CN119848005A

CN119848005A - Block chain-based data sharing method, device, medium and electronic equipment

Info

Publication number: CN119848005A
Application number: CN202311337529.8A
Authority: CN
Inventors: 阮泽鑫
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2023-10-16
Filing date: 2023-10-16
Publication date: 2025-04-18

Abstract

The embodiment of the present application provides a data sharing method, device, computer-readable medium and electronic device based on blockchain, the method comprising: storing the data use application task information of the target data user in the blockchain, the data use application task information including data source information, data encryption public key and data receiving purpose information; obtaining the data use application task information from the blockchain through the event center, and sending an approval request to the target data provider corresponding to the data source information; obtaining the approval result, and storing the approval result in the blockchain; obtaining the approval result of the subscription from the blockchain through the event center, if it is determined that the data use application task information has passed the approval, then pulling data from the data source corresponding to the data source information, after encrypting the data based on the data encryption public key, pushing the encrypted data to the location corresponding to the data receiving purpose information. The embodiment of the present application can make the data sharing process safer and traceable.

Description

Block chain-based data sharing method, device, medium and electronic equipment

Technical Field

The present application relates to the field of blockchain technologies, and in particular, to a blockchain-based data sharing method, a blockchain-based data sharing device, a computer-readable medium, and an electronic device.

Background

With the development of big data and artificial intelligence technology, management and sharing of data have become important functions to be implemented by the internet infrastructure.

Therefore, a secure and traceable data sharing method is needed.

Disclosure of Invention

The embodiment of the application provides a data sharing method and device based on a blockchain, a computer readable medium and electronic equipment, and further can make a data sharing process safer and traceable at least to a certain extent.

Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application.

According to one aspect of the embodiment of the application, a data sharing method based on a blockchain is provided, and the method comprises the steps of obtaining data use application task information from a target data use party, storing the data use application task information into the blockchain, obtaining subscribed data use application task information from the blockchain through an event center, sending an approval request corresponding to data source information in the data use application task information to a target data provider, conducting approval by the target data provider, obtaining approval results returned by the target data provider, storing the approval results into the blockchain, obtaining subscribed approval results from the blockchain through the event center, if the event center determines that the data use application task information passes the approval according to the approval results, pulling data corresponding to the data source information from the data source information, conducting encryption on the encrypted data corresponding to the data, and pushing the encrypted data.

According to one aspect of the embodiment of the application, a data sharing device based on a blockchain is provided, and the device comprises an acquisition unit, a subscription and approval unit, and a data transmission unit, wherein the acquisition unit is used for acquiring data application task information subscribed from the blockchain through an event center, sending an approval request corresponding to the data source information in the data application task information to a target data provider, so as to approve the data application task information by the target data provider, and acquiring and storing an approval result returned by the target data provider, and storing the approval result into the blockchain, the subscription and approval unit is used for acquiring the subscribed data application task information from the blockchain through the event center, sending an approval result corresponding to the data source information to an approval center, and encrypting data according to the data application result obtained by the event center after the application center, and encrypting data according to the data application result and the approval result after the application key is received from the data.

In some embodiments of the present application, based on the foregoing, the data source information includes database information, the data usage application task information further includes field information, and the subscription and push unit is configured to pull data corresponding to the field information from a database corresponding to the data source information according to the field information.

In some embodiments of the present application, based on the foregoing scheme, the apparatus further includes a data publishing unit, where the data publishing unit is configured to obtain data source related information from the target data provider, where the data source related information includes metadata information related to a database, and store the metadata information into a blockchain before obtaining the data usage application task information from the target data consumer.

In some embodiments of the present application, based on the foregoing, the data source related information further includes database login related information, and the apparatus further includes an encryption unit, where after obtaining the data source related information from the target data provider, the encryption unit is configured to encrypt the database login related information and store an encryption result locally, and the subscription and push unit is configured to decrypt the encryption result to obtain the database login related information, access a database corresponding to the data source information according to the database login related information, and pull data from the database.

In some embodiments of the present application, based on the foregoing solutions, the subscription and push unit is configured to mark the data usage application task information as authorized if the event center determines that the data usage application task information passes the approval according to the approval result, and pull data from a data source corresponding to the data source information according to the data usage application task information marked as authorized.

In some embodiments of the application, based on the foregoing, the apparatus further comprises a decryption tool providing unit for receiving a decryption tool download request from the target data user after pushing the encrypted data to the location corresponding to the data reception destination information, and returning a decryption tool to the target data user according to the decryption tool download request so that the target data user decrypts the encrypted data based on a data decryption private key paired with the data encryption public key and the decryption tool after pulling the encrypted data from the location corresponding to the data reception destination information.

In some embodiments of the application, based on the foregoing, the apparatus has a target console including the event center, the target console being one of a plurality of consoles, each of the plurality of consoles being bound with a dedicated data consumer and data provider.

In some embodiments of the present application, based on the foregoing solution, the subscription and approval unit is configured to send an approval request corresponding to the data usage application task information to a target data provider corresponding to the data source information in the data usage application task information if the target data provider corresponding to the data usage application task information is the data provider bound by the target console.

In some embodiments of the application, the database login related information comprises at least one of a database login IP address, a login account and a password based on the scheme.

According to an aspect of an embodiment of the present application, there is provided a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a blockchain-based data sharing method as described in the above embodiments.

According to an aspect of an embodiment of the present application, there is provided an electronic device including one or more processors, and a storage device for storing one or more computer programs, which when executed by the one or more processors, cause the one or more processors to implement the blockchain-based data sharing method as described in the above embodiment.

According to an aspect of an embodiment of the present application, there is provided a computer program product including computer instructions stored in a computer-readable storage medium, from which a processor of an electronic device reads the computer instructions, the processor executing the computer instructions, causing the electronic device to perform the blockchain-based data sharing method as described in the above embodiment.

According to the technical scheme provided by the embodiments of the application, data use application task information sent by a target data user is firstly obtained through a target management and control console and is stored in a blockchain, then at least one data use application task information comprising the data use application task information is obtained through subscription operation of information in the blockchain by an event center of the target management and control console, an approval request is sent to a target data provider corresponding to data source information in the data use application task information, then an approval result is stored in the blockchain when the target management and control console receives the approval result, finally the approval result is obtained through subscription operation of the information in the blockchain by the event center of the target management and control console, and data encryption and migration can be carried out based on the data use application task information under the condition that the approval is passed, so that data sharing is realized. According to the embodiment of the application, important information related to the data sharing process such as the task information of the data use application, the approval result and the like is stored in the blockchain, so that the data sharing is realized in a decentralization mode, the whole trace of the data sharing process in the blockchain is realized, the trace can be conveniently traced, the data sharing is safer, the credibility of the data sharing is improved, and meanwhile, the data applied by the data user can be encrypted by utilizing the data encryption public key provided by the data user, and the safety of the data sharing is further improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is evident that the drawings in the following description are only some embodiments of the present application and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:

FIG. 1 shows a schematic diagram of an exemplary system architecture to which the technical solution of an embodiment of the application may be applied;

FIG. 2 illustrates a flow diagram of a blockchain-based data sharing method in accordance with an embodiment of the present application;

FIG. 3 shows a schematic diagram according to an embodiment of the application;

FIG. 4 shows a flowchart of the steps preceding step 240 in the embodiment of FIG. 2, according to one embodiment of the application;

FIG. 5A shows a schematic diagram of a first portion of a timing diagram according to one embodiment of the application;

FIG. 5B shows a schematic diagram of a second portion of a timing diagram according to one embodiment of the application;

FIG. 6 shows a presentation interface diagram of metadata information according to one embodiment of the application;

FIG. 7 shows a flowchart of the details of steps following step 210 and step 270 in the embodiment of FIG. 4, according to one embodiment of the application;

FIG. 8 shows a flowchart of details of step 250 in the embodiment of FIG. 2, according to one embodiment of the application;

FIG. 9 shows a flowchart of details of step 270 in the embodiment of FIG. 2, according to one embodiment of the application;

FIG. 10 shows a flowchart of steps subsequent to step 270 in the embodiment of FIG. 2, in accordance with one embodiment of the present application;

FIG. 11 illustrates a block diagram of a blockchain-based data sharing device in accordance with an embodiment of the present application;

Fig. 12 shows a schematic diagram of a computer system suitable for use in implementing an embodiment of the application.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many different forms and should not be construed as limited to the examples set forth herein, but rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art.

Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.

The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.

The data sharing modes adopted in the related art mainly include the following two modes:

1. The data provider stores the provided data in the database, and then directly provides the login mode of the database to the data user, and the data can be read without limitation after the database user logs in the database.

2. The data provider provides an interface for the user to query.

However, the above related art has the following drawbacks as apparent:

1. The data cannot be used in fine granularity.

2. The application and use processes have no trace on the blockchain in a trusted and safe way, and are inconvenient to trace back.

3. If the data provider provides an interface for users to query, the provider needs to develop a customized interface.

4. There is no authorization procedure or point-to-point centric authorization.

For this purpose, the application firstly provides a data sharing method based on block chain. The data sharing method based on the block chain provided by the embodiment of the application can overcome the defects, not only does not need to develop a customized interface, but also can mark the whole data sharing process on the block chain, improves traceability and can realize fine-granularity data sharing, namely the data sharing method based on the block chain provided by the embodiment of the application realizes reliable and safe sharing of data between a data provider and a data consumer based on the block chain technology.

Fig. 1 shows a schematic diagram of an exemplary system architecture to which the technical solution of an embodiment of the present application may be applied. As shown in fig. 1, the system architecture 100 may include a first user terminal 110, a second user terminal 120, a blockchain network 130, a console server 140, a first database server 150, and a second database server 160, where the blockchain network 130 includes a plurality of blockchain nodes, and specifically may include a first blockchain node 131, a second blockchain node 132, a third blockchain node 133, a fourth blockchain node 134, and a fifth blockchain node 135, where the first user terminal 110, the first database server 150, and the console server 140 are connected two by a communication link, and the second user terminal 120, The second database server 160 and the console server 140 are connected by a communication link, the console server 140 and the blockchain network 130 are also connected by a communication link, communication connection is also established between any two blockchain nodes in the blockchain network 130, each blockchain link point of the blockchain network 130 stores a blockchain, a console is deployed on the console server 140 and is provided with an event center module, a console client capable of accessing the console is deployed on both the first user terminal 110 and the second user terminal 120, a first database capable of being accessed by the first user terminal 110 is deployed on the first database server 150, and a second database capable of being accessed by the second user terminal 120 is deployed on the second database server 160. When a block chain-based data sharing method provided by the embodiment of the present application is applied to a system architecture shown in fig. 1, a procedure may be that, first, a user of the second user terminal 120 adds shared data to a second database on the second database server 160 as data providing means, then, a user of the second user terminal 120 uses a second console client on the second user terminal 120 to send data source related information to a console on the console server 140 for data publishing, then, the console sends at least a part of the data source related information to a block chain node of the block chain network 130, so that the block chain node stores at least a part of the data source related information in the block chain, then, if a user of the first user terminal 110 needs to use data provided by the data provider, the user of the first user terminal 110 uses the first console client on the first user terminal 110 as data providing means to request a task from the data application center, the user terminal requests a request from the data center to request a task, then, the user terminal requests a block chain from the data center to send a request to the data center, the user terminal has requested from the data center to a request for a task, and then, the block chain has been applied for a request from the user terminal to a request for a task from the data center to send all the data source related information to the block chain, and then, the block chain has been stored in the block chain link chain 130, the event center module receives the corresponding approval results and stores the approval results in the blockchain, then, the event center module of the management console receives the approval results because the event center module of the management console has subscribed to all the approval results in the blockchain, and then, under the condition that the event center module determines that the approval passes according to the approval results, the management console obtains corresponding data use application task information from the blockchain, pulls data from a second database on the second database server 160 according to the data use application task information, and pushes the pulled data to a first database of the first database server 150 which can be accessed by the first user terminal 110.

In some embodiments of the present application, users are bound to consoles, each user only having access to the console to which they are bound, and both the user of the first user terminal 110 and the user of the second user terminal 120 are bound to the console on the console server 140.

In some embodiments of the present application, the console on console server 140 is one of a plurality of consoles.

In some embodiments of the present application, the blockchain network 130 pushes the latest uplink data usage application task information in the blockchain to all event center modules of the console that have subscribed to the data usage application task information.

In some embodiments of the present application, the blockchain network 130 pushes the latest uplink approval results in the blockchain to all event center modules of the consoles that have subscribed to the approval results.

It should be understood that the number of console servers in fig. 1, the number of user terminals to which the console servers are connected, the number of database servers to which each user terminal corresponds, and the number of blockchain nodes in the blockchain network are merely illustrative. According to the implementation requirement, the system can have any number of console servers, the number of user terminals connected with each console server can also be any number, the number of database servers corresponding to each user terminal and the number of blockchain nodes in the blockchain network can also be any, namely, the number of console servers and the number of database servers corresponding to each user terminal can be more than two, and the number of blockchain nodes in the blockchain network can be more than 5 and can be lower than 5.

It should be noted that fig. 1 shows only one embodiment of the present application. Although in the solution of the embodiment of fig. 1, the blockchain node in the blockchain network is a server, the console operates on the server, and the user terminal is a desktop computer, in other embodiments of the present application, the blockchain node, the operation device of the console, and the user terminal may also be various types of electronic devices such as a smart phone, a notebook computer, a desktop computer, a tablet computer, a vehicle-mounted terminal, an aircraft, a portable wearable device, a workstation, a smart sound box, a smart watch, and a smart home appliance; although in the solution of the embodiment of fig. 1 the device types of the blockchain nodes in the blockchain network are the same, in other embodiments of the application the blockchain nodes in the blockchain network may employ different types of electronic devices, while in the solution of the embodiment of fig. 1 each of the consoles has only one event center module, in other embodiments of the application each of the consoles may have multiple event center modules, while in the solution of the embodiment of fig. 1 the data usage application task information and approval results are pushed by the blockchain network to the consoles, in other embodiments of the application the consoles may also monitor the blockchain network and actively obtain relevant information from the blockchain, while in the solution of the embodiment of fig. 1 the data usage and data providers belong to the same console, in other embodiments of the application the data usage and data providers may also belong to different consoles, while in the solution of the embodiment of fig. 1 the application the data providers share in other embodiments of the application the database, various other types of data, such as files, may also be shared. The embodiments of the present application should not be limited in any way, nor should the scope of the application be limited in any way.

It is easy to understand that the data sharing method based on the blockchain provided by the embodiment of the application is generally executed by a server, and accordingly, the data sharing device based on the blockchain is generally arranged in the server. However, in other embodiments of the present application, the user terminal may also have a similar function as the server, so as to perform the blockchain-based data sharing scheme provided by the embodiments of the present application.

Therefore, the embodiment of the application can be applied to the user terminal or the server. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligent platforms. The user terminal and the server may be directly or indirectly connected through wired or wireless communication, and the present application is not limited herein.

The scheme of the embodiment of the application can be applied to the field of block chain. Blockchains are novel application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.

The blockchain underlying platform may include processing modules for user management, basic services, smart contracts, and operational monitoring. The system comprises a user management module, a base service module, a public and private key generation (account management), a key management and a corresponding relation maintenance (authority management) of a user real identity and a blockchain address, and the like, wherein the user management module is responsible for identity information management of all blockchain participants, comprises maintenance of public and private key generation (account management), key management, maintenance of a corresponding relation between the user real identity and the blockchain address (authority management) and the like, and provides rule configuration (wind control audit) of risk control under the authorized condition, the base service module is deployed on all blockchain node devices and is used for verifying the validity of service requests, recording the valid requests after the valid requests are completed, for a new service request, the base service firstly carries out interface adaptation analysis and authentication processing (interface adaptation), then carries out encryption (consensus management) on the service information, and carries out recording and storage on a shared account book (network communication) after the encryption, the intelligent contract module is responsible for registration issuing of contracts and contract triggering and contract execution, developers can define contract logic through programming languages, issue contract logic on the blockchain (contract registering), call keys or other event triggering execution according to contract logic, and complete contract logic, and provide updating and upgrading main function monitoring and main contract updating function, and monitoring device in real-time monitoring and monitoring conditions in a cloud monitoring and monitoring device.

The platform product service layer provides basic capabilities and implementation frameworks of typical applications, and developers can complete the blockchain implementation of business logic based on the basic capabilities and the characteristics of the superposition business. The application service layer provides the application service based on the block chain scheme to the business participants for use.

The implementation details of the technical scheme of the embodiment of the application are described in detail below:

Fig. 2 illustrates a flow diagram of a blockchain-based data sharing method that may be performed by various computing and processing-capable electronic devices, such as a user terminal or a server, in accordance with an embodiment of the present application. The blockchain-based data sharing method may be specifically executed by a target console including an event center on the electronic devices, as shown in fig. 2, and includes at least the following steps:

In step 240, data usage application task information from the target data consumer is obtained, and the data usage application task information is stored in the blockchain, wherein the data usage application task information includes data source information and data encryption public key and data receiving destination information of the data consumer.

Before describing step 240, first, the architecture principles of the embodiments of the present application are described. Fig. 3 shows a schematic diagram according to an embodiment of the application. Referring to fig. 3, there are shown 4 rounded rectangular dashed boxes, each representing an organization, each organization having one BCC (Blockchain Confidential Computing, blockchain trusted computing) console, each BCC console having several users belonging to the BCC console, and thus, for each BCC console, the users belonging to the BCC console, i.e. the organization to which the BCC console belongs. Each BCC console is only accessible by users dedicated to that BCC console. The institution may be a variety of entities such as hospitals, schools, and the like. The same person may become a user of a different institution or BCC console. Each user may be in the role of a data source provider or a data consumer. The same user may be either a data source provider or a data consumer. Each console of each organization in fig. 3 is collocated with a database (such as Mysql) and a cache service (such as Redis), and the data of the database and the cache service are derived from the blockchain, are subscribed and synchronized from the blockchain to the local database, and are loaded into the cache service when the local database is queried, which has the effects of accelerating the query and providing the multi-dimensional, complex query and fuzzy query. This approach is used because the performance of queries directly on the blockchain is not high and the implementation of smart contracts can be very complex to achieve the same result. FIG. 3 also shows a blockchain network, where a blockchain link point includes a plurality of blockchain nodes, where any two blockchain nodes in the blockchain network can communicate with each other, and each BCC console can communicate with one or more blockchain nodes in the blockchain network, e.g., with the blockchain node closest thereto or with a blockchain node to which the BCC console has access. Each blockchain node may also belong to an organization. The blockchain node has a blockchain stored thereon.

While in the above embodiments each mechanism has only one console, in other embodiments of the application each mechanism may also have multiple consoles.

In one embodiment of the application, the target console is one of a plurality of consoles, each of which is bound with a proprietary data consumer and data provider.

The data consumer and the data provider may belong to different consoles, thereby enabling data sharing across the consoles.

Then, the steps preceding step 240 are described in detail. FIG. 4 shows a flow chart of steps preceding step 240 in the embodiment of FIG. 2, according to one embodiment of the application. Referring to fig. 4, before acquiring the data usage application task information from the target data consumer, the blockchain-based data sharing method may include the following steps:

In step 210, data source related information from a target data provider is obtained, the data source related information including metadata information related to a database.

The target data provider, i.e., the data source provider, needs to share the data it owns externally.

Next, a scheme of an embodiment of the present application will be correspondingly described with reference to timing diagrams provided in fig. 5A and 5B.

Fig. 5A shows a schematic diagram of a first portion of a timing diagram according to one embodiment of the application. Referring to fig. 5A, which is related to two data contribution participants, namely a data provider and a data consumer, and further relates to a management console, a blockchain provided by a chain resource, private storage of the data provider, and ciphertext storage of the data consumer, the management console includes a BCC management console and a BCC event center, which are easy to understand and are actually the same entity, and the BCC event center is a module in the management console or the BCC management console, where for the purpose of describing the scheme of the embodiment of the present application more clearly, the part outside the BCC event center in the management console is denoted by the BCC management console. Referring to fig. 5A, in the data distribution stage, the method includes the following steps:

In step 01, the data providing direction requests the BCC console to issue data, and the request carries information related to the data source.

FIG. 6 shows a presentation interface diagram of metadata information according to one embodiment of the application. Referring to fig. 6, the data source related information received by the target console and sent by the target data provider may include metadata information such as a database instance name, a table name of a data table, and a data item shown in fig. 6.

In one embodiment of the application, the data source related information further comprises database login related information.

The database login-related information is several items of information for logging in the database.

In one embodiment of the application, the database login related information comprises at least one of a database login IP address, a login account, and a password.

With continued reference to fig. 6, the database address is shown as a database entry IP address, and although it is shown in fig. 6 as a metadata item, in the above embodiment, the database entry IP address exists as a database entry related item.

In step 220, metadata information is stored into the blockchain.

The target console will send the metadata information as a transaction to a node in the blockchain network, which stores the transaction in the blockchain.

Fig. 7 shows a flowchart of the details of steps following step 210 and step 270 in the embodiment of fig. 4, according to one embodiment of the application. Referring to fig. 7, after acquiring the data source related information from the target data provider, the blockchain-based data sharing method may further include the steps of:

in step 230, the database login related information is encrypted and the result of the encryption is stored locally.

The database login related information can be encrypted by using an asymmetric encryption algorithm based on the public key of the target management console, or can be encrypted by using a symmetric encryption algorithm based on the key.

The target console may store the encryption results in a local database.

Although in the embodiment of the present application, step 230 is performed after step 220, in other embodiments of the present application, step 230 may also be performed before step 220, and step 230 may also be performed simultaneously with step 220.

With continued reference to fig. 5A, after step 01, the method further includes the following steps:

and step 02, the BCC control console obtains the related information of the data sources such as the table names of the data tables, thereby realizing the creation of the data sources.

And step 03, the BCC management and control console encrypts sensitive data such as the database login IP address and the like, and stores the encryption result in a local place.

In step 04, the bcc console performs a certification uplink operation by storing the metadata information as a transaction in the blockchain.

In step 05, when step 04 successfully completes the uplink, the BCC console receives TxID (Transaction ID) returned by the blockchain network, which may be the on-chain information shown in fig. 6.

In step 06, the bcc console returns the TxID to the data provider to inform the data provider that the data has been successfully published.

Step 240 is described in detail below.

The data usage application task information obtained in step 240 is provided to the target console by the target data consumer after seeing through the data market which data providers respectively provide which data. The interface shown in fig. 6 may be a presentation interface for a data market.

In one embodiment of the application, the data source information includes database information. The database information may include information such as the name of the database instance, the name of the data table, the database address, etc.

The data source information may also include identification information of the target data provider, identification information of a management console to which the target data provider belongs, and the like.

The data reception destination information may be information about a database used by the target data consumer to receive the shared data, i.e., reception database configuration information, may include information such as an IP address, a user name, and a password of the reception database.

In one embodiment of the present application, the data usage application task information further includes field information.

The field information indicates that the target data consumer needs to obtain data corresponding to certain fields. The field names included in the data items in fig. 6 may be used as field information in the data usage application task information.

With continued reference to fig. 5A, after step 06, the data application stage is entered, including the following steps:

Step 07, the data usage direction BCC console requests to create a data usage application task, thereby sending data usage application task information to the BCC console.

Step 08, the bcc console obtains the data source, application field, receiving database configuration information, etc. specified by the data consumer.

Step 09, the bcc console obtains the data encryption public key uploaded by the data consumer.

And step 10, the BCC control console stores the data use application task information into the blockchain to realize the uplink of the data use application task.

In step 11, the bcc console receives the TxID returned by the blockchain network.

With continued reference to fig. 2, after step 240, the method further includes the following steps:

In step 250, subscribed data usage application task information is obtained from the blockchain through the event center, and an approval request corresponding to the data usage application task information is sent to a target data provider corresponding to the data source information in the data usage application task information, so that approval is performed by the target data provider.

The event centers of all management and control consoles including target management and control consoles can subscribe the intelligent contract event corresponding to the data use application task information in the blockchain network in advance, each time when data use application task information is newly added in the blockchain, the corresponding intelligent contract event is triggered, and the blockchain node in the blockchain network pushes the intelligent contract event corresponding to the data use application task information to all management and control consoles subscribed to the data use application task information, so that the data use application task information carried by the intelligent contract event can be obtained.

FIG. 8 shows a flowchart of the details of step 250 in the embodiment of FIG. 2, according to one embodiment of the application. Referring to fig. 8, the method for sending an approval request corresponding to the data application task information to a target data provider corresponding to the data source information in the data application task information may specifically include the following steps:

In step 250', if the target data provider corresponding to the data usage application task information is the data provider bound by the target console, an approval request corresponding to the data usage application task information is sent to the target data provider corresponding to the data source information in the data usage application task information.

The target management and control console can obtain the data use application task information of the uplink of each data provider, and only the data use application task information corresponding to the data provider belonging to the target management and control console can be processed by the target management and control console.

With continued reference to fig. 5A, after step 11, the link for detecting the event on the chain in the approval data stage is entered, which includes the following steps:

in step 12, the bcc event center obtains the subscribed data usage application task's smart contract events from the blockchain.

And 13, the BCC event center obtains data use application task information according to the intelligent contract event of the data use application task, judges whether the corresponding data provider is a user of the current management and control console according to the data use application task information, discards the intelligent contract event of the data use application task if the corresponding data provider is not the user of the current management and control console, and ends the flow.

And step 14, if the BCC event center judges that the corresponding data provider is the user of the current management and control console according to the intelligent contract event of the data use application task, storing the intelligent contract event of the data use application task into a local database.

In step 260, approval results returned by the target data provider are obtained and stored in the blockchain.

With continued reference to fig. 5A, after step 14, a process approval event link entering an approval data stage includes the following steps:

step 15, the bcc event center informs the data provider to approve the data use application task by means of the event to be processed.

And step 16, the data provider returns an approval result to the BCC event center through the front-end page to approve the data use application task.

In step 17, the bcc event center obtains approval results fed back by the data provider, which may be approval or rejection.

And step 18, the BCC event center stores the approval result into the blockchain to realize the uplink of the approval result, and at the moment, a corresponding intelligent contract event is triggered in the blockchain network.

And step 19, when the approval result is successfully uplink, the BCC event center receives the TxID returned by the blockchain node.

The bcc event centre returns the received TxID to the data provider informing it that the approval result has been successfully booted, step 20.

In step 270, a subscribed approval result is obtained from the blockchain through the event center, if the event center determines that the data application task information passes the approval according to the approval result, the data is pulled from the data source corresponding to the data source information, and after the data is encrypted based on the data encryption public key, the encrypted data is pushed to the position corresponding to the data receiving destination information.

The event centers of all management and control consoles including the target management and control console can subscribe the intelligent contract event corresponding to the approval result in the blockchain network in advance, each time an approval result is newly added in the blockchain, the corresponding intelligent contract event is triggered, and the blockchain node in the blockchain network pushes the intelligent contract event corresponding to the approval result to all management and control consoles subscribed to the approval result, so that the approval result provided by the intelligent contract event can be obtained.

In one embodiment of the application, if the event center determines that the data use application task information passes the approval according to the approval result, the data is pulled from the data source corresponding to the data source information, including marking the data use application task information as authorized if the event center determines that the data use application task information passes the approval according to the approval result; and pulling the data from the data source corresponding to the data source information according to the data usage application task information marked as authorized.

The approval result can include identification information for identifying the data application task information in the data application task information, the event center can record an authorized mark for each piece of identification information of the data application task information passing approval, and when the data needs to be pulled, the target management and control console can acquire the corresponding data application task information from the blockchain according to the identification information corresponding to the authorized mark, and then pull the data according to the data application task information.

With continued reference to fig. 7, pulling data from a data source corresponding to the data source information may include the following steps:

In step 271, the encryption result is decrypted, and database login-related information is obtained.

The encryption result may be decrypted using an asymmetric encryption algorithm based on the private key of the target console, or may be decrypted using a symmetric encryption algorithm based on the key.

In step 272, the database corresponding to the data source information is accessed according to the database login related information, and the data is pulled from the database.

Fig. 9 shows a flowchart of the details of step 270 in the embodiment of fig. 2, according to one embodiment of the application. Referring to fig. 9, the pulling data from the data source corresponding to the data source information may include the following steps:

In step 270', the data corresponding to the field information is pulled from the database corresponding to the data source information according to the field information.

In the embodiment of the application, the data sharing with fine granularity is realized by carrying out data pulling according to the field information.

With continued reference to fig. 5A, following step 20, an in-chain data monitoring sub-link of the process approval event link is entered, comprising the steps of:

In step 21, the bcc event center obtains the subscribed data from the blockchain using the smart contract event of the approval result of the application task.

Step 22, the BCC event center obtains the approval result according to the intelligent contract event of the approval result, if the BCC event center judges that the data provider refuses according to the approval result, the data application fails, and the whole process can be ended at this time.

Step 23, if the BCC event center determines that the data provider agrees according to the approval result, it is determined that the data use application is successful, and at this time, the identification information of the task information of the data use application may be marked with an authorized mark.

Fig. 5B shows a schematic diagram of a second portion of a timing diagram according to an embodiment of the application. Referring to fig. 5B, after the step 23 in fig. 5A is completed, a task execution phase is entered, which includes the following steps:

In step 24, the bcc console requests to obtain the successfully applied data usage application task information related to the data provider of the current console from the blockchain according to the identification information corresponding to the authorized tag.

In step 25, the bcc console obtains data usage application task information obtained from the blockchain.

And step 26, the BCC console pages and pulls the data required by the data user from the private storage of the data provider according to the data use application task information.

And step 27, the BCC management and control console encrypts the pulled data based on the data encryption public key of the data user and pushes the encrypted data to the ciphertext database of the data user.

Next, it is described how the data consumer obtains the plaintext of the shared data.

FIG. 10 shows a flowchart of steps subsequent to step 270 in the embodiment of FIG. 2, according to one embodiment of the application. Referring to fig. 10, after pushing the encrypted data to a location corresponding to the data reception destination information, the method may further include the steps of:

In step 280, a decryption tool download request is received from the target data consumer.

The target data consumer may request access to the decryption tool from the console. The decryption tool may be an encryption and decryption tool having an encryption and decryption function.

In step 290, a decryption tool is returned to the target data consumer in accordance with the decryption tool download request, so that the target data consumer decrypts the encrypted data based on the data decryption private key paired with the data encryption public key and the decryption tool after pulling the encrypted data from the location corresponding to the data reception destination information.

The decryption tool is a binary program downloaded by the target data user from the own management and control console, and can decrypt the encrypted data by matching with a data decryption private key locally stored by the target data user.

With continued reference to fig. 5B, after step 27, a calculation result acquisition phase is entered, including the steps of:

in step 28, the data usage sends a data encryption and decryption tool download request to the BCC console.

And 29, the BCC control console returns enctool the data encryption and decryption tool to the data user.

Step 30, the data consumer obtains the private key paired with the data encryption public key provided at the time of creating the data consumer application task.

Step 31, the data user configures enctool a data encryption and decryption tool locally based on the private key.

In step 32, the data consumer pulls the encrypted data from the data consumer ciphertext store.

And step 33, the data user decrypts the encrypted data by utilizing enctool to obtain plaintext data.

In step 34, the data consumer pushes the plaintext data into a plaintext database whose data consumer stores the plaintext data.

And step 35, the data user receives feedback information of the plaintext database, so as to determine that the plaintext data pushing is successful.

After obtaining the plaintext data, the data consumer can perform subsequent analysis and use.

In summary, according to the blockchain-based data sharing method provided by the embodiment of the application, the advantages that the characteristics of the blockchain, such as decentralization, non-tampering and traceability, are utilized, so that the data provider and the data user can perform data security sharing, the data user can apply for specific data according to the own needs, the data provider can perform approval, and after the approval passes, the authorized data is encrypted and directionally pushed to the database appointed by the data user can be obtained. The data application, approval and authorization are performed in a decentralised form by means of a data market. The whole process is trace-left in the whole process of the block chain and can be traced.

The following describes an embodiment of an apparatus that may be used to perform the blockchain-based data sharing method of the above embodiment of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the blockchain-based data sharing method described above.

FIG. 11 illustrates a block diagram of a blockchain-based data sharing device in accordance with an embodiment of the present application.

Referring to FIG. 11, a blockchain-based data sharing device 1100 according to an embodiment of the present application includes an acquisition unit 1110, a subscription and approval unit 1120, an acquisition and storage unit 1130, and a subscription and push unit 1140. The system comprises an acquisition unit 1110, an acquisition and approval unit 1120, an acquisition and approval unit 1130 and an encryption and decryption unit, wherein the acquisition unit 1110 is used for acquiring data use application task information from a target data use party and storing the data use application task information into a blockchain, the data use application task information comprises data source information and data encryption public key and data receiving destination information of the data use party, the subscription and approval unit 1120 is used for acquiring subscribed data use application task information from the blockchain through an event center and sending an approval request corresponding to the data source information to a target data provider corresponding to the data use application task information in the data use application task information so as to be approved by the target data provider, the acquisition and storage unit 1130 is used for acquiring an approval result returned by the target data provider and storing the approval result into the blockchain, and the subscription and approval unit 1140 is used for acquiring subscribed approval results from the blockchain through the event center, and if the event center determines that the data use application task information passes through the approval result according to the approval result, the event center pulls data corresponding to the data source information and encrypts data corresponding to the data key and data after the data is pushed to the public key and the data receiving destination information.

In some embodiments of the present application, based on the foregoing, the data source information includes database information, the data usage application task information further includes field information, and the subscribing and pushing unit 1140 is configured to pull data corresponding to the field information from a database corresponding to the data source information according to the field information.

In some embodiments of the present application, based on the foregoing, the data source related information further includes database login related information, and the apparatus further includes an encryption unit, where after obtaining the data source related information from the target data provider, the encryption unit is configured to encrypt the database login related information and store an encryption result locally, and the subscription and pushing unit 1140 is configured to decrypt the encryption result to obtain the database login related information, access a database corresponding to the data source information according to the database login related information, and pull data from the database.

In some embodiments of the present application, based on the foregoing scheme, the subscription and pushing unit 1140 is configured to mark the data usage application task information as authorized if the event center determines that the data usage application task information passes the approval according to the approval result, and pull data from a data source corresponding to the data source information according to the data usage application task information marked as authorized.

In some embodiments of the present application, based on the foregoing solution, the subscription and approval unit 1120 is configured to send an approval request corresponding to the data usage application task information to a target data provider corresponding to the data source information in the data usage application task information if the target data provider corresponding to the data usage application task information is a data provider bound by the target console.

It should be noted that, the computer system 1200 of the electronic device shown in fig. 12 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 12, the computer system 1200 includes a central processing unit (Central Processing Unit, CPU) 1201 that can perform various appropriate actions and processes, such as performing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 1202 or a program loaded from a storage section 1208 into a random access Memory (Random Access Memory, RAM) 1203. In the RAM 1203, various programs and data required for the system operation are also stored. The CPU 1201, ROM 1202, and RAM 1203 are connected to each other through a bus 1204. An Input/Output (I/O) interface 1205 is also connected to bus 1204.

Connected to the I/O interface 1205 are an input section 1206 including a keyboard, a mouse, and the like, an output section 1207 including a Cathode Ray Tube (CRT), a Liquid crystal display (Liquid CRYSTAL DISPLAY, LCD), and the like, and a speaker, and the like, a storage section 1208 including a hard disk, and the like, and a communication section 1209 including a network interface card such as a LAN (Local Area Network) card, a modem, and the like. The communication section 1209 performs communication processing via a network such as the internet. The drive 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 1210 so that a computer program read out therefrom is installed into the storage section 1208 as needed.

In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1209, and/or installed from the removable media 1211. When executed by a Central Processing Unit (CPU) 1201, performs the various functions defined in the system of the present application.

It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), a flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.

In one aspect, the present application also provides a computer readable medium that may be included in the electronic device described in the above embodiment, or may exist alone without being assembled into the electronic device. The computer-readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the methods described in the above embodiments.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.

It will be appreciated that in particular embodiments of the present application, where data relating to data sharing is involved, user approval or consent is required when the above embodiments of the present application are applied to particular products or technologies, and the collection, use and processing of the relevant data is required to comply with relevant legal regulations and standards in the relevant countries and regions.

Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.

It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims

1. A blockchain-based data sharing method, the method comprising:

Acquiring data use application task information from a target data user, and storing the data use application task information into a blockchain, wherein the data use application task information comprises data source information and data encryption public key and data receiving destination information of the data user;

Acquiring subscribed data use application task information from the blockchain through an event center, and sending an approval request corresponding to the data use application task information to a target data provider corresponding to the data source information in the data use application task information so as to be approved by the target data provider;

Obtaining an approval result returned by the target data provider, and storing the approval result into the blockchain;

and acquiring a subscribed approval result from the blockchain through the event center, if the event center determines that the data application task information passes approval according to the approval result, pulling data from a data source corresponding to the data source information, encrypting the data based on the data encryption public key, and then pushing the encrypted data to a position corresponding to the data receiving destination information.

2. The blockchain-based data sharing method of claim 1, wherein the data source information includes database information, the data usage application task information further includes field information, and the pulling data from the data source corresponding to the data source information includes:

And pulling the data corresponding to the field information from the database corresponding to the data source information according to the field information.

3. The blockchain-based data sharing method of claim 1, wherein prior to obtaining the data usage application task information from the target data consumer, the method further comprises:

Acquiring data source related information from the target data provider, wherein the data source related information comprises metadata information related to a database;

The metadata information is stored into a blockchain.

4. The blockchain-based data sharing method of claim 3, wherein the data source-related information further includes database entry-related information, the method further comprising, after obtaining the data source-related information from the target data provider:

encrypting the related information of the database login, and storing the encryption result in a local place;

the pulling data from the data source corresponding to the data source information comprises the following steps:

decrypting the encryption result to obtain the relevant information of the database login;

Accessing a database corresponding to the data source information according to the database login related information, and pulling data from the database.

5. The blockchain-based data sharing method of claim 1, wherein if the event center determines that the data usage application task information passes approval according to the approval result, pulling data from a data source corresponding to the data source information includes:

If the event center determines that the data use application task information passes the approval according to the approval result, marking the data use application task information as authorized;

and pulling data from the data source corresponding to the data source information according to the data usage application task information marked as authorized.

6. The blockchain-based data sharing method of claim 1, wherein after pushing the encrypted data to a location corresponding to the data reception destination information, the method further comprises:

receiving a decryption tool download request from the target data consumer;

and returning a decryption tool to the target data user according to the decryption tool downloading request, so that the target data user decrypts the encrypted data based on a data decryption private key paired with the data encryption public key and the decryption tool after pulling the encrypted data from a position corresponding to the data receiving destination information.

7. The blockchain-based data sharing method of claim 1, wherein the method is performed by a target console comprising the event center, the target console being one of a plurality of consoles, each of the plurality of consoles being bound with a proprietary data consumer and data provider.

8. The blockchain-based data sharing method of claim 7, wherein sending an approval request corresponding to the data usage application task information to a target data provider corresponding to the data source information in the data usage application task information includes:

And if the target data provider corresponding to the data use application task information is the data provider bound by the target management and control console, sending an approval request corresponding to the data use application task information to the target data provider corresponding to the data source information in the data use application task information.

9. The blockchain-based data sharing method of claim 4, wherein the database login-related information includes at least one of a database login IP address, a login account, a password.

10. A blockchain-based data sharing device, the device comprising:

An acquisition unit for acquiring data usage application task information from a target data consumer and storing the data usage application task information into a blockchain, the data use application task information comprises data source information, a data encryption public key of the data user and data receiving destination information;

the subscription and approval unit is used for acquiring subscribed data use application task information from the blockchain through an event center, and sending an approval request corresponding to the data use application task information to a target data provider corresponding to the data source information in the data use application task information so as to be approved by the target data provider;

The obtaining and storing unit is used for obtaining an approval result returned by the target data provider and storing the approval result into the blockchain;

The subscription and pushing unit is used for acquiring a subscribed approval result from the blockchain through the event center, if the event center determines that the data application task information passes the approval according to the approval result, pulling the data from the data source corresponding to the data source information, encrypting the data based on the data encryption public key, and pushing the encrypted data to a position corresponding to the data receiving destination information.

11. A computer readable medium having stored thereon a computer program, which when executed by a processor implements the blockchain-based data sharing method of any of claims 1 to 9.

12. An electronic device, comprising:

one or more processors;

Storage means for storing one or more computer programs that, when executed by the one or more processors, cause the one or more processors to implement the blockchain-based data sharing method of any of claims 1 to 9.

13. A computer program product, characterized in that it comprises computer instructions stored in a computer-readable storage medium, from which a processor of an electronic device reads the computer instructions, which processor executes the computer instructions, causing the electronic device to perform the blockchain-based data sharing method according to any of claims 1 to 9.