WO2019157810A1 - Data transmission method and device and network node - Google Patents

Data transmission method and device and network node Download PDF

Info

Publication number
WO2019157810A1
WO2019157810A1 PCT/CN2018/103046 CN2018103046W WO2019157810A1 WO 2019157810 A1 WO2019157810 A1 WO 2019157810A1 CN 2018103046 W CN2018103046 W CN 2018103046W WO 2019157810 A1 WO2019157810 A1 WO 2019157810A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
node
information
blockchain
key
Prior art date
Application number
PCT/CN2018/103046
Other languages
French (fr)
Chinese (zh)
Inventor
张亮亮
张向东
常俊仁
冯淑兰
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2019157810A1 publication Critical patent/WO2019157810A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Definitions

  • the present application relates to the field of communications, and in particular, to a data transmission method, apparatus, and network node.
  • a method of mobile edge calculation is proposed. That is, storing data to provide services to users near a user (such as a base station or router), but the provision of services or data is still subject to a monopoly of third parties.
  • the basic idea of the Content Delivery Network is to avoid the bottlenecks and links on the Internet that may affect the speed and stability of data transmission, so that the content transmission is faster and more stable.
  • the CDN system can real-time based on network traffic and connection, load status, and distance and response time to users.
  • the integrated information redirects the user's request to the service node closest to the user.
  • the purpose is to enable users to obtain the required content in the vicinity, solve the congestion of the Internet network, and improve the response speed of users visiting the website.
  • edge computing or content distribution network in the current communication system, most of the services or data are concentrated in a certain central platform to provide services for users.
  • the providers of data and services are subject to monopoly platforms, and the interests of the providers of data or services cannot be truly protected.
  • Another aspect is that the data is stored in the cloud center or the server. When the user obtains the service or data, the user needs to obtain the centralized access from the center. From the perspective of the network transmission, the same data is repeatedly transmitted in the network.
  • the present application provides a data transmission method, apparatus and network node, which can be applied to an Internet of Things scenario, and aims to achieve access and sharing of resources between network nodes.
  • the present application provides a data transmission method, which may be applied to a data requesting party, such as a first node, the method comprising: the first node acquiring data information and data from a first blockchain node Key information, obtaining encrypted data according to the data information, obtaining a key according to the key information of the data, and decrypting the encrypted data by using the key to obtain data.
  • the data information includes: address information of the encrypted data or the encrypted data, and the address information of the encrypted data is used to indicate the location of the encrypted data.
  • the key information of the data includes key information of the encrypted data or address information of the stored encrypted data. It should be specially noted that the key information of the data can be generated by being encrypted by the public key of the first node.
  • the method provided by the present aspect utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network or The burden of repeated transmission between multiple routes, less transmission delay.
  • the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data. Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
  • the obtaining a key according to the key information of the data includes: when the key information of the data is an encrypted data key, the first node uses its own The private key decrypts the encrypted data key to obtain the key. or,
  • the first node searches for the encrypted data key according to the address information, and The encrypted data key is decrypted using its own private key to obtain the key.
  • the key information of the data is the encrypted data key or the address information of the data key
  • the data key is prevented from being sent in the plaintext in the network, thereby preventing the intermediate network node from directly obtaining the data key in the forwarding process.
  • the security and reliability of data transmission are further improved.
  • the first node obtains key information of data from the first blockchain node, including: the first node obtains transaction index information, where the transaction index information includes a block number, One or more of a block height, a transaction index number, or a blockchain identifier; determining the first blockchain transaction based on the transaction index information, wherein the data is recorded in the first blockchain transaction Key information, obtaining key information of the data according to the first blockchain transaction; or, the first node sends the transaction index information to a relay node, and receiving the relay node according to the transaction The key information of the data fed back by the index information.
  • the first node can quickly find the first blockchain transaction matching the information according to the content in the transaction index information, such as the block number or the transaction index, and then quickly obtain the information recorded in the transaction.
  • the key information of the data realizes fast acquisition of shared information on the blockchain, and the time consumption is shortened compared to the key information obtained from the data source node or the data provider.
  • the obtaining, by the first node, the data information includes: the first node receiving any blockchain node from the first blockchain, or any blockchain node of the second blockchain, Or the data information of the data source node; or the first node receives the data information from the relay node, the relay node is a node that pre-stores the data information; or the first node slave blockchain Extracting and obtaining the data information.
  • the first node may obtain the data information from any blockchain node that stores data information, and may also obtain the data from the relay node closest to the first node, thereby realizing fast acquisition of data information. Reduce transmission time and improve transmission and access efficiency.
  • the data information includes: encrypted data or address information of the encrypted data; the first node obtains the encrypted data according to the data information, and includes: when the data information is the encrypted data, the first node The encrypted data may be obtained directly from the data information; when the data information is address information of the encrypted data, the first node searches for the location of the encrypted data through the address information of the data, and obtains the encrypted data.
  • the data or the data address is transmitted in the blockchain in an encrypted manner, which improves the security of the transmitted information.
  • the method further includes: the first node will obtain key information of the data from the first block chain node, and/or obtain an event of the data information. For the first transaction, it is recorded on the third blockchain.
  • the first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, and a transaction identifier of the blockchain node.
  • Information transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
  • the method further includes: receiving, by the first node, a request message from the second node, where the request message includes first information, where the first information includes a data identifier, and the second node One or more of an identifier, a second node public key, or transaction index information; the first node according to one or more of the data identifier, the second node identifier, the second node public key, or the transaction index information
  • the item acquires key information of the data information and/or the data; and transmits the key information of the data information and/or the data to the second node.
  • the method further includes: the first node obtaining the private key or the public key generation source of the first node according to the excitation response generated by the physical unclonable function PUF technology.
  • the method further includes: the first node generates an excitation response according to the physical unclonable function PUF technology, and uses at least one of the hash of the excitation and the excitation response as the identification information of the first node, So that the identification information of the first node is recorded on the blockchain; the transaction recorded on the blockchain includes one or more of the following: an incentive, a hash of the incentive response, a node identifier, and a time at which the response is generated.
  • the public key of the node is not limited to the public key of the node.
  • the method further includes: the first node obtains a hash of the data from the blockchain, obtains a hash of the decrypted data by using the decrypted data and a hash algorithm, and determines a hash of the data. Whether the hash of the decrypted data is the same, if the two values are the same, the data obtained by the first node is trusted data, and if not, the data obtained by the first node is the falsified data.
  • the present application further provides a data transmission method, which is applied to a node on a blockchain, such as a first blockchain node, and the method includes: obtaining, by using the first information, the first blockchain node Key information requested by a node and/or key information of the data, wherein the first information includes one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; Transmitting, by the first blockchain node, key information of the data information and/or data to the first node, so that the first node obtains encrypted data according to the data information, and key information according to the data The key is obtained, thereby enabling decryption and reading of the encrypted data using the key.
  • the key information of the data may be provided by a blockchain node on the first blockchain, and the data information may be provided by a blockchain node on the second blockchain. It is also possible that the key information and the data information of the data are all provided by the same blockchain node, and the present application does not specifically limit the blockchain node that provides the information to the first node.
  • the first blockchain node obtains the key information of the data by using the first information, including: the first blockchain node receives the first a request message forwarded by a node or a relay node, where the request message includes the first information; according to the data identifier in the first information, the first node identifier, the public key of the first node, or the transaction index information Searching for one or more of the transactions associated with the first information, the key information of the data being recorded in the transaction; and obtaining key information of the data from the transaction, thereby utilizing the area
  • the blockchain consensus mechanism can quickly obtain key information of data and improve data transmission and access efficiency.
  • the searching for the transaction related to the first information further includes: obtaining, by the first blockchain node, a first identifier, determining, according to the first information and the first identifier, The transaction, wherein the first identifier comprises: a first blockchain node identifier, transaction identifier information of a first blockchain node, a second blockchain node identifier, transaction identifier information of a second blockchain node, or a cross-chain identifier or the like; the cross-chain identifier is used to connect the first block chain and the second block chain, and if the first block and the second block chain are the same block chain, the cross-chain Identifies the connection ID.
  • the first identifier may be pre-stored in the first blockchain or acquired by other nodes.
  • adding the first identifier to the related transaction on the basis of the first information, the data information of the first node of the requesting party and/or the key information of the data may be accurately and quickly determined, thereby improving the accuracy of the search. Sex.
  • the first blockchain node obtains the data information requested by the first node by using the first information, where: the first blockchain node obtains the first information; according to the first information Obtaining the data information from the second blockchain or the relay node or the data source node, or the first blockchain node determines, according to the first information, that the first blockchain node stores the The data information finds and obtains the data information related to the first information.
  • the first block link node stores the data information required by the first node, the data information is directly provided to the first node, thereby saving time acquired from other nodes and improving transmission efficiency.
  • the method further includes: The blockchain node generates transaction index information for determining a first blockchain transaction in which key information of the data is recorded, the transaction index information including a block number, a block height, and a transaction index One or more of the number or the blockchain identifier; the transaction index information is sent to the first node; or the first blockchain node sends the address information of the encrypted data requested by the first node to The first node or a relay node.
  • the present application further provides a data transmission method, which is applied to a relay node, such as a base station, where the method includes: the relay node obtains a request message from the first node, where the request message includes the first information.
  • the first information includes one or more of a data identifier, a first node identifier, a first node public key, and or transaction index information; and obtaining the data information and/or data density according to the first information.
  • Key information transmitting the key information of the data information and/or data to the first node.
  • the obtaining, by the relay node, the data information according to the first information includes: determining whether the first node has an access right; if yes, obtaining the data information; No, the access request of the first node is rejected, for example, a message indicating that the access is denied is fed back to the first node.
  • the relay node obtains the data information, specifically: the relay node obtains the data information from a local relay node if the data information is already stored; or, the data is not stored.
  • the data information is obtained from a first blockchain, a second blockchain, or a data source node, and then forwarded to the first node.
  • the relay node obtains the key information of the data according to the first information, including: the relay node searching, according to the first information, whether there is any information related to the first information. Transaction in which the key information of the data is recorded; if so, indicating that the first node has access rights, and the relay node obtains key information of the data from the transaction; if not, Do not have access, refuse access.
  • the relay node replies to the first node with a message for notifying the key information or the data information that the data is denied for the first node.
  • the obtaining, by the relay node, the key information of the data from the transaction including: the relay node sending the request message to the first blockchain node; receiving The first blockchain node generates key information of the data fed back according to the request message, and the key information of the data is encrypted by the public key of the first node.
  • the relay node obtains the key information of the data information and/or the data according to the first information, including: the relay node obtains the first identifier, the first identifier
  • the method includes: a first block chain node identifier, transaction identification information of a first block chain node, a second block chain node identifier, transaction identification information of a second block chain node, or a cross-chain identifier; The first information and the first identifier obtain key information of the data information and/or data.
  • the method further includes: the relay node sends the key information of the data information and/or data to the first node as a second transaction, and records the third blockchain. .
  • the second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first transaction Transaction identification information of a blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or Key information hash of data, etc.
  • the present application further provides a data transmission method, where the method is applicable to a data source node, where the data source node is configured to provide data information and key information of the data to the first node; specifically, the method The method includes: the key information generated by the data source node to generate data; and the key information of the data is recorded on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the confidentiality of the data.
  • the key information is quickly provided to the first node of the requester, shortening the transmission delay and improving the transmission efficiency.
  • the data source node generates key information of the data, including: the data source node receives the request message forwarded from the first node or forwarded by the relay node, where the request message includes the first Information, the first information includes one or more of a data identifier, a first node identifier, or transaction index information, and the data source node determines a public key of the first node according to the first information, and uses the The public key of the first node encrypts the key of the data to generate key information of the data.
  • the data source section records the key information of the data on the first blockchain, including: the data source node sends the key information of the data to the first blockchain. a node to record key information of the data on the first blockchain by the first blockchain node; or the data source node broadcasts and stores the key information of the data to the first On the blockchain.
  • the method further includes: the data source node records, on the second blockchain, the encrypted data requested by the first node; or broadcasts and stores the encrypted data to the On the second blockchain, the data information includes encrypted data or address information of the encrypted data.
  • the data source node obtains the public key of the first node, and generates key information of the data according to the public key of the first node, specifically, the data source node uses the public key of the first node. Encrypting the key of the data to generate key information of the data; or the data source node encrypting the key of the data by using a public key of the first node, and storing the encrypted data A key, the address of the key storing the encrypted data is used as key information of the data.
  • the key information of the data includes: an encrypted data key or address information storing an encrypted data key.
  • the present application further provides a data transmission method, which is applied to a node on a second blockchain, such as a second blockchain node, where the node is used to provide data information for the first node
  • the method includes: the second block chain node acquires a request message from the first node, where the request message includes first information, where the first information includes one of a data identifier, a first node identifier, or transaction index information. And the second blockchain node determines, in the case that the first node has the access right, the data information required by the first node, and sends the data information to the first node, where the data information includes encryption Address information for data or encrypted data.
  • the second blockchain node and the relay node may be the same node, or may be the same as the foregoing first blockchain node, and may be different, which is not limited in this application.
  • the present application further provides a data transmission device, where the device includes a receiving module, a processing module, and a sending module, and may further include a storage module, etc., each module in the device is configured to execute the first aspect to the foregoing Five aspects, and data transmission methods of various implementations in various aspects.
  • the embodiment of the present application further provides another data transmission device, which is used to implement the function of the behavior of the first node in the foregoing method.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the above functions, and the modules may be software and/or hardware.
  • the hardware corresponding to the transceiver module may be a transceiver
  • the hardware corresponding to the processing module may be a processor.
  • a memory may also be included.
  • the application provides a network node, which may be a node requesting access to data, such as a first node, the network node comprising: a transceiver for obtaining data information and from a first blockchain Key information of the data of the node; a processor, configured to obtain the encrypted data according to the data information, and obtain a key according to the key information of the data, and decrypt the encrypted data by using the key to obtain data.
  • the key information of the data includes: an encrypted data key or address information storing an encrypted data key; the processor, specifically for the confidentiality of the data When the key information is the encrypted data key, decrypting the encrypted data key with a private key to obtain the key; or, the key information of the data is encrypted for the storage When the address information of the data key is obtained, the encrypted data key is obtained based on the address information, and the encrypted data key is decrypted using the private key to obtain the key.
  • the transceiver is specifically configured to obtain transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
  • the processor is specifically configured to determine, according to the transaction index information, the first blockchain transaction, where the key information of the data is recorded in the first blockchain transaction, according to the first zone Blockchain transaction obtaining key information of the data; or transmitting, by the transceiver, the transaction index information to a relay node, and receiving a key of the data fed back by the relay node according to the transaction index information information.
  • the transceiver is specifically configured to receive any blockchain node from the first blockchain, or any blockchain node of the second blockchain, or a data source node.
  • the data information; or, receiving the data information from the relay node, the relay node is a node that pre-stores the data information; or extracting and obtaining the data information from the blockchain.
  • the data information includes: encrypted data or address information of the encrypted data; the processor is specifically configured to: when the data information is the encrypted data, from the data information Obtaining the encrypted data; or, when the data information is the address information of the encrypted data, searching and obtaining the encrypted data by using the address information of the data.
  • the processor is further configured to: obtain key information of the data from the first blockchain node, and/or obtain the data information as a first transaction. , recorded on the third blockchain.
  • the first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, and a region.
  • Transaction identification information transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
  • the application further provides a network node, where the network node may be any node on the blockchain, for example, a first blockchain node, where the network node includes: a processor, configured to pass the first The information obtains the data information requested by the first node and/or the key information of the data, wherein the first information includes: one of a data identifier, a first node identifier, a public key of the first node, or transaction index information or a plurality of transceivers, configured to send the key information of the data information and/or data to the first node.
  • the network node may be any node on the blockchain, for example, a first blockchain node
  • the network node includes: a processor, configured to pass the first The information obtains the data information requested by the first node and/or the key information of the data, wherein the first information includes: one of a data identifier, a first node identifier, a public key of the first node, or transaction index information or a plurality of transce
  • the processor is configured to receive, by using the transceiver, a request message that is forwarded from a first node or a relay node, where the request message includes the first information; And searching for a transaction related to the first information according to one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information in the first information, where the transaction records Key information of the data; and key information for obtaining the data from the transaction.
  • the processor is specifically configured to obtain a first identifier, and determining, according to the first information and the first identifier, that the first identifier of the transaction includes: a first block The chain node identifier, the transaction identifier information of the first blockchain node, the second blockchain node identifier, the transaction identifier information of the second blockchain node, or the cross-chain identifier.
  • the processor is specifically configured to obtain the first information, and obtain the foregoing information from a second blockchain or a relay node or a data source node according to the first information. Data information, or determining, according to the first information, that the data information is stored on the first blockchain node, and searching for and obtaining the data information related to the first information.
  • the processor is further configured to generate transaction index information, where the transaction index information is used to determine the record, before obtaining the key information of the data information and/or the data.
  • a first blockchain transaction of key information of the data the transaction index information including one or more of a block number, a block height, a transaction index number, and a blockchain identifier; using the transceiver
  • the transaction index information is sent to the first node; or the address information of the encrypted data that the first node requests to access is sent to the first node or the relay node by using the transceiver.
  • the application further provides a network node, where the network node may be a relay node, specifically, the network node includes: a transceiver, configured to obtain a request message from the first node, the request message Included in the first information, the first information includes one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; and a processor, configured to obtain, according to the first information The key information of the data information and/or the data; the transceiver is further configured to send the key information of the data information and/or data to the first node.
  • the network node may be a relay node, specifically, the network node includes: a transceiver, configured to obtain a request message from the first node, the request message Included in the first information, the first information includes one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; and a processor, configured to obtain,
  • the processor is specifically configured to determine, according to the first information, whether the first node has access rights; if yes, obtain data information; if not, reject the first node Access request;
  • the processor is specifically configured to: according to the first information, whether there is a transaction related to the first information, where the key information of the data is recorded in the transaction. If yes, the key information of the data is obtained from the transaction; if not, the access is denied.
  • the processor is specifically configured to send, by using a transceiver, the request message to the first blockchain node, and receive the first blockchain node according to the request message.
  • the key information of the fed back data, the key information of the data is generated by being encrypted by the public key of the first node.
  • the processor is specifically configured to obtain a first identifier, and obtain key information of the data information and/or data according to the first information and the first identifier.
  • the first identifier includes: a first blockchain node identifier, transaction identifier information of the first blockchain node, a second blockchain node identifier, transaction identifier information of the second blockchain node, or a cross-chain identifier.
  • the processor is further configured to send the key information of the data information and/or data to the first node as a second transaction, and record the third blockchain. on.
  • the second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first transaction Transaction identification information of a blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or Key information hash of data, etc.
  • the application further provides a network node, such as a data source node, for providing key information of data information and data for the first node; specifically, the network node includes: a processor, configured to generate Key information of the data; recording key information of the data on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the key information of the data and Quickly provide the first node to the requester, shortening the transmission delay and improving transmission efficiency.
  • a network node such as a data source node, for providing key information of data information and data for the first node
  • the network node includes: a processor, configured to generate Key information of the data; recording key information of the data on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the key information of the data and Quickly provide the first node to the requester, shortening the transmission delay and improving transmission efficiency.
  • the method further includes: a transceiver, configured to receive a request message forwarded from the first node or forwarded by the relay node, where the request message includes first information, where the first information includes a data identifier The one or more of the first node identifier or the transaction index information, where the processor is specifically configured to determine a public key of the first node according to the first information, and utilize a public key pair of the first node The key of the data is encrypted to generate key information of the data.
  • a transceiver configured to receive a request message forwarded from the first node or forwarded by the relay node, where the request message includes first information, where the first information includes a data identifier The one or more of the first node identifier or the transaction index information, where the processor is specifically configured to determine a public key of the first node according to the first information, and utilize a public key pair of the first node The key of the data is encrypted to generate key information of the data.
  • the processor is specifically configured to send, by using the transceiver, key information of the data to a first blockchain node to pass the first blockchain node.
  • the key information of the data is recorded on the first blockchain; or the key information of the data is broadcasted and stored on the first blockchain.
  • the processor is further configured to record the encrypted data requested by the first node to be accessed on the second blockchain; or broadcast and store the encrypted data to the first On the two blockchain, the data information includes encrypted data or address information of the encrypted data.
  • the processor is further configured to: use a public key of the first node to encrypt a key of the data to generate key information of the data; or, by using a first node
  • the public key encrypts the key of the data and stores the key of the encrypted data, and the address of the key storing the encrypted data is used as the key information of the data.
  • the present application further provides a computer storage medium, where the computer storage medium can store instructions, which can implement some or all of the implementation manners or embodiments of the data transmission method provided by the application. step.
  • the computer storage medium can be stored in a memory of the network node described above.
  • a computer program product comprising instructions which, when executed on a computer, cause the computer to perform the data transmission method of the above aspects.
  • the present application further provides a data transmission system, including: a first node, a first blockchain node, and a relay node, and further includes a data source node and a second block chain node. , the second node, and so on.
  • the first node is configured to perform the method steps in the implementations of the foregoing first aspect and the first aspect;
  • the first blockchain node is configured to perform the method steps in the implementations of the foregoing second aspect and the second aspect;
  • the relay node is configured to perform the method steps in the foregoing third and third implementations;
  • the data source node is configured to perform the method steps in the foregoing fourth and fourth implementations;
  • the two-block chain node is used to perform the method steps in the implementations of the fifth and fifth aspects above.
  • each node in the data transmission system provided by the present application may be collectively referred to as a network node, and the network node may represent various network element devices, stations, base stations, user equipment UEs, terminals, and the like.
  • the two concepts of the device and the node in the various embodiments of the present application are equivalent, that is, the device may refer to a node, a station, a UE, a network element device, a sensor, and the like.
  • the technical solution disclosed in the present application combines mobile edge computing and blockchain technology to provide services for users with low latency and low load, and also ensures data transmission security and data service provider. interest.
  • the data transmission method, device and network node provided by the application utilize the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing the data information.
  • the burden of repeated transmission of data information between the core network or multiple routes reduces transmission delay and improves transmission efficiency.
  • the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
  • the blockchain node or the relay node verifies whether the first node has the access right according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result, and Nodes that do not have permission are denied access requests, which in turn improves the transmission efficiency while ensuring the rights of the data provider.
  • the first node verifies the authenticity and integrity of the decrypted data by comparing the data hash on the acquired blockchain with the hash generated by the decrypted data. A node can determine whether the acquired data has been tampered with.
  • a blockchain technology is further included, where the method includes: a first blockchain for recording key information of data; the second block The chain is used to record information of the data: the third block chain is used to record the first node to provide key information of the data to the second node.
  • the present application also provides a method for: in a scenario where multiple chains exist, different blockchains are used to process different things and record different information.
  • transactions are recorded information units, and one block includes multiple transactions, and multiple blocks are connected into one blockchain.
  • the different blockchains are related to each other, so the transactions are also related to each other. How to link multiple related transactions in a multi-chain scenario is very necessary.
  • the encrypted data is shared to the Yth node for the node X, the key information of the encrypted data is recorded in the first blockchain, and the encrypted data information such as data
  • the hash is recorded with a second blockchain, which can be used to record the node X to provide key information to the node Y, so the transactions of the three blockchains are associated, Therefore, identification is needed to associate them, facilitating multi-chain collaboration and cross-chain calling, while achieving traceability of relevant and diverse information.
  • a method for applying a blockchain technique comprising: the first blockchain and the second blockchain are the same blockchain; or The third blockchain and the second blockchain are the same blockchain; or the first blockchain and the third blockchain are the same blockchain; or the first blockchain, The second blockchain and the third blockchain are the same blockchain; in another possible implementation, the method further includes: trading of the first blockchain, and B of the second blockchain The transaction, the A transaction and the B transaction are related transactions, whereby the two blockchains use the cross-chain identification to associate the two transactions; or the first block transaction of the first block chain, the third block chain
  • the C transaction, the A transaction and the C transaction are related transactions, whereby the two blockchains use the cross-chain identifier to associate the two transactions; or the second blockchain B transaction, the third The C-transaction of the blockchain, the B-transaction and the C-transaction are related transactions, whereby the two blockchains use the cross-chain identification to close the two transactions.
  • the method further includes: when the first blockchain and the second blockchain are the same blockchain, the A transaction, the B transaction is a related transaction, and the method is The connection identifier associates the related transaction; when the first blockchain and the third blockchain are the same blockchain, the A transaction, the C transaction is a related transaction, and the related transaction is associated by using the connection identifier.
  • the Bth transaction, the Cth transaction is a related transaction, and the related transaction is associated by using a connection identifier;
  • the A transaction, the B transaction, and the C transaction are related transactions, and the related transaction is associated by using the connection identifier;
  • the connection identifier and the cross-chain identifier are the same identifier.
  • the first blockchain is used to record key information of the data
  • the first transaction of the first blockchain includes at least one of the following: a connection identifier, a cross-chain identifier, Identification information of the first node, the data identifier, the first node identifier, the device identifier of the first node, the public key of the first node, the key information of the data, the transaction index information, the time of accessing the data, the first blockchain node
  • the second blockchain is used to record information of the data
  • the B-transaction of the second blockchain includes at least one item: a connection identifier, a cross-chain identifier, identification information of the first node, data identifier, a node identifier, a device identifier of the first node, a public key of the first node, transaction index information, a second block chain node identifier, a transaction identifier information of the second block chain node, a hash hash of the data, and a data information hash
  • the third blockchain is used to record that the node X provides key information and or data information to the node Y
  • the C transaction of the third blockchain includes at least one of the following: a connection identifier, a cross-chain Identification, identification information of the first node, data identifier, first node identifier, public key of the first node, time of accessing the data, blockchain node identifier, transaction identifier information of the blockchain node, transaction index information, cross-chain Identification, data hash hash, data information hash, encrypted data address information hash, data key information hash, first node acquisition data information and data key information transaction, the first blockchain is the first node The key information of the data is provided, the second blockchain is key information for providing data to the first node, and the like.
  • the method described in this aspect may be implemented by a hardware, for example, the hardware may include a processor and a transceiver, wherein the processor performs a recording function in the above method, and the transceiver performs the above method notification function; or the method may also pass the software Execute the corresponding instructions to achieve.
  • the hardware can be used stand-alone or as an integrated module in combination with other hardware devices. This embodiment can also be used in combination with other embodiments of the present invention. In this regard, the embodiments of the present invention are not specifically limited.
  • FIG. 1 is a schematic diagram of data transmission in a network provided by the present application.
  • FIG. 2 is a schematic flowchart of a data transmission method according to an embodiment of the present application.
  • FIG. 3 is a signaling flowchart of a data transmission method according to an embodiment of the present application.
  • FIG. 4 is a signaling flowchart of another data transmission method according to an embodiment of the present application.
  • FIG. 5 is a signaling flowchart of still another data transmission method according to an embodiment of the present application.
  • FIG. 6 is a signaling flowchart of still another data transmission method according to an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a data transmission apparatus according to an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a network node according to an embodiment of the present disclosure.
  • FIG. 1 a schematic diagram of data flow in a network is provided, where the network includes a data source node (source D) providing data parties, and a relay node (relay) capable of forwarding data or services, for example, Following the Node B and the relay node C, the request message for receiving and forwarding the user, and the feedback data to the requesting user, and at least one user.
  • source D data source node
  • relay node relay node
  • the request message is sequentially forwarded by at least one relay node (for example, the relay node B and the relay node C), and finally reaches the data source.
  • Node D after receiving the request message, the data source node D feeds back the corresponding data to the user A for the user A to access.
  • the request message from the user E is also forwarded by the relay node to the data source node D, and the data source node D receives the request message. Then feedback the result to user E.
  • both the request message and the data are forwarded through multiple relay nodes, so a certain delay is generated, and for users far away from the data source node, obtaining feedback results is time consuming. Long, in addition, the service that requires a large amount of forwarding and feedback data at the relay node also increases the transmission burden.
  • the data source node guarantees the transmission security and the interests of the requesting party. When the data source node provides the data to the user A, that is, when the access right of the user A is allowed, the user E is denied to access the data again. Data cannot be accessed and shared between different users.
  • the technical solution provided by the following embodiments of the present application combines mobile edge computing and blockchain technology to provide services and data for users with low latency and low load, and also ensures data transmission security, and The interests of the business and data providers.
  • the technical solution of the present application relates to a blockchain, which is a distributed database, which originates from bitcoin and is the underlying technology of bitcoin.
  • a blockchain is a string of data blocks generated using cryptographic methods. Each block contains information about a bitcoin network transaction for verifying the validity of its information (anti-counterfeiting) and generating the next block.
  • a blockchain is a chained data structure that combines data blocks in a sequential manner in chronological order, and cryptographically guaranteed non-tamperable and unforgeable distributed ledgers.
  • blockchain technology uses blockchain data structures to validate and store data, use distributed node consensus algorithms to generate and update data, and use cryptography to ensure data transmission and access security, using automated scripts.
  • the code consists of a smart contract to program and manipulate data in a completely new distributed infrastructure and computing paradigm.
  • Blockchain is mainly used to solve the trust and security problems of transactions, so the use of blockchain can propose the following technological innovations:
  • the so-called distributed ledger means that transaction accounting is done by multiple nodes distributed in different places, and each node records the complete accounts, so they can all participate in supervising the legality of the transaction, and can also jointly testify for them. , thereby avoiding the possibility that a single biller is controlled or bribed to result in a false accounting situation.
  • the number of nodes for accounting is large, in theory, unless all nodes are destroyed, the accounts will not be lost, thus ensuring the security of the account data.
  • the so-called symmetric encryption and authorization technology can be considered that the transaction information stored in the blockchain is public, but the account identity information is highly encrypted, and the data can be accessed only when the data owner authorizes, thereby further ensuring data security. Sex and the privacy of the user.
  • the so-called consensus mechanism refers to how consensus is reached between all accounting nodes to determine the validity of a record. This is both a means of identification and a means of preventing tampering.
  • PoW Proof of Work
  • the smart contract is based on trusted and non-tamperable data on the blockchain and can be automated to execute some predefined rules and terms.
  • Bitcoin as an encrypted digital currency network
  • the operation and maintenance of the system is also independent of the management personnel.
  • the network node strictly encapsulates the digital fingerprint of the specific time transaction into a block by the workload proof mathematical algorithm, and quickly broadcasts to the whole network, using hash technology to form a tight chain structure between the blocks.
  • the encrypted digital currency system skillfully solves the "double flower" problem, faithfully records all transaction data, guarantees the formality and traceability of each record, and the traces of all transactions are extremely difficult to destroy. .
  • a blockchain is a data structure that is chained from back to front by blocks containing transactions. It can be stored as a file containing non-relative relationship records, or stored in a simple database.
  • a block is a containerized data structure of aggregated transactions that is contained in a blockchain. It consists of a block header containing metadata and a long list of transactions that immediately follow the body of the block.
  • the block structure specifically includes: a block size, a block header, a transaction counter, and a transaction.
  • the transaction counter is used to record the number of transactions; the transaction is used to record transaction details, and the byte length is variable.
  • a SHA256 cryptographic hash is performed on each block header to generate a hash value, and the corresponding block in the blockchain can be identified by this hash value.
  • the block header is composed of three sets of metadata, and the first set of metadata is a set of data referring to a hash value of the parent block, and the set of metadata is used to connect the block to the previous block in the blockchain. .
  • the second set of metadata includes: difficulty, time stamp, and Nonce.
  • the third set of metadata is the Merkle tree root, which is used to effectively summarize the data structure of all transactions in the block.
  • the transaction is used for the blockchain to record various types of information.
  • the transaction is used to record how many Bitcoins A gives to B; for example, for a device sharing network, the transaction is used to record that user A shares device X for user B, and the transaction contains the identifier of A, the identifier of B, and the device.
  • the identification of X may even include the time, location, location information of the device, the effective time of sharing the device, and the like.
  • the present invention is not limited to the above two examples.
  • the blockchain includes the following features:
  • the entire network has no centralized hardware or management organization.
  • the rights and obligations between any nodes are equal, and the damage or loss of any node will not affect the operation of the whole system. Therefore, the blockchain system can be considered excellent. Robustness.
  • Participating in data exchange between each node in the whole system does not need to trust each other.
  • the operating rules of the whole system are open and transparent, and all data contents are also public. Therefore, within the scope and time range specified by the system, the nodes are It is impossible and impossible to deceive other nodes.
  • the data blocks in the system are maintained by all nodes with maintenance functions in the entire system, and these nodes with maintenance functions can be participated by anyone.
  • the entire system will be in the form of a sub-database, allowing each participating node to obtain a copy of the complete database. Unless the node can control more than 51% of the nodes in the whole system at the same time, the modification of the database on a single node is invalid, and the data content on other nodes cannot be affected. Therefore, the more nodes and the more computing power in the participating system, the stronger the computing power is. The higher the data security in the system.
  • nodes and nodes do not need to trust each other, there is no need to disclose identity between nodes and nodes, and each participating node in the system is anonymous.
  • the blockchain and blockchain system described in the present application can be applied to various networks (such as in the Internet of Things), and the block or blockchain nodes can be deployed on various network devices (such as IoT devices).
  • the network device includes industrial IoT devices, such as various industrial sensors, control modules, and the like; and may also be wearable devices, home appliances, home sensors, home control modules, etc., or base stations, enhanced base stations, or have scheduling Relay of functions, or devices with base station functions, etc.
  • the base station may be an evolved Node B (eNB) in the LTE system, or may be a base station in other systems.
  • eNB evolved Node B
  • the embodiment of the present application is not limited.
  • the foregoing various types of devices may be user equipment (UE), such as a mobile phone, a smart terminal, a multimedia device, a streaming media device, and the like.
  • the UE may also be another wireless network device, such as a base station (Node B).
  • Node B the form and type of the wireless network device are not limited herein.
  • the UE may communicate with one or more core networks via a radio access network (RAN), and the UE may also access the wireless network for communication by other means, and the UE may also directly perform wireless communication with other UEs.
  • RAN radio access network
  • the embodiment does not limit this.
  • each network device is collectively referred to as a network node, and the network node may be a first node, a second node that sends a request message, or may be a blockchain node on the blockchain.
  • the forwarded relay node may also be a data source node.
  • the network node includes but is not limited to a station, a base station, a UE, and a terminal.
  • the two concepts of the device and the node in the various embodiments of the present application are equivalent, that is, the device may refer to a node, a station, a UE, a network element device, a sensor, and the like.
  • the mobile edge calculation is combined with the blockchain technology, so that the requesting party can Information related to the data to be accessed, such as data information and key information of the data, is obtained from a block chain node that is closer to its location.
  • a data transmission method provided by the present application includes the following steps:
  • Step 201 The first node obtains data information and key information of data recorded on the first blockchain.
  • the data information is used to determine encrypted data to be accessed by the first node, where the data information includes encrypted data or address information of the encrypted data.
  • the key information of the data is used to obtain a key, which is used to decrypt the encrypted data to obtain data to be accessed, and the key information of the data includes: the encrypted data key or the storage is encrypted The address information of the data key.
  • the data information can be obtained from the blockchain, or obtained by the edge device, and can also be obtained directly from the data source node, which is not specifically limited in this application.
  • the key information of the data may be obtained from the blockchain, or may be obtained according to the indication information, such as the transaction index information, and may also be obtained by other means, such as obtaining from the edge device, etc., which is not limited in this application.
  • Step 202 Obtain encrypted data according to the data information, and obtain a key according to the key information of the data.
  • the first node may obtain the encrypted data directly from the data information; if the data information is the address information of the encrypted data, the first node determines the address of the encrypted data according to the address information, and obtains the address through the address.
  • the encrypted data is the encrypted data.
  • the process of obtaining the key by using the key information of the data includes: a possible manner, the first node decrypts the key information of the data by using the private key of the first node to obtain a key. .
  • Step 203 Decrypt the encrypted data by using the key to obtain data.
  • the method provided in this embodiment utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network. Or the burden of repeated transmission between multiple routes, less transmission delay.
  • the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data. Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
  • the first node receives a request message of another node (for example, the second node) for requesting the same data, and the first node may provide the other node with the Data information or key information of the data.
  • the key information of the data is generated by the private key or the public key of the first node through the incentive response in the PUF technology, thereby ensuring the security of the data related information transmitted in the blockchain network.
  • Asymmetric encryption algorithm The key of the asymmetric encryption algorithm is divided into a public key and a private key.
  • the user or the system generates a pair of keys, one of which is disclosed as a public key, and the other is a private key.
  • the sender encrypts the information by using the public key
  • the receiver decrypts the information by using the private key to complete the communication.
  • private key encryption can also be used to decrypt the public key. Since encryption and decryption use two different keys, this algorithm is also called an asymmetric encryption algorithm.
  • a common algorithm is, for example, an elliptic curve cryptographic algorithm, but the application is not limited to an elliptic curve cryptographic algorithm.
  • Hash algorithm It is a cryptographic algorithm that can only encrypt and cannot decrypt. It can convert any length of information into a fixed length string. This string has two characteristics:
  • SHA256 is a member of the SHA (Secure Hash Algorithm) family.
  • PUF technology Physical Unclonable Functions (PUF), its essence is a function, a certain input to this function, will get the corresponding output.
  • the use of the inevitable difference in the manufacturing process of the chip (random physical properties) produces a unique excitation-response pair, which is reflected in the circuit structure, ie the symmetrical structure results in an asymmetrical result due to the manufacturing process.
  • the main implementation methods of the current PUF technology may include:
  • Non-electronic PUF optical PUF, paper PUF, CD PUF.
  • Analog Circuit PUF Coating based PUF, threshold voltage based PUF, resistance based PUF.
  • Digital circuit PUF arbiter PUF, ring oscillator PUF, SRAM-PUF, latch PUF, butterfly PUF.
  • the private key of the first node may be generated based on a PUF technology. Further, according to the asymmetric security algorithm, the private key of the first node may generate a public key. That is to say, the first node may obtain the device fingerprint information by using the PUF technology, and generate the private key of the first node by using the device fingerprint information. Further, the public key can be generated by the private key using an asymmetric key algorithm.
  • the private key of the first node may be generated based on PUF technology: Specifically, according to “the PUF technology”, an incentive is input for any one device/node, and an excitation response is generated. For different devices/nodes, the generated stimulus responses are different, and thus the [stimulus, stimulus response] combination becomes the fingerprint information of a device/node.
  • the hash value of the excitation response is used as a public key generation source or a private key of the asymmetric key algorithm, that is, the first node private key may be expressed as [stimulus, response hash], or [responsive] Hash], or use the hash value of the stimulus response to generate a private key.
  • the corresponding public key is generated according to the asymmetric key algorithm.
  • the public key of the first node may be the node identifier of the first node or the address of the first node.
  • the public key of the first node/device is used to encrypt a key of the encrypted data to generate key information of the data; the corresponding private key is used to decrypt the key information of the data, and obtain the key information. Said key.
  • the public key of the first node/device is public information, that is, each blockchain node can obtain, and the private key is not public, only the first node/device itself.
  • the technical solution of the present application is exemplified in the technical scenario of the smart shared device and/or the shared big data.
  • This application scenario is only an example for understanding the technical solution of the present invention, and the present invention includes and is not limited thereto. .
  • the application scenario may include the following devices: node U1 (representing UE1), node N1 (representing Node1), node D (representing data source node Data source), one or more blockchains, and each zone.
  • the blockchain is composed of a plurality of blockchain nodes.
  • the present invention is described by taking the above scenario as an example. However, the method provided in this embodiment includes, but is not limited to, the foregoing scenario.
  • This embodiment provides a data access method, which specifically includes the following steps:
  • Step 301 The first node (for example, the node U1) sends a first request message, where the first request message is used to request key information of the data information and/or the data.
  • the data information includes encrypted data or address information of the encrypted data
  • the key information of the data includes: an encrypted data key or address information storing an encrypted data key, and key information of the data. Used to get the key.
  • the first request message includes first information, for example, the first information includes one or more combinations of a data ID, a first node identifier, or transaction index information.
  • the first node identifier may be the device identifier of the first node, the IP address of the first node, the public key of the first node, or other types of identifiers, which is not limited in this application, as long as the first node can be identified. All fall within the scope of protection of the present invention.
  • the data identifier may be the same as or different from the first node identifier.
  • the transaction index information is used to determine a first blockchain transaction, wherein the first blockchain transaction records key information of the data, and further, the transaction index information includes: a block number One or more of the block height, the transaction index number, or the blockchain identifier.
  • the transaction index number is exemplified by the transaction index number X, and is used to indicate the serial number of the transaction in the block, for example, the Xth transaction.
  • the block number is exemplified by the block number Y, and is used to indicate that the block is the Yth block in the blockchain.
  • the block height is used to indicate the location of the block in the blockchain, that is, to indicate that the block is the number of blocks in the blockchain.
  • the first node may send the first request message directly to the data source node.
  • the first node may send the first request message to the relay node or a certain blockchain node, for example, may send the first request message to the first blockchain node, and through the relay node or The first block chain node obtains related data information and key information of the data, wherein the relay node and the first block chain node may be the same node or different nodes.
  • Step 302 After receiving the first request message sent by the first cut point, the first block chain node or the relay node sends a message to the data source node according to the content of the first request message, where the message includes the first A message for requesting data information and/or key information of data required by the first node.
  • the message sent by the first blockchain node may be the same as the first request message.
  • Step 303a The data source node records the address information of the data or the data on the second blockchain or the second blockchain node.
  • the data includes encrypted data that the first node requests to access.
  • Step 303b The data source node obtains and encrypts a key (key) of the encrypted data that the first node requests to access by using the public key of the first node, and generates key information of the data.
  • the data source node receives a request message sent by the first node or the relay node or the blockchain node, where the request message is used to request access to the data.
  • the data source node obtains the public key of the first node according to the message, and encrypts the key of the encrypted data that the first node requests to access by using the public key of the first node to generate key information of the data.
  • the data source node encrypts the data, and then puts the encrypted data on the blockchain, or puts the storage address of the encrypted data on the blockchain.
  • the blockchain may be a second blockchain or a first blockchain.
  • Step 304 The data source node records the key information of the data on the first blockchain.
  • the step 304 includes: in a first implementation manner, the first blockchain node records the event of the key information of the data as a first transaction, and records and stores the information on the first blockchain; according to the consensus of the blockchain
  • Each blockchain node on the first blockchain of the mechanism stores key information of the data, and when one of the blockchain nodes, for example, the first blockchain node receives the first node or the relay node sends the first When a message is requested, the key information of the data is sent to the first node.
  • the data source node broadcasts the key information of the data as a first transaction of the first blockchain to the first blockchain node, so that the transaction is saved in the first blockchain. In the block.
  • Step 305 The first blockchain node obtains key information of the data, and sends the key information of the data to the first node.
  • the first blockchain node may determine the first blockchain transaction by using the transaction index information, and obtain key information of the data from the first blockchain transaction.
  • the transaction index information may be generated by the data source node and sent to the first blockchain node or the relay node.
  • the first blockchain node or the data source node directly sends the key information of the data to the first node.
  • the first blockchain node or the data source node first sends the key information of the data to the relay node, and then the relay node sends the key information of the data to the first node.
  • step 304 and step 304 is not limited in the embodiment, that is, the method may first perform step 304, and the data source node may first record the key information or transaction index information of the data.
  • step 301 when the first block chain node or the relay node receives the first request message from the first node, the key information or transaction of the data in the blockchain is performed.
  • the index information is sent to the first node.
  • Step 306 The first node obtains key information of the data recorded on the first blockchain, and decrypts the key information of the data by using the private key of the first node to obtain a key (key ).
  • the first node receives the transaction index information sent by the first node, determines a first blockchain transaction according to the transaction index information, and records the key information of the data in the first blockchain transaction.
  • the first node obtains key information of the data from the first blockchain transaction.
  • the transaction index information may include at least one or a combination of a block number, a block height, a transaction index number, or a blockchain identifier, and the transaction index information may be
  • the first block chain node is generated and can also be generated by the data source node and sent to the first block chain node.
  • the first node may directly obtain the key information of the data sent by the first blockchain node, or may also be the key information that the first node acquires the data from the first blockchain.
  • Step 307 The first node obtains data information from the second blockchain node, where the data information includes: encrypted data or address information of the encrypted data, and may also have a mapping relationship with the address of the encrypted data. Information, etc.
  • the first node may obtain the data information in any of the following different manners, specifically:
  • the first node may obtain data information from the first blockchain or the second blockchain; or
  • the first node receives data information sent by the first blockchain node, where the first blockchain node may be any node in the first blockchain; or
  • the first node receives data information sent by the relay node or the data source node.
  • the first blockchain and the second blockchain may be the same or different.
  • the data information obtained from the blockchain, the blockchain node, or the relay node may be provided by the data source node, including: the data source node stores the generated data information in a second blockchain Up, or a node on the second blockchain, and then the second blockchain node sends the data information to the first node.
  • the obtaining, by the first node, the data information includes:
  • the first node obtains transaction index information, and determines a blockchain transaction according to the transaction index information, wherein the blockchain transaction is recorded on a first blockchain or a second blockchain, and the zone
  • the data information is recorded in the blockchain transaction;
  • the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
  • the first node sends transaction index information to the relay node, and receives data information that is sent by the relay node according to the transaction index information.
  • the first node may obtain the data information in other manners, which is not limited by the embodiment of the present application.
  • the first node acquires data information according to the transaction index information, and can prevent the encrypted data or the address information of the encrypted data from being directly transmitted in the network, and is easily stolen, and the data information is further improved by using the transaction index information. Security of the transmission.
  • Step 308 The first node obtains encrypted data according to the data information, and decrypts the encrypted data by using a key to obtain data.
  • the data information may be encrypted data to be accessed, or address information corresponding to the encrypted data. Further, if the data information is encrypted data, when the first node receives the data information, Obtaining the encrypted data; if the data information is address information of the encrypted data, the address stored by the data may be encrypted by determining the address information, and then the encrypted data is obtained by using the address.
  • the first node decrypts the obtained encrypted data by using the key obtained by decrypting in step 306 to obtain data to be accessed.
  • the method provided in this embodiment utilizes a data consensus mechanism on the blockchain, so that the requesting party, that is, the first node, can obtain data information from the blockchain or any node on the blockchain, thereby reducing data information in the core network or
  • the burden of repeated transmission between multiple routes reduces transmission delay and improves transmission efficiency.
  • the first node obtains key information of the data from the blockchain, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read With this data, other nodes cannot decrypt and access the data, thereby improving the security of data transmission.
  • the method may further include:
  • Step 309 The first node obtains the data information and the key information obtained from the blockchain as a transaction event, and records it on the third blockchain.
  • the transaction event may be referred to as a first transaction event or a first transaction. Further, the first node may broadcast the first transaction event to any node of the third blockchain to record the first transaction event on the third blockchain.
  • the first transaction event recorded on the third blockchain may include one or more of the following: a data identifier, a device identifier accessing the data, a time of accessing the data, transaction index information, and a first blockchain.
  • the transaction identifier information of the blockchain includes: a block number of the transaction and/or an index of the transaction.
  • the encrypted data or the data information of the encrypted data may also be recorded, stored, and stored in the second blockchain. on.
  • the first blockchain a transaction that records key information of data.
  • Second blockchain A transaction that records data information.
  • the third blockchain records the event transaction, for example, records the key information of the first blockchain node providing data for the first node, and the second blockchain node provides the first node with data information.
  • the transaction recorded by the first blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a first The public key of the node, the key information of the data, the transaction index information, the time of accessing the data, the identifier of the first block chain node, the transaction identification information of the first block chain node, the hash hash of the data, and the key information of the data Hash and so on.
  • the transaction recorded by the second blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a first The public key of the node, the transaction index information, the second block chain node identifier, the transaction identifier information of the second block chain node, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information of the data Hash, stimulus, hash of stimulus response, time to generate response, etc.
  • the transaction recorded by the third blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a public key of the first node, and access data.
  • a connection identifier a connection identifier
  • a cross-chain identifier identification information of the first node
  • a data identifier a data identifier
  • a first node identifier a public key of the first node
  • access data Time, blockchain node identifier, transaction chain identification information of the blockchain node, transaction index information, cross-chain identification, data hash hash, data information hash, encrypted data address information hash, data key information hash
  • the first node acquires the transaction of the key information of the data information and the data
  • the first blockchain provides the key information of the data for the first node
  • the key information of the second blockchain for providing the data for the first node.
  • the hash hash of the data recorded in the blockchain transaction is used to verify the authenticity and integrity of the data transmission. Specifically, for example, after decrypting the data, the first node obtains the hash of the decrypted data according to the hash algorithm. The first node also retrieves the data hash from the blockchain (eg, the second blockchain). Further, the first node compares the hash of the data with the hash of the decrypted data, and if the two values are inconsistent, the data obtained by the first node is falsified data; or, if the two values are consistent, the first The data obtained by a node is trusted data.
  • the blockchain eg, the second blockchain
  • the first blockchain, the second blockchain, and the third blockchain may be the same blockchain.
  • the identifier may be identified, for example, Connect the logo to connect.
  • the three associated transactions may be connected by a cross-chain identifier, that is, by cross-chaining
  • the identity establishes an association.
  • the third blockchain recording the event transaction may be the same as the first blockchain or the second blockchain, for example, the first blockchain transaction Recording: an transaction of the key information of the data and an event transaction in which the first blockchain node provides key information for the first node; the two blockchain transaction records: a transaction of data information and an event transaction in which the second blockchain node provides data information for the first node, then two transactions in the first blockchain for the first node may be identified by a connection Establishing an association, two transactions in the second blockchain for the first node may also be associated by a connection identifier, for the first node, the first blockchain and the second blockchain Transactions in these two blockchains can be linked by cross-chain identification.
  • connection identifier In a nutshell, associated transactions in the same blockchain are associated with a connection identifier, and associated transactions in different blockchains are associated with a cross-chain identity.
  • the connection identifier and the cross-chain identifier may be two different identifiers, or the connection identifier and the cross-chain identifier may be the same identifier, thereby being in the same blockchain and different blockchains. Establish a connection relationship with related transactions.
  • the relay node may be a blockchain node, such as a first blockchain node, and then perform the method steps of the first blockchain node.
  • the relay node may also be an edge device node, for example, the base station Node1 (N1 for short), for receiving and forwarding related information of the first node, and sending various feedback information in the blockchain network to the first node. .
  • a node on the second blockchain for example, a second blockchain node
  • a node for storing or recording the data information may be the same node as the data source node. It can also be a different node.
  • the first blockchain node and the second blockchain node may be the same node, or Is a different node.
  • the first blockchain node and the data source node may be the same node or different nodes, which is not limited in this application.
  • the method of the present application further includes:
  • the first node verifies the decrypted data, and specifically includes:
  • the first node obtains a data hash, wherein the first node may be obtained from a provider second blockchain or a second blockchain node of the data information, and may also be obtained from a data source node or other nodes.
  • the data hash includes: a hash hash of the data requested to be accessed, a data information hash, an address information hash of the encrypted data, a key information hash of the data, and the like.
  • the first node determines whether the accessed data is tampered with according to the data hash.
  • the first node in step 308 uses the decrypted data to obtain a hash of the decrypted data according to the hash algorithm; the first node compares the hash of the data with the hash of the decrypted data, and if the two values are consistent, the first The data obtained by one node is trusted data. If the two values are inconsistent, the data obtained by the first node is the data that has been tampered with.
  • step 305 in the embodiment, before the first blockchain node sends the key information of the data to the first node, the first node obtains the key information of the data to be described in detail.
  • the specific process includes:
  • the first blockchain node receives a request message sent by the first node or a relay node, where the request message includes first information; the first information includes a data identifier, a first node identifier, or a transaction index. Any of the information.
  • the first blockchain node searches for the first information according to one or more of a data identifier, a first node identifier, a public key of the first node, or transaction index information in the first information.
  • a transaction in which key information of the data is recorded.
  • the method includes searching for the transaction in any of the following ways:
  • the transaction related to the data identification is searched according to the data identifier
  • the transaction related to the first node identifier is searched according to the public key of the first node;
  • the transaction related to the transaction index information is searched according to the transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier; or
  • a fifth manner searching for a transaction related to the first node identifier according to two or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information;
  • the condition of the first identifier is added to improve the accuracy of the search.
  • the first block chain node obtains a first identifier, where the first identifier includes: a first block chain node identifier, a transaction identifier information of the first block chain node, a second block chain node identifier, and a second The transaction identification information, the connection identifier or the cross-chain identification of the blockchain node, and the like, determining the transaction according to the first information and the first identifier.
  • the first identifier may be pre-stored on the blockchain, or the first blockchain node may be obtained from the data source node.
  • the related information may be searched for by other means or by adding new information, thereby providing the first node with key information of the data.
  • the other methods are not limited in this application.
  • the first blockchain node can quickly find the first blockchain that matches the information by using the data identifier or the first node identifier or the transaction index information included in the first information, and the first identifier. Transaction, and then quickly obtain the key information of the data through the information recorded in the transaction, thereby realizing the rapid acquisition of the shared information on the blockchain, compared to the key information obtained from the data source node or the data provider, Reduced time.
  • the process of searching for the data information required by the first node by the first block chain node or other nodes, such as the second block chain node or the data source node may also be referred to any of the foregoing first to sixth methods.
  • the transaction is not described in this embodiment.
  • This embodiment provides a data transmission method, and the method can be used for a node that does not apply for accessing data for the first time, for example, a process in which the first node initiates data access to the blockchain network.
  • the method may also be performed on the basis of the first embodiment. After the first node applies for accessing data for the first time, the first node in this embodiment initiates an access request for the same data.
  • the method can also be performed separately, and the first node initiates a data access request to the blockchain node.
  • This embodiment is based on the method step of the first node requesting access to data for the first time in the first embodiment, and the first node requests access to the same data for detailed description.
  • the first blockchain is used to record key information of data.
  • the key information of the data has been recorded as a transaction of the first blockchain and recorded in the first blockchain.
  • the key information of the corresponding data has been recorded as a through transaction in the first blockchain.
  • the third blockchain can be used to record key information for node X to provide data information and/or data for node Y.
  • the "node X provides the key information of the node Y for the data information and/or the data" event as the transaction of the third blockchain
  • the transaction of the third blockchain may be called Specifically for the event transaction, the following may be included: "Node X provides data information for node Y", or may be "Node X provides key information for node Y", "Node X provides data information for node Y and Key information").
  • the first node needs to access the data, and the relay node provides the first node with the data information and/or the key information of the data as the third blockchain transaction (also called event transaction) recorded in the area.
  • the third blockchain transaction also called event transaction
  • the first node needs to access certain data, which is data that has been encrypted.
  • the first node needs to obtain the data, as well as the key of the data.
  • the first node obtains the data by finally obtaining the data information of the data and the key information of the data, thereby finally decrypting the encrypted data according to the two pieces of information.
  • the method includes the following steps:
  • Step 401a Recording the key information of the data as a transaction of the first blockchain in the first blockchain.
  • the data source node records the key information of the data on the first blockchain.
  • the key information of the data is key information of data that the first node needs to access, and is recorded in the first blockchain.
  • the key information of the data may be generated by the data source node encrypting the data key (key) by using the public key of the first node.
  • the key information of the data includes an encrypted data key (key) or address information of the encrypted data key.
  • Step 401b Record data information (including address information of data or data) and data hash hash on the second blockchain.
  • the data source node records the data or data-related address information as a transaction, and records it in the second.
  • the blockchain node On the blockchain node.
  • the data information is encrypted data requested by the first node, or address information of the encrypted data.
  • the information recorded in the second blockchain may further include one or more of the following: a data identifier, a first node identifier, a device identifier of the first node, a public key of the first node, transaction index information, and a second region.
  • the transaction of the second blockchain may include one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a Public key of a node, transaction index information, second block chain node identifier, transaction identification information of the second block chain node, data information hash, address information hash of encrypted data, or key information hash of data, incentive, incentive
  • the data hash, the data hash hash, and the data hash are the same meaning in the present invention.
  • the three words can be collectively referred to as the hash of the data.
  • Step 402 The first node sends a request message to the relay node.
  • the request message may be used to request access to certain data or the data information and/or key information requesting the data.
  • the data information may be encrypted data or address information of the encrypted data.
  • the key information of the data may be an encrypted data key or address information storing an encrypted data key.
  • the request message includes first information, where the first information includes one or more of a data identifier, a first node identifier, a first node public key, or transaction index information that the first node requests to access.
  • the second request message may further include the first identifier, where the first identifier includes transaction identifier information, a blockchain node identifier, a connection identifier, or a cross-chain identifier of the blockchain node.
  • the relay node may be the node closest to the first node, and the relay node may be a node on the blockchain.
  • Step 403a The relay node receives the request message, and searches for a transaction related to the first information according to the first information carried in the request message, and obtains corresponding data from the transaction. Key information.
  • the process of the relay node searching for the related transaction and the key information of the obtained data may refer to the specific description of step 305 in the first embodiment.
  • the relay node searches, according to the first information, whether there is a transaction related to the first information, where the key information of the data is recorded; if yes, from the transaction The key information of the data is obtained; if not, the access is denied.
  • the relay node obtains the key information of the data from the transaction, including: the relay node sends the request message to the first blockchain node, the first block The chain node receives key information of the data fed back according to the request message.
  • the relay node may further search for the key information of the data information and the data according to the first identifier and the first information, where the first identifier includes: a first blockchain The node identifier, the transaction identifier information of the first blockchain node, the second blockchain node identifier, the transaction identifier information of the second blockchain node, or the cross-chain identifier.
  • Step 403b The relay node determines whether the first node has access rights.
  • determining whether the first node has the right to access the data includes: determining whether there is a transaction related to the first information requested by the first node on the blockchain, that is, determining whether the first node acquires the corresponding data.
  • the key information if there is a related transaction, or obtains the key information of the data, indicates that the first node has access rights; otherwise, it does not have access rights.
  • the method further includes: the relay node, when determining that the first node does not have the access right, feeding back a message to the first node, where the message is used to notify the first node that the data acquisition fails, or the message includes the first node There is no permission to access the content of this data.
  • Step 404a If there is access authority, the relay node may provide data information for the first node. Specifically, when the data information is provided, it is determined whether the data information is stored locally at the first node.
  • Step 405a If stored, directly send the data information to the first node.
  • Step 405b If the first node does not store the data information, the relay node may acquire the data information from other nodes.
  • the relay node sends the request message to the second blockchain node, and the second block chain node determines, according to the first information carried in the request message, the first information. Data information and send the data information to the relay node.
  • the first node may further obtain the data information from the data source node or the first blockchain or other neighboring relay nodes.
  • the relay node sends the request message to the data source node, where the data source node determines the related data information according to the first information carried in the request message, and the data is Information is sent to the relay node.
  • Step 406 The data information sent by the relay node to the first node and the key information of the data.
  • Step 407 The first node obtains the encrypted data according to the data information, and decrypts the key information of the acquired data by using a private key of the first node to obtain a key, and then uses the key pair to Encrypted data is decrypted to obtain access data.
  • the process in which the first node obtains the encrypted data by using the data information, and obtains the key by using the key information of the data, and decrypts the obtained data is the same as that in the first embodiment, and may refer to step 306 and step 308 of the first embodiment. This embodiment will not be described again.
  • the method provided in this embodiment utilizes a data consensus mechanism of a blockchain.
  • the first node may directly obtain key information of data information and data from an edge device that is closer to the distance, such as a relay node. Therefore, the first node can be prevented from obtaining the information from the data source node that is far away, resulting in a long transmission delay, and can also avoid repeated transmission of data between the core network or the relay node.
  • the relay node verifies whether the first node has access rights according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result.
  • the node that does not have permission is denied access request, which improves the transmission efficiency and guarantees the rights of the data provider.
  • the relay node may be the same as or different from the first blockchain node, and the relay node may be an edge device, such as a base station.
  • the method described in this embodiment further includes:
  • Step 408 The first node records, as a block transaction, a "relay node providing data information of the first node and key information of the data" as a blockchain, which is recorded on the blockchain.
  • a “relay node providing data information of the first node and key information of the data” as a blockchain, which is recorded on the blockchain.
  • the blockchain may be a first blockchain or a third blockchain, or a new blockchain.
  • the event transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first blockchain node.
  • Transaction identification information second blockchain node identifier, transaction identification information of the second block chain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or data key information Hash and so on.
  • First blockchain a transaction that records key information of data
  • Second blockchain a transaction that records data information
  • the third blockchain recording event transactions, including: recording key information of the first blockchain node providing data for the first node, and the second blockchain node providing data information for the first node (Embodiment 1), and
  • the relay node in this embodiment provides the first node with data information and key information of the data.
  • first blockchain, the second blockchain, and the third blockchain are the same blockchain, that is, all three transactions are recorded on the same blockchain, then the various blocks on the blockchain Transactions can be connected by a connection identifier. If the three blockchains are different blockchains, then the three associated transactions can be connected by a cross-chain identity.
  • the transaction of the first blockchain is used to record key information of the data to ensure data security and access rights.
  • the transaction of the first blockchain includes information such as: data identification, device identification, data key information, data hash, and the like.
  • the second blockchain is used to record the number information to ensure traceability of the data transaction; the second blockchain transaction records information including: data identification, device identification, and transaction of the first blockchain.
  • the third blockchain is used to provide key information for the first node and the first node with data information and/or data.
  • the transaction of the third blockchain includes: data identification, device identification, data address, data hash, transaction identification information of the first blockchain, and transaction identification information of the second blockchain.
  • an event transaction in which the “relay node provides the first node with the data information and the key information of the data” may also be recorded on the first blockchain and the second blockchain respectively, for example, the relay node
  • An event transaction for providing key information of the data for the first node is recorded on the first blockchain
  • an event transaction for providing the relay node with the data information for the first node is recorded on the second blockchain.
  • the process of obtaining the key information of the data information and/or the data according to the request message from the first node is specifically implemented in the following manner:
  • Manner 1 The relay node reads, according to the first information, the key information of the data in the first blockchain, where the key information of the data is data that the first node needs to access. Data key information;
  • the relay node obtains the data key information
  • the first node has the right to access the data, whereby the relay node transmits the data information and the key information of the data to the first node.
  • the method further includes: the relay node may send a message to the first node to notify the first node to request data failure, or notify the first The node does not have access to the data, or the notification denies providing data to the first node.
  • Manner 2 The relay node sends a request message to the first blockchain node according to the first information, and is used to request the data key information, where the data key information is a data that the first node needs to access. Corresponding key information.
  • the message fed back to the relay node by the first blockchain node includes the key information of the data, it indicates that the first node has the right to access the data, and then the relay node provides the first node with the data information and The key information of the data, for example, the relay node sends the data information and the key information of the data to the first node.
  • the method further includes: the relay node sends a feedback message to the first node, where the feedback message is used to notify the first node that the data request fails, or does not have access to the data, or denies access and the like.
  • first node in the various embodiments of the present application may be the same node or the different node in the first embodiment, in order to correspond to various possible technical solutions of the present application.
  • first node is used as an example.
  • second node or the third node may be named. This application does not limit this.
  • the embodiment further provides a data transmission method.
  • the method includes a three-part process, namely, an A part, a B part, and a C part, wherein the A part method describes a process in which the first node (U1) requests access to data.
  • the Part B method describes the process by which the second node (U2) requests access to the data, and the Part C method describes the process by which the third node (U3) requests access to the data.
  • the three parts of the method flow can be independently executed, or a combination of two or two, for example, the combination of the A part and the B part, the combination of the B part and the C part, or the combination of the A part, the B part and the C part. This is not limited.
  • the method flow of Part A describes the process by which the first node U1 requests access to data.
  • FIG. 5 it includes:
  • Step A1 The data source node (for example, the data provider) records the information of the data as a transaction on the first blockchain.
  • the key information of the data may be an encrypted data key (key), or address information stored by the data key, etc.; specifically, the key information of the data is an encrypted data key (key):
  • the key of the data is encrypted by using a public key of the device accessing the data (for example, the public key of the node U1), and the key information of the data is recorded as a transaction. On a blockchain.
  • Step A2 The node U1 sends a request message to the node N1, and the request message is used to request access to the data.
  • the request message includes at least one of the following: a data identifier (Data ID), a node U1 identifier (or a device identifier of the first node), a public key of the node U1 or transaction index information, and may further include a first area.
  • Data ID data identifier
  • node U1 identifier or a device identifier of the first node
  • public key of the node U1 or transaction index information may further include a first area.
  • the identification of the blockchain etc.
  • Step A3 The node N1 (for example, the node Node1) receives the node U1 to send a request message, and obtains the key information of the data corresponding to the data requested by the node U1 according to the content carried in the request message.
  • a possible implementation manner is that the node N1 searches for a transaction (the transaction) related to the identifier of the data and the identifier of the node U1 in the first blockchain according to the data identifier and the identifier of the node U1 in the request message, if any Corresponding transaction records, the key information of the corresponding data is obtained from the first blockchain.
  • the method further includes: determining, by the node N1, whether key information of the data corresponding to the data requested by the node U1 to access the data is recorded in the blockchain, and if there is key information of the data recorded by the transaction, indicating that the node U1 has the access right; Otherwise, there is no permission to access the data.
  • the key information of the data of the node U1 may be searched according to other information in the request message, for example, the transaction index information.
  • the transaction index information For details, refer to the description in the first embodiment and the second embodiment, and details are not described herein again.
  • Step A4 The node N1 obtains key information of the data from the first blockchain.
  • Step A5 After receiving the request message sent by the node U1, the node N1 sends the data request message to the second blockchain or the second blockchain node.
  • the data request message may include, for example, one or more of a data identifier, a node U1 identifier, a public key of the node U1, transaction index information, or a first blockchain identifier.
  • Step A6 After receiving the request message from the node N1, the second blockchain node verifies the access authority of the node U1, and sends the data requested by the node U1 to the node N1.
  • the method for verifying the access authority is: determining whether the node N1 or the first block chain has a transaction, and recording the data identifier or the device identifier of the node U1, that is, determining whether there is a node on the blockchain.
  • the data is data information, and the data information includes encrypted data or address information storing the encrypted data.
  • Step A7 The node N1 transmits the data information and the key information of the data to the node U1.
  • Step A8 The node U1 receives the key information of the data information and the data from the node N1, obtains a key (key) for accessing the data through the key information of the data, and decrypts the encrypted data by using the key. Access the data.
  • the process of requesting access to data by the node U2 to the blockchain is described in the process of Part B.
  • the key information for providing data information and data to the node U2 in the process may be from the same node.
  • the process includes:
  • Step B1 The data source node records the key information of the data on the first blockchain, and the key information of the data is generated by encrypting the data key requested by the node U2 by using the public key of the node U2.
  • Step B2 The node U2 sends a request message to the node N1, where the request message includes one or more of a data identifier, a public key of the node U2, a node U2 identifier (node U2ID), or transaction index information.
  • the request message includes one or more of a data identifier, a public key of the node U2, a node U2 identifier (node U2ID), or transaction index information.
  • Step B3 After receiving the request message, the node N1 determines, according to the data identifier carried in the request message, that the data requested by the node U2 is stored on the node N1.
  • the node N1 determines whether the node U2 has the data access authority. Specifically, the implementation manner is: the node N1 determines whether the key information of the data required by the node U2 can be obtained. If yes, node U2 has access rights; otherwise, it does not have access rights.
  • the node N1 When it is determined that the node U2 has the access right, the node N1 further determines whether the data information required by the node U2 is stored locally; if the data information is stored, the data information may be directly provided to the node U2; For storage, data information can be obtained from other nodes first, and then the data information is sent to node U2.
  • the node N1 queries the related transaction according to the request message, and obtains key information of the encrypted data of the data. Specifically, the node N1 searches for a related transaction in the first blockchain according to the content in the request message, and the key information of the data is recorded in the transaction.
  • Step B4 The node N1 obtains key information of the data from the first blockchain.
  • Steps B5 and B6 The node N1 transmits the data information and the key information of the data to the node U2.
  • Step B7 The node U2 obtains a data key (key) accessing the data by using the key information of the data, and decrypts the encrypted data according to the data key key to obtain the access data.
  • a data key key
  • Step B8 Node N1 will provide data information and data key information for node U2 as a transaction, which is recorded on the third blockchain.
  • the process of requesting access to data by the node U3 to the blockchain is described in the C-part process, in which key information for providing data information and data to the node U3 may come from different nodes.
  • the process includes:
  • Step C1 The data source node records the key information of the data on the first blockchain, and the key information of the data is generated by encrypting the data key requested by the node U3 by using the public key of the node U3.
  • Step B2 The node U2 sends a request message to the node U2, where the request message includes one or more of a data identifier, a public key of the node U3, a node U3 identifier (node U3ID), or transaction index information.
  • the request message includes one or more of a data identifier, a public key of the node U3, a node U3 identifier (node U3ID), or transaction index information.
  • the node U2 is a node that is closer to the node U3.
  • Step C2 The node U2 receives the request message sent by the node U3, and provides the corresponding data information to the node U3.
  • the process of the node U2 providing the data information to the node U3 is the same as the step B2 to the step B5 in the process of the B part, and may refer to the specific steps in the process of the B part, and details are not described in detail.
  • Step C3 Node U3 obtains data key information from node N1.
  • a possible implementation manner is that the node U3 sends a request message to the node N1, and the request message is used for requesting key information of the data.
  • the node N1 searches for a transaction related to the data identifier and the node U3 device identifier in the first blockchain according to the request message, and obtains key information of the data from the record of the transaction, and the node N1 densifies the data.
  • the key information is sent to node U3.
  • the process may also refer to step 2 to step 5 of the part B process.
  • Step C4 The node U3 receives the data information from the node U2, and the key information of the data from the node N1, and obtains a data key (key) for accessing the data through the key information of the data, and according to the data key The key key decrypts the encrypted data to obtain the access data.
  • Step C5 Node U2 will provide data information for node U3 as a transaction, recorded on the third blockchain.
  • Step C6 The node N1 records the key information of the data for the node U3 as a transaction and records it on the third blockchain.
  • the transaction in the third blockchain records: a data identifier requested by the third node, a third node identifier, a public key of the third node, and a data address/address information of the third node requesting access to the data, Data/address information hash, transaction index information, transaction identification information of the first blockchain, connection identifier or cross-chain identification.
  • the node U2 after a node in the network, for example, the node U2 accesses and stores the data information, when another node adjacent thereto, for example, the node U3 requests to access the same data again, the node U2 can directly provide the node U3. Data or data information, thereby preventing node U3 from requesting data from a remote data source node, and saving repeated transmission time and load of data between the core network or multiple network devices, thereby improving transmission efficiency.
  • U1 first initiates a data access request to the blockchain network, and the first block chain node searches for and provides corresponding data according to the request message sent by the node U1.
  • the second block chain node provides data information related to the data for the first node, and sends the data information to the node U1, wherein the relay node N1 is closer to the first node Save the data information.
  • the node U2 initiates a data access request to the blockchain network. If the related data information is stored on the relay node N1, and the node U2 has the data access right, the relay node may store the stored data information.
  • the key information of the data obtained by the first blockchain transaction is provided to the node U2, that is, the data information requested by the node U2 and the key information of the data are all from the same node N1, thereby improving the transmission efficiency and reducing. delay.
  • the identity of the node U2 is verified according to the key information of the data recorded on the blockchain, and the access request is rejected for the node that does not have the access right.
  • the transmission delay is reduced while ensuring the benefit of the data source provider.
  • the node U3 initiates a data access request to the blockchain network, and the requested message is received by the node U2 that is closer to the location. Since the node U2 records and stores the data information, the node U3 can have access rights on the verification node U3. In the case of the data, the corresponding data information is sent, and the first blockchain node is notified to provide the key information of the corresponding data for the node U3.
  • the data information obtained by the node U3 is from the node U2, and the key information of the data is from the first blockchain or the first blockchain node, and the information of different nodes is provided.
  • a first blockchain a transaction for key information for recording data
  • a second blockchain for A transaction that records data information
  • a third blockchain used to record event transactions
  • more or fewer blockchains can be included to record individual transactions in the network and identify or cross-connect through the connection
  • the chain identification is associated with each transaction.
  • This application does not specifically limit the number of blockchains and the transaction content of each blockchain record.
  • the present application may include more embodiments according to the different combinations of the above three parts A to C, for example, the part A process and the part B process are combined into one embodiment, or the part A process and the C part.
  • the combination of the processes, or the combination of the B-part process and the C-part process, is not exemplified herein.
  • a transmission system includes: a terminal device, an access node, and the access node may be a relay node, an access device, or a mobile edge computing (Mobile Edge Computing). , MEC) device, at least one blockchain, and thus a data source node, such as node D.
  • MEC Mobile Edge Computing
  • This embodiment provides a data access authority control method, where the method includes:
  • Step 601 The data source node stores the encrypted data that needs to be provided in the access node.
  • Step 602 The terminal device initiates a process of interacting with the data provider to obtain data access rights when the service or data needs to be acquired.
  • the data provider interacts with the terminal device to enable the terminal device to gain access to the data.
  • Step 603A The data provider records the access control authority of the terminal device on the first blockchain.
  • the access control authority may be represented as key information.
  • the terminal device since the data provider interacts with the terminal device in step 602, the terminal device obtains access rights to the data. Thereby, the data provider encrypts the key of the encrypted data by using the public key of the terminal device, and the encrypted key is recorded as the information of the first blockchain of the key information on the first blockchain.
  • the key information includes: an encrypted key, a hash of the encrypted key, and a key
  • Step 603B The data provides that the data information of the terminal device is on the second blockchain.
  • the data information includes at least one of the following: a hash of the data, an encrypted data hash, an encrypted data, and an address of the encrypted data.
  • the data information includes at least one of the following: encrypted data that the first node needs to access, address information of the encrypted data, or a hash of the encrypted data, the data hash;
  • the key information of the data includes at least one of the following: an encrypted data key, address information of the encrypted data key, a hash of the encrypted data key, and a hash of the key address.
  • Step 604 The user equipment obtains blockchain transaction index information related to the data it wants to access.
  • the blockchain transaction index information includes: a block height, a block number, a blockchain identifier, and a transaction index number, and may also include a data identifier, a terminal device identifier, or a blockchain node identifier that the terminal device requests to access. .
  • Step 605 The user equipment sends a request message to the access device, where the request message is used to request key information of the data.
  • the first information includes one or more of a data identifier, a first node identifier, a first node public key, or transaction index information.
  • the terminal device selects an access node in a direct or indirect manner.
  • the access node is a device that is closest to the location of the terminal device, and then sends the request message to the access node.
  • Step 606 After receiving the request message, the access node checks whether the terminal device has the access right according to the transaction index information carried in the request message through the access control blockchain (for example, the first blockchain).
  • the access control blockchain for example, the first blockchain.
  • the access node may obtain, by using an access control blockchain node, key information of whether the data is saved in the blockchain.
  • the transaction index information if a corresponding transaction is found in the first blockchain, and the transaction is used to record data key information of data that the terminal device needs to access, it indicates that the terminal device has access rights; otherwise, The terminal device does not have access to the data.
  • Step 607 If the access node confirms that the terminal device has the access right, the access node provides the key information and/or the encrypted data to the terminal device.
  • this step is to provide the key information and the encrypted data as an example to illustrate the invention: if the access node confirms that the terminal device has the access right, the access node determines whether the access node saves the encrypted data, if the save The access node provides the key information and the encrypted data obtained from the first blockchain to the terminal device.
  • the access node may determine whether the encrypted data is saved according to the first information provided in the request message.
  • Step 609 The terminal device acquires key information of the encrypted data and the data, decrypts the key information of the data by using the private key of the terminal device to obtain a key, and performs the encrypted data by using the decrypted key. Decrypt, get access to the data.
  • Step 610 The terminal device obtains a hash of the data from the second blockchain.
  • the second blockchain is used to record data information.
  • the data information includes at least one of the following: a hash of the data, an address of the data, a hash of the encrypted data, an encrypted data, a storage address of the data, and the like.
  • Step 611 The terminal device obtains the hash of the decrypted data by using the decrypted data and the hash algorithm, and determines whether the hash of the data and the hash of the decrypted data are the same. If the two values are the same, the data obtained by the terminal device is Reliable data, if not the same, the data obtained by the terminal device is the data that has been tampered with.
  • Step 612 The terminal device provides the access node to the terminal device to provide data as a transaction, and records the data on the third blockchain.
  • the terminal device provides the access node to the terminal device to provide data as a transaction, and records the data on the third blockchain.
  • the transaction of the third blockchain includes at least one of the following: a connection identifier, a cross-chain identifier, a terminal device identifier, a data identifier, a public key of the terminal device, a time for accessing the data, a blockchain node identifier, and a blockchain.
  • the terminal device compares the data hash on the acquired blockchain with the hash generated by the decrypted data to verify the authenticity and integrity of the decrypted data, so that the first node It is possible to judge the reliability of the acquired data.
  • the data source node stores the data in the access device, so that the requesting terminal device can obtain data from the nearest access device or the blockchain, and reduce the repeated transmission of data between the core network or multiple routes. Burden, less transmission delay, and improved transmission efficiency.
  • the access device uses the access control permission query information to verify the access authority of the terminal device, and then delivers the service and data after the terminal device has the access right, thereby ensuring the rights of the data source node.
  • the transactions recorded in the first blockchain and the third blockchain in this embodiment include: a first blockchain for recording key information of data, and a second blockchain for recording data.
  • Information the third blockchain is used to record transactions in which a node (eg, an access node) provides data information to a terminal device.
  • the present application further provides a data transmission apparatus for implementing the method described in, for example, FIG. 3 to FIG. 6.
  • the apparatus includes: a transceiver module 701, a processing module 702, and a storage module 703. Includes other modules or units.
  • the transceiver module 701 is configured to obtain data information and key information of data recorded on the first blockchain;
  • the processing module 702 is configured to obtain encrypted data according to the data information received by the transceiver module 701, obtain a key according to the key information of the data received by the transceiver module, and encrypt the encryption by using the key The data is decrypted to obtain the data.
  • the processing module 702 is specifically configured to use the private key to encrypt the key information when the transceiver module receives the data as the encrypted data key.
  • the data key is decrypted to obtain the key; or, when the key information of the data received by the transceiver module 701 is the address information of the stored data key, the obtained address information is obtained according to the address information.
  • the encrypted data key, and the encrypted data key is decrypted using a private key to obtain the key.
  • the transceiver module 701 is specifically configured to obtain transaction index information, where the transaction index information includes one of a block number, a block height, a transaction index number, or a blockchain identifier.
  • the processing module 702 is specifically configured to determine, according to the transaction index information acquired by the transceiver module 701, the first blockchain transaction, where the key information of the data is recorded in the first blockchain transaction, according to the The first blockchain transaction obtains key information of the data; or
  • the transceiver module 701 is configured to send the transaction index information to a relay node, and receive key information of the data that is forwarded by the relay node according to the transaction index information.
  • the transceiver module 701 is specifically configured to obtain the data information from a first blockchain or a second blockchain; or receive any block of the first blockchain.
  • the transceiver module 701 is specifically configured to obtain transaction index information, where the transaction index information includes one of a block number, a block height, a transaction index number, or a blockchain identifier.
  • the processing module 702 is specifically configured to determine, according to the transaction index information obtained by the transceiver module, a blockchain transaction, where the blockchain transaction is recorded on a first blockchain or a second blockchain. And the data information is recorded in the blockchain transaction;
  • the transceiver module 701 is specifically configured to send the transaction index information to the relay node, and receive data information that is sent by the relay node according to the transaction index information.
  • the processing module 701 is specifically configured to: when the data information is the encrypted data, obtain the encrypted data from the data information; or, in the data information When the address information of the data is encrypted, the encrypted data is searched for and obtained by the address information of the data.
  • the processing module 702 is further configured to record, as a first transaction, an event that obtains data information and key information of the data, on a blockchain;
  • the first transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
  • the transceiver module 701 is further configured to receive a request message from a second node, where the request message includes first information, where the first information includes a data identifier, and a second node identifier.
  • the processing module 702 is further configured to: according to one of the data identifier, the second node identifier, the second node public key, or the transaction index information Key or multiple key information for obtaining data information and/or data;
  • the transceiver module 701 is further configured to send the key information of the data information and/or data to the second node.
  • the processing module 702 is further configured to obtain a private key or a public key generation source of the first node according to an excitation response generated by the physical unclonable function PUF technology.
  • the processing module 702 is further configured to generate an excitation response according to the physical unclonable function PUF technology, and use at least one of the hash of the excitation and the excitation response as the identification information of the first node, so that
  • the identification information of the first node is recorded on a blockchain; the transaction recorded on the blockchain includes one or more of the following: an incentive, a hash of the stimulus response, a node identifier, a time or a node to generate a response Public key.
  • the physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
  • the data transmission device can also be applied to a blockchain node on any blockchain, including:
  • the processing module 702 is configured to obtain, by using the first information, the data information requested by the first node and/or the key information of the data, where the first information includes: the data identifier, the first node identifier, and the public key of the first node Or one or more of the transaction index information;
  • the transceiver module 701 is configured to send the data information and/or key information of the data acquired by the processing module to the first node or the relay node.
  • the transceiver module 701 is further configured to receive a request message sent by the first node or the relay node, where the request message includes the first information;
  • the processing module 702 is specifically configured to: search and locate one or more of a data identifier, a first node identifier, a first node public key, or transaction index information in the first information received by the transceiver module. a first information-related transaction in which key information of the data is recorded;
  • the transceiver module 701 is further configured to obtain key information of the data from a record of the transaction.
  • the processing module 702 is specifically configured to determine the transaction according to the first information and the first identifier, where the first identifier includes at least one blockchain node identifier, at least one region. One or more of the transaction identification information or the cross-chain identification of the blockchain node.
  • the transceiver module 701 is specifically configured to receive a second blockchain, or a relay node, or a data source node according to the data identifier, the first node identifier, or the transaction index information.
  • the processing module 702 is further configured to generate transaction index information, where the transaction index information is used to determine a first blockchain transaction, where the first blockchain transaction records the Key information of the data, the transaction index information including one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
  • the physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
  • the data transmission apparatus may implement the steps and functions of the relay node of the foregoing method, and the relay node N1 is taken as an example, and the apparatus is specifically configured to:
  • the transceiver module 701 is configured to obtain a request message from the first node, where the request message includes first information, where the first information includes a data identifier, a first node identifier, or transaction index information;
  • the processing module 702 is configured to obtain key information of the data information and/or data according to the first information obtained by the transceiver module 701;
  • the transceiver module 701 is further configured to send the key information of the data information and/or data to the first node.
  • the processing module 702 is specifically configured to confirm whether the first node has access rights; if yes, obtain data information; if not, reject the access request of the first node;
  • the obtaining the data information specifically includes: the device obtaining the data information from a local storage module if the data information is already stored; or, if the data information is not stored, Obtaining the data information from the first blockchain, the second blockchain, or the data source node.
  • the processing module 702 is specifically configured to: the relay node searches, according to the first information, whether there is a transaction related to the first information, where the transaction records The key information of the data; if so, the key information of the data is obtained from the transaction; if not, the access is denied.
  • the transceiver module 701 is further configured to send the request message to the first blockchain node, and the transceiver module 701 is further configured to receive the first blockchain node. And according to the key information of the data fed back by the request message, the key information of the data is generated by being encrypted by the public key of the first node.
  • the processing module 702 is specifically configured to obtain key information of the data information and/or data according to the first information and the first identifier.
  • the first identifier includes: a first blockchain node identifier, transaction identifier information of the first blockchain node, a second blockchain node identifier, transaction identifier information of the second blockchain node, or a cross-chain identifier.
  • the processing module 702 is further configured to send the key information that sends the data information and/or data to the first node as a second transaction, and record the third block. On the chain.
  • the second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first zone.
  • the physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
  • the data transmission apparatus may implement the steps and functions of the data source node of the foregoing method, and the node D is taken as an example, and the apparatus is specifically configured to:
  • the processing module 702 is configured to generate key information of the data, and record key information of the data on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the data.
  • the key information is quickly provided to the first node of the requester, shortening the transmission delay and improving the transmission efficiency.
  • the processing module 702 is specifically configured to receive, by using the transceiver module 701, a request message that is forwarded from the first node or forwarded by the relay node, where the request message includes the first information, according to the The first information is used to determine a public key of the first node, and the key of the data is encrypted by using the public key of the first node to generate key information of the data, where the first information includes a data identifier and a first node. One or more of the identification, the public key of the first node, or the transaction index information.
  • the processing module 702 is specifically configured to send, by using the transceiver module 701, key information of the data to the first blockchain node, to use the first blockchain node to The key information of the data is recorded on the first blockchain; or the key information of the data is broadcasted and stored on the first blockchain.
  • the processing module 702 is further configured to record the encrypted data requested by the first node to be accessed on the second blockchain; or broadcast and store the encrypted data to the On the second blockchain, the data information includes encrypted data or address information of the encrypted data.
  • the data transmission apparatus utilizes the data consensus feature on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing the data information in the core.
  • the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
  • the blockchain node or the relay node verifies whether the first node has the access right according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result, and Nodes that do not have permission are denied access requests, which in turn improves the transmission efficiency while ensuring the rights of the data provider.
  • the physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
  • the present application also provides a network node.
  • the network node may be a network element device, a site, a blockchain node, a data source node, a base station, a UE, an MEC device, a terminal, and the like in the foregoing embodiments.
  • the network node includes a transceiver 801 (transmitter/receiver), a processor/controller 802, and a memory 803.
  • a transceiver 801 transmitter/receiver
  • a processor/controller 802 the network node includes a processor/controller 802 and a memory 803.
  • more or fewer components may be included, or a combination may be included. These components, or different component arrangements, are not limited in this application.
  • the transceiver 801 may include a receiving module and a sending module, configured to implement communication transmission between each network element or node in the transmission system, such as sending and receiving data, signaling, request messages, and the like.
  • the transceiver 801 may include a wireless local area network (WLAN) module, a Bluetooth module, a baseband module, and the like, and a radio frequency (RF) circuit corresponding to the communication module.
  • WLAN wireless local area network
  • RF radio frequency
  • Bluetooth communication infrared communication
  • cellular communication system communication such as wideband code division multiple access (WCDMA) and/or high speed downlink packet access (high speed downlink packet access) , HSDPA).
  • WCDMA wideband code division multiple access
  • HSDPA high speed downlink packet access
  • the processor 802 is a control center of a network node, and connects various parts of the entire terminal device by using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 803, and calling and storing in the memory 803.
  • the instructions are executed to perform the method steps of the various embodiments of Figures 2-6.
  • the processor 802 may be composed of an integrated circuit (IC), for example, may be composed of a single packaged IC, or may be composed of a plurality of packaged ICs that have the same function or different functions.
  • the processor 802 may include only a CPU, or may be a combination of a GPU, a digital signal processor (DSP), and a control chip (eg, a baseband chip) in the transceiver module.
  • the CPU may be a single computing core or may include multiple computing cores.
  • the memory 803 may include a volatile memory, such as a random access memory (RAM), and may also include a non-volatile memory, such as a flash memory.
  • RAM random access memory
  • non-volatile memory such as a flash memory.
  • HDD hard disk drive
  • SSD solid-state drive
  • Programs or code may be stored in the memory, and the processor may implement the functions of the network node by executing the program or code.
  • all of the functions of the transceiver module shown in FIG. 7 may be implemented by the transceiver 801 of the network node, or by the transceiver 801 controlled by the processor 802; the functions to be implemented by the processing module shown in FIG. It can be implemented by the processor 802.
  • the memory 803 is configured to store instructions or various information, such as a request message, a first identification, a first information, a first transaction, a second transaction, a third transaction, and the like.
  • the present application further provides a computer storage medium, wherein the computer storage medium may store a program, and the program may include some or all of the steps in each embodiment of the data transmission method provided by the application.
  • the storage medium may be a magnetic disk, an optical disk, a ROM, a RAM, or the like.
  • the terminal described in the present application is used for the data transmission between the device to device (D2D), the network element to the device, and the network element to the network element.
  • a blockchain node can be a network element or a device.
  • An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium.
  • the storage medium can also be an integral part of the processor.
  • the processor and the storage medium can be located in an ASIC. Additionally, the ASIC can be located in the user equipment. Of course, the processor and the storage medium may also reside as discrete components in the user equipment.
  • the functions described herein can be implemented in hardware, software, firmware, or any combination thereof.
  • the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a general purpose or special purpose computer.
  • the terminal device may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem.
  • the wireless terminal can communicate with one or more core networks via a Radio Access Network (RAN), which can be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal.
  • RAN Radio Access Network
  • RAN can be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal.
  • RAN Radio Access Network
  • it may be a portable, pocket, handheld, computer built-in or in-vehicle mobile device that exchanges language and/or data with a wireless access network.
  • a wireless terminal may also be called a system, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, an access point, or an access point.
  • Remote Terminal Access Terminal, User Terminal, User Agent, User Device, or User Equipment.
  • the network device involved in the embodiments of the present invention may be a base station, or an access point, or may refer to a device in the access network that communicates with the wireless terminal through one or more sectors on the air interface.
  • the base station can be used to convert the received air frame to the IP packet as a router between the wireless terminal and the rest of the access network, wherein the remainder of the access network can include an Internet Protocol (IP) network.
  • IP Internet Protocol
  • the base station can also coordinate attribute management of the air interface.
  • the base station may be a base station (BTS, Base Transceiver Station) in GSM or CDMA, or may be a base station (NodeB) in WCDMA, or may be an evolved base station (eNB or e-NodeB, evolutional Node B) in LTE. This application is not limited.
  • the present application further provides a transmission system for implementing data sharing and access authority control between network nodes, the system including a first node, at least one blockchain, and the plurality of zones on the blockchain
  • the block chain node may further include a relay node and a data source node, wherein the relay node and the data source node may be a certain block chain node.
  • each node in the transmission system is configured to perform the method steps as shown in FIGS. 2 to 6:
  • Step 1 The data source node will generate key information of the data, and record the key information of the data on the first blockchain;
  • Step 2 The first node generates a request message, where the request message includes: one or more of a data identifier or a first node identifier or transaction index information;
  • Step 3 The first node sends the request message, specifically, the first node may send the request message to a relay node, such as an MEC device, or to the first blockchain node, for example,
  • the relay node is the same node as the first blockchain node.
  • the request message is used to request access to data and data key information for the first node.
  • Step 4 The relay node obtains a request message from the first node, where the request message includes first information, where the first information includes a data identifier, a first node identifier, a public key of the first node, or transaction index information. One or more of the data; obtaining key information of the data information and/or data according to the first information.
  • a specific implementation manner is: the relay node obtains the data information from a local database, or from the first blockchain node or other, if the first node has the access right. The node obtains the data information.
  • the process of obtaining the key information of the data by the relay node may specifically include: the relay node sending the request message to the first blockchain node; the first blockchain node receiving the request message, according to the Determining, in the transaction, the data related to the first information by one or more of a data identifier carried in the request message, a first node identifier, a public key of the first node, or transaction index information. Key information; obtaining key information of the data from the transaction.
  • the first blockchain node may further search for and obtain key information of the data according to the first identifier and the first information, where the first identifier includes: a first blockchain node identifier, and a first Transaction identification information of the blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, or cross-chain identification.
  • the first block chain node transmits key information of the found data to the relay node, and the relay node receives key information of data from the first block chain node.
  • Step 5 The relay node sends the data information and the key information of the data to the first node.
  • the data information includes: encrypted data requested by the first node or address information of the encrypted data; the key information of the data includes: an encrypted data key or address information storing the encrypted data key.
  • Step 6 The first node receives the data information from the relay node and the key information of the data, obtains the encrypted data according to the data information, and obtains the key according to the key information of the data.
  • the first node obtains the encrypted data from the data information, or the first node searches for and obtains the encrypted data by using the address information of the data.
  • the obtaining, by the first node, the key information of the data includes: obtaining, by the first node, transaction index information, where the transaction index information includes a block number, a block height, a transaction index number, and a blockchain identifier. One or more; determining, according to the transaction index information, the first blockchain transaction, wherein the key information of the data is recorded in the first blockchain transaction, obtained according to the first blockchain transaction Key information of the data.
  • the first node decrypts the encrypted data key using the private key of the first node to obtain the key.
  • Step 7 The first node decrypts the encrypted data by using the key to obtain data.
  • the data information and the key information of the data may be provided by the same blockchain node, for example, the first blockchain node, and may also be provided by different nodes, for example, the key information of the data is first.
  • the blockchain node provides the data information provided by the second blockchain node or provided by the data source node.
  • step 8 the first node obtains the obtained key information of the data and the data information as a first transaction, and records it on the blockchain.
  • the first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, Transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
  • the key information that sends the data information and/or data to the first node may be recorded by the relay node as a second transaction on the third blockchain.
  • the method further includes:
  • Step 9 The second node sends a second request message to the relay node closest to the second node, where the second request message includes one or more of the second node identifier, the data identifier of the requested access, or the transaction index information. .
  • the relay node may be a blockchain node or an accessed MEC device, such as a base station serving a second node.
  • Step 10 The relay node receives the second request message from the second node, and verifies whether the second node has the access right according to the identifier information carried in the second request message.
  • Step 11 If yes, obtain the data information of the data information and data requested by the second node on the local or blockchain node, and send the information to the second node.
  • the process of obtaining the key information of the data information and the data refers to the processes in the foregoing steps 4 to 6, or the method flow of the foregoing Embodiment 1 and Embodiment 2, and details are not described herein again.
  • Step 12 The second node receives key information of data information and data from the relay node, obtains encrypted data according to the data information, and obtains a key according to key information of the data; and uses the key pair The encrypted data is decrypted to obtain data.
  • the data requested by the first node and the second node may be the same or different.
  • the method further includes the second node or the relay node or the first block chain node generating a transaction and recording on the third blockchain.
  • the transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, and a transaction index.
  • Information cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
  • the system provided in this embodiment utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network. Or the burden of repeated transmission between multiple routes, less transmission delay, and improved transmission efficiency.
  • the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
  • the encrypted data can be obtained directly from the edge device, further saving the transmission delay.
  • the block chain node or the relay node verifies whether the requesting node has access rights according to the request message from the first node or the second node, and issues a transaction related to the request message according to the verification result, for example, data.
  • the key information, and the node that does not have the permission to reject the access request thereby improving the transmission efficiency and ensuring the rights of the data provider.
  • the technology in the embodiments of the present application can be implemented by means of software plus a necessary general hardware platform.
  • the technical solution in the embodiments of the present application may be embodied in the form of a software product in essence or in the form of a software product, and the computer software product may be stored in a storage medium such as a ROM/RAM. , a diskette, an optical disk, etc., including instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present application or portions of the embodiments.
  • a computer device which may be a personal computer, server, or network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a data transmission method and device and a network node. The method comprises: a first node acquiring data information and key information of data recorded on a first blockchain; acquiring encrypted data according to the data information, and acquiring a key according to the key information of the data; and using the key to decrypt the encrypted data to acquire data. The method utilizes the characteristics of data sharing on a blockchain, such that a first node of a requester can directly acquire data information from any blockchain node of the blockchain, thereby reducing the burden of repeated transmission of data information on a core network or among multiple routes, and reducing transmission delays.

Description

一种数据传输方法、装置和网络节点Data transmission method, device and network node
本申请要求在2018年2月13日提交中国专利局、申请号为201810151008.6、发明名称为“一种数据传输方法、装置和网络节点”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201101151008.6, entitled "A Data Transmission Method, Apparatus, and Network Node", filed on February 13, 2018, the entire contents of In this application.
技术领域Technical field
本申请涉及通信领域,尤其涉及一种数据传输方法、装置和网络节点。The present application relates to the field of communications, and in particular, to a data transmission method, apparatus, and network node.
背景技术Background technique
在目前通信系统中,为了降低用户获取服务的延迟,提出了移动边缘计算的方法。即在靠近用户的地方(例如基站或路由器上)存储数据为用户提供服务,但是服务或数据的提供仍然受制于垄断的第三方。In the current communication system, in order to reduce the delay of users to obtain services, a method of mobile edge calculation is proposed. That is, storing data to provide services to users near a user (such as a base station or router), but the provision of services or data is still subject to a monopoly of third parties.
另外,内容分发网络(Content Delivery Network,CDN)其基本思路是尽可能避开互联网上有可能影响数据传输速度和稳定性的瓶颈和环节,使内容传输的更快、更稳定。通过在网络各处放置节点服务器所构成的在现有的互联网基础之上的一层智能虚拟网络,CDN系统能够实时地根据网络流量和各节点的连接、负载状况以及到用户的距离和响应时间等综合信息将用户的请求重新导向离用户最近的服务节点上。其目的是使用户可就近取得所需内容,解决Internet网络拥挤的状况,提高用户访问网站的响应速度。In addition, the basic idea of the Content Delivery Network (CDN) is to avoid the bottlenecks and links on the Internet that may affect the speed and stability of data transmission, so that the content transmission is faster and more stable. By placing a layer of intelligent virtual network based on the existing Internet on the network, the CDN system can real-time based on network traffic and connection, load status, and distance and response time to users. The integrated information redirects the user's request to the service node closest to the user. The purpose is to enable users to obtain the required content in the vicinity, solve the congestion of the Internet network, and improve the response speed of users visiting the website.
但无论是边缘计算还是内容分发网络,在目前通信系统中,大部分的服务或数据都被集中在一定的中心平台为用户提供服务。在这种模式下,存在两个主要的问题:一方面数据和业务的提供方,受制于垄断平台,数据或业务的提供方的利益不能真正被保护。另一个方面是数据存储在云中心或服务器,用户在获取服务或数据的时候,需要集中从中心获得,从网络传输的角度,相当于同样的数据要重复在网络中发送。But whether it is edge computing or content distribution network, in the current communication system, most of the services or data are concentrated in a certain central platform to provide services for users. In this model, there are two main problems: on the one hand, the providers of data and services are subject to monopoly platforms, and the interests of the providers of data or services cannot be truly protected. Another aspect is that the data is stored in the cloud center or the server. When the user obtains the service or data, the user needs to obtain the centralized access from the center. From the perspective of the network transmission, the same data is repeatedly transmitted in the network.
因此,在提供方所提供的服务和数据直接提供给用户的过程中,如何保证业务或者所提供的数据或服务的安全性、且同时降低网络传输负载是本领域技术人员需要解决的问题。Therefore, in the process of directly providing the service and data provided by the provider to the user, how to ensure the security of the service or the provided data or service and at the same time reduce the network transmission load is a problem that a person skilled in the art needs to solve.
发明内容Summary of the invention
本申请提供了一种数据传输方法、装置和网络节点,所述方法可以应用于物联网场景,目的是实现网络节点间资源的访问和共享。The present application provides a data transmission method, apparatus and network node, which can be applied to an Internet of Things scenario, and aims to achieve access and sharing of resources between network nodes.
第一方面,本申请提供了一种数据传输方法,该方法可以应用于数据请求一方,例如第一节点,所述方法包括:第一节点获取数据信息和来自第一区块链节点的数据的密钥信息,根据所述数据信息得到加密数据,以及根据所述数据的密钥信息得到密钥,以及利用所述密钥对所述加密数据进行解密得到数据。In a first aspect, the present application provides a data transmission method, which may be applied to a data requesting party, such as a first node, the method comprising: the first node acquiring data information and data from a first blockchain node Key information, obtaining encrypted data according to the data information, obtaining a key according to the key information of the data, and decrypting the encrypted data by using the key to obtain data.
其中,所述数据信息包括:加密数据或加密数据的地址信息,所述加密数据的地址信息用于指示所述加密数据的位置。The data information includes: address information of the encrypted data or the encrypted data, and the address information of the encrypted data is used to indicate the location of the encrypted data.
其中,所述数据的密钥信息包括,所述被加密数据的密钥信息或者所述存储被加密的数据的地址信息。需要特别说明的是,所述数据的密钥信息可以由第一节点的公钥加密后 生成。The key information of the data includes key information of the encrypted data or address information of the stored encrypted data. It should be specially noted that the key information of the data can be generated by being encrypted by the public key of the first node.
本方面提供的方法,利用区块链上数据共享的特性,使得请求方例如第一节点可以从区块链的任意一个区块链节点上直接获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟。The method provided by the present aspect utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network or The burden of repeated transmission between multiple routes, less transmission delay.
此外,第一节点通过第一区块链节点获得数据的密钥信息,由于该数据的密钥信息经第一节点的公钥加密,所以被授权的第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。In addition, the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data. Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
在一种可能的实现方式中,所述根据所述数据的密钥信息获得密钥,包括:在所述数据的密钥信息为被加密的数据密钥时,所述第一节点利用自己的私钥对所述被加密的数据密钥进行解密得到所述密钥。或者,In a possible implementation, the obtaining a key according to the key information of the data includes: when the key information of the data is an encrypted data key, the first node uses its own The private key decrypts the encrypted data key to obtain the key. or,
在另一种可能的实现方式中,所述数据的密钥信息为存储被加密的数据密钥的地址信息时,所述第一节点根据所述地址信息查找到被加密的数据密钥,以及利用自己的私钥对所述被加密的数据密钥进行解密得到所述密钥。In another possible implementation manner, when the key information of the data is address information for storing the encrypted data key, the first node searches for the encrypted data key according to the address information, and The encrypted data key is decrypted using its own private key to obtain the key.
当数据的密钥信息为被加密的数据密钥或者数据密钥的地址信息时,避免了数据密钥在网络中被明文发送,进而防止中间网络节点在转发过程中得到直接得到数据密钥,进一步提高了数据传输的安全性和可靠性。When the key information of the data is the encrypted data key or the address information of the data key, the data key is prevented from being sent in the plaintext in the network, thereby preventing the intermediate network node from directly obtaining the data key in the forwarding process. The security and reliability of data transmission are further improved.
在另一种可能的实现方式中,所述第一节点获得来自第一区块链节点的数据的密钥信息,包括:第一节点获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;根据所述交易索引信息确定所述第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息;或者,所述第一节点向中继节点发送所述交易索引信息,接收所述中继节点根据所述交易索引信息反馈的所述数据的密钥信息。In another possible implementation manner, the first node obtains key information of data from the first blockchain node, including: the first node obtains transaction index information, where the transaction index information includes a block number, One or more of a block height, a transaction index number, or a blockchain identifier; determining the first blockchain transaction based on the transaction index information, wherein the data is recorded in the first blockchain transaction Key information, obtaining key information of the data according to the first blockchain transaction; or, the first node sends the transaction index information to a relay node, and receiving the relay node according to the transaction The key information of the data fed back by the index information.
本实现方式中,第一节点根据交易索引信息中的内容,例如区块号或交易索引等能够快速查找到与这些信息相匹配的第一区块链交易,进而通过交易中记录的信息快速获得所述数据的密钥信息,实现了在区块链上共享信息的快速获取,相比于从数据源节点或数据提供方获取数据的密钥信息,缩短了耗时。In this implementation manner, the first node can quickly find the first blockchain transaction matching the information according to the content in the transaction index information, such as the block number or the transaction index, and then quickly obtain the information recorded in the transaction. The key information of the data realizes fast acquisition of shared information on the blockchain, and the time consumption is shortened compared to the key information obtained from the data source node or the data provider.
在另一种可能的实现方式中,第一节点获得数据信息包括:第一节点接收来自第一区块链的任一区块链节点,或第二区块链的任一区块链节点,或数据源节点的所述数据信息;或者,第一节点接收来自中继节点的所述数据信息,所述中继节点为预先保存所述数据信息的节点;或者,第一节点从区块链中提取并得到所述数据信息。In another possible implementation manner, the obtaining, by the first node, the data information includes: the first node receiving any blockchain node from the first blockchain, or any blockchain node of the second blockchain, Or the data information of the data source node; or the first node receives the data information from the relay node, the relay node is a node that pre-stores the data information; or the first node slave blockchain Extracting and obtaining the data information.
本实现方式中,第一节点可以从任意一个存储有数据信息的区块链节点中获得所述数据信息,还可以从距离第一节点最近的中继节点中获得,从而实现了快速获取数据信息,缩短传输耗时,提高传输和访问的效率。In this implementation manner, the first node may obtain the data information from any blockchain node that stores data information, and may also obtain the data from the relay node closest to the first node, thereby realizing fast acquisition of data information. Reduce transmission time and improve transmission and access efficiency.
在另一种可能的实现方式中,所述数据信息包括:加密数据或加密数据的地址信息;第一节点根据所述数据信息得到加密数据,包括;当数据信息为加密数据时,第一节点可以直接从数据信息中获得所述加密数据;当数据信息为加密数据的地址信息,第一节点通过所述数据的地址信息查找所述加密数据的位置,并得到所述加密数据。本实现方式中,将数据或数据地址以加密的方式在区块链中传输,提高了传输信息的安全性。In another possible implementation manner, the data information includes: encrypted data or address information of the encrypted data; the first node obtains the encrypted data according to the data information, and includes: when the data information is the encrypted data, the first node The encrypted data may be obtained directly from the data information; when the data information is address information of the encrypted data, the first node searches for the location of the encrypted data through the address information of the data, and obtains the encrypted data. In this implementation manner, the data or the data address is transmitted in the blockchain in an encrypted manner, which improves the security of the transmitted information.
在另一种可能的实现方式中,所述方法还包括:第一节点将获得来自所述第一区块链 节点的所述数据的密钥信息,和/或获得所述数据信息作的事件为第一交易,记录在第三区块链上。In another possible implementation manner, the method further includes: the first node will obtain key information of the data from the first block chain node, and/or obtain an event of the data information. For the first transaction, it is recorded on the third blockchain.
示例性的,所述第一交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash等。Exemplarily, the first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, and a transaction identifier of the blockchain node. Information, transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
在另一种可能的实现方式中,所述方法还包括:第一节点接收来自第二节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或多项;所述第一节点根据所述数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或者多项获取数据信息和/或数据的密钥信息;将所述数据信息和/或数据的密钥信息发送给所述第二节点。In another possible implementation manner, the method further includes: receiving, by the first node, a request message from the second node, where the request message includes first information, where the first information includes a data identifier, and the second node One or more of an identifier, a second node public key, or transaction index information; the first node according to one or more of the data identifier, the second node identifier, the second node public key, or the transaction index information The item acquires key information of the data information and/or the data; and transmits the key information of the data information and/or the data to the second node.
在另一种可能的实现方式中,所述方法还包括:第一节点根据物理不可克隆函数PUF技术产生的激励响应来获得第一节点的私钥或者公钥产生源。In another possible implementation manner, the method further includes: the first node obtaining the private key or the public key generation source of the first node according to the excitation response generated by the physical unclonable function PUF technology.
在另一种可能的实现方式中,所述方法还包括:第一节点根据物理不可克隆函数PUF技术产生激励响应,将激励和激励响应的hash中的至少一项作为第一节点的标识信息,以便于所述第一节点的标识信息被记录在区块链上;所述区块链上记录的交易包括以下一项或多项:激励,激励响应的hash,节点标识,产生响应的时间,节点的公钥。In another possible implementation manner, the method further includes: the first node generates an excitation response according to the physical unclonable function PUF technology, and uses at least one of the hash of the excitation and the excitation response as the identification information of the first node, So that the identification information of the first node is recorded on the blockchain; the transaction recorded on the blockchain includes one or more of the following: an incentive, a hash of the incentive response, a node identifier, and a time at which the response is generated. The public key of the node.
在另一种可能的实现方式中,所述方法还包括:第一节点从区块链中获得数据的hash,利用解密得到的数据和hash算法获得解密数据的hash,判断所述数据的hash和所述解密数据的hash是否相同,如果两个值相同,则第一节点获得的数据是可信数据,如果不相同,则第一节点获得的数据是被篡改的数据。In another possible implementation manner, the method further includes: the first node obtains a hash of the data from the blockchain, obtains a hash of the decrypted data by using the decrypted data and a hash algorithm, and determines a hash of the data. Whether the hash of the decrypted data is the same, if the two values are the same, the data obtained by the first node is trusted data, and if not, the data obtained by the first node is the falsified data.
第二方面,本申请还提供了一种数据传输方法,应用于区块链上的一个节点,例如第一区块链节点,所述方法包括:第一区块链节点通过第一信息获得第一节点请求的数据信息和/或数据的密钥信息,其中,所述第一信息包括:数据标识、第一节点标识、第一节点的公钥和交易索引信息中的一项或多项;第一区块链节点将所述数据信息和/或数据的密钥信息发送给第一节点,以使所述第一节点根据所述数据信息得到加密数据,和根据所述数据的密钥信息获得密钥,进而实现使用密钥对加密数据的解密和读取。In a second aspect, the present application further provides a data transmission method, which is applied to a node on a blockchain, such as a first blockchain node, and the method includes: obtaining, by using the first information, the first blockchain node Key information requested by a node and/or key information of the data, wherein the first information includes one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; Transmitting, by the first blockchain node, key information of the data information and/or data to the first node, so that the first node obtains encrypted data according to the data information, and key information according to the data The key is obtained, thereby enabling decryption and reading of the encrypted data using the key.
其中,需要说明的是,所述数据的密钥信息可以由第一区块链上的一个区块链节点提供,所述数据信息可以由第二区块链上的一个区块链节点提供,还可以所述数据的密钥信息和数据信息都由同一个区块链节点提供,本申请对提供给第一节点这些信息的区块链节点不具体限制。It should be noted that the key information of the data may be provided by a blockchain node on the first blockchain, and the data information may be provided by a blockchain node on the second blockchain. It is also possible that the key information and the data information of the data are all provided by the same blockchain node, and the present application does not specifically limit the blockchain node that provides the information to the first node.
结合第二方面,在第二方面的一种可能的实现方式中,第一区块链节点通过所述第一信息获得所述数据的密钥信息,包括:第一区块链节点接收来自第一节点或经中继节点转发的请求消息,所述请求消息中包括所述第一信息;根据所述第一信息中的数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;以及从所述交易中获得所述数据的密钥信息,进而利用区块链共识机制能够快速地获得数据的密钥信息,提高了数据传输和访问效率。With reference to the second aspect, in a possible implementation manner of the second aspect, the first blockchain node obtains the key information of the data by using the first information, including: the first blockchain node receives the first a request message forwarded by a node or a relay node, where the request message includes the first information; according to the data identifier in the first information, the first node identifier, the public key of the first node, or the transaction index information Searching for one or more of the transactions associated with the first information, the key information of the data being recorded in the transaction; and obtaining key information of the data from the transaction, thereby utilizing the area The blockchain consensus mechanism can quickly obtain key information of data and improve data transmission and access efficiency.
在一种可能的实现方式中,所述查找与所述第一信息相关的交易,还包括:第一区块 链节点获得第一标识,根据所述第一信息和所述第一标识确定所述交易,其中,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识等;所述跨链标识用于连接第一区块链和第二区块链,如果所述第一区块和第二区块链是相同的区块链,则所述跨链标识为连接标识。所述第一标识可以预先存储在第一区块链中,或者通过其它节点获取。In a possible implementation, the searching for the transaction related to the first information further includes: obtaining, by the first blockchain node, a first identifier, determining, according to the first information and the first identifier, The transaction, wherein the first identifier comprises: a first blockchain node identifier, transaction identifier information of a first blockchain node, a second blockchain node identifier, transaction identifier information of a second blockchain node, or a cross-chain identifier or the like; the cross-chain identifier is used to connect the first block chain and the second block chain, and if the first block and the second block chain are the same block chain, the cross-chain Identifies the connection ID. The first identifier may be pre-stored in the first blockchain or acquired by other nodes.
本实现方式中,在第一信息的基础上增加第一标识来查找相关交易,可以准确和快速地确定请求方第一节点需要的数据信息和/或数据的密钥信息,提高了查找的准确性。In this implementation manner, adding the first identifier to the related transaction on the basis of the first information, the data information of the first node of the requesting party and/or the key information of the data may be accurately and quickly determined, thereby improving the accuracy of the search. Sex.
在另一种可能的实现方式中,第一区块链节点通过第一信息获得第一节点请求的数据信息,包括:第一区块链节点获得所述第一信息;根据所述第一信息从第二区块链上或中继节点或数据源节点中获得所述数据信息,或者,第一区块链节点根据所述第一信息确定所述第一区块链节点上保存有所述数据信息,则查找并获得与所述第一信息相关的所述数据信息。In another possible implementation manner, the first blockchain node obtains the data information requested by the first node by using the first information, where: the first blockchain node obtains the first information; according to the first information Obtaining the data information from the second blockchain or the relay node or the data source node, or the first blockchain node determines, according to the first information, that the first blockchain node stores the The data information finds and obtains the data information related to the first information.
本实现方式中,在第一区块链节点如果保存有第一节点所需要的数据信息,则直接将该数据信息提供给第一节点,从而节省从其它节点获取的时间,提高传输效率。In this implementation manner, if the first block link node stores the data information required by the first node, the data information is directly provided to the first node, thereby saving time acquired from other nodes and improving transmission efficiency.
结合第二方面,在第二方面的又一种可能的实现方式中,所述第一区块链节点获得所述数据信息和/或数据的密钥信息之前,所述方法还包括:第一区块链节点生成交易索引信息,所述交易索引信息用于确定记录有所述数据的密钥信息的第一区块链交易,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;将所述交易索引信息发送给所述第一节点;或者,第一区块链节点将第一节点请求访问的加密数据的地址信息发送给所述第一节点或中继节点。With reference to the second aspect, in a still further implementation manner of the second aspect, before the first blockchain node obtains the key information of the data information and/or the data, the method further includes: The blockchain node generates transaction index information for determining a first blockchain transaction in which key information of the data is recorded, the transaction index information including a block number, a block height, and a transaction index One or more of the number or the blockchain identifier; the transaction index information is sent to the first node; or the first blockchain node sends the address information of the encrypted data requested by the first node to The first node or a relay node.
第三方面,本申请还提供了一种数据传输方法,应用于中继节点,例如基站,所述方法包括:中继节点获得来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识、第一节点公钥和或交易索引信息中的一项或多项;根据所述第一信息获得所述数据信息和/或数据的密钥信息;将所述数据信息和/或数据的密钥信息发送给所述第一节点。In a third aspect, the present application further provides a data transmission method, which is applied to a relay node, such as a base station, where the method includes: the relay node obtains a request message from the first node, where the request message includes the first information. The first information includes one or more of a data identifier, a first node identifier, a first node public key, and or transaction index information; and obtaining the data information and/or data density according to the first information. Key information; transmitting the key information of the data information and/or data to the first node.
在一种可能的实现方式中,所述中继节点根据所述第一信息获得所述数据信息,包括:判断所述第一节点是否有访问权限;如果是,则获得所述数据信息;如果否,则拒绝第一节点的访问请求,例如向第一节点反馈指示拒绝访问的消息。In a possible implementation manner, the obtaining, by the relay node, the data information according to the first information includes: determining whether the first node has an access right; if yes, obtaining the data information; No, the access request of the first node is rejected, for example, a message indicating that the access is denied is fed back to the first node.
其中,中继节点获得所述数据信息,具体包括:中继节点在已经存储有所述数据信息的情况下,从本地的中继节点上获得所述数据信息;或者,在未存储所述数据信息的情况下,从第一区块链、第二区块链或数据源节点上获得所述数据信息,然后将该数据信息转发给第一节点。The relay node obtains the data information, specifically: the relay node obtains the data information from a local relay node if the data information is already stored; or, the data is not stored. In the case of information, the data information is obtained from a first blockchain, a second blockchain, or a data source node, and then forwarded to the first node.
在另一种可能的实现方式中,中继节点根据所述第一信息获得所述数据的密钥信息,包括:中继节点根据所述第一信息查找是否有与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;如果是,则表示第一节点具有访问权限,中继节点从所述交易中获得所述数据的密钥信息;如果否,则表示不具备访问权限,拒绝访问。中继节点向第一节点回复消息,用于通知拒绝为所述第一节点提供所述数据的密钥信息或者所述数据信息。In another possible implementation manner, the relay node obtains the key information of the data according to the first information, including: the relay node searching, according to the first information, whether there is any information related to the first information. Transaction in which the key information of the data is recorded; if so, indicating that the first node has access rights, and the relay node obtains key information of the data from the transaction; if not, Do not have access, refuse access. The relay node replies to the first node with a message for notifying the key information or the data information that the data is denied for the first node.
在另一种可能的实现方式中,所述中继节点从所述交易中获得所述数据的密钥信息, 包括:中继节点向所述第一区块链节点发送所述请求消息;接收所述第一区块链节点根据所述请求消息反馈的数据的密钥信息,所述数据的密钥信息由第一节点的公钥加密后生成。In another possible implementation manner, the obtaining, by the relay node, the key information of the data from the transaction, including: the relay node sending the request message to the first blockchain node; receiving The first blockchain node generates key information of the data fed back according to the request message, and the key information of the data is encrypted by the public key of the first node.
在另一种可能的实现方式中,所述中继节点根据所述第一信息获得所述数据信息和/或数据的密钥信息,包括;中继节点获得第一标识,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识;中继节点根据所述第一信息和所述第一标识获得所述数据信息和/或数据的密钥信息。In another possible implementation, the relay node obtains the key information of the data information and/or the data according to the first information, including: the relay node obtains the first identifier, the first identifier The method includes: a first block chain node identifier, transaction identification information of a first block chain node, a second block chain node identifier, transaction identification information of a second block chain node, or a cross-chain identifier; The first information and the first identifier obtain key information of the data information and/or data.
在另一种可能的实现方式中,所述方法还包括:中继节点将给第一节点发送所述数据信息和/或数据的密钥信息作为第二交易,记录在第三区块链上。In another possible implementation manner, the method further includes: the relay node sends the key information of the data information and/or data to the first node as a second transaction, and records the third blockchain. .
示例性的,所述第二交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、交易索引信息、第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash等。Exemplarily, the second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first transaction Transaction identification information of a blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or Key information hash of data, etc.
第四方面,本申请还提供了一种数据传输方法,该方法可应用于数据源节点,该数据源节点用于为第一节点提供数据信息和数据的密钥信息;具体地,所述方法包括:数据源节点生成数据的密钥信息;将所述数据的密钥信息记录在第一区块链上,以使第一区块链上的任意一个区块链节点存储所述数据的密钥信息,并将其快速地提供给请求方的第一节点,缩短传输延迟,提高传输效率。In a fourth aspect, the present application further provides a data transmission method, where the method is applicable to a data source node, where the data source node is configured to provide data information and key information of the data to the first node; specifically, the method The method includes: the key information generated by the data source node to generate data; and the key information of the data is recorded on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the confidentiality of the data. The key information is quickly provided to the first node of the requester, shortening the transmission delay and improving the transmission efficiency.
在另一种可能的实现方式中,所述数据源节点生成数据的密钥信息,包括:数据源节点接收来自第一节点或者经过中继节点转发的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识或交易索引信息中的一项或多项,所述数据源节点根据所述第一信息确定第一节点的公钥,并利用所述第一节点的公钥对数据的密钥进行加密,生成所述数据的密钥信息。In another possible implementation manner, the data source node generates key information of the data, including: the data source node receives the request message forwarded from the first node or forwarded by the relay node, where the request message includes the first Information, the first information includes one or more of a data identifier, a first node identifier, or transaction index information, and the data source node determines a public key of the first node according to the first information, and uses the The public key of the first node encrypts the key of the data to generate key information of the data.
在另一种可能的实现方式中,数据源节将所述数据的密钥信息记录在第一区块链上,包括:数据源节点将所述数据的密钥信息发送给第一区块链节点,以通过所述第一区块链节点将所述数据的密钥信息记录在第一区块链上;或者,数据源节点将所述数据的密钥信息广播和存储到所述第一区块链上。In another possible implementation, the data source section records the key information of the data on the first blockchain, including: the data source node sends the key information of the data to the first blockchain. a node to record key information of the data on the first blockchain by the first blockchain node; or the data source node broadcasts and stores the key information of the data to the first On the blockchain.
在另一种可能的实现方式中,所述方法还包括:数据源节点将第一节点请求访问的加密数据记录在第二区块链上;或者,将所述加密数据广播和存储到所述第二区块链上,所述数据信息包括加密数据或加密数据的地址信息。In another possible implementation, the method further includes: the data source node records, on the second blockchain, the encrypted data requested by the first node; or broadcasts and stores the encrypted data to the On the second blockchain, the data information includes encrypted data or address information of the encrypted data.
在另一种可能的实现方式中,数据源节点获得第一节点的公钥,根据第一节点的公钥生成数据的密钥信息,具体包括:所述数据源节点利用第一节点的公钥对所述数据的密钥进行加密,生成所述数据的密钥信息;或者,所述数据源节点利用第一节点的公钥对所述数据的密钥进行加密,并存储被加密的数据的密钥,将所述存储被加密的数据的密钥的地址作为所述数据的密钥信息。其中,所述数据的密钥信息包括:被加密的数据密钥或存储被加密的数据密钥的地址信息。In another possible implementation, the data source node obtains the public key of the first node, and generates key information of the data according to the public key of the first node, specifically, the data source node uses the public key of the first node. Encrypting the key of the data to generate key information of the data; or the data source node encrypting the key of the data by using a public key of the first node, and storing the encrypted data A key, the address of the key storing the encrypted data is used as key information of the data. The key information of the data includes: an encrypted data key or address information storing an encrypted data key.
第五方面,本申请还提供了一种数据传输方法,应用于第二区块链上的一个节点,例如第二区块链节点,该节点用于为第一节点提供数据信息,具体地,所述方法包括:第二区块链节点获取来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息 包括数据标识、第一节点标识或交易索引信息中的一项或多项,第二区块链节点在检测第一节点具备访问权限的情况下,确定第一节点所需的数据信息,并将该数据信息发送给第一节点,所述数据信息包括加密数据或加密数据的地址信息。In a fifth aspect, the present application further provides a data transmission method, which is applied to a node on a second blockchain, such as a second blockchain node, where the node is used to provide data information for the first node, specifically, The method includes: the second block chain node acquires a request message from the first node, where the request message includes first information, where the first information includes one of a data identifier, a first node identifier, or transaction index information. And the second blockchain node determines, in the case that the first node has the access right, the data information required by the first node, and sends the data information to the first node, where the data information includes encryption Address information for data or encrypted data.
其中,所述第二区块链节点与中继节点可以是同一个节点,或者与前述第一区块链节点相同,还可以不同,本申请对此不进行限制。The second blockchain node and the relay node may be the same node, or may be the same as the foregoing first blockchain node, and may be different, which is not limited in this application.
第六方面,本申请还提供了一种数据传输装置,该装置包括接收模块、处理模块和发送模块,还可以包括存储模块等,所述装置中的各个模块用于执行上述第一方面至第五方面,及各个方面中的各种实现方式的数据传输方法。In a sixth aspect, the present application further provides a data transmission device, where the device includes a receiving module, a processing module, and a sending module, and may further include a storage module, etc., each module in the device is configured to execute the first aspect to the foregoing Five aspects, and data transmission methods of various implementations in various aspects.
在一个可能的设计中,本申请实施例还提供了另一种数据传输装置,所述装置用于实现上述方法中第一节点的行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块,所述模块可以是软件和/或硬件,例如收发模块对应的硬件可以是收发器,处理模块对应的硬件可以是处理器。进一步,还可以包括存储器。In a possible design, the embodiment of the present application further provides another data transmission device, which is used to implement the function of the behavior of the first node in the foregoing method. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the above functions, and the modules may be software and/or hardware. For example, the hardware corresponding to the transceiver module may be a transceiver, and the hardware corresponding to the processing module may be a processor. Further, a memory may also be included.
第七方面,本申请提供了一种网络节点,该网络节点可以是请求访问数据的节点,例如第一节点,所述网络节点包括:收发器,用于获得数据信息和来自第一区块链节点的数据的密钥信息;处理器,用于根据所述数据信息得到加密数据,以及根据所述数据的密钥信息获得密钥,利用所述密钥对所述加密数据进行解密得到数据。In a seventh aspect, the application provides a network node, which may be a node requesting access to data, such as a first node, the network node comprising: a transceiver for obtaining data information and from a first blockchain Key information of the data of the node; a processor, configured to obtain the encrypted data according to the data information, and obtain a key according to the key information of the data, and decrypt the encrypted data by using the key to obtain data.
在一种可能的实现方式中,所述数据的密钥信息包括:被加密的数据密钥或存储被加密的数据密钥的地址信息;所述处理器,具体用于在所述数据的密钥信息为所述被加密的数据密钥时,利用私钥对所述被加密的数据密钥进行解密得到所述密钥;或者,在所述数据的密钥信息为所述存储被加密的数据密钥的地址信息时,根据所述地址信息获得被加密的数据密钥,以及利用私钥对所述被加密的数据密钥进行解密得到所述密钥。In a possible implementation manner, the key information of the data includes: an encrypted data key or address information storing an encrypted data key; the processor, specifically for the confidentiality of the data When the key information is the encrypted data key, decrypting the encrypted data key with a private key to obtain the key; or, the key information of the data is encrypted for the storage When the address information of the data key is obtained, the encrypted data key is obtained based on the address information, and the encrypted data key is decrypted using the private key to obtain the key.
在另一种可能的实现方式中,所述收发器具体用于获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;所述处理器,具体用于根据所述交易索引信息确定所述第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息;或者,通过所述收发器向中继节点发送所述交易索引信息,接收所述中继节点根据所述交易索引信息反馈的所述数据的密钥信息。In another possible implementation manner, the transceiver is specifically configured to obtain transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier. The processor is specifically configured to determine, according to the transaction index information, the first blockchain transaction, where the key information of the data is recorded in the first blockchain transaction, according to the first zone Blockchain transaction obtaining key information of the data; or transmitting, by the transceiver, the transaction index information to a relay node, and receiving a key of the data fed back by the relay node according to the transaction index information information.
在另一种可能的实现方式中,所述收发器具体用于接收来自第一区块链的任一区块链节点,或第二区块链的任一区块链节点,或数据源节点的所述数据信息;或者,接收来自中继节点的所述数据信息,所述中继节点为预先保存所述数据信息的节点;或者,从区块链中提取并得到所述数据信息。In another possible implementation manner, the transceiver is specifically configured to receive any blockchain node from the first blockchain, or any blockchain node of the second blockchain, or a data source node. The data information; or, receiving the data information from the relay node, the relay node is a node that pre-stores the data information; or extracting and obtaining the data information from the blockchain.
在另一种可能的实现方式中,所述数据信息包括:加密数据或加密数据的地址信息;所述处理器,具体用于在所述数据信息为所述加密数据时,从所述数据信息中获得所述加密数据;或者,在所述数据信息为所述加密数据的地址信息时,通过所述数据的地址信息查找并得到所述加密数据。In another possible implementation, the data information includes: encrypted data or address information of the encrypted data; the processor is specifically configured to: when the data information is the encrypted data, from the data information Obtaining the encrypted data; or, when the data information is the address information of the encrypted data, searching and obtaining the encrypted data by using the address information of the data.
在另一种可能的实现方式中,所述处理器,还用于将获得来自所述第一区块链节点的所述数据的密钥信息,和/或获得所述数据信息作为第一交易,记录在第三区块链上。In another possible implementation, the processor is further configured to: obtain key information of the data from the first blockchain node, and/or obtain the data information as a first transaction. , recorded on the third blockchain.
在另一种可能的实现方式中,所述第一交易包括以下一项或多项:数据标识、第一节 点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash。In another possible implementation manner, the first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, and a region. Transaction identification information, transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
第八方面,本申请还提供了一种网络节点,该网络节点可以是区块链上的任意一节点,例如第一区块链节点,所述网络节点包括:处理器,用于通过第一信息获得第一节点请求的数据信息和/或数据的密钥信息,其中,所述第一信息包括:数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项;收发器,用于将所述数据信息和/或数据的密钥信息发送给所述第一节点。In an eighth aspect, the application further provides a network node, where the network node may be any node on the blockchain, for example, a first blockchain node, where the network node includes: a processor, configured to pass the first The information obtains the data information requested by the first node and/or the key information of the data, wherein the first information includes: one of a data identifier, a first node identifier, a public key of the first node, or transaction index information or a plurality of transceivers, configured to send the key information of the data information and/or data to the first node.
在另一种可能的实现方式中,所述处理器,具体用于利用所述收发器接收来自第一节点或经中继节点转发的请求消息,所述请求消息中包括所述第一信息;根据所述第一信息中的数据标识、第一节点标识、第一节点的公钥和交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;以及从所述交易中获得所述数据的密钥信息。In another possible implementation, the processor is configured to receive, by using the transceiver, a request message that is forwarded from a first node or a relay node, where the request message includes the first information; And searching for a transaction related to the first information according to one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information in the first information, where the transaction records Key information of the data; and key information for obtaining the data from the transaction.
在另一种可能的实现方式中,所述处理器,具体用于获得第一标识,根据所述第一信息和所述第一标识确定所述交易所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识。In another possible implementation, the processor is specifically configured to obtain a first identifier, and determining, according to the first information and the first identifier, that the first identifier of the transaction includes: a first block The chain node identifier, the transaction identifier information of the first blockchain node, the second blockchain node identifier, the transaction identifier information of the second blockchain node, or the cross-chain identifier.
在另一种可能的实现方式中,所述处理器,具体用于获得所述第一信息,根据所述第一信息从第二区块链上或中继节点或数据源节点中获得所述数据信息,或者,根据所述第一信息确定所述第一区块链节点上保存有所述数据信息,则查找并获得与所述第一信息相关的所述数据信息。In another possible implementation, the processor is specifically configured to obtain the first information, and obtain the foregoing information from a second blockchain or a relay node or a data source node according to the first information. Data information, or determining, according to the first information, that the data information is stored on the first blockchain node, and searching for and obtaining the data information related to the first information.
在另一种可能的实现方式中,所述处理器,还用于在获得所述数据信息和/或数据的密钥信息之前,生成交易索引信息,所述交易索引信息用于确定记录有所述数据的密钥信息的第一区块链交易,所述交易索引信息包括区块号、区块高度、交易索引号、区块链标识中的一项或多项;利用所述收发器将所述交易索引信息发送给所述第一节点;或者,利用所述收发器将第一节点请求访问的加密数据的地址信息发送给所述第一节点或中继节点。In another possible implementation, the processor is further configured to generate transaction index information, where the transaction index information is used to determine the record, before obtaining the key information of the data information and/or the data. a first blockchain transaction of key information of the data, the transaction index information including one or more of a block number, a block height, a transaction index number, and a blockchain identifier; using the transceiver The transaction index information is sent to the first node; or the address information of the encrypted data that the first node requests to access is sent to the first node or the relay node by using the transceiver.
第九方面,本申请还提供了一种网络节点,该网络节点可以是中继节点,具体地,所述网络节点包括:收发器,用于获得来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识、第一节点的公钥和交易索引信息中的一项或多项;处理器,用于根据所述第一信息获得所述数据信息和/或数据的密钥信息;所述收发器,还用于将所述数据信息和/或数据的密钥信息发送给所述第一节点。In a ninth aspect, the application further provides a network node, where the network node may be a relay node, specifically, the network node includes: a transceiver, configured to obtain a request message from the first node, the request message Included in the first information, the first information includes one or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; and a processor, configured to obtain, according to the first information The key information of the data information and/or the data; the transceiver is further configured to send the key information of the data information and/or data to the first node.
在一种可能的实现方式中,所述处理器,具体用于根据所述第一信息判断所述第一节点是否有访问权限;如果是,则获得数据信息;如果否,则拒绝第一节点的访问请求;In a possible implementation, the processor is specifically configured to determine, according to the first information, whether the first node has access rights; if yes, obtain data information; if not, reject the first node Access request;
在另一种可能的实现方式中,所述处理器,具体用于根据所述第一信息查找是否有与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;如果是,则从所述交易中获得所述数据的密钥信息;如果否,则拒绝访问。In another possible implementation, the processor is specifically configured to: according to the first information, whether there is a transaction related to the first information, where the key information of the data is recorded in the transaction. If yes, the key information of the data is obtained from the transaction; if not, the access is denied.
在另一种可能的实现方式中,所述处理器,具体用于利用收发器向所述第一区块链节点发送所述请求消息;接收所述第一区块链节点根据所述请求消息反馈的数据的密钥信息,所述数据的密钥信息由第一节点的公钥加密后生成。In another possible implementation, the processor is specifically configured to send, by using a transceiver, the request message to the first blockchain node, and receive the first blockchain node according to the request message. The key information of the fed back data, the key information of the data is generated by being encrypted by the public key of the first node.
在另一种可能的实现方式中,所述处理器,具体用于获得第一标识,根据所述第一信息和所述第一标识获得所述数据信息和/或数据的密钥信息,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识。In another possible implementation, the processor is specifically configured to obtain a first identifier, and obtain key information of the data information and/or data according to the first information and the first identifier. The first identifier includes: a first blockchain node identifier, transaction identifier information of the first blockchain node, a second blockchain node identifier, transaction identifier information of the second blockchain node, or a cross-chain identifier.
在另一种可能的实现方式中,所述处理器,还用于将给所述第一节点发送所述数据信息和/或数据的密钥信息作为第二交易,记录在第三区块链上。In another possible implementation, the processor is further configured to send the key information of the data information and/or data to the first node as a second transaction, and record the third blockchain. on.
示例性的,所述第二交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、交易索引信息、第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash等。Exemplarily, the second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first transaction Transaction identification information of a blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or Key information hash of data, etc.
第十方面,本申请还提供了一种网络节点,例如数据源节点,用于为第一节点提供数据信息和数据的密钥信息;具体地,所述网络节点包括:处理器,用于生成数据的密钥信息;将所述数据的密钥信息记录在第一区块链上,以使第一区块链上的任意一个区块链节点存储所述数据的密钥信息,并将其快速地提供给请求方的第一节点,缩短传输延迟,提高传输效率。In a tenth aspect, the application further provides a network node, such as a data source node, for providing key information of data information and data for the first node; specifically, the network node includes: a processor, configured to generate Key information of the data; recording key information of the data on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the key information of the data and Quickly provide the first node to the requester, shortening the transmission delay and improving transmission efficiency.
在一种可能的实现方式中,还包括:收发器,用于接收来自第一节点或者经过中继节点转发的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识或交易索引信息中的一项或多项,所述处理器,具体用于根据所述第一信息确定第一节点的公钥,并利用所述第一节点的公钥对数据的密钥进行加密,生成所述数据的密钥信息。In a possible implementation, the method further includes: a transceiver, configured to receive a request message forwarded from the first node or forwarded by the relay node, where the request message includes first information, where the first information includes a data identifier The one or more of the first node identifier or the transaction index information, where the processor is specifically configured to determine a public key of the first node according to the first information, and utilize a public key pair of the first node The key of the data is encrypted to generate key information of the data.
在另一种可能的实现方式中,所述处理器,具体用于利用所述收发器将所述数据的密钥信息发送给第一区块链节点,以通过所述第一区块链节点将所述数据的密钥信息记录在第一区块链上;或者,将所述数据的密钥信息广播和存储到所述第一区块链上。In another possible implementation, the processor is specifically configured to send, by using the transceiver, key information of the data to a first blockchain node to pass the first blockchain node. The key information of the data is recorded on the first blockchain; or the key information of the data is broadcasted and stored on the first blockchain.
在另一种可能的实现方式中,所述处理器,还用于将第一节点请求访问的加密数据记录在第二区块链上;或者,将所述加密数据广播和存储到所述第二区块链上,所述数据信息包括加密数据或加密数据的地址信息。In another possible implementation, the processor is further configured to record the encrypted data requested by the first node to be accessed on the second blockchain; or broadcast and store the encrypted data to the first On the two blockchain, the data information includes encrypted data or address information of the encrypted data.
在另一种可能的实现方式中,所述处理器,还用于利用第一节点的公钥对所述数据的密钥进行加密生成所述数据的密钥信息;或者,利用第一节点的公钥对所述数据的密钥进行加密,并存储被加密的数据的密钥,将所述存储被加密的数据的密钥的地址作为所述数据的密钥信息。In another possible implementation, the processor is further configured to: use a public key of the first node to encrypt a key of the data to generate key information of the data; or, by using a first node The public key encrypts the key of the data and stores the key of the encrypted data, and the address of the key storing the encrypted data is used as the key information of the data.
第十一方面,在本申请还提供了一种计算机存储介质,该计算机存储介质可存储有指令,该指令执行时可实现本申请提供的数据传输方法各实现方式或实施例中的部分或全部步骤。In an eleventh aspect, the present application further provides a computer storage medium, where the computer storage medium can store instructions, which can implement some or all of the implementation manners or embodiments of the data transmission method provided by the application. step.
示例性的,所述计算机存储介质可以存储在上述网络节点的存储器中。Illustratively, the computer storage medium can be stored in a memory of the network node described above.
第十二方面,在本申请还提供了一种包含指令的计算机程序产品,当所述指令在计算机上运行时,使得所述计算机执行上述各方面所述的数据传输方法。In a twelfth aspect, there is also provided, in the application, a computer program product comprising instructions which, when executed on a computer, cause the computer to perform the data transmission method of the above aspects.
第十三方面,本申请还提供了一种数据传输系统,该系统包括:第一节点、第一区块链节点、中继节点,另外,还可以包括数据源节点、第二区块链节点、第二节点等。In a thirteenth aspect, the present application further provides a data transmission system, including: a first node, a first blockchain node, and a relay node, and further includes a data source node and a second block chain node. , the second node, and so on.
所述第一节点用于执行上述第一方面及第一方面各实现中的方法步骤;所述第一区块 链节点用于执行上述第二方面及第二方面各实现中的方法步骤;所述中继节点用于执行上述第三方面及第三方面各实现中的方法步骤;另外,所述数据源节点用于执行上述第四方面及第四方面各实现中的方法步骤;所述第二区块链节点用于执行上述第五方面及第五方面各实现中的方法步骤。The first node is configured to perform the method steps in the implementations of the foregoing first aspect and the first aspect; the first blockchain node is configured to perform the method steps in the implementations of the foregoing second aspect and the second aspect; The relay node is configured to perform the method steps in the foregoing third and third implementations; in addition, the data source node is configured to perform the method steps in the foregoing fourth and fourth implementations; The two-block chain node is used to perform the method steps in the implementations of the fifth and fifth aspects above.
需要说明的是,本申请提供的数据传输系统中的各个节点可以统称为网络节点,所述网络节点可以表示各种网元设备、站点、基站、用户设备UE和终端等。另外,本申请各个实施例中的设备和节点这两个概念等同,即所述设备可以指代节点、站点、UE、网元设备、传感器等。It should be noted that each node in the data transmission system provided by the present application may be collectively referred to as a network node, and the network node may represent various network element devices, stations, base stations, user equipment UEs, terminals, and the like. In addition, the two concepts of the device and the node in the various embodiments of the present application are equivalent, that is, the device may refer to a node, a station, a UE, a network element device, a sensor, and the like.
本申请所公开的技术方案,将移动边缘计算和区块链技术相结合,在实现以低延迟,低负载为用户提供服务的同时,还保证了数据传输的安全性,以及数据业务提供方的利益。The technical solution disclosed in the present application combines mobile edge computing and blockchain technology to provide services for users with low latency and low load, and also ensures data transmission security and data service provider. interest.
本申请提供的数据传输方法、装置和网络节点,利用区块链上数据共享的特性,使得请求方例如第一节点可以从区块链的任意一个区块链节点上直接获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟,提高传输效率。The data transmission method, device and network node provided by the application utilize the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing the data information. The burden of repeated transmission of data information between the core network or multiple routes reduces transmission delay and improves transmission efficiency.
并且,第一节点通过第一区块链节点获得数据的密钥信息,由于该数据的密钥信息经第一节点的公钥加密,所以被授权的第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。And, the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
另外,区块链节点或中继节点根据来自第一节点的请求消息,验证第一节点是否具备访问权限,并根据验证结果下发与该请求消息相关的交易,例如数据的密钥信息,并对不具备权限的节点拒绝其访问请求,进而在提高传输效率的同时还保证了数据提供方的权益。In addition, the blockchain node or the relay node verifies whether the first node has the access right according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result, and Nodes that do not have permission are denied access requests, which in turn improves the transmission efficiency while ensuring the rights of the data provider.
此外,本申请中,第一节点在解密并访问数据后,通过将获取的区块链上的数据hash与解密后的数据生成的hash进行比较,来验证解密的数据真实和完整性,使得第一节点能够判断出获取的数据是否被篡改。In addition, in the present application, after decrypting and accessing the data, the first node verifies the authenticity and integrity of the decrypted data by comparing the data hash on the acquired blockchain with the hash generated by the decrypted data. A node can determine whether the acquired data has been tampered with.
需要说明的是,在本申请上述各个方面或实现方式中,还包括一种区块链技术,所述方法包括:第一区块链用于记录数据的密钥信息;所述第二区块链用于记录数据的信息:所述第三区块链用于记录第一节点将数据的密钥信息提供给第二节点。It should be noted that, in the foregoing aspects or implementation manners of the present application, a blockchain technology is further included, where the method includes: a first blockchain for recording key information of data; the second block The chain is used to record information of the data: the third block chain is used to record the first node to provide key information of the data to the second node.
本申请还提供了一种方法用于:在存在多链的场景下,不同的区块链用于处理不同的事物,记录不同的信息。每个区块链中以交易为记录信息单位,一个区块中包括多个交易,多个区块连接成一个区块链。有点时候不同的区块链彼此相关联,因此交易也是彼此相关联,如何实现多链场景下把多个相关的交易关联起来是非常必要的。如本发明中,在数据共享场景下,针对节点X把加密的数据被共享给第Y节点这个时间,该加密数据的密钥信息是记录在第一区块链,该加密的数据信息例如数据的hash被记录第二区块链,所述第三区块链可以用于记录将节点X将密钥信息提供给节点Y这件事情,因此这三个区块链的交易是相关联的,因此需要标识来将他们关联起来,方便多链协作和跨链调用,同时实现了相关多样信息的可追溯。The present application also provides a method for: in a scenario where multiple chains exist, different blockchains are used to process different things and record different information. In each blockchain, transactions are recorded information units, and one block includes multiple transactions, and multiple blocks are connected into one blockchain. Sometimes the different blockchains are related to each other, so the transactions are also related to each other. How to link multiple related transactions in a multi-chain scenario is very necessary. In the present invention, in the data sharing scenario, the encrypted data is shared to the Yth node for the node X, the key information of the encrypted data is recorded in the first blockchain, and the encrypted data information such as data The hash is recorded with a second blockchain, which can be used to record the node X to provide key information to the node Y, so the transactions of the three blockchains are associated, Therefore, identification is needed to associate them, facilitating multi-chain collaboration and cross-chain calling, while achieving traceability of relevant and diverse information.
具体地,第十二方面,提供了一种应用于区块链技术的方法,所述方法包括:所述第一区块链和第二区块链是同一个区块链;或者,所述第三区块链和第二区块链是同一个区块链;或者,所述第一区块链和第三区块链是同一个区块链;或者,所述第一区块链、第二区块链和第三区块链是同一个区块链;在另一种可能的实现方式中,所述方法还包括:第一区块链的交易,第二区块链的第B交易,所述第A交易和第B交易是相关交易,由此 两个区块链利用跨链标识将两个交易关联起来;或者,第一区块链的第A交易,第三区块链的第C交易,所述第A交易和第C交易是相关交易,由此两个区块链利用跨链标识将两个交易关联起来;或者,第二区块链的第B交易,第三区块链的第C交易,所述第B交易和第C交易是相关交易,由此两个区块链利用跨链标识将两个交易关联起来;或者,第一区块链的第A交易,第二区块链的第B交易和第三区块链的第C交易是相关交易,由此3个区块链利用跨链标识将两个交易关联起来;Specifically, in a twelfth aspect, a method for applying a blockchain technique, the method comprising: the first blockchain and the second blockchain are the same blockchain; or The third blockchain and the second blockchain are the same blockchain; or the first blockchain and the third blockchain are the same blockchain; or the first blockchain, The second blockchain and the third blockchain are the same blockchain; in another possible implementation, the method further includes: trading of the first blockchain, and B of the second blockchain The transaction, the A transaction and the B transaction are related transactions, whereby the two blockchains use the cross-chain identification to associate the two transactions; or the first block transaction of the first block chain, the third block chain The C transaction, the A transaction and the C transaction are related transactions, whereby the two blockchains use the cross-chain identifier to associate the two transactions; or the second blockchain B transaction, the third The C-transaction of the blockchain, the B-transaction and the C-transaction are related transactions, whereby the two blockchains use the cross-chain identification to close the two transactions. Or; the first block transaction of the first blockchain, the second transaction of the second blockchain, and the third transaction of the third blockchain are related transactions, whereby the three blockchains utilize the cross-chain identification to Related transactions;
在另一种可能的实现方式中,所述方法还包括:当所述第一区块链、第二区块链是同一个区块链时,第A交易,第B交易是相关交易,利用连接标识将上述相关交易关联起来;当所述第一区块链、第三区块链是同一个区块链时,第A交易,第C交易是相关交易,利用连接标识将上述相关交易关联起来;当所述第二区块链、第三区块链是同一个区块链时,第B交易,第C交易是相关交易,利用连接标识将上述相关交易关联起来;当所述第一区块链、第二区块链和第三区块链是同一个区块链时,第A交易,第B交易和第C交易是相关交易,利用连接标识将上述相关交易关联起来;在另一种可能的实现方式中,所述连接标识和跨链标识是同一个标识。In another possible implementation manner, the method further includes: when the first blockchain and the second blockchain are the same blockchain, the A transaction, the B transaction is a related transaction, and the method is The connection identifier associates the related transaction; when the first blockchain and the third blockchain are the same blockchain, the A transaction, the C transaction is a related transaction, and the related transaction is associated by using the connection identifier. When the second blockchain and the third blockchain are the same blockchain, the Bth transaction, the Cth transaction is a related transaction, and the related transaction is associated by using a connection identifier; When the blockchain, the second blockchain, and the third blockchain are the same blockchain, the A transaction, the B transaction, and the C transaction are related transactions, and the related transaction is associated by using the connection identifier; In a possible implementation manner, the connection identifier and the cross-chain identifier are the same identifier.
在另一种可能的实现方式中,所述第一区块链用于记录数据的密钥信息,所述第一区块链的第A交易包含以下至少一项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、数据的密钥信息、交易索引信息、访问数据的时间、第一区块链节点标识、第一区块链节点的交易标识信息、数据的哈希hash、数据的密钥信息hash等。In another possible implementation manner, the first blockchain is used to record key information of the data, and the first transaction of the first blockchain includes at least one of the following: a connection identifier, a cross-chain identifier, Identification information of the first node, the data identifier, the first node identifier, the device identifier of the first node, the public key of the first node, the key information of the data, the transaction index information, the time of accessing the data, the first blockchain node The identifier, the transaction identifier information of the first blockchain node, the hash hash of the data, the key information hash of the data, and the like.
或者,所述第二区块链用于记录数据的信息,所述第二区块链的第B交易包括至少一项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、交易索引信息、第二区块链节点标识、第二区块链节点的交易标识信息、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash、激励、激励响应的hash、产生响应的时间等。Alternatively, the second blockchain is used to record information of the data, and the B-transaction of the second blockchain includes at least one item: a connection identifier, a cross-chain identifier, identification information of the first node, data identifier, a node identifier, a device identifier of the first node, a public key of the first node, transaction index information, a second block chain node identifier, a transaction identifier information of the second block chain node, a hash hash of the data, and a data information hash The address information hash of the encrypted data or the key information hash of the data, the stimulus, the hash of the stimulus response, the time when the response is generated, and the like.
或者,所述第三区块链用于记录将节点X将密钥信息和或数据信息提供给节点Y,所述第三区块链的第C交易包括以下至少一项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash、数据的密钥信息hash、第一节点获取数据信息和数据的密钥信息的交易,第一区块链为第一节点提供数据的密钥信息、第二区块链为第一节点提供数据的密钥信息等。Alternatively, the third blockchain is used to record that the node X provides key information and or data information to the node Y, and the C transaction of the third blockchain includes at least one of the following: a connection identifier, a cross-chain Identification, identification information of the first node, data identifier, first node identifier, public key of the first node, time of accessing the data, blockchain node identifier, transaction identifier information of the blockchain node, transaction index information, cross-chain Identification, data hash hash, data information hash, encrypted data address information hash, data key information hash, first node acquisition data information and data key information transaction, the first blockchain is the first node The key information of the data is provided, the second blockchain is key information for providing data to the first node, and the like.
本方面所述的方法可以通过一种硬件实现,例如该硬件可以包括处理器和收发器,其中处理器执行上述方法中的记录功能,收发器执行上述方法通知功能;或者该方法也可以通过软件执行相应的指令去实现。该硬件可以独立使用,也可以做为一个集成模块与其他硬件设备组合使用。这个实施例也可以本发明的其他实施例组合起来使用。对此,本发明实施例不做具体的限定。只要能解决本发明的技术问题即如何实现多链场景下把多个相关的交易关联起来,达到多链场景下方便多链协作和跨链调用,同时实现了多种相关信息的可追溯效果,都属于本发明要保护的范围。The method described in this aspect may be implemented by a hardware, for example, the hardware may include a processor and a transceiver, wherein the processor performs a recording function in the above method, and the transceiver performs the above method notification function; or the method may also pass the software Execute the corresponding instructions to achieve. The hardware can be used stand-alone or as an integrated module in combination with other hardware devices. This embodiment can also be used in combination with other embodiments of the present invention. In this regard, the embodiments of the present invention are not specifically limited. As long as the technical problem of the present invention can be solved, that is, how to associate multiple related transactions in a multi-chain scenario to achieve convenient multi-chain cooperation and cross-chain calling in a multi-chain scenario, and at the same time realize a traceability effect of various related information. All belong to the scope of the invention to be protected.
附图说明DRAWINGS
图1为本申请提供的一种网络中数据传输的示意图;1 is a schematic diagram of data transmission in a network provided by the present application;
图2为本申请实施例提供的一种数据传输方法的流程示意图;2 is a schematic flowchart of a data transmission method according to an embodiment of the present application;
图3为本申请实施例提供的一种数据传输方法的信令流程图;FIG. 3 is a signaling flowchart of a data transmission method according to an embodiment of the present application;
图4为本申请实施例提供的另一种数据传输方法的信令流程图;FIG. 4 is a signaling flowchart of another data transmission method according to an embodiment of the present application;
图5为本申请实施例提供的又一种数据传输方法的信令流程图;FIG. 5 is a signaling flowchart of still another data transmission method according to an embodiment of the present application;
图6为本申请实施例提供的又一种数据传输方法的信令流程图;FIG. 6 is a signaling flowchart of still another data transmission method according to an embodiment of the present application;
图7为本申请实施例提供的一种数据传输装置的结构示意图;FIG. 7 is a schematic structural diagram of a data transmission apparatus according to an embodiment of the present application;
图8为本申请实施例提供的一种网络节点的结构示意图。FIG. 8 is a schematic structural diagram of a network node according to an embodiment of the present disclosure.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本申请实施例中的技术方案,并使本申请实施例的上述目的、特征和优点能够更加明显易懂,下面结合附图对本申请实施例中的技术方案作进一步详细的说明。The above-mentioned objects, features, and advantages of the embodiments of the present application can be more clearly understood and understood by those skilled in the art. The program is explained in further detail.
本申请所提供的技术方案为解决数据提供方向用户直接提供服务或数据的安全性问题。具体地,参见图1,示出了一种网络中数据流转的示意图,该网络中包括提供数据方的数据源节点(source D)、可转发数据或服务的中继节点(relay),例如中继节点B和中继节点C,用于接收并转发用户的请求消息,以及反馈数据给请求方用户,还包括至少一个用户。The technical solution provided by the present application solves the security problem that the user directly provides the service or data to the data providing direction. Specifically, referring to FIG. 1, a schematic diagram of data flow in a network is provided, where the network includes a data source node (source D) providing data parties, and a relay node (relay) capable of forwarding data or services, for example, Following the Node B and the relay node C, the request message for receiving and forwarding the user, and the feedback data to the requesting user, and at least one user.
当请求方用户A向数据源节点D发请求消息,以请求访问数据时,该请求消息要经过至少一个中继节点(例如中继节点B和中继节点C)依次转发后,最后达到数据源节点D,该数据源节点D接收到请求消息之后再将对应的数据反馈给用户A,供用户A进行访问。此时,当用户E向数据源节点D发请求消息,要求访问所述数据时,来自用户E的请求消息也会经过中继节点转发达到数据源节点D,数据源节点D接收到该请求消息之后再反馈结果给用户E。When the requesting user A sends a request message to the data source node D to request access to the data, the request message is sequentially forwarded by at least one relay node (for example, the relay node B and the relay node C), and finally reaches the data source. Node D, after receiving the request message, the data source node D feeds back the corresponding data to the user A for the user A to access. At this time, when the user E sends a request message to the data source node D requesting access to the data, the request message from the user E is also forwarded by the relay node to the data source node D, and the data source node D receives the request message. Then feedback the result to user E.
在这一数据流转的过程中,无论是请求消息还是数据都要经过多个中继节点转发,因此会产生一定延迟,并且对于距离数据源节点较远的用户而言,获得反馈结果耗时较长,另外,在中继节点需要大量的转发和反馈数据的业务还增加了传输负担。另一方面,数据源节点为保证传输安全性和请求一方的利益,当数据源节点将数据提供给用户A时,即允许用户A的访问权限时,就会拒绝用户E再访问该数据,进而无法实现数据在不同用户之间的访问和共享。In the process of data flow, both the request message and the data are forwarded through multiple relay nodes, so a certain delay is generated, and for users far away from the data source node, obtaining feedback results is time consuming. Long, in addition, the service that requires a large amount of forwarding and feedback data at the relay node also increases the transmission burden. On the other hand, the data source node guarantees the transmission security and the interests of the requesting party. When the data source node provides the data to the user A, that is, when the access right of the user A is allowed, the user E is denied to access the data again. Data cannot be accessed and shared between different users.
本申请以下实施例所提供的技术方案,将移动边缘计算和区块链技术相结合,在实现以低延迟,低负载为用户提供服务和数据的同时,还保证了数据传输的安全性,以及业务和数据提供方的利益。The technical solution provided by the following embodiments of the present application combines mobile edge computing and blockchain technology to provide services and data for users with low latency and low load, and also ensures data transmission security, and The interests of the business and data providers.
首先,对本申请涉及到区块链技术的基本概念进行简单的介绍和说明。First, the basic concept of the blockchain technology is briefly introduced and explained in this application.
本申请的技术方案涉及区块链,所述区块链(blockchain)是一种分布式数据库,起源自比特币,是比特币的底层技术。区块链是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一次比特币网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。The technical solution of the present application relates to a blockchain, which is a distributed database, which originates from bitcoin and is the underlying technology of bitcoin. A blockchain is a string of data blocks generated using cryptographic methods. Each block contains information about a bitcoin network transaction for verifying the validity of its information (anti-counterfeiting) and generating the next block.
狭义来讲,区块链是一种按照时间顺序将数据区块以顺序相连的方式组合成的一种链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。广义来讲,区块 链技术是利用块链式数据结构来验证与存储数据、利用分布式节点共识算法来生成和更新数据、利用密码学的方式保证数据传输和访问的安全、利用由自动化脚本代码组成的智能合约来编程和操作数据的一种全新的分布式基础架构与计算范式。In a narrow sense, a blockchain is a chained data structure that combines data blocks in a sequential manner in chronological order, and cryptographically guaranteed non-tamperable and unforgeable distributed ledgers. Broadly speaking, blockchain technology uses blockchain data structures to validate and store data, use distributed node consensus algorithms to generate and update data, and use cryptography to ensure data transmission and access security, using automated scripts. The code consists of a smart contract to program and manipulate data in a completely new distributed infrastructure and computing paradigm.
区块链主要用于解决的交易的信任和安全问题,因此利用区块链可以提出以下方面的技术创新:Blockchain is mainly used to solve the trust and security problems of transactions, so the use of blockchain can propose the following technological innovations:
第一、分布式账本First, distributed ledger
所谓分布式账本是指交易记账由分布在不同地方的多个节点共同完成,而且每一个节点都记录的是完整的账目,因此它们都可以参与监督交易合法性,同时也可以共同为其作证,从而避免了单一记账人被控制或者被贿赂而导致记假账情况的可能。另一方面,由于区块链上的节点足够多,即记账的节点数量多,理论上除非所有的节点都被破坏,否则账目就不会丢失,从而保证了账目数据的安全性。The so-called distributed ledger means that transaction accounting is done by multiple nodes distributed in different places, and each node records the complete accounts, so they can all participate in supervising the legality of the transaction, and can also jointly testify for them. , thereby avoiding the possibility that a single biller is controlled or bribed to result in a false accounting situation. On the other hand, since there are enough nodes on the blockchain, that is, the number of nodes for accounting is large, in theory, unless all nodes are destroyed, the accounts will not be lost, thus ensuring the security of the account data.
第二、对称加密和授权技术Second, symmetric encryption and authorization technology
所谓对称加密和授权技术可以认为存储在区块链上的交易信息是公开的,但是账户身份信息是高度加密的,只有在数据拥有者授权的情况下才能访问数据,从而进一步保证了数据的安全性和用户的个人隐私。The so-called symmetric encryption and authorization technology can be considered that the transaction information stored in the blockchain is public, but the account identity information is highly encrypted, and the data can be accessed only when the data owner authorizes, thereby further ensuring data security. Sex and the privacy of the user.
第三、共识机制Third, the consensus mechanism
所谓做共识机制是指所有记账节点之间是如何达成共识的,去认定一个记录的有效性,这既是认定的手段,也是防止篡改的手段。以比特币为例,采用工作量证明(Proof of Work,PoW)算法,只有在控制了全网超过51%的记账节点的情况下,才有可能伪造出一条不存在的记录。当加入区块链的节点足够多的时候,这种控制伪造记录的可能性会非常低,从而能够有效防止造假。The so-called consensus mechanism refers to how consensus is reached between all accounting nodes to determine the validity of a record. This is both a means of identification and a means of preventing tampering. Taking Bitcoin as an example, using the Proof of Work (PoW) algorithm, it is only possible to forge a record that does not exist if the accounting node of the whole network is controlled by more than 51%. When the number of nodes joining the blockchain is sufficient, the possibility of controlling forgery records is very low, so that fraud can be effectively prevented.
第四、智能合约Fourth, smart contracts
所述智能合约是基于区块链上可信的且不可篡改的数据,可以自动化执行的一些预先定义好的规则和条款。The smart contract is based on trusted and non-tamperable data on the blockchain and can be automated to execute some predefined rules and terms.
在比特币作为加密数字货币网络中,不存在中心化的节点,服务器和数据库。系统的运行维护也不依赖于管理人员。网络节点严格地通过工作量证明数学算法,将特定的时间交易的数字指纹封装为区块(block),并快速向全网广播,使用散列技术在区块之间形成紧密的链状结构,组成安全性极高的公开账本,即区块链。通过区块链技术,加密数字货币系统巧妙地解决了“双花”问题,如实地记录了所有交易数据,保障各项记录的正式性和可追溯性,同时所有交易的痕迹也极难被销毁。In Bitcoin as an encrypted digital currency network, there are no centralized nodes, servers and databases. The operation and maintenance of the system is also independent of the management personnel. The network node strictly encapsulates the digital fingerprint of the specific time transaction into a block by the workload proof mathematical algorithm, and quickly broadcasts to the whole network, using hash technology to form a tight chain structure between the blocks. Form a highly secure public account book, the blockchain. Through blockchain technology, the encrypted digital currency system skillfully solves the "double flower" problem, faithfully records all transaction data, guarantees the formality and traceability of each record, and the traces of all transactions are extremely difficult to destroy. .
区块链是由包含交易的区块从后向前有序链接起来的数据结构。它可以被存储为一种包含非相对关系记录的文件,或者是存储在一个简单数据库中。A blockchain is a data structure that is chained from back to front by blocks containing transactions. It can be stored as a file containing non-relative relationship records, or stored in a simple database.
区块是一个被包含在区块链里的聚合了交易的容器数据结构,它由一个包含元数据的区块头和紧跟其后的构成区块主体的一长串交易组成。A block is a containerized data structure of aggregated transactions that is contained in a blockchain. It consists of a block header containing metadata and a long list of transactions that immediately follow the body of the block.
进一步地,区块结构具体包括:区块大小、区块头、交易计数器和交易(Transaction)。其中,所述交易计数器用于记录交易数量;交易用于记录交易详情,且字节长度可变。对每个区块头进行SHA256加密哈希,可生成一个哈希值,并且通过这个哈希值可以识别区块链中的对应区块。Further, the block structure specifically includes: a block size, a block header, a transaction counter, and a transaction. Wherein, the transaction counter is used to record the number of transactions; the transaction is used to record transaction details, and the byte length is variable. A SHA256 cryptographic hash is performed on each block header to generate a hash value, and the corresponding block in the blockchain can be identified by this hash value.
所述区块头由三组元数据组成,第一组元数据是一组引用父区块哈希值的数据,这组 元数据用于将该区块与区块链中前一区块相连接。第二组元数据包括:难度,时间戳和Nonce。第三组元数据是Merkle树根,用于有效地总结区块中所有交易的数据结构。The block header is composed of three sets of metadata, and the first set of metadata is a set of data referring to a hash value of the parent block, and the set of metadata is used to connect the block to the previous block in the blockchain. . The second set of metadata includes: difficulty, time stamp, and Nonce. The third set of metadata is the Merkle tree root, which is used to effectively summarize the data structure of all transactions in the block.
所述交易(Transaction)用于区块链记录各类信息。例如针对比特币网络,交易用于记录A给B多少比特币;例如对于设备共享网络,交易用于记录用户A为用户B共享了设备X,交易中包含了A的标识,B的标识,设备X的标识,甚至可以包括共享该设备的时间,地点,设备的地址信息,共享该设备的有效时间等等。这里仅仅举例什么是区块链中的交易,但本发明不仅限于上述两个举例。The transaction is used for the blockchain to record various types of information. For example, for the bitcoin network, the transaction is used to record how many bitcoins A gives to B; for example, for a device sharing network, the transaction is used to record that user A shares device X for user B, and the transaction contains the identifier of A, the identifier of B, and the device. The identification of X may even include the time, location, location information of the device, the effective time of sharing the device, and the like. Here, only the transactions in the blockchain are exemplified, but the present invention is not limited to the above two examples.
进一步地,所述区块链包括以下特征:Further, the blockchain includes the following features:
特征1:去中心化Feature 1: Decentralization
整个网络没有中心化的硬件或者管理机构,任意节点之间的权利和义务都是均等的,且任一节点的损坏或者失去都会不影响整个系统的运作,因此可以认为区块链系统具有极好的健壮性。The entire network has no centralized hardware or management organization. The rights and obligations between any nodes are equal, and the damage or loss of any node will not affect the operation of the whole system. Therefore, the blockchain system can be considered excellent. Robustness.
特征2:去信任Feature 2: Go to trust
参与整个系统中的每个节点之间进行数据交换是无需互相信任的,整个系统的运作规则是公开透明的,所有的数据内容也是公开的,因此在系统指定的规则范围和时间范围内,节点之间是不能也无法欺骗其它节点。Participating in data exchange between each node in the whole system does not need to trust each other. The operating rules of the whole system are open and transparent, and all data contents are also public. Therefore, within the scope and time range specified by the system, the nodes are It is impossible and impossible to deceive other nodes.
特征3:集体维护Feature 3: Collective Maintenance
系统中的数据块由整个系统中所有具有维护功能的节点来共同维护,而这些具有维护功能的节点是任何人都可以参与的。The data blocks in the system are maintained by all nodes with maintenance functions in the entire system, and these nodes with maintenance functions can be participated by anyone.
特征4:可靠数据库Feature 4: Reliable database
整个系统将通过分数据库的形式,让每个参与节点都能获得一份完整数据库的拷贝。除非能够同时控制整个系统中超过51%的节点,否则对单个节点上数据库的修改是无效的,也无法影响其他节点上的数据内容,因此参与系统中的节点越多和计算能力越强,该系统中的数据安全性越高。The entire system will be in the form of a sub-database, allowing each participating node to obtain a copy of the complete database. Unless the node can control more than 51% of the nodes in the whole system at the same time, the modification of the database on a single node is invalid, and the data content on other nodes cannot be affected. Therefore, the more nodes and the more computing power in the participating system, the stronger the computing power is. The higher the data security in the system.
特征5:匿名性Feature 5: Anonymity
由于节点和节点之间是无需互相信任的,因此节点和节点之间无需公开身份,在系统中的每个参与的节点都是匿名的。Since nodes and nodes do not need to trust each other, there is no need to disclose identity between nodes and nodes, and each participating node in the system is anonymous.
本申请所述的区块链和区块链系统可以应用于各种网络中(例如物联网中),所述区块或者区块链节点可以部署在各种网络设备(例如物联网设备)上。所述网络设备包括工业物联网设备,例如各类工业传感器、控制模块等等;还可以是可穿戴设备、家用电器、家居传感器、家居控制模块等,或者是基站、增强型基站、或具有调度功能的中继、或具有基站功能的设备等。其中,基站可以是LTE系统中的演进型基站(evolved Node B,eNB),也可以其他系统中的基站,本申请实施例并不限定。The blockchain and blockchain system described in the present application can be applied to various networks (such as in the Internet of Things), and the block or blockchain nodes can be deployed on various network devices (such as IoT devices). . The network device includes industrial IoT devices, such as various industrial sensors, control modules, and the like; and may also be wearable devices, home appliances, home sensors, home control modules, etc., or base stations, enhanced base stations, or have scheduling Relay of functions, or devices with base station functions, etc. The base station may be an evolved Node B (eNB) in the LTE system, or may be a base station in other systems. The embodiment of the present application is not limited.
另外,上述各类设备可以是用户设备(user equipment,UE),例如手机、智能终端、多媒体设备、流媒体设备等。所述UE还可以是其它无线网络设备,例如基站(Node B),具体地该无线网络设备的形式和类型本申请不予限制。In addition, the foregoing various types of devices may be user equipment (UE), such as a mobile phone, a smart terminal, a multimedia device, a streaming media device, and the like. The UE may also be another wireless network device, such as a base station (Node B). Specifically, the form and type of the wireless network device are not limited herein.
UE可以经无线接入网(radio access network,RAN)与一个或多个核心网进行通信,UE还可以通过其它方式接入无线网络进行通信,UE也可以与其它UE直接进行无线通信,本申请实施例对此不作限定。The UE may communicate with one or more core networks via a radio access network (RAN), and the UE may also access the wireless network for communication by other means, and the UE may also directly perform wireless communication with other UEs. The embodiment does not limit this.
在本申请的以下各个实施例中,各个网络设备统称为网络节点,所述网络节点可以是发送请求消息的第一节点、第二节点,还可以是区块链上的某一个区块链节点、转发的中继节点,还可以是数据源节点。进一步地,所述网络节点包括但不限于站点、基站、UE和终端。另外,本申请各个实施例中的设备和节点这两个概念等同,即所述设备可以指代节点、站点、UE、网元设备、传感器等。In the following various embodiments of the present application, each network device is collectively referred to as a network node, and the network node may be a first node, a second node that sends a request message, or may be a blockchain node on the blockchain. The forwarded relay node may also be a data source node. Further, the network node includes but is not limited to a station, a base station, a UE, and a terminal. In addition, the two concepts of the device and the node in the various embodiments of the present application are equivalent, that is, the device may refer to a node, a station, a UE, a network element device, a sensor, and the like.
本申请的各个技术方案可以应用于物联网系统,通过以智能共享设备为载体,实现系统中大数据的共享和访问,但以下各个实施例包括但不限于上述技术场景。The various technical solutions of the present application can be applied to the Internet of Things system, and the sharing and access of big data in the system is implemented by using the intelligent shared device as a carrier. However, the following embodiments include, but are not limited to, the foregoing technical scenarios.
为了降低数据传输延迟和负载,并且在保证数据安全性的同时,保护数据提供方的利益,本申请各个实施例的技术方案中,将移动边缘计算与区块链技术相结合,使得请求方可以从距离其位置较近的区块链节点获得与待访问数据相关的信息,例如,数据信息和数据的密钥信息等。In order to reduce the data transmission delay and load, and to protect the data provider's interests while ensuring data security, in the technical solution of various embodiments of the present application, the mobile edge calculation is combined with the blockchain technology, so that the requesting party can Information related to the data to be accessed, such as data information and key information of the data, is obtained from a block chain node that is closer to its location.
具体地,如图2所示,本申请提供的一种数据传输方法包括以下步骤:Specifically, as shown in FIG. 2, a data transmission method provided by the present application includes the following steps:
步骤201:第一节点获得数据信息和第一区块链上记录的数据的密钥信息。Step 201: The first node obtains data information and key information of data recorded on the first blockchain.
其中,所述数据信息用于确定第一节点所要访问的加密数据,其中,所述数据信息包括加密数据或加密数据的地址信息。所述数据的密钥信息用于得到密钥,该密钥用于对所述加密数据进行解密得到待访问的数据,所述数据的密钥信息包括:被加密的数据密钥或存储被加密的数据密钥的地址信息。The data information is used to determine encrypted data to be accessed by the first node, where the data information includes encrypted data or address information of the encrypted data. The key information of the data is used to obtain a key, which is used to decrypt the encrypted data to obtain data to be accessed, and the key information of the data includes: the encrypted data key or the storage is encrypted The address information of the data key.
所述数据信息可以从区块链上获得,或者通过边缘设备获得,还可以直接从数据源节点获得,本申请对此不做具体限制。所述数据的密钥信息可以从区块链上获得,或者根据指示信息,例如交易索引信息来获得,还可以通过其它方式获得,例如从边缘设备获得等等,本申请对此不予限制。The data information can be obtained from the blockchain, or obtained by the edge device, and can also be obtained directly from the data source node, which is not specifically limited in this application. The key information of the data may be obtained from the blockchain, or may be obtained according to the indication information, such as the transaction index information, and may also be obtained by other means, such as obtaining from the edge device, etc., which is not limited in this application.
步骤202:根据所述数据信息得到加密数据,以及根据所述数据的密钥信息获得密钥。Step 202: Obtain encrypted data according to the data information, and obtain a key according to the key information of the data.
如果数据信息为加密数据,则第一节点可以直接从数据信息中获得加密数据;如果数据信息为加密数据的地址信息,则第一节点根据该地址信息确定加密数据的地址,再通过该地址获得所述加密数据。If the data information is encrypted data, the first node may obtain the encrypted data directly from the data information; if the data information is the address information of the encrypted data, the first node determines the address of the encrypted data according to the address information, and obtains the address through the address. The encrypted data.
同理地,利用所述数据的密钥信息获得密钥的过程具体包括:一种可能的方式是,第一节点利用第一节点的私钥对所述数据的密钥信息进行解密得到密钥。Similarly, the process of obtaining the key by using the key information of the data includes: a possible manner, the first node decrypts the key information of the data by using the private key of the first node to obtain a key. .
步骤203:利用所述密钥对所述加密数据进行解密得到数据。Step 203: Decrypt the encrypted data by using the key to obtain data.
本实施例提供的方法,利用区块链上数据共享的特性,使得请求方例如第一节点可以从区块链的任意一个区块链节点上直接获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟。The method provided in this embodiment utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network. Or the burden of repeated transmission between multiple routes, less transmission delay.
此外,第一节点通过第一区块链节点获得数据的密钥信息,由于该数据的密钥信息经第一节点的公钥加密,所以被授权的第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。In addition, the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data. Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
进一步地,第一节点获得数据后,具体地,例如第一节点接收到其他节点(例如第二节点)的请求消息,用于请求所述相同的数据,第一节点可以为其他节点提供所述数据的数据信息或者密钥信息。Further, after the first node obtains the data, specifically, for example, the first node receives a request message of another node (for example, the second node) for requesting the same data, and the first node may provide the other node with the Data information or key information of the data.
针对本申请所述的方法涉及的非对称加密算法和PUF技术,下面对其进行详细地说明。The asymmetric encryption algorithm and the PUF technique involved in the method described in the present application are described in detail below.
本申请各个实施例中,所述数据的密钥信息是由第一节点的私钥或者公钥通过PUF技 术中的激励响应来生成,进而保证数据相关信息在区块链网络中传输的安全性。In various embodiments of the present application, the key information of the data is generated by the private key or the public key of the first node through the incentive response in the PUF technology, thereby ensuring the security of the data related information transmitted in the blockchain network. .
非对称加密算法:非对称加密算法的密钥分为公钥和私钥,用户或系统产生一对密钥,将其中的一个公开,就是公钥,另一个自己保留,就是私钥。一般情况下,通信时,发送方利用公钥对信息进行加密,接收方利用私钥对信息进行解密完成通信。当然,也可用私钥加密,公钥解密。因为加密与解密用的是两个不同的密钥,所以这种算法也叫作非对称加密算法。Asymmetric encryption algorithm: The key of the asymmetric encryption algorithm is divided into a public key and a private key. The user or the system generates a pair of keys, one of which is disclosed as a public key, and the other is a private key. Under normal circumstances, when communicating, the sender encrypts the information by using the public key, and the receiver decrypts the information by using the private key to complete the communication. Of course, private key encryption can also be used to decrypt the public key. Since encryption and decryption use two different keys, this algorithm is also called an asymmetric encryption algorithm.
常见的算法有例如是椭圆曲线密码算法,但本申请不仅限于椭圆曲线密码算法。A common algorithm is, for example, an elliptic curve cryptographic algorithm, but the application is not limited to an elliptic curve cryptographic algorithm.
哈希算法:是一种只能加密,不能解密的密码学算法,可以将任意长度的信息转换成一段固定长度的字符串。这段字符串有两个特点:Hash algorithm: It is a cryptographic algorithm that can only encrypt and cannot decrypt. It can convert any length of information into a fixed length string. This string has two characteristics:
1.就算输入值只改变一点,输出的哈希值也会天差地别。1. Even if the input value changes only a little, the hash value of the output will be different.
2.只有完全一样的输入值才能得到完全一样的输出值。2. Only the exact same input value can get exactly the same output value.
3.输入值与输出值之间没有规律,所以不能通过输出值算出输入值。要想找到指定的输出值,只能采用枚举法:不断更换输入值,寻找满足条件的输出值。3. There is no regularity between the input value and the output value, so the input value cannot be calculated from the output value. To find the specified output value, you can only use the enumeration method: constantly change the input value to find the output value that meets the condition.
哈希算法保证了不能逆向推导出结果。例如,SHA256属于SHA(Secure Hash Algorithm,安全哈希算法)家族一员。The hash algorithm guarantees that the results cannot be derived backwards. For example, SHA256 is a member of the SHA (Secure Hash Algorithm) family.
PUF技术:物理不可克隆函数(Physical Unclonable Functions,PUF),其本质是一个函数,给这个函数一定输入,会得到相应的输出。利用芯片制造工艺上的不可避免的差异(随机物理特性)产生特有的激励-响应对,体现在电路结构上即对称的结构由于制造工艺产生不对称的结果。目前PUF技术的主要实现方法可以包括:PUF technology: Physical Unclonable Functions (PUF), its essence is a function, a certain input to this function, will get the corresponding output. The use of the inevitable difference in the manufacturing process of the chip (random physical properties) produces a unique excitation-response pair, which is reflected in the circuit structure, ie the symmetrical structure results in an asymmetrical result due to the manufacturing process. The main implementation methods of the current PUF technology may include:
非电子PUF:光学PUF、纸PUF、CD PUF。Non-electronic PUF: optical PUF, paper PUF, CD PUF.
模拟电路PUF:基于涂层的PUF、基于阈值电压的PUF、基于电阻的PUF。Analog Circuit PUF: Coating based PUF, threshold voltage based PUF, resistance based PUF.
数字电路PUF:仲裁器PUF、环形振荡器PUF、SRAM-PUF、锁存器PUF、蝶形PUF。Digital circuit PUF: arbiter PUF, ring oscillator PUF, SRAM-PUF, latch PUF, butterfly PUF.
所述第一节点的私钥可以是基于PUF技术产生。进一步地,根据非对称安全算法,第一节点的私钥可产生公钥。也就是说,可以是第一节点利用PUF技术获得了设备指纹信息,利用设备指纹信息生成第一节点的私钥。进一步地,利用非对称密钥算法,通过私钥能够产生公钥。The private key of the first node may be generated based on a PUF technology. Further, according to the asymmetric security algorithm, the private key of the first node may generate a public key. That is to say, the first node may obtain the device fingerprint information by using the PUF technology, and generate the private key of the first node by using the device fingerprint information. Further, the public key can be generated by the private key using an asymmetric key algorithm.
“第一节点的私钥可以是基于PUF技术产生”:具体地,根据“所述PUF技术”,针对任何一个设备/节点,给其输入一个激励,就会产生一个激励响应。对于不同的设备/节点,产生的激励响应各不相同,由此【激励,激励响应】组合会成为一个设备/节点的指纹信息。"The private key of the first node may be generated based on PUF technology": Specifically, according to "the PUF technology", an incentive is input for any one device/node, and an excitation response is generated. For different devices/nodes, the generated stimulus responses are different, and thus the [stimulus, stimulus response] combination becomes the fingerprint information of a device/node.
可选地,将所述激励响应的哈希值作为非对称密钥算法的公钥产生源或者私钥,即第一节点私钥可以表示为【激励,响应的hash】,或者为【响应的hash】,或者利用激励响应的哈希值产生一个私钥。当第一节点的私钥确定之后,再根据非对称密钥算法就会生成对应的公钥。所述第一节点的公钥可以作为是第一节点的节点标识或第一节点的地址。Optionally, the hash value of the excitation response is used as a public key generation source or a private key of the asymmetric key algorithm, that is, the first node private key may be expressed as [stimulus, response hash], or [responsive] Hash], or use the hash value of the stimulus response to generate a private key. After the private key of the first node is determined, the corresponding public key is generated according to the asymmetric key algorithm. The public key of the first node may be the node identifier of the first node or the address of the first node.
其中,所述第一节点/设备的公钥用于对加密数据的密钥(key)进行加密,生成数据的密钥信息;对应的私钥用于解密所述数据的密钥信息,得到所述密钥。区别在于,第一节点/设备的公钥是公开的信息,即各个区块链节点都能获得,而私钥不是公开的,仅第一节点/设备本身享有。The public key of the first node/device is used to encrypt a key of the encrypted data to generate key information of the data; the corresponding private key is used to decrypt the key information of the data, and obtain the key information. Said key. The difference is that the public key of the first node/device is public information, that is, each blockchain node can obtain, and the private key is not public, only the first node/device itself.
下面结合具体的实施例对本申请提供的数据传输方法进行详细的介绍和说明。The data transmission method provided by the present application is described and illustrated in detail below in conjunction with specific embodiments.
实施例一Embodiment 1
本实施例以智能共享设备和/或共享大数据为技术场景来举例说明本申请的技术方案,这种应用场景仅是为了理解本发明的技术方案所举的例子,本发明包括并不限于此。The technical solution of the present application is exemplified in the technical scenario of the smart shared device and/or the shared big data. This application scenario is only an example for understanding the technical solution of the present invention, and the present invention includes and is not limited thereto. .
如图3所示,该应用场景可以包括以下设备:节点U1(表示UE1)、节点N1(表示Node1)、节点D(表示数据源节点Data source)、一个或多个区块链,每个区块链有若干个区块链节点组成,本实施例以上述场景为例来说明发明内容,但是本实施例所提供的方法包括但不限于上述场景。As shown in FIG. 3, the application scenario may include the following devices: node U1 (representing UE1), node N1 (representing Node1), node D (representing data source node Data source), one or more blockchains, and each zone. The blockchain is composed of a plurality of blockchain nodes. The present invention is described by taking the above scenario as an example. However, the method provided in this embodiment includes, but is not limited to, the foregoing scenario.
本实施例提供了一种数据访问方法,具体包括以下步骤:This embodiment provides a data access method, which specifically includes the following steps:
步骤301:第一节点(例如节点U1)发送第一请求消息,所述第一请求消息用于请求数据信息和/或数据的密钥信息。Step 301: The first node (for example, the node U1) sends a first request message, where the first request message is used to request key information of the data information and/or the data.
其中,所述数据信息包括加密数据或加密数据的地址信息,所述数据的密钥信息包括:被加密的数据密钥或存储被加密的数据密钥的地址信息,所述数据的密钥信息用于获得密钥。The data information includes encrypted data or address information of the encrypted data, and the key information of the data includes: an encrypted data key or address information storing an encrypted data key, and key information of the data. Used to get the key.
其中,所述第一请求消息中包括第一信息,例如,所述第一信息包括数据标识(data ID)、第一节点标识或交易索引信息一项或多项组合。The first request message includes first information, for example, the first information includes one or more combinations of a data ID, a first node identifier, or transaction index information.
其中,所述第一节点标识可以是第一节点的设备标识、第一节点的IP地址、是第一节点的公钥或者是其他类型的标识,本申请不做限制,只要能够标识第一节点都属于本发明所保护的范围。The first node identifier may be the device identifier of the first node, the IP address of the first node, the public key of the first node, or other types of identifiers, which is not limited in this application, as long as the first node can be identified. All fall within the scope of protection of the present invention.
需要特别说明的是,所述数据标识可以与第一节点标识相同,也可以不相同。It should be particularly noted that the data identifier may be the same as or different from the first node identifier.
所述交易索引信息(transaction index information)用于确定第一区块链交易,所述第一区块链交易内记录有数据的密钥信息,进一步地,所述交易索引信息包括:区块号、区块高度、交易索引号(transaction index number)或区块链标识中的一项或多项。The transaction index information is used to determine a first blockchain transaction, wherein the first blockchain transaction records key information of the data, and further, the transaction index information includes: a block number One or more of the block height, the transaction index number, or the blockchain identifier.
例如,所述交易索引号以交易索引号X为例,用于表示该交易在该区块中的序号,例如第X个交易。For example, the transaction index number is exemplified by the transaction index number X, and is used to indicate the serial number of the transaction in the block, for example, the Xth transaction.
又例如,所述区块号以区块号Y为例,用于表示该区块是该区块链中的第Y个区块。For another example, the block number is exemplified by the block number Y, and is used to indicate that the block is the Yth block in the blockchain.
再例如,所述区块高度用于表示该区块在该区块链中的位置,即也用于指示区块在该区块链中是第几号区块。As another example, the block height is used to indicate the location of the block in the blockchain, that is, to indicate that the block is the number of blocks in the blockchain.
示例性的,第一节点可以将第一请求消息直接发送给数据源节点。Exemplarily, the first node may send the first request message directly to the data source node.
示例性的,第一节点可以将第一请求消息发给中继节点或者某一个区块链节点,例如可以是将第一请求消息发送给第一区块链节点,并通过该中继节点或第一区块链节点获得相关的数据信息和数据的密钥信息,其中,所述中继节点和所述第一区块链节点可以是同一个节点,也可以是不同的节点。Exemplarily, the first node may send the first request message to the relay node or a certain blockchain node, for example, may send the first request message to the first blockchain node, and through the relay node or The first block chain node obtains related data information and key information of the data, wherein the relay node and the first block chain node may be the same node or different nodes.
步骤302:第一区块链节点或中继节点接收所述第一切点发送的第一请求消息之后,根据所述第一请求消息的内容向数据源节点发送消息,该消息包括所述第一信息,用于请求第一节点需要的数据信息和/或数据的密钥信息。Step 302: After receiving the first request message sent by the first cut point, the first block chain node or the relay node sends a message to the data source node according to the content of the first request message, where the message includes the first A message for requesting data information and/or key information of data required by the first node.
其中,所述第一区块链节点发送的消息可以与所述第一请求消息相同。The message sent by the first blockchain node may be the same as the first request message.
步骤303a:所述数据源节点将数据或数据的地址信息记录在第二区块链或第二区块链节点上。所述数据包括第一节点请求访问的加密数据。Step 303a: The data source node records the address information of the data or the data on the second blockchain or the second blockchain node. The data includes encrypted data that the first node requests to access.
步骤303b:数据源节点获得并利用所述第一节点的公钥对第一节点请求访问的加密数 据的密钥(key)进行加密,生成数据的密钥信息。Step 303b: The data source node obtains and encrypts a key (key) of the encrypted data that the first node requests to access by using the public key of the first node, and generates key information of the data.
具体地,数据源节点接收第一节点或者中继节点或者区块链节点发送的请求消息,所述请求消息用于请求访问数据。Specifically, the data source node receives a request message sent by the first node or the relay node or the blockchain node, where the request message is used to request access to the data.
数据源节点根据所述消息获得第一节点的公钥,利用所述第一节点的公钥对第一节点请求访问的加密数据的密钥(key)进行加密,生成数据的密钥信息。The data source node obtains the public key of the first node according to the message, and encrypts the key of the encrypted data that the first node requests to access by using the public key of the first node to generate key information of the data.
具体地,数据源节点将数据加密,然后把加密后的数据放到区块链上,或者把加密后的数据的存储地址放到区块链上。所述区块链可以是第二区块链,也可以是第一区块链。Specifically, the data source node encrypts the data, and then puts the encrypted data on the blockchain, or puts the storage address of the encrypted data on the blockchain. The blockchain may be a second blockchain or a first blockchain.
步骤304:所述数据源节点将所述数据的密钥信息记录在第一区块链上。Step 304: The data source node records the key information of the data on the first blockchain.
具体地步骤304包括:第一种实现方式,第一区块链节点将所述数据的密钥信息的事件作为第一交易,记录和保存在第一区块链上;根据区块链的共识机制第一区块链上的各个区块链节点都存储该数据的密钥信息,当其中的一个区块链节点,例如第一区块链节点接收到来自第一节点或中继节点发送第一请求消息时,将所述数据的密钥信息发送给第一节点。Specifically, the step 304 includes: in a first implementation manner, the first blockchain node records the event of the key information of the data as a first transaction, and records and stores the information on the first blockchain; according to the consensus of the blockchain Each blockchain node on the first blockchain of the mechanism stores key information of the data, and when one of the blockchain nodes, for example, the first blockchain node receives the first node or the relay node sends the first When a message is requested, the key information of the data is sent to the first node.
第二种实现方式,数据源节点将所述数据的密钥信息作为第一区块链的第一交易,广播到第一区块链节点,以使得所述交易被保存在第一区块链的区块中。In a second implementation manner, the data source node broadcasts the key information of the data as a first transaction of the first blockchain to the first blockchain node, so that the transaction is saved in the first blockchain. In the block.
步骤305:所述第一区块链节点获得所述数据的密钥信息,并将所述数据的密钥信息发送给第一节点。Step 305: The first blockchain node obtains key information of the data, and sends the key information of the data to the first node.
具体地,第一区块链节点可以通过交易索引信息来确定第一区块链交易,并从该第一区块链交易中获取所述数据的密钥信息。其中,所述交易索引信息可由数据源节点生成并发送给所述第一区块链节点或者中继节点。Specifically, the first blockchain node may determine the first blockchain transaction by using the transaction index information, and obtain key information of the data from the first blockchain transaction. The transaction index information may be generated by the data source node and sent to the first blockchain node or the relay node.
或者,第一区块链节点或者数据源节点直接将所述数据的密钥信息发送给第一节点。Alternatively, the first blockchain node or the data source node directly sends the key information of the data to the first node.
或者,第一区块链节点或者数据源节点先将所述数据的密钥信息发送给中继节点,再由中继节点将所述数据的密钥信息发送给第一节点。Alternatively, the first blockchain node or the data source node first sends the key information of the data to the relay node, and then the relay node sends the key information of the data to the first node.
需要特别说明的是,本是实施例中对步骤304和步骤304的顺序不做限定,即方法可以先执行步骤304,数据源节点可以先将所述数据的密钥信息或交易索引信息记录在第一区块链上,然后在执行步骤301,当第一区块链节点或中继节点接收到来自第一节点的第一请求消息时,将区块链中的数据的密钥信息或交易索引信息发送给第一节点。It should be noted that the sequence of step 304 and step 304 is not limited in the embodiment, that is, the method may first perform step 304, and the data source node may first record the key information or transaction index information of the data. On the first blockchain, and then performing step 301, when the first block chain node or the relay node receives the first request message from the first node, the key information or transaction of the data in the blockchain is performed. The index information is sent to the first node.
步骤306:所述第一节点获得第一区块链上记录的所述数据的密钥信息,并利用所述第一节点的私钥对所述数据的密钥信息进行解密得到密钥(key)。Step 306: The first node obtains key information of the data recorded on the first blockchain, and decrypts the key information of the data by using the private key of the first node to obtain a key (key ).
示例性的,第一节点接收第一节点发送的交易索引信息,根据所述交易索引信息确定第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,所述第一节点从所述第一区块链交易获得所述数据的密钥信息。Exemplarily, the first node receives the transaction index information sent by the first node, determines a first blockchain transaction according to the transaction index information, and records the key information of the data in the first blockchain transaction. The first node obtains key information of the data from the first blockchain transaction.
其中,所述交易索引信息中可以包括:区块号、区块高度、交易索引号或区块链标识中的至少一项或多项组合,需要特别说明的是,所述交易索引信息可以由第一区块链节点生成,还可以由数据源节点生成并发送给第一区块链节点。The transaction index information may include at least one or a combination of a block number, a block height, a transaction index number, or a blockchain identifier, and the transaction index information may be The first block chain node is generated and can also be generated by the data source node and sent to the first block chain node.
示例性的,第一节点可以直接获得第一区块链节点发送的所述数据的密钥信息,或者,还可以是第一节点从第一区块链上获取所述数据的密钥信息。Exemplarily, the first node may directly obtain the key information of the data sent by the first blockchain node, or may also be the key information that the first node acquires the data from the first blockchain.
步骤307:所述第一节点从第二区块链节点获得数据信息,其中,所述数据信息包括:加密数据或者加密数据的地址信息,还可以是与所述加密数据的地址具有映射关系的信息 等。Step 307: The first node obtains data information from the second blockchain node, where the data information includes: encrypted data or address information of the encrypted data, and may also have a mapping relationship with the address of the encrypted data. Information, etc.
另外,所述第一节点可以通过以下任一不同的方式获取所述数据信息,具体可以是:In addition, the first node may obtain the data information in any of the following different manners, specifically:
所述第一节点可以从第一区块链或者第二区块链中获得数据信息;或者,The first node may obtain data information from the first blockchain or the second blockchain; or
所述第一节点接收第一区块链节点发送的数据信息,其中,所述第一区块链节点可以是第一区块链中的任一节点;或者,The first node receives data information sent by the first blockchain node, where the first blockchain node may be any node in the first blockchain; or
所述第一节点接收中继节点或者数据源节点发送的数据信息。The first node receives data information sent by the relay node or the data source node.
其中,上述获取所述数据信息方式中,所述第一区块链与第二区块链可以相同,也可以不同。从所述区块链、区块链节点或者中继节点中获得的所述数据信息可以由所述数据源节点提供,包括:所述数据源节点将生成的数据信息存储在第二区块链上,或所述第二区块链上的一个节点,然后所述第二区块链节点再将该所述数据信息发送给所述第一节点。In the above manner of acquiring the data information, the first blockchain and the second blockchain may be the same or different. The data information obtained from the blockchain, the blockchain node, or the relay node may be provided by the data source node, including: the data source node stores the generated data information in a second blockchain Up, or a node on the second blockchain, and then the second blockchain node sends the data information to the first node.
具体地,所述第一节点获得所述数据信息包括:Specifically, the obtaining, by the first node, the data information includes:
所述第一节点获得交易索引信息,根据所述交易索引信息确定区块链交易,其中,所述区块链交易被记录在第一区块链或第二区块链上,且所述区块链交易中记录有所述数据信息;所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项。The first node obtains transaction index information, and determines a blockchain transaction according to the transaction index information, wherein the blockchain transaction is recorded on a first blockchain or a second blockchain, and the zone The data information is recorded in the blockchain transaction; the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
示例性的,所述第一节点向中继节点发送交易索引信息,接收中继节点根据所述交易索引信息发送的数据信息。Exemplarily, the first node sends transaction index information to the relay node, and receives data information that is sent by the relay node according to the transaction index information.
此外,所述第一节点还可以通过其它方式获得所述数据信息,本申请实施例对此不做限定。In addition, the first node may obtain the data information in other manners, which is not limited by the embodiment of the present application.
本实施例中,所述第一节点根据交易索引信息获取数据信息,可以避免加密数据或加密数据的地址信息直接在网络中传输,容易被盗取,利用交易索引信息得到数据信息进一步提高了数据传输的安全性。In this embodiment, the first node acquires data information according to the transaction index information, and can prevent the encrypted data or the address information of the encrypted data from being directly transmitted in the network, and is easily stolen, and the data information is further improved by using the transaction index information. Security of the transmission.
步骤308:所述第一节点根据所述数据信息得到加密数据,并利用密钥对所述加密数据进行解密得到数据。Step 308: The first node obtains encrypted data according to the data information, and decrypts the encrypted data by using a key to obtain data.
例如,所述数据信息可以是待访问的加密数据,或者所述加密数据对应的地址信息,进一步地,如果所述数据信息是加密数据,则所述第一节点接收到所述数据信息时即获得所述加密数据;如果所述数据信息是加密数据的地址信息,则可以通过所述地址信息的确定加密数据存放的地址,然后再利用该地址获取所述加密数据。For example, the data information may be encrypted data to be accessed, or address information corresponding to the encrypted data. Further, if the data information is encrypted data, when the first node receives the data information, Obtaining the encrypted data; if the data information is address information of the encrypted data, the address stored by the data may be encrypted by determining the address information, and then the encrypted data is obtained by using the address.
所述第一节点利用步骤306中解密得到的密钥key对所述获得的加密数据进行解密,得到待访问数据。The first node decrypts the obtained encrypted data by using the key obtained by decrypting in step 306 to obtain data to be accessed.
本实施例提供的方法,利用区块链上数据共识机制,使得请求方即第一节点可以从区块链,或区块链上任一节点上获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟,提高传输效率。The method provided in this embodiment utilizes a data consensus mechanism on the blockchain, so that the requesting party, that is, the first node, can obtain data information from the blockchain or any node on the blockchain, thereby reducing data information in the core network or The burden of repeated transmission between multiple routes reduces transmission delay and improves transmission efficiency.
并且,所述第一节点从区块链上获得数据的密钥信息,由于所述数据的密钥信息经第一节点的公钥加密,所以被授权的所述第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。And, the first node obtains key information of the data from the blockchain, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read With this data, other nodes cannot decrypt and access the data, thereby improving the security of data transmission.
示例性的,所述方法还可以包括:Exemplarily, the method may further include:
步骤309:所述第一节点将获得数据信息和从区块链上获得数据的密钥信息作为一个交易事件,记录在第三区块链上。所述交易事件可以被称为第一交易事件或第一交易。进 一步地,所述第一节点可以将所述第一交易事件广播到第三区块链的任一节点上,来将所述第一交易事件记录在第三区块链上。Step 309: The first node obtains the data information and the key information obtained from the blockchain as a transaction event, and records it on the third blockchain. The transaction event may be referred to as a first transaction event or a first transaction. Further, the first node may broadcast the first transaction event to any node of the third blockchain to record the first transaction event on the third blockchain.
其中,第三区块链上记录的第一交易事件可以包括以下一项或多项:数据标识、访问所述数据的设备标识、访问所述数据的时间、交易索引信息、第一区块链标识、第二区块链标识、第一区块链的交易标识信息、第二区块链的交易标识信息、第三区块链标识或第三区块链的交易标识信息等。其中,所述区块链的交易标识信息包括:该交易所在的区块号和/或交易的索引等。The first transaction event recorded on the third blockchain may include one or more of the following: a data identifier, a device identifier accessing the data, a time of accessing the data, transaction index information, and a first blockchain. The identifier, the second blockchain identifier, the transaction identifier information of the first blockchain, the transaction identifier information of the second blockchain, the third blockchain identifier, or the transaction identifier information of the third blockchain. The transaction identifier information of the blockchain includes: a block number of the transaction and/or an index of the transaction.
同理地,在所述数据源节点确定了第一节点请求的待访问的加密数据后,还可以将所述加密数据或者加密数据的数据信息作为一个交易,记录和存储在第二区块链上。Similarly, after the data source node determines the encrypted data to be accessed requested by the first node, the encrypted data or the data information of the encrypted data may also be recorded, stored, and stored in the second blockchain. on.
根据本申请实施例所述的在第一区块链、第二区块链和第三区块链上的3中交易(transaction),可以做如下区分:According to the three transactions in the first blockchain, the second blockchain, and the third blockchain according to the embodiment of the present application, the following distinction can be made:
第一区块链:记录数据的密钥信息的交易。The first blockchain: a transaction that records key information of data.
第二区块链:记录数据信息的交易。Second blockchain: A transaction that records data information.
第三区块链:记录事件交易,例如记录第一区块链节点为第一节点提供数据的密钥信息,第二区块链节点为第一节点提供数据信息。The third blockchain: records the event transaction, for example, records the key information of the first blockchain node providing data for the first node, and the second blockchain node provides the first node with data information.
所述第一区块链记录的交易中包括以下一项或多项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、数据的密钥信息、交易索引信息、访问数据的时间、第一区块链节点标识、第一区块链节点的交易标识信息、数据的哈希hash、数据的密钥信息hash等。The transaction recorded by the first blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a first The public key of the node, the key information of the data, the transaction index information, the time of accessing the data, the identifier of the first block chain node, the transaction identification information of the first block chain node, the hash hash of the data, and the key information of the data Hash and so on.
所述第二区块链记录的交易中包括以下一项或多项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、交易索引信息、第二区块链节点标识、第二区块链节点的交易标识信息、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash、激励、激励响应的hash、产生响应的时间等。The transaction recorded by the second blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a first The public key of the node, the transaction index information, the second block chain node identifier, the transaction identifier information of the second block chain node, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information of the data Hash, stimulus, hash of stimulus response, time to generate response, etc.
所述第三区块链记录的交易中包括以下一项或多项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash、数据的密钥信息hash、第一节点获取数据信息和数据的密钥信息的交易,第一区块链为第一节点提供数据的密钥信息、第二区块链为第一节点提供数据的密钥信息等。The transaction recorded by the third blockchain includes one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a public key of the first node, and access data. Time, blockchain node identifier, transaction chain identification information of the blockchain node, transaction index information, cross-chain identification, data hash hash, data information hash, encrypted data address information hash, data key information hash, The first node acquires the transaction of the key information of the data information and the data, the first blockchain provides the key information of the data for the first node, and the key information of the second blockchain for providing the data for the first node.
其中,区块链交易中记录数据的哈希hash用于验证数据传输的真实性和完整性,具体的,例如,第一节点在解密获得数据后,根据hash算法获得该解密数据的hash。第一节点还从区块链(例如第二区块链)上获取与该数据hash。进一步地,第一节点对比所述数据的hash和所述解密数据的hash,如果两个值不一致,则第一节点获得的数据是被篡改的数据;或者,如果两个值一致,则表明第一节点获得的数据是可信数据。The hash hash of the data recorded in the blockchain transaction is used to verify the authenticity and integrity of the data transmission. Specifically, for example, after decrypting the data, the first node obtains the hash of the decrypted data according to the hash algorithm. The first node also retrieves the data hash from the blockchain (eg, the second blockchain). Further, the first node compares the hash of the data with the hash of the decrypted data, and if the two values are inconsistent, the data obtained by the first node is falsified data; or, if the two values are consistent, the first The data obtained by a node is trusted data.
其中,所述第一区块链、第二区块链和第三区块链可以是同一个区块链,当这3种交易都记录在同一个区块链上时,可以通过标识,例如连接标识来连接。The first blockchain, the second blockchain, and the third blockchain may be the same blockchain. When all three transactions are recorded on the same blockchain, the identifier may be identified, for example, Connect the logo to connect.
当所述第一区块链、第二区块链和第三区块链是三个各不同的区块链时,可以通过跨链标识来连接这3个相关联的交易,即通过跨链标识建立关联。When the first blockchain, the second blockchain, and the third blockchain are three different blockchains, the three associated transactions may be connected by a cross-chain identifier, that is, by cross-chaining The identity establishes an association.
还有一种可能情况是,记录事件交易的所述第三区块链可能与所述第一区块链,或者与所述第二区块链相同,例如,所述第一区块链交易上记录有:所述数据的密钥信息的交易和所述第一区块链节点为所述第一节点提供数据的密钥信息的事件交易;所述二区块链交易上记录有:所述数据信息的交易和所述第二区块链节点为所述第一节点提供数据信息的事件交易,则针对所述第一节点在所述第一区块链中的两个交易可以通过连接标识建立关联,针对所述第一节点在所述第二区块链中的两个交易也可以通过连接标识建立关联,针对所述第一节点第一区块链和所述第二区块链的这两个区块链中的交易可以通过跨链标识来建立关联。Still another possibility is that the third blockchain recording the event transaction may be the same as the first blockchain or the second blockchain, for example, the first blockchain transaction Recording: an transaction of the key information of the data and an event transaction in which the first blockchain node provides key information for the first node; the two blockchain transaction records: a transaction of data information and an event transaction in which the second blockchain node provides data information for the first node, then two transactions in the first blockchain for the first node may be identified by a connection Establishing an association, two transactions in the second blockchain for the first node may also be associated by a connection identifier, for the first node, the first blockchain and the second blockchain Transactions in these two blockchains can be linked by cross-chain identification.
概括地说,同一个区块链中有相关联交易的用连接标识建立关联,不同区块链中有相关联的交易用跨链标识建立关联。其中,所述连接标识和所述跨链标识可以是两个不同的标识,或者,连接标识和跨链标识也可以是同一个标识,由此可以在同一个区块链和不同的区块链中对有关联的交易建立连接关系。In a nutshell, associated transactions in the same blockchain are associated with a connection identifier, and associated transactions in different blockchains are associated with a cross-chain identity. The connection identifier and the cross-chain identifier may be two different identifiers, or the connection identifier and the cross-chain identifier may be the same identifier, thereby being in the same blockchain and different blockchains. Establish a connection relationship with related transactions.
另外,需要说明的是,本实施例中,所述中继节点可以是一个区块链节点,例如第一区块链节点,进而执行第一区块链节点的方法步骤。所述中继节点还可以是一个边缘设备节点,例如基站Node1(简称N1),用于接收和转发第一节点的相关信息,并将区块链网络中的各种反馈信息发送给第一节点。In addition, it should be noted that, in this embodiment, the relay node may be a blockchain node, such as a first blockchain node, and then perform the method steps of the first blockchain node. The relay node may also be an edge device node, for example, the base station Node1 (N1 for short), for receiving and forwarding related information of the first node, and sending various feedback information in the blockchain network to the first node. .
另外,示例性的,所述第二区块链上的某个节点,例如第二区块链节点,用于存储或记录所述数据信息的节点可以与所述数据源节点是同一个节点,也可以是不同的节点。此外,在所述第一区块链和所述第二区块链是同一个区块链时,所述第一区块链节点和所述第二区块链节点可能是相同节点,也可能是不同的节点。同理地,所述第一区块链节点与所述数据源节点可能是同一个节点,也可能是不同的节点,本申请对此不予限制。In addition, exemplarily, a node on the second blockchain, for example, a second blockchain node, a node for storing or recording the data information may be the same node as the data source node. It can also be a different node. In addition, when the first blockchain and the second blockchain are the same blockchain, the first blockchain node and the second blockchain node may be the same node, or Is a different node. Similarly, the first blockchain node and the data source node may be the same node or different nodes, which is not limited in this application.
示例性的,本申请的方法还包括:Exemplarily, the method of the present application further includes:
第一节点对解密后的数据进行验证,具体包括:The first node verifies the decrypted data, and specifically includes:
所述第一节点获取数据hash,其中,所述第一节点可以从数据信息的提供方第二区块链或第二区块链节点上获得,还可以从数据源节点或其他节点获得。The first node obtains a data hash, wherein the first node may be obtained from a provider second blockchain or a second blockchain node of the data information, and may also be obtained from a data source node or other nodes.
所述数据hash包括:请求访问的数据的哈希hash、数据信息hash、加密数据的地址信息hash、数据的密钥信息hash等。The data hash includes: a hash hash of the data requested to be accessed, a data information hash, an address information hash of the encrypted data, a key information hash of the data, and the like.
所述第一节点根据所述数据hash判断访问的数据是否被篡改。The first node determines whether the accessed data is tampered with according to the data hash.
具体包括:将步骤308中第一节点利用解密得到的数据,根据hash算法获得解密数据的hash;第一节点对比所述数据的hash和所述解密数据的hash,如果两个值一致,则第一节点获得的数据是可信数据,如果两个值不一致,第一节点获得的数据是被篡改的数据。Specifically, the first node in step 308 uses the decrypted data to obtain a hash of the decrypted data according to the hash algorithm; the first node compares the hash of the data with the hash of the decrypted data, and if the two values are consistent, the first The data obtained by one node is trusted data. If the two values are inconsistent, the data obtained by the first node is the data that has been tampered with.
下面对本实施例中的步骤305:所述第一区块链节点将所述数据的密钥信息发送给第一节点之前,所述第一节点获得所述数据的密钥信息做详细地说明。具体过程包括:In the following step 305, in the embodiment, before the first blockchain node sends the key information of the data to the first node, the first node obtains the key information of the data to be described in detail. The specific process includes:
所述第一区块链节点接收来自所述第一节点或中继节点发送的请求消息,所述请求消息中包括第一信息;所述第一信息包括数据标识、第一节点标识或交易索引信息中的任意一项。The first blockchain node receives a request message sent by the first node or a relay node, where the request message includes first information; the first information includes a data identifier, a first node identifier, or a transaction index. Any of the information.
所述第一区块链节点根据所述第一信息中的数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所 述数据的密钥信息。The first blockchain node searches for the first information according to one or more of a data identifier, a first node identifier, a public key of the first node, or transaction index information in the first information. A transaction in which key information of the data is recorded.
具体包括以下任一方式查找所述交易:Specifically, the method includes searching for the transaction in any of the following ways:
第一种方式,根据数据标识查找与所述数据标识相关的交易;或In the first way, the transaction related to the data identification is searched according to the data identifier; or
第二种方式,根据第一节点标识查找与所述第一节点标识相关的交易;或a second manner, searching for a transaction related to the first node identifier according to the first node identifier; or
第三种方式,根据第一节点的公钥查找与所述第一节点标识相关的交易;或In a third mode, the transaction related to the first node identifier is searched according to the public key of the first node; or
第四种方式,根据交易索引信息查找与所述交易索引信息相关的交易,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;或In a fourth manner, the transaction related to the transaction index information is searched according to the transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier; or
第五种方式,根据数据标识、第一节点标识、第一节点的公钥和交易索引信息中的两项或两项以上查找与所述第一节点标识相关的交易;或a fifth manner, searching for a transaction related to the first node identifier according to two or more of a data identifier, a first node identifier, a public key of the first node, and transaction index information; or
第六种方式,在前述五种方式的基础上,增加第一标识的条件,以提高查找的准确性。具体包括:第一区块链节点获得第一标识,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息、连接标识或跨链标识等,根据所述第一信息和所述第一标识确定所述交易。所述第一标识可以预先存储在区块链上,也可以是第一区块链节点从数据源节点获得。In the sixth mode, based on the foregoing five methods, the condition of the first identifier is added to improve the accuracy of the search. Specifically, the first block chain node obtains a first identifier, where the first identifier includes: a first block chain node identifier, a transaction identifier information of the first block chain node, a second block chain node identifier, and a second The transaction identification information, the connection identifier or the cross-chain identification of the blockchain node, and the like, determining the transaction according to the first information and the first identifier. The first identifier may be pre-stored on the blockchain, or the first blockchain node may be obtained from the data source node.
另外,还可以通过其它方式或增加新的信息来查找相关的交易,进而为第一节点提供数据的密钥信息,具体地,所述其它方式本申请不予限制。In addition, the related information may be searched for by other means or by adding new information, thereby providing the first node with key information of the data. Specifically, the other methods are not limited in this application.
本实施例中,第一区块链节点通过第一信息中所包含的数据标识或第一节点标识或交易索引信息,以及第一标识能够快速查找到与这些信息相匹配的第一区块链交易,进而通过交易中记录的信息快速获得所述数据的密钥信息,实现了在区块链上共享信息的快速获取,相比于从数据源节点或数据提供方获取数据的密钥信息,缩短了耗时。In this embodiment, the first blockchain node can quickly find the first blockchain that matches the information by using the data identifier or the first node identifier or the transaction index information included in the first information, and the first identifier. Transaction, and then quickly obtain the key information of the data through the information recorded in the transaction, thereby realizing the rapid acquisition of the shared information on the blockchain, compared to the key information obtained from the data source node or the data provider, Reduced time.
同理地,第一区块链节点或其它节点,例如第二区块链节点或数据源节点查找第一节点所需的数据信息的过程也可以参考前述第一至第六种任一方式查找所述交易,本实施例对此不再赘述。Similarly, the process of searching for the data information required by the first node by the first block chain node or other nodes, such as the second block chain node or the data source node, may also be referred to any of the foregoing first to sixth methods. The transaction is not described in this embodiment.
实施例二Embodiment 2
本实施例提供的一种数据传输方法,该方法可以用于非首次申请访问数据的节点,例如第一节点向区块链网络发起数据访问的过程。该方法也可以在实施例一的基础上执行,即第一节点首次申请访问数据后,本实施例中的第一节点发起对相同数据的访问请求。此外,本方法还可以单独执行,由第一节点向区块链节点发起数据访问请求。This embodiment provides a data transmission method, and the method can be used for a node that does not apply for accessing data for the first time, for example, a process in which the first node initiates data access to the blockchain network. The method may also be performed on the basis of the first embodiment. After the first node applies for accessing data for the first time, the first node in this embodiment initiates an access request for the same data. In addition, the method can also be performed separately, and the first node initiates a data access request to the blockchain node.
本实施例以实施例一中的第一节点首次请求访问数据的方法步骤为基础,对第一节点请求访问相同数据进行详细地说明。This embodiment is based on the method step of the first node requesting access to data for the first time in the first embodiment, and the first node requests access to the same data for detailed description.
首先,根据实施例一的描述,第一区块链用于记录数据的密钥信息。具体地,所述数据的密钥信息已经作为第一区块链的交易,记录在第一区块链中。例如针对第一节点需要访问的数据,其对应的数据的密钥信息已经被作为通过交易记录在第一区块链中。First, according to the description of the first embodiment, the first blockchain is used to record key information of data. Specifically, the key information of the data has been recorded as a transaction of the first blockchain and recorded in the first blockchain. For example, for the data that the first node needs to access, the key information of the corresponding data has been recorded as a through transaction in the first blockchain.
第三区块链可以用于记录节点X为节点Y提供数据信息和/或数据的密钥信息。具体地,将“节点X为节点Y提供数据信息和/或数据的密钥信息”事件作为第三区块链的交易,为了方便理解和区分,所述第三区块链的交易(可称为事件交易),具体地,可以包括以下内容:“节点X为节点Y提供数据信息”,或者,可以是“节点X为节点Y提供密钥信息”,“节点X为节点Y提供数据信息和密钥信息”)。例如针对本实施例,第一节点需要访问的数据,中继节点为第一节点提供数据信息和/或数据的密钥信息作为第三区块链的 交易(又称事件交易)记录在该区块链中。The third blockchain can be used to record key information for node X to provide data information and/or data for node Y. Specifically, the "node X provides the key information of the node Y for the data information and/or the data" event as the transaction of the third blockchain, in order to facilitate understanding and differentiation, the transaction of the third blockchain (may be called Specifically for the event transaction, the following may be included: "Node X provides data information for node Y", or may be "Node X provides key information for node Y", "Node X provides data information for node Y and Key information"). For example, for the embodiment, the first node needs to access the data, and the relay node provides the first node with the data information and/or the key information of the data as the third blockchain transaction (also called event transaction) recorded in the area. In the blockchain.
针对本实施例,例如第一节点需要访问某个数据,所述数据是已经被加密的数据。由此第一节点需要获得所述数据,以及所述数据的密钥。在本实施例中,第一节点通过获得所述数据的数据信息和所述数据的密钥信息,由此根据两个信息最终解密所述加密数据,最终获得所述数据。For the present embodiment, for example, the first node needs to access certain data, which is data that has been encrypted. Thus the first node needs to obtain the data, as well as the key of the data. In this embodiment, the first node obtains the data by finally obtaining the data information of the data and the key information of the data, thereby finally decrypting the encrypted data according to the two pieces of information.
具体地,如图4所示,该方法包括以下步骤:Specifically, as shown in FIG. 4, the method includes the following steps:
步骤401a:将数据的密钥信息作为第一区块链的一个交易,记录在所述第一区块链中。例如,数据源节点将数据的密钥信息记录在第一区块链上。Step 401a: Recording the key information of the data as a transaction of the first blockchain in the first blockchain. For example, the data source node records the key information of the data on the first blockchain.
其中,特别地,针对第一节点需要访问的数据,所述数据的密钥信息为第一节点需要访问的数据的密钥信息,被记录在所述第一区块链中。且所述数据的密钥信息可以是数据源节点利用第一节点的公钥对所述数据密钥(key)进行加密后生成。Specifically, for the data that the first node needs to access, the key information of the data is key information of data that the first node needs to access, and is recorded in the first blockchain. And the key information of the data may be generated by the data source node encrypting the data key (key) by using the public key of the first node.
进一步地,所述数据的密钥信息包括被加密后的数据密钥(key),或者是所述加密后的数据密钥的地址信息。Further, the key information of the data includes an encrypted data key (key) or address information of the encrypted data key.
步骤401b:将数据信息(包括数据或数据的地址信息)以及数据哈希hash记录在第二区块链上,例如,数据源节点将数据或数据相关的地址信息作为一个交易,记录在第二区块链节点上。Step 401b: Record data information (including address information of data or data) and data hash hash on the second blockchain. For example, the data source node records the data or data-related address information as a transaction, and records it in the second. On the blockchain node.
所述数据信息为第一节点请求访问的加密数据,或者是记录该加密数据的地址信息。The data information is encrypted data requested by the first node, or address information of the encrypted data.
所述第二区块链中记录的信息还可以包括以下一项或多项:数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、交易索引信息、第二区块链节点标识、第二区块链节点的交易标识信息、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash、激励、激励响应的hash、产生响应的时间等。The information recorded in the second blockchain may further include one or more of the following: a data identifier, a first node identifier, a device identifier of the first node, a public key of the first node, transaction index information, and a second region. The block chain node identifier, the transaction identifier information of the second block chain node, the data information hash, the address information hash of the encrypted data or the key information hash of the data, the stimulus, the hash of the stimulus response, the time when the response is generated, and the like.
或者,所述第二区块链的交易可以包含以下一项或多项:连接标识,跨链标识,第一节点的标识信息,数据标识、第一节点标识、第一节点的设备标识、第一节点的公钥、交易索引信息、第二区块链节点标识、第二区块链节点的交易标识信息、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash、激励、激励响应的hash、产生响应的时间等。即第二区块链的交易的内容可以包含上述一项或者多项信息Alternatively, the transaction of the second blockchain may include one or more of the following: a connection identifier, a cross-chain identifier, identification information of the first node, a data identifier, a first node identifier, a device identifier of the first node, and a Public key of a node, transaction index information, second block chain node identifier, transaction identification information of the second block chain node, data information hash, address information hash of encrypted data, or key information hash of data, incentive, incentive The hash of the response, the time the response was generated, and so on. That is, the content of the transaction of the second blockchain may contain one or more of the above information.
数据的hash,数据哈希hash,数据hash,在本发明中是同一个意思。可以将三个词统一称为数据的hash。The data hash, the data hash hash, and the data hash are the same meaning in the present invention. The three words can be collectively referred to as the hash of the data.
步骤402:所述第一节点向中继节点发送请求消息。所述请求消息可以用于请求获得某个数据或者该数据信息和/或者请求该数据的密钥信息。Step 402: The first node sends a request message to the relay node. The request message may be used to request access to certain data or the data information and/or key information requesting the data.
所述数据信息可以是加密数据或加密数据的地址信息。The data information may be encrypted data or address information of the encrypted data.
所述数据的密钥信息可以是被加密的数据密钥或存储被加密的数据密钥的地址信息。The key information of the data may be an encrypted data key or address information storing an encrypted data key.
所述请求消息中包括第一信息,所述第一信息包括:第一节点请求访问的数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项。The request message includes first information, where the first information includes one or more of a data identifier, a first node identifier, a first node public key, or transaction index information that the first node requests to access.
示例性的,所述第二请求消息中还可以包括所述第一标识,所述第一标识中包括区块链节点的交易标识信息、区块链节点标识、连接标识或跨链标识等。Exemplarily, the second request message may further include the first identifier, where the first identifier includes transaction identifier information, a blockchain node identifier, a connection identifier, or a cross-chain identifier of the blockchain node.
示例性的,所述中继节点可以是距离所述第一节点最近的节点,并且所述中继节点可以是区块链上的一个节点。Illustratively, the relay node may be the node closest to the first node, and the relay node may be a node on the blockchain.
步骤403a:所述中继节点接收所述请求消息,并根据所述请求消息中携带的所述第一 信息查找与所述第一信息相关的交易,并从所述交易中获得对应的数据的密钥信息。Step 403a: The relay node receives the request message, and searches for a transaction related to the first information according to the first information carried in the request message, and obtains corresponding data from the transaction. Key information.
具体地,所述中继节点查找相关交易和获取数据的密钥信息的过程可以参考实施例一中步骤305的具体描述。Specifically, the process of the relay node searching for the related transaction and the key information of the obtained data may refer to the specific description of step 305 in the first embodiment.
示例性的,所述中继节点根据所述第一信息查找是否有与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;如果有,则从所述交易中获得所述数据的密钥信息;如果没有,则拒绝访问。Exemplarily, the relay node searches, according to the first information, whether there is a transaction related to the first information, where the key information of the data is recorded; if yes, from the transaction The key information of the data is obtained; if not, the access is denied.
进一步地,所述中继节点从所述交易中获得所述数据的密钥信息,包括:所述中继节点向所述第一区块链节点发送所述请求消息,所述第一区块链节点接收根据所述请求消息反馈的所述数据的密钥信息。Further, the relay node obtains the key information of the data from the transaction, including: the relay node sends the request message to the first blockchain node, the first block The chain node receives key information of the data fed back according to the request message.
示例性的,所述中继节点还可以根所述据第一标识和所述第一信息共同查找获得所述数据信息和数据的密钥信息,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识等。Exemplarily, the relay node may further search for the key information of the data information and the data according to the first identifier and the first information, where the first identifier includes: a first blockchain The node identifier, the transaction identifier information of the first blockchain node, the second blockchain node identifier, the transaction identifier information of the second blockchain node, or the cross-chain identifier.
步骤403b:中继节点判断第一节点是否具有访问权限。Step 403b: The relay node determines whether the first node has access rights.
具体地,判断第一节点是否具有访问数据的权限,包括:判断在区块链上是否有与第一节点请求的第一信息相关的交易,即判断所述第一节点是否获取到对应的数据的密钥信息,如果有相关交易,或获取到数据的密钥信息,则表示第一节点具有访问权限;否则,不具备访问权限。Specifically, determining whether the first node has the right to access the data includes: determining whether there is a transaction related to the first information requested by the first node on the blockchain, that is, determining whether the first node acquires the corresponding data. The key information, if there is a related transaction, or obtains the key information of the data, indicates that the first node has access rights; otherwise, it does not have access rights.
还包括:所述中继节点在判断第一节点不具备访问权限的情形下,向第一节点反馈消息,所述消息用于通知第一节点获取数据失败,或者所述消息中包括第一节点没有权限访问该数据的内容。The method further includes: the relay node, when determining that the first node does not have the access right, feeding back a message to the first node, where the message is used to notify the first node that the data acquisition fails, or the message includes the first node There is no permission to access the content of this data.
此外,还可以通过其它方式判断,例如通过数据源节点给出第一节点是否具有访问权限。In addition, it can also be judged by other means, for example, whether the first node has access rights by the data source node.
步骤404a:如果具有访问权限,则所述中继节点可以为第一节点提供数据信息,具体地,提供所述数据信息时判断在第一节点本地是否存储有所述数据信息。Step 404a: If there is access authority, the relay node may provide data information for the first node. Specifically, when the data information is provided, it is determined whether the data information is stored locally at the first node.
步骤405a:如果存储,则直接将所述数据信息发送给第一节点。Step 405a: If stored, directly send the data information to the first node.
步骤405b:如果所述第一节点未存储有所述数据信息,则所述中继节点可以从其它节点处获取所述数据信息。Step 405b: If the first node does not store the data information, the relay node may acquire the data information from other nodes.
示例性的,所述中继节点向所述第二区块链节点发送所述请求消息,所述第二区块链节点根据所述请求消息中携带的第一信息确定与第一信息相关的数据信息,并将所述数据信息发送给中继节点。Illustratively, the relay node sends the request message to the second blockchain node, and the second block chain node determines, according to the first information carried in the request message, the first information. Data information and send the data information to the relay node.
示例性的,步骤405b中,所述第一节点还可以从所述数据源节点或所述第一区块链或邻近的其它中继节点中获得所述数据信息。Exemplarily, in step 405b, the first node may further obtain the data information from the data source node or the first blockchain or other neighboring relay nodes.
示例性的,所述中继节点向所述数据源节点发送所述请求消息,所述数据源节点根据所述请求消息中携带的第一信息确定所述相关的数据信息,并将所述数据信息发送给所述中继节点。Exemplarily, the relay node sends the request message to the data source node, where the data source node determines the related data information according to the first information carried in the request message, and the data is Information is sent to the relay node.
步骤406:中继节点向所述第一节点发送的数据信息和数据的密钥信息。Step 406: The data information sent by the relay node to the first node and the key information of the data.
步骤407:第一节点根据所述数据信息获得加密数据,并利用第一节点的私钥对所述获取的数据的密钥信息进行解密得到密钥(key),再利用该密钥对所述加密数据进行解密得到访问数据。Step 407: The first node obtains the encrypted data according to the data information, and decrypts the key information of the acquired data by using a private key of the first node to obtain a key, and then uses the key pair to Encrypted data is decrypted to obtain access data.
其中,所述第一节点利用数据信息得到加密数据,和利用所述数据的密钥信息得到密钥,以及解密得到数据的过程与实施例一相同,可参考实施例一的步骤306和步骤308,本实施例不再赘述。The process in which the first node obtains the encrypted data by using the data information, and obtains the key by using the key information of the data, and decrypts the obtained data is the same as that in the first embodiment, and may refer to step 306 and step 308 of the first embodiment. This embodiment will not be described again.
本实施例提供的方法,利用区块链的数据共识机制,对于非首次访问的节点,例如第一节点可以从距离较近的边缘设备,例如中继节点直接获得数据信息和数据的密钥信息,从而可以避免第一节点从距离较远的数据源节点获取这些信息,导致传输时延较长,同时也可以避免数据在核心网或中继节点之间的重复发送。The method provided in this embodiment utilizes a data consensus mechanism of a blockchain. For a node that is not first accessed, for example, the first node may directly obtain key information of data information and data from an edge device that is closer to the distance, such as a relay node. Therefore, the first node can be prevented from obtaining the information from the data source node that is far away, resulting in a long transmission delay, and can also avoid repeated transmission of data between the core network or the relay node.
此外,所述中继节点根据来自所述第一节点的请求消息,验证所述第一节点是否具备访问权限,并根据验证结果下发与该请求消息相关的交易,例如数据的密钥信息,并对不具备权限的节点拒绝其访问请求,进而在提高传输效率的同时还保证了数据提供方的权益。In addition, the relay node verifies whether the first node has access rights according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result. The node that does not have permission is denied access request, which improves the transmission efficiency and guarantees the rights of the data provider.
另外,需要说明的是,所述中继节点可以与所述第一区块链节点相同,也可以不相同,所述中继节点可以是某一边缘设备,例如基站。In addition, it should be noted that the relay node may be the same as or different from the first blockchain node, and the relay node may be an edge device, such as a base station.
示例性的,本实施例所述的方法还包括:Exemplarily, the method described in this embodiment further includes:
步骤408:第一节点将“中继节点为第一节点提供数据信息和所述数据的密钥信息”作为区块链的交易(可称为事件交易),记录在区块链上。具体地,“记录在区块链上”,所述区块链可以第一区块链或者第三区块链,或者一个新的区块链。Step 408: The first node records, as a block transaction, a "relay node providing data information of the first node and key information of the data" as a blockchain, which is recorded on the blockchain. Specifically, "recorded on a blockchain", the blockchain may be a first blockchain or a third blockchain, or a new blockchain.
所述事件交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、交易索引信息、第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash等。The event transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first blockchain node. Transaction identification information, second blockchain node identifier, transaction identification information of the second block chain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or data key information Hash and so on.
根据上面所述,对于涉及本实施例中的3个交易以及与各区块链之间的关系进行说明和区分,具体如下:According to the above, the description and distinction between the three transactions involved in the embodiment and the relationship between the blockchains are as follows:
第一区块链:记录数据的密钥信息的交易;First blockchain: a transaction that records key information of data;
第二区块链:记录数据信息的交易;Second blockchain: a transaction that records data information;
第三区块链:记录事件交易,包括:记录第一区块链节点为第一节点提供数据的密钥信息,第二区块链节点为第一节点提供数据信息(实施例一),以及,本实施例中的中继节点为第一节点提供数据信息和所述数据的密钥信息。The third blockchain: recording event transactions, including: recording key information of the first blockchain node providing data for the first node, and the second blockchain node providing data information for the first node (Embodiment 1), and The relay node in this embodiment provides the first node with data information and key information of the data.
其中,各个区块链和记录的交易之间的关系是:Among them, the relationship between each blockchain and the recorded transaction is:
如果第一区块链、第二区块链和第三区块链是同一个区块链,即这3种交易都记录在同一个区块链上时,则这些区块链上的各种交易可以通过连接标识来连接。如果这三个区块链是各个不同的区块链时,则可以通过跨链标识来连接这3个相关联的交易。If the first blockchain, the second blockchain, and the third blockchain are the same blockchain, that is, all three transactions are recorded on the same blockchain, then the various blocks on the blockchain Transactions can be connected by a connection identifier. If the three blockchains are different blockchains, then the three associated transactions can be connected by a cross-chain identity.
进一步地,所述第一区块链的交易用于记录数据的密钥信息,以保证数据的安全和接入权限。第一区块链的交易中记录了包括:数据标识,设备标识,数据密钥信息,数据hash等信息。Further, the transaction of the first blockchain is used to record key information of the data to ensure data security and access rights. The transaction of the first blockchain includes information such as: data identification, device identification, data key information, data hash, and the like.
第二区块链用于记录数信息,保证数据交易可追溯;第二区块链的交易中记录了包括:数据标识,设备标识,第一区块链的交易等信息。The second blockchain is used to record the number information to ensure traceability of the data transaction; the second blockchain transaction records information including: data identification, device identification, and transaction of the first blockchain.
第三区块链用于为第一节点和第一节点提供数据信息和/或数据的密钥信息。第三区块链的交易中记录了包括:数据标识,设备标识,数据地址,数据hash,第一区块链的交易标识信息,第二区块链的交易标识信息等。The third blockchain is used to provide key information for the first node and the first node with data information and/or data. The transaction of the third blockchain includes: data identification, device identification, data address, data hash, transaction identification information of the first blockchain, and transaction identification information of the second blockchain.
此外,还可以将“中继节点为第一节点提供数据信息和所述数据的密钥信息”的事件交易分别记录在第一区块链和第二区块链上,例如,将中继节点为第一节点提供数据的密钥信息的事件交易记录在第一区块链上,将中继节点为第一节点提供数据信息的事件交易记录在所述第二区块链上。In addition, an event transaction in which the “relay node provides the first node with the data information and the key information of the data” may also be recorded on the first blockchain and the second blockchain respectively, for example, the relay node An event transaction for providing key information of the data for the first node is recorded on the first blockchain, and an event transaction for providing the relay node with the data information for the first node is recorded on the second blockchain.
本实施例中,中继节点根据来自第一节点的请求消息获得数据信息和/或数据的密钥信息的过程,具体可以通过下面的方式实现:In this embodiment, the process of obtaining the key information of the data information and/or the data according to the request message from the first node is specifically implemented in the following manner:
方式一:中继节点根据所述第一信息,到第一区块链中读取是否有所述数据的密钥信息,所述数据的密钥信息是所述第一节点需要访问的数据的数据密钥信息;Manner 1: The relay node reads, according to the first information, the key information of the data in the first blockchain, where the key information of the data is data that the first node needs to access. Data key information;
如果中继节点获得所述数据密钥信息,则第一节点具有访问所述数据的权限,由此中继节点将所述数据信息和所述数据的密钥信息发送给第一节点。If the relay node obtains the data key information, the first node has the right to access the data, whereby the relay node transmits the data information and the key information of the data to the first node.
如果中继节点未能够从第一区块链中获得所述数据的密钥信息,则确定第一节点不具有访问权限,中继节点不会为第一节点提供所述数据。进一步地,当中继节点未能够从第一区块链中获得所述数据密钥信息时,方法还包括:中继节点可以向第一节点发送消息通知第一节点请求数据失败,或者通知第一节点没有访问所述数据的权限,或者通知拒绝为第一节点提供数据。If the relay node is not able to obtain the key information of the data from the first blockchain, it is determined that the first node does not have access rights, and the relay node does not provide the data for the first node. Further, when the relay node is not able to obtain the data key information from the first blockchain, the method further includes: the relay node may send a message to the first node to notify the first node to request data failure, or notify the first The node does not have access to the data, or the notification denies providing data to the first node.
方式二:中继节点根据所述第一信息向第一区块链节点发送请求消息,用于请求所述数据密钥信息,所述数据密钥信息是所述第一节点需要访问的数据所对应的密钥信息。Manner 2: The relay node sends a request message to the first blockchain node according to the first information, and is used to request the data key information, where the data key information is a data that the first node needs to access. Corresponding key information.
如果第一区块链节点向中继节点反馈的消息中包含了所述数据的密钥信息,则表明出第一节点具有访问数据的权限,然后,中继节点为第一节点提供数据信息和所述数据的密钥信息,例如中继节点向第一节点发送数据信息和数据的密钥信息。If the message fed back to the relay node by the first blockchain node includes the key information of the data, it indicates that the first node has the right to access the data, and then the relay node provides the first node with the data information and The key information of the data, for example, the relay node sends the data information and the key information of the data to the first node.
如果第一区块链节点向中继站反馈的消息中未包含所述数据的密钥信息,或者,反馈查找失败、无访问权限等内容的消息时,则表示第一节点不具有访问权限,不能获取数据信息。然后,所述方法还包括:中继节点向第一节点发送反馈消息,所述反馈消息用于通知第一节点数据请求失败,或者没有访问所述数据的权限,或者拒绝访问等信息。If the message that the first blockchain node feeds back to the relay station does not include the key information of the data, or feeds back a message that fails to find content such as access rights, the first node does not have access rights and cannot obtain the message. Data information. Then, the method further includes: the relay node sends a feedback message to the first node, where the feedback message is used to notify the first node that the data request fails, or does not have access to the data, or denies access and the like.
需要说明的是,本申请各个实施例中的“第一节点”与实施例一中“第一节点”可以是相同的节点,也可以是不同的节点,为了对应本申请的各个可能的技术方案,此处以“第一节点”为例,可以理解地,还可以以“第二节点”或“第三节点”等命名,本申请对此不进行限制。It should be noted that the “first node” in the various embodiments of the present application may be the same node or the different node in the first embodiment, in order to correspond to various possible technical solutions of the present application. For example, the "first node" is used as an example. It can be understood that the second node or the third node may be named. This application does not limit this.
实施例三Embodiment 3
本实施例还提供一种数据传输方法,参见图5,该方法包括三部分流程,分别是A部分、B部分和C部分,其中,A部分方法描述第一节点(U1)请求访问数据的过程、B部分方法描述第二节点(U2)请求访问数据的过程、C部分方法描述第三节点(U3)请求访问数据的过程。The embodiment further provides a data transmission method. Referring to FIG. 5, the method includes a three-part process, namely, an A part, a B part, and a C part, wherein the A part method describes a process in which the first node (U1) requests access to data. The Part B method describes the process by which the second node (U2) requests access to the data, and the Part C method describes the process by which the third node (U3) requests access to the data.
其中,这三部分方法流程之间可以各自独立执行,或者两两组合,例如A部分与B部分组合、B部分与C部分组合,还可以是A部分、B部分和C部分组合,本申请对此不予限制。Wherein, the three parts of the method flow can be independently executed, or a combination of two or two, for example, the combination of the A part and the B part, the combination of the B part and the C part, or the combination of the A part, the B part and the C part. This is not limited.
下面对本实施例中的各个部分流程的方法步骤进行说明和介绍。The method steps of each part of the flow in this embodiment are described and introduced below.
A部分流程Part A process
A部分的方法流程描述了第一节点U1请求访问数据的过程。The method flow of Part A describes the process by which the first node U1 requests access to data.
具体地,如图5所示,包括:Specifically, as shown in FIG. 5, it includes:
步骤A1:数据源节点(例如数据提供方)将数据的信息作为一个交易(Transaction)记录在第一区块链上。Step A1: The data source node (for example, the data provider) records the information of the data as a transaction on the first blockchain.
所述数据的密钥信息可以是加密后的数据密钥(key),或者数据密钥存放的地址信息等;具体地,所述数据的密钥信息是加密后的数据密钥(key):例如利用访问所述数据的设备的公钥(例如节点U1的公钥)加密所述数据的密钥(key)生成数据的密钥信息,并且将该数据的密钥信息作为一个交易记录在第一区块链上。The key information of the data may be an encrypted data key (key), or address information stored by the data key, etc.; specifically, the key information of the data is an encrypted data key (key): For example, the key of the data is encrypted by using a public key of the device accessing the data (for example, the public key of the node U1), and the key information of the data is recorded as a transaction. On a blockchain.
步骤A2:节点U1发送请求消息给节点N1,所述请求消息用于请求访问数据。Step A2: The node U1 sends a request message to the node N1, and the request message is used to request access to the data.
所述请求消息中包含以下至少一项:数据标识(Data ID),节点U1标识(或称第一节点的设备标识),节点U1的公钥或交易索引信息,另外,还可以包括第一区块链的标识等。The request message includes at least one of the following: a data identifier (Data ID), a node U1 identifier (or a device identifier of the first node), a public key of the node U1 or transaction index information, and may further include a first area. The identification of the blockchain, etc.
步骤A3:节点N1(例如站点Node1)收到节点U1发送请求消息,并根据所述请求消息,中携带的内容,获得节点U1请求访问的数据所对应的数据的密钥信息。Step A3: The node N1 (for example, the node Node1) receives the node U1 to send a request message, and obtains the key information of the data corresponding to the data requested by the node U1 according to the content carried in the request message.
一种可能实现方式是,节点N1根据所述请求消息中的数据标识和节点U1标识,在第一区块链中查找有关所述数据标识与所述节点U1标识的交易(transaction),如果有对应的交易记录,则从第一区块链中获得所述对应的数据的密钥信息。A possible implementation manner is that the node N1 searches for a transaction (the transaction) related to the identifier of the data and the identifier of the node U1 in the first blockchain according to the data identifier and the identifier of the node U1 in the request message, if any Corresponding transaction records, the key information of the corresponding data is obtained from the first blockchain.
其中,还包括:节点N1判断区块链中是否记录有节点U1请求访问数据所对应的数据的密钥信息,如果存在有交易记录所述数据的密钥信息,则表明节点U1具有访问权限;否则,不具有访问数据的权限。The method further includes: determining, by the node N1, whether key information of the data corresponding to the data requested by the node U1 to access the data is recorded in the blockchain, and if there is key information of the data recorded by the transaction, indicating that the node U1 has the access right; Otherwise, there is no permission to access the data.
另外,还可以根据请求消息中的其他信息,例如交易索引信息查找节点U1的数据的密钥信息,具体过程可参见实施例一和实施例二中的描述,此处不再详细赘述。In addition, the key information of the data of the node U1 may be searched according to other information in the request message, for example, the transaction index information. For details, refer to the description in the first embodiment and the second embodiment, and details are not described herein again.
步骤A4:节点N1获得来自第一区块链的所述数据的密钥信息。Step A4: The node N1 obtains key information of the data from the first blockchain.
步骤A5:节点N1接收到节点U1发送请求消息后,发送该数据请求消息给第二区块链或第二区块链节点。Step A5: After receiving the request message sent by the node U1, the node N1 sends the data request message to the second blockchain or the second blockchain node.
其中,所述数据请求消息例如可以包括:数据标识,节点U1标识,节点U1的公钥、交易索引信息或第一区块链标识中的一项或多项。The data request message may include, for example, one or more of a data identifier, a node U1 identifier, a public key of the node U1, transaction index information, or a first blockchain identifier.
具体可以参考其他实施例的请求消息。For details, refer to the request messages of other embodiments.
步骤A6:第二区块链节点接收来自节点N1的请求消息之后,对节点U1的访问权限进行验证,并将节点U1请求访问的数据发送给节点N1。Step A6: After receiving the request message from the node N1, the second blockchain node verifies the access authority of the node U1, and sends the data requested by the node U1 to the node N1.
示例性的,一种访问权限的验证方法是:判断节点N1或第一区块链是否有交易,记录了与所述节点U1的数据标识或设备标识相关,即判断区块链上是否存在节点U1所需的数据的密钥信息。如果存在交易,或者节点N1获取数据的密钥信息,则表明所述节点U1具有访问权限;否则,不具备访问权限。Exemplarily, the method for verifying the access authority is: determining whether the node N1 or the first block chain has a transaction, and recording the data identifier or the device identifier of the node U1, that is, determining whether there is a node on the blockchain. The key information of the data required by U1. If there is a transaction, or the node N1 obtains the key information of the data, it indicates that the node U1 has the access right; otherwise, it does not have the access right.
其中,所述数据为数据信息,所述数据信息包括加密数据或存储该加密数据的地址信息。The data is data information, and the data information includes encrypted data or address information storing the encrypted data.
步骤A7:节点N1将所述数据信息和所述数据的密钥信息发送给节点U1。Step A7: The node N1 transmits the data information and the key information of the data to the node U1.
步骤A8:节点U1接收来自节点N1的数据信息和数据的密钥信息,通过所述数据的密钥信息获得访问所述数据的密钥(key),再利用该密钥解密被加密的数据,访问所述数据。Step A8: The node U1 receives the key information of the data information and the data from the node N1, obtains a key (key) for accessing the data through the key information of the data, and decrypts the encrypted data by using the key. Access the data.
B部分流程Part B process
在B部分流程中描述节点U2向区块链请求访问数据的过程,该过程中向节点U2提供数据信息和数据的密钥信息可以来自于同一个节点。The process of requesting access to data by the node U2 to the blockchain is described in the process of Part B. The key information for providing data information and data to the node U2 in the process may be from the same node.
具体地,流程包括:Specifically, the process includes:
步骤B1:数据源节点将数据的密钥信息记录在第一区块链上,所述数据的密钥信息为利用节点U2的公钥对节点U2请求访问的数据密钥进行加密后生成。Step B1: The data source node records the key information of the data on the first blockchain, and the key information of the data is generated by encrypting the data key requested by the node U2 by using the public key of the node U2.
步骤B2:节点U2向节点N1发送请求消息,所述请求消息中包括:数据标识、节点U2的公钥、节点U2标识(节点U2ID)或交易索引信息中的一项或多项。Step B2: The node U2 sends a request message to the node N1, where the request message includes one or more of a data identifier, a public key of the node U2, a node U2 identifier (node U2ID), or transaction index information.
步骤B3:节点N1收到请求消息后,根据请求消息中携带的数据标识判断在节点N1上存储有节点U2请求访问的数据。Step B3: After receiving the request message, the node N1 determines, according to the data identifier carried in the request message, that the data requested by the node U2 is stored on the node N1.
具体地,节点N1接收来自节点U2的请求消息之后,判断节点U2是否具备数据访问权限,具体地,一种实现方式是:节点N1判断是否能够够获取到节点U2所需的数据的密钥信息,如果是,则节点U2具备访问权限;否则,不具备访问权限。Specifically, after receiving the request message from the node U2, the node N1 determines whether the node U2 has the data access authority. Specifically, the implementation manner is: the node N1 determines whether the key information of the data required by the node U2 can be obtained. If yes, node U2 has access rights; otherwise, it does not have access rights.
在判断出所述节点U2具有访问权限时,节点N1进一步判断本地是否存储有节点U2所需的数据信息;如果存储有所述数据信息,则可以直接将该数据信息提供给节点U2;如果未存储,则可以先从其它节点获取数据信息,再将该数据信息发送给节点U2。When it is determined that the node U2 has the access right, the node N1 further determines whether the data information required by the node U2 is stored locally; if the data information is stored, the data information may be directly provided to the node U2; For storage, data information can be obtained from other nodes first, and then the data information is sent to node U2.
另外,节点N1根据所述请求消息,查询相关交易,并获得所述数据的加密后的数据的密钥信息。具体地,节点N1根据所述请求消息中的内容,在第一区块链中查找有关交易,所述交易中记录有所述数据的密钥信息。In addition, the node N1 queries the related transaction according to the request message, and obtains key information of the encrypted data of the data. Specifically, the node N1 searches for a related transaction in the first blockchain according to the content in the request message, and the key information of the data is recorded in the transaction.
步骤B4:节点N1从第一区块链中获得所述数据的密钥信息。Step B4: The node N1 obtains key information of the data from the first blockchain.
步骤B5和B6:节点N1将所述数据信息和所述数据的密钥信息发送给节点U2。Steps B5 and B6: The node N1 transmits the data information and the key information of the data to the node U2.
步骤B7:节点U2通过所述数据的密钥信息获得访问所述数据的数据密钥(key),并根据数据密钥key解密被加密的数据得到访问数据。Step B7: The node U2 obtains a data key (key) accessing the data by using the key information of the data, and decrypts the encrypted data according to the data key key to obtain the access data.
步骤B8:节点N1将为节点U2提供数据信息和数据密钥信息作为一个交易,记录在第三区块链上。Step B8: Node N1 will provide data information and data key information for node U2 as a transaction, which is recorded on the third blockchain.
C部分流程Part C process
在C部分流程中描述节点U3向区块链请求访问数据的过程,该过程中向节点U3提供数据信息和数据的密钥信息可以来自于不同的节点。The process of requesting access to data by the node U3 to the blockchain is described in the C-part process, in which key information for providing data information and data to the node U3 may come from different nodes.
具体地,流程包括:Specifically, the process includes:
步骤C1:数据源节点将数据的密钥信息记录在第一区块链上,所述数据的密钥信息为利用节点U3的公钥对节点U3请求访问的数据密钥进行加密后生成。Step C1: The data source node records the key information of the data on the first blockchain, and the key information of the data is generated by encrypting the data key requested by the node U3 by using the public key of the node U3.
步骤B2:节点U2向节点U2发送请求消息,所述请求消息中包括:数据标识、节点U3的公钥、节点U3标识(节点U3ID)或交易索引信息中的一项或多项。Step B2: The node U2 sends a request message to the node U2, where the request message includes one or more of a data identifier, a public key of the node U3, a node U3 identifier (node U3ID), or transaction index information.
示例性的,所述节点U2是距离节点U3较近的一个节点。Illustratively, the node U2 is a node that is closer to the node U3.
步骤C2:节点U2接收节点U3发送的请求消息,并向节点U3提供对应的数据信息。Step C2: The node U2 receives the request message sent by the node U3, and provides the corresponding data information to the node U3.
具体地,节点U2向节点U3提供数据信息的过程与B部分流程中的步骤B2至步骤B5相同,可以参考B部分流程中的具体步骤,不详细赘述。Specifically, the process of the node U2 providing the data information to the node U3 is the same as the step B2 to the step B5 in the process of the B part, and may refer to the specific steps in the process of the B part, and details are not described in detail.
步骤C3:节点U3从节点N1获得数据密钥信息。Step C3: Node U3 obtains data key information from node N1.
具体地,一种可能的实现方式是,节点U3发送请求消息给节点N1,所述请求消息用 于请求数据的密钥信息。节点N1根据所述请求消息,在第一区块链中查找有关数据标识和节点U3设备标识的交易,并从交易的记录中获得所述数据的密钥信息,节点N1将所述数据的密钥信息发送给节点U3。Specifically, a possible implementation manner is that the node U3 sends a request message to the node N1, and the request message is used for requesting key information of the data. The node N1 searches for a transaction related to the data identifier and the node U3 device identifier in the first blockchain according to the request message, and obtains key information of the data from the record of the transaction, and the node N1 densifies the data. The key information is sent to node U3.
示例性的,具体地过程还可以参考B部分流程的步骤2至步骤5。For example, the process may also refer to step 2 to step 5 of the part B process.
步骤C4:节点U3接收来自节点U2的数据信息,和来自节点N1的数据的密钥信息,并通过所述数据的密钥信息获得访问所述数据的数据密钥(key),并根据数据密钥key解密被加密的数据得到访问数据。Step C4: The node U3 receives the data information from the node U2, and the key information of the data from the node N1, and obtains a data key (key) for accessing the data through the key information of the data, and according to the data key The key key decrypts the encrypted data to obtain the access data.
步骤C5:节点U2将为节点U3提供数据信息作为一个交易,记录在第三区块链上。Step C5: Node U2 will provide data information for node U3 as a transaction, recorded on the third blockchain.
步骤C6:节点N1将为节点U3提供数据的密钥信息作为一个交易,记录在第三区块链上。Step C6: The node N1 records the key information of the data for the node U3 as a transaction and records it on the third blockchain.
其中,所述第三区块链的交易中记录了包括:第三节点请求访问的数据标识,第三节点标识,第三节点的公钥,第三节点请求访问数据的数据地址/地址信息,数据/地址信息hash,交易索引信息,第一区块链的交易标识信息,连接标识或跨链标识等。The transaction in the third blockchain records: a data identifier requested by the third node, a third node identifier, a public key of the third node, and a data address/address information of the third node requesting access to the data, Data/address information hash, transaction index information, transaction identification information of the first blockchain, connection identifier or cross-chain identification.
本实施例提供的方法,网络中的一个节点例如节点U2访问并存储了数据信息后,当与其相邻的其它节点,例如节点U3再次请求访问相同的数据时,节点U2可以直接向节点U3提供数据或数据信息,从而避免节点U3从距离较远的数据源节点请求数据,以及节省了数据在核心网或多个网络设备之间的重复传输时间和负载,提高了传输效率。The method provided in this embodiment, after a node in the network, for example, the node U2 accesses and stores the data information, when another node adjacent thereto, for example, the node U3 requests to access the same data again, the node U2 can directly provide the node U3. Data or data information, thereby preventing node U3 from requesting data from a remote data source node, and saving repeated transmission time and load of data between the core network or multiple network devices, thereby improving transmission efficiency.
此外,利用请求节点的设备公钥对数据密钥进行加密,可以避免其他节点访问和读取传输中的数据,进一步地保证了数据传输的安全性,并且仅在数据源节点或区块链中记录有交易的情况下,才下发允许访问权限,因此在提高传输效率的同时还保证了数据源节点的权益。In addition, by encrypting the data key by using the device public key of the requesting node, other nodes can be prevented from accessing and reading the data in the transmission, thereby further ensuring the security of data transmission, and only in the data source node or the blockchain. When the transaction is recorded, the permission permission is issued, so the transmission efficiency is improved and the rights of the data source node are guaranteed.
概况以上A至C三个部分方法流程,其中,A部分流程中U1首次向区块链网络发起数据访问请求,第一区块链节点根据节点U1发送的请求消息为其查找并提供对应的数据的密钥信息,同样,第二区块链节点为第一节点提供与数据相关的数据信息,并且将所述数据信息发送给节点U1,其中,与第一节点距离较近的中继节点N1保存该数据信息。In the above three parts of the method flow from A to C, in the part A process, U1 first initiates a data access request to the blockchain network, and the first block chain node searches for and provides corresponding data according to the request message sent by the node U1. Key information, likewise, the second block chain node provides data information related to the data for the first node, and sends the data information to the node U1, wherein the relay node N1 is closer to the first node Save the data information.
B部分流程中,节点U2向区块链网络发起数据访问请求,如果在中继节点N1上存储有相关的数据信息,且该节点U2具有数据访问权限时,中继节点可以将存储的数据信息和通过第一区块链交易获得的数据的密钥信息一起提供给节点U2,即节点U2请求的数据信息和数据的密钥信息均来自同一个节点N1,进而提高了传输的效率、减小延迟。In the part B process, the node U2 initiates a data access request to the blockchain network. If the related data information is stored on the relay node N1, and the node U2 has the data access right, the relay node may store the stored data information. The key information of the data obtained by the first blockchain transaction is provided to the node U2, that is, the data information requested by the node U2 and the key information of the data are all from the same node N1, thereby improving the transmission efficiency and reducing. delay.
其中,在中继节点N1向节点U2提供数据信息之前,还根据区块链上记录的数据的密钥信息对节点U2的身份进行了验证,对于不具备访问权限的节点,拒绝其访问请求,进而在减小传输延迟的同时还保证了数据源提供方的利益。Before the relay node N1 provides the data information to the node U2, the identity of the node U2 is verified according to the key information of the data recorded on the blockchain, and the access request is rejected for the node that does not have the access right. In addition, the transmission delay is reduced while ensuring the benefit of the data source provider.
C部分流程中,节点U3向区块链网络发起数据访问请求,该请求的消息由距离位置较近的节点U2接收,由于节点U2记录并存储了数据信息,所以可以在验证节点U3具有访问权限的情况下,下发对应的数据信息,以及通知第一区块链节点为节点U3提供对应的数据的密钥信息。In the part C process, the node U3 initiates a data access request to the blockchain network, and the requested message is received by the node U2 that is closer to the location. Since the node U2 records and stores the data information, the node U3 can have access rights on the verification node U3. In the case of the data, the corresponding data information is sent, and the first blockchain node is notified to provide the key information of the corresponding data for the node U3.
其中,C部分流程中,节点U3获得的数据信息来自节点U2,数据的密钥信息来自第一区块链或第一区块链节点,实现了不同节点的信息提供。In the C part process, the data information obtained by the node U3 is from the node U2, and the key information of the data is from the first blockchain or the first blockchain node, and the information of different nodes is provided.
另外,需要说明的是,本申请的各个实施例中仅涉及了三个区块链,分别是第一区块 链:用于记录数据的密钥信息的交易;第二区块链:用于记录数据信息的交易,和第三区块链:用于记录事件交易,可以理解地,还可以包括更多或更少的区块链,以记录网络中的各个交易,并通过连接标识或跨链标识关联各个交易,本申请对区块链的数量,以及各个区块链记录的交易内容不做具体限定。In addition, it should be noted that, in the various embodiments of the present application, only three blockchains are involved, namely, a first blockchain: a transaction for key information for recording data; and a second blockchain: for A transaction that records data information, and a third blockchain: used to record event transactions, and understandably, more or fewer blockchains can be included to record individual transactions in the network and identify or cross-connect through the connection The chain identification is associated with each transaction. This application does not specifically limit the number of blockchains and the transaction content of each blockchain record.
另外,需要说明的是本申请根据上述A至C三个部分不同组合,还可以包括更多的实施例,例如,A部分流程与B部分流程组合成一个实施例,或者A部分流程与C部分流程的组合,或者B部分流程与C部分流程的组合,本申请在此不逐一举例。In addition, it should be noted that the present application may include more embodiments according to the different combinations of the above three parts A to C, for example, the part A process and the part B process are combined into one embodiment, or the part A process and the C part. The combination of the processes, or the combination of the B-part process and the C-part process, is not exemplified herein.
实施例四Embodiment 4
在一个具体的实施例中,如图6所示,在一个传输系统中包括:终端设备,接入节点,所述接入节点可以是中继节点、接入设备或移动边缘计算(Mobile Edge Computing,MEC)设备,至少一个区块链,进而数据源节点,例如节点D。In a specific embodiment, as shown in FIG. 6, a transmission system includes: a terminal device, an access node, and the access node may be a relay node, an access device, or a mobile edge computing (Mobile Edge Computing). , MEC) device, at least one blockchain, and thus a data source node, such as node D.
本实施例提供一种数据访问权限控制方法,所述方法包括:This embodiment provides a data access authority control method, where the method includes:
步骤601:数据源节点将需要提供的加密数据存储在接入节点中。Step 601: The data source node stores the encrypted data that needs to be provided in the access node.
步骤602:终端设备在需要获取业务或数据时,发起与数据提供方交互流程以获得数据访问的权限。数据提供方和终端设备交互,使得终端设备获得该数据的访问权限。Step 602: The terminal device initiates a process of interacting with the data provider to obtain data access rights when the service or data needs to be acquired. The data provider interacts with the terminal device to enable the terminal device to gain access to the data.
步骤603A:数据提供方将所述终端设备的访问控制权限记录在第一区块链上。所述访问控制权限可以表现为密钥信息。Step 603A: The data provider records the access control authority of the terminal device on the first blockchain. The access control authority may be represented as key information.
具体地,由于在步骤602数据提供方和终端设备交互,使得终端设备获得该数据的访问权限。由此数据提供方利用终端设备的公钥将加密数据的密钥(key)进行加密,被加密的key作为密钥信息第一区块链的信息被记录在第一区块链上。Specifically, since the data provider interacts with the terminal device in step 602, the terminal device obtains access rights to the data. Thereby, the data provider encrypts the key of the encrypted data by using the public key of the terminal device, and the encrypted key is recorded as the information of the first blockchain of the key information on the first blockchain.
所述密钥信息包括:被加密的key,被加密的key的hash,密钥The key information includes: an encrypted key, a hash of the encrypted key, and a key
步骤603B:数据提供将所述终端设备的数据信息在第二区块链上。Step 603B: The data provides that the data information of the terminal device is on the second blockchain.
所述数据信息包括以下至少一项:数据的hash,加密的数据hash,加密数据,加密数据的地址。具体地,所述数据信息包括以下至少一项:第一节点需要访问的加密数据,所述加密数据的地址信息,或者所述加密数据的hash,所述数据hash;The data information includes at least one of the following: a hash of the data, an encrypted data hash, an encrypted data, and an address of the encrypted data. Specifically, the data information includes at least one of the following: encrypted data that the first node needs to access, address information of the encrypted data, or a hash of the encrypted data, the data hash;
所述数据的密钥信息包括一下至少一项:被加密的数据密钥,存储被加密的数据密钥的地址信息,被加密的数据密钥的hash,所述密钥地址的hash。The key information of the data includes at least one of the following: an encrypted data key, address information of the encrypted data key, a hash of the encrypted data key, and a hash of the key address.
步骤604:用户设备获得它要访问的数据相关的区块链交易索引信息。Step 604: The user equipment obtains blockchain transaction index information related to the data it wants to access.
所述区块链交易索引信息包括:区块高度,区块号,区块链标识和交易索引号等信息,还可以包括终端设备请求访问的数据标识、终端设备标识或区块链节点标识等。The blockchain transaction index information includes: a block height, a block number, a blockchain identifier, and a transaction index number, and may also include a data identifier, a terminal device identifier, or a blockchain node identifier that the terminal device requests to access. .
步骤605:用户设备向接入设备发送请求消息,所述请求消息用于请求所述数据的密钥信息。Step 605: The user equipment sends a request message to the access device, where the request message is used to request key information of the data.
所述第一信息包括数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项。The first information includes one or more of a data identifier, a first node identifier, a first node public key, or transaction index information.
具体地,终端设备以直接或间接的方式选择一个接入节点,示例性的,所述接入节点为距离所述终端设备位置最近的设备,然后将所述请求消息发送给该接入节点。Specifically, the terminal device selects an access node in a direct or indirect manner. Illustratively, the access node is a device that is closest to the location of the terminal device, and then sends the request message to the access node.
步骤606:接入节点在收到所述请求消息后,通过访问控制区块链(例如第一区块链),根据请求消息中携带的交易索引信息核实终端设备是否具有访问权限。Step 606: After receiving the request message, the access node checks whether the terminal device has the access right according to the transaction index information carried in the request message through the access control blockchain (for example, the first blockchain).
具体地,接入节点可通过访问控制区块链节点获得该区块链中是否保存了所述数据的 密钥信息。Specifically, the access node may obtain, by using an access control blockchain node, key information of whether the data is saved in the blockchain.
根据所述交易索引信息,如果在第一区块链找到对应的交易,所述交易用于记录终端设备需要访问的数据的数据密钥信息,则表示所述终端设备具有访问权限;否则,表示所述终端设备没有访问所述数据的权限。According to the transaction index information, if a corresponding transaction is found in the first blockchain, and the transaction is used to record data key information of data that the terminal device needs to access, it indicates that the terminal device has access rights; otherwise, The terminal device does not have access to the data.
步骤607:如果接入节点确认终端设备具有访问权限,则接入节点将密钥信息和/或加密数据提供给终端设备。Step 607: If the access node confirms that the terminal device has the access right, the access node provides the key information and/or the encrypted data to the terminal device.
具体地,本步骤以提供密钥信息和加密数据为例来说明发明内容:如果接入节点确认终端设备具有访问权限后,接入节点判断本接入节点是否保存了所述加密数据,如果保存了接入节点将从第一区块链中获得的密钥信息和加密数据提供给终端设备。Specifically, this step is to provide the key information and the encrypted data as an example to illustrate the invention: if the access node confirms that the terminal device has the access right, the access node determines whether the access node saves the encrypted data, if the save The access node provides the key information and the encrypted data obtained from the first blockchain to the terminal device.
关于接入节点如何判断本接入节点是偶保存了所述加密数据,例如接入节点可以根据请求消息中提供的第一信息来确定是否保存了所述加密数据。Regarding how the access node judges that the access node even saves the encrypted data, for example, the access node may determine whether the encrypted data is saved according to the first information provided in the request message.
步骤609:终端设备获取加密数据和数据的密钥信息,利用终端设备的私钥对所述数据的密钥信息进行解密得到密钥,再利用所述解密得到的密钥对所述加密数据进行解密,获取的访问的数据。Step 609: The terminal device acquires key information of the encrypted data and the data, decrypts the key information of the data by using the private key of the terminal device to obtain a key, and performs the encrypted data by using the decrypted key. Decrypt, get access to the data.
步骤610:终端设备从第二区块链中获得数据的hash。其中,所述第二区块链用于记录数据信息。Step 610: The terminal device obtains a hash of the data from the second blockchain. The second blockchain is used to record data information.
所述数据信息包括以下至少一项:数据的hash,数据的地址,加密数据的hash,加密数据,数据的存储地址等。The data information includes at least one of the following: a hash of the data, an address of the data, a hash of the encrypted data, an encrypted data, a storage address of the data, and the like.
步骤611:所述终端设备利用解密得到的数据和hash算法获得解密数据的hash,判断所述数据的hash和所述解密数据的hash是否相同,如果两个值相同,则终端设备获得的数据是可靠的数据,如果不相同,则终端设备获得的数据是被篡改的数据。Step 611: The terminal device obtains the hash of the decrypted data by using the decrypted data and the hash algorithm, and determines whether the hash of the data and the hash of the decrypted data are the same. If the two values are the same, the data obtained by the terminal device is Reliable data, if not the same, the data obtained by the terminal device is the data that has been tampered with.
步骤612:所述终端设备将接入节点向所述终端设备提供数据作为一个交易,记录在所述第三区块链上。Step 612: The terminal device provides the access node to the terminal device to provide data as a transaction, and records the data on the third blockchain.
具体地,在检测所述数据未被篡改的情况下,所述终端设备将接入节点向所述终端设备提供数据作为一个交易,记录在所述第三区块链上Specifically, in the case that detecting that the data has not been tampered with, the terminal device provides the access node to the terminal device to provide data as a transaction, and records the data on the third blockchain.
所述第三区块链的交易中包括以下至少一项:连接标识、跨链标识、终端设备标识、数据标识、终端设备的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、数据的哈希hash、数据信息hash、加密数据的地址信息hash、数据的密钥信息hash,接入节点标识,接入节点信息等。The transaction of the third blockchain includes at least one of the following: a connection identifier, a cross-chain identifier, a terminal device identifier, a data identifier, a public key of the terminal device, a time for accessing the data, a blockchain node identifier, and a blockchain. The transaction identification information of the node, the transaction index information, the hash hash of the data, the data information hash, the address information hash of the encrypted data, the key information hash of the data, the access node identifier, the access node information, and the like.
本实施例中,终端设备在解密并访问数据后,通过将获取的区块链上的数据hash与解密后的数据生成的hash进行比较,来验证解密的数据真实和完整性,使得第一节点能够判断出获取的数据的可靠性。In this embodiment, after decrypting and accessing the data, the terminal device compares the data hash on the acquired blockchain with the hash generated by the decrypted data to verify the authenticity and integrity of the decrypted data, so that the first node It is possible to judge the reliability of the acquired data.
本实施例中,数据源节点将数据存储在接入设备,使得请求终端设备可以从距离最近的接入设备或区块链上获得数据,降低了数据在核心网或者多个路由间重复传输的负担,较少了传输延迟,提高传输效率。In this embodiment, the data source node stores the data in the access device, so that the requesting terminal device can obtain data from the nearest access device or the blockchain, and reduce the repeated transmission of data between the core network or multiple routes. Burden, less transmission delay, and improved transmission efficiency.
同时,接入设备利用访问控制权限查询信息核实终端设备的访问权限,在所述终端设备具备访问权限之后再下发业务和数据,进而保证了数据源节点的权益。At the same time, the access device uses the access control permission query information to verify the access authority of the terminal device, and then delivers the service and data after the terminal device has the access right, thereby ensuring the rights of the data source node.
本实施例中涉及第一区块链和第三区块链中所记录的交易包括:第一区块链,用于记录数据的密钥信息的交易,第二区块链用于记录数据的信息,第三区块链用于记录某节点 (例如接入节点)为终端设备提供数据信息的交易。The transactions recorded in the first blockchain and the third blockchain in this embodiment include: a first blockchain for recording key information of data, and a second blockchain for recording data. Information, the third blockchain is used to record transactions in which a node (eg, an access node) provides data information to a terminal device.
本申请还提供了一种数据传输装置,用于实现实施例如图3至图6所述的方法,如图7所示,装置包括:收发模块701、处理模块702和存储模块703,此外还可以包括其它模块或单元。The present application further provides a data transmission apparatus for implementing the method described in, for example, FIG. 3 to FIG. 6. As shown in FIG. 7, the apparatus includes: a transceiver module 701, a processing module 702, and a storage module 703. Includes other modules or units.
收发模块701,用于获得数据信息和第一区块链上记录的数据的密钥信息;The transceiver module 701 is configured to obtain data information and key information of data recorded on the first blockchain;
处理模块702,用于根据所述收发模块701接收的所述数据信息得到加密数据,根据所述收发模块接收的所述数据的密钥信息获得密钥,以及利用所述密钥对所述加密数据进行解密得到数据。The processing module 702 is configured to obtain encrypted data according to the data information received by the transceiver module 701, obtain a key according to the key information of the data received by the transceiver module, and encrypt the encryption by using the key The data is decrypted to obtain the data.
在一种可能的实现方式中,所述处理模块702,具体用于在所述收发模块接收所述数据的密钥信息为所述被加密的数据密钥时,利用私钥对所述被加密的数据密钥进行解密得到所述密钥;或者,在所述收发模块701接收所述数据的密钥信息为所述存储被加密的数据密钥的地址信息时,根据所述地址信息获得被加密的数据密钥,以及利用私钥对所述被加密的数据密钥进行解密得到所述密钥。In a possible implementation, the processing module 702 is specifically configured to use the private key to encrypt the key information when the transceiver module receives the data as the encrypted data key. The data key is decrypted to obtain the key; or, when the key information of the data received by the transceiver module 701 is the address information of the stored data key, the obtained address information is obtained according to the address information. The encrypted data key, and the encrypted data key is decrypted using a private key to obtain the key.
在一种可能的实现方式中,所述收发模块701,具体用于获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;In a possible implementation, the transceiver module 701 is specifically configured to obtain transaction index information, where the transaction index information includes one of a block number, a block height, a transaction index number, or a blockchain identifier. Multiple
所述处理模块702,具体用于根据所述收发模块701获取的交易索引信息确定所述第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息;或者,The processing module 702 is specifically configured to determine, according to the transaction index information acquired by the transceiver module 701, the first blockchain transaction, where the key information of the data is recorded in the first blockchain transaction, according to the The first blockchain transaction obtains key information of the data; or
所述收发模块701,用于向中继节点发送所述交易索引信息,以及接收所述中继节点根据所述交易索引信息反馈的所述数据的密钥信息。The transceiver module 701 is configured to send the transaction index information to a relay node, and receive key information of the data that is forwarded by the relay node according to the transaction index information.
在一种可能的实现方式中,所述收发模块701,具体用于从第一区块链或者第二区块链中获得所述数据信息;或者,接收第一区块链的任一区块链节点或者第二区块链的任一区块链节点发送的所述数据信息;或者,接收中继节点或者数据源节点发送的所述数据信息。In a possible implementation manner, the transceiver module 701 is specifically configured to obtain the data information from a first blockchain or a second blockchain; or receive any block of the first blockchain. The data information sent by the link node or any blockchain node of the second block chain; or receiving the data information sent by the relay node or the data source node.
在一种可能的实现方式中,所述收发模块701,具体用于获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;In a possible implementation, the transceiver module 701 is specifically configured to obtain transaction index information, where the transaction index information includes one of a block number, a block height, a transaction index number, or a blockchain identifier. Multiple
所述处理模块702,具体用于根据所述收发模块获得的所述交易索引信息确定区块链交易,其中,所述区块链交易被记录在第一区块链或第二区块链上,且所述区块链交易中记录有所述数据信息;The processing module 702 is specifically configured to determine, according to the transaction index information obtained by the transceiver module, a blockchain transaction, where the blockchain transaction is recorded on a first blockchain or a second blockchain. And the data information is recorded in the blockchain transaction;
或者,所述收发模块701,具体用于向中继节点发送所述交易索引信息,接收所述中继节点根据所述交易索引信息发送的数据信息。Alternatively, the transceiver module 701 is specifically configured to send the transaction index information to the relay node, and receive data information that is sent by the relay node according to the transaction index information.
在一种可能的实现方式中,,所述处理模块701,具体用于在所述数据信息为所述加密数据时,从所述数据信息中获得所述加密数据;或者,在所述数据信息为所述加密数据的地址信息时,通过所述数据的地址信息查找并得到所述加密数据。In a possible implementation manner, the processing module 701 is specifically configured to: when the data information is the encrypted data, obtain the encrypted data from the data information; or, in the data information When the address information of the data is encrypted, the encrypted data is searched for and obtained by the address information of the data.
在一种可能的实现方式中,所述处理模块702,还用于将获得数据信息和所述数据的密钥信息的事件作为第一交易,记录在一条区块链上;In a possible implementation manner, the processing module 702 is further configured to record, as a first transaction, an event that obtains data information and key information of the data, on a blockchain;
其中,所述第一交易中包括:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash中的一 项或多项。The first transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
在一种可能的实现方式中,所述收发模块701,还用于接收来自第二节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或多项;所述处理模块702,还用于根据所述数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或者多项获取数据信息和/或数据的密钥信息;In a possible implementation manner, the transceiver module 701 is further configured to receive a request message from a second node, where the request message includes first information, where the first information includes a data identifier, and a second node identifier. One or more of the second node public key or the transaction index information; the processing module 702 is further configured to: according to one of the data identifier, the second node identifier, the second node public key, or the transaction index information Key or multiple key information for obtaining data information and/or data;
所述收发模块701,还用于将所述数据信息和/或数据的密钥信息发送给所述第二节点。The transceiver module 701 is further configured to send the key information of the data information and/or data to the second node.
在一种可能的实现方式中,所述处理模块702,还用于根据物理不可克隆函数PUF技术产生的激励响应来获得第一节点的私钥或者公钥产生源。In a possible implementation, the processing module 702 is further configured to obtain a private key or a public key generation source of the first node according to an excitation response generated by the physical unclonable function PUF technology.
在一种可能的实现方式中,所述处理模块702,还用于根据物理不可克隆函数PUF技术产生激励响应,将激励和激励响应的hash中的至少一项作为第一节点的标识信息,以便于所述第一节点的标识信息被记录在区块链上;所述区块链上记录的交易包括以下一项或多项:激励、激励响应的hash、节点标识、产生响应的时间或节点的公钥。In a possible implementation, the processing module 702 is further configured to generate an excitation response according to the physical unclonable function PUF technology, and use at least one of the hash of the excitation and the excitation response as the identification information of the first node, so that The identification information of the first node is recorded on a blockchain; the transaction recorded on the blockchain includes one or more of the following: an incentive, a hash of the stimulus response, a node identifier, a time or a node to generate a response Public key.
其中,所述处理模块对应的实体设备可以为处理器,所述接收模块对应的实体设备为接收器,发送模块对应的实体设备为发射器,或者还可以是收发器。The physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
此外,所述数据传输装置,还可以应用于任意区块链上的一个区块链节点,包括:In addition, the data transmission device can also be applied to a blockchain node on any blockchain, including:
处理模块702,用于通过第一信息获得第一节点请求的数据信息和/或数据的密钥信息,其中,所述第一信息包括:数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项;The processing module 702 is configured to obtain, by using the first information, the data information requested by the first node and/or the key information of the data, where the first information includes: the data identifier, the first node identifier, and the public key of the first node Or one or more of the transaction index information;
收发模块701,用于将所述处理模块获取的所述数据信息和/或数据的密钥信息发送给所述第一节点或者中继节点。The transceiver module 701 is configured to send the data information and/or key information of the data acquired by the processing module to the first node or the relay node.
在一种可能的实现方式中,所述收发模块701,还用于接收第一节点或中继节点发送的请求消息,所述请求消息中包括所述第一信息;In a possible implementation manner, the transceiver module 701 is further configured to receive a request message sent by the first node or the relay node, where the request message includes the first information;
所述处理模块702,具体用于根据所述收发模块接收的所述第一信息中的数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;The processing module 702 is specifically configured to: search and locate one or more of a data identifier, a first node identifier, a first node public key, or transaction index information in the first information received by the transceiver module. a first information-related transaction in which key information of the data is recorded;
所述收发模块701,还用于从所述交易的记录中获得所述数据的密钥信息。The transceiver module 701 is further configured to obtain key information of the data from a record of the transaction.
在一种可能的实现方式中,所述处理模块702,具体用于根据所述第一信息和第一标识确定所述交易,所述第一标识包括至少一个区块链节点标识、至少一个区块链节点的交易标识信息或跨链标识中的一项或多项。In a possible implementation manner, the processing module 702 is specifically configured to determine the transaction according to the first information and the first identifier, where the first identifier includes at least one blockchain node identifier, at least one region. One or more of the transaction identification information or the cross-chain identification of the blockchain node.
在一种可能的实现方式中,所述收发模块701,具体用于接收第二区块链,或中继节点,或数据源节点根据所述数据标识、第一节点标识或交易索引信息中的一项或多项反馈的所述数据信息;或者用于在根据所述第一信息确定本地存储有所述数据信息的情况下,获取所述存储的数据信息;所述数据信息包括加密数据或加密数据的地址信息。In a possible implementation, the transceiver module 701 is specifically configured to receive a second blockchain, or a relay node, or a data source node according to the data identifier, the first node identifier, or the transaction index information. The one or more feedbacks of the data information; or for obtaining the stored data information if it is determined that the data information is locally stored according to the first information; the data information includes encrypted data or Encrypted data address information.
在一种可能的实现方式中,所述处理模块702,还用于生成交易索引信息,所述交易索引信息用于确定第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项。In a possible implementation manner, the processing module 702 is further configured to generate transaction index information, where the transaction index information is used to determine a first blockchain transaction, where the first blockchain transaction records the Key information of the data, the transaction index information including one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
其中,所述处理模块对应的实体设备可以为处理器,所述接收模块对应的实体设备为接收器,发送模块对应的实体设备为发射器,或者还可以是收发器。The physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
另外,本实施例中提供的数据传输装置可以实现前述方法的中继节点的步骤和功能,以中继节点N1为例,所述装置具体用于:In addition, the data transmission apparatus provided in this embodiment may implement the steps and functions of the relay node of the foregoing method, and the relay node N1 is taken as an example, and the apparatus is specifically configured to:
收发模块701,用于获得来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识或交易索引信息;The transceiver module 701 is configured to obtain a request message from the first node, where the request message includes first information, where the first information includes a data identifier, a first node identifier, or transaction index information;
处理模块702,用于根据所述收发模块701获得的第一信息得到所述数据信息和/或数据的密钥信息;The processing module 702 is configured to obtain key information of the data information and/or data according to the first information obtained by the transceiver module 701;
所述收发模块701,还用于将所述数据信息和/或数据的密钥信息发送给所述第一节点。The transceiver module 701 is further configured to send the key information of the data information and/or data to the first node.
在本实施例的一种实现方式中,处理模块702,具体用于确认所述第一节点是否有访问权限;如果是,则获得数据信息;如果否,则拒绝第一节点的访问请求;In an implementation manner of this embodiment, the processing module 702 is specifically configured to confirm whether the first node has access rights; if yes, obtain data information; if not, reject the access request of the first node;
其中,获得所述数据信息,具体包括:所述装置在已经存储有所述数据信息的情况下,从本地的存储模块中获得所述数据信息;或者,在未存储所述数据信息的情况下,从第一区块链、第二区块链或数据源节点上获得所述数据信息。The obtaining the data information specifically includes: the device obtaining the data information from a local storage module if the data information is already stored; or, if the data information is not stored, Obtaining the data information from the first blockchain, the second blockchain, or the data source node.
在本实施例的另一种实现方式中,处理模块702,具体用于所述中继节点根据所述第一信息查找是否有与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;如果是,则从所述交易中获得所述数据的密钥信息;如果否,则拒绝访问。In another implementation manner of this embodiment, the processing module 702 is specifically configured to: the relay node searches, according to the first information, whether there is a transaction related to the first information, where the transaction records The key information of the data; if so, the key information of the data is obtained from the transaction; if not, the access is denied.
在本实施例的另一种实现方式中,收发模块701,还用于向所述第一区块链节点发送所述请求消息;收发模块701,还用于接收所述第一区块链节点根据所述请求消息反馈的数据的密钥信息,所述数据的密钥信息由第一节点的公钥加密后生成。In another implementation manner of this embodiment, the transceiver module 701 is further configured to send the request message to the first blockchain node, and the transceiver module 701 is further configured to receive the first blockchain node. And according to the key information of the data fed back by the request message, the key information of the data is generated by being encrypted by the public key of the first node.
在本实施例的另一种实现方式中,处理模块702,具体用于根据所述第一信息和所述第一标识获得所述数据信息和/或数据的密钥信息。所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识等。In another implementation manner of this embodiment, the processing module 702 is specifically configured to obtain key information of the data information and/or data according to the first information and the first identifier. The first identifier includes: a first blockchain node identifier, transaction identifier information of the first blockchain node, a second blockchain node identifier, transaction identifier information of the second blockchain node, or a cross-chain identifier.
在本实施例的另一种实现方式中,处理模块702,还用于将给所述第一节点发送所述数据信息和/或数据的密钥信息作为第二交易,记录在第三区块链上。In another implementation manner of this embodiment, the processing module 702 is further configured to send the key information that sends the data information and/or data to the first node as a second transaction, and record the third block. On the chain.
其中,所述第二交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、交易索引信息、第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash等。The second transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, transaction index information, a first blockchain node identifier, and a first zone. Transaction identification information of the block chain node, second block chain node identifier, transaction identification information of the second block chain node, cross-chain identification, data hash hash, data information hash, encrypted data address information hash or data Key information hash, etc.
其中,所述处理模块对应的实体设备可以为处理器,所述接收模块对应的实体设备为接收器,发送模块对应的实体设备为发射器,或者还可以是收发器。The physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
另外,本实施例中提供的数据传输装置可以实现前述方法的数据源节点的步骤和功能,以节点D为例,所述装置具体用于:In addition, the data transmission apparatus provided in this embodiment may implement the steps and functions of the data source node of the foregoing method, and the node D is taken as an example, and the apparatus is specifically configured to:
处理模块702,用于生成数据的密钥信息,将所述数据的密钥信息记录在第一区块链上,以使第一区块链上的任意一个区块链节点存储所述数据的密钥信息,并将其快速地提供给请求方的第一节点,缩短传输延迟,提高传输效率。The processing module 702 is configured to generate key information of the data, and record key information of the data on the first blockchain, so that any one of the blockchain nodes on the first blockchain stores the data. The key information is quickly provided to the first node of the requester, shortening the transmission delay and improving the transmission efficiency.
在本实施例的一种实现方式中,处理模块702,具体用于利用收发模块701接收来自第一节点或者经过中继节点转发的请求消息,所述请求消息中包括第一信息,根据所述第一信息确定第一节点的公钥,并利用所述第一节点的公钥对数据的密钥进行加密,生成所述数据的密钥信息,所述第一信息包括数据标识、第一节点标识、第一节点的公钥或交易 索引信息中的一项或多项。In an implementation manner of this embodiment, the processing module 702 is specifically configured to receive, by using the transceiver module 701, a request message that is forwarded from the first node or forwarded by the relay node, where the request message includes the first information, according to the The first information is used to determine a public key of the first node, and the key of the data is encrypted by using the public key of the first node to generate key information of the data, where the first information includes a data identifier and a first node. One or more of the identification, the public key of the first node, or the transaction index information.
在本实施例的另一种实现方式中,处理模块702,具体用于利用收发模块701将所述数据的密钥信息发送给第一区块链节点,以通过第一区块链节点将所述数据的密钥信息记录在第一区块链上;或者,将所述数据的密钥信息广播和存储到所述第一区块链上。In another implementation manner of this embodiment, the processing module 702 is specifically configured to send, by using the transceiver module 701, key information of the data to the first blockchain node, to use the first blockchain node to The key information of the data is recorded on the first blockchain; or the key information of the data is broadcasted and stored on the first blockchain.
在本实施例的另一种实现方式中,处理模块702,还用于将第一节点请求访问的加密数据记录在第二区块链上;或者,将所述加密数据广播和存储到所述第二区块链上,所述数据信息包括加密数据或加密数据的地址信息。In another implementation manner of this embodiment, the processing module 702 is further configured to record the encrypted data requested by the first node to be accessed on the second blockchain; or broadcast and store the encrypted data to the On the second blockchain, the data information includes encrypted data or address information of the encrypted data.
本实施例提供的数据传输装置,利用区块链上数据共识特性,使得请求方例如第一节点可以从区块链的任意一个区块链节点上直接获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟,提高传输效率。The data transmission apparatus provided in this embodiment utilizes the data consensus feature on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing the data information in the core. The burden of repeated transmission between the network or multiple routes, less transmission delay, and improved transmission efficiency.
并且,第一节点通过第一区块链节点获得数据的密钥信息,由于该数据的密钥信息经第一节点的公钥加密,所以被授权的第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。And, the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
另外,区块链节点或中继节点根据来自第一节点的请求消息,验证第一节点是否具备访问权限,并根据验证结果下发与该请求消息相关的交易,例如数据的密钥信息,并对不具备权限的节点拒绝其访问请求,进而在提高传输效率的同时还保证了数据提供方的权益。In addition, the blockchain node or the relay node verifies whether the first node has the access right according to the request message from the first node, and issues a transaction related to the request message, such as key information of the data, according to the verification result, and Nodes that do not have permission are denied access requests, which in turn improves the transmission efficiency while ensuring the rights of the data provider.
其中,所述处理模块对应的实体设备可以为处理器,所述接收模块对应的实体设备为接收器,发送模块对应的实体设备为发射器,或者还可以是收发器。The physical device corresponding to the processing module may be a processor, and the physical device corresponding to the receiving module is a receiver, and the physical device corresponding to the sending module is a transmitter, or may also be a transceiver.
与本申请装置实施例相对应,本申请还提供了一种网络节点。所述网络节点可以是前述实施例中的网元设备、站点、区块链节点、数据源节点、基站、UE、MEC设备和终端等。用于实现上面各个实施例中各个节点所述的数据传输方法。Corresponding to the device embodiment of the present application, the present application also provides a network node. The network node may be a network element device, a site, a blockchain node, a data source node, a base station, a UE, an MEC device, a terminal, and the like in the foregoing embodiments. A data transmission method for implementing the respective nodes in the above various embodiments.
具体地,如图8所示,该网络节点包括收发器801(发射器/接收器)、处理器/控制器802和存储器803,此外,还可以包括更多或更少的部件,或者组合某些部件,或者不同的部件布置,本申请对此不进行限定。Specifically, as shown in FIG. 8, the network node includes a transceiver 801 (transmitter/receiver), a processor/controller 802, and a memory 803. In addition, more or fewer components may be included, or a combination may be included. These components, or different component arrangements, are not limited in this application.
其中,所述收发器801可以包括接收模块和发送模块,用于实现传输系统中各个网元或节点之间的通信传输,例如收发数据、信令、请求消息等。The transceiver 801 may include a receiving module and a sending module, configured to implement communication transmission between each network element or node in the transmission system, such as sending and receiving data, signaling, request messages, and the like.
进一步地,收发器801可以包括无线局域网(wireless local area network,WLAN)模块、蓝牙模块、基带(base band)模块等通信模块,以及所述通信模块对应的射频(radio frequency,RF)电路,用于进行无线网络通信、蓝牙通信、红外线通信及/或蜂窝式通信系统通信,例如宽带码分多重接入(wideband code division multiple access,WCDMA)及/或高速下行封包存取(high speed downlink packet access,HSDPA)。Further, the transceiver 801 may include a wireless local area network (WLAN) module, a Bluetooth module, a baseband module, and the like, and a radio frequency (RF) circuit corresponding to the communication module. For wireless network communication, Bluetooth communication, infrared communication, and/or cellular communication system communication, such as wideband code division multiple access (WCDMA) and/or high speed downlink packet access (high speed downlink packet access) , HSDPA).
所述处理器802为网络节点的控制中心,利用各种接口和线路连接整个终端设备的各个部分,通过运行或执行存储在存储器803内的软件程序和/或模块,以及调用存储在存储器803内的指令,以执行图2至图6的各个实施例的方法步骤。The processor 802 is a control center of a network node, and connects various parts of the entire terminal device by using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 803, and calling and storing in the memory 803. The instructions are executed to perform the method steps of the various embodiments of Figures 2-6.
进一步地,处理器802可以由集成电路(integrated circuit,IC)组成,例如可以由单颗封装的IC所组成,也可以由连接多颗相同功能或不同功能的封装IC而组成。举例来说,处理器802可以仅包括CPU,也可以是GPU、数字信号处理器(digital signal processor,DSP)、及收发模块中的控制芯片(例如基带芯片)的组合。在本申请的各种实施方式中,CPU可以是单运算核心,也可以包括多运算核心。Further, the processor 802 may be composed of an integrated circuit (IC), for example, may be composed of a single packaged IC, or may be composed of a plurality of packaged ICs that have the same function or different functions. For example, the processor 802 may include only a CPU, or may be a combination of a GPU, a digital signal processor (DSP), and a control chip (eg, a baseband chip) in the transceiver module. In various implementations of the present application, the CPU may be a single computing core or may include multiple computing cores.
所述存储器803可以包括易失性存储器(volatile memory),例如随机存取内存(random access memory,RAM);还可以包括非易失性存储器(non-volatile memory),例如快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD);所述存储器还可以包括上述种类的存储器的组合。所述存储器中可以存储有程序或代码,所述处理器通过执行所述程序或代码可以实现所述网络节点的功能。The memory 803 may include a volatile memory, such as a random access memory (RAM), and may also include a non-volatile memory, such as a flash memory. A hard disk drive (HDD) or a solid-state drive (SSD); the memory may also include a combination of the above types of memories. Programs or code may be stored in the memory, and the processor may implement the functions of the network node by executing the program or code.
在各个实施例中,图7所示的收发模块的所有功能可以由网络节点的收发器801来实现,或者由处理器802控制的收发器801来实现;图7所示处理模块所要实现的功能可以由所述处理器802实现。In various embodiments, all of the functions of the transceiver module shown in FIG. 7 may be implemented by the transceiver 801 of the network node, or by the transceiver 801 controlled by the processor 802; the functions to be implemented by the processing module shown in FIG. It can be implemented by the processor 802.
所述存储器803用于存储指令或各种信息,例如请求消息、第一标识、第一信息、第一交易、第二交易、第三交易等。The memory 803 is configured to store instructions or various information, such as a request message, a first identification, a first information, a first transaction, a second transaction, a third transaction, and the like.
具体实现中,本申请还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时可包括本申请提供的数据传输方法的各实施例中的部分或全部步骤。所述的存储介质可为磁碟、光盘、ROM或RAM等。In a specific implementation, the present application further provides a computer storage medium, wherein the computer storage medium may store a program, and the program may include some or all of the steps in each embodiment of the data transmission method provided by the application. The storage medium may be a magnetic disk, an optical disk, a ROM, a RAM, or the like.
本申请所述的终端用于物联网或比特别等技术场景,即适用于设备到设备(device to device,D2D)、网元到设备、网元到网元之间的数据传输,所述区块链节点可以是一种网元或者一个设备。The terminal described in the present application is used for the data transmission between the device to device (D2D), the network element to the device, and the network element to the network element. A blockchain node can be a network element or a device.
一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。另外,该ASIC可以位于用户设备中。当然,处理器和存储介质也可以作为分立组件存在于用户设备中。An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium. Of course, the storage medium can also be an integral part of the processor. The processor and the storage medium can be located in an ASIC. Additionally, the ASIC can be located in the user equipment. Of course, the processor and the storage medium may also reside as discrete components in the user equipment.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art will appreciate that in one or more examples described above, the functions described herein can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a general purpose or special purpose computer.
本发明实施例涉及的终端设备,可以是指向用户提供语音和/或数据连通性的设备,具有无线连接功能的手持式设备、或连接到无线调制解调器的其他处理设备。无线终端可以经无线接入网(Radio Access Network,RAN)与一个或多个核心网进行通信,无线终端可以是移动终端,如移动电话(或称为“蜂窝”电话)和具有移动终端的计算机,例如,可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置,它们与无线接入网交换语言和/或数据。例如,个人通信业务(PCS,Personal Communication Service)电话、无绳电话、会话发起协议(SIP)话机、无线本地环路(WLL,Wireless Local Loop)站、个人数字助理(PDA,Personal Digital Assistant)等设备。无线终端也可以称为系统、订户单元(Subscriber Unit)、订户站(Subscriber Station),移动站(Mobile Station)、移动台(Mobile)、远程站(Remote Station)、接入点(Access Point)、远程终端(Remote Terminal)、接入终端(Access Terminal)、用户终端(User Terminal)、用户代理(User Agent)、用户设备(User Device)、或用户装备(User Equipment)。The terminal device according to the embodiment of the present invention may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem. The wireless terminal can communicate with one or more core networks via a Radio Access Network (RAN), which can be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal. For example, it may be a portable, pocket, handheld, computer built-in or in-vehicle mobile device that exchanges language and/or data with a wireless access network. For example, personal communication service (PCS, Personal Communication Service) telephone, cordless telephone, Session Initiation Protocol (SIP) telephone, Wireless Local Loop (WLL) station, Personal Digital Assistant (PDA, Personal Digital Assistant), etc. . A wireless terminal may also be called a system, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, an access point, or an access point. Remote Terminal, Access Terminal, User Terminal, User Agent, User Device, or User Equipment.
本发明实施例所涉及的网络设备,可以是基站,或者接入点,或者可以是指接入网中 在空中接口上通过一个或多个扇区与无线终端通信的设备。基站可用于将收到的空中帧与IP分组进行相互转换,作为无线终端与接入网的其余部分之间的路由器,其中接入网的其余部分可包括网际协议(IP)网络。基站还可协调对空中接口的属性管理。例如,基站可以是GSM或CDMA中的基站(BTS,Base Transceiver Station),也可以是WCDMA中的基站(NodeB),还可以是LTE中的演进型基站(eNB或e-NodeB,evolutional Node B),本申请并不限定。The network device involved in the embodiments of the present invention may be a base station, or an access point, or may refer to a device in the access network that communicates with the wireless terminal through one or more sectors on the air interface. The base station can be used to convert the received air frame to the IP packet as a router between the wireless terminal and the rest of the access network, wherein the remainder of the access network can include an Internet Protocol (IP) network. The base station can also coordinate attribute management of the air interface. For example, the base station may be a base station (BTS, Base Transceiver Station) in GSM or CDMA, or may be a base station (NodeB) in WCDMA, or may be an evolved base station (eNB or e-NodeB, evolutional Node B) in LTE. This application is not limited.
此外,本申请还提供了一种传输系统,用于实现网络节点间数据的共享和访问权限的控制,该系统包括第一节点、至少一条区块链,所述区块链上包括多个区块链节点,还可以包括中继节点和数据源节点,其中,所述中继节点和所述数据源节点可以是某一区块链节点。In addition, the present application further provides a transmission system for implementing data sharing and access authority control between network nodes, the system including a first node, at least one blockchain, and the plurality of zones on the blockchain The block chain node may further include a relay node and a data source node, wherein the relay node and the data source node may be a certain block chain node.
具体地,该传输系统中的各个节点用于执行如图2至图6所示的方法步骤:Specifically, each node in the transmission system is configured to perform the method steps as shown in FIGS. 2 to 6:
第1步:数据源节点将生成数据的密钥信息,将所述数据的密钥信息记录在第一区块链上;Step 1: The data source node will generate key information of the data, and record the key information of the data on the first blockchain;
第2步:第一节点生成请求消息,所述请求消息中包括:数据标识或第一节点标识或交易索引信息中的一项或多项;Step 2: The first node generates a request message, where the request message includes: one or more of a data identifier or a first node identifier or transaction index information;
第3步:第一节点发送所述请求消息,具体地,所述第一节点可以将请求消息发送给中继节点,例如MEC设备,或者发送给第一区块链节点,示例性的,所述中继节点与所述第一区块链节点是同一个节点。所述请求消息用于为第一节点请求访问数据和数据的密钥信息。Step 3: The first node sends the request message, specifically, the first node may send the request message to a relay node, such as an MEC device, or to the first blockchain node, for example, The relay node is the same node as the first blockchain node. The request message is used to request access to data and data key information for the first node.
第4步:中继节点获得来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项;根据所述第一信息获得所述数据信息和/或数据的密钥信息。Step 4: The relay node obtains a request message from the first node, where the request message includes first information, where the first information includes a data identifier, a first node identifier, a public key of the first node, or transaction index information. One or more of the data; obtaining key information of the data information and/or data according to the first information.
示例性的,一种具体的实现方式是,中继节点在判断所述第一节点具有访问权限的情况下,从本地的数据库中得到所述数据信息,或者从第一区块链节点或其它节点获得所述数据信息。Exemplarily, a specific implementation manner is: the relay node obtains the data information from a local database, or from the first blockchain node or other, if the first node has the access right. The node obtains the data information.
另外,中继节点在获得所述数据的密钥信息的过程,具体可以包括:中继节点向第一区块链节点发送所述请求消息;第一区块链节点接收该请求消息,根据该请求消息中携带的数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;从所述交易中获得所述数据的密钥信息。In addition, the process of obtaining the key information of the data by the relay node may specifically include: the relay node sending the request message to the first blockchain node; the first blockchain node receiving the request message, according to the Determining, in the transaction, the data related to the first information by one or more of a data identifier carried in the request message, a first node identifier, a public key of the first node, or transaction index information. Key information; obtaining key information of the data from the transaction.
示例性的,第一区块链节点还可以根据第一标识和所述第一信息查找并获得所述数据的密钥信息,所述第一标识包括:第一区块链节点标识、第一区块链节点的交易标识信息、第二区块链节点标识、第二区块链节点的交易标识信息或跨链标识等。Illustratively, the first blockchain node may further search for and obtain key information of the data according to the first identifier and the first information, where the first identifier includes: a first blockchain node identifier, and a first Transaction identification information of the blockchain node, second blockchain node identifier, transaction identification information of the second blockchain node, or cross-chain identification.
第一区块链节点将查找到的数据的密钥信息发送给中继节点,所述中继节点接收来自第一区块链节点的数据的密钥信息。The first block chain node transmits key information of the found data to the relay node, and the relay node receives key information of data from the first block chain node.
第5步:中继节点将所述数据信息和所述数据的密钥信息发送给第一节点。Step 5: The relay node sends the data information and the key information of the data to the first node.
其中,所述数据信息包括:第一节点请求访问的加密数据或加密数据的地址信息;所述数据的密钥信息包括:被加密的数据密钥或存储被加密的数据密钥的地址信息。The data information includes: encrypted data requested by the first node or address information of the encrypted data; the key information of the data includes: an encrypted data key or address information storing the encrypted data key.
第6步:第一节点接收来自中继节点的数据信息和所述数据的密钥信息,根据所述数据信息得到加密数据,以及根据所述数据的密钥信息获得密钥。Step 6: The first node receives the data information from the relay node and the key information of the data, obtains the encrypted data according to the data information, and obtains the key according to the key information of the data.
具体地,第一节点从所述数据信息中获得所述加密数据,或者,第一节点通过所述数据的地址信息查找并得到所述加密数据。Specifically, the first node obtains the encrypted data from the data information, or the first node searches for and obtains the encrypted data by using the address information of the data.
示例性的,第一节点获得所述数据的密钥信息具体包括:第一节点获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号、区块链标识中的一项或多项;根据所述交易索引信息确定所述第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息。Exemplarily, the obtaining, by the first node, the key information of the data includes: obtaining, by the first node, transaction index information, where the transaction index information includes a block number, a block height, a transaction index number, and a blockchain identifier. One or more; determining, according to the transaction index information, the first blockchain transaction, wherein the key information of the data is recorded in the first blockchain transaction, obtained according to the first blockchain transaction Key information of the data.
第一节点利用第一节点的私钥对所述被加密的数据密钥进行解密得到所述密钥。The first node decrypts the encrypted data key using the private key of the first node to obtain the key.
第7步:第一节点利用所述密钥对所述加密数据进行解密得到数据。Step 7: The first node decrypts the encrypted data by using the key to obtain data.
其中,所述数据信息和所述数据的密钥信息可以由同一区块链节点提供,例如第一区块链节点,还可以由不同的节点提供,例如所述数据的密钥信息由第一区块链节点提供,所述数据信息由第二区块链节点提供,或者由数据源节点提供。The data information and the key information of the data may be provided by the same blockchain node, for example, the first blockchain node, and may also be provided by different nodes, for example, the key information of the data is first. The blockchain node provides the data information provided by the second blockchain node or provided by the data source node.
第8步,第一节点将获得的所述数据的密钥信息和所述数据信息作为第一交易,记录在区块链上。In step 8, the first node obtains the obtained key information of the data and the data information as a first transaction, and records it on the blockchain.
其中,所述第一交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash。The first transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, Transaction index information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
示例性的,还可以由中继节点将给所述第一节点发送所述数据信息和/或数据的密钥信息作为第二交易,记录在所述第三区块链上。Exemplarily, the key information that sends the data information and/or data to the first node may be recorded by the relay node as a second transaction on the third blockchain.
所述方法还包括:The method further includes:
第9步:第二节点向距离其最近的中继节点发送第二请求消息,所述第二请求消息中包括第二节点标识、请求访问的数据标识或交易索引信息中的一项或多项。Step 9: The second node sends a second request message to the relay node closest to the second node, where the second request message includes one or more of the second node identifier, the data identifier of the requested access, or the transaction index information. .
所述中继节点可以是一区块链节点,或者是接入的MEC设备,例如为第二节点提供服务的基站等。The relay node may be a blockchain node or an accessed MEC device, such as a base station serving a second node.
第10步:中继节点接收来自第二节点的第二请求消息,根据所述第二请求消息中携带的标识信息验证第二节点是否具备访问权限。Step 10: The relay node receives the second request message from the second node, and verifies whether the second node has the access right according to the identifier information carried in the second request message.
第11步:如果是,则在本地或区块链节点上获得第二节点请求访问的数据信息和数据的密钥信息,并将这些信息发送给所述第二节点。Step 11: If yes, obtain the data information of the data information and data requested by the second node on the local or blockchain node, and send the information to the second node.
具体地,获得所述数据信息和数据的密钥信息的过程参考前述第4步至第6步的过程,或者参见前述实施例一和实例二的方法流程,不再赘述。Specifically, the process of obtaining the key information of the data information and the data refers to the processes in the foregoing steps 4 to 6, or the method flow of the foregoing Embodiment 1 and Embodiment 2, and details are not described herein again.
第12步:第二节点接收来自中继节点的数据信息和数据的密钥信息,根据所述数据信息得到加密数据,以及根据所述数据的密钥信息获得密钥;利用所述密钥对所述加密数据进行解密得到数据。Step 12: The second node receives key information of data information and data from the relay node, obtains encrypted data according to the data information, and obtains a key according to key information of the data; and uses the key pair The encrypted data is decrypted to obtain data.
其中,所述第一节点和第二节点请求访问的数据可以相同,也可以不同。The data requested by the first node and the second node may be the same or different.
此外,所述方法还包括:第二节点或中继节点或第一区块链节点生成一个交易,并记录在第三区块链上。Moreover, the method further includes the second node or the relay node or the first block chain node generating a transaction and recording on the third blockchain.
其中,所述交易包括以下一项或多项:数据标识、第一节点标识、第一节点的公钥、 访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash。The transaction includes one or more of the following: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, and a transaction index. Information, cross-chain identification, hash hash of data, data information hash, address information hash of encrypted data, or key information hash of data.
本实施例提供的系统,利用区块链上数据共享的特性,使得请求方例如第一节点可以从区块链的任意一个区块链节点上直接获取数据信息,进而降低了数据信息在核心网或者多个路由间重复传输的负担,较少了传输延迟,提高传输效率。The system provided in this embodiment utilizes the characteristics of data sharing on the blockchain, so that the requesting party, for example, the first node can directly obtain data information from any blockchain node of the blockchain, thereby reducing data information in the core network. Or the burden of repeated transmission between multiple routes, less transmission delay, and improved transmission efficiency.
并且,第一节点通过第一区块链节点获得数据的密钥信息,由于该数据的密钥信息经第一节点的公钥加密,所以被授权的第一节点能够解密和读取该数据,其它节点不能解密和访问所述数据,从而提高了数据传输的安全性。And, the first node obtains key information of the data through the first block chain node, and since the key information of the data is encrypted by the public key of the first node, the authorized first node can decrypt and read the data, Other nodes cannot decrypt and access the data, thereby increasing the security of data transmission.
当第二节点请求访问的数据被存储在距离最近的边缘设备时,可以直接从该边缘设备获得加密数据,进一步节约了传输时延。When the data requested by the second node is stored in the nearest edge device, the encrypted data can be obtained directly from the edge device, further saving the transmission delay.
另外,区块链节点或中继节点根据来自第一节点或第二节点的请求消息,验证发请求的节点是否具备访问权限,并根据验证结果下发与该请求消息相关的交易,例如数据的密钥信息,并对不具备权限的节点拒绝其访问请求,进而在提高传输效率的同时还保证了数据提供方的权益。In addition, the block chain node or the relay node verifies whether the requesting node has access rights according to the request message from the first node or the second node, and issues a transaction related to the request message according to the verification result, for example, data. The key information, and the node that does not have the permission to reject the access request, thereby improving the transmission efficiency and ensuring the rights of the data provider.
对于本系统提供的方法中的各种实现方式的详细说明可参见前述实施例的方法描述,此处不再赘述。For a detailed description of various implementations of the methods provided by the system, refer to the description of the method in the foregoing embodiment, and details are not described herein again.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", etc. (if present) in the specification and claims of the present application and the above figures are used to distinguish similar objects, and are not necessarily used to describe a particular order. Or prioritization. It is to be understood that the data so used may be interchanged where appropriate so that the embodiments described herein can be implemented in a sequence other than what is illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units may include other steps or units not explicitly listed or inherent to such processes, methods, products or devices.
需要说明的是,本申请上述各个所述的“一项或多项”包括一项,还包括两项或两项以上。It should be noted that “one or more” of the above-mentioned various aspects of the present application includes one item, and also includes two or more items.
所述各个实施例的方法和步骤之间可以互相参考和借鉴,其中,可以理解地,本申请的“所述实施例”或“本实施例”的文字表述包括但不限于其中所在的某一个实施例,还可以指其它的实施例。The methods and steps of the various embodiments may be referred to and referenced from each other. It can be understood that the textual expressions of the “the embodiment” or the “this embodiment” of the present application include, but are not limited to, one of the Embodiments may also refer to other embodiments.
本领域的技术人员可以清楚地了解到本申请实施例中的技术可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本申请实施例中的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例或者实施例的某些部分所述的方法。Those skilled in the art can clearly understand that the technology in the embodiments of the present application can be implemented by means of software plus a necessary general hardware platform. Based on such understanding, the technical solution in the embodiments of the present application may be embodied in the form of a software product in essence or in the form of a software product, and the computer software product may be stored in a storage medium such as a ROM/RAM. , a diskette, an optical disk, etc., including instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present application or portions of the embodiments.
本说明书中各个实施例之间相同相似的部分互相参见即可。尤其,对于本申请上述各个实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例中的说明即可。The same and similar parts between the various embodiments in this specification can be referred to each other. In particular, for the above various embodiments of the present application, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the description in the method embodiment.
以上所述的本申请实施方式并不构成对本申请保护范围的限定。The embodiments of the present application described above are not intended to limit the scope of the present application.

Claims (46)

  1. 一种数据传输方法,其特征在于,所述方法包括:A data transmission method, characterized in that the method comprises:
    第一节点获得数据信息和第一区块链上记录的数据的密钥信息;The first node obtains data information and key information of data recorded on the first blockchain;
    根据所述数据信息得到加密数据,以及根据所述数据的密钥信息获得密钥;Obtaining encrypted data according to the data information, and obtaining a key according to the key information of the data;
    利用所述密钥对所述加密数据进行解密得到数据。The encrypted data is decrypted using the key to obtain data.
  2. 根据权利要求1所述的方法,其特征在于,根据所述数据的密钥信息获得密钥,包括:The method according to claim 1, wherein the obtaining the key according to the key information of the data comprises:
    在所述数据的密钥信息为所述被加密的数据密钥时,所述第一节点利用私钥对所述被加密的数据密钥进行解密得到所述密钥;或者,When the key information of the data is the encrypted data key, the first node decrypts the encrypted data key by using a private key to obtain the key; or
    在所述数据的密钥信息为所述存储被加密的数据密钥的地址信息时,所述第一节点根据所述地址信息获得被加密的数据密钥,以及利用私钥对所述被加密的数据密钥进行解密得到所述密钥。When the key information of the data is the address information of the stored data key, the first node obtains an encrypted data key according to the address information, and encrypts the encrypted key with a private key The data key is decrypted to obtain the key.
  3. 根据权利要求1或2所述的方法,其特征在于,所述第一节点获得所述第一区块链上记录的数据的密钥信息,包括:The method according to claim 1 or 2, wherein the first node obtains key information of data recorded on the first blockchain, including:
    所述第一节点获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;The first node obtains transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier;
    根据所述交易索引信息确定所述第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息;或者,所述第一节点向中继节点发送交易索引信息,接收所述中继节点根据所述交易索引信息反馈的数据的密钥信息。Determining, according to the transaction index information, the first blockchain transaction, the key information of the data is recorded in the first blockchain transaction, and the key of the data is obtained according to the first blockchain transaction Or the first node sends transaction index information to the relay node, and receives key information of the data fed back by the relay node according to the transaction index information.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一节点获得数据信息包括以下任意一种方式:The method according to any one of claims 1-3, wherein the obtaining, by the first node, the data information comprises any one of the following:
    从第一区块链或者第二区块链中获得所述数据信息;Obtaining the data information from the first blockchain or the second blockchain;
    接收第一区块链的任一区块链节点或者第二区块链的任一区块链节点发送的所述数据信息;Receiving the data information sent by any blockchain node of the first blockchain or any blockchain node of the second blockchain;
    接收中继节点或者数据源节点发送的所述数据信息。Receiving the data information sent by the relay node or the data source node.
  5. 根据权利要求1-4任一项所述的方法,其特征在于,所述第一节点获得数据信息包括:The method according to any one of claims 1 to 4, wherein the obtaining, by the first node, the data information comprises:
    所述第一节点获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项,根据所述交易索引信息确定区块链交易,其中,所述区块链交易被记录在第一区块链或第二区块链上,且所述区块链交易中记录有所述数据信息;The first node obtains transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier, and determines a blockchain according to the transaction index information. a transaction, wherein the blockchain transaction is recorded on a first blockchain or a second blockchain, and the data information is recorded in the blockchain transaction;
    或者,or,
    所述第一节点向中继节点发送交易索引信息,接收所述中继节点根据所述交易索引信息发送的数据信息。The first node sends transaction index information to the relay node, and receives data information that is sent by the relay node according to the transaction index information.
  6. 根据权利要求1-5任一项所述的方法,其特征在于,所述第一节点根据所述数据信息得到加密数据包括;The method according to any one of claims 1 to 5, wherein the first node obtains encrypted data according to the data information;
    在所述数据信息为所述加密数据时,所述第一节点从所述数据信息中获得所述加密数据;When the data information is the encrypted data, the first node obtains the encrypted data from the data information;
    或者,or,
    在所述数据信息为所述加密数据的地址信息时,所述第一节点通过所述数据的地址信息查找并得到所述加密数据。When the data information is address information of the encrypted data, the first node searches for and obtains the encrypted data by using the address information of the data.
  7. 根据权利要求1-6任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 6, wherein the method further comprises:
    所述第一节点将获得数据信息和所述数据的密钥信息的事件作为第一交易,记录在一条区块链上;The first node records, as a first transaction, an event of obtaining data information and key information of the data, and is recorded on a blockchain;
    其中,所述第一交易中包括:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash中的一项或多项。The first transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
  8. 根据权利要求1-7任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 7, wherein the method further comprises:
    第一节点接收来自第二节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或多项;The first node receives a request message from the second node, where the request message includes first information, where the first information includes one of a data identifier, a second node identifier, a second node public key, or transaction index information. Multiple
    所述第一节点根据所述数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或者多项获取数据信息和/或数据的密钥信息;The first node acquires key information of the data information and/or the data according to one or more of the data identifier, the second node identifier, the second node public key, or the transaction index information;
    所述第一节点将所述数据信息和/或数据的密钥信息发送给所述第二节点。The first node sends the key information of the data information and/or data to the second node.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,所述方法还包括:The method of any of claims 1-8, wherein the method further comprises:
    第一节点根据物理不可克隆函数PUF技术产生的激励响应来获得第一节点的私钥或者公钥产生源。The first node obtains the private key or public key generation source of the first node according to the excitation response generated by the physical unclonable function PUF technology.
  10. 根据权利要求1-9任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 9, wherein the method further comprises:
    第一节点根据物理不可克隆函数PUF技术产生激励响应,将激励和激励响应的hash中的至少一项作为第一节点的标识信息,以便于所述第一节点的标识信息被记录在区块链上;所述区块链上记录的交易包括以下一项或多项:激励、激励响应的hash、节点标识、产生响应的时间或节点的公钥。The first node generates an excitation response according to the physical unclonable function PUF technology, and uses at least one of the hashes of the excitation and the excitation response as the identification information of the first node, so that the identification information of the first node is recorded in the blockchain. The transaction recorded on the blockchain includes one or more of the following: an incentive, a hash of the stimulus response, a node identifier, a time at which the response was generated, or a public key of the node.
  11. 一种数据传输方法,其特征在于,所述方法包括:A data transmission method, characterized in that the method comprises:
    第一区块链节点根据第一信息获得第一节点请求的数据信息和/或数据的密钥信息,所述第一信息包括数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项;The first block chain node obtains the data information requested by the first node and/or the key information of the data according to the first information, where the first information includes the data identifier, the first node identifier, the public key of the first node, or the transaction index. One or more of the information;
    所述第一区块链节点将所述数据信息和/或所述数据的密钥信息发送给所述第一节点或者中继节点。The first blockchain node sends the data information and/or the key information of the data to the first node or the relay node.
  12. 根据权利要求11所述的方法,其特征在于,第一区块链节点根据所述第一信息获得第一节点请求的数据的密钥信息,包括:The method according to claim 11, wherein the first block chain node obtains key information of the data requested by the first node according to the first information, including:
    所述第一区块链节点接收第一节点或中继节点发送的请求消息,所述请求消息中包括所述第一信息;The first blockchain node receives a request message sent by the first node or the relay node, where the request message includes the first information;
    所述第一区块链节点根据所述第一信息中的数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;The first blockchain node searches for a transaction related to the first information according to one or more of a data identifier, a first node identifier, a first node public key, or transaction index information in the first information. The key information of the data is recorded in the transaction;
    所述第一区块链节点从所述交易的记录中获得所述数据的密钥信息。The first blockchain node obtains key information of the data from a record of the transaction.
  13. 根据权利要求12所述的方法,其特征在于,所述查找与所述第一信息相关的 交易包括:The method of claim 12 wherein said finding a transaction associated with said first information comprises:
    所述第一区块链节点根据所述第一信息和第一标识确定所述交易,所述第一标识包括至少一个区块链节点标识、至少一个区块链节点的交易标识信息或跨链标识中的一项或多项。Determining, by the first blockchain node, the transaction according to the first information and the first identifier, where the first identifier includes at least one blockchain node identifier, transaction identifier information of at least one blockchain node, or a cross-chain One or more of the identifiers.
  14. 根据权利要求11-13任一项所述的方法,其特征在于,所述数据信息包括加密数据或加密数据的地址信息;The method according to any one of claims 11 to 13, wherein the data information comprises address information of encrypted data or encrypted data;
    所述第一区块链节点根据第一信息获得第一节点请求的数据信息,包括:The first blockchain node obtains the data information requested by the first node according to the first information, including:
    所述第一区块链节点接收第二区块链,或中继节点,或数据源节点根据所述数据标识、第一节点标识或交易索引信息中的一项或多项反馈的所述数据信息;The first blockchain node receives the second blockchain, or the relay node, or the data source node returns the data according to one or more of the data identifier, the first node identifier, or the transaction index information. information;
    或者,or,
    所述第一区块链节点在根据所述第一信息确定本地存储有所述数据信息的情况下,获取所述存储的数据信息。The first blockchain node acquires the stored data information if it is determined that the data information is locally stored according to the first information.
  15. 根据权利要求11-14任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 11 to 14, wherein the method further comprises:
    所述第一区块链节点生成交易索引信息,所述交易索引信息用于确定第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项。Transmitting, by the first blockchain node, transaction index information, where the transaction index information is used to determine a first blockchain transaction, wherein the first blockchain transaction records key information of the data, the transaction index The information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
  16. 一种数据传输方法,其特征在于,所述方法包括:A data transmission method, characterized in that the method comprises:
    中继节点接收来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括:数据标识、第一节点标识、第一节点公钥和交易索引信息中的一项或多项;The relay node receives a request message from the first node, where the request message includes first information, where the first information includes: one of a data identifier, a first node identifier, a first node public key, and transaction index information. Or more than one;
    所述中继节点根据所述数据标识、第一节点公钥、第一节点标识或交易索引信息中的一项或者多项获取数据信息和/或数据的密钥信息;The relay node acquires key information of the data information and/or the data according to one or more of the data identifier, the first node public key, the first node identifier, or the transaction index information;
    所述中继节点将所述数据信息和/或数据的密钥信息发送给所述第一节点。The relay node transmits the key information of the data information and/or data to the first node.
  17. 根据权利要求16所述的方法,其特征在于,所述中继节点获取所述数据信息的步骤包括:The method according to claim 16, wherein the step of the relay node acquiring the data information comprises:
    所述中继节点检测所述中继节点是否存储有所述数据信息;The relay node detects whether the relay node stores the data information;
    所述中继节点存储有所述数据信息,从所述中继节点中获取所述数据信息;The relay node stores the data information, and the data information is obtained from the relay node;
    所述中继节点中未存储所述数据信息,从区块链上获取所述数据信息,或者接收区块链节点或数据源节点发送的所述数据信息。The data information is not stored in the relay node, the data information is acquired from the blockchain, or the data information sent by the blockchain node or the data source node is received.
  18. 根据权利要求17所述的方法,其特征在于,在检测所述中继节点是否存储有所述数据信息之前,还包括:The method according to claim 17, wherein before detecting whether the relay node stores the data information, the method further comprises:
    所述中继节点检测是否获取区块链记录的数据的密钥信息;The relay node detects whether to acquire key information of data recorded by the blockchain;
    如果获取所述数据的密钥信息,则确定所述第一节点具有访问权限;If the key information of the data is obtained, determining that the first node has access rights;
    如果未能获取所述数据的密钥信息,则确定所述第一节点不具有访问权限。If the key information of the data is not obtained, it is determined that the first node does not have access rights.
  19. 根据权利要求16-18任一项所述的方法,其特征在于,所述中继节点根据所述数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项获取数据的密钥信息,包括:The method according to any one of claims 16 to 18, wherein the relay node is based on one or more of the data identifier, the first node identifier, the first node public key or the transaction index information. Obtain key information for the data, including:
    所述中继节点根据所述数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥 信息;The relay node searches for a transaction related to the first information according to one or more of the data identifier, the first node identifier, the first node public key, or the transaction index information, where the transaction records Key information of the data;
    如果查找到所述第一信息相关的交易,则从所述交易的记录中获得所述数据的密钥信息;或者,If the transaction related to the first information is found, the key information of the data is obtained from the record of the transaction; or
    如果未查找到所述第一信息相关的交易,则拒绝第一节点的访问请求或者给第一节点回复消息,用于通知拒绝为所述第一节点提供所述密钥信息或者所述数据信息。If the transaction related to the first information is not found, rejecting the access request of the first node or replying to the first node, to notify the refusal to provide the key information or the data information for the first node .
  20. 根据权利要求19所述的方法,其特征在于,所述从所述交易的记录中获得所述数据的密钥信息,包括:The method according to claim 19, wherein said obtaining key information of said data from said record of said transaction comprises:
    所述中继节点向第一区块链节点发送所述请求消息;Sending, by the relay node, the request message to a first blockchain node;
    所述中继节点接收所述第一区块链节点根据所述请求消息反馈的所述数据的密钥信息。The relay node receives key information of the data that is forwarded by the first blockchain node according to the request message.
  21. 根据权利要求16-20任一项所述的方法,其特征在于,所述中继节点根据所述数据标识、第一节点标识、第一节点公钥或交易索引信息中的至少一项获取数据信息和/或数据的密钥信息,包括:The method according to any one of claims 16 to 20, wherein the relay node acquires data according to at least one of the data identifier, the first node identifier, the first node public key or the transaction index information. Key information for information and/or data, including:
    所述中继节点根据第一标识,以及所述数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项获取数据信息和/或数据的密钥信息,The relay node acquires key information of the data information and/or the data according to the first identifier, and one or more of the data identifier, the first node identifier, the first node public key, or the transaction index information,
    所述第一标识包括:至少一个区块链节点标识、至少一个区块链节点的交易标识信息或跨链标识中的一项或多项。The first identifier includes one or more of at least one blockchain node identifier, transaction identifier information of at least one blockchain node, or a cross-chain identifier.
  22. 根据权利要求16-21任一项所述的方法,其特征在于,还包括:The method according to any one of claims 16 to 21, further comprising:
    所述中继节点将发送所述数据信息和/或数据的密钥信息给所述第一节点的事件所为第二交易,记录在区块链上,The relay node sends the key information of the data information and/or data to the event of the first node as a second transaction, which is recorded on the blockchain.
    其中,所述第二交易中包括:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash中的一项或多项。The second transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
  23. 一种数据传输装置,其特征在于,包括:A data transmission device, comprising:
    收发模块,用于获得数据信息和第一区块链上记录的数据的密钥信息;a transceiver module, configured to obtain data information and key information of data recorded on the first blockchain;
    处理模块,用于根据所述收发模块接收的所述数据信息得到加密数据,根据所述收发模块接收的所述数据的密钥信息获得密钥,以及利用所述密钥对所述加密数据进行解密得到数据。a processing module, configured to obtain encrypted data according to the data information received by the transceiver module, obtain a key according to the key information of the data received by the transceiver module, and perform the encrypted data by using the key Decrypt to get the data.
  24. 根据权利要求22所述的装置,其特征在于,The device according to claim 22, wherein
    所述处理模块,具体用于在所述收发模块接收所述数据的密钥信息为所述被加密的数据密钥时,利用私钥对所述被加密的数据密钥进行解密得到所述密钥;或者,在所述收发模块接收所述数据的密钥信息为所述存储被加密的数据密钥的地址信息时,根据所述地址信息获得被加密的数据密钥,以及利用私钥对所述被加密的数据密钥进行解密得到所述密钥。The processing module is specifically configured to: when the key information of the data received by the transceiver module is the encrypted data key, decrypt the encrypted data key by using a private key to obtain the secret Key; or, when the key information of the data received by the transceiver module is the address information of the stored data key, obtaining the encrypted data key according to the address information, and using the private key pair The encrypted data key is decrypted to obtain the key.
  25. 根据权利要求23或24所述的装置,其特征在于,A device according to claim 23 or 24, wherein
    所述收发模块,具体用于获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;The transceiver module is specifically configured to obtain transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier;
    所述处理模块,具体用于根据所述收发模块获取的交易索引信息确定所述第一区 块链交易,所述第一区块链交易中记录所述数据的密钥信息,根据所述第一区块链交易获得所述数据的密钥信息;或者,The processing module is configured to determine, according to the transaction index information acquired by the transceiver module, the first blockchain transaction, where the key information of the data is recorded in the first blockchain transaction, according to the first a blockchain transaction obtains key information of the data; or,
    所述收发模块,用于向中继节点发送所述交易索引信息,以及接收所述中继节点根据所述交易索引信息反馈的所述数据的密钥信息。The transceiver module is configured to send the transaction index information to a relay node, and receive key information of the data that is forwarded by the relay node according to the transaction index information.
  26. 根据权利要求23-25任一项所述的装置,其特征在于,A device according to any of claims 23-25, wherein
    所述收发模块,具体用于从第一区块链或者第二区块链中获得所述数据信息;或者,接收第一区块链的任一区块链节点或者第二区块链的任一区块链节点发送的所述数据信息;或者,接收中继节点或者数据源节点发送的所述数据信息。The transceiver module is specifically configured to obtain the data information from a first blockchain or a second blockchain; or receive any blockchain node or a second blockchain of the first blockchain The data information sent by a blockchain node; or receiving the data information sent by the relay node or the data source node.
  27. 根据权利要求23-26任一项所述的装置,其特征在于,A device according to any one of claims 23-26, wherein
    所述收发模块,具体用于获得交易索引信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项;The transceiver module is specifically configured to obtain transaction index information, where the transaction index information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier;
    所述处理模块,具体用于根据所述收发模块获得的所述交易索引信息确定区块链交易,其中,所述区块链交易被记录在第一区块链或第二区块链上,且所述区块链交易中记录有所述数据信息;The processing module is specifically configured to determine, according to the transaction index information obtained by the transceiver module, a blockchain transaction, where the blockchain transaction is recorded on a first blockchain or a second blockchain, And the data information is recorded in the blockchain transaction;
    或者,or,
    所述收发模块,具体用于向中继节点发送所述交易索引信息,接收所述中继节点根据所述交易索引信息发送的数据信息。The transceiver module is specifically configured to send the transaction index information to a relay node, and receive data information that is sent by the relay node according to the transaction index information.
  28. 根据权利要求23-27任一项所述的装置,其特征在于,所述处理模块,具体用于在所述数据信息为所述加密数据时,从所述数据信息中获得所述加密数据;或者,在所述数据信息为所述加密数据的地址信息时,通过所述数据的地址信息查找并得到所述加密数据。The device according to any one of claims 23 to 27, wherein the processing module is configured to obtain the encrypted data from the data information when the data information is the encrypted data; Alternatively, when the data information is the address information of the encrypted data, the encrypted data is searched for and obtained by the address information of the data.
  29. 根据权利要求23-28任一项所述的网络节点,其特征在于,A network node according to any of claims 23-28, characterized in that
    所述处理模块,还用于将获得数据信息和所述数据的密钥信息的事件作为第一交易,记录在一条区块链上;The processing module is further configured to record, as a first transaction, an event that obtains data information and key information of the data, on a blockchain;
    其中,所述第一交易中包括:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash中的一项或多项。The first transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
  30. 根据权利要求23-29任一项所述的装置,其特征在于,A device according to any one of claims 23-29, wherein
    所述收发模块,还用于接收来自第二节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或多项;The transceiver module is further configured to receive a request message from the second node, where the request message includes first information, where the first information includes a data identifier, a second node identifier, a second node public key, or transaction index information. One or more of them;
    所述处理模块,还用于根据所述数据标识、第二节点标识、第二节点公钥或交易索引信息中的一项或者多项获取数据信息和/或数据的密钥信息;The processing module is further configured to obtain key information of the data information and/or the data according to one or more of the data identifier, the second node identifier, the second node public key, or the transaction index information;
    所述收发模块,还用于将所述数据信息和/或数据的密钥信息发送给所述第二节点。The transceiver module is further configured to send the key information of the data information and/or data to the second node.
  31. 根据权利要求23-30任一项所述的装置,其特征在于,Device according to any of claims 23-30, characterized in that
    所述处理模块,还用于根据物理不可克隆函数PUF技术产生的激励响应来获得第一节点的私钥或者公钥产生源。The processing module is further configured to obtain a private key or a public key generation source of the first node according to an excitation response generated by the physical unclonable function PUF technology.
  32. 根据权利要求23-30任一项所述的装置,其特征在于,Device according to any of claims 23-30, characterized in that
    所述处理模块,还用于根据物理不可克隆函数PUF技术产生激励响应,将激励和激励响应的hash中的至少一项作为第一节点的标识信息,以便于所述第一节点的标识信息被记录在区块链上;所述区块链上记录的交易包括以下一项或多项:激励、激励响应的hash、节点标识、产生响应的时间或节点的公钥。The processing module is further configured to generate an excitation response according to the physical unclonable function PUF technology, and use at least one of the hashes of the excitation and the excitation response as the identification information of the first node, so that the identification information of the first node is Recorded on the blockchain; the transactions recorded on the blockchain include one or more of the following: incentives, hashes of the stimulus response, node identification, time at which the response was generated, or the public key of the node.
  33. 一种数据传输装置,其特征在于,包括:A data transmission device, comprising:
    处理模块,用于通过第一信息获得第一节点请求的数据信息和/或数据的密钥信息,其中,所述第一信息包括:数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项;a processing module, configured to obtain, by using the first information, data information requested by the first node and/or key information of the data, where the first information includes: a data identifier, a first node identifier, a public key of the first node, or One or more of the transaction index information;
    收发模块,用于将所述处理模块获取的所述数据信息和/或数据的密钥信息发送给所述第一节点或者中继节点。And a transceiver module, configured to send the data information and/or key information of the data acquired by the processing module to the first node or the relay node.
  34. 根据权利要求33所述的装置,其特征在于,The device according to claim 33, wherein
    所述收发模块,还用于接收第一节点或中继节点发送的请求消息,所述请求消息中包括所述第一信息;The transceiver module is further configured to receive a request message sent by the first node or the relay node, where the request message includes the first information;
    所述处理模块,具体用于根据所述收发模块接收的所述第一信息中的数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;The processing module is configured to perform, according to one or more of the data identifier, the first node identifier, the first node public key, or the transaction index information in the first information received by the transceiver module, a first information related transaction in which key information of the data is recorded;
    所述收发模块,还用于从所述交易的记录中获得所述数据的密钥信息。The transceiver module is further configured to obtain key information of the data from a record of the transaction.
  35. 根据权利要求34所述的装置,其特征在于,The device of claim 34, wherein
    所述处理模块,具体用于根据所述第一信息和第一标识确定所述交易,所述第一标识包括至少一个区块链节点标识、至少一个区块链节点的交易标识信息或跨链标识中的一项或多项。The processing module is specifically configured to determine the transaction according to the first information and the first identifier, where the first identifier includes at least one blockchain node identifier, transaction identifier information of at least one blockchain node, or a cross-chain One or more of the identifiers.
  36. 根据权利要求33-35任一项所述的装置,其特征在于,A device according to any of claims 33-35, characterized in that
    所述收发模块,具体用于接收第二区块链,或中继节点,或数据源节点根据所述数据标识、第一节点标识或交易索引信息中的一项或多项反馈的所述数据信息;或者用于在根据所述第一信息确定本地存储有所述数据信息的情况下,获取所述存储的数据信息;所述数据信息包括加密数据或加密数据的地址信息。The transceiver module is specifically configured to receive the second blockchain, or the relay node, or the data source node, according to one or more of the data identifier, the first node identifier, or the transaction index information. Information; or for obtaining the stored data information if it is determined that the data information is locally stored according to the first information; the data information includes address information of the encrypted data or the encrypted data.
  37. 根据权利要求33-36任一项所述的装置,其特征在于,A device according to any of claims 33-36, characterized in that
    所述处理模块,还用于生成交易索引信息,所述交易索引信息用于确定第一区块链交易,所述第一区块链交易中记录所述数据的密钥信息,所述交易索引信息包括区块号、区块高度、交易索引号或区块链标识中的一项或多项。The processing module is further configured to generate transaction index information, where the transaction index information is used to determine a first blockchain transaction, wherein the first blockchain transaction records key information of the data, and the transaction index The information includes one or more of a block number, a block height, a transaction index number, or a blockchain identifier.
  38. 一种数据传输装置,其特征在于,包括:A data transmission device, comprising:
    收发模块,用于接收来自第一节点的请求消息,所述请求消息中包括第一信息,所述第一信息包括数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项;a transceiver module, configured to receive a request message from the first node, where the request message includes first information, where the first information includes one of a data identifier, a first node identifier, a first node public key, or transaction index information. Item or items;
    处理模块,用于根据收发模块获得的所述数据标识、第一节点标识、第一节点公钥或交易索引信息中的一项或多项获取数据信息和/或数据的密钥信息;a processing module, configured to obtain key information of the data information and/or the data according to one or more of the data identifier, the first node identifier, the first node public key, or the transaction index information obtained by the transceiver module;
    所述收发模块,还用于将所述处理模块获取所述数据信息和/或数据的密钥信息发送给所述第一节点。The transceiver module is further configured to send the key information that the processing module acquires the data information and/or data to the first node.
  39. 根据权利要求38所述的装置,其特征在于,The device of claim 38, wherein
    所述处理模块,还用于检测所述中继节点是否存储有所述数据信息;The processing module is further configured to detect whether the relay node stores the data information;
    所述收发模块,具体用于在所述处理模块检测出存储有所述数据信息时,从所述数据库中获取所述数据信息;在所述处理模块检测出未存储所述数据信息时,从区块链上获取所述数据信息,或者接收区块链节点或数据源节点发送的所述数据信息。The transceiver module is configured to: when the processing module detects that the data information is stored, acquire the data information from the database; when the processing module detects that the data information is not stored, The data information is obtained on the blockchain, or the data information sent by the blockchain node or the data source node is received.
  40. 根据权利要求39所述的装置,其特征在于,The device of claim 39, wherein
    所述处理模块,还用于检测是否获取区块链记录的数据的密钥信息,如果获取所述数据的密钥信息,则确定所述第一节点具有访问权限,否则,不具有所述访问权限。The processing module is further configured to: detect whether to obtain key information of data recorded by the blockchain, and if the key information of the data is obtained, determine that the first node has access authority; otherwise, the access is not Permissions.
  41. 根据权利要求38-40任一项所述的装置,其特征在于,A device according to any of claims 38-40, wherein
    所述处理模块,具体用于根据所述数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项查找与所述第一信息相关的交易,所述交易中记录有所述数据的密钥信息;The processing module is configured to search for a transaction related to the first information according to one or more of the data identifier, the first node identifier, the public key of the first node, or the transaction index information, where the transaction The key information of the data is recorded therein;
    所述处理模块,具体用于在查找到所述第一信息相关的交易的情况下,从所述交易的记录中获得所述数据的密钥信息;在未查找到所述第一信息相关的交易的情况下,拒绝第一节点的访问请求或者给第一节点回复消息,用于通知拒绝为所述第一节点提供所述密钥信息或者所述数据信息。The processing module is specifically configured to: obtain, by using the record of the transaction, key information of the data in the case that the first information related transaction is found; if the first information is not found, In the case of a transaction, the access request of the first node is rejected or a message is sent to the first node for notifying the denial of providing the key information or the data information for the first node.
  42. 根据权利要求41所述的装置,其特征在于,The device according to claim 41, wherein
    所述收发模块,具体用于向第一区块链节点发送所述请求消息,以及接收所述第一区块链节点根据所述请求消息反馈的所述数据的密钥信息。The transceiver module is configured to send the request message to a first blockchain node, and receive key information of the data that is sent by the first blockchain node according to the request message.
  43. 根据权利要求38-42任一项所述的装置,其特征在于,Apparatus according to any of claims 38-42, wherein
    所述处理模块,具体用于根据第一标识,以及所述数据标识、第一节点标识、第一节点的公钥或交易索引信息中的一项或多项获取数据信息和/或数据的密钥信息,The processing module is configured to acquire data information and/or data confidentiality according to the first identifier, and one or more of the data identifier, the first node identifier, the public key of the first node, or the transaction index information. Key information,
    所述第一标识包括:至少一个区块链节点标识、至少一个区块链节点的交易标识信息或跨链标识中的一项或多项。The first identifier includes one or more of at least one blockchain node identifier, transaction identifier information of at least one blockchain node, or a cross-chain identifier.
  44. 根据权利要求38-43所述的装置,其特征在于,Device according to claims 38-43, characterized in that
    所述处理模块,还用于将发送所述数据信息和/或数据的密钥信息给所述第一节点的事件所为第二交易,记录在区块链上,The processing module is further configured to: send the key information that sends the data information and/or data to the first node as a second transaction, and record the data on the blockchain.
    其中,所述第二交易中包括:数据标识、第一节点标识、第一节点的公钥、访问数据的时间、区块链节点标识、区块链节点的交易标识信息、交易索引信息、跨链标识、数据的哈希hash、数据信息hash、加密数据的地址信息hash或数据的密钥信息hash中的一项或多项。The second transaction includes: a data identifier, a first node identifier, a public key of the first node, a time of accessing the data, a blockchain node identifier, a transaction identifier information of the blockchain node, a transaction index information, and a cross One or more of the chain identifier, the hash hash of the data, the data information hash, the address information hash of the encrypted data, or the key information hash of the data.
  45. 一种计算机可读存储介质,其特征在于,包括指令,当其在计算机上运行时,使得计算机执行如权利要求1至10中任一项所述的方法,或使得计算机执行如权利要求11至15中任一项所述的方法,或使得计算机执行如权利要求16至22中任一项所述的方法。A computer readable storage medium, comprising instructions, when executed on a computer, causing a computer to perform the method of any one of claims 1 to 10, or causing a computer to perform as claimed in claim 11 The method of any of the preceding claims, wherein the computer is caused to perform the method of any one of claims 16 to 22.
  46. 一种计算机程序产品,其特征在于,当其在计算机上运行时,使得计算机执行如权利要求1至10中任一项所述的方法,或使得计算机执行如权利要求11至15中任一项所述的方法,或使得计算机执行如权利要求16至22中任一项所述的方法。A computer program product, characterized in that, when it is run on a computer, causing a computer to perform the method of any one of claims 1 to 10, or causing a computer to perform any of claims 11 to 15 The method, or causing a computer to perform the method of any one of claims 16 to 22.
PCT/CN2018/103046 2018-02-13 2018-08-29 Data transmission method and device and network node WO2019157810A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810151008.6A CN110166411B (en) 2018-02-13 2018-02-13 Data transmission method, device and network node
CN201810151008.6 2018-02-13

Publications (1)

Publication Number Publication Date
WO2019157810A1 true WO2019157810A1 (en) 2019-08-22

Family

ID=67618499

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/103046 WO2019157810A1 (en) 2018-02-13 2018-08-29 Data transmission method and device and network node

Country Status (2)

Country Link
CN (1) CN110166411B (en)
WO (1) WO2019157810A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110516474A (en) * 2019-08-27 2019-11-29 腾讯科技(深圳)有限公司 User information processing method, device, electronic equipment and storage medium in block chain network
CN110751475A (en) * 2019-10-24 2020-02-04 杭州趣链科技有限公司 Cross-chain method, system, equipment and storage medium for blockchain transaction
CN111448565A (en) * 2020-02-14 2020-07-24 支付宝(杭州)信息技术有限公司 Data authorization based on decentralized identity
WO2021034264A1 (en) * 2019-08-22 2021-02-25 Quantumciel Pte. Ltd. Device, system and method for providing information security
CN112528334A (en) * 2020-12-16 2021-03-19 平安普惠企业管理有限公司 Data acquisition method and device based on block chain network and computer equipment
CN112749969A (en) * 2020-11-16 2021-05-04 腾讯科技(深圳)有限公司 Data processing method and device, computer equipment and storage medium
CN112866222A (en) * 2021-01-11 2021-05-28 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN113486393A (en) * 2021-06-16 2021-10-08 中国联合网络通信集团有限公司 Block chain-based personal information sharing method, node, device and storage medium
US11372848B2 (en) * 2020-07-03 2022-06-28 Alipay Labs (singapore) Pte. Ltd. Managing transactions in multiple blockchain networks
CN115049493A (en) * 2022-06-29 2022-09-13 北京知帆科技有限公司 Block chain data tracking method and device and electronic equipment
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572460B (en) * 2019-09-11 2021-05-14 腾讯科技(深圳)有限公司 Data transmission method and device based on block chain system and computer equipment
CN111800373B (en) * 2019-09-27 2022-08-12 北京京东尚科信息技术有限公司 Data access method and device based on attribute-based encryption block chain
CN110868292B (en) * 2019-12-03 2021-12-14 湖南国奥电力设备有限公司 Underground cable data transmission method and device based on block chain
CN111131254B (en) * 2019-12-25 2022-04-15 中国联合网络通信集团有限公司 File processing method, block chain node, block chain and storage medium
CN111327591A (en) * 2020-01-19 2020-06-23 广州得众信息技术有限公司 Data transmission method, system and storage medium based on block chain
CN111552215B (en) * 2020-05-22 2022-02-11 中国联合网络通信集团有限公司 Internet of things equipment safety protection method and system
CN111859465A (en) * 2020-06-29 2020-10-30 交控科技股份有限公司 Block chain-based distributed intelligent operation and maintenance system for rail transit and operation method thereof
CN112423302B (en) * 2020-12-02 2024-01-09 中国联合网络通信集团有限公司 Wireless network access method, terminal and wireless access equipment
CN112702337A (en) * 2020-12-22 2021-04-23 平安科技(深圳)有限公司 Authorization processing method and device for block node data and computer equipment
CN113761530A (en) * 2021-03-09 2021-12-07 北京沃东天骏信息技术有限公司 Data providing method, device and system
CN112995211B (en) * 2021-04-21 2021-07-23 腾讯科技(深圳)有限公司 Data processing method, device and equipment based on block chain network and storage medium
CN113132944B (en) * 2021-04-22 2023-10-20 上海银基信息安全技术股份有限公司 Multi-path secure communication method, device, vehicle end, equipment end and medium
CN113379542B (en) * 2021-05-28 2024-01-09 中邮信息科技(北京)有限公司 Block chain transaction query method, device, medium and electronic equipment
CN115696271B (en) * 2021-07-27 2024-06-07 中国电信股份有限公司 Proximity service network, data transmission method and storage medium
CN113570479B (en) * 2021-08-03 2023-12-12 贝壳找房(北京)科技有限公司 Block chain transmission method, system and storage medium for real estate transaction data
CN114095499B (en) * 2021-11-05 2024-09-10 支付宝(杭州)信息技术有限公司 Neutral verification method and device for block chain relay communication network
CN114338807B (en) * 2021-12-30 2023-12-22 紫光云(南京)数字技术有限公司 Message ordering mechanism under host computer overlay
CN117997538B (en) * 2024-04-03 2024-06-11 江苏元信网安科技有限公司 Stream media encryption and decryption system and method based on PUF technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789920A (en) * 2016-11-25 2017-05-31 深圳前海微众银行股份有限公司 The joint connecting method and device of block chain
CN107248994A (en) * 2017-06-26 2017-10-13 联动优势科技有限公司 A kind of method for sending information, processing method and processing device
CN107332658A (en) * 2017-08-11 2017-11-07 浙江赛佳控股有限公司 Interface realizing method and device based on chain type block chain technology
CN107493162A (en) * 2017-07-25 2017-12-19 中国联合网络通信集团有限公司 The implementation method and device of block chain node
WO2018024061A1 (en) * 2016-08-02 2018-02-08 华为技术有限公司 Method, device and system for licensing shared digital content

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340267B (en) * 2007-07-03 2015-05-13 财团法人工业技术研究院 Transmission control methods and devices for communication systems
CN102118869B (en) * 2010-01-05 2015-01-21 财团法人工业技术研究院 System and method for data relay transmission
US9853819B2 (en) * 2013-08-05 2017-12-26 Guardtime Ip Holdings Ltd. Blockchain-supported, node ID-augmented digital record signature method
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107579951B (en) * 2017-07-14 2020-06-19 创新先进技术有限公司 Service data processing method, service processing method and equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018024061A1 (en) * 2016-08-02 2018-02-08 华为技术有限公司 Method, device and system for licensing shared digital content
CN106789920A (en) * 2016-11-25 2017-05-31 深圳前海微众银行股份有限公司 The joint connecting method and device of block chain
CN107248994A (en) * 2017-06-26 2017-10-13 联动优势科技有限公司 A kind of method for sending information, processing method and processing device
CN107493162A (en) * 2017-07-25 2017-12-19 中国联合网络通信集团有限公司 The implementation method and device of block chain node
CN107332658A (en) * 2017-08-11 2017-11-07 浙江赛佳控股有限公司 Interface realizing method and device based on chain type block chain technology

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021034264A1 (en) * 2019-08-22 2021-02-25 Quantumciel Pte. Ltd. Device, system and method for providing information security
CN110516474A (en) * 2019-08-27 2019-11-29 腾讯科技(深圳)有限公司 User information processing method, device, electronic equipment and storage medium in block chain network
CN110751475A (en) * 2019-10-24 2020-02-04 杭州趣链科技有限公司 Cross-chain method, system, equipment and storage medium for blockchain transaction
CN111448565A (en) * 2020-02-14 2020-07-24 支付宝(杭州)信息技术有限公司 Data authorization based on decentralized identity
CN111448565B (en) * 2020-02-14 2024-04-05 支付宝(杭州)信息技术有限公司 Data authorization based on decentralised identification
US11372848B2 (en) * 2020-07-03 2022-06-28 Alipay Labs (singapore) Pte. Ltd. Managing transactions in multiple blockchain networks
CN112749969A (en) * 2020-11-16 2021-05-04 腾讯科技(深圳)有限公司 Data processing method and device, computer equipment and storage medium
CN112528334B (en) * 2020-12-16 2024-01-23 海南博盈电子竞技有限公司 Data acquisition method and device based on blockchain network and computer equipment
CN112528334A (en) * 2020-12-16 2021-03-19 平安普惠企业管理有限公司 Data acquisition method and device based on block chain network and computer equipment
CN112866222A (en) * 2021-01-11 2021-05-28 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN112866222B (en) * 2021-01-11 2023-04-18 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN113486393A (en) * 2021-06-16 2021-10-08 中国联合网络通信集团有限公司 Block chain-based personal information sharing method, node, device and storage medium
CN115049493A (en) * 2022-06-29 2022-09-13 北京知帆科技有限公司 Block chain data tracking method and device and electronic equipment
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link
CN115776389B (en) * 2022-11-01 2023-11-07 龙应斌 Anti-theft data security access method and system based on trusted authentication link

Also Published As

Publication number Publication date
CN110166411B (en) 2022-05-06
CN110166411A (en) 2019-08-23

Similar Documents

Publication Publication Date Title
WO2019157810A1 (en) Data transmission method and device and network node
KR102503515B1 (en) Method and apparatus for controlling data access authority
US10523707B2 (en) Secure transport channel using multiple cipher suites
US11159307B2 (en) Ad-hoc trusted groups on a blockchain
US11038682B2 (en) Communication method, apparatus and system, electronic device, and computer readable storage medium
KR102116399B1 (en) Content security at the service layer
CN106664561B (en) System and method for securing pre-association service discovery
KR101730459B1 (en) Identity management with local functionality
Jiang et al. User centric three‐factor authentication protocol for cloud‐assisted wearable devices
CN109413645B (en) Method and device for access authentication
CN111797415A (en) Block chain based data sharing method, electronic device and storage medium
KR20200034728A (en) Computer-implemented system and method to enable secure storage of large-scale blockchain through multiple storage nodes
JP2023504535A (en) Identity (ID) based public key generation protocol
CN117396869A (en) System and method for secure key management using distributed ledger techniques
WO2023065969A1 (en) Access control method, apparatus, and system
Hasan et al. WORAL: A witness oriented secure location provenance framework for mobile devices
Kumar et al. Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks
Ma NFC Communications-based Mutual Authentication Scheme for the Internet of Things.
KR102271201B1 (en) Method for maintaining private information on blockchain network and device thereof
Rathore et al. Simple, secure, efficient, lightweight and token based protocol for mutual authentication in wireless sensor networks
Gao et al. Bc-aka: Blockchain based asymmetric authentication and key agreement protocol for distributed 5g core network
CN114866244B (en) Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption
Lu et al. A novel smart card based user authentication and key agreement scheme for heterogeneous wireless sensor networks
Yan et al. Power blockchain guarantee mechanism based on trusted computing
Omori et al. Extended inter-device digital rights sharing and transfer based on device-owner equality verification using homomorphic encryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18906161

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18906161

Country of ref document: EP

Kind code of ref document: A1