed description of the above-mentioned method embodiment.
It should be noted that, the data sharing method and device based on the blockchain provided by the embodiment of the application can be used in the financial field and also can be used in any technical field except the financial field, and the application field of the data sharing method and device based on the blockchain is not limited.
Fig. 16 is a schematic physical structure of an electronic device according to an embodiment of the present application, as shown in fig. 16, the electronic device may include: processor 601, communication interface (Communications Interface) 602, memory 603 and communication bus 604, wherein processor 601, communication interface 602, memory 603 complete communication with each other through communication bus 604. The processor 601 may call logic instructions in the memory 603 to perform the method described in any of the embodiments above.
Further, the logic instructions in the memory 603 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the method embodiments described above.
The present embodiment provides a computer-readable storage medium storing a computer program that causes the computer to execute the methods provided by the above-described method embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present specification, reference to the terms "one embodiment," "one particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.
Claims (16)
1. A blockchain-based data sharing method, comprising:
Encrypting the shared data by using the encryption key to generate encrypted data;
Transmitting the encrypted data to a data storage system, wherein the data storage system stores the encrypted data;
Transmitting the data catalogue of the shared data to a service chain for certification;
And according to a data sharing request of a data receiver, using an careless transmission technology to share decryption information of the shared data to the data receiver through the service chain, wherein the data receiver is used for acquiring the encrypted data in a data storage system according to a data catalog stored on the service chain, and decrypting the encrypted data by using the decryption information to obtain the shared data.
2. The method according to claim 1, wherein the data directory comprises a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
3. The method according to claim 1, wherein the sharing of decryption information of the shared data to the data receiver via the service chain according to the data sharing request of the data receiver using an unintentional transmission technique comprises:
Acquiring inadvertently transmitted key information of a data receiver stored on the service chain according to a data sharing request of the data receiver;
processing the decryption key of the shared data according to the inadvertently transmitted key information to generate encryption information;
and sharing the encryption information to the data receiver through the service chain.
4. The method according to claim 1, wherein the obtaining, according to the data sharing request of the data receiver, the inadvertently transmitted key information that the data receiver has demonstrated on the service chain includes:
Verifying authority of a data receiver according to a data sharing request of the data receiver to generate verification result information, wherein the data receiver is used for generating inadvertently-transmitted key information when verification passing information is included in the verification result information, and sending the inadvertently-transmitted key information to the service chain for verification;
And acquiring the inadvertently transmitted key information on the service chain.
5. The method of claim 4, wherein the data receiver generating the inadvertently transmitted key information when the authentication result information includes authentication pass information, comprises:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
6. The method of claim 5, wherein said processing the decryption key for the shared data based on the inadvertently transmitted key information to generate encrypted information comprises:
acquiring first encryption information on the service chain;
Decrypting the first encrypted information by using the private key of the data provider to obtain a mapping relation group;
Decrypting the inadvertently transmitted key information by using the private key of the data provider and the mapping relation group to obtain a delivery key of the shared data;
and encrypting the decryption key of the shared data in the data storage system by using the delivery key to obtain encryption information.
7. A blockchain-based data sharing method, comprising:
obtaining decryption information of shared data shared by a data sender through a service chain by using an unintentional transmission technology;
Acquiring a data catalog of the shared data on a service chain;
Acquiring encrypted data of the shared data from a data storage system according to the data directory;
And decrypting the encrypted data by using the decryption information to obtain shared data.
8. The method of claim 7, wherein the method further comprises:
Transmitting a data sharing request to a data transmitting party through a service chain, wherein the data transmitting party is used for verifying the authority of a data receiving party transmitting the data sharing request to generate verification result information;
Acquiring verification result information sent by a data sender through a service chain;
generating inadvertently transmitted key information when verification passing information is included in the verification result information;
And sending the inadvertently transmitted key information to the service chain for certification.
9. The method of claim 8, wherein generating the inadvertently transmitted key information when the authentication result information includes authentication pass information, comprises:
When the verification result information comprises verification passing information, generating an inadvertently-transmitted encrypted random array according to the data catalogue on the service chain, wherein the number of random numbers in the random array is equal to the number of the data catalogue;
Establishing a one-to-one mapping relation between a data directory and random numbers in the random array;
Generating a mapping relation group according to the mapping relation between each data directory and the random number;
Encrypting the mapping relation group by using a public key of a data provider to generate first encryption information;
sending the first encryption information to the service chain for certification;
Determining shared data to be acquired according to the data catalogue on the service chain;
searching a first random number corresponding to the data directory of the shared data in the mapping relation group;
Generating a second random number;
Generating inadvertently transmitted key information according to the first random number, the second random number and the public key of the data sender to which the shared data to be acquired belongs.
10. The method of claim 9, wherein decrypting the encrypted data using the decryption information results in shared data, comprising:
Decrypting the decryption information by using the second random number to obtain a decryption key of the shared data to be acquired;
And decrypting the encrypted data by using the decryption key to obtain shared data.
11. The method of claim 7, wherein the data directory includes a data acquisition address, a data resource number, a data resource description, a data hash value, and/or a data resource acquisition link.
12. The method of claim 10, wherein the data directory comprises a data hash value; after decrypting the encrypted data using the decryption information to obtain shared data, the method further comprises:
calculating the hash value of the shared data obtained by decryption;
performing consistency check on the calculated hash value and the hash value of the shared data to be acquired;
if the consistency check is passed, the successful data sharing is determined.
13. A blockchain-based data sharing apparatus, comprising:
the encryption module is used for encrypting the shared data by utilizing the encryption key to generate encrypted data;
the first sending module is used for sending the encrypted data to a data storage system, and the data storage system stores the encrypted data;
the second sending module is used for sending the data catalogue of the shared data to a service chain for certification;
And the sharing module is used for sharing the decryption information of the shared data to the data receiver through the service chain by using an careless transmission technology according to the data sharing request of the data receiver, wherein the data receiver is used for acquiring the encrypted data in the data storage system according to the data catalog stored on the service chain and decrypting the encrypted data by using the decryption information to obtain the shared data.
14. A blockchain-based data sharing apparatus, comprising:
the first acquisition module is used for acquiring decryption information of shared data shared by a data sender through a service chain by using an unintentional transmission technology;
the second acquisition module is used for acquiring the data catalogue of the shared data on a service chain;
A third obtaining module, configured to obtain encrypted data of the shared data from a data storage system according to the data directory;
and the decryption module is used for decrypting the encrypted data by utilizing the decryption information to obtain shared data.
15. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 6 or 7 to 12 when the computer program is executed.
16. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6 or 7 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410357518.4A CN118246917A (en) | 2024-03-27 | 2024-03-27 | Block chain-based data sharing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410357518.4A CN118246917A (en) | 2024-03-27 | 2024-03-27 | Block chain-based data sharing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118246917A true CN118246917A (en) | 2024-06-25 |
Family
ID=91552362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410357518.4A Pending CN118246917A (en) | 2024-03-27 | 2024-03-27 | Block chain-based data sharing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118246917A (en) |
-
2024
- 2024-03-27 CN CN202410357518.4A patent/CN118246917A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| CN109144961B (en) | Authorization file sharing method and device | |
| US20200084027A1 (en) | Systems and methods for encryption of data on a blockchain | |
| KR102307574B1 (en) | Cloud data storage system based on blockchain and method for storing in cloud | |
| JP2020504930A (en) | Authentication system through distributed storage after separation of personal information using blockchain | |
| CN111476572B (en) | Block chain-based data processing method, device, storage medium and equipment | |
| JP2020528691A (en) | Computer-enhanced systems and methods that enable secure storage of large blockchains across multiple storage nodes | |
| Li et al. | A Blockchain‐Based Public Auditing Scheme for Cloud Storage Environment without Trusted Auditors | |
| CN115296838B (en) | Block chain-based data sharing method, system and storage medium | |
| CN111767569A (en) | Access authorization method and node of block chain | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| CN110737915A (en) | Anti-quantum-computation anonymous identity recognition method and system based on alliance chain and implicit certificate | |
| GB2587438A (en) | Key generation for use in secured communication | |
| Yu et al. | Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof | |
| Guo et al. | Using blockchain to control access to cloud data | |
| Kaaniche | Cloud data storage security based on cryptographic mechanisms | |
| KR20210099814A (en) | Digital property code management system based on blockchain and method thereof | |
| Vasilopoulos et al. | Message-locked proofs of retrievability with secure deduplication | |
| CN107360252B (en) | Data security access method authorized by heterogeneous cloud domain | |
| CN115834067A (en) | Ciphertext data sharing method in edge cloud collaborative scene | |
| CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection | |
| CN117675216A (en) | Data processing method and related equipment | |
| CN115086337A (en) | File processing method and device, storage medium and electronic equipment | |
| CN118246917A (en) | Block chain-based data sharing method and device | |
| Yang et al. | Improved outsourced provable data possession for secure cloud storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |