Blockchain-fused financial outsourcing service data security sharing and tracing method

By combining a dual-chain blockchain architecture with smart contracts, the security and traceability issues of data sharing in financial outsourcing businesses are resolved, achieving highly secure and traceable data sharing and supervision, and reducing the risk of data leakage and regulatory costs.

CN122247680APending Publication Date: 2026-06-19HENAN XINGMAI FINANCIAL SERVICES TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HENAN XINGMAI FINANCIAL SERVICES TECHNOLOGY CO LTD
Filing Date
2026-03-19
Publication Date
2026-06-19

Smart Images

  • Figure CN122247680A_ABST
    Figure CN122247680A_ABST
Patent Text Reader

Abstract

This invention belongs to the field of financial outsourcing services and data security technology, and discloses a method for secure sharing and traceability of financial outsourcing business data integrating blockchain, including S1: data preprocessing and encryption; S2: blockchain dual-chain architecture deployment; S3: dynamic permission sharing control; and S4: full-process traceability verification. This invention employs hierarchical encryption and double encryption, with core data also receiving homomorphic encryption. Outsourcing providers can complete calculations without decrypting the data, thus not affecting work and preventing the leakage of original data. Furthermore, the hash fingerprint and multi-node verification of the blockchain ensure that no one can secretly modify data or logs, maximizing security. It doesn't simply give the outsourcing provider a key and then leave it; the smart contract reviews qualifications and validity periods in real time. Any adjustments to permissions or extensions of time are recorded and require approval and signatures, preventing outsourcing providers from using data beyond their scope or time limits. This solves the problem of loss of control after authorization and is beneficial for practical application and operation.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of financial outsourcing services and data security technology, and in particular to a method for secure sharing and traceability of financial outsourcing business data that integrates blockchain. Background Technology

[0002] As the financial industry becomes increasingly specialized, banks, insurance companies, and other financial institutions often outsource non-core businesses (such as customer information entry, bill collection, and business file organization) to professional service providers in order to focus on core businesses (such as credit approval and product development) and reduce operating costs.

[0003] In practical applications, existing equipment often employs a "single encryption + manual authorization" model for data sharing. This model either uses simple encryption methods (such as basic passwords), making it vulnerable to hacker attacks, or suffers from chaotic key management, allowing for easy unauthorized access to raw data once keys are leaked. Furthermore, core data often requires decryption by outsourcing vendors before processing, further increasing the risk of leakage. Current authorization methods are mostly "one-time authorizations," making it difficult for financial institutions to monitor the scope of data use (e.g., access beyond business scope) and duration of use (e.g., retaining data beyond the cooperation period) once data is handed over to outsourcing vendors. This leads to a "loss of control after authorization" situation, which is inconsistent with the financial industry's standards for data access. The data operation logs are mostly stored on centralized servers, which pose a risk of tampering and deletion. Furthermore, the data flow and operation behavior are recorded in a scattered manner and lack correlation. Once data leakage or misuse occurs, it is difficult to quickly identify the responsible party (whether it is the client who leaked the data, the outsourcing provider who misused it, or a third party who attacked it), which brings great inconvenience to regulatory verification and dispute resolution. There is a lack of a unified data storage and verification platform among financial institutions, outsourcing service providers, and regulatory agencies. The process of manually transferring data, verifying qualifications, and reconciling accounts is cumbersome, which is not only time-consuming and labor-intensive, but also prone to data omissions and permission mismatches due to human error, which is not conducive to practical application and operation. Summary of the Invention

[0004] One objective of this invention is to provide a method for secure sharing and traceability of financial outsourcing business data that integrates blockchain.

[0005] To achieve the above objectives, the technical solution adopted by this invention is: a method for secure sharing and traceability of financial outsourcing business data integrating blockchain, comprising the following steps:

[0006] S1: Data preprocessing and encryption: Obtain outsourced business data from financial outsourcing clients, classify data according to sensitivity, generate ciphertext using symmetric encryption algorithms, and extract business attribute tags; perform asymmetric encryption on the symmetric key based on the outsourcing service provider's public key to generate key ciphertext, forming an associated data packet of data ciphertext, key ciphertext, and business tags;

[0007] S2: Deployment of a dual-chain blockchain architecture, constructing a data chain and an operation chain. In the dual-chain system, the data chain stores associated data packets and their corresponding hash values, while the operation chain stores the entire process behavior log. It adopts a practical Byzantine fault-tolerant consensus mechanism, with the project issuer, outsourcing service provider, and regulatory node jointly participating in block verification.

[0008] S3: Dynamic permission sharing control. Through smart contracts, a permission matrix is ​​preset, which is associated with the service provider's qualifications and data sensitivity level. The key can be called to decrypt the encrypted data only when the service provider node meets the qualification matching and the time is within the validity period. The permission adjustment trigger operation chain is notarized, and the reason for the permission change and the signature of the approval node are recorded.

[0009] S4: Full-process traceability and verification. After receiving the traceability request, the target data packet is obtained by retrieving the data chain through the business tag, and the operation chain related logs are retrieved synchronously. The data hash and log hash are aggregated and verified based on the Merkle tree algorithm, and the data integrity certificate and operation traceability graph are output. The graph contains the identity on-chain authentication information of the operation nodes in each link.

[0010] Preferably, the business attribute tags in S1 also include data classification and grading results, and the core data is additionally overlaid with homomorphic encryption processing, enabling service providers to complete calculation operations without decrypting the original data.

[0011] Preferably, the smart contract in S3 has built-in re-encryption logic: when the service provider's access time exceeds the initial validity period but is extended with the approval of the contract issuer, the contract automatically re-encrypts the key ciphertext based on the new validity period to generate a temporary key ciphertext with a timestamp.

[0012] Preferably, the traceability verification in S4 further includes anomaly detection: when unauthorized IP access or batch download of sensitive data appears in the operation log, an alarm is automatically triggered on the monitoring node, and the corresponding data access permissions are locked.

[0013] Preferably, the operation chain log uses a chained hash association, where the hash value of each log block contains the hash of the previous log block and the current operation data digest, enabling immediate identification of log tampering.

[0014] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0015] (1) This invention employs hierarchical encryption and double encryption, with core data also incorporating homomorphic encryption. Outsourcing companies can complete calculations without decrypting the data, thus not affecting their work and preventing the leakage of original data. Furthermore, the hash fingerprint and multi-node verification of the blockchain ensure that no one can secretly modify the data or logs, maximizing security. It is not simply a matter of giving outsourcing companies the key and then ignoring them. The smart contract will review their qualifications and validity period in real time. Any adjustments to permissions or extensions of time will be recorded and require approval and signature, preventing outsourcing companies from using data beyond their scope or time limit and solving the problem of loss of control after authorization.

[0016] (2) In this invention, two chains are used for accounting, and the operation logs are linked in a chain. The fingerprint of the previous log is contained in the next log. Changing one log will leave a trace, which can be checked at any time. When tracing, an integrity certificate and a traceability map are generated directly. Who is responsible and which link has a problem is clear at a glance, which meets the regulatory requirements of the financial industry. There is no need for repeated manual review of qualifications and key transmission. The smart contract automatically completes the verification. The data and logs are all stored on the blockchain. The contracting party, outsourcing party and regulator can check at any time without having to send files back and forth or reconcile accounts, which reduces communication costs and avoids human error. The operation chain is monitored in real time. Once there is a dangerous behavior such as unauthorized access or batch download, an alarm is immediately triggered and access is locked, nipping the risk of data leakage in the bud, without having to wait for a problem to occur before taking remedial action. Attached Figure Description

[0017] Figure 1 This is a schematic diagram of the overall structure of the present invention. Detailed Implementation

[0018] The present invention will now be further described in conjunction with specific embodiments. It should be noted that, without conflict, the various embodiments or technical features described below can be arbitrarily combined to form new embodiments.

[0019] In the description of this invention, it should be noted that directional terms such as "center," "lateral," "longitudinal," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," and "counterclockwise" indicate the orientation and positional relationship based on the orientation or positional relationship shown in the accompanying drawings. They are only for the convenience of describing this invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. They should not be construed as limiting the specific protection scope of this invention.

[0020] It should be noted that the terms "first" and "second" in the specification and claims of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence.

[0021] One preferred embodiment of the present invention, such as Figure 1 As shown, the method for secure sharing and traceability of financial outsourcing business data integrating blockchain includes the following steps:

[0022] S1: Data preprocessing and encryption: Obtain outsourced business data from financial outsourcing clients, classify data according to sensitivity, generate ciphertext using symmetric encryption algorithms, and extract business attribute tags; perform asymmetric encryption on the symmetric key based on the outsourcing service provider's public key to generate key ciphertext, forming an associated data packet of data ciphertext, key ciphertext, and business tags;

[0023] S2: Deployment of a dual-chain blockchain architecture, constructing a data chain and an operation chain. In the dual-chain system, the data chain stores associated data packets and their corresponding hash values, while the operation chain stores the entire process behavior log. It adopts a practical Byzantine fault-tolerant consensus mechanism, with the project issuer, outsourcing service provider, and regulatory node jointly participating in block verification.

[0024] S3: Dynamic permission sharing control. Through smart contracts, a permission matrix is ​​preset, which is associated with the service provider's qualifications and data sensitivity level. The key can be called to decrypt the encrypted data only when the service provider node meets the qualification matching and the time is within the validity period. The permission adjustment trigger operation chain is notarized, and the reason for the permission change and the signature of the approval node are recorded.

[0025] S4: Full-process traceability and verification. After receiving the traceability request, the target data packet is obtained by retrieving the data chain through the business tag, and the operation chain related logs are retrieved synchronously. The data hash and log hash are aggregated and verified based on the Merkle tree algorithm, and the data integrity certificate and operation traceability graph are output. The graph contains the identity on-chain authentication information of the operation nodes in each link.

[0026] The business attribute tags in S1 also include data classification and grading results, and core data is additionally processed with homomorphic encryption, allowing service providers to complete calculation operations without decrypting the original data.

[0027] S3 smart contracts have built-in re-encryption logic: when the service provider's access time exceeds the initial validity period but is extended with the approval of the contract issuer, the contract automatically re-encrypts the key ciphertext based on the new validity period, generating a temporary key ciphertext with a timestamp.

[0028] S4 traceability verification also includes anomaly detection: when unauthorized IP access or batch download of sensitive data is found in the operation log, an alarm is automatically triggered on the monitoring node, and the corresponding data access permissions are locked.

[0029] The operation chain log uses a chained hash association. The hash value of each log block contains the hash of the previous log block and the current operation data digest, enabling immediate detection of log tampering.

[0030] Working principle:

[0031] In practice, financial companies first categorize the data to be outsourced into core data, sensitive data, and general data. Then, they use strong encryption algorithms to encrypt the data. Simultaneously, a label is affixed to the metal box, and the key to the box is encrypted using the outsourcing company's proprietary public key. This results in a packaged data set consisting of the metal box, the encrypted key, and the label. Two parallel blockchains are built: one data chain specifically stores the packaged data and its hash fingerprint; the other, the "operation chain," records all actions—who uploaded the data, when the outsourcing company accessed it, what was modified, and whether it was destroyed—even recording the devices and times of the operations. Furthermore, these two ledgers are not controlled by a single person; the outsourcing company, the outsourcing company, and regulatory agencies jointly verify the data to ensure that no one can secretly alter it.

[0032] To access data, outsourcing providers must first submit an application to the smart contract and provide proof of their qualifications. The smart contract checks against preset rules: for example, whether the outsourcing provider's qualifications are sufficient and whether the access time is within the validity period of the tag. Only if all conditions are met will the smart contract unlock the encryption key, allowing the provider to open the metal box and view the data. If the usage time needs to be extended, the smart contract will automatically re-encrypt the key and generate a temporary key with a timestamp to prevent expired use. Whether it's a regulatory agency investigating or the outsourcing party verifying, as long as a traceability request is initiated, the system will retrieve the target data and its hash fingerprint from the data chain, and then retrieve all corresponding operation logs from the operation chain. A specialized algorithm will be used to verify whether the data has been tampered with and whether the logs are complete. Finally, a traceability graph will be generated, clearly showing who did what at which stage and whether their identity is genuine. If an anomaly is detected, the system will automatically issue an alarm and lock the data to prevent further access.

[0033] The basic principles, main features, and advantages of this invention have been described above. Those skilled in the art should understand that this invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely principles of the invention. Various changes and modifications can be made without departing from the spirit and scope of the invention, and all such changes and modifications fall within the scope of the invention as claimed. The scope of protection claimed by this invention is defined by the appended claims and their equivalents.

Claims

1. A method for secure sharing and traceability of financial outsourcing business data integrating blockchain, characterized in that: Includes the following steps: S1: Data preprocessing and encryption: Obtain outsourced business data from financial outsourcing clients, classify data according to sensitivity, generate ciphertext using symmetric encryption algorithms, and extract business attribute tags; perform asymmetric encryption on the symmetric key based on the outsourcing service provider's public key to generate key ciphertext, forming an associated data packet of data ciphertext, key ciphertext, and business tags; S2: Deployment of a dual-chain blockchain architecture, constructing a data chain and an operation chain. In the dual-chain system, the data chain stores associated data packets and their corresponding hash values, while the operation chain stores the entire process behavior log. It adopts a practical Byzantine fault-tolerant consensus mechanism, with the project issuer, outsourcing service provider, and regulatory node jointly participating in block verification. S3: Dynamic permission sharing control. Through smart contracts, a permission matrix is ​​preset, which is associated with the service provider's qualifications and data sensitivity level. The key can be called to decrypt the encrypted data only when the service provider node meets the qualification matching and the time is within the validity period. The permission adjustment trigger operation chain is notarized, and the reason for the permission change and the signature of the approval node are recorded. S4: Full-process traceability and verification. After receiving the traceability request, the target data packet is obtained by retrieving the data chain through the business tag, and the operation chain related logs are retrieved synchronously. The data hash and log hash are aggregated and verified based on the Merkle tree algorithm, and the data integrity certificate and operation traceability graph are output. The graph contains the identity on-chain authentication information of the operation nodes in each link.

2. The method for secure sharing and traceability of financial outsourcing business data integrating blockchain as described in claim 1, characterized in that: The business attribute tags in S1 also include data classification and grading results, and the core data is additionally overlaid with homomorphic encryption processing, which allows service providers to complete calculation operations without decrypting the original data.

3. The method for secure sharing and traceability of financial outsourcing business data integrating blockchain as described in claim 1, characterized in that: The smart contract described in S3 has built-in re-encryption logic: when the service provider's access time exceeds the initial validity period but is extended with the approval of the contract issuer, the contract automatically re-encrypts the key ciphertext based on the new validity period, generating a temporary key ciphertext with a timestamp.

4. The method for secure sharing and traceability of financial outsourcing business data integrating blockchain as described in claim 1, characterized in that: The traceability verification in S4 also includes anomaly detection: when unauthorized IP access or batch download of sensitive data appears in the operation log, an alarm is automatically triggered on the monitoring node, and the corresponding data access permissions are locked.

5. The method for secure sharing and traceability of financial outsourcing business data integrating blockchain as described in claim 1, characterized in that: The operation chain log uses a chained hash association, and the hash value of each log block contains the hash of the previous log block and the current operation data digest, so that log tampering can be identified in real time.