CN114254269B

CN114254269B - System and method for determining rights of biological digital assets based on block chain technology

Info

Publication number: CN114254269B
Application number: CN202111600121.6A
Authority: CN
Inventors: 胡凯; 杨燕; 解安可; 李思祺; 孙雅妮; 冯立波
Original assignee: Yunnan Provincial Academy Of Science And Technology; Yunnan Innovation Institute of Beihang University
Current assignee: Yunnan Provincial Academy Of Science And Technology; Yunnan Innovation Institute of Beihang University
Priority date: 2021-12-24
Filing date: 2021-12-24
Publication date: 2022-10-04
Anticipated expiration: 2041-12-24
Also published as: CN114254269A

Abstract

The invention discloses a system and a method for confirming the rights of a biological digital asset based on a block chain technology, wherein the system comprises the following steps: an infrastructure layer, a network layer, a contract layer, a service layer, and a client layer. The method comprises the following steps: initializing and verifying a digital certificate, calculating hash of data to be authenticated and signing; applying a time stamp by the hash value of the data to be authenticated, and generating a data certificate of the data to be authenticated; and signing the data certificate to obtain a signature certificate, determining the authority of the data certificate and the signature certificate, and returning the authority-determined uplink hash value in the record to the client. The invention has the advantages that: the security of the authentication of the biometric assets is improved.

Description

System and method for determining rights of biological digital assets based on block chain technology

Technical Field

The invention relates to the technical field of biometric data right determination, in particular to a system and a method for determining the right of a biometric asset based on a block chain technology.

Background

In the era of explosive growth of data, the requirements for data security and data right assurance are imperative. In the existing internet technology environment, the existing data asset right confirming method has a single means when the right of the digital asset is confirmed, and the method is relatively more traditional. For example, the existing method, method one: the method comprises the steps of firstly establishing temporary connection, sending a private key to a relation node, then establishing action proxy relation connection, carrying out data processing through the action proxy relation connection authorization to generate result data, sending the result data to the relation node, and signing the result data through the private key by the relation node to achieve the right of the data. The second method comprises the following steps: the data packet is uniquely identified, then the transaction information of the data packet is obtained, the identifier of the data packet is signed, then the data block and the identifier signature corresponding to the data block are sent to a related right confirming center, the right confirming center verifies and confirms the related information to issue a certificate for a data owner and confirms the right of a data star, and the right confirming center performs post tracking and maintenance on the related information. The two methods are relatively traditional and have certain centralization, the data has the risk of being tampered, the safety line of the data asset cannot be guaranteed, and the authenticity of the data cannot be conveniently identified, so that the data asset has certain risk in the process of ensuring the right. The invention realizes safe and traceable asset right-confirming transaction in the block chain.

Technical terms appearing in the present invention:

block chains: the block chain is a technology for decentralized data recording, and all nodes participating in a block chain network do not belong to a certain organization and do not trust each other; the block chain data is maintained by all nodes together, and each node participating in maintenance can obtain a copy of a complete data record; the block chain is essentially a distributed database and has the characteristics of decentralization, no tampering, trace tracing, collective maintenance, high transparency and the like.

Intelligent contract: the code is deployed in a block chain node in a digital form, and based on the encryption currency and the block chain technology, the code execution process is guaranteed to be transparent and traceable and cannot be tampered.

Data right confirmation: i.e. the process of confirming the right to which the data belongs.

Biological data: biological data herein generally refers to characteristic data of an animal, plant, microorganism, etc., and includes biological information data such as name terms, characteristics, anatomical structures, etc., of more than one organism.

Digital assets: refers to any authorized text or media asset that is binary coded. The digital assets include websites and their content, domain names, application software, codes, electronic documents, picture content, media content, electronic money, e-mails, game accounts, accounts and their content, social network accounts and their relationships and content, cloud service accounts and their data, and the like. From an economic perspective, digital assets are owned or controlled by enterprises, exist in the form of data, produce, manage or hold variable assets for sale in daily activities, and belong to network property.

And (3) data security: technical and administrative security protection is established and employed for data processing systems to protect computer hardware, software and data from being damaged, altered and revealed by casual and malicious causes. The security of a computer network can thus be understood as: by adopting various technologies and management measures, the network system can normally operate, thereby ensuring the availability, integrity and confidentiality of network data. Therefore, the purpose of establishing network security protection measures is to ensure that data transmitted and exchanged over the network is not subject to increase, modification, loss, leakage, and the like.

Data packet: a Packet (Packet) is a unit of data in TCP/IP protocol communication transmission, and is also generally referred to as a "data Packet".

TCP/IP protocol: the TCP/IP protocol operates at the third layer (network layer), the fourth layer (transport layer) of the OSI model, and the frames operate at the second layer (data link layer). The content of the upper layer is transmitted by the content of the lower layer, so in the local area network, the "packet" is contained in the "frame".

Block chain service network: a Block-chain-Based Service Network (BSN), which is a public infrastructure Network and aims to provide a public infrastructure Network that can develop, deploy, operate and maintain, communicate and supervise alliance-chain applications at low cost. The block chain application publisher and the participants do not need to purchase a physical server or cloud service to build a block chain running environment of the block chain application publisher and the participants, but use a service network to provide uniform public service and rent shared resources as required.

Private key: private key encryption algorithms use a single private key to encrypt and decrypt data. Since any party with a key can decrypt data using the key, the key must be protected from unauthorized agents. Private key encryption is also known as symmetric encryption because the same key is used for both encryption and decryption. Private key encryption algorithms are very fast (compared to public key algorithms) and are particularly suitable for performing encryption transformations on large data streams. Typically, a private key algorithm (called a block cipher) is used to encrypt one block of data at a time. Block ciphers (e.g., RC2, DES, tripleDES, and Rijndael) convert an input block of n bytes into an output block of encrypted bytes by encryption. If a byte sequence is to be encrypted or decrypted, it must be done block by block. Since n is small (n = 8 bytes for RC2, DES and TripleDES; n = 16 [ default ]; n = 24; n = 32 for Rijndael), data values larger than n must be encrypted one block at a time.

Digital watermarking: digital watermarking (Digital Watermark), a technique for embedding a specific Digital signal into a Digital product to protect the copyright or integrity of the Digital product.

A user side: a Client (Client), also called Client, refers to a program corresponding to a server and providing local services to clients. Except for some application programs which only run locally, the application programs are generally installed on common clients and need to be operated together with a server. After the development of the internet, the more common clients include web browsers used on the world wide web, e-mail clients for receiving and sending e-mails, and client software for instant messaging. For this kind of application, a corresponding server and a corresponding service program are required in the network to provide corresponding services, such as database services, e-mail services, etc., so that a specific communication connection needs to be established between the client and the server to ensure the normal operation of the application program.

Local area network: the coverage area of the local area network is generally within several kilometers of a square circle, and the local area network has the characteristics of convenience and rapidness in installation, cost saving, convenience in expansion and the like, so that the local area network is widely applied to various offices. The local area network can realize functions of file management, application software sharing, printer sharing and the like, and in the using process, the safety of the local area network is maintained, so that the data safety can be effectively protected, and the normal and stable operation of the local area network can be ensured.

Interface: an interface generally refers to an abstraction (which may be another entity) that an entity provides itself to the outside world, to separate the external communication method from the internal operation, so that it can be modified internally without affecting the way other entities outside world interact with it. An interface between a human and an information machine such as a computer or between a human and a program is called a user interface. The interface between the hardware components of information machines such as computers is called hardware interface. The interface between software components of information machines such as computers is called software interface. In a computer, an interface is a shared boundary between two separate components in a computer system for the exchange of information. Such exchanges may occur between computer software, hardware, external devices or persons performing the operations, or a combination thereof.

Firewall: the firewall technology is a technology for protecting the safety of user data and information by organically combining various software and hardware devices for safety management and screening to help a computer network to construct a relatively isolated protection barrier between an internal network and an external network. The firewall technology has the functions of discovering and processing the problems of security risk, data transmission and the like which may exist during the operation of the computer network in time, wherein the processing measures comprise isolation and protection, and meanwhile, the firewall technology can record and detect various operations in the security of the computer network so as to ensure the operation security of the computer network, ensure the integrity of user data and information and provide better and safer computer network use experience for users.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides a system and a method for confirming the rights of the bio-digital assets based on a block chain technology.

In order to realize the purpose, the technical scheme adopted by the invention is as follows:

a biodigital asset right-confirming system based on a block chain technology is divided into five layers, which are sequentially as follows: an infrastructure layer, a network layer, a contract layer, a service layer and a client layer;

the infrastructure layer includes: the system comprises a business system module, an internet/private network module, a host/storage module and a safety device.

And the service system module is used for interaction between the user and the service system.

The internet/private network module is used for respectively using corresponding networks according to the actual situation of network resource occupation, and when the network resource occupation is too high, the private network is adopted, and when the network resource occupation is less, the internet is used.

The host module and the storage module comprise a server and a cloud server and are used for storing data.

The security device is used for protecting the security of an infrastructure layer network system, and comprises: firewall, IDS, IPS.

The network layer includes: a network of block chains and a number of blocks,

the blockchain network is an infrastructure that provides ledger and intelligent contract services for applications. The smart contracts are used to generate transactions that are distributed to each node in the network and recorded on a ledger.

The block chain network is used for constructing a basic block chain network of the whole system architecture, is uniformly adapted to different bottom layer interfaces through a block chain adapter, and is compatible to different bottom layers by providing an upper layer uniform interface.

The contract layer comprises: a distributed identity identification module, an intelligent contract module and a cross-chain interoperation module,

the distributed identity module and the cross-chain interoperation module cooperate with each other to form an intelligent contract mode;

the distributed identity module function is to provide digital identity for verification and providing identity information.

The intelligent contract module consists of a plurality of digital protocols. The intelligent contract has determinacy, and the intelligent contract module is executed according to the code strictly when being deployed on the chain. The automatic execution of the intelligent contract module when a transaction occurs ensures that both parties cannot default or change terms.

The cross-chain interoperation module has the function of solving the problem that the interconnection and the intercommunication of different block chain platforms are difficult to realize due to different technical lines in the aspects of communication protocols and identity management.

The service layer comprises: the system comprises a data acquisition module, a data chaining module, a data identity module, a data certificate storage module, a data transaction module, a data analysis module and a data privacy module;

the data acquisition module improves the efficiency and the feasibility of data acquisition in an automatic acquisition mode of equipment. The data acquisition module comprises a data acquisition method and a data acquisition device.

The data acquisition method specifically comprises the steps of uploading the acquired service data to a block chain to generate a key, then generating a first certificate record by the key and the acquisition time, associating the first certificate record with the service data, and uploading the first certificate record to the block chain. The acquisition device comprises information acquisition equipment and a server.

The data uplink module temporarily stores the uplink data in a transaction pool of the block link node, acquires all polling information checked by the uplink data to perform consensus voting, and determines whether the uplink data to be linked is uplink or not according to the voting result or performs other processing.

The data identity module consists of a central control processing module, a verification module and a feedback module.

The central control processing module is responsible for the control processing of the main logic of the data identity module, and the main logic is as follows: the identity metadata is sent to the input end of the central control processing module of the data identity module through the client, and is sent to the verification module after being logically processed.

And the verification module verifies the received data by the identity data and obtains a verification result. And then, sending the check result to a feedback module, wherein a preset logic rule exists in the feedback module, and after the check result is processed according to the logic rule, the check result is fed back to a central control processing module to complete the logic of the whole module.

The data evidence storage module has the functions of ensuring the originality and the attribution of the file data and avoiding the problem that the data is maliciously invaded and tampered. The data evidence storage module can correlate the hash value corresponding to the stored data packet, the user information data and the related attribute data and store the data in the block chain network to achieve reliable ownership relation evidence.

The data transaction module is used for enabling the user to upload the data after the right is confirmed to be capable of performing transaction in the transaction module. The data transaction module includes: the system comprises a data transaction center, a credible node and an intelligent contract. The user initiates the transaction in the data transaction center, and the whole transaction process is completed by the service logic code of the intelligent contract.

The data analysis module is used for analyzing the data uploaded by the user to generate greater value.

The data privacy module is used for guaranteeing the safety privacy of user information data, file data and other data.

The client layer comprises a data transaction platform and a block chain management background;

the data transaction platform is used for enabling the data uploaded by the user after the right is confirmed to be capable of safely performing data transaction on the data transaction platform.

And the block chain management is used for monitoring basic information of the block chain network and analyzing and counting the acquired data information.

Further, the business system module comprises: a management end platform, a user end platform, a data providing end platform, a data evidence storage platform and a data transaction platform,

and the management end platform is used for monitoring and managing data of the user end platform, the data providing end platform, the data evidence storing platform and the data transaction platform by management personnel.

The user side platform is an interactive platform for serving the client user side to the actual business.

And the data providing platform is an interactive platform for enabling the data provider to upload data.

The data evidence storage platform is used for storing the data package uploaded by the data provider. And the data transaction platform is used for the user to transact the uploaded and stored data packet.

Further, the interfaces of the block chain adapter are classified into the following three categories:

event class interface: and constructing a block chain event response mechanism to realize a service function.

A contract class interface: and functions such as calling and deploying of the intelligent contract are realized.

State class interface: for blockchain system management.

Further, the intelligent contract module supports the creation of a protocol that does not require trust, i.e., two parties executing a contract can make a commitment through a blockchain without mutual knowledge or trust. The contract content is confirmed by both parties and only executed if the trigger condition is reached.

Further, the data analysis module includes: the system comprises a data acquisition module, a data preprocessing module and a data encryption module; the data acquisition module is used for acquiring data from a user side, the data preprocessing module is used for screening the format size of the data acquired from the user, and the data encryption module is used for encrypting the screened data acquired from the user.

Further, the data privacy module includes: the system comprises a data entry module, an identity management module, an identity verification module, a data classification module, a storage key generation module and an encryption module. The identity management module and the identity verification module guarantee the safety and the privacy of user information data. Other data are input into the system background through the data input module, then the data classification module is used for classifying the data, the key generation module is stored, the data are stored in a hierarchical mode and keys are generated, and the encryption module encrypts the data.

The invention also discloses a block chain technology-based biometric asset right-confirming method, which comprises the following steps:

firstly, a data transaction platform audits data which needs to be authenticated and uploaded by a user, and the auditing range comprises credibility detection, standard detection and material auditing;

the data passes through the platform for initial examination, the CA organization carries out material final examination and qualification examination on the data, and after the data passes the examination, the data is filed and then a digital watermark is generated;

the data verification module and the data watermarking module package the data, the watermarks and the related meta information which are authenticated in the previous step into a transaction and send the transaction to a data source supplier, and the data supplier signs and then issues a certificate which comprises an authentication certificate and a data authorization permission protocol;

after the consensus node in the block chain network module identifies the validity of the signature in the transaction, finally writing the ownership information into the block chain according to the requirement of the consensus algorithm to finish the authentication of the biological digital assets.

Compared with the prior art, the invention has the advantages that:

the block chain is matched with a data watermarking technology, the characteristics of unforgeability, traceability, whole-course trace retention, decentralization and the like of the block chain are utilized, and the purposes of version protection, secret communication, file authenticity identification and product identification are achieved by combining the submergence of the data watermarking on the identification information of the data assets. The watermark can be extracted to prove the attribution of the data property right, and the data record is guaranteed to be not tampered and traceable; the data in the whole authorization process can not be tampered, the data can not be lost in the data transmission and storage process, and watermark information can be extracted from data fragments to trace the source of the data.

Drawings

FIG. 1 is a block diagram of a biometric asset entitlement system in accordance with an embodiment of the present invention;

FIG. 2 is a logic flow diagram of a data collection module in accordance with an embodiment of the present invention;

FIG. 3 is a diagram of the relationship between the data collection modules according to an embodiment of the present invention;

FIG. 4 is a logic flow diagram of a digital identity module in accordance with an embodiment of the present invention;

FIG. 5 is a logic flow diagram of a data credentialing module in accordance with an embodiment of the present invention;

FIG. 6 is a logic flow diagram of a data privacy module of an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below by referring to the accompanying drawings and embodiments.

As shown in fig. 1, a system for determining the rights of a bio-digital asset based on the block chain technology is divided into five layers, which are: an infrastructure layer, a network layer, a contract layer, a service layer and a client layer;

The service system module comprises: a management end platform, a user end platform, a data providing end platform, a data evidence storing platform or a data transaction platform,

the management end platform is mainly used for monitoring and managing data of the user end platform, the data providing end platform, the data evidence storing platform and the data transaction platform by management personnel.

The user end platform is an interactive platform which mainly serves the client user side for actual business. And the data providing platform is an interactive platform for the data provider to upload data. The data evidence storage platform is used for storing the data package uploaded by the data provider. And the data transaction platform is used for the user to transact the uploaded and stored data packet.

The host module and the storage module are divided into a private server and a cloud server according to the types of servers used by the storage resources, the network problem of the private cloud server is relatively simple, the private cloud server emphasizes the reading and writing of I/O (input/output) of operation, and any device in the private cloud server can be controlled through the internal private cloud, so that proper network security measures are deployed. Private clouds have higher flexibility and scalability. Cloud servers have the characteristics of high performance, low cost, location independence, but also have some disadvantages. The server type is selected according to the resources occupied by the stored data, so that high performance can be obtained, cost can be saved, and safety is guaranteed.

The security device is used for protecting the security of an infrastructure layer network system, and comprises: firewall, IDS, IPS. The firewall is an important network boundary control device, mainly realizes access control on a network through a source, a destination, a protocol, time, actions and the like, and is widely applied to the aspects of forwarding, intranet protection, flow control, filtering and the like. The firewall can only achieve the protection of 3-4 layers, and the protection of 5-7 layers is very common, and the IDS and the IPS are required to supplement. IDS employ bypass access, typically chosen as close as possible to the source of the attack and the protected resource, for example: the switch of the server area and the local area network switch of the key protection network segment. The IPS adopts Inline access and can be deployed at the following positions: the connection part of the office network and the external network and the front end of the important server cluster. The IDS mainly processes the occurred attack events or abnormal behaviors, and belongs to passive protection. But one problem with IDS is that blocking UDP sessions is less sensitive. The IPS can sense and prevent an attack event or abnormal behavior in advance;

the network layer includes: a block chain network and a number of blocks,

The block chain network is used for constructing a basic block chain network of the whole system architecture, different bottom layer interfaces are uniformly adapted through a block chain adapter, different bottom layers are compatible by providing an upper layer uniform Interface, and the block chain adapter means an API (Application Programming Interface) Interface with certain encapsulation. In the face of more and more diverse application scenarios and complex and huge service requirements, various platforms and interfaces of a block chain are more and more. The block chain adapter solves the problem of difficult cross-chain interaction and the current situation that the block chain has more interfaces and is difficult to be butted.

In order to reduce the difference of the blockchain and reduce the complexity of cross-chain access, the interface of the blockchain adapter must be a common interface shared by different blockchain platforms. They can be roughly classified into the following three categories:

State class interface: for blockchain system management.

The contract layer comprises a distributed identity identification module, an intelligent contract module and a cross-chain interoperation module,

the distributed identity module mainly functions to provide digital identity for verifying and providing identity information. The important links mainly comprise identity registration, identity issuance, identity verification and identity information data management submodules. The distributed identity module solves the problem of data dispersed repeated authentication in the traditional digital identity; the problem of high cost of issuing trust by the center is solved; the problem that the digital identity is easy to leak and unsafe is solved. The distributed identity identification module adopts distributed account book and identity encryption uplink, can be changed into distributed data authentication, and can solve the problem of repeated authentication in multi-platform credit sharing; the non-tampering of the blockchain plus the biometric technology enhances the trustworthiness of the digital identity. But the distributed identity module has the problem of low performance.

The intelligent contract module is essentially composed of a plurality of digitalized protocols with high certainty and tamper resistance and reliability. Compared with the probabilistic nature of traditional contracts, intelligent contracts are deterministic, and when deployed on a chain, the intelligent contracts are executed strictly according to code. The automatic execution of smart contracts when transactions occur ensures that both parties cannot default or change terms. The intelligent contract module supports the creation of a protocol that does not require trust, i.e., two parties executing a contract can make a commitment through a blockchain without mutual knowledge or mutual trust. The contract content is confirmed by both parties and only executed if the trigger condition is reached.

The cross-chain interoperation module has the function of solving the problem that the interconnection and the intercommunication of different block chain platforms are difficult to realize due to different technical lines in the aspects of communication protocols, identity management and the like. Different blockchain systems have different service functions, and data between the blockchain systems are difficult to interact, so that a complete service scene is difficult to construct. In particular in the following aspects: the bottom layer architectures of the block chain systems are different, and different technical standards, transmission protocols and safety mechanisms are provided among the systems due to different service functions; different underlying architectures among the block chain systems cause different defined data structures, and data are difficult to communicate; different business functions between the blockchain systems mean different business rules and processing logic, and communication interaction is difficult to realize.

The cross-chain interoperation module key technical points are as follows: for exchange transmission of data among chains, different chains need to be processed according to a uniform rule, so that uniform format data is generated to form a universal data exchange transmission protocol among chains; the safety of inter-chain transaction, and the safety and credibility of the inter-chain transaction are ensured by the cross-chain system through a transaction mechanism; and the fast chain transaction privacy protection is used for verifying the existence and the validity of the data on the premise of ensuring the data privacy. The specific implementation mode has the following points: the notary mechanism is essentially an intermediary mode, and the intermediaries which are trusted by the notary mechanism are used for verifying and forwarding cross-chain messages, and has the advantages of flexibly supporting block chains with various structures; hash locking, namely performing asset exchange through time difference and hidden Hash values, but intelligently achieving that the exchange cannot transfer assets or information; the relay chain is used and is an independent chain, so that the information on the main chain can be read and verified, the main chain does not know the existence of the relay chain, and the relay chain actively senses the information to perform corresponding operation; and the distributed private key control is mapped to the public link through a distributed private key generation and control technology, so that the distributed control full management is realized and removed.

the data acquisition module: although the block chain technology can guarantee that the written data cannot be tampered, the data cannot be written exactly, and the data acquisition module improves the efficiency and the feasibility of data acquisition in an automatic acquisition mode of equipment. The data acquisition module comprises a data acquisition method and a data acquisition device. The data acquisition specifically comprises the steps of uploading the acquired service data to a block chain to generate a key, then generating a first certificate record by the key and the acquisition time, associating the first certificate record with the service data, and uploading the first certificate record to the block chain. The acquisition device comprises information acquisition equipment and a server. The process not only ensures the authenticity of the service data, but also ensures the relevance of the service data and the record certification. The authenticity of the data collected by the block chain is improved, as shown in fig. 2 and 3.

The data uplink module: the current blockchain uplink method has public link data uplink, but uplink data is not managed. The second is that the data is written to the intelligent contract first, but if the data content is problematic, the mark is not displayed on the client in the intelligent contract. This results in problematic data content being uploaded to the blockchain and data records not being erased. And the third is to submit the data to be written to the central management database with authority control, and write the data into the block chain after the data passes the audit, but the centralization degree is higher in the mode. The data uploading module of the patent temporarily stores the linked data in a transaction pool of a block link node, acquires voting information checked by all uplink data to perform consensus voting, and determines whether the to-be-linked data is linked or not according to a voting result or performs other processing. This is the overall process of data uplink.

As shown in fig. 4, the data identity module is essentially a distributed digital identity module,

the module consists of a central control processing module, a checking module and a feedback module.

And the verification module verifies the received data for identity data and obtains a verification result. And then, sending the check result to a feedback module, wherein the feedback module has a preset logic rule, and after the check result is processed according to the logic rule, the check result is fed back to the central control processing module to complete the logic of the whole module. The module is connected with the input port of the checking module through the output port of the central control processing module, the output port of the feedback module is connected with the input port of the central control processing module, the input port of the feedback module is connected with the output port of the checking module, and the module verifies and stores data by using a block chain type data structure, so that the information safety of user data in the digital identity system is guaranteed. And the simple system architecture is convenient for the manager to uniformly manage the user identity information. After the user digital identity information is extracted, the data can be transmitted to an independent storage module for storage, and the digital identity can be asymmetrically encrypted during storage, so that the safety and the integrity of the user data information are ensured.

As shown in fig. 5, the data evidence storage module is used for ensuring originality and attribution of file data and avoiding the problem that the data is maliciously invaded and tampered. The specific logic flow of the data storage certificate is to acquire target file data to be stored by a user, and then process the target file data by using a hash algorithm to generate a hash value. And then acquiring the identity information of the user and the basic attribute data of the target file data, and packaging the identity information of the user, the basic attribute data and the hash value generated in the previous step to generate a certificate storage data packet. And then, carrying out digital signature on the packaged certificate storing data packet and generating a corresponding data ID. And after the data ID and the data packet are stored, generating a certificate of authenticity of the authentication ID, the block information and the authentication information, and uploading the certificate of authenticity to the block chain network. The data certificate storage module has the advantage that after the user stores the data packet, the hash value corresponding to the data packet, the user information data and the related attribute data can be associated and stored in the block chain network to achieve reliable ownership relation certificate.

The data transaction module belongs to a derivative function and mainly has the function of enabling the data uploaded by the user after the right is confirmed to be transacted in the transaction module so that the data can generate higher value. The data transaction module mainly comprises a data transaction center, a credible node and an intelligent contract. The user initiates the transaction in the data transaction center, and the whole transaction process is completed by the service logic code of the intelligent contract.

The data analysis module belongs to a derivative function and mainly has the function of analyzing the data uploaded by the user in the aspects of business and the like to generate higher value.

The data analysis module comprises: the device comprises a data acquisition module, a data preprocessing module and a data encryption module.

The data encryption module is used for encrypting the data acquired from the user after the data are screened.

As shown in fig. 6, the data privacy module is mainly used for ensuring the security and privacy of data such as user information data and file data. The main modules of the system comprise a data entry module, an identity management module, an identity verification module, a data classification module, a storage key generation module and an encryption module. The identity management module and the identity verification module mainly ensure the safety and the privacy of user information data. And other data are input into the system background through the data input module, then are classified by the data classification module, and are stored hierarchically, and a secret key is generated and encrypted.

the data transaction platform is contained in the data transaction module and mainly has the function of enabling data after the user uploads the right to be capable of safely performing data transaction on the data transaction platform.

The block chain management background is mainly used for a platform of an administrator and used for monitoring basic information of a block chain network and analyzing and counting collected data information.

The method for determining the rights and the rights of the biological digital assets based on the block chain technology specifically comprises the following steps during operation:

the data passes through the platform for initial examination, the CA organization carries out material final examination and qualification examination on the data, and after the data passes through the examination, the data is filed and then a digital watermark is generated;

the data verification module and the data watermark module package the data, the watermark and the related meta information which are authenticated in the previous step into a transaction and send the transaction to the data source supplier, and the data supplier signs a certificate including an authentication certificate and a data authorization permission protocol;

after the consensus node in the block chain network module identifies the validity of the signature in the transaction, finally writing the ownership information into the block chain according to the requirement of the consensus algorithm to finish the authentication of the biological digital asset;

it will be appreciated by those of ordinary skill in the art that the examples described herein are intended to assist the reader in understanding the manner in which the invention is practiced, and it is to be understood that the scope of the invention is not limited to such specifically recited statements and examples. Those skilled in the art, having the benefit of this disclosure, may effect numerous modifications thereto and changes may be made without departing from the scope of the invention in its aspects.

Claims

1. A biodigital asset right-confirming system based on a block chain technology is divided into five layers, which are sequentially as follows: an infrastructure layer, a network layer, a contract layer, a service layer and a client layer;

the infrastructure layer includes: the system comprises a business system module, an internet/private network module, a host/storage module and a safety device;

the business system module is used for interaction between a user and a business system;

the internet/private network module is used for respectively using corresponding networks according to the actual situation of network resource occupation, and when the network resource occupation is too high, the private network is adopted, and when the network resource occupation is less, the internet is used;

the host/storage module comprises a server and a cloud server and is used for storing data;

the security device is used for protecting the security of an infrastructure layer network system, and comprises: firewall, IDS, IPS;

the network layer includes: a network of block chains and a number of blocks,

the block chain network is an infrastructure for providing an account book and intelligent contract service for an application program; the intelligent contract is used for generating transactions, and the transactions are distributed to each node in the network and recorded on a ledger;

the block chain network is used for constructing a basic block chain network of the whole system architecture, is uniformly adapted to different bottom layer interfaces through a block chain adapter, and is compatible with different bottom layers by providing an upper layer uniform interface;

the distributed identity module functions to provide digital identity for verifying and providing identity information;

the intelligent contract module consists of a plurality of digital protocols; the intelligent contract has determinacy, and the intelligent contract module is executed strictly according to codes when being deployed on the chain; when the transaction occurs, the intelligent contract module automatically executes to ensure that the two parties cannot default or change terms;

the cross-chain interoperation module has the function of solving the problem that the interconnection and the intercommunication of different block chain platforms are difficult to realize due to different technical lines in the aspects of communication protocols and identity management;

the data acquisition module improves the efficiency and the feasibility of data acquisition in an automatic acquisition mode of equipment; the data acquisition module comprises a data acquisition method and a data acquisition device;

the data acquisition method specifically comprises the steps of uploading service data to a block chain to generate a key after the service data are acquired, then generating a first certification record by the key and the acquisition time, associating the first certification record with the service data, and uploading the first certification record to the block chain; the acquisition device comprises information acquisition equipment and a server;

the data uplink module is used for temporarily storing the uplink data in a transaction pool of the block link node, then obtaining all polling information checked by the uplink data to perform consensus voting, and determining whether the uplink data to be linked is uplink or not according to the voting result or performing other processing;

the data identity module consists of a central control processing module, a checking module and a feedback module;

the central control processing module is responsible for controlling and processing the main logic of the data identity module, and the main logic is as follows: the identity metadata is sent to the input end of a central control processing module of the data identity module through a client, and is sent to a verification module after being logically processed;

the verification module verifies the identity data of the received data to obtain a verification result; then the check result is sent to a feedback module, a preset logic rule exists in the feedback module, and the check result is processed according to the logic rule and then fed back to a central control processing module to complete the logic of the whole module;

the data identity module is connected with an input port of the checking module through an output port of the central control processing module, an output port of the feedback module is connected with an input port of the central control processing module, an input port of the feedback module is connected with an output port of the checking module, and the module verifies and stores data by using a block chain type data structure, so that the information safety of user data in the digital identity system is guaranteed; moreover, the simple system architecture is convenient for a manager to uniformly manage the user identity information; after the user digital identity information is extracted, the data can be transmitted to an independent storage module for storage, and the digital identity can be asymmetrically encrypted during storage, so that the safety and the integrity of the user data information are ensured;

the data evidence storage module is used for ensuring the originality and attribute of file data and avoiding the problem that the data is maliciously invaded and tampered; the data certificate storage module can correlate the hash value corresponding to the stored data packet, the user information data and the related attribute data and store the data packet in the block chain network to achieve reliable ownership relation certification;

the data transaction module is used for enabling the data uploaded by the user after the right is confirmed to be transacted in the transaction module; the data transaction module comprises: the system comprises a data transaction center, a credible node and an intelligent contract; the user initiates a transaction in the data transaction center, and the whole transaction process is completed by the service logic code of the intelligent contract;

the data analysis module is used for analyzing the data uploaded by the user to generate a greater value;

the data privacy module is used for guaranteeing the safety privacy of user information data and file data;

the data transaction platform is used for enabling the data after the right is confirmed uploaded by the user to be safely transacted on the data transaction platform;

the block chain management is used for monitoring basic information of a block chain network and analyzing and counting the acquired data information;

the service system module comprises: a management end platform, a user end platform, a data providing end platform, a data evidence storing platform and a data transaction platform,

the management end platform is used for monitoring and managing data of the user end platform, the data providing end platform, the data evidence storing platform and the data transaction platform by management personnel;

the user side platform is an interactive platform serving a client user side for actual business;

the data providing platform is an interactive platform for enabling a data provider to upload data;

the data evidence storing platform is used for storing the evidence of the data packet uploaded by the data provider; the data transaction platform is used for the user to transact the uploaded and certified data packet;

the intelligent contract module supports the establishment of a protocol without trust, namely, two parties executing the contract can make a commitment through a block chain without mutual knowledge or mutual trust; the contract content is confirmed by both parties and then executed only when the triggering condition is met;

the data analysis module includes: the system comprises a data acquisition module, a data preprocessing module and a data encryption module; the data encryption module is used for encrypting the data acquired from the user after the data acquired from the user is screened;

the data privacy module comprises: the system comprises a data entry module, an identity management module, an identity verification module, a data classification module, a storage key generation module and an encryption module; the identity management module and the identity verification module ensure the safety and the privacy of user information data; other data are input into the system background through the data input module, then the data classification module is used for classifying the data, the key generation module is stored, the data are stored in a hierarchical mode and keys are generated, and the encryption module encrypts the data.

2. The biometric asset right confirmation system according to claim 1, wherein: the interfaces of the block chain adapter are classified into the following three categories:

event class interface: constructing a block chain event response mechanism to realize a service function;

a contract class interface: the calling and deploying functions of the intelligent contract are realized;

state class interface: for blockchain system management.

3. A method for determining rights of a biological digital asset based on a block chain technology is characterized in that: the method for confirming the rights of the biological digital assets is realized on the basis of the system for confirming the rights of the biological digital assets as claimed in claim 1;

the method for determining the rights of the biological digital assets comprises the following steps: