A data processing method and device based on a blockchain network and related equipment

By introducing a Trusted Execution Environment (TEE) into the blockchain network, data is encrypted during data sharing between multiple chains, solving the security problem of cross-chain data transmission and achieving efficient data sharing and enhanced security.

CN116137627BActive Publication Date: 2026-06-19TENCENT TECHNOLOGY (SHENZHEN) CO LTD
View PDF 2 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
TENCENT TECHNOLOGY (SHENZHEN) CO LTD
Filing Date
2021-11-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In multi-chain blockchain networks, ensuring data security during cross-chain data transmission has become an urgent problem to be solved.

Method used

By introducing a Trusted Execution Environment (TEE) into the blockchain network, data can be encrypted when sharing data between multiple chains, and the security of data transmission can be ensured through verification and authorization mechanisms.

🎯Benefits of technology

It enables efficient data sharing in multi-chain blockchain networks, enhances the security and privacy protection of cross-chain data interaction, and improves the operational efficiency and security of blockchain networks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116137627B_ABST
    Figure CN116137627B_ABST
Patent Text Reader

Abstract

This application provides a data processing method, apparatus, and related equipment based on a blockchain network. The method includes: a first node sending an access request for target data to a second node of a second business sub-chain, the access request carrying verification information of a first block of the first business sub-chain, the first block storing a pre-access record of the target data by the first node; receiving first response data sent by the second node, the first response data including authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of a third node; sending a request to obtain the target data to the third node according to the identification information of the third node's TEE, and receiving encrypted target data generated by the third node's TEE sent by the third node. This method can achieve efficient data sharing between multiple chains and ensure security and privacy during cross-chain data interaction, thereby improving the operating efficiency and security of the blockchain network.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and in particular to a data processing method, apparatus and related equipment based on a blockchain network. Background Technology

[0002] Blockchain is a decentralized distributed ledger system characterized by data immutability, decentralization, and openness. The consensus mechanism, as the core of blockchain technology, is the foundation for ensuring the normal operation of the blockchain system. The consensus process of a blockchain system is the process of keeping the distributed ledgers of all nodes consistent. With the development and application of blockchain technology, cross-chain business applications between multiple blockchains are becoming increasingly widespread. For example, in a multi-chain blockchain network, different chains often need to transfer data across chains to complete business interactions. Currently, ensuring data security during cross-chain data transmission has become a pressing issue. Summary of the Invention

[0003] This application provides a data processing method, apparatus, and related equipment based on a blockchain network, which can efficiently share data between multiple chains. Furthermore, by combining with a TEE, it can ensure privacy and security during cross-chain data interaction, thereby improving the operating efficiency and security of the blockchain network.

[0004] In a first aspect, embodiments of this application provide a data processing method based on a blockchain network, wherein the blockchain network includes K business sub-chains, each of the K business sub-chains is used to record transaction data of a corresponding business, and K is an integer greater than or equal to 2, the method comprising:

[0005] The first node of the first business subchain sends an access request for target data to the second node of the second business subchain. The access request carries the verification information of the first block of the first business subchain. The first block stores the pre-access record of the target data by the first node. The first business subchain and the second business subchain are any two of the K business subchains.

[0006] The first node receives first response data sent by the second node in response to the access request. The first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node. The authorized access information is generated by the second node after the verification information of the first block is verified.

[0007] After determining that the first response data includes the authorized access information of the target data, the first node sends a request to the third node to obtain the target data based on the identification information of the third node's TEE.

[0008] The first node receives second response data sent by the third node in response to the acquisition request. The second response data includes encrypted target data generated by the third node's TEE.

[0009] Secondly, embodiments of this application provide another data processing method based on a blockchain network, wherein the blockchain network includes K business sub-chains, each of the K business sub-chains is used to record transaction data of a corresponding business, and K is an integer greater than or equal to 2, the method comprising:

[0010] The second node of the second business subchain receives an access request for target data sent by the first node of the first business subchain. The access request carries verification information of the first block of the first business subchain. The first block stores the pre-access record of the target data by the first node. The first business subchain and the second business subchain are any two of the K business subchains.

[0011] The second node responds to the access request by verifying the verification information of the first block.

[0012] If the verification passes, the second node generates authorized access information for the target data and determines the third node.

[0013] The second node sends first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

[0014] Thirdly, embodiments of this application provide a data processing apparatus, the apparatus comprising:

[0015] The sending module is used to send an access request for target data to a second node of the second business sub-chain, wherein the access request carries verification information of a first block of the first business sub-chain, and the first block stores a pre-access record of the target data by the first node of the first business sub-chain.

[0016] The receiving module is configured to receive first response data sent by the second node in response to the access request, wherein the first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node, and the authorized access information is generated by the second node after the verification information of the first block is verified.

[0017] The sending module is further configured to, after determining that the first response data includes authorized access information of the target data, send a request to the third node to obtain the target data based on the identification information of the TEE of the third node.

[0018] The receiving module is further configured to receive second response data sent by the third node in response to the acquisition request, the second response data including encrypted target data generated by the TEE of the third node.

[0019] Fourthly, embodiments of this application provide another data processing apparatus, the apparatus comprising:

[0020] The receiving module is used to receive an access request for target data sent by the first node of the first business sub-chain, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores the first node's pre-access record of the target data.

[0021] The processing module is used to verify the verification information of the first block in response to the access request.

[0022] The processing module is further configured to generate authorized access information for the target data and determine a third node if the verification passes.

[0023] The sending module is used to send first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

[0024] Fifthly, embodiments of this application provide a computer device, the computer device including a processor, a network interface and a storage device, the processor, the network interface and the storage device being interconnected, wherein the network interface is controlled by the processor for sending and receiving data, the storage device is used to store a computer program, the computer program including program instructions, and the processor is configured to invoke the program instructions for executing the data processing method based on a blockchain network as described in the first aspect.

[0025] In a sixth aspect, embodiments of this application provide a computer device, the computer device including a processor, a network interface and a storage device, the processor, the network interface and the storage device being interconnected, wherein the network interface is controlled by the processor for sending and receiving data, the storage device is used to store a computer program, the computer program including program instructions, and the processor is configured to invoke the program instructions for executing the data processing method based on a blockchain network as described in the second aspect.

[0026] In a seventh aspect, embodiments of this application provide a computer-readable storage medium storing a computer program, the computer program including program instructions that are executed by a processor to perform the data processing method based on a blockchain network as described in the first aspect.

[0027] Eighthly, embodiments of this application provide a computer-readable storage medium storing a computer program, the computer program including program instructions that are executed by a processor to perform the data processing method based on a blockchain network as described in the second aspect.

[0028] In a ninth aspect, embodiments of this application provide a computer program product, including a computer program, characterized in that, when the computer program is executed by a computer processor, it implements the data processing method based on a blockchain network as described in the first aspect.

[0029] In a tenth aspect, embodiments of this application provide a computer program product, including a computer program, characterized in that, when the computer program is executed by a computer processor, it implements the data processing method based on a blockchain network as described in the second aspect.

[0030] In this embodiment, the first node of the first business subchain can send an access request for target data to the second node of the second business subchain. The target data is data recorded in the second business subchain. The access request carries verification information from the first block of the first business subchain. The first block stores a pre-access record of the target data by the first node; that is, the first business subchain first records the access request for the target data to retain the data access request record in the blockchain. The first and second business subchains can be any two business subchains. The first node receives first response data sent by the second node in response to the access request. The first response data includes authorized access information for the target data and the identifier of the Trusted Execution Environment (TEE) of the third node. The identification information and authorized access information are generated by the second node after the verification information of the first block passes. After the first node determines that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, it sends a request to the third node to obtain the target data according to the identification information of the third node's TEE, and receives the second response data sent by the third node in response to the request. The second response data includes the encrypted target data generated by the third node's TEE. This can realize efficient data sharing between multiple sub-chains in the tree-structured blockchain, and combined with TEE, it can ensure secure and private communication during cross-chain data interaction, thereby improving the operating efficiency and security of the blockchain network. Attached Figure Description

[0031] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0032] Figure 1a This is a schematic diagram of the architecture of a data processing system provided in an embodiment of this application;

[0033] Figure 1b This is a schematic diagram of a blockchain structure provided in an embodiment of this application;

[0034] Figure 1c This is a schematic diagram illustrating a process for generating a new block, provided in an embodiment of this application.

[0035] Figure 1d This is a schematic diagram of a tree-like blockchain structure provided in an embodiment of this application;

[0036] Figure 2 This is a flowchart illustrating a data processing method based on a blockchain network provided in an embodiment of this application;

[0037] Figure 3 This is a flowchart illustrating another data processing method based on a blockchain network provided in an embodiment of this application;

[0038] Figure 4 This is a flowchart illustrating another data processing method based on a blockchain network provided in the embodiments of this application;

[0039] Figure 5 This is a schematic diagram illustrating a cross-chain data sharing process provided in an embodiment of this application;

[0040] Figure 6 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application;

[0041] Figure 7 This is a schematic diagram of another data processing device provided in an embodiment of this application;

[0042] Figure 8 This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Detailed Implementation

[0043] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.

[0044] Please see Figure 1a This is a schematic diagram of the architecture of a data processing system provided in an embodiment of this application. The data processing system includes a service network 11, a core network 12, and terminal devices 13, wherein:

[0045] Business network 11 and core network 12 together constitute the blockchain network. A blockchain network is a network used for data sharing between node devices, and it can include multiple node devices. Each node device, in its normal operation, receives input information and maintains the shared data (i.e., the blockchain) within the network based on this received input information. To ensure information interoperability within the blockchain network, information connections can exist between each node device, enabling peer-to-peer (P2P) communication between any two node devices. This P2P communication can be conducted via wired or wireless communication links. For example, when any node device in the blockchain network receives input information, other node devices obtain this input information according to a consensus algorithm and store it as data in the shared data, ensuring consistency of data stored on all node devices in the blockchain network.

[0046] The core network 12 consists of multiple consensus nodes 102, and the business network 11 consists of multiple business nodes 101. Nodes in the business network 11 primarily execute business processes and do not participate in the accounting consensus. Instead, they obtain block header data and partially authorized block data from the core network 12 through identity authentication. Nodes in the core network 12 are primarily responsible for consensus on business transaction data, packaging the transaction data into blocks for consensus accounting. For example, in the tax business, this business may include multiple related sub-businesses (such as invoices, credit reporting, import / export, enterprise qualifications, tax refunds, etc.).

[0047] In some feasible implementations, a routing proxy layer can be set up between the service network 11 and the core network 12, wherein the routing proxy layer plays a role in isolating the service layer and the core consensus network layer.

[0048] The terminal device 13 can access the blockchain network and communicate with node devices in the blockchain network (such as node 101 of business network 11). For example, it can submit data (such as transaction data, data query requests, etc.) to the node device, query data from the node device, and so on. The terminal device 13 can be a smartphone, tablet computer, laptop computer, desktop computer, vehicle-mounted smart terminal, etc., and this application embodiment does not limit it.

[0049] It should be noted that, Figure 1a The number of nodes 101 and 102, as well as the number of service networks 11 and core networks 12 shown are merely illustrative. Any number of nodes, service networks, and core networks can be deployed according to actual needs.

[0050] Each node in the blockchain network has a corresponding node identifier. Each node can also store the node identifiers of other nodes in the network, allowing the generated blocks to be broadcast to other nodes based on their identifiers. Each node maintains a node identifier list as shown in the table below, storing the node name and its corresponding identifier. The node identifier can be an Internet Protocol (IP) address or any other information that can be used to identify the node; the table only uses IP addresses as an example.

[0051] Node Name Node identifier Node 1 117.114.151.174 Node 2 117.116.189.145 … … Node N 119.123.789.258

[0052] In this blockchain network, each node device stores an identical copy of the blockchain. A blockchain consists of multiple blocks; see [link to blockchain documentation]. Figure 1b A blockchain consists of multiple blocks. The genesis block includes a block header and a block body. The block header stores input information feature values, version number, timestamp, and difficulty value, while the block body stores the input information. The next block after the genesis block takes the genesis block as its parent block. The next block also includes a block header and a block body. The block header stores the input information feature values ​​of the current block, the block header feature values ​​of the parent block, version number, timestamp, and difficulty value, and so on. This ensures that the block data stored in each block is related to the block data stored in the parent block, guaranteeing the security of the input information in the blocks.

[0053] When generating the various blocks in the blockchain, see [link / reference]. Figure 1c When a node device hosting the blockchain receives input information, it verifies the input information. After verification, it stores the input information in a memory pool and updates its hash tree used to record the input information. Then, it updates the timestamp to the time the input information was received and attempts to calculate the feature value multiple times using different random numbers, ensuring that the calculated feature value satisfies the following formula:

[0054] SHA256(SHA256(version+prev_hash+merkle_root+ntime+nbits+x)) <TARGET

[0055] Wherein, SHA256 is the feature value algorithm used to calculate the feature value; version (version number) is the version information of the relevant block protocol in the blockchain; prev_hash is the block header feature value of the parent block of the current block; merkle_root is the feature value of the input information; ntime is the update time of the update timestamp; nbits is the current difficulty, which is a fixed value for a period of time and is determined again after exceeding the fixed time period; x is a random number; TARGET is the feature value threshold, which can be determined based on nbits.

[0056] Thus, when a random number satisfying the above formula is calculated, the information can be stored accordingly, generating a block header and a block body to obtain the current block. Subsequently, the node device where the blockchain resides sends the newly generated block to other node devices in its blockchain network based on the node identifiers of other node devices in the blockchain network. The other node devices verify the newly generated block and, after completing the verification, add the newly generated block to their stored blockchain.

[0057] Among them, smart contracts can run on the node devices of the blockchain network. A smart contract is a code implementation that is executed when certain conditions are met. Developers can define the contract logic through a programming language, publish it on the blockchain (smart contract registration), and execute it by calling a key or other events according to the logic of the contract terms to complete the contract logic. It also provides the functions of upgrading and canceling smart contracts.

[0058] In some feasible implementations, such as Figure 1d The diagram shown is a schematic representation of a tree-structured blockchain provided in an embodiment of this application, wherein:

[0059] (1) Chain A can be a basic main chain, such as the main chain operated by the State Taxation Administration. It starts running from the genesis block released by the State Taxation Administration. Basic data and business configurations must be submitted to the basic main chain.

[0060] (2) Chains B, C, and D are business sub-chains derived from a block at a certain height of Chain A during the process of various tax-related businesses (such as invoices, credit investigation, import and export, enterprise qualifications, tax refunds, etc.) joining the blockchain to conduct their own business. For example, Chain B is derived from block A1 of the main chain, and Chain D is derived from block A3 of the main chain. Each time a new business sub-chain is derived, a corresponding chain identifier (ID) is generated for it.

[0061] Each business subchain's chain ID must be published and registered on the main chain (Chain A). Chain A contains a smart contract for registering the business subchain, which can write the assigned chain ID, the described business, and basic information into the main chain. Business nodes in the witness network need to specify the subchain ID to interact with the core network.

[0062] (3) After derivation, the genesis block of chain B is A1, and the genesis block of chain C is A2. Based on this, each business sub-chain runs its corresponding business transactions on the chain. When verifying blocks, in addition to verifying the blocks of the business sub-chains, chain A can be found from the genesis block of the business sub-chain, and finally the genesis block of chain A can be verified. For nodes that have already synchronized chain A data locally, the verification of the business sub-chain only needs to verify the genesis block of the corresponding business sub-chain.

[0063] (4) If information changes across the entire base chain or the entire tax domain (e.g., changes in regulatory rules, computing regulations, changes in important blockchain nodes, changes in the chain's Certificate Authority (CA), etc.), then this changed information must simultaneously generate a new block in all sub-chains. Only after all sub-chains have completed generating this new block can operation resume. Figure 1d Blocks A3, B5, and C4 in the middle.

[0064] It's important to note that although different business sub-chains are derived, the original core consensus nodes can still maintain the data for each sub-chain. During consensus, the chain ID is used to distinguish which business sub-chain a transaction should be submitted to. Furthermore, different business sub-chains can reach consensus independently in parallel without affecting each other. Some business sub-chains can also be configured to have other consensus nodes independently reach consensus, but nodes with independent consensus must synchronize data with the base main chain (Chain A).

[0065] (5) Nodes may also include Simplified Payment Verification (SPV) nodes. An SPV node can be dynamically configured with multiple chain IDs to participate in the business of multiple business sub-chains. Multiple sub-chains can participate using the same SPV ID and address, and the SPV ID and address must be registered in chain A beforehand. The blockchain data of each sub-chain will be independently synchronized back to the SPV and stored independently on the SPV.

[0066] (6) The proxy node needs to record the independent consensus node information. If it encounters a request to send a transaction or synchronize data to the independent consensus network, it forwards it to the independent consensus node; otherwise, it checks the request and forwards it to the consensus node of the core network according to the original basic configuration. The consensus node then processes the request independently according to the subchain ID of the request.

[0067] Combination Figure 1d The tree-like blockchain shown can be used in tax business to implement a blockchain structure that continuously adds business sub-chains, thereby continuously branching out multiple business sub-chains from a main chain.

[0068] In some feasible implementations, when sharing cross-chain data, the first node of the first business subchain sends an access request for target data to the second node of the second business subchain. The target data is data recorded in the second business subchain. The access request carries verification information from the first block of the first business subchain. The first block stores the first node's pre-access record of the target data; that is, the first business subchain first records the access request for the target data to retain the data access application record in the blockchain. The first and second business subchains can be any two business subchains. The first node receives first response data from the second node in response to the access request. The first response data includes authorized access information for the target data and the third node's Trusted Execution Environment (TEE). The identification information and authorized access information of the Environment (TEE) are generated by the second node after the verification information of the first block is passed. After the first node determines that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, the first node sends a request to the third node to obtain the target data according to the identification information of the third node's TEE, and receives the second response data sent by the third node in response to the request. The second response data includes the encrypted target data generated by the third node's TEE. This can realize efficient data sharing between multiple sub-chains in the tree-structured blockchain, and combined with the TEE, it can ensure secure and private communication during cross-chain data interaction, thereby improving the operating efficiency and security of the blockchain network.

[0069] The implementation details of the technical solutions in the embodiments of this application are described in detail below:

[0070] Please see Figure 2 This application's embodiments are based on Figure 1a The data processing system shown provides a flowchart of a data processing method based on a blockchain network, which includes the following steps:

[0071] 201. The first node of the first business subchain sends an access request for target data to the second node of the second business subchain, wherein the access request carries the verification information of the first block of the first business subchain, and the first block stores the pre-access record of the target data by the first node.

[0072] The blockchain network can include K business sub-chains, where K is an integer greater than or equal to 2. These K business sub-chains are generated based on the main chain of the blockchain network. Different business sub-chains in the K business sub-chains use different blocks of the main chain as their genesis blocks. The first business sub-chain and the second business sub-chain are any two of the K business sub-chains. For example, the first business sub-chain corresponds to the invoice business in the tax business, and the second business sub-chain corresponds to the enterprise qualification in the tax business. The two need to perform cross-chain data interaction. For example, the first business sub-chain needs to query the enterprise qualification through the second business sub-chain.

[0073] Specifically, the first business subchain can first apply to the second business subchain for access to the target data. This can be done by the first node of the first business subchain sending the access request to the second node of the second business subchain. The first node can be a consensus node responsible for the transaction data consensus of the first business subchain, or it can be an independent node that starts the first business subchain. The second node can be a consensus node responsible for the transaction data consensus of the second business subchain. The access request carries the verification information of the first block of the first business subchain. The first block stores the pre-access record of the first node for the target data. That is, the first business subchain first records the access request for the target data to retain the data access request record in the blockchain.

[0074] In some feasible implementations, the first node can generate a pre-access record of the target data. The pre-access record may include one or more of the following: the chain ID of the first business sub-chain, the node ID of the first node, and the data identifier of the target data. The first node generates a first block based on the pre-access record, that is, writes the information of the pre-access record into the first block. After the first block is verified by consensus with other nodes of the first business sub-chain (such as consensus nodes), the first block is added to the first business sub-chain, thereby realizing the writing of the data access request record into the blockchain.

[0075] 202. The first node receives first response data sent by the second node in response to the access request, wherein the first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node, and the authorized access information is generated by the second node after the verification information of the first block is verified.

[0076] Specifically, the second node can verify the access permissions of the first node and also verify the first block written by the first node to the pre-access record. If the verification is successful, it generates the first node's authorized access information for the target data, that is, it allows the first node to access the target data. It can also identify the third node that interacts with the first node. Both the first node and the third node run a Trusted Execution Environment (TEE). The first node receives the first response data sent by the second node. The first response data includes the authorized access information of the target data and the identification information of the third node's TEE.

[0077] In some feasible implementations, the third node and the second node can be the same node or different nodes. For example, the third node can be an independent node started by the second node, specifically for cross-chain data transmission with the first node. This application does not limit this.

[0078] 203. After determining that the first response data includes the authorized access information of the target data, the first node sends a request to the third node to obtain the target data based on the identification information of the third node's TEE.

[0079] Specifically, after the first node determines that the first response data includes the authorized access information of the target data, that is, after confirming that it has the access rights, it sends a request to the third node to obtain the target data according to the identification information of the third node's TEE. The request can carry the identification information of the target data. For example, if it is necessary to query the credit information of a user, the identification information of the target data can be the user's name, mobile phone number, ID card number, etc.

[0080] 204. The first node receives second response data sent by the third node in response to the acquisition request, the second response data including encrypted target data generated by the TEE of the third node.

[0081] Specifically, after receiving the data acquisition request from the first node, the third node can retrieve the target data from local storage space (such as cache space or hard disk space) or distributed storage space based on the target data's identification information. The third node then transmits the target data to the TEE, where the TEE encrypts the target data, for example, using the first node's TEE public key to obtain the encrypted target data. The first node then receives the second response data sent by the third node, which includes the encrypted target data.

[0082] In some feasible implementations, the third node can query the hash value of the target data from the second business sub-chain based on the identification information of the target data, and use the hash value of the target data to obtain the target data from the local storage space or the distributed storage space.

[0083] In this embodiment, a first node of a first business subchain can send an access request for target data to a second node of a second business subchain. The target data is data recorded in the second business subchain. The access request carries verification information from a first block of the first business subchain. The first block stores a pre-access record of the target data by the first node; that is, the first business subchain first records the access request for the target data to retain the data access request record in the blockchain. The first and second business subchains can be any two business subchains. The first node receives first response data sent by the second node in response to the access request. The first response data includes authorized access information for the target data and the identification information of the third node's TEE. The authorized access information is generated by the second node after the verification information of the first block is verified. After the first node determines that the first response data includes the authorized access information of the target data, that is, the second node authorizes the first node to access the target data, the first node sends a request to the third node to obtain the target data according to the identification information of the third node's TEE, and receives the second response data sent by the third node in response to the request. The second response data includes the encrypted target data generated by the third node's TEE. This can realize efficient data sharing between multiple sub-chains in the tree-structured blockchain, and combined with TEE, it can ensure secure and private communication during cross-chain data interaction, thereby improving the operating efficiency and security of the blockchain network.

[0084] Please see Figure 3 This application's embodiments are based on Figure 1a The diagram illustrates another data processing method based on a blockchain network provided by the data processing system. This data processing method includes the following steps:

[0085] 301. The first node of the first business subchain sends a TEE registration request to the second node of the second business subchain. The TEE registration request carries the identification information of the TEE of the first node.

[0086] Specifically, the first node can register its own TEE with the second business subchain. For example, the first node can send a TEE registration request to the second node of the second business subchain. The TEE registration request carries the identification information of the first node's TEE.

[0087] In some feasible implementations, before registering its own TEE to the second business subchain, the first node can first register its own TEE to the first business subchain. Specifically, this can include: the first node obtaining the registration information of its own TEE, such as the TEE address and TEE public key; the first node generating a second block based on the registration information of its own TEE; and after the first node and other nodes of the first business subchain have reached a consensus on the second block, the first node adding the second block to the first business subchain. This achieves the registration of the first node's TEE to the first business subchain, so that when the second business subchain registers the first node's TEE, it can verify from the first business subchain whether the registration has been completed in the first business subchain.

[0088] 302. The first node receives a registration success notification message sent by the second node after the second node has verified the identification information of the first node's TEE using the second block of the first service sub-chain. The second block stores the registration information of the first node's TEE.

[0089] Specifically, the first node receives a registration success notification message sent by the second node after the second node verifies the identification information of the first node's TEE using the second block of the first business subchain. The second block stores the registration information of the first node's TEE.

[0090] 303. The first node sends an access request for target data to the second node, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores the first node's pre-access record of the target data.

[0091] 304. The first node receives first response data sent by the second node in response to the access request, wherein the first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node, and the authorized access information is generated by the second node after the verification information of the first block is verified.

[0092] 305. After determining that the first response data includes the authorized access information of the target data, the first node sends a request to the third node to obtain the target data based on the identification information of the third node's TEE.

[0093] 306. The first node receives second response data sent by the third node in response to the acquisition request. The second response data includes the signature information of the third node's TEE and the encrypted target data generated by the third node's TEE.

[0094] The specific implementation of steps 302 to 306 can be found in the relevant descriptions of steps 201 to 204 in the aforementioned embodiments, and will not be repeated here.

[0095] Specifically, in addition to the encrypted target data generated by the TEE of the third node, the second response data may also include the signature information of the TEE of the third node, such as private key signature.

[0096] 307. The first node calls its own TEE to verify the signature information of the third node's TEE.

[0097] Specifically, the first node can call its TEE to obtain the third block from the second business sub-chain. The third block stores the registration information of the third node's TEE. From the registration information of the third node's TEE stored in the third block, the first node can obtain the public key of the third node's TEE and call its TEE to verify the signature information of the third node's TEE using the public key of the third node's TEE.

[0098] 308. If the verification is successful, the first node calls the first node's TEE to decrypt the encrypted target data, obtain the target data, and performs corresponding business processing on the target data to obtain the data processing result.

[0099] 309. The first node writes the data processing result, the signature information of the first node's TEE, and the signature information of the third node's TEE into the first business sub-chain.

[0100] Specifically, after the first node verifies the signature information of the third node's TEE, it can decrypt the encrypted target data in the first node's TEE. For example, the first node's TEE can use the TEE private key to decrypt the encrypted target data and obtain the target data. Furthermore, it can perform corresponding business processing on the target data in the TEE to obtain the data processing result. It can be seen that, in addition to the data transmission being encrypted, the data decryption and business processing at the receiving end are all performed in the TEE, thus fully ensuring data security.

[0101] In this embodiment, the first node of the first business subchain can apply to the second node of the second business subchain to register its TEE. Upon receiving a registration success notification message from the second node after verifying the identification information of the first node's TEE using the second block of the first business subchain, the first node can send an access request for target data to the second node of the second business subchain. The target data is data recorded in the second business subchain. The access request carries the verification information of the first block of the first business subchain. The first block stores the first node's pre-access record of the target data; that is, the first business subchain first records the access request for the target data to retain the data access request record in the blockchain. The first and second business subchains can be any two business subchains. The first node receives first response data sent by the second node in response to the access request. The first response data includes authorized access information for the target data and the identification information of the third node's Trusted Execution Environment (TEE). The authorized access information is generated by the second node after verifying the verification information of the first block. After determining that the first response data includes authorized access information for the target data, that is... The second node authorizes the first node to access the target data. Based on the identification information of the third node's TEE, it sends a request to the third node to obtain the target data and receives a second response data sent by the third node in response to the request. The second response data includes the signature information of the third node's TEE and the encrypted target data generated by the third node's TEE. This enables efficient data sharing among multiple sub-chains in a tree-like blockchain structure. Furthermore, the TEE ensures secure and private communication during cross-chain data interaction, thereby improving the operational efficiency and security of the blockchain network. In addition, the first node can call the TEE to verify the signature information of the third node's TEE. If the verification is successful, the encrypted target data is decrypted in the TEE to obtain the target data. The corresponding business processing is then performed on the target data in the TEE to obtain the data processing result. The data processing result, the signature information of the first node's TEE, and the signature information of the third node's TEE can also be written into the first business sub-chain. It can be seen that, apart from the fact that the data transmission is encrypted, the decryption and business processing at the receiving end are all performed in the TEE, thus fully ensuring data security.

[0102] Please see Figure 4 This application's embodiments are based on Figure 1a The diagram shows another data processing method based on a blockchain network provided by the data processing system. This data processing method includes the following steps:

[0103] 401. The second node of the second business sub-chain receives an access request for target data sent by the first node of the first business sub-chain, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores the first node's pre-access record of the target data.

[0104] Wherein, the first business subchain and the second business subchain are any two of the K business subchains included in the blockchain network, where K is an integer greater than or equal to 2.

[0105] In some feasible implementations, the second node can receive a TEE registration request sent by the first node, the TEE registration request carrying the identification information of the first node's TEE; the second node responds to the TEE registration request by calling the data sharing contract to obtain the block data of the second block from the first business sub-chain. The second block stores the registration information of the first node's TEE. The second node calls the data sharing contract to determine whether the block data of the second block matches the identification information of the first node's TEE. For example, whether the identification information of the first node's TEE included in the block data of the second block is consistent with the identification information of the first node's TEE carried in the TEE registration request, or whether the hash value of the identification information of the first node's TEE included in the block data of the second block corresponds to the identification information of the first node's TEE carried in the TEE registration request; if they match, the second node generates a fifth block according to the identification information of the first node's TEE, adds the fifth block to the second business sub-chain, and sends a registration success notification message to the first node. Only when the first node's TEE is successfully registered in both the first and second business sub-chains will the second node review and verify the first node's request for access to the target data.

[0106] 402. The second node responds to the access request by verifying the verification information of the first block.

[0107] The verification information for the first block may include the hash value of the first block, the block height, the Merkle root, etc.

[0108] Specifically, the second node can verify the access rights of the first node. For example, the second node can respond to the access request, call the cross-chain data access application contract to obtain the block data of the first block from the first business sub-chain, use the block data of the first block to verify the verification information of the first block, and determine that the verification is successful when the block data of the first block matches the verification information of the first block.

[0109] 403. If the verification passes, the second node generates the authorized access information for the target data and determines the third node.

[0110] 404. The second node sends first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

[0111] Specifically, if the verification passes, the second node generates authorized access information for the target data from the first node, that is, it allows the first node to access the target data and can identify the third node that interacts with the first node. The third node runs a Trusted Execution Environment (TEE). Then, the second node sends first response data to the first node, carrying the authorized access information for the target data and the identification information of the third node's TEE. This allows the first node to communicate with the third node via TEE, and the third node encrypts the target data in the TEE before transmitting it to the first node.

[0112] In some feasible implementations, the second node generates a fourth block based on the authorized access information of the target data and the identification information of the third node's TEE; after the second node and other nodes of the second business sub-chain pass the consensus verification of the fourth block, the fourth block is added to the second business sub-chain, thereby recording the relevant information on the authorized access to the target data of the first node in the second business sub-chain.

[0113] In this embodiment, the second node of the second business subchain receives an access request for target data sent by the first node of the first business subchain. The access request carries verification information of the first block of the first business subchain, and the first block stores the first node's pre-access record of the target data. The second node verifies the verification information of the first block. If the verification passes, it generates authorized access information for the target data and determines a third node. The second node then sends first response data to the first node. The first response data includes the authorized access information for the target data and the identification information of the third node's TEE. After determining the authorized access information, the first node can send a request to the third node to obtain the target data based on the identification information of the third node's TEE to obtain the encrypted target data generated by the third node's TEE. This enables efficient data sharing among multiple subchains in a tree-structured blockchain. Furthermore, the combination with TEE ensures secure and private communication during cross-chain data interaction, thereby improving the operational efficiency and security of the blockchain network.

[0114] In some feasible implementations, such as Figure 5 The diagram illustrates a cross-chain communication process provided in this application embodiment, primarily comprising secure cross-chain data sharing between sub-chains based on a TEE (Translation Exchange Edge) on a tree-structured chain. Specifically, it may include:

[0115] (1) Chain B (as described in the first business sub-chain above) registers a TEE address with the data sharing contract in Chain C (as described in the second business sub-chain above), indicating that it will use this TEE device (as described in the first node above) to receive cross-chain shared data. TEE registration is also a cross-chain operation. Before producing block C6 (as described in the fifth block above), Chain C needs to verify that the TEE has also been successfully registered in Chain B, which means verifying block B5 in Chain B (as described in the second block above), to ensure that both parties have credible on-chain records.

[0116] (2) Chain B first writes an on-chain record of the data X (target data) to be accessed by Chain C into a new block B6 (as described in the first block above). After completion, it sends the verification information of block B6 to access the cross-chain data access application contract of Chain C. After verifying B6, Chain C approves the access request and writes it into the on-chain transaction C7 (as described in the fourth block above). Chain C returns a successful application message to Chain B, as well as the TEE device information of Chain C that accepted the application. If it refuses, it returns a rejection message, and the cross-chain process terminates.

[0117] (3) After receiving the successful application, the first node mentioned above can initiate a request to obtain data X from the TEE device of the C chain (the third node mentioned above). After receiving the request, the TEE device of the C chain first verifies the validity of block C7 through the C chain contract, that is, verifies the validity of the permission of the B chain to access the data. Then it obtains data X and encrypts it with the public key of the TEE device of the B chain to obtain encrypted data X, and attaches the signature of the TEE device of the C chain, and returns it to the data processing device of the B chain (such as the first node mentioned above).

[0118] (4) Chain B performs secure processing of encrypted data X within the TEE, including decryption and business processing. After processing, the corresponding processing result, along with the TEE signatures of Chain B and Chain C, are submitted to block B8 to confirm that the data has been shared and computed across chains. Even when data X remains obscure, the validity of the computed result being uploaded to the chain can be guaranteed by the original on-chain cross-chain contract information of Chains B and C, as well as the signatures of the TEEs designated by both parties.

[0119] As can be seen, this application describes a reliable cross-chain information sharing scheme under the tree-structured blockchain scheme in the tax system, and specifically designs the combination of cross-chain interaction and TEE, making the cross-chain process more reliable. Furthermore, the TEE can reduce the amount of data stored on the chain, avoid storing plaintext data, and only store the hash of the data. The actual transmission of data is completed internally by the TEE, and the plaintext is always invisible in the chain. The validity of the entire cross-chain sharing and calculation process is guaranteed by the cross-chain contract and the signature of the TEE, which can provide more secure and effective protection for sensitive and critical data.

[0120] Please see Figure 6 This is a schematic diagram of a data processing apparatus according to an embodiment of this application. The data processing apparatus of this application embodiment can be applied to the first node described above. The apparatus includes:

[0121] The sending module 601 is used to send an access request for target data to a second node of a second business subchain, wherein the access request carries verification information of a first block of a first business subchain, and the first block stores a pre-access record of the target data by the first node of the first business subchain.

[0122] The receiving module 602 is used to receive first response data sent by the second node in response to the access request, wherein the first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node, and the authorized access information is generated by the second node after the verification information of the first block is verified.

[0123] The sending module 601 is further configured to, after determining that the first response data includes authorized access information of the target data, send a request to obtain the target data to the third node according to the identification information of the TEE of the third node.

[0124] The receiving module 602 is further configured to receive second response data sent by the third node in response to the acquisition request, the second response data including encrypted target data generated by the TEE of the third node.

[0125] Optionally, the second response data further includes the signature information of the TEE of the third node, and the device further includes a processing module 603, which is used for:

[0126] The first node's TEE is invoked to verify the signature information of the third node's TEE.

[0127] If the verification is successful, the TEE of the first node is invoked to decrypt the encrypted target data to obtain the target data, and the target data is then subjected to corresponding business processing to obtain the data processing result.

[0128] The data processing result, the signature information of the TEE of the first node, and the signature information of the TEE of the third node are written into the first business sub-chain.

[0129] Optionally, the processing module 603 is further configured to:

[0130] Generate a pre-access record of the target data for the first node.

[0131] The first block is generated based on the pre-access record.

[0132] After the consensus verification of the first block with other nodes of the first business sub-chain is successful, the first block is added to the first business sub-chain.

[0133] Optionally, the sending module 601 is further configured to send a TEE registration request to the second node, the TEE registration request carrying the identification information of the TEE of the first node.

[0134] The receiving module 602 is further configured to receive a registration success notification message sent by the second node after the second node has successfully verified the identification information of the first node's TEE using the second block of the first service sub-chain, wherein the second block stores the registration information of the first node's TEE.

[0135] Optionally, the processing module 603 is further configured to:

[0136] Obtain the registration information of the TEE of the first node.

[0137] The second block is generated based on the registration information of the TEE of the first node.

[0138] After the consensus verification of the second block with other nodes of the first business sub-chain is successful, the second block is added to the first business sub-chain.

[0139] Optionally, the processing module 603 is specifically used for:

[0140] The first node's TEE is invoked to obtain the third block from the second business sub-chain. The third block stores the registration information of the third node's TEE.

[0141] The first node's TEE is invoked to obtain the public key of the third node's TEE from the registration information of the third node's TEE stored in the third block.

[0142] The first node's TEE is invoked to verify the signature information of the third node's TEE using the public key of the third node's TEE.

[0143] Optionally, the K business sub-chains are generated based on the main chain of the blockchain network, and different business sub-chains in the K business sub-chains use different blocks of the main chain as their genesis blocks.

[0144] It should be noted that the functions of each functional module of the data processing device in this application embodiment can be specifically implemented according to the methods in the above method embodiments. The specific implementation process can be referred to the relevant descriptions in the above method embodiments, which will not be repeated here.

[0145] Please see Figure 7 This is a schematic diagram of another data processing device according to an embodiment of this application. The data processing device described in this embodiment can be applied to the second node mentioned above. The device includes:

[0146] The receiving module 701 is used to receive an access request for target data sent by the first node of the first business sub-chain, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores the pre-access record of the target data by the first node.

[0147] The processing module 702 is used to verify the verification information of the first block in response to the access request.

[0148] The processing module 702 is further configured to generate authorized access information for the target data and determine the third node if the verification passes.

[0149] The sending module 703 is used to send first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

[0150] Optionally, the processing module 702 is specifically used for:

[0151] In response to the access request, the cross-chain data access application contract is invoked to obtain the block data of the first block from the first business sub-chain.

[0152] The cross-chain data access application contract is invoked to verify the verification information of the first block using the block data of the first block, and the verification is deemed successful when the block data of the first block matches the verification information of the first block.

[0153] Optionally, the apparatus further includes a generation module 704, wherein the generation module 704 is configured to:

[0154] The fourth block is generated based on the authorized access information of the target data and the identification information of the TEE of the third node.

[0155] After the consensus verification of the fourth block is passed with other nodes of the second business sub-chain, the fourth block is added to the second business sub-chain.

[0156] It should be noted that the functions of each functional module of the data processing device in this application embodiment can be specifically implemented according to the methods in the above method embodiments. The specific implementation process can be referred to the relevant descriptions in the above method embodiments, which will not be repeated here.

[0157] Please see Figure 8 This is a schematic diagram of the structure of a computer device according to an embodiment of this application. The computer device in this embodiment includes a power supply module and other structures, and includes a processor 801, a storage device 802, and a network interface 803. The processor 801, the storage device 802, and the network interface 803 can exchange data.

[0158] The storage device 802 may include volatile memory, such as random-access memory (RAM); the storage device 802 may also include non-volatile memory, such as flash memory, solid-state drive (SSD), etc.; the storage device 802 may also include a combination of the above types of memory.

[0159] The processor 801 may be a central processing unit (CPU). In one embodiment, the processor 801 may also be a graphics processing unit (GPU). The processor 801 may also be a combination of a CPU and a GPU.

[0160] In one embodiment, the storage device 802 is used to store program instructions, and the processor 801 can invoke the program instructions to perform the following operations:

[0161] The network interface 803 is invoked to send an access request for target data to the second node of the second service subchain. The access request carries the verification information of the first block of the first service subchain. The first block stores the pre-access record of the target data by the first node of the first service subchain.

[0162] The network interface 803 is invoked to receive the first response data sent by the second node in response to the access request. The first response data includes the authorized access information of the target data and the identification information of the Trusted Execution Environment (TEE) of the third node. The authorized access information is generated by the second node after the verification information of the first block is verified.

[0163] After determining that the first response data includes the authorized access information of the target data, the network interface 803 is invoked to send a request to the third node to obtain the target data based on the identification information of the third node's TEE.

[0164] The network interface 803 is invoked to receive the second response data sent by the third node in response to the acquisition request. The second response data includes the encrypted target data generated by the TEE of the third node.

[0165] Optionally, the second response data also includes the signature information of the TEE of the third node, and the processor 801 is specifically used for:

[0166] The first node's TEE is invoked to verify the signature information of the third node's TEE.

[0167] If the verification is successful, the TEE of the first node is invoked to decrypt the encrypted target data to obtain the target data, and the target data is then subjected to corresponding business processing to obtain the data processing result.

[0168] The data processing result, the signature information of the TEE of the first node, and the signature information of the TEE of the third node are written into the first business sub-chain.

[0169] Optionally, the processor 801 is further configured to:

[0170] Generate a pre-access record of the target data for the first node.

[0171] The first block is generated based on the pre-access record.

[0172] After the consensus verification of the first block with other nodes of the first business sub-chain is successful, the first block is added to the first business sub-chain.

[0173] Optionally, the processor 801 is further configured to:

[0174] The network interface 803 is invoked to send a TEE registration request to the second node, the TEE registration request carrying the identification information of the first node's TEE.

[0175] The network interface 803 receives a registration success notification message sent by the second node after the second node has successfully verified the identification information of the first node's TEE using the second block of the first service subchain. The second block stores the registration information of the first node's TEE.

[0176] Optionally, the processor 801 is further configured to:

[0177] Obtain the registration information of the TEE of the first node.

[0178] The second block is generated based on the registration information of the TEE of the first node.

[0179] After the consensus verification of the second block with other nodes of the first business sub-chain is successful, the second block is added to the first business sub-chain.

[0180] Optionally, the processor 801 is specifically used for:

[0181] The first node's TEE is invoked to obtain the third block from the second business sub-chain. The third block stores the registration information of the third node's TEE.

[0182] The first node's TEE is invoked to obtain the public key of the third node's TEE from the registration information of the third node's TEE stored in the third block.

[0183] The first node's TEE is invoked to verify the signature information of the third node's TEE using the public key of the third node's TEE.

[0184] Optionally, the K business sub-chains are generated based on the main chain of the blockchain network, and different business sub-chains in the K business sub-chains use different blocks of the main chain as their genesis blocks.

[0185] In specific implementation, the processor 801, storage device 802, and network interface 803 described in the embodiments of this application can execute the embodiments of this application. Figures 2-3 The implementation methods described in the relevant embodiments of the provided method can also be used to execute the embodiments of this application. Figure 6 The implementation methods described in the relevant embodiments of the provided device will not be repeated here.

[0186] In one embodiment, the storage device 802 is used to store program instructions, and the processor 801 can invoke the program instructions to perform the following operations:

[0187] The network interface 803 is invoked to receive an access request for target data sent by the first node of the first service subchain. The access request carries the verification information of the first block of the first service subchain, and the first block stores the pre-access record of the first node for the target data.

[0188] In response to the access request, the verification information of the first block is verified.

[0189] If the verification passes, authorized access information for the target data is generated, and a third node is determined.

[0190] The network interface 803 is invoked to send first response data to the first node. The first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

[0191] Optionally, the processor 801 is specifically used for:

[0192] In response to the access request, the cross-chain data access application contract is invoked to obtain the block data of the first block from the first business sub-chain.

[0193] The cross-chain data access application contract is invoked to verify the verification information of the first block using the block data of the first block, and the verification is deemed successful when the block data of the first block matches the verification information of the first block.

[0194] Optionally, the processor 801 is further configured to:

[0195] The fourth block is generated based on the authorized access information of the target data and the identification information of the TEE of the third node.

[0196] After the consensus verification of the fourth block is passed with other nodes of the second business sub-chain, the fourth block is added to the second business sub-chain.

[0197] In specific implementation, the processor 801, storage device 802, and network interface 803 described in the embodiments of this application can execute the embodiments of this application. Figure 4 The implementation methods described in the relevant embodiments of the provided method can also be used to execute the embodiments of this application. Figure 7 The implementation methods described in the relevant embodiments of the provided device will not be repeated here.

[0198] It is understood that in the specific embodiments of this application, data such as user information are involved. When the above embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.

[0199] In the above embodiments, the descriptions of each embodiment have their own emphasis. Parts not described in detail in a certain embodiment can be referred to in the relevant descriptions of other embodiments. The technical solutions of this application, in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which can be a personal computer, server, or network device, specifically a processor in the computer device) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium may include: a USB flash drive, a portable hard drive, a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM), and other media capable of storing program code.

[0200] The above-described embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application.

Claims

1. A data processing method based on a blockchain network, characterized in that, The blockchain network includes K business sub-chains, each of which records transaction data for its corresponding business, where K is an integer greater than or equal to 2. The method includes: The first node of the first service subchain sends a TEE registration request to the second node of the second service subchain. The TEE registration request is used to instruct the second node to register the first node's TEE to the second service subchain after the second node verifies the identification information of the first node's TEE using the second block of the first service subchain. The second block stores the registration information of the first node's TEE. The first service subchain and the second service subchain are any two of the K service subchains. The first node receives a registration success notification message sent by the second node, and in response to the registration success notification message, sends an access request for the target data to the second node. The access request carries the verification information of the first block of the first business sub-chain, and the first block stores the first node's pre-access record of the target data. The first node receives first response data sent by the second node in response to the access request. The first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node of the second business subchain. The authorized access information is generated by the second node after the verification information of the first block is verified. After determining that the first response data includes the authorized access information of the target data, the first node sends a request to the third node to obtain the target data according to the identification information of the third node's TEE, and receives the second response data sent by the third node in response to the request. The second response data includes the encrypted target data generated by the third node's TEE. The first node calls its TEE to decrypt the encrypted target data, obtains the target data, performs corresponding business processing on the target data, obtains the data processing result, and writes the data processing result, the signature information of the first node's TEE, and the signature information of the third node's TEE into the first business sub-chain.

2. The method of claim 1, wherein, The second response data also includes the signature information of the TEE of the third node, and the method further includes: The first node calls its own TEE to verify the signature information of the third node's TEE; If the verification is successful, the first node will execute the step of calling the first node's TEE to decrypt the encrypted target data and obtain the target data.

3. The method according to claim 1 or 2, characterized in that, The method further includes: The first node generates a pre-access record of the target data; The first node generates a first block based on the pre-access record; After the first node has successfully verified the consensus of the first block with other nodes in the first business sub-chain, it adds the first block to the first business sub-chain.

4. The method of claim 1, wherein, The method further includes: The first node obtains the registration information of the first node's TEE; The first node generates a second block based on the registration information of the first node's TEE; After the first node has successfully verified the consensus of the second block with other nodes in the first business sub-chain, it adds the second block to the first business sub-chain.

5. The method of claim 2, wherein, The first node invokes its own TEE to verify the signature information of the third node's TEE, including: The first node calls its TEE to obtain the third block from the second business sub-chain, and the third block stores the registration information of the third node's TEE; The first node calls its own TEE to obtain the public key of the third node's TEE from the registration information of the third node's TEE stored in the third block; The first node calls its own TEE to verify the signature information of the third node's TEE using the public key of the third node's TEE.

6. The method according to claim 1, characterized in that, The K business sub-chains are generated based on the main chain of the blockchain network, and different business sub-chains in the K business sub-chains use different blocks of the main chain as their genesis blocks.

7. A data processing method based on a blockchain network, characterized in that, The blockchain network includes K business sub-chains, each of which records transaction data for its corresponding business, where K is an integer greater than or equal to 2. The method includes: The second node of the second service subchain receives the TEE registration request sent by the first node of the first service subchain, wherein the first service subchain and the second service subchain are any two of the K service subchains; The second node responds to the TEE registration request by calling the data sharing contract to obtain the block data of the second block from the first business sub-chain, and determines whether the block data of the second block matches the identification information of the first node's TEE. The second block stores the registration information of the first node's TEE. If a match is found, the second node generates a fifth block based on the identification information of the first node's TEE, adds the fifth block to the second business sub-chain, and sends a registration success notification message to the first node. The second node receives an access request for target data sent by the first node in response to the registration success notification message, wherein the access request carries verification information of the first block of the first business subchain, and the first block stores the first node's pre-access record of the target data; The second node responds to the access request by verifying the verification information of the first block; If the verification passes, the second node generates the authorized access information for the target data and determines the third node of the second business sub-chain; The second node sends first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

8. The method according to claim 7, characterized in that, The second node responds to the access request by verifying the verification information of the first block, including: The second node responds to the access request by invoking the cross-chain data access application contract to obtain the block data of the first block from the first business sub-chain; The second node invokes the cross-chain data access application contract to verify the verification information of the first block using the block data of the first block, and determines that the verification is successful when the block data of the first block matches the verification information of the first block.

9. The method according to claim 7 or 8, characterized in that, After the second node generates the authorized access information for the target data and determines the third node of the second business sub-chain, the method further includes: The second node generates a fourth block based on the authorized access information of the target data and the identification information of the TEE of the third node; After the second node has successfully verified the consensus of the fourth block with other nodes in the second business sub-chain, it adds the fourth block to the second business sub-chain.

10. A data processing apparatus, characterized in that, The device includes: The sending module is used to send a TEE registration request to the second node of the second service sub-chain. The TEE registration request is used to instruct the second node to register the TEE of the first node to the second service sub-chain after the identification information of the first node's TEE is verified by the second block of the first service sub-chain. The second block stores the registration information of the first node's TEE. The first service sub-chain and the second service sub-chain are any two of K service sub-chains. The receiving module is used to receive the registration success notification message sent by the second node; The sending module is further configured to send an access request for target data to the second node in response to the registration success notification message, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores a pre-access record of the target data by the first node of the first business sub-chain. The receiving module is further configured to receive first response data sent by the second node in response to the access request, wherein the first response data includes authorized access information of the target data and identification information of the Trusted Execution Environment (TEE) of the third node of the second business subchain, and the authorized access information is generated by the second node after the verification information of the first block is verified. The sending module is further configured to, after determining that the first response data includes authorized access information of the target data, send a request to obtain the target data to the third node according to the identification information of the TEE of the third node; The receiving module is further configured to receive second response data sent by the third node in response to the acquisition request, the second response data including encrypted target data generated by the TEE of the third node; The processing module is used to call the TEE of the first node to decrypt the encrypted target data, obtain the target data, perform corresponding business processing on the target data, obtain the data processing result, and write the data processing result, the signature information of the TEE of the first node, and the signature information of the TEE of the third node into the first business sub-chain.

11. A data processing apparatus, characterized in that, The device includes: The receiving module is used to receive the TEE registration request sent by the first node of the first service sub-chain; The processing module is used to respond to the TEE registration request, call the data sharing contract to obtain the block data of the second block from the first business sub-chain, and determine whether the block data of the second block matches the identification information of the TEE of the first node. The second block stores the registration information of the TEE of the first node. If they match, a fifth block is generated according to the identification information of the TEE of the first node, and the fifth block is added to the second business sub-chain. The first business sub-chain and the second business sub-chain are any two of the K business sub-chains. The sending module is used to send a registration success notification message to the first node; The receiving module is further configured to receive an access request for target data sent by the first node in response to the registration success notification message, wherein the access request carries verification information of the first block of the first business sub-chain, and the first block stores the first node's pre-access record of the target data. The processing module is also used to verify the verification information of the first block in response to the access request; The processing module is further configured to generate authorized access information for the target data and determine the third node of the second business sub-chain if the verification passes. The sending module is further configured to send first response data to the first node, wherein the first response data includes authorized access information of the target data and identification information of the TEE of the third node. The first response data is used by the first node to send a request to the third node to obtain the target data, so as to obtain the encrypted target data generated by the TEE of the third node.

12. A computer device, characterized in that, The computer device includes a processor, a network interface, and a storage device, which are interconnected. The network interface is controlled by the processor to send and receive data. The storage device is used to store a computer program, which includes program instructions. The processor is configured to invoke the program instructions to execute the data processing method based on a blockchain network as described in any one of claims 1 to 6.

13. A computer device, characterized in that, The computer device includes a processor, a network interface, and a storage device, which are interconnected. The network interface is controlled by the processor to send and receive data. The storage device is used to store a computer program, which includes program instructions. The processor is configured to invoke the program instructions to execute the data processing method based on a blockchain network as described in any one of claims 7 to 9.

14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, the computer program including program instructions, which are executed by a processor to perform the data processing method based on a blockchain network as described in any one of claims 1 to 6.

15. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, the computer program including program instructions, which are executed by a processor to perform the data processing method based on a blockchain network as described in any one of claims 7 to 9.

16. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a computer processor, it implements the data processing method based on a blockchain network as described in any one of claims 1 to 6.

17. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a computer processor, it implements the data processing method based on a blockchain network as described in any one of claims 7 to 9.

Citation Information

Patent Citations

  • Cross-chain data credible management method and device and electronic equipment

    CN110035045A

  • Data access permission verification method and device, computer equipment and storage medium

    CN111914293A