Police affair resource data governance cooperation method based on block chain
阅读说明:本技术 一种基于区块链的警务资源数据治理协同方法 (Police affair resource data governance cooperation method based on block chain ) 是由 汪洋 彭艳兵 唐帅 李雪 于 2021-09-14 设计创作,主要内容包括:本发明公开了一种基于区块链的警务资源数据治理协同方法,属于区块链跨链数据协同技术和警务数据管理在区块链技术中的应用技术领域,本发明将区块链多方协作、安全可信等特性应用到数据标准的构建、数据安全的保障和数据共享过程的控制。在实现了警务资源数据全面归集的基础上,利用区块链分布式账本、公私钥加密等技术特性建设和整合案件网络,构建各公安部门共识的业务数据标准,借助智能合约建设跨部门业务场景,高效支撑跨部门间的“业务协同”经实践,基于区块链技术的不可篡改、去中心化、数据加密以及信任传递的特征,对实现警务资源数据共享、案件业务协同具有非常好的优势。(The invention discloses a police service resource data governance cooperation method based on a block chain, belongs to the technical field of block chain cross-chain data cooperation technology and application of police service data management in the block chain technology, and applies the characteristics of block chain multi-party cooperation, safety, credibility and the like to the construction of data standards, the guarantee of data safety and the control of a data sharing process. On the basis of realizing comprehensive collection of police resource data, a case network is built and integrated by using technical characteristics such as a block chain distributed account book and public and private key encryption, a service data standard commonly recognized by each public security department is built, a cross-department service scene is built by means of an intelligent contract, and cross-department service collaboration is supported efficiently.)
1. A police service resource data governance cooperative method based on a block chain is characterized in that: the method specifically comprises the following steps:
step 1, constructing a case data quality collaborative model based on a block chain: through governing model structure, method, flow and number
Introducing an anti-tampering technology according to sharing and access control, data updating and intelligent contracts to achieve a governing target based on the characteristics of a regional chain distributed account book, an encryption algorithm and a consensus mechanism;
step 2, establishing a multi-party cooperation standard: implementing complexities by establishing rule-based data and standardized intelligent contracts
Each record of the business logic industry standard library chain is orderly linked from the back to the front, and the method is safe and stable, cannot be tampered and can be traced;
step 3, the intelligent contract forms a solidified transparent service: performing solidified transparent business logic by means of intelligent contracts
Performing hard core control on data standards and operation flows of various services, and storing service data through intelligent cooperation, thereby effectively avoiding service conflicts caused by problems of management modes, rule changes, system upgrading and the like among departments;
step 4, the multi-partition user authorization mechanism guarantees privacy security: user information authorization for realizing transactor and business management and business
Unified configuration management is provided for service data items, protocol management, protocol content management, authorization modes, electronic approval process management, cloud storage encryption and the like;
and 5, finishing the cooperative treatment of the block chain data.
2. The cooperative police service resource data governance method based on the block chain as claimed in claim 1, wherein:
in step 1, a tamper-proof technique is cited, specifically as follows:
if an attacker tries to tamper the data of the h block before the latest block, the attacker needs to modify the hash value of the block and recalculate the hash values of all the blocks afterwards; setting the current computing power of the whole network honest nodes as hash value computation for p times per second, wherein the block hash value contains g prefix binary 0 under the current computing difficulty; an attacker is newly added computing power, and the computing power is calculated by q times of Hash values per second; if no new node participates, the probability that the honest node obtains a new block in each second isThe probability of an attacker obtaining a new block is(ii) a Initial height difference between attacker and honest nodeIs provided withThe height difference is the ith second, the height difference isThe probability of change per second is divided into 3 cases:
event(s): if the attacker does not generate a block, the honest node generates a block,plus 1, probability;
Event(s): if the attacker does not generate a block, the honest node generates a block,minus 1, probability;
Event(s): if the attacker does not generate a block, the honest node generates a block,invariance, probability;
The height difference per secondThe variation probability distribution of (a) conforms to a plurality of distributions:
when in useWhen the attacker successfully catches up with the honest nodes and distributes the block chains, the data is successfully tampered;
within t seconds, t height change events occur, and n is set asThe number of occurrences; when the tampering is successful, the user may,at least take placeLet j be an eventThe difference between the actual number of occurrences and the minimum number of occurrences, thenThe actual number of occurrences is;The number of occurrences is based on the number of occurrences of the first two, and isWherein, in the step (A),;
then within t seconds, the probability of the attacker pursuing honest nodes is:
the probability of success of tampering the block data by an attacker according to a formula is lower and lower with the increase of the tampering block depth h.
3. The cooperative police service resource data governance method based on the block chain as claimed in claim 1, wherein:
the step 2 is divided into two stages:
the first stage is outside the chain, and consists of an identity authentication module, a right management module and a supervision management module, and is used for verifying the user state, giving rewards to the user and supervising the user behavior;
the second stage is in the chain, which is composed of industry standard library chains, wherein each industry standard library chain is used for storing and reading police service resource data information of the industry standard library chain; and the user is verified to be a registered user through the identity authentication module, and the registered user carries out interaction between the first stage and the second stage by calling the intelligent contract.
4. The cooperative police service resource data governance method based on the block chain as claimed in claim 3, wherein: the police service resource data standard co-construction management algorithm and process based on the block chain are as follows:
step 2.1, the police service resource data demander submits a registration application, and the identity of the police service resource data demander is verified through an identity authentication module to obtain a corresponding return state, wherein the police service resource data demander becomes a registered user if the registration is successful, and otherwise the police service resource data demander fails to register;
step 2.2, the data demander has corresponding integral information through the authority management module;
step 2.3, the data demander has corresponding supervision information through a supervision management module;
step 2.4, the data demander calls an intelligent contract to apply, inquire and clone the data standard;
and 2.5, automatically completing corresponding operation by the police service resource data standard library chain by means of an intelligent contract.
5. The cooperative police service resource data governance method based on the block chain as claimed in claim 1, wherein:
in step 3, the storage of the block chain on contract codes and states ensures the reliability and observability of contract storage, the intelligent contracts are codes stored on the block chain, the contract states are stored in the block chain, the contract codes are executed through block chain link points, the contract calculation results through a distributed consistency algorithm are stored in the block chain, and the contract states are updated; the state transition of the blockchain can be given as shown in the formula:
wherein the content of the first and second substances,a state transfer function for a block chain;is the state of the blockchain at time t; t is a police service;
the method comprises the following steps that services are collected and placed into blocks, each block is indicated by a hash value of the block, one block not only has a set of hash and transaction of the previous block, but also has a block chain state from the block, the hash of the previous block is placed into the block, and therefore the block is connected into a chain, and the specific expression is as follows:
the hash of the previous block is put into the block, so that the block is connected into a chain to form a nested function, wherein the specific expression is as follows:
the block chain stores all case services in a block, so that the following tracing query is facilitated, the latest state of the block chain is stored in an MPT, and the MPT is written as merkle patricia trie, wherein the MPT is a combined abbreviation of a Mercker tree and a Telejia tree, is an improved data structure which integrates the advantages of the two tree structures of the Mercker tree and the prefix tree, is a very important data structure in an Ether, and is used for storing a state change state tree of the police service, generating a latest state abstract in real time, and further quickly finding required information according to a state keyword Key.
6. The cooperative police service resource data governance method based on the block chain as claimed in claim 1, wherein:
in step 4, the query keyword submitted by the data user should meet two security requirements, one is the privacy of the query keyword, namely the query keyword of the data user cannot be delivered to the cloud server in a plaintext form; second, if the query keyword is unlinkable, assume that the data userAll the contained keys need to be retrieved from the encrypted inverted indexThe data user utilizes the key by the following two stepsEncrypting the query keyAnd a query trapdoor is generated,
first, the data userRandomly selecting an elementThe following formula is calculated, where r is from the setThe random numbers are selected randomly and uniformly: to facilitate writing
;
Wherein the content of the first and second substances,is two orders of prime numberThe cyclic multiplication group of (a) is,into a groupA generator of (2); defining bilinear mappingsAnd two secure hash functionsRespectively hashing character strings of any length into groupsAnd groupAn element of (1);randomly and uniformly slave to a group for a key distribution centerThe two elements selected above are used for generating a secret key;
secondly, for each,
Data userComputing;(1)
Wherein, S is an attribute set,for the complete set of system attributesS represents a groupOne set of the above-mentioned (c) is,is from a collectionWherein the random number is randomly and uniformly selected,,is an attributeA random attribute key is generated, and the random attribute key is generated,;
data owner based on index keyAccess rights requirement of, defining an access control treeFromFrom the root node ofIn the following wayEach node inConstructing a polynomialAnd is provided withThe number of the highest order term being the threshold for groundingAs little as 1, i.e.(ii) a For the root node R, the data owner randomly selects a valueAnd is provided withData owner settings for any other node;
When the data owner decides to revoke an attribute of the data consumerHe only needs to be an attributeGenerating a new attribute keyAnd useWith a full set of replacement keysSending outSending the data to a cloud server; when the cloud server receivesThen, first useWith a full set of updated attribute keysThen, for each encrypted inverted listWhich has access to a control tree ofIf, ifContains an attributeThen the cloud server uses the attribute keyUpdatingIn (1)Is composed ofAfter updateCan be expressed as:
(2)
suppose thatLeaf node inCorresponding attribute isThat is to say;
The cloud server has strong storage and calculation capacity, is used for storing encrypted outsourced data, is also used for inquiring on the encrypted security index according to the inquiry trapdoor submitted by the data user and returning an encrypted inquiry result to the data user, and when the cloud receives the data userQuery trapdoorAfter that, givenAn encrypted posting listThe cloud server can return the inverted list only if the following two conditions are satisfied simultaneouslyIndex of all encrypted data files: firstly, theWith a list of inversionsInquiry authority, IIIf true; the whole safety inquiry process is divided into the following two sub-processes:
the first subprocess is that the cloud server traps the door according to the queryDetermining whether data user u has a pair indexThe inquiry authority is specifically as follows:
letIs an access control treeFor each leaf nodeLet aRepresenting the attribute of the leaf node representation, i.e.If, ifThen, calculate:
if it is notThen define;
Wherein, the meaning of the characters can be known by formulas (1) and (2);
for each non-leaf nodeWith a node threshold ofIf there is one containingAnSet of child nodes ofAnd for each child nodeAll satisfyThen calculate
Wherein the content of the first and second substances,is the lagrange coefficient; if no such collection exists, a collection of attributes is indicated to the data consumerUnsatisfied nodeIs then defined;
For access control treeRoot node ofAfter the above recursion operation, ifThen, the attribute set of the data user is describedUnsatisfied access control treesOtherwise
When the above first sub-process is completed, ifThen it means that the data consumer is not aligned to the keywordThe query authority of (1); otherwise, the cloud server continues to execute a second sub-process to determine whether the following equation holds:
wherein the content of the first and second substances,,the meanings are shown in formula (2)
If the equality is true, the query keyword is indicatedAnd encrypting the inverted indexIndex key in (1)Equal, then the cloud server returns the indexAll encrypted data files in the file system; data consumer uses file decryption key granted by data ownerDecrypting the ciphertext; the correctness of the security query can be verified by the following derivation:
if the trapdoorQuery keyword in (1)Andthe middle index key w is equal, i.e.Then:
。
Technical Field
The invention belongs to the technical field of application of a block chain cross-chain data cooperation technology and police service data management in the block chain technology, and particularly relates to a police service resource data governance cooperation method based on a block chain.
Background
With the continuous improvement of informatization level, a public security department generates, collects and stores a large amount of police resource data in the case processing process. The branch mechanisms of the public security industry are numerous, the informatization levels of all the mechanisms are different, the mechanisms are difficult to organically combine with other departments, the information is easily collected and updated untimely and inaccurate in the working processes of police service resource data generation, transmission, processing, storage and the like, common knowledge cannot be formed among all the departments for the co-construction and sharing modes of case resources, and cross-department and cross-hierarchy information transmission and data sharing are still difficult to realize.
The problem faced by current police resource data is summarized in three aspects: 1. the data security problem and the data tampering problem are solved, and in the system, if data extraction personnel, system administrators and database management personnel are communicated in series, some data in the database are tampered, so that the credibility of the data in the database is seriously influenced. 2. The problem of expansibility of the data convergence platform is that when a new subject mechanism or system needs to submit data to the sharing platform, complex adaptation work needs to be performed. 3. After the data are gathered, whether the data are used in a specified range or not and whether the data are illegally used or not are judged, and higher requirements are put forward on a management method and a management tool of a police resource data management department.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a police service resource data governance cooperative method based on a block chain aiming at the defects of the background technology, wherein the characteristics of multi-party cooperation, safety, credibility and the like of the block chain are applied to the construction of a data standard, the guarantee of data safety and the control of a data sharing process; on the basis of realizing comprehensive collection of police resource data, a case network is built and integrated by using technical characteristics such as a block chain distributed account book and public and private key encryption, a service data standard commonly recognized by each public security department is built, a cross-department service scene is built by means of an intelligent contract, cross-department service collaboration is efficiently supported through practice, and the method has a very good advantage for realizing police resource data sharing and case service collaboration based on the characteristics of non-falsification, decentralization, data encryption and trust transfer of a block chain technology.
The invention adopts the following technical scheme for solving the technical problems:
a police service resource data governance cooperative method based on a block chain specifically comprises the following steps:
step 1, constructing a case data quality collaborative model based on a block chain: through governing model structure, method, flow and number
Introducing an anti-tampering technology according to sharing and access control, data updating and intelligent contracts to achieve a governing target based on the characteristics of a regional chain distributed account book, an encryption algorithm and a consensus mechanism;
step 2, establishing a multi-party cooperation standard: implementing complexities by establishing rule-based data and standardized intelligent contracts
Each record of the business logic industry standard library chain is orderly linked from the back to the front, and the method is safe and stable, cannot be tampered and can be traced;
step 3, the intelligent contract forms a solidified transparent service: performing solidified transparent business logic by means of intelligent contracts
Performing hard core control on data standards and operation flows of various services, and storing service data through intelligent cooperation, thereby effectively avoiding service conflicts caused by problems of management modes, rule changes, system upgrading and the like among departments;
step 4, the multi-partition user authorization mechanism guarantees privacy security: user information authorization for realizing transactor and business management and business
Unified configuration management is provided for service data items, protocol management, protocol content management, authorization modes, electronic approval process management, cloud storage encryption and the like;
and 5, finishing the cooperative treatment of the block chain data.
As a further preferable scheme of the police service resource data governance collaborative method based on the block chain, in step 1, a tamper-proof technology is introduced, specifically as follows:
attackerFirst before attempting to tamper with the newest blockFor the data of the block, an attacker needs to modify the hash value of the block and recalculate the hash values of all the blocks; setting the current full-network honesty node computing power to be per secondCalculating the secondary hash value, wherein the block hash value under the current calculation difficulty containsA prefix binary 0; the attacker is newly added computing power with the magnitude of computing power per secondCalculating a secondary hash value; if no new node participates, the probability that the honest node obtains a new block in each second isThe probability of an attacker obtaining a new block is(ii) a Initial height difference between attacker and honest nodeIs provided withIs as followsHeight difference of second, height differenceThe probability of change per second is divided into 3 cases:
event(s): if the attacker does not generate a block, the honest node generates a block,plus 1, probability;
Event(s): if the attacker does not generate a block, the honest node generates a block,minus 1, probability;
Event(s): if the attacker does not generate a block, the honest node generates a block,invariance, probability;
The height difference per secondThe variation probability distribution of (a) conforms to a plurality of distributions:
when in useThe attacker successfully pursues honestyThe node issues the block chain, and the data is successfully tampered;
in thatWithin a second, will appearEvent of secondary altitude change, deviceIs composed ofThe number of occurrences; when the tampering is successful, the user may,at least take placeThen, setIs an eventThe difference between the actual number of occurrences and the minimum number of occurrences, thenThe actual number of occurrences is;The number of occurrences is based on the number of occurrences of the first two, and isWherein, in the step (A),;
then is atWithin seconds, the probability of an attacker pursuing honest nodes is as follows:
obtaining the probability of successful tampering block data of an attacker according to a formula and the depth of the tampered blockThe increase in (c) is lower and lower.
As a further preferable scheme of the coordination method for police service resource data governance based on the block chain, the step 2 is specifically divided into two stages:
the first stage is outside the chain, and consists of an identity authentication module, a right management module and a supervision management module, and is used for verifying the user state, giving rewards to the user and supervising the user behavior;
the second stage is in the chain, which is composed of industry standard library chains, wherein each industry standard library chain is used for storing and reading police service resource data information of the industry standard library chain; and the user is verified to be a registered user through the identity authentication module, and the registered user carries out interaction between the first stage and the second stage by calling the intelligent contract.
As a further preferable scheme of the block chain-based police service resource data governance collaborative method of the present invention, a block chain-based police service resource data standard co-construction management algorithm and process are as follows:
step 2.1, the police service resource data demander submits a registration application, and the identity of the police service resource data demander is verified through an identity authentication module to obtain a corresponding return state, wherein the police service resource data demander becomes a registered user if the registration is successful, and otherwise the police service resource data demander fails to register;
step 2.2, the data demander has corresponding integral information through the authority management module;
step 2.3, the data demander has corresponding supervision information through a supervision management module;
step 2.4, the data demander calls an intelligent contract to apply, inquire and clone the data standard;
and 2.5, automatically completing corresponding operation by the police service resource data standard library chain by means of an intelligent contract.
As a further preferable scheme of the police service resource data governance collaborative method based on the block chain, in step 3, the storage of contract codes and states by the block chain guarantees the reliability and observability of contract storage, an intelligent contract is a code stored on the block chain, a contract state is stored in the block chain, the contract codes are executed through block chain link points, a contract calculation result through a distributed consistency algorithm is stored in the block chain, and the contract state is updated; the state transition of the blockchain can be given as shown in the formula:
wherein the content of the first and second substances,a state transfer function for a block chain;for block chains at timeThe state of (1);is a police service;
the method comprises the following steps that services are collected and placed into blocks, each block is indicated by a hash value of the block, one block not only has a set of hash and transaction of the previous block, but also has a block chain state from the block, the hash of the previous block is placed into the block, and therefore the block is connected into a chain, and the specific expression is as follows:
the hash of the previous block is put into the block, so that the block is connected into a chain to form a nested function, wherein the specific expression is as follows:
the block chain stores all case services in a block, so that the following tracing query is facilitated, the latest state of the block chain is stored in an MPT, and the MPT is written as merkle patricia trie, wherein the MPT is a combined abbreviation of a Mercker tree and a Telejia tree, is an improved data structure which integrates the advantages of the two tree structures of the Mercker tree and the prefix tree, is a very important data structure in an Ether, and is used for storing a state change state tree of the police service, generating a latest state abstract in real time, and further quickly finding required information according to a state keyword Key.
5. The cooperative police service resource data governance method based on the block chain as claimed in claim 1, wherein:
in step 4, the query keyword submitted by the data user should meet two security requirements, one is the privacy of the query keyword, namely the query keyword of the data user cannot be delivered to the cloud server in a plaintext form; second, if the query keyword is unlinkable, assume that the data userAll the contained keys need to be retrieved from the encrypted inverted indexThe data user utilizes the key by the following two stepsEncrypting the query keyAnd a query trapdoor is generated,
first, the data userRandomly selecting an elementThe following formula is calculated, wherein,is from a collectionThe random numbers are selected randomly and uniformly: to facilitate writing
Wherein the content of the first and second substances,is two orders of prime numberThe cyclic multiplication group of (a) is,into a groupA generator of (2); defining bilinear mappingsAnd two secure hash functionsRespectively hashing character strings of any length into groupsAnd groupAn element of (1);randomly and uniformly slave to a group for a key distribution centerThe two elements selected above are used for generating a secret key;
secondly, for eachData user u calculation;(1)
Wherein the content of the first and second substances,in order to be a collection of attributes,for the complete set of system attributesAny one of the attributes of (a), (b), (c), (d) and (d) any one of (d), (d) and (d) any (d) and (d) an (d) an (d) an (d,presentation groupOne set of the above-mentioned (c) is,is from a collectionWherein the random number is randomly and uniformly selected,,is an attributeA random attribute key is generated, and the random attribute key is generated,;
data owner based on index keyAccess rights requirement of, defining an access control treeFromStarting from the root node of (1), in a top-down mannerEach node inConstructing a polynomialAnd is provided withThe number of the highest order term being the threshold for groundingAs little as 1, i.e.(ii) a For root nodeThe data owner randomly selects a valueAnd is provided withData owner settings for any other node;
When the data owner decides to revoke an attribute of the data consumerHe only needs to be an attributeGenerating a new attribute keyAnd useWith a full set of replacement keysSending outSending the data to a cloud server; when the cloud server receivesThen, first useWith a full set of updated attribute keysThen, for each encrypted inverted listWhich has access to a control tree ofIf, ifContains an attributeThen the cloud server uses the attribute keyUpdatingIn (1)Is composed ofAfter updateCan be expressed as:
(2)
suppose thatLeaf node inCorresponding attribute isThat is to say;
The cloud server has strong storage and calculation capacity, is used for storing encrypted outsourced data, is also used for inquiring on the encrypted security index according to the inquiry trapdoor submitted by the data user and returning an encrypted inquiry result to the data user, and when the cloud receives the data userQuery trapdoorThen, an encrypted inverted list is givenThe cloud server can return the inverted list only if the following two conditions are satisfied simultaneouslyIndex of all encrypted data files: firstly, theWith a list of inversionsInquiry authority, IIIf true; the whole safety inquiry process is divided into the following two sub-processes:
the first subprocess is that the cloud server traps the door according to the queryDetermining data usersWhether or not there is a pair indexThe inquiry authority is specifically as follows:
letIs an access control treeFor each leaf nodeLet aRepresenting the attribute of the leaf node representation, i.e.If, ifThen, calculate:
if it is notThen define;
Wherein, the meaning of the characters can be known by formulas (1) and (2);
for each non-leaf nodeWith a node threshold ofIf there is one containingAnSet of child nodes ofAnd for each child nodeAll satisfyThen calculate
Wherein the content of the first and second substances,is the lagrange coefficient; if no such collection exists, a collection of attributes is indicated to the data consumerUnsatisfied nodeIs then defined;
For access control treeRoot node ofAfter the above recursion operation, ifThen, the attribute set of the data user is describedUnsatisfied access control treesOtherwise
When the above first sub-process is completed, ifThen it means that the data consumer is not aligned to the keywordThe query authority of (1); otherwise, the cloud server continues to execute a second sub-process to determine whether the following equation holds:
wherein the content of the first and second substances,,the meaning is shown in formula (2);
if the equality is true, the query keyword is indicatedAnd encrypting the inverted indexIndex key in (1)Equal, then the cloud server returns the indexAll encrypted data files in the file system; data consumer uses file decryption key granted by data ownerDecrypting the ciphertext; the correctness of the security query can be verified by the following derivation:
if the trapdoorQuery keyword in (1)Andmiddle index key wordAre equal, i.e.Then:
。
compared with the prior art, the invention adopting the technical scheme has the following technical effects:
1. the invention solves the problems of safety and privacy protection of data sharing, and under a distributed account book sharing mechanism, each node stores the total police affair shared data, so that the traditional data center management mode is not applicable any more; in the data sharing process of the block chain, a national secret SM2 asymmetric encryption algorithm is adopted, each police resource data processing related personnel and sub-department are defined as a main body, and a set of encrypted and decrypted public and private keys are granted to each main body; when data are transmitted in a department, a main public key corresponding to the data is obtained, field-level encryption is carried out on a police affair resource data body, and then transaction of a block chain is formed and submitted to a public account book, so that police affair resource data which are totally shared are recorded in the block chain, but each field is encrypted, and the contradiction between real-time sharing, authentication change and safe utilization of the data is fundamentally solved;
2. the invention realizes credible police resource data sharing by means of a distributed account book: by means of the characteristics of the block chain distributed account book, all nodes on the chain participate in data storage and verification, all department nodes on the chain maintain the same public account book together, each department is guaranteed to have the most accurate and full police resource data, the transaction traceability is guaranteed through the characteristics of public and private key encryption technology, the transaction cannot be repudiated and damaged, and the privacy of individuals/units is guaranteed not to be revealed;
3. the method constructs an ecological mechanism for sharing and utilizing police service resource data, constructs a set of ecological mechanism for promoting sharing and utilizing of the police service resource data of the block chain by means of the Token mechanism of the block chain, and improves the enthusiasm of data sharing of departments; in practical application, a new mode of collecting business-driven data is explored, points are obtained through data sharing, and the use right of the data is obtained in the form of point consumption; the mechanism is solidified by using a block chain intelligent contract, the increment of the integral and the consumption of all nodes are visible, and the question of each department on fairness and authority is eliminated.
Drawings
FIG. 1 is a schematic diagram of a police resource data quality collaboration model of the present invention;
FIG. 2 is a flow of the multi-partition offload processing of the present invention;
fig. 3 is a flowchart of a coordination method for police resource data governance based on a block chain.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the attached drawings:
the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A block chain-based police service resource data governance coordination method is disclosed, as shown in FIG. 1, and specifically comprises the following steps:
step 1, constructing a case data quality collaborative model based on a block chain: through governing model structure, method, flow and number
Introducing an anti-tampering technology according to sharing and access control, data updating and intelligent contracts to achieve a governing target based on the characteristics of a regional chain distributed account book, an encryption algorithm and a consensus mechanism;
step 2, establishing a multi-party cooperation standard: implementing complexities by establishing rule-based data and standardized intelligent contracts
Each record of the business logic industry standard library chain is orderly linked from the back to the front, and the method is safe and stable, cannot be tampered and can be traced;
step 3, the intelligent contract forms a solidified transparent service: performing solidified transparent business logic by means of intelligent contracts
Performing hard core control on data standards and operation flows of various services, and storing service data through intelligent cooperation, thereby effectively avoiding service conflicts caused by problems of management modes, rule changes, system upgrading and the like among departments;
step 4, the multi-partition user authorization mechanism guarantees privacy security: user information authorization for realizing transactor and business management and business
Unified configuration management is provided for service data items, protocol management, protocol content management, authorization modes, electronic approval process management, cloud storage encryption and the like;
and 5, finishing the cooperative treatment of the block chain data.
The method comprises the following specific steps: 001, constructing a data quality cooperation model based on a block chain:
by analyzing the data governance requirements in a big data environment, the problems of data standardization, data quality management, data safety, compliance and the like are the primary challenges facing data governance. The data standardization level comprises metadata management and main data management, the consistency, the normalization and the integrity of data are guaranteed on the basis, and the data quality is improved. The distributed account book characteristic of the block chain can guarantee data security and sharing, the privacy of the participants and users is guaranteed through an encryption mechanism, and the efficient opinion achievement under the multi-party collaboration environment can be guaranteed through a consensus mechanism. The schematic diagram of the police service resource data quality collaboration model of the invention is shown in fig. 1. The data management mainly comprises the aspects of data standardization, data quality management, data safety compliance and the like, and finally achieves the management targets of strategy consistency, risk control, operation compliance and value realization through the cooperative management of the three. The implementation of the governance target is mainly based on the characteristics of a block chain distributed account book, an encryption algorithm and a consensus mechanism and is realized through three aspects of a governance model structure and method flow, data sharing and access control, data updating and intelligent contracts.
And a block chain anti-tampering technology is introduced into the model, so that the data consistency is ensured. The blockchain technique guarantees data consistency using a workload-proof consensus mechanism. Suppose an attacker tries to tamper the first before the newest blockBlock chunk data, an attacker must modify the chunk hash values and recalculate the hash values for all chunks afterwards. Assuming that the current full-network honest node computing power is per secondCalculating the secondary hash value, wherein the block hash value under the current calculation difficulty containsThe prefix is binary 0. The attacker is newly added computing power with the magnitude of computing power per secondAnd calculating a secondary hash value. For an attacker to calculate the past blocks mainly without influencing the generation speed of the new blocks, the calculation difficulty of the hash value of the new blocks cannot be increased, and for simplifying the calculation, no new node participates, and the probability that the honest node obtains the new blocks in each second isThe probability of an attacker obtaining a new block is. Initial height difference between attacker and honest nodeIs provided withIs as followsHeight difference of second, height differenceThe probability of change per second is divided into 3 cases.
Event(s)The attacker does not generate blocks, the honest nodes generate blocks,plus 1, probability
Event(s)The attacker does not generate blocks, the honest nodes generate blocks,minus 1, probability
Event(s)The attacker does not generate blocks, the honest nodes generate blocks,invariance, probability
Height difference per secondIs adapted to fit a plurality of distributions
When in useAnd then, an attacker successfully catches up with the honest nodes, can distribute the block chains and successfully tampers the data. In thatWithin a second, will appearEvent of secondary altitude change, deviceIs composed ofThe number of occurrences; when the tampering is successful, the user may,at least take placeThen, setIs an eventThe difference between the actual number of occurrences and the minimum number of occurrences, thenThe actual number of occurrences is;The number of occurrences is based on the number of occurrences of the first two, and isWherein, in the step (A),. In thatWithin seconds, the probability of an attacker pursuing honest nodes is
Obtaining the probability of successful tampering block data of an attacker according to a formula and the depth of the tampered blockThe increase in (c) is lower and lower.
The police service resource data standard construction model based on the block chain is provided in the step, and by means of the ideas that technical data of the block chain is public, transparent and traceable, each crime record in an industry standard library is orderly linked from back to front, so that the police service resource data standard construction model has the characteristics of safety, stability, incapability of being tampered and traceable. The industry standard library chain network is an end-to-end distributed network which is constructed by all added nodes together, all the nodes are required to be maintained together, external data acquired by the internet and internal data stored in a block chain can be read by establishing a rule-based data and a standardized intelligent contract, complex business logic is realized, an application scheme of data standardization is finally constructed, and an important target of data management is realized.
002 standards for multiparty collaboration are constructed:
the blockchain is a unique way for storing data in cryptocurrency such as bitcoin, and is a self-referenced data structure, which is commonly used for storing a large amount of transaction information. Based on a data quality collaborative model, the invention provides a police service resource data standard management method based on a block chain on the basis of comprehensively considering a data standard management model, and the invention realizes the ordered linking of each police service resource record from back to front by utilizing the design idea of a transparent and traceable product architecture of data disclosure of the block chain technology, and has the characteristics of safety, stability, no tampering and convenient tracing. The whole construction is divided into two stages: the first stage is outside the chain, mainly composed of an identity authentication module, a right management module and a supervision management module, and mainly responsible for verifying the user state, giving rewards to the user and supervising the user behavior; and the second stage is in a chain, mainly comprising industry standard library chains, wherein each industry standard library chain comprises a module which is responsible for storing and reading police service resource data information of the industry standard library chain. And the user is verified to be a registered user through the identity authentication module, and the registered user carries out interaction between the first stage and the second stage by calling the intelligent contract.
The police service resource data standard co-construction management algorithm and process based on the block chain are as follows:
the method comprises the following steps: the police resource data demander submits a registration application, and the identity of the police resource data demander is verified through the identity authentication module to obtain a corresponding return state. If the registration is successful, the user becomes a registered user, otherwise, the registration is failed.
Step two: the data demander has corresponding point information through the authority management module.
Step three: the data demander has corresponding supervision information through the supervision management module.
Step four: and the data demander calls the intelligent contract to carry out operations such as application, query, cloning and the like of the data standard.
Step five: and the police service resource data standard library chain automatically completes corresponding operation by means of an intelligent contract.
The data standardization needs to follow a certain standardization principle, and the standardization principle can improve the data quality to the maximum extent, ensure the standardization and form a data sharing mechanism. The police service resource data standard co-construction method based on the block chain unifies the rules of the data standard, unifies the data query interface, and can share data in real time. Through an incentive system of authority management, user viscosity is enhanced, the problem of data island is eliminated, and data standard interconnection, intercommunication and mutual trust are realized.
003 Smart contracts form a solid transparent business:
when police resource data are shared, the block chain guarantees the complete consistency of the police resource data of each node through the account book, and meanwhile, an executable code can be issued on the block chain. The method executes the solidified and transparent business logic in an intelligent contract mode, performs hard core control on data standards, operation flows and the like of various businesses, and effectively avoids business conflicts caused by problems of management modes among departments, rule change, system upgrade and the like.
The storage of the contract codes and the states by the block chain ensures the reliability and the availability of the contract storageObservability, the intelligent contract is code stored on the blockchain, the contract state is stored in the blockchain, the contract code is executed through the blockchain link points, the contract calculation result through the distributed consistency algorithm is stored in the blockchain, and the contract state is updated. The state transition of the blockchain can be given as shown in the formula:whereinA state transfer function for a block chain;for block chains at timeThe state of (1);in order to police service, in a block chain system, services are collected and placed into blocks, each block is referred to by a hash value of the block, one block not only has a set of hash and transaction of the previous block, but also has a block chain state up to the block, and the hash of the previous block is placed into the block, so that the block is connected into a chain, wherein the specific expression is as follows:
the hash of the previous block is put into the block, so that the block is connected into a chain to form a nested function, wherein the specific expression is as follows:
the block chain stores all case services in a block, so that the following tracing query is facilitated, the latest state of the block chain is stored in an MPT (quick patricia trie), wherein the MPT is a combined abbreviation of a Merck tree and a Terrisian tree, is an improved data structure which integrates the advantages of the Merck tree and a prefix tree, is a very important data structure in an Ether, and is used for storing the state change (state tree) of the police service in the patent, instantly generating the latest state abstract, and further quickly finding out the required information according to a Key (state keyword).
Taking case-related police type and case-related detailed information of case management departments as examples, a block chain intelligent contract technology is introduced, the problems of consistency, timeliness and safety of the case-related police type and the case-related detailed information can be well solved, after all the police departments achieve consensus on business standards according to business requirements, shared intelligent contract codes are formed and issued to a 'block chain + police resource management' platform, different operations of all the departments on account data based on own data authorities are achieved through achieving the consensus intelligent contracts, and account data can be updated in real time through intelligent contracts such as network security police increasing, refreshing and importing the case information and inquiring case tables. Through the convention of the transaction rules, disputes caused by the problems of unclear rules and the like among departments are completely avoided, and the data of different departments are completely consistent under the block chain guarantee.
The 004 multi-partition user authorization mechanism guarantees privacy security:
police service resource data sharing of the block chain effectively solves the safety and privacy protection of data, and emphasizes the use right of a business policeman to the data in public security service.
The query keywords submitted by the data user meet two security requirements, namely the privacy of the query keywords is ensured, namely the query keywords of the data user cannot be delivered to the cloud server in a plaintext form; second, if the query keyword is unlinkable, assume that the data userAll the contained keys need to be retrieved from the encrypted inverted indexThe data user utilizes the key by the following two stepsEncrypting the query keyAnd a query trapdoor is generated,
first, the data userRandomly selecting an elementCalculating the following formula (Is from a collectionRandom numbers selected randomly and uniformly): to facilitate writing
;
Wherein the content of the first and second substances,is two orders of prime numberThe cyclic multiplication group of (a) is,into a groupA generator of (2). Defining bilinear mappingsAnd two secure hash functionsRespectively hashing character strings of any length into groupsAnd groupAn element of (1).Randomly and uniformly slave to a group for a key distribution centerThe two elements selected above are used to generate a key.
Secondly, for each,
Data userComputing(1)
Wherein the content of the first and second substances,in order to be a collection of attributes,for the complete set of system attributesAny one of the attributes of (a), (b), (c), (d) and (d) any one of (d), (d) and (d) any (d) and (d) an (d) an (d) an (d,presentation groupOne set of the above-mentioned (c) is,is from a collectionWherein the random number is randomly and uniformly selected,,is an attributeA random attribute key is generated, and the random attribute key is generated,。
data owner based on index keyAccess rights requirement of, defining an access control treeFromStarting from the root node of (1), in a top-down mannerEach node inConstructing a polynomialAnd is provided withThe number of the highest order term being the threshold for groundingAs little as 1, i.e.. For root nodeThe data owner randomly selects a valueAnd is provided withData owner settings for any other node。
When the data owner decides to revoke an attribute of the data consumerHe only needs to be an attributeGenerating a new attribute keyAnd useWith a full set of replacement keysSending outTo the cloud server. When the cloud server receivesThen, first useWith a full set of updated attribute keysThen, for each encrypted inverted listWhich has access to a control tree ofIf, ifContains an attributeThen the cloud server uses the attribute keyUpdatingIn (1)Is composed ofAfter updateCan be expressed as:
(2)
suppose thatLeaf node inCorresponding attribute isThat is to say。
The cloud server has strong storage and calculation capacity, is used for storing encrypted outsourced data, is also used for inquiring on the encrypted security index according to the inquiry trapdoor submitted by the data user and returning an encrypted inquiry result to the data user, and when the cloud receives the data userQuery trapdoorThen, an encrypted inverted list is givenThe cloud server can return the inverted list only if the following two conditions are satisfied simultaneouslyIndex of all encrypted data files: firstly, theWith a list of inversionsInquiry authority, IIIf true; the whole safety inquiry process is divided into the following two sub-processes:
the first subprocess is that the cloud server traps the door according to the queryDetermining data usersWhether or not there is a pair indexThe inquiry authority is specifically as follows:
letIs an access control treeFor each leaf nodeLet aRepresenting the attribute of the leaf node representation, i.e.If, ifThen, calculate:
if it is notThen define;
The meaning of the character can be seen from the formulas (1) and (2).
For each non-leaf nodeWith a node threshold ofIf there is one containingAnSet of child nodes ofAnd for each child nodeAll satisfyThen calculate
Wherein the content of the first and second substances,is the lagrange coefficient; if no such collection exists, a collection of attributes is indicated to the data consumerUnsatisfied nodeIs then defined;
For access control treeRoot node ofAfter the above recursion operation, ifThen, the attribute set of the data user is describedUnsatisfied access control treesOtherwise
When the above first sub-process is completed, ifThen it means that the data consumer is not aligned to the keywordThe query authority of (1); otherwise, the cloud server continues to execute a second sub-process to determine whether the following equation holds:
wherein the content of the first and second substances,the meanings are shown in formula (2)
If the equality is true, the query keyword is indicatedAnd encrypting the inverted indexIndex key in (1)Equal, then the cloud server returns the indexAll encrypted data files in the file system; data consumer uses file decryption key granted by data ownerDecrypting the ciphertext; the correctness of the security query can be verified by the following derivation:
if the trapdoorQuery keyword in (1)Andmiddle index key wordAre equal, i.e.Then:
the main idea of inter-chain privacy protection is to perform a partitioned processing on the user's request. The physical network layers of all the partitions are common, so that a network interface layer needs to take the role of transaction shunting, when a client sends a transaction request to a node, a unique ID (NS _ ID) of a partition where the transaction is located needs to be attached, the interface layer forwards the transaction to an NSM through the NS _ ID in an analysis request and distributes the transaction by the NSM, the next figure shows the processing flow of the multi-partition transaction request, the client sends 3 transactions to the node, and after receiving the transaction request, the node needs to perform one-time transaction analysis on an RPC interface layer, reads the NS _ ID of the transaction, and forwards the transaction ID and the transaction itself to an NSM partition manager. Subsequently, the NSM distributes the transaction request to the processing modules of the corresponding partitions according to the given NS _ ID, thereby implementing the offloading processing of the transaction.
The flow of the multi-partition splitting process is shown in fig. 2.
Compared with the traditional transaction processing flow, the transaction processing flow with the common identification of the partitions has two more steps: the RPC interface layer analyzes the partition ID, and the partition manager NSM distributes the transaction according to the partition ID. After the NSM has shunted transactions, the processing logic inside the partition is consistent with the original solution. In the reconstruction process of the partition consensus scheme, each module in the system needs to be decoupled, so that the calling logic between the modules becomes clearer
The authorization of the user is obtained in a specific service scene, and the external organization can use the data of the user. In order to ensure the stable operation of the business process, the authorization of the user information realizes that the transactor provides uniform configuration management with business management, business data items, protocol management, protocol content management, authorization modes, electronic approval process management and the like. And according to the management requirement of the authorization service, the face recognition verification and the short message verification are docked to verify the real person authentication. And (4) based on different application scenes of the access authorized by the blockchain data, the natural person/legal person authorizes the relevant organization and allows the use of the relevant data of the authorized subject. It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The above embodiments are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the protection scope of the present invention. While the embodiments of the present invention have been described in detail, the present invention is not limited to the above embodiments, and various changes can be made without departing from the spirit of the present invention within the knowledge of those skilled in the art.