阅读说明：本技术 基于区块链的敏感数据交易方法及系统 (Sensitive data transaction method and system based on block chain ) 是由 盛伟 郑志探 于 2019-03-18 设计创作，主要内容包括：本发明公开一种基于区块链的敏感数据交易方法及系统,涉及区块链技术领域,通过将区块链技术运用在数据交易的场景中,能够满足对敏感数据交易过程安全可靠、公开透明和便捷高效的要求。该方法包括：成员机构搭建各自的节点,通过在其中一个或多个节点中组建用于存储敏感数据的分布式缓存和用于记录转账积分的账本,使得各节点分别与分布式缓存和账本联网形成区块链；经由请求节点的数据交易模块向分布式缓存发起敏感数据请求,并在智能合约被触发时由其转账模块向目标节点支付积分,经账本记账后由目标节点的数据交易模块将敏感数据请求通过分布式缓存发布,使得请求节点的数据交易模块能够获取并解析敏感数据；该系统包括上述方案所提的方法。(The invention discloses a sensitive data transaction method and system based on a block chain, relates to the technical field of the block chain, and can meet the requirements of safe, reliable, transparent, convenient and efficient sensitive data transaction process by applying the block chain technology to a data transaction scene. The method comprises the following steps: the member mechanism builds respective nodes, and the distributed cache used for storing sensitive data and the account book used for recording transfer points are built in one or more nodes, so that the nodes form block chains respectively with the distributed cache and the account book in a networking mode; initiating a sensitive data request to a distributed cache through a data transaction module of a request node, paying points to a target node through a transfer module of the request node when an intelligent contract is triggered, and issuing the sensitive data request through the distributed cache by a data transaction module of the target node after accounting through an account book so that the data transaction module of the request node can acquire and analyze sensitive data; the system comprises the method provided by the scheme.)

1. A sensitive data transaction method based on a block chain is characterized by comprising the following steps:

the method comprises the steps that member mechanisms build respective nodes, and a distributed cache used for storing sensitive data and an account book used for recording transfer points are built in one or more nodes, so that the nodes form block chains respectively with the distributed cache and the account book in a networking mode;

running an intelligent contract in each node, wherein the intelligent contract comprises a transfer module for processing transfer transaction and a data transaction module for processing data exchange;

and initiating a sensitive data request to the distributed cache through a data transaction module of a request node, paying points to a target node by a transfer module of the request node when an intelligent contract is triggered, and issuing the sensitive data request through the distributed cache by the data transaction module of the target node after the account book accounts, so that the data transaction module of the request node can acquire and analyze the sensitive data.

2. The method of claim 1, wherein the data transaction module comprises a request unit, an encryption and decryption unit, a publishing unit, a subscribing unit and a storage unit;

the request unit is used for initiating a sensitive data acquisition request, wherein the sensitive data request comprises a packed target integral address, encrypted sensitive data and a public key associated with the request integral address;

the encryption and decryption unit is used for encrypting the sensitive data by using the corresponding public key and decrypting the sensitive data by using the corresponding private key;

the issuing unit is called by the request node and is used for packaging and uploading the target integral address, the encrypted sensitive data and a public key associated with the request integral address to the distributed cache;

the subscription unit is called by a target node and is used for extracting a target integral address in a sensitive data request, encrypting sensitive data and a public key associated with the request integral address;

the storage unit is used for storing a public key and a private key which are associated with each integral address.

3. The method of claim 2, wherein initiating a request for sensitive data to the distributed cache via a data transaction module of a requesting node and paying credits to a target node by a transfer module thereof when a smart contract is triggered comprises:

initiating a request through a request unit of any request node, and issuing the sensitive data request to the distributed cache by calling an issuing unit;

extracting a target point address in the sensitive data request, and judging whether the target point address belongs to the request node;

if so, directly calling a private key associated with the target point address from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data;

and if not, triggering the intelligent contract to execute the operation of paying the point to the target point address through a transfer module of the request node, and keeping the account by the account book.

4. The method of claim 3, wherein the step of issuing the sensitive data request through the distributed cache by a data transaction module of a target node after accounting by the ledger comprises:

after the accounting of the account book is finished, a subscription unit of a target node reads the sensitive data request from the distributed cache and extracts a target point address, encrypted sensitive data and a public key associated with the request point address;

and judging whether the target integral address belongs to the target node, if not, not processing, if so, directly calling a private key associated with the target integral address from a storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data, then encrypting the plaintext sensitive data by using the extracted public key associated with the request integral address, and finally packaging the request integral address and the re-encrypted sensitive data together and uploading the packaged request integral address and the re-encrypted sensitive data to the distributed cache.

5. The method of claim 3, wherein enabling a data transaction module of a requesting node to obtain and parse the sensitive data comprises:

subscribing the fed back sensitive data from the distributed cache through a subscription unit of a request node, and extracting a request integral address and the re-encrypted sensitive data in the sensitive data;

and judging whether the request integral address belongs to the request node, if not, not processing, and if so, directly calling a private key associated with the request integral address from a storage unit to decrypt the re-encrypted sensitive data to obtain plaintext sensitive data.

6. A blockchain-based sensitive data transaction system, comprising:

the block chain construction part is used for constructing respective nodes by member mechanisms, and constructing a distributed cache for storing sensitive data and an account book for recording transfer points in one or more nodes so that the nodes form a block chain with the distributed cache and the account book network respectively;

the intelligent contract setting part is used for operating an intelligent contract in each node, and the intelligent contract comprises a transfer module for processing transfer transaction and a data transaction module for processing data exchange;

and the data transaction part is used for initiating a sensitive data request to the distributed cache through the data transaction module of the request node, paying the credit to the target node through the transfer module of the request node when the intelligent contract is triggered, and issuing the sensitive data request through the distributed cache through the data transaction module of the target node after the credit is booked by the book so that the data transaction module of the request node can acquire and analyze the sensitive data.

7. The system of claim 6, wherein the data transaction module comprises a request unit, an encryption and decryption unit, a publishing unit, a subscribing unit and a storage unit;

the request unit is used for initiating a sensitive data acquisition request, wherein the sensitive data request comprises a packed target integral address, encrypted sensitive data and a public key associated with the request integral address;

the encryption and decryption unit is used for encrypting the sensitive data by using the corresponding public key and decrypting the sensitive data by using the corresponding private key;

the issuing unit is called by the request node and is used for packaging and uploading the target integral address, the encrypted sensitive data and a public key associated with the request integral address to the distributed cache;

the subscription unit is called by a target node and is used for extracting a target integral address in a sensitive data request, encrypting sensitive data and a public key associated with the request integral address;

the storage unit is used for storing a public key and a private key which are associated with each integral address.

8. The system of claim 7, wherein the data trafficking section comprises:

the first execution module is used for issuing the sensitive data request to the distributed cache by calling an issuing unit through a request unit request of any request node;

the first judgment module is used for extracting a target integral address in the sensitive data request and judging whether the target integral address belongs to the request node;

if so, directly calling a private key associated with the target point address from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data;

and if not, triggering the intelligent contract to execute the operation of paying the point to the target point address through a transfer module of the request node, and keeping the account by the account book.

9. The system of claim 8, wherein the data trafficking unit further comprises:

the second execution module is used for reading the sensitive data request from the distributed cache by the subscription unit of the target node after the accounting of the account book is finished, and extracting a target point address, encrypted sensitive data and a public key associated with the request point address;

and the second judgment module is used for judging whether the target integral address belongs to the target node or not, if not, processing is not carried out, if yes, a private key associated with the target integral address is directly called from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data, the plaintext sensitive data is encrypted by using the extracted public key associated with the request integral address, and finally, the request integral address and the re-encrypted sensitive data are packaged together and uploaded to the distributed cache.

10. The system of claim 9, wherein the data trafficking unit further comprises:

a third execution module, configured to subscribe the fed-back sensitive data from the distributed cache via a subscription unit of the requesting node, and extract a request point address and re-encrypted sensitive data therein;

and the third judging module is used for judging whether the request integral address belongs to the request node or not, if not, processing is not carried out, and if yes, the private key associated with the request integral address is directly called from the storage unit to decrypt the re-encrypted sensitive data to obtain plaintext sensitive data.

Technical Field

The invention relates to the technical field of block chains, in particular to a sensitive data transaction method and system based on a block chain.

Background

In today's information society, data plays an increasingly important role. Data sharing and trading has become a hotspot in current technologies and businesses. Moreover, since the data has a large difference compared with the conventional goods, for example, it is easy to lose, copy, require confidentiality, etc. Thus, there are higher demands on the processing power of the transaction, traceability of the transaction process, integrity of the transaction data and reliability.

However, in the conventional data transaction manner, the transaction is generally completed by relying on a transaction center of a third party, the processing capacity of the transaction center affects the efficiency of the transaction, and the failure of the transaction center affects all related parties of the transaction; moreover, tracking of the conventional transaction process relies heavily on conventional centralized trust authorities, such as banks, stock exchanges, third-party authorities, etc., and the verification of the transaction can only be completed through these centralized trust authorities.

On a traditional transaction platform, the integrity of transaction data is difficult to maintain, due to the non-transparency of traditional transactions, the history of transactions is difficult to trace, and transaction process files can be tampered, so that for sensitive data, the safety and the non-tampering property of traditional data transactions cannot be guaranteed, and if data is forged or tampered, the benefits of transaction buyers cannot be guaranteed.

Disclosure of Invention

The invention aims to provide a sensitive data transaction method and system based on a block chain, which can meet the requirements of safe, reliable, transparent, convenient and efficient sensitive data transaction process by applying the block chain technology to a data transaction scene.

In order to achieve the above object, an aspect of the present invention provides a block chain-based sensitive data transaction method, including:

the method comprises the steps that member mechanisms build respective nodes, and a distributed cache used for storing sensitive data and an account book used for recording transfer points are built in one or more nodes, so that the nodes form block chains respectively with the distributed cache and the account book in a networking mode;

running an intelligent contract in each node, wherein the intelligent contract comprises a transfer module for processing transfer transaction and a data transaction module for processing data exchange;

and initiating a sensitive data request to the distributed cache through a data transaction module of a request node, paying points to a target node by a transfer module of the request node when an intelligent contract is triggered, and issuing the sensitive data request through the distributed cache by the data transaction module of the target node after the account book accounts, so that the data transaction module of the request node can acquire and analyze the sensitive data.

Optionally, the data transaction module includes a request unit, an encryption/decryption unit, a publishing unit, a subscribing unit and a storage unit;

the request unit is used for initiating a sensitive data acquisition request, wherein the sensitive data request comprises a packed target integral address, encrypted sensitive data and a public key associated with the request integral address;

the encryption and decryption unit is used for encrypting the sensitive data by using the corresponding public key and decrypting the sensitive data by using the corresponding private key;

the issuing unit is called by the request node and is used for packaging and uploading the target integral address, the encrypted sensitive data and a public key associated with the request integral address to the distributed cache;

the subscription unit is called by a target node and is used for extracting a target integral address in a sensitive data request, encrypting sensitive data and a public key associated with the request integral address;

the storage unit is used for storing a public key and a private key which are associated with each integral address.

Preferably, the method of initiating a sensitive data request to the distributed cache via the data transaction module of the requesting node and paying credit to the target node by its transfer module when the smart contract is triggered comprises:

issuing the sensitive data request to the distributed cache by calling an issuing unit through a request unit request of any request node;

extracting a target point address in the sensitive data request, and judging whether the target point address belongs to the request node;

if so, directly calling a private key associated with the target point address from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data;

and if not, triggering the intelligent contract to execute the operation of paying the point to the target point address through a transfer module of the request node, and keeping the account by the account book.

Preferably, the method for issuing the sensitive data request through the distributed cache by the data transaction module of the target node after the accounting book is booked comprises the following steps:

after the accounting of the account book is finished, a subscription unit of a target node reads the sensitive data request from the distributed cache and extracts a target point address, encrypted sensitive data and a public key associated with the request point address;

and judging whether the target integral address belongs to the target node, if not, not processing, if so, directly calling a private key associated with the target integral address from a storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data, then encrypting the plaintext sensitive data by using the extracted public key associated with the request integral address, and finally packaging the request integral address and the re-encrypted sensitive data together and uploading the packaged request integral address and the re-encrypted sensitive data to the distributed cache.

Preferably, the method of enabling the data transaction module of the requesting node to acquire and parse the sensitive data comprises:

subscribing the fed back sensitive data from the distributed cache through a subscription unit of a request node, and extracting a request integral address and the re-encrypted sensitive data in the sensitive data;

and judging whether the request integral address belongs to the request node, if not, not processing, and if so, directly calling a private key associated with the request integral address from a storage unit to decrypt the re-encrypted sensitive data to obtain plaintext sensitive data.

Compared with the prior art, the sensitive data transaction method based on the block chain has the following beneficial effects:

in the sensitive data transaction method based on the block chain, one or more nodes are selected from member institutions to establish a distributed cache and an account book, the time consumption of the data transaction process can be shortened by adopting the design scheme of the distributed cache, the performance of data exchange is improved, the whole data transaction can be more convenient and efficient, specifically, when any member institution requests to acquire sensitive data, only corresponding points need to be paid to a target node (a data holding institution), an intelligent contract can be automatically triggered to execute data transaction operation, the point transfer and the data transaction process can be synchronously carried out, the problem of a trust mechanism of the traditional data transaction mode is solved, sensitive data is packaged by a one-time pad technology, the safety of the data transaction process can be effectively ensured, in addition, due to the characteristic that the block chain is decentralized, the block chain-based sensitive data transaction method provided by the invention does not need a centralized operation institution, the cost of operation is significantly reduced.

Another aspect of the present invention provides a block chain-based sensitive data transaction system, which is applied to the block chain-based sensitive data transaction method according to the above technical solution, and the system includes:

the block chain construction part is used for constructing respective nodes by member mechanisms, and constructing a distributed cache for storing sensitive data and an account book for recording transfer points in one or more nodes so that the nodes form a block chain with the distributed cache and the account book network respectively;

the intelligent contract setting part is used for operating an intelligent contract in each node, and the intelligent contract comprises a transfer module for processing transfer transaction and a data transaction module for processing data exchange;

and the data transaction part is used for initiating a sensitive data request to the distributed cache through the data transaction module of the request node, paying the credit to the target node through the transfer module of the request node when the intelligent contract is triggered, and issuing the sensitive data request through the distributed cache through the data transaction module of the target node after the credit is booked by the book so that the data transaction module of the request node can acquire and analyze the sensitive data.

Optionally, the data transaction module includes a request unit, an encryption/decryption unit, a publishing unit, a subscribing unit and a storage unit;

the request unit is used for initiating a sensitive data acquisition request, wherein the sensitive data request comprises a packed target integral address, encrypted sensitive data and a public key associated with the request integral address;

the encryption and decryption unit is used for encrypting the sensitive data by using the corresponding public key and decrypting the sensitive data by using the corresponding private key;

the issuing unit is called by the request node and is used for packaging and uploading the target integral address, the encrypted sensitive data and a public key associated with the request integral address to the distributed cache;

the subscription unit is called by a target node and is used for extracting a target integral address in a sensitive data request, encrypting sensitive data and a public key associated with the request integral address;

the storage unit is used for storing a public key and a private key which are associated with each integral address.

Preferably, the data transaction part includes:

the first execution module is used for issuing the sensitive data request to the distributed cache by calling an issuing unit through a request unit request of any request node;

the first judgment module is used for extracting a target integral address in the sensitive data request and judging whether the target integral address belongs to the request node;

if so, directly calling a private key associated with the target point address from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data;

and if not, triggering the intelligent contract to execute the operation of paying the point to the target point address through a transfer module of the request node, and keeping the account by the account book.

Preferably, the data transaction unit further comprises:

the second execution module is used for reading the sensitive data request from the distributed cache by the subscription unit of the target node after the accounting of the account book is finished, and extracting a target point address, encrypted sensitive data and a public key associated with the request point address;

and the second judgment module is used for judging whether the target integral address belongs to the target node or not, if not, processing is not carried out, if yes, a private key associated with the target integral address is directly called from the storage unit to decrypt the encrypted sensitive data to obtain plaintext sensitive data, the plaintext sensitive data is encrypted by using the extracted public key associated with the request integral address, and finally, the request integral address and the re-encrypted sensitive data are packaged together and uploaded to the distributed cache.

Further, the data transaction unit further includes:

a third execution module, configured to subscribe the fed-back sensitive data from the distributed cache via a subscription unit of the requesting node, and extract a request point address and re-encrypted sensitive data therein;

and the third judging module is used for judging whether the request integral address belongs to the request node or not, if not, processing is not carried out, and if yes, the private key associated with the request integral address is directly called from the storage unit to decrypt the re-encrypted sensitive data to obtain plaintext sensitive data.

Compared with the prior art, the beneficial effects of the sensitive data transaction system based on the block chain provided by the invention are the same as the beneficial effects of the sensitive data transaction method based on the block chain provided by the technical scheme, and the detailed description is omitted here.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:

fig. 1 is a schematic flowchart of a block chain-based sensitive data transaction method according to an embodiment of the present invention;

fig. 2 is a block diagram of a sensitive data transaction system based on a blockchain according to a second embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.