CN112347491A - A method for endogenous data security interaction for dual-middle-platform dual-chain architecture - Google Patents

Abstract

The invention discloses a method for endogenous data security interaction of a double-middlebox double-chain architecture, which comprises the double-middlebox architecture and the double-chain architecture, wherein the double-middlebox architecture comprises a service, a service system, a service center, a data center, a service foundation and a data foundation, and the double-chain architecture comprises data information, a data chain, a service chain and a service record. According to the method for the safe interaction of the endogenous data of the double-middle-station double-chain architecture, the block chain technology is introduced into the middle station, the interaction safety of the endogenous data is improved, the credibility of the middle station data before uplink is guaranteed, an improved Shupu threshold endogenous data interaction protocol is constructed to guarantee the safety of the data before uplink, an interaction mechanism fusing signature under a chain and signature on the chain is designed on the basis of the work, the data interaction efficiency of the double-middle-station double-chain is improved, the middle-station business can be more efficient when relevant information of the middle-station data is extracted, and the business processing capacity is enhanced.

Description

Method for endogenous data secure interaction of double-middlebox double-chain architecture

Technical Field

The invention relates to the technical field of data information management, in particular to a method for endogenous data security interaction of a double-middlebox double-chain architecture.

Background

Traditional data middleboxes mainly serve for layering and attribute separation of data, and have the capability of precipitating common data. The data center station is a sharing platform which collects, calculates, stores and processes mass data through a data technology and simultaneously unifies standards and calibers. It was first proposed by Alibama in a 2016 research report, with the aim of helping to achieve global data specifications in an attempt to adequately leverage the functionality developed by technology platforms to front-end applications. The reasons for the occurrence of the platform in the Alibara data come from the ever-changing data requirements and the high-speed timeliness requirements of a plurality of internal business departments, and the data requirements of a plurality of business foreground are met, and simultaneously the linear expandable problem of large-scale data, the decoupling problem of a complex activity scene business system and the like are also solved. However, the concept of stations in data is still too broad and there is no industry standard in the industry. When the domestic science and technology companies compete to develop the large and medium platform planning, the information officer of the first seat of the Ali Bara pioneers has developed the architecture idea of the business medium platform in different occasions in recent years. The business middle station is an integrated system with which all application systems must establish contact so as to better realize the operation mechanism of the enterprise core business. And (4) considering a new idea of fusing and innovating the service middling station and the data middling station to further refine the function of the middling station. However, a prominent problem existing in the fusion process of the data center station and the service center station is the efficiency problem of data interaction. When a plurality of service flows and data flows are transmitted interactively among the middlings, a complete service and data processing process is difficult to be clarified. The mixing of the endogenous service information and the data information leads to the complicated tracing of the service flow and the complicated scheduling of the data flow, and the safety of data interaction also faces certain challenges. Therefore, how to ensure that the efficiency of endogenous data interaction between the middlings is improved under a safe condition to promote the construction of the middlings is an urgent issue to be researched. In response to the above problem, the present research uses a blockchain technique to split the interactive data. The block chain technology, as a point-to-point emerging computer technology, can provide possible approaches in the aspects of solving the problems of difficult service tracing and rough data scheduling. By means of the technical characteristics of the block chain, on one hand, the privacy protection of the data security circulation and data security storage of the double-middlebox system enabling the data + service is realized, and on the other hand, by means of a consensus mechanism and an economic model, the ecological resources of the block chain are fused to perform technical fusion innovation on the actual landing scene. The block chain technology is fused with the double middleboxes, but does not invade related middlebox services, but is similar to be used as the bottom layer technology of a middlebox system to enable, so that the problem of low efficiency of directly processing mass data by the block chain technology is solved. By utilizing the advantages of transparent disclosure, difficult tampering and the like of the block chain, the processed valuable data can be circulated, stored and traced, so that the improvement of the data interaction efficiency is finally served. According to the research, service flow information and data flow information are respectively placed on a service chain and a data chain based on a block chain for storage according to different interactive data sources in a middlebox, and then an endogenous data interaction protocol oriented to a double-middlebox double-chain architecture is provided. Through the protocol, core data information authorizes uplink data information through a certain number of information main bodies in the stations in the set, and legal information is transmitted to the appointed block chain in batches. Meanwhile, a threshold signature algorithm of a core in the extraction protocol constructs an endogenous data interaction circulation model. Through experiments, the time overhead of the algorithm in data interaction is analyzed and compared with the traditional single signature and signature verification on a chain, and the protocol is proved to have certain advantages in improving the data interaction efficiency.

Disclosure of Invention

The invention aims to improve the interaction safety of endogenous data, ensure the credibility of the middlebox data before chaining, construct an improved Shupu threshold endogenous data interaction protocol to ensure the safety of the data before chaining, design an interaction mechanism integrating a down-chain signature and an on-chain signature check on the basis of the work, improve the data interaction efficiency of double middlebox double chains, and continuously subdivide a service structure on a service level, so that the middlebox can more efficiently extract relevant information of the middlebox data and enhance the service processing capacity.

In order to achieve the purpose, the invention provides the following technical scheme: a method for endogenous data security interaction of a double-middlebox double-chain architecture comprises the double-middlebox architecture and the double-chain architecture, wherein the double-middlebox architecture comprises a service, a service system, a service center, a data center, a service basis and a data basis, and the double-chain architecture comprises data information, a data chain, a service chain and a service record.

Preferably, the method for endogenous data secure interaction of the double-stage double-chain architecture comprises the following steps:

s1, different data can be processed in a data middle platform according to different algorithm models, and in a risk control model, the safety and the quality of main data need to be evaluated and analyzed;

s2, in the acquisition model, the uploaded data needs to be classified, and the integrated similar service data is collected for subsequent processing; for the calculation model, extracting key information in the data to perform analysis and calculation according to business needs, and then giving a corresponding processing result;

s3, according to specific services and data reading requirements, combining block chains with different consensus mechanisms, different economic models and different transaction processing capabilities, so that a service system which best meets the actual scene can be built by means of different block chain ecological strength;

s4, splitting a double-chain architecture according to a data chain and a service chain, and finally serving the data chain and the service chain in an application for processing, wherein data information is stored in a block of the data chain, service records are stored in the block of the service chain, the data chain in the architecture is used as a private chain according to service and data characteristics, the service chain can be a public chain or a alliance chain, and then the block chain stored by adopting a Merkle Tree (Merkle Tree) structure or the block chain stored by using a Merkle Patricia tree (Merkle Patricia Tree) structure is determined according to specific information of the data and the service records, and meanwhile, the number of the double-chain architecture is not limited to two chains, but two chains possibly distinguished by the data type and the service type are adopted. Each chain may be cooperatively communicated by a specific decentralized application (Dapp) or calling service;

and S5, inputting a certain data source into a data center, after the data center collects data, carrying out safety analysis on information in the data source, then, after the data center has a circulation, storing the information into a data chain, meanwhile, delivering service data extracted from the data source to the service center for processing and judgment, carrying out different service processing on different main bodies, then, transmitting the service data to the service chain for storage, and outputting a result feedback according to service requirements.

Compared with the prior art, the invention has the beneficial effects that:

1. according to the method for the endogenous data security interaction of the double-middlebox double-chain architecture, the block chain technology is introduced into the middlebox, the interaction security of the endogenous data is improved, the credibility of the middlebox data before uplink is guaranteed, and an improved Shupu threshold endogenous data interaction protocol is constructed to guarantee the security of the data before uplink.

2. According to the method for the endogenous data safety interaction of the double-middle-platform double-chain architecture, an interaction mechanism integrating under-chain signature and on-chain signature verification is designed on the basis of the work, and the data interaction efficiency of the double-middle-platform double-chain is improved. Experimental results show that the mechanism reduces 42.1% of time overhead and improves the efficiency of data interaction between the two systems of the middle station and the block chain.

3. According to the method for the endogenous data safety interaction of the double-middle-platform double-chain architecture, on the aspect of a service, the service structure needs to be continuously subdivided, so that the service middle platform can be more efficient when extracting relevant information of the data middle platform, and the service processing capacity is enhanced.

Drawings

FIG. 1 is a diagram of a dual-center platform architecture according to the present invention;

FIG. 2 is a schematic diagram of a double-stranded framework of the present invention;

FIG. 3 is a flow chart of double-stage double-chain interaction according to the present invention;

FIG. 4 is a schematic diagram of the algorithm flow of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1-4, in this embodiment: a method for endogenous data security interaction of a double-middlebox double-chain architecture comprises the double-middlebox architecture and the double-chain architecture, wherein the double-middlebox architecture comprises a service, a service system, a service center, a data center, a service basis and a data basis, and the double-chain architecture comprises data information, a data chain, a service chain and a service record.

Referring to fig. 1, the basic element of the service center platform is composed of a service micro service platform, a distributed database, a message queue and application monitoring, and the upper layer allocates different services, capabilities and management measures according to different service bodies. The right half data center station is composed of four parts, namely data acquisition, data analysis, data service and data safety, and different data can be processed differently in the data center station according to different algorithm models. In the risk control model, the safety and the quality of main data need to be evaluated and analyzed; in the acquisition model, the uploaded data needs to be classified, and the integrated similar service data is collected for subsequent processing; for the calculation model, extracting key information in the data to perform analysis and calculation according to business needs, and then giving a corresponding processing result; in addition, the data center station can also provide an interface for data query and provide corresponding data interface configuration, so that adjustment can be conveniently carried out according to service requirements, and then calling is carried out. Under the double-middle platform structure, when the business analysis is carried out, the business middle platform is used for processing; when data analysis is carried out, the data center is used for processing, so that the coupling degree of service and data is reduced. Meanwhile, the two can supplement each other and improve each other to form an enhanced closed loop, further reduce the redundancy of information in each middle station and improve certain calculation efficiency.

Referring to fig. 2, according to the specific service and the data reading requirement, the block chains with different consensus mechanisms, different economic models and different transaction processing capabilities are combined, so that a service system most suitable for the actual scene can be built by means of different ecological strength of the block chains. The double-chain architecture is split according to the data chain and the service chain, and is finally served to be processed in one application. The data information is stored in the block of the data chain, and the service record is stored in the block of the service chain. According to the service and data characteristics, the data chain in the architecture is used as a private chain, and the service chain can be a public chain or a federation chain. And then, according to the data and the specific information of the service record, determining whether the block chain is stored by adopting a merkel tree (MerkleTree) structure or stored by adopting a merkel patriciaTree (MerklePatricia tree) structure. Meanwhile, for the double-chain architecture, the number is not limited to two chains, but two chains distinguished by a data type and a service type are possible. Each chain may be cooperatively communicated by a specific decentralized application (Dapp) or calling service. 1) any user node in the chain can check the rough service processing condition under the condition of not knowing the private data information, thus ensuring the data security and the truthfulness and credibility of the service record; 2) service records and data information are separated, compared with single-chain processing, redundancy of most node accounting information can be reduced at the same time, and the throughput performance of the system is improved to a certain extent; 3) the system operation and maintenance and management are convenient, and smooth expansion of services can be logically performed. And combining the basic knowledge to provide a data interaction process under a double-middle-platform double-chain structure.

Referring to fig. 3, a certain data source is input to the data center, and after data is collected by the data center, security analysis is performed on information in the data source. Then the information is stored in a data chain through the circulation of the data center. Meanwhile, the service data extracted from the data source is delivered to the service center station for processing and judgment. And carrying out different business processing on different subjects, then transmitting the different subjects to a business chain for storage, and outputting result feedback according to business requirements, namely implementing business services. If the business main body needs to carry out the relevant service, the business main body needs to access the business service of the business middle station, and after the business service is fed back to the business middle station, the business main body requests the data middle station for calling the relevant data, and records the business data to the business chain. And the data center station carries out legal confirmation after receiving the request, then calls the content on the data chain to return, and finally feeds back the content to the service main body. Therefore, the structural design of the double-middle station not only effectively improves the accuracy and efficiency of data in service link fragmentation, but also reduces data coupling, and is beneficial to pre-classifying data sets in future services. Moreover, a double-chain structure is integrated on the basis that the double-middle-station structure is taken as a core, and compared with a single-block chain structure, the decoupling concept is more effectively utilized to reasonably distinguish uplink information. The cross-chain interaction technology with relatively low efficiency and performance is not used, and meanwhile, the concurrent data volume of the block chain data can be reduced to the maximum extent, the throughput is improved, and the overall efficiency of the double-middle-station double-chain system is greatly improved. However, when the technical advantages of the dual-middlewares and the dual-chains are fully utilized, an unavoidable problem arises, that is, in order to fully utilize the advantages of block chain disclosure, transparency, whole-process encryption and safety tracing, the problem of low efficiency is faced when signature and signature verification are performed between the dual-middlewares and the dual-chains, so that how to design a relatively efficient interaction protocol to improve the interaction efficiency is very important.

Wherein, the verification is to verify whether the downlink-uplink data coordination technology in the chain in the present study is reasonable and effective, and an algorithm flow chart of a formalized certification is firstly given for analysis, as shown in fig. 4: firstly, the first step of the algorithm is to generate a polynomial of key agreement according to formula (1); secondly, the fragmentation key is constructed according to the formula (2) and distributed to the service body or the data body through an anonymous channel.

sigM

encrypted(···)

On the basis, a threshold signature of the service record or the data information is given, whether the number of signature people reaches the threshold specified number is judged, if not, the authorization fails, and the following operation cannot be carried out; if the threshold specified number is reached, calculating an aggregated signature according to equations (4) - (6); then, the contract is verified according to the formula (7), and the validity of the signature is judged. If not, the business record or the data information can be uplink failed; if the information is legal, the encryption function is called to carry out the encrypted uplink operation of the service record or the data information, and the encryption mode is as follows. encrypted message (8) is a message to be encrypted, and is a public key used for encryption. Finally, if the content stored in the chain needs to be queried, a decryption function is called, and the decryption mode is as follows. The decrypted is an encyptedprkey, (9) prkey, among them, is a private key used for decryption. After the plaintext of the decrypted service record or data information is obtained, a complete formalized certification process is ended. From the above formalized proof, it can be seen that two rounds of inquiries are performed before data chaining, namely, the verification of the number of signature persons during data transmission and the verification of aggregated signatures ensure the safe transmission of data. After data is linked up, the data is encrypted by a specific algorithm function, and then the data can be completely and reliably obtained by only using a corresponding decryption function for decryption during calling.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (2)

Translated fromChinese

1.一种用于双中台双链架构的内生性数据安全交互的方法，包括双中台架构和双链架构，其特征在于：所述双中台架构包括有业务服务、业务系统、业务中心、数据中心、业务基础和数据基础，所述双链架构包括有数据信息、数据链、业务链和业务记录。1. a method for the security interaction of endogenous data for dual-middle-stage dual-chain architecture, comprising dual-middle-stage architecture and dual-chain architecture, characterized in that: the dual-middle-stage architecture includes business services, business systems, business Center, data center, business foundation and data foundation, the double-chain architecture includes data information, data chain, business chain and business records.2.根据权利要求1所述的一种用于双中台双链架构的内生性数据安全交互的方法，其特征在于：包括以下步骤：2. a kind of method for the endogenous data security interaction of double middle platform double chain architecture according to claim 1, is characterized in that: comprise the following steps:S1.数据中台中会依照不同的算法模型对不同的数据进行不同的处理，在风险控制模型中，需要对主数据的安全性、质量进行评估分析；S1. In the data center, Taichung will process different data differently according to different algorithm models. In the risk control model, it is necessary to evaluate and analyze the security and quality of the master data;S2.在采集模型中，需要对上传的数据进行归类，收集整合同类业务数据作后续处理；对于计算模型，主要是根据业务需要提取数据中关键信息进行分析计算，然后给出对应的处理结果；S2. In the collection model, it is necessary to classify the uploaded data, collect and integrate similar business data for subsequent processing; for the calculation model, the key information in the data is mainly extracted according to business needs for analysis and calculation, and then the corresponding processing results are given. ;S3.根据具体业务和数据读取的需要，将具有不同共识机制、不同经济模型、不同交易处理能力的区块链进行组合，使得可以借助不同的区块链生态力量搭建最符合实际场景的业务体系；S3. According to the needs of specific business and data reading, combine blockchains with different consensus mechanisms, different economic models, and different transaction processing capabilities, so that different blockchain ecological forces can be used to build the most realistic business scenarios. system;S4.将双链架构依据数据链和业务链进行拆分，并最终服务于一个应用中处理，数据链的区块中存储的是数据信息，业务链的区块中存储的是业务记录，根据业务和数据特性，架构中数据链作为私有链，而业务链可以是公有链，也可以是联盟链，然后根据数据、业务记录的具体信息决定是采用默克尔树(MerkleTree)结构存储的区块链还是用默克尔帕特里夏树(MerklePatriciaTree)结构存储的区块链，同时对于双链架构并不仅限定数量为两条链，而有可能是以数据类型和业务类型所区分的两种链。每一种链可以由具体的去中心化应用(Dapp)或调用服务来进行协同通讯；S4. Split the dual-chain architecture according to the data chain and the business chain, and finally serve it for processing in one application. The data chain blocks store data information, and the business chain blocks store business records. According to Business and data characteristics, the data chain in the architecture is used as a private chain, and the business chain can be a public chain or a consortium chain, and then according to the specific information of the data and business records, it is decided to use the Merkle Tree structure to store the area. The blockchain is still stored in the Merkle Patricia Tree structure. At the same time, the double-chain architecture is not only limited to two chains, but may be distinguished by data types and business types. kind of chain. Each chain can be coordinated by a specific decentralized application (Dapp) or calling service;S5.将某个数据源输入到数据中台，由数据中台采集数据后，对数据源中的信息进行安全分析，然后经过数据中台周转，将信息存入数据链，与此同时，抽离出数据源的业务数据交由业务中台进行处理判断，对不同主体进行不同的业务处理，然后将其传入到业务链上保存，并根据业务需求输出结果反馈。S5. Input a certain data source into the data center. After the data center collects data, the information in the data source is analyzed for security, and then the information is stored in the data chain through the data center turnover. The business data leaving the data source is handed over to the business center for processing and judgment, different business processing is performed on different subjects, and then it is transferred to the business chain for storage, and the result feedback is output according to business requirements.

Images