0

I'm trying to create a smart contract in Solidity that the accounts can access the digital content only after paid some tokens.

For example, assuming Account 1 is a buyer and Account 2 is a seller. Account 1 has some external web service to host the data and Account 2 has also some external web app to consume the data.

  1. Account 1 pays some tokens to Account 2 to access some data (the data will be hosted in a Web service app externally, the URL can be stored in the smart contract.)
  2. Account 2 uses Oracle to notify its external web app to encrypt the data using the public key of Account 1 and the private key of itself.
  3. The user of Account 1 can download (maybe a web app) the encrypted data now and decrypted it using its private key and the public key of Account 2.

Is it the right way to do it? It seems cumbersome to encrypt/decrypt the data using public/private keys. And how to get keys if needed?

Improve this question

1 Answer 1

Reset to default
1

This would work, but assuming a typical web app, I think I can suggest a simpler method:

  1. A user visits the web site and requests access to the data.
  2. The website generates a random "request ID" and puts it in an encrypted cookie for that user.
  3. The user sends tokens and includes the request ID.
  4. The web app (having verified the transaction on the blockchain) grants access to the user. Only that user can access the data, because only that user has an encrypted cookie with that request ID.

If you're using an ERC20 token here, step 3 would usually consist of a standard token.approve(...) call followed by calling a method in your smart contract with the request ID as a parameter that does a transferFrom(...) and emits an event upon success.

The encrypted cookie can be replaced by any mechanism for associating the request ID with the user (e.g. a column in a database if your web app has persistent user accounts).

Improve this answer
3
  • Is there any example for this? I'm using to build a token following the truffle example (TutorialToken), is it the ERC20 token? BTW, the business logic will be written in middleware which may not be Javascript. So I think I will create a web service call for "(2) request ID" (access via https). When doing (3), will other users sniffle the "requst ID"? Commented Dec 12, 2017 at 21:14
  • I'm unfamiliar with that example, but yes, I was assuming that when you said "token," you meant an ERC20 token. I was also assuming a second smart contract (the one to receive the tokens), but I suppose you could also just send the request ID as data in a transaction that sends the token directly to an EOA (externally-owned account). Commented Dec 12, 2017 at 21:18
  • And no, unfortunately, I don't have a ready example of doing this. Commented Dec 12, 2017 at 21:19

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.