A supply chain data sharing method, device, storage medium and equipment

By configuring elliptic curve point generation key parameters for supply chain nodes, the security risks in supply chain data sharing are resolved, enabling efficient and reliable data transmission and location, and improving the security and efficiency of data sharing.

CN122179092APending Publication Date: 2026-06-09XINYANG BRANCH HENAN CO LTD OF CHINA MOBILE COMM CORP +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
XINYANG BRANCH HENAN CO LTD OF CHINA MOBILE COMM CORP
Filing Date
2026-02-25
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In existing supply chain data sharing methods, when data is transmitted or forwarded between multiple business nodes, there is a security risk that attackers may forge node identities, tamper with data content, or initiate unauthorized data requests.

Method used

Configure unique elliptic curve points to generate key parameters for business nodes. Through signature verification, identity verification, and dynamic encryption, establish attribute linked lists and business node topology graphs to achieve trust verification and data location.

Benefits of technology

It improves the security and tamper resistance of data transmission, reduces intermediate steps in the data retrieval process, enhances data sharing efficiency and security, and prevents unauthorized access.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179092A_ABST
    Figure CN122179092A_ABST
Patent Text Reader

Abstract

The application discloses a supply chain data sharing method and device, a storage medium and equipment, and the method comprises the following steps: selecting a curve point corresponding to a business node in a pre-set elliptic curve; generating a key parameter for the business node based on the coordinate information of the curve point, and the key parameter is used for participating in the trustworthiness check in the data sharing process. The application can improve the security in the data sharing process.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data sharing technology, and in particular to a supply chain data sharing method, apparatus, storage medium and device. Background Technology

[0002] As supply chains become increasingly digital, business nodes within them frequently need to share operational data such as order information, logistics status, and production data to support cross-enterprise collaboration. However, current data sharing methods typically rely solely on business relationships or network connections between nodes for data transmission. When data is transferred or forwarded between multiple business nodes, attackers may forge node identities, tamper with data content, or initiate unauthorized data requests, resulting in significant security risks during data sharing. Summary of the Invention

[0003] The purpose of this invention is to provide a supply chain data sharing method, apparatus, storage medium, and device, which effectively improves the security of the data sharing process by configuring unique key parameters for business nodes and performing signature verification, identity verification, and dynamic encryption.

[0004] To achieve the above objectives, a first aspect of the present invention provides a supply chain data sharing method, the method comprising: Select a curve point that uniquely corresponds to the business node from the pre-defined elliptic curve; Based on the coordinate information of the curve points, key parameters are generated for the business node. These key parameters are used to participate in trust verification during data sharing.

[0005] This embodiment selects a unique curve point in the elliptic curve to generate key parameters for the business node, enabling the node to complete trust verification and generate a dynamic key during data sharing, thereby significantly improving the security and anti-tampering capability of data transmission.

[0006] Furthermore, it also includes: A first message carrying the key parameters is sent to the service node, the first message being used to instruct the service node to generate a first signature using the key parameters.

[0007] This embodiment sends a first message carrying key parameters to the service node, enabling the node to generate a first signature based on the key parameters, thereby ensuring that the reported metadata is verifiable and tamper-proof.

[0008] Furthermore, it also includes: After receiving the second message sent by the service node, the credibility of the metadata information of the service node carried in the second message is verified based on the first signature carried in the second message. The metadata information refers to the business description information generated by the business node based on the business content it processes.

[0009] This embodiment verifies the authenticity and integrity of metadata information by performing a first signature verification on the second message reported by the business node at the central node. Since the metadata information is generated by the business node when processing business content and carries a unique signature, the central node can effectively identify whether the data originates from a legitimate node and whether it has been tampered with. This verification mechanism not only improves the credibility of metadata in the data sharing link but also provides a reliable data foundation for subsequent data location, matching, and secure transmission.

[0010] Furthermore, it also includes: Based on the key parameters, and combined with the node identifier and metadata information of the business node, an attribute linked list is established for the business node, wherein the metadata information is business description information generated by the business node based on the business content it processes; A business node topology graph is established based on the attribute linked list of all business nodes in the supply chain.

[0011] This embodiment establishes an attribute linked list for business nodes based on key parameters, node identifiers, and metadata information, enabling each node's identity characteristics and the data characteristics it generates to form a traceable, structured record. Furthermore, by aggregating the attribute linked lists of all business nodes, a business node topology graph is constructed, allowing the central node to intuitively grasp the distribution and relationships of data within the supply chain. This allows for quick and accurate location of the target business node when it makes a data request. This mechanism effectively reduces intermediate steps in the data search process and improves data sharing efficiency.

[0012] Furthermore, based on the role of the business nodes in data sharing, the business nodes are divided into requesting business nodes and responding business nodes, which further includes: After receiving the service request message sent by the requesting service node, query the response service node with the ability to respond to the service request based on the node topology graph; This embodiment categorizes business nodes into requesting business nodes and responding business nodes based on their roles in data sharing. A business node acts as a requesting business node when it needs to obtain data from other nodes; a business node acts as a responding business node when it has the ability to generate or provide target data in response to a data request. Upon receiving a business request message from a requesting business node, the central node can query the responding business node capable of handling the request based on the constructed business node topology map. This avoids the delays and uncertainties caused by multi-level forwarding in traditional supply chains, further ensuring the stability and security of the supply chain data sharing process.

[0013] Further, the step of querying the response service node with the ability to respond to the service request based on the node topology graph includes: Based on the description of the requested service carried in the service request message, query the metadata information that matches the description in the service node topology graph; Based on the matched metadata information, the response service node that generated the metadata information is queried in the node topology graph.

[0014] This embodiment uses the requested service description as the retrieval basis in the business node topology map. First, it matches the corresponding metadata information, and then determines the responding business node that generated the information based on that metadata information. Compared to traditional methods that rely on manual judgment or multi-level forwarding, this matching query mechanism significantly shortens the data search chain, reduces invalid requests, and improves the accuracy and real-time performance of data location.

[0015] Furthermore, it also includes: The verification code for the business node is generated based on the key parameters; The verification code is used when a business node responds to a business request initiated by a requesting business node. The responding business node verifies the identity of the requesting business node based on the verification code to confirm that the business requesting node is an authorized and trusted requesting node.

[0016] This embodiment generates verification codes for business nodes based on key parameters. This enables responding business nodes to quickly and reliably verify the identity of requesting business nodes when processing their requests. Through this authentication mechanism, the system effectively prevents unauthorized nodes from forging requests or maliciously obtaining sensitive business data, thereby significantly improving the accuracy and security of access control during supply chain data sharing. This approach, with unified authorization and distribution of verification codes by a central node, makes identity verification controllable, achieving node-level trustworthiness assessment without relying on complex trust chain configurations, further enhancing the security of data transmission.

[0017] To achieve the above objectives, a second aspect of the present invention also provides a supply chain data sharing apparatus for implementing the supply chain data sharing method described in any of the first aspects, the apparatus comprising: The curve point allocation module is used to select a curve point that uniquely corresponds to a business node from a pre-set elliptic curve. The key parameter generation module is used to generate key parameters for the business node based on the coordinate information of the curve points. The key parameters are used to participate in trust verification during data sharing.

[0018] A third aspect of the present invention also provides a computer-readable storage medium comprising a stored computer program; wherein, when the computer program is executed, it controls the device on which the computer-readable storage medium is located to perform a supply chain data sharing method as described in any of the first aspects above.

[0019] A fourth aspect of the present invention also provides a terminal device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, wherein the processor, when executing the computer program, implements a supply chain data sharing method as described in any of the first aspects above. Attached Figure Description

[0020] Figure 1 This is a flowchart of a preferred embodiment of a supply chain data sharing method provided in the first aspect of the present invention; Figure 2 This is a schematic diagram of a linked list structure of a preferred embodiment of a supply chain data sharing method provided in the first aspect of the present invention; Figure 3 This is a node topology diagram of a preferred embodiment of a supply chain data sharing method provided in the first aspect of the present invention; Figure 4 This is a structural block diagram of a preferred embodiment of a supply chain data sharing device provided in the second aspect of the present invention; Figure 5 This is a structural block diagram of a preferred embodiment of a terminal device provided in the fourth aspect of the present invention. Detailed Implementation

[0021] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0022] It should be noted that the data involved in this invention (including but not limited to data used for analysis, data stored, data displayed, etc.) are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, use and processing of related data must comply with relevant laws, regulations and standards, and corresponding operation entry points are provided for users to choose to authorize or refuse.

[0023] In this embodiment of the invention, the words "exemplarily" or "for example" are used to indicate examples, illustrations, or descriptions. Any embodiment or design described as "exemplarily" or "for example" in this invention should not be construed as being more preferred or advantageous than other embodiments or designs. Rather, the use of the words "exemplarily" or "for example" is intended to present the relevant concepts in a specific manner.

[0024] In this invention description, the terms "first," "second," "third," etc., are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of indicated technical features. Thus, a feature defined with "first," "second," "third," etc., may explicitly or implicitly include one or more of that feature. In this invention description, unless otherwise stated, "a plurality of" means two or more. In this invention description, the term "comprising" and its variations are open-ended, meaning "including but not limited to." The term "based on" means "at least partially based on." The term "according to" means "at least partially according to." The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments."

[0025] In the description of this invention, it should be noted that, unless otherwise explicitly specified and limited, the terms "installation," "connection," and "linking" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art can understand the specific meaning of the above terms in this invention based on the specific circumstances.

[0026] In the description of this invention, it should be noted that, unless otherwise defined, all technical and scientific terms used in this invention have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in this specification is for the purpose of describing specific embodiments only and is not intended to limit the invention. Those skilled in the art can understand the specific meaning of the above terms in this invention based on the specific circumstances.

[0027] A first aspect of this invention provides a supply chain data sharing method, see [link to relevant documentation]. Figure 1 The diagram shown is a flowchart of a preferred embodiment of a supply chain data sharing method provided by the first aspect of the present invention. The method includes steps S1 to S2, as follows: Step S1: Select a curve point that uniquely corresponds to the business node in the pre-set elliptic curve; In one example, the central node predetermines an elliptic curve for key generation, such as a publicly available curve that meets specific security parameter requirements. Then, based on the number of business nodes, the central node selects a unique curve point from this elliptic curve for each business node, ensuring that the selected curve point uniquely corresponds to that business node. This curve point can be generated based on node identifiers, node registration order, or a random selection strategy to ensure that the key parameters of different business nodes are independent and cannot be derived from each other, thus providing a reliable cryptographic foundation for subsequent signature generation, verification, and security checks.

[0028] Step S2: Generate key parameters for the business node based on the coordinate information of the curve points. The key parameters are used to participate in trust verification during the data sharing process.

[0029] In one example, the supply chain system includes a central node and multiple business nodes, which are used to perform business operations related to production, flow, or data requests in the supply chain.

[0030] First, during the system initialization phase, the central node can generate unique key parameters for each business node using various methods. In a preferred approach, the central node selects a curve point uniquely corresponding to each business node within a pre-defined elliptic curve and uses the coordinates of this curve point as the key parameter for that business node. Specifically, the central node selects an independent and non-repeating point for each business node in the supply chain within a pre-defined elliptic curve and uses the coordinates of this point as the node's key parameter. For example, when the elliptic curve is... The key parameter of any node i is any point in the elliptic curve. .

[0031] The key parameters are used for trust verification by participating nodes during data sharing. Subsequently, the central node sends a first message carrying the key parameters of each business node in the supply chain, based on the IP address of each business node, to instruct these business nodes to use the key parameters to perform signature operations and identity verification in subsequent business processing. Upon receiving the first message, the business node uses the key parameters to sign the data description and generation time corresponding to the target data generated in its supply chain business.

[0032] Based on the above example, after completing the data description generation and signature processing, the business node sends a second message carrying the data description, generation time, and signature to the central node. Upon receiving the second message, the central node verifies the trustworthiness of the metadata information in the second message based on the signature, ensuring that the data description has not been tampered with and was indeed generated by the business node. After verification, the central node establishes an attribute linked list for the business node based on the key parameters, node identifier, and the metadata information, and constructs a business node topology graph based on the attribute linked lists of all business nodes in the supply chain. The business node topology graph describes the data types generated by each business node in the supply chain and their relationships.

[0033] When a business node needs to obtain target data, it sends a business request message to the central node, carrying a description of the requested business. Upon receiving the request, the central node queries the business node topology graph for metadata information matching the request description and further searches for the responding business node that generated that metadata information. After determining the responding business node, the central node sends an instruction message to the requesting business node, instructing it to initiate a data request to the responding business node. Alternatively, if the central node cannot find a matching responding business node in the topology graph, it can broadcast the request description to all business nodes except the current requesting node, prompting nodes capable of generating the business data to proactively return the corresponding metadata information.

[0034] Based on the above example, the central node can also generate a verification code for the business node based on its key parameters. This verification code is used by the business node to check the identity of the requesting node when it receives a data request. The responding business node can then compare the verification code issued by the central node to determine whether the requesting business node is an authorized and trusted node, and thus decide whether to return the target business data to it.

[0035] This embodiment assigns unique points on an elliptic curve to each business node, ensuring that the key parameters are mathematically irreversible and difficult to forge, thereby guaranteeing the uniqueness and trustworthiness of node identities. During subsequent data sharing and interaction, each business node can use these key parameters to perform secure operations such as signing, verifying signatures, and generating verification codes, achieving trusted verification of data sources and access requests. Compared to traditional static keys or manual allocation methods, this embodiment's use of elliptic curve generation for key parameters not only improves key security but also makes key management more automated and scalable, further ensuring the security and reliability of the supply chain data sharing process.

[0036] In another preferred embodiment, the method further includes: A first message carrying the key parameters is sent to the service node, the first message being used to instruct the service node to generate a first signature using the key parameters.

[0037] In one example, the central node sends the key parameters of each node to each node in the supply chain based on the IP address of each node, and informs each node to send back the description and generation time of the data generated for the business to the central node.

[0038] When any node in the supply chain generates business-related data, that node will first describe the data to form metadata information, and then report it to the central node, including the first thousandth node, data description, and data generation time. The relevant data is data that the node deems shareable. If it involves confidential data such as technical secrets, it may withhold information from the central node to ensure data sharing security. Taking any node i as an example, the execution steps of the data generation process after it generates business-related data are as follows: Step 2.1: Node i identifies the business data it generates and generates a brief data description based on the business content. This description can be summary text, tag numbers, structured descriptions, or other annotation information that identifies the main content of the data, for use in the subsequent data sharing and search process.

[0039] Step 2.2: Node i packages the business data metadata and completes the signature process. Step 2.21: Node i packages the data description and its generation time into a data packet. ; Step 2.22: Generate random numbers for node i. This is used for subsequent signature calculations; Step 2.23: Node i calculates the first signature based on the key parameters. ,in, For node i, the key parameter; Step 2.24: Node i then calculates the second signature based on the data packet PD and the node identifier, and calculates another signature parameter. Where hash() is the hash function. It is the floor function. This is the decimal number converted from the binary number corresponding to node i; Step 2.25, node i will and signature Send to the central node.

[0040] This embodiment distributes key parameters to business nodes and employs a dual-signature mechanism, enabling business nodes to submit verifiable signature information simultaneously when reporting data descriptions. The central node can verify the signature based on the key parameters, thereby ensuring that the data description and its generation time originate from legitimate nodes and have not been tampered with. Because random numbers are used in conjunction... Elliptic curve points and node identifiers This makes signatures difficult to forge and reverse engineer, effectively improving the credibility and security of data in the supply chain data sharing process.

[0041] Understandably, the use of two signatures for joint verification is intended to further ensure data accuracy. Existing verification processes rely on pre-communicated keys (such as public and private keys). For example, one party signs using a key, and the other verifies using another key. However, since these keys are pre-communicated and unchanging, key leaks could allow one party to impersonate the key and sign, while the other party could still successfully verify the signature, posing a security risk. This proposal determines the signature in real-time, ensuring each signature is unique. Furthermore, the signature is not verified using a pre-defined key. Instead, a verification value is calculated from a received signature, and verification is performed based on this value and the second received signature. This eliminates the need for verification before each data reception, significantly enhancing data security compared to existing methods with fixed verification keys.

[0042] Understandably, by allowing business nodes to decide independently whether to upload sensitive data, the need for data sharing and the requirements for node privacy protection can be further balanced, making the entire supply chain data interaction process more secure.

[0043] In yet another preferred embodiment, the method further includes: After receiving the second message sent by the service node, the credibility of the metadata information of the service node carried in the second message is verified based on the first signature carried in the second message. The metadata information refers to the business description information generated by the business node based on the business content it processes.

[0044] In one example, business node i sends a second message carrying its metadata information and signature to the central node. The central node receives... and Then, based on the received calculate Simultaneously, the central node retrieves the node i identifier stored in the head node of the attribute linked list corresponding to node i, and calculates the decimal number converted from the corresponding binary number. Furthermore, the central node obtains the key parameters of node i stored in the security node of the attribute linked list corresponding to node i. .

[0045] Based on the above parameters, the central node calculates the verification value:

[0046] like If the signature verification is successful, the central node stores the data description and data generation time sent by node i into the data node of the attribute linked list corresponding to node i. Otherwise, the signature verification fails, no data is stored, and a relevant warning is sent to node i.

[0047] This embodiment constructs a dual-signature and dual-factor verification mechanism based on key parameters, enabling the central node to accurately verify the source and integrity of the metadata information reported by the business nodes.

[0048] In yet another preferred embodiment, the method further includes: Based on the key parameters, and combined with the node identifier and metadata information of the business node, an attribute linked list is established for the business node, wherein the metadata information is business description information generated by the business node based on the business content it processes; A business node topology graph is established based on the attribute linked list of all business nodes in the supply chain.

[0049] In one example, see Figure 2 This is a schematic diagram of a linked list structure of a preferred embodiment of a supply chain data sharing method provided in the first aspect of the present invention. Each attribute linked list includes three linked list nodes: a head node, a security node, and a data node. The head node stores the identification information of the business node, such as the enterprise unified social credit code, ID card number, and other data that can uniquely identify the node, as well as the node's IP address, for the central node to establish a communication connection with the business node. The security node stores the key parameters configured by the central node for the business node, which are used for subsequent data signing, verification, and security control. The data node stores the metadata information generated by the business node in the form of a two-dimensional array, where one dimension stores the data description and the other dimension stores the corresponding data generation time.

[0050] After establishing attribute linked lists for all business nodes in the supply chain, the central node constructs a business node topology graph based on the upstream and downstream relationships between these nodes. Each business node corresponds to a point in the topology graph. If there is a data or business flow relationship between two nodes, it is represented in the topology graph by a directed edge from the upstream node to the downstream node. See also Figure 3The diagram shown is a node topology diagram of a preferred embodiment of a supply chain data sharing method provided by the first aspect of the present invention. Node 4 in the diagram is a business node, its upstream node 2 can be a service support party, and its downstream node 5 can be a business consumer. This topology diagram can reflect the overall structure and flow of the supply chain, which helps the central node to quickly locate the target data generation node in the subsequent data sharing request processing, improve data search efficiency, and reduce the security risks caused by multi-level forwarding.

[0051] In yet another preferred embodiment, the business nodes are divided into requesting business nodes and responding business nodes according to their roles in data sharing. The method then further includes: After receiving the service request message sent by the requesting service node, the system queries the node topology graph to find the response service node that has the capability to respond to the service request.

[0052] In one example, taking any requesting business node j as an example, node j first sends a data request message to the central node, which carries a description of the target data. After receiving the data request, the central node uses the request description as a search condition, traverses the data nodes in the attribute linked lists of each business node in the node topology graph to match the data description that matches the request description, thereby determining the business node i that generated the data description and identifying it as the responding business node. This embodiment utilizes the node topology graph for data matching during the request phase, enabling the central node to quickly locate the actual generating node of the target data based on structured metadata, without relying on multi-node forwarding in the supply chain, thus significantly improving the efficiency and accuracy of data retrieval. Simultaneously, this search process, based on attribute linked lists and topology structure, effectively reduces the disordered propagation of data requests in the network, reduces the potential risk of data leakage, and further improves the security and controllability of the supply chain data sharing process.

[0053] In yet another preferred embodiment, the step of querying the responding service node with the capability to respond to the service request based on the node topology graph includes: Based on the description of the requested service carried in the service request message, query the metadata information that matches the description in the service node topology graph; Based on the matched metadata information, the response service node that generated the metadata information is queried in the node topology graph.

[0054] In one example, when node j needs to obtain certain business data, node j sends a business request message containing a description of the target data to the central node. Upon receiving the request, the central node first locates the attribute linked lists of all business nodes in the node topology graph, and then traverses the data nodes of each attribute linked list one by one to find metadata information consistent with the data description submitted by node j. After finding matching metadata information, the central node directly locates the business node i that generated the metadata information based on the node relationship records in the node topology graph. This embodiment uses joint matching of the node topology graph and structured metadata to enable the central node to accurately determine the node that generated the target data, thereby significantly improving the accuracy and efficiency of data location, reducing invalid requests in the supply chain, and enhancing the overall security of the data sharing process.

[0055] It should be noted that when the central node does not find metadata information matching the data description in the node topology graph, the central node will broadcast the data description to all business nodes except node j. Upon receiving the description, each business node first checks its locally stored business data to see if a matching data exists. If not, it returns a mismatch message to the central node. If a matching data exists, it further determines whether the data was generated by that node. If it was not generated by that node, it sends the identification information of the data-generating node back to the central node. If it was generated by that node but does not provide sharing, it sends a non-sharing message back to the central node. If it was generated by that node and sharing is allowed, it executes its local data generation process and reports the corresponding data description and generation time to the central node.

[0056] The central node performs the following processing based on the feedback from each node: (1) If all nodes report a mismatch, then return a message to node j indicating that there is no relevant shared data; (2) If the feedback information only contains mismatch and non-sharing, it means that there is data but it cannot be shared at present. The central node will return a prompt to node j that the data does not provide sharing services. (3) If any node reports the actual generating node or reports metadata information, the central node adds the generating node to the node topology graph to update the supply chain structure. Then, when data can be shared, the central node writes the data description and generation time into the attribute list of the node according to the data generation process, thereby completing data sharing.

[0057] In yet another preferred embodiment, the method further includes: The verification code for the business node is generated based on the key parameters; The verification code is used when a business node responds to a business request initiated by a requesting business node. The responding business node verifies the identity of the requesting business node based on the verification code to confirm that the business requesting node is an authorized and trusted requesting node.

[0058] In one example, when the central node matches the metadata information of node i in the node topology graph, the data description is... At that time, the data generation time corresponding to the data description will be displayed. The IP address of node i and the verification code of node i are sent to node j, where the verification code is calculated as follows:

[0059] Next, node j requests data and the received verification code based on node i's IP address. The request is sent to node i. When node i receives the service request from node j, it first checks its locally stored data descriptions to see if a matching data description exists. If so, node i authenticates node j based on the matching data description. That is, it authenticates node j based on the hash value of the matching data description and node i's own hash value. , Recalculate the verification code If the calculated verification code matches the received... If the identities are identical, then node j has been successfully authenticated and the data sharing process can continue.

[0060] After authentication, node i obtains the node identifier of node j, converts the node identifier of node j and its IP address into binary values, and concatenates them to obtain a binary string. For example, if the identifier of node j is CD, the IP address is 111.222.333.44, the ASCII code of C is 01100011, the ASCII code of D is 01000100, the ASCII code of 1 is 00110001, ..., then the binary string is 011000110100010000110001...

[0061] Next, node i determines the data generation time of the shared data. and obtain Last digit ,like If the precision is in seconds (e.g., 11 hours 22 minutes 34 seconds), then... It is 4, such as With a precision of milliseconds (e.g., 11 hours 22 minutes 34 seconds 56 milliseconds), then It is 6. In a binary string, starting from the left, every... Add one supplementary item, for a total of There are 10000110100010000110001, where L is the length of the binary string. For example, the binary string is 011000110100010000110001. If L=24, then an addendum is added every 5 bits, for a total of 24 / 8=3 addendums. The addendums are added in the order 0, 1, 0, 1… resulting in 011000011011000100000110001. If the required number of addendums is not met at the end of the binary string, the count continues from the left bit. For example… Then, an addendum is added every 10 bits, for a total of 24 / 8 = 3 addendums, resulting in 011000011010000100001110001. Next, the padded binary string is divided into 8-bit segments, with each 8-bit segment forming a substring, and any substring less than 8 bits also forming a substring. The hash values ​​of each substring are concatenated into a binary string to serve as the encryption key for this data sharing.

[0062] Node i encrypts the shared data using the aforementioned dynamic encryption key and sends the encrypted data to node j. Upon receiving the encrypted data, node j uses the same method as node i to convert its own node identifier and IP address into binary, concatenates them, and decrypts the data to obtain the shared data. The decryption steps are as follows: Node j converts its own identifier and IP address into binary values ​​and concatenates them to obtain a binary string. Node j then determines the value obtained in step 3.3. Last digit In the binary string obtained from 1, node j, starting from the left, is every... Add one supplementary item, for a total of The padded binary string is used as the decryption key to decrypt the encrypted data, thereby obtaining the shared data.

[0063] This embodiment achieves strong consistency verification of the requesting node's identity by introducing a verification code mechanism based on key parameters and data descriptions; and by dynamically generating encryption keys by combining node identifiers, IP addresses, and data generation times, it enables shared data to have strong real-time performance and unpredictability, thereby improving access control capabilities and data transmission security in the supply chain data sharing process.

[0064] A second aspect of the present invention provides a supply chain data sharing apparatus for implementing a supply chain data sharing method as described in any of the first aspects of the present invention. (See also...) Figure 4 The diagram shown is a structural block diagram of a preferred embodiment of a supply chain data sharing device provided in the second aspect of the present invention. The device includes: The curve point allocation module 11 is used to select a curve point that uniquely corresponds to a business node from a pre-set elliptic curve. The key parameter generation module 12 is used to generate key parameters for the business node based on the coordinate information of the curve points. The key parameters are used to participate in the trust verification during the data sharing process.

[0065] Preferably, the device further includes a key distribution instruction module, used to send a first message carrying the key parameters to the service node, the first message being used to instruct the service node to generate a first signature using the key parameters.

[0066] Preferably, the device further includes a metadata signature verification module, used to verify the credibility of the metadata information of the business node carried in the second message based on the first signature carried in the second message after receiving the second message sent by the business node; The metadata information refers to the business description information generated by the business node based on the business content it processes.

[0067] Preferably, the device further includes an attribute linked list construction module, which specifically includes: The first attribute linked list construction unit is used to build an attribute linked list for the business node based on the key parameters and the node identifier and metadata information of the business node, wherein the metadata information is business description information generated by the business node based on the business content it processes; The second attribute linked list construction unit is used to build a business node topology graph based on the attribute linked list of all business nodes in the supply chain.

[0068] Preferably, the business nodes are divided into requesting business nodes and responding business nodes according to their roles in data sharing; the device further includes a business node matching module, which, after receiving a business request message sent by the requesting business node, queries the responding business node with the ability to respond to the business request based on the node topology map.

[0069] Preferably, the business node matching module specifically includes: The first business node matching unit is used to query the metadata information that matches the description of the requested business carried in the business request message in the business node topology map. The second business node matching unit is used to query the response business node that generated the metadata information in the node topology graph based on the matched metadata information.

[0070] Preferably, the device further includes a verification code generation module, used to generate a verification code for the business node based on the key parameters; The verification code is used when a business node responds to a business request initiated by a requesting business node. The responding business node verifies the identity of the requesting business node based on the verification code to confirm that the business requesting node is an authorized and trusted requesting node.

[0071] It should be noted that the apparatus provided in the second aspect of the present invention can realize all the processes of the supply chain data sharing method described in the first aspect above. The functions and technical effects of each module and unit in the apparatus are the same as those of the supply chain data sharing method described in the first aspect above, and will not be repeated here.

[0072] A third aspect of the present invention also provides a computer-readable storage medium comprising a stored computer program; wherein, when the computer program is executed, it controls the device on which the computer-readable storage medium is located to perform a supply chain data sharing method as described in any of the first aspects of the present invention.

[0073] The fourth aspect of the present invention also provides a terminal device, see [link to documentation]. Figure 5 The diagram shown is a structural block diagram of a preferred embodiment of a terminal device provided in the fourth aspect of the present invention. The terminal device includes a processor 10, a memory 20, and a computer program stored in the memory 20 and configured to be executed by the processor 10. When the processor 10 executes the computer program, it implements a supply chain data sharing method as described in any of the above embodiments.

[0074] Preferably, the computer program can be divided into one or more modules / units (such as computer program 1, computer program 2, ...), and the one or more modules / units are stored in the memory 20 and executed by the processor 10 to complete the present invention. The one or more modules / units can be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer program in the terminal device.

[0075] The processor 10 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor, or the processor 10 may be any conventional processor. The processor 10 is the control center of the terminal device, connecting various parts of the terminal device through various interfaces and lines.

[0076] The memory 20 mainly includes a program storage area and a data storage area. The program storage area can store the operating system, applications required for at least one function, etc., while the data storage area can store related data, etc. Furthermore, the memory 20 can be a high-speed random access memory, or a non-volatile memory, such as a plug-in hard drive, a smart media card (SMC), a secure digital card (SD), and a flash card, or other volatile solid-state storage devices.

[0077] It should be noted that the aforementioned terminal device may include, but is not limited to, processors and memory. Those skilled in the art will understand that the above content is merely an example describing the structure of the terminal device and does not constitute a limitation on the structure of the aforementioned terminal device. The aforementioned terminal device may include more or fewer components than those described above, or combine certain components, or different components.

[0078] In summary, the supply chain data sharing method, apparatus, storage medium, and device provided by the embodiments of the present invention have at least the following beneficial effects: This invention configures unique key parameters for each business node in the supply chain and implements signature verification, CAPTCHA verification, and dynamic key generation based on these parameters. This ensures that each business node has verifiable and trustworthy identity during data reporting, requesting, and sharing, effectively preventing node forgery, data tampering, and unauthorized access. Furthermore, by establishing attribute linked lists containing node identifiers, key parameters, and metadata information for each business node, and constructing a business node topology graph based on all attribute linked lists, the central node can accurately locate the node that generates the target data, significantly shortening the data search path and improving sharing efficiency. Simultaneously, this invention supports dynamic topology maintenance in scenarios where topology information is missing or the supply chain structure changes, enhancing the system's robustness. By combining a joint protection mechanism of CAPTCHA and dynamic encryption keys, this invention effectively prevents data leakage and man-in-the-middle attacks during data transmission, further improving the overall security and controllability of supply chain data sharing.

[0079] Through the above description of the embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary hardware platforms, and of course, it can also be implemented entirely by hardware. Based on this understanding, all or part of the technical solution of the present invention that contributes to the background technology can be embodied in the form of a software product. This computer software product can be stored in a storage medium, such as ROM (Read-Only Memory) / RAM (Random Access Memory), magnetic disk, optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present invention.

[0080] The above description is only a preferred embodiment of the present invention. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the technical principles of the present invention, and these improvements and modifications should also be considered within the scope of protection of the present invention.

Claims

1. A supply chain data sharing method, characterized in that, include: Select a curve point that uniquely corresponds to the business node from the pre-defined elliptic curve; Based on the coordinate information of the curve points, key parameters are generated for the business node. These key parameters are used to participate in trust verification during data sharing.

2. The supply chain data sharing method as described in claim 1, characterized in that, Also includes: A first message carrying the key parameters is sent to the service node, the first message being used to instruct the service node to generate a first signature using the key parameters.

3. The supply chain data sharing method as described in claim 2, characterized in that, Also includes: After receiving the second message sent by the service node, the credibility of the metadata information of the service node carried in the second message is verified based on the first signature carried in the second message. The metadata information refers to the business description information generated by the business node based on the business content it processes.

4. The supply chain data sharing method as described in claim 1, characterized in that, Also includes: Based on the key parameters, and combined with the node identifier and metadata information of the business node, an attribute linked list is established for the business node, wherein the metadata information is business description information generated by the business node based on the business content it processes; A business node topology graph is established based on the attribute linked list of all business nodes in the supply chain.

5. A supply chain data sharing method as described in claim 4, characterized in that, Based on the role of the business nodes in data sharing, the method further includes classifying the business nodes into requesting business nodes and responding business nodes. After receiving the service request message sent by the requesting service node, the system queries the node topology graph to find the response service node that has the capability to respond to the service request.

6. A supply chain data sharing method as described in claim 5, characterized in that, The step of querying the node topology graph to identify the responding service node capable of responding to the service request includes: Based on the description of the requested service carried in the service request message, query the metadata information that matches the description in the service node topology graph; Based on the matched metadata information, the response service node that generated the metadata information is queried in the node topology graph.

7. A supply chain data sharing method as described in claim 1, characterized in that, Also includes: The verification code for the business node is generated based on the key parameters; The verification code is used when a business node responds to a business request initiated by a requesting business node. The responding business node uses the verification code to verify the identity of the requesting business node, so as to confirm that the business requesting node is an authorized and trusted requesting node.

8. A supply chain data sharing device, characterized in that, The apparatus for implementing a supply chain data sharing method as described in any one of claims 1 to 7 includes: The curve point allocation module 11 is used to select a curve point that uniquely corresponds to a business node from a pre-set elliptic curve. The key parameter generation module 12 is used to generate key parameters for the business node based on the coordinate information of the curve points. The key parameters are used to participate in the trust verification during the data sharing process.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a stored computer program; wherein, when the computer program is executed, it controls the device on which the computer-readable storage medium is located to perform a supply chain data sharing method as described in any one of claims 1 to 7.

10. A terminal device, characterized in that, It includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, wherein the processor, when executing the computer program, implements a supply chain data sharing method as described in any one of claims 1 to 7.