CN109698752B - Enterprise resource management system based on block chain - Google Patents

Enterprise resource management system based on block chain Download PDF

Info

Publication number
CN109698752B
CN109698752B CN201811441590.6A CN201811441590A CN109698752B CN 109698752 B CN109698752 B CN 109698752B CN 201811441590 A CN201811441590 A CN 201811441590A CN 109698752 B CN109698752 B CN 109698752B
Authority
CN
China
Prior art keywords
service
block chain
component
management
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811441590.6A
Other languages
Chinese (zh)
Other versions
CN109698752A (en
Inventor
徐睿
马锋
汤宁
张子谦
陈俣
储惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Information and Communication Technology Co
Original Assignee
Nari Information and Communication Technology Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Information and Communication Technology Co filed Critical Nari Information and Communication Technology Co
Priority to CN201811441590.6A priority Critical patent/CN109698752B/en
Publication of CN109698752A publication Critical patent/CN109698752A/en
Application granted granted Critical
Publication of CN109698752B publication Critical patent/CN109698752B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses an enterprise resource management system based on a block chain, which comprises a network communication layer, a network entity service layer, a public supporting component, a safety protection component, a business service layer, a command line front end module, an API & SDK, a block chain access and management module and an application and presentation module. Compared with the traditional resource management system, the resource management system and the resource management method have the advantages that the management operation efficiency can be greatly improved in the aspects of safety confirmation, entry, management, query and the like, and not only can the safety of the system be guaranteed, but also the management operation efficiency can be improved.

Description

Enterprise resource management system based on block chain
Technical Field
The invention relates to an enterprise resource management system based on a block chain, and belongs to the technical field of enterprise resource management.
Background
As blockchain technology evolves, more and more organizations are beginning to attach importance to and participate in the search for blockchain technology. The ecology of the blockchain is gradually developed and enriched from the original public Chain projects such as bitcoin and ether house to the open-source communities such as super account book and Chain, and then to various blockchain startup companies, investment risk funds, financial institutions, IT enterprises and supervision institutions.
With the growth of the scale of enterprises and the continuous expansion of related business fields, the clustering becomes a necessary trend for the development of a plurality of enterprises, whether the advantages of the clustering can be effectively played or not, and the process and the management of the group play a decisive guiding role. The attack to the industrial group is often destructive due to low efficiency and serious loopholes on the process system, and the overall disadvantage of market competitiveness is reflected. However, in reality, many industry group companies still have many difficulties in the design and implementation of the abatement mode and the process regime. In reality, the system and the process are too complex, and the form is larger than the essence, so that the negative effect of restricting the development vigor of the enterprise is generated. The birth of the block chain technology not only drives the revolution of business, but also adds tools for enterprise management.
Disclosure of Invention
The invention aims to provide an enterprise resource management system based on a block chain, which can realize the examination of internal information and resources of an enterprise, effectively prevent malicious tampering and other attack behaviors, greatly improve the resource management efficiency of the enterprise and improve the resource management safety.
In order to solve the above technical problems, the present invention provides an enterprise resource management system based on a block chain, comprising a network communication layer, a network entity service layer, a common support component, a security protection component, a business service layer, a command line front end module, an API & SDK, a block chain access and management module, and an application and presentation module,
the network communication layer provides network communication support, remote procedure call support and point-to-point data transmission for the nodes;
the network entity layer abstracts communication entities in the block chain network into endorsement nodes, sequencing nodes, submission nodes and CA nodes;
the network entity service layer realizes various specific block chain services in a block chain network, including an account book service, a block service, a consensus service, an endorsement service, a verification service and a PKI service;
the business service layer provides function support for the intelligent contract and consists of a chain code platform, a chain code specification, an application chain code and a system chain code; the intelligent contract is application-level code stored on a general ledger in a transaction;
the common support component provides basic support for the whole system and comprises a log service component, a container component, a configuration management component, a KV database component, a storage service component, an exception handling component, a mirror image generation script, a system compiling and running script and various types of test codes;
the safety protection component is used for block chain safety protection of data safety isolation, encryption, authentication and authority control and comprises a password service component, a channel management component, a member management service component, a strategy and authority management component, a digital certificate, an SSL transmission encryption component, a password generation auxiliary tool, a channel configuration generation auxiliary tool and a channel configuration updating auxiliary tool;
the API and the SDK provide a service interface for the outside through the RPC API, and the RPC API interface is subjected to java packaging through the SDK;
the block chain access and management module is divided into a block chain access module and a block chain management module, and the block chain access module is developed and accessed to various block chain platforms based on a service layer and API & SDK; the block chain management module is used for monitoring and managing a block chain state, a service state, an account book and a node state and providing a web interface for contract deployment;
the application and presentation module implements a visual management interface.
The endorsement node is a network node which verifies the signature and determines whether the submitter is authorized to execute the operation, and is responsible for verifying whether a certain transaction is legal and is willing to endorse and sign the transaction; the submitting node is a network node for submitting data and is responsible for checking the transactions sequenced by the sequencing node, selecting legal transactions to execute and writing the legal transactions into a memory; the sequencing node is a network node providing consensus and is responsible for sequencing the seen transactions and providing a global confirmation sequence; the CA nodes are responsible for managing membership in the network.
The aforementioned ledger service records transaction information occurring in the network; the block service fills the sorted transactions into blocks; the consensus service provides a global ordering of transactions; the endorsement service checks the received transaction proposal according to the logic of the endorsement service to decide whether to support the transaction proposal or not; the verification service performs final inspection before submitting the sorted batch of transactions to an account book; the PKI service is responsible for managing digital certificates.
The chain code platform is an intelligent contract operating environment; the chain code specification specifies an intelligent contract coding specification, an intelligent contract deployment specification and an intelligent contract calling specification; the application chain code provides a support interface for compiling the user chain code; the system chain code is responsible for the processing logic of the node itself.
The log service component is used for providing log output with a uniform format; the container assembly is used for deploying, starting, stopping and destroying the docker container; the configuration management component is used for reading and writing various configuration files; the KV database component provides key-value database service; the storage service component is used for storing the block chain structure; the exception handling component provides an exception handling mechanism; the mirror image generation script provides generation scripts of various types of docker mirror images; the system compiling and running script comprises various shell scripts, an automatic compiling frame file and a Makefile; the various types of test code include BDD test code, system test code, and unit test code.
The password service component provides a password function interface for the operation of the block chain platform; the channel management component provides atomic broadcast channels which are divided on the sequencing service and are isolated from each other; the member management service realizes member authority management; the policy and permission management component specifies and implements permission restrictions under various scenes in the network through policies; the SSL transmission encryption component controls access to a network layer, checks the identity of a remote entity and encrypts transmission data by using an SSL protocol; the password generation auxiliary tool is used for automatically generating required keys and certificate files in batches according to configuration; the channel configuration generation auxiliary tool is used for generating configuration information related to a channel off line; the channel configuration update auxiliary tool is used for converting the configuration file between the binary format and the json format.
The block chain platform consists of a block chain core software set, a block chain password component set and a block chain auxiliary tool set;
the block chain core software set realizes the core service functions of the block chain nodes and the intelligent contracts and comprises a public basic module, a kernel module, a Peer node, an Orderer node, a sequencing plug-in and a chain code platform;
the blockchain password component set provides password and digital certificate support for safe operation of a blockchain network, and comprises a blockchain password service framework, various forms of password service implementation, national password SSL transmission encryption, CA nodes and certificates.
The block chain auxiliary tool set provides matching tools for rapid networking, updating networking, developing application and monitoring a block chain, and comprises a password generation auxiliary tool, a channel configuration updating auxiliary tool, a JAVA SDK and a block chain management system.
The public basic module provides log service, policy and authority management, channel configuration, KV database service and container service; the kernel module provides core functions related to the block chain, including transaction submission, endorsement, delivery, endorsement, and ledger; the Peer node is a main entity deployed in a blockchain network and used for endorsement, transaction execution, transaction submission and account book maintenance; the Orderer node is responsible for ordering transactions and forming blocks; the sequencing plug-in is embedded into the Orderer node in a pluggable mode; the chain code platform provides a runtime environment support for deploying and running intelligent contracts.
The invention achieves the following beneficial effects:
compared with the traditional resource management system, the resource management system and the resource management method have the advantages that the management operation efficiency can be greatly improved in the aspects of safety confirmation, entry, management, query and the like, and not only can the safety of the system be guaranteed, but also the management operation efficiency can be improved.
The invention provides functions of data backtracking, query and the like based on the non-tampering characteristic of the block chain system, facilitates the examination of information and resources in an enterprise, effectively prevents malicious tampering and other attack behaviors, greatly improves the resource management efficiency of the enterprise, and improves the resource management safety.
Drawings
FIG. 1 is a block chain based enterprise resource management system architecture diagram of the present invention.
Detailed Description
The invention is further described below. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
As shown in fig. 1, the present invention provides an enterprise resource management system based on a block chain, which includes a network communication layer, a network entity service layer, a common support component, a security protection component, a business service layer, a command line front end module, an API & SDK, a block chain access and management module, and an application and presentation module, and specifically includes the following:
the network communication layer mainly provides network communication support, remote procedure call support and point-to-point data propagation service for the nodes. The network communication layer is based on a TCP/UDP protocol, adopts Netty to provide an asynchronous and event-driven network application program framework, utilizes gRPC to realize remote process call of node service and interface, and provides point-to-point data transmission protocol support for node block synchronization.
The network entity layer is a functional abstraction of communication entities in the blockchain network and is divided into endorsement nodes, sorting nodes, submission nodes and CA nodes according to the functions of the nodes. The endorsement node is a network node which verifies the signature and determines whether the submitter is authorized to execute the operation, and is responsible for verifying whether a certain transaction is legal and is willing to endorse and sign the transaction. The submitting node is a network node for submitting data and is responsible for checking the transactions sequenced by the sequencing node, selecting legal transactions to execute and writing the legal transactions into storage. The sequencing node is a network node providing consensus and is responsible for sequencing the transactions seen and providing the order of global confirmation. The CA node is responsible for managing the member identity in the network, realizes PKI service, and is mainly responsible for managing the identity certificate, including generation, revocation and the like.
The network entity service layer implements various specific blockchain services in a blockchain network. The bottom layer system adopts a mode of entity mounting service. A node may be equipped with several network entities serving the actual functions of the node. The ledger service is responsible for recording transaction information occurring in the network, including status databases, history databases, index databases, and the like. The tile service fills the sorted transactions into tiles. The node supports the client to monitor the appointed event, and the monitor processes the event. The consensus service mainly provides a global ordering of transactions. A transaction refers to a change to the state of the ledger by calling the chain code. The client may have the distributed ledger record information by sending a transaction request. The endorsement service checks the received request (transaction proposal) from the client according to its logic to decide whether to support it. The validation service performs a final check before submitting the sorted batch of transactions to the ledger. The PKI service is primarily responsible for managing digital certificates, including generation, revocation, and the like.
The business service layer provides function support for the intelligent contract and consists of a chain code platform, a chain code specification, an application chain code and a system chain code. Smart contracts are application-level code that is maintained on the ledger as part of a transaction. The chain code platform supports an intelligent contract operating environment of a specific programming language (JAVA, GO). The chain code specification specifies an intelligent contract encoding specification, an intelligent contract deployment specification, and an intelligent contract invocation specification. The application chain code support provides a support interface for writing user chain codes. The system chain code is responsible for processing logic of the node, and comprises system level chain codes such as system configuration, endorsement, inspection and the like.
The common support assembly provides system-wide basic, common, unified functional module support. The log service component provides a unified format log output service. The container assembly realizes the control functions of deployment, starting, stopping, destroying and the like of the docker container. The configuration management component is used for reading and writing various configuration files. The KV database component provides a key-value database service function. The storage service component stores the block chain structure through a file system. The exception handling component provides a unified exception handling mechanism for the whole system. The image generation script provides generation scripts of various types of docker images. The system compiling and running script comprises various shell scripts, automatic compiling frame files and Makefile files, and is convenient to systematically and quickly compile and build. The various types of test codes mainly include BDD (behavior driven development) test codes, system test codes, unit test codes, and the like.
The safety protection component mainly provides a block chain safety protection function for data safety isolation, encryption, authentication, authority control and the like. The password service component provides the password functions in a software form or a hardware form for the operation of the block chain platform, and the functions comprise functional interfaces such as encryption and decryption, signature and signature verification, Hash and the like. The channel management component is a way to implement privacy protection, and refers to atomic broadcast channels which are divided on the ranking service and are isolated from each other, and the channels include an application channel and a system channel. A member management service, a Member Service Provider (MSP), represents a set of mechanisms for authenticating a resource (member, node, organization, etc.) and is the basis for implementing rights management. The policy and rights management component first includes modeling of organizations and federations, an organization representing a group of members having a common trusted root certificate, a federation being a collection of several organizations, a form of structure unique to a federation chain scenario. Rights management solves the problem of who is allowed to take some action in a certain scenario. Permission restrictions under various scenarios in the network are specified and implemented by policies. The digital certificate component refers to the abstraction layer for the X509 certificate, as well as the verification of the certificate. The SSL transmission encryption component controls access to a network layer, can check the identity of a remote entity, and encrypts transmission data by using an SSL protocol. And the password generation auxiliary tool is used for automatically generating required keys and certificate files in batches according to the configuration. The channel configuration generation aid is used for generating configuration information related to the channel offline. The channel configuration updating auxiliary tool is used for converting the configuration file between a binary format and a json format which is convenient to read and edit, and is convenient for a user to update the configuration of the channel.
The API & SDK provides a service interface to the outside through the RPC API. The JAVA SDK is a software development library for packaging the Java of the RPC API interface and providing modules for accessing endorsement nodes, CA nodes, sequencing nodes, submission nodes and the like.
The block chain access and management module is divided into block chain access and block chain management, and the block chain access module develops and accesses various types of block chain platforms based on a service layer, RPC API and JAVASDK. The block chain management module is used for monitoring and managing the block chain state, the service state, the account book and the node state and providing a web interface for contract deployment.
And the application and presentation module realizes a visual management interface.
Furthermore, the blockchain platform consists of three major parts, namely a blockchain core software set, a blockchain password component set and a blockchain auxiliary tool set. The block chain core software set realizes the core service functions of the block chain nodes and the intelligent contracts and mainly comprises a public basic module, a kernel module, a Peer node, an Orderer node, a sequencing plug-in, a chain code platform and the like. The public basic module provides basic function modules shared by the whole system, and mainly comprises log service, policy and authority management, channel configuration, KV database service, container service and the like. The kernel module provides core functions related to the block chain, including transaction submission, endorsement, delivery (delivery), endorsement, ledger, and the like. A Member Service Provider (MSP) is an abstraction of the member's operating architecture, which masks the parts related to cryptographic mechanisms and protocols at the back end, exposing only the external functions of issuing certificates, verifying certificates, user authentication, etc. The Peer node is a main entity deployed in the blockchain network and has the functions of endorsement, transaction execution, transaction submission, account book maintenance and the like. The Orderer node is responsible for ordering transactions and forming blocks. The sequencing plug-in is embedded into the Orderer node in a pluggable mode, and the SOLO sequencing plug-in, the KAFKA sequencing plug-in and the improved sequencing plug-in realize global sequencing service by adopting different protocols. The chain code platform provides runtime environment support for deploying and running the intelligent contract, wherein the JAVA chain code platform supports the intelligent contract written in the JAVA language, and the GO chain code platform supports the intelligent contract written in the GO language.
The blockchain password component set provides password and digital certificate support for safe operation of a blockchain network, and mainly comprises a blockchain password service framework, various forms of password service implementation, national password SSL transmission encryption, CA nodes, certificates and the like. The block chain password service framework abstracts various password service interfaces required by the block chain, designs and realizes a set of pluggable password framework, and can embed different types of password service realization components. The supported blockchain cryptographic service components include: the method comprises the following steps of cryptographic service soft implementation (SW) adopting an international algorithm, cryptographic service soft implementation (GM) adopting a national cryptographic algorithm, PKCS11 implementation (PKCS 11) supporting a hardware cryptographic engine, GMT0016 implementation (GMT 0016) supporting an intelligent cryptographic key based on a GM/T0016 national cryptographic standard, GMT0018 implementation (GMT 0018) supporting cryptographic equipment such as a server cryptographic engine based on the GM/T0018 national cryptographic standard, and GMT0019 implementation (GMT 0019) supporting a general cryptographic service interface based on the GM/T0019 national cryptographic standard. The CA node mainly provides PKI services such as issuing certificates, revoking certificates and acquiring CA service certificate chains. The certificate component makes a software abstraction for digital certificates, supporting standard X509 certificates and national secret X509 certificates.
The block chain auxiliary tool set provides matching tools for rapid networking, updating networking, developing application and monitoring a block chain, and mainly comprises a password generation auxiliary tool, a channel configuration updating auxiliary tool, a JAVA SDK (JAVA software development kit), a block chain management system and the like. And the password generation auxiliary tool is used for automatically generating required keys and certificate files in batches according to the configuration. The channel configuration generation aid is used for generating configuration information related to the channel offline. The channel configuration updating auxiliary tool is used for converting the configuration file between a binary format and a json format which is convenient to read and edit, and is convenient for a user to update the configuration of the channel. The JAVA SDK provides JAVA API for developers to access Peer nodes, CA nodes, sequencing nodes and the like for the development of the block chain application. The block chain management provides monitoring management on the state of the block chain, the service state, the account book and the node state.
The system is developed by adopting JAVA language, a Docker application container engine is adopted, and containers are completely isolated from each other by using a sandbox mechanism. The Peer node, the CA node and the sequencing node are all made into a Docker Image so as to facilitate the deployment and use of the system.
The system runs on a Ubuntu operating system, and a JAVA virtual machine is deployed in the Ubuntu operating system.
The system of the invention adopts a spring framework, and supports Control reversal (IoC) and Aspect Oriented Programming (AOP). IoC the right to create object is given to the frame, the object generation is defined in XML, and the efficiency of object construction and object dependency relationship creation is improved. The AOP is a technology for realizing unified maintenance of program functions through a precompilation mode and a dynamic agent in a running period, and is mainly used for log recording, performance statistics, security control, transaction processing, exception handling and the like.
The system of the present invention uses slf4j log system in unison. The SLF4J provides a unified interface for logging, and it only needs to record according to the method provided by the interface, and the format, recording level, output mode, etc. of the final log are realized by the configuration of the specific log system, so that the log system can be flexibly switched in the application.
The system of the invention uses a levelDB database. The LevelDB is a very efficient kv database capable of supporting the billion level data volumes, writing more than 40w per second and the random read performance more than 10w per second.
The network communication framework of the system of the invention selects Netty. Netty provides an asynchronous, event-driven web application framework and tools for the rapid development of high-performance, high-reliability web servers and client programs.
The remote procedure call of the system selects gRPC. GRPC is an open-source, high-performance, cross-language RPC framework based on the HTTP2 protocol, based on protobuf 3.x and Netty 4.x +.
The P2P protocol of the present invention uses gossip. In a bounded network, each node randomly communicates with other nodes, and the states of all nodes are finally agreed after a hash of communication. The JAVA implementation of the Gossip protocol may refer to the source database project Cassandra.
The node function logic of the invention is developed based on the framework and the technology, and the node can externally provide interfaces in forms of CLI, gRPC, RESTful (optional) and the like.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (8)

1. An enterprise resource management system based on a block chain is characterized by comprising a network communication layer, a network entity service layer, a public supporting component, a safety protection component, a business service layer, a command line front end module, an API & SDK, a block chain access and management module and an application and presentation module,
the network communication layer provides network communication support, remote procedure call support and point-to-point data transmission for the nodes;
the network entity layer abstracts communication entities in the block chain network into endorsement nodes, sequencing nodes, submission nodes and CA nodes;
the network entity service layer realizes various specific block chain services in a block chain network, including an account book service, a block service, a consensus service, an endorsement service, a verification service and a PKI service;
the business service layer provides function support for the intelligent contract and consists of a chain code platform, a chain code specification, an application chain code and a system chain code; the intelligent contract is application-level code stored on a general ledger in a transaction;
the common support component provides basic support for the whole system and comprises a log service component, a container component, a configuration management component, a KV database component, a storage service component, an exception handling component, a mirror image generation script, a system compiling and running script and various types of test codes;
the safety protection component is used for block chain safety protection of data safety isolation, encryption, authentication and authority control and comprises a password service component, a channel management component, a member management service component, a strategy and authority management component, a digital certificate, an SSL transmission encryption component, a password generation auxiliary tool, a channel configuration generation auxiliary tool and a channel configuration updating auxiliary tool;
the API and the SDK provide a service interface for the outside through the RPC API, and the RPC API interface is subjected to java packaging through the SDK;
the block chain access and management module is divided into a block chain access module and a block chain management module, and the block chain access module is developed and accessed to various block chain platforms based on a service layer and API & SDK; the block chain management module is used for monitoring and managing a block chain state, a service state, an account book and a node state and providing a web interface for contract deployment;
the application and presentation module implements a visual management interface.
2. The system according to claim 1, wherein the endorsement node is a network node that verifies signatures and determines whether the submitter has the right to perform operations, and is responsible for verifying whether a transaction is legitimate, and if it is willing to endorse and sign for it; the submitting node is a network node for submitting data and is responsible for checking the transactions sequenced by the sequencing node, selecting legal transactions to execute and writing the legal transactions into a memory; the sequencing node is a network node providing consensus and is responsible for sequencing the seen transactions and providing a global confirmation sequence; the CA nodes are responsible for managing membership in the network.
3. The blockchain-based enterprise resource management system of claim 1, wherein the ledger service records transaction information occurring in a network; the block service fills the sorted transactions into blocks; the consensus service provides a global ordering of transactions; the endorsement service checks the received transaction proposal according to the logic of the endorsement service to decide whether to support the transaction proposal or not; the verification service performs final inspection before submitting the sorted batch of transactions to an account book; the PKI service is responsible for managing digital certificates.
4. The system according to claim 1, wherein the chain code platform is an intelligent contract execution environment; the chain code specification specifies an intelligent contract coding specification, an intelligent contract deployment specification and an intelligent contract calling specification; the application chain code provides a support interface for compiling the user chain code; the system chain code is responsible for the processing logic of the node itself.
5. The system according to claim 1, wherein the log service component is configured to provide log output in a uniform format; the container assembly is used for deploying, starting, stopping and destroying the docker container; the configuration management component is used for reading and writing various configuration files; the KV database component provides key-value database service; the storage service component is used for storing the block chain structure; the exception handling component provides an exception handling mechanism; the mirror image generation script provides generation scripts of various types of docker mirror images; the system compiling and running script comprises various shell scripts, an automatic compiling frame file and a Makefile; the various types of test code include BDD test code, system test code, and unit test code.
6. The system according to claim 1, wherein the cryptographic service component provides a cryptographic function interface for blockchain platform operations; the channel management component provides atomic broadcast channels which are divided on the sequencing service and are isolated from each other; the member management service realizes member authority management; the policy and permission management component specifies and implements permission restrictions under various scenes in the network through policies; the SSL transmission encryption component controls access to a network layer, checks the identity of a remote entity and encrypts transmission data by using an SSL protocol; the password generation auxiliary tool is used for automatically generating required keys and certificate files in batches according to configuration; the channel configuration generation auxiliary tool is used for generating configuration information related to a channel off line; the channel configuration update auxiliary tool is used for converting the configuration file between the binary format and the json format.
7. The blockchain-based enterprise resource management system of claim 1, wherein the blockchain platform is comprised of a blockchain core software set, a blockchain cryptographic component set, and a blockchain accessibility aid set;
the block chain core software set realizes the core service functions of the block chain nodes and the intelligent contracts and comprises a public basic module, a kernel module, a Peer node, an Orderer node, a sequencing plug-in and a chain code platform;
the blockchain password component set provides password and digital certificate support for safe operation of a blockchain network, and comprises a blockchain password service framework, various forms of password service implementation, national password SSL transmission encryption, CA nodes and certificates.
The block chain auxiliary tool set provides matching tools for rapid networking, updating networking, developing application and monitoring a block chain, and comprises a password generation auxiliary tool, a channel configuration updating auxiliary tool, a JAVA SDK and a block chain management system.
8. The system according to claim 7, wherein the common base module provides log services, policy and rights management, channel configuration, KV database services, and container services; the kernel module provides core functions related to the block chain, including transaction submission, endorsement, delivery, endorsement, and ledger; the Peer node is a main entity deployed in a blockchain network and used for endorsement, transaction execution, transaction submission and account book maintenance; the Orderer node is responsible for ordering transactions and forming blocks; the sequencing plug-in is embedded into the Orderer node in a pluggable mode; the chain code platform provides a runtime environment support for deploying and running intelligent contracts.
CN201811441590.6A 2018-11-29 2018-11-29 Enterprise resource management system based on block chain Active CN109698752B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811441590.6A CN109698752B (en) 2018-11-29 2018-11-29 Enterprise resource management system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811441590.6A CN109698752B (en) 2018-11-29 2018-11-29 Enterprise resource management system based on block chain

Publications (2)

Publication Number Publication Date
CN109698752A CN109698752A (en) 2019-04-30
CN109698752B true CN109698752B (en) 2021-11-12

Family

ID=66230184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811441590.6A Active CN109698752B (en) 2018-11-29 2018-11-29 Enterprise resource management system based on block chain

Country Status (1)

Country Link
CN (1) CN109698752B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202587A (en) * 2019-07-08 2021-01-08 富士通株式会社 Method and apparatus for recommending and generating network configurations
CN110401656B (en) * 2019-07-24 2021-11-30 西安纸贵互联网科技有限公司 Block chain management system
CN110516417B (en) * 2019-08-09 2021-04-16 中国银联股份有限公司 Authority verification method and device of intelligent contract
CN110716932B (en) * 2019-09-09 2022-08-23 深圳赛安特技术服务有限公司 Data processing method, system, device and storage medium
CN110689433A (en) * 2019-09-26 2020-01-14 上海克而瑞信息技术有限公司 Resource management information service system, method and device based on alliance chain
CN110752969B (en) * 2019-10-21 2021-03-16 腾讯科技(深圳)有限公司 Performance detection method, device, equipment and medium
CN111027087B (en) * 2019-12-16 2022-06-21 智慧谷(厦门)物联科技有限公司 Enterprise information management system and method for encrypting mnemonics by applying block chain
CN111163141B (en) * 2019-12-20 2022-10-25 江苏荣泽信息科技股份有限公司 Enterprise-level block chain foundation platform
CN110782235A (en) * 2019-12-31 2020-02-11 南京科绽信息技术有限公司 Rivers-leaving student history management method and system based on block chain intelligent contract
CN111259439B (en) * 2020-01-14 2022-06-14 江苏荣泽信息科技股份有限公司 Intangible asset management service platform based on block chain and implementation method thereof
CN111245624B (en) * 2020-01-14 2023-02-28 杭州趣链科技有限公司 Multi-type block chain deployment management system and method
CN111177766B (en) * 2020-01-16 2022-09-20 四川川测研地科技有限公司 Block chain management system and management method applied to pipeline integrity management
CN111262872B (en) * 2020-01-20 2022-01-11 新晨科技股份有限公司 Enterprise block chain service platform
CN111324599B (en) * 2020-01-20 2023-04-07 中国科学院计算技术研究所 Block chain experiment system and management method
CN111371771A (en) * 2020-02-28 2020-07-03 智慧谷(厦门)物联科技有限公司 Intelligent park enterprise management platform and method based on cloud computing and block chain technology
CN111369237B (en) * 2020-02-28 2023-07-14 腾讯科技(深圳)有限公司 Data processing method and device and computer storage medium
CN111431893B (en) * 2020-03-20 2021-08-24 清华大学 Bottom line type information interaction management system
CN111565227A (en) * 2020-04-28 2020-08-21 苏州中科中霖电子科技有限公司 Heterogeneous block link access method and system applied to Internet of things
CN111930833A (en) * 2020-07-07 2020-11-13 杭州云象网络技术有限公司 Credit asset block chain construction method and system
CN112288336A (en) * 2020-12-14 2021-01-29 支付宝(杭州)信息技术有限公司 Enterprise management method and device based on block chain
CN112560103A (en) * 2020-12-30 2021-03-26 北京数盾信息科技有限公司 Block chain link point cipher machine based on state cipher
CN113129087A (en) * 2021-03-24 2021-07-16 广州智投链码科技有限公司 Electronic invoice management method and system based on enterprise chain code
CN113112140B (en) * 2021-04-07 2022-04-19 中国电子科技网络信息安全有限公司 Chain code application intelligent contract ID management method suitable for block chain infrastructure service
CN113835922B (en) * 2021-11-29 2022-02-15 南京金宁汇科技有限公司 SDK (software development kit) failover mechanism implementation method based on alliance chain
CN115310886B (en) * 2022-10-12 2023-01-24 广东省科技基础条件平台中心 Enterprise hatching management system and method based on block chain
CN116579515B (en) * 2023-07-14 2023-10-17 广东省科技基础条件平台中心 Block chain-based management system and method for incumbent enterprise guide

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180268386A1 (en) * 2016-09-13 2018-09-20 C. Jay Wack Identity Management Distributed Ledger and Blockchain
CN108416577B (en) * 2018-03-02 2021-03-05 上海汉得信息技术股份有限公司 Block chain service system
CN108595126B (en) * 2018-04-27 2022-09-02 腾讯科技(深圳)有限公司 Data storage system, query method, query device, server, and storage medium
CN108717443B (en) * 2018-05-17 2020-06-05 京东数字科技控股有限公司 Data sharing method, block chain system and computer readable storage medium

Also Published As

Publication number Publication date
CN109698752A (en) 2019-04-30

Similar Documents

Publication Publication Date Title
CN109698752B (en) Enterprise resource management system based on block chain
US11824970B2 (en) Systems, methods, and apparatuses for implementing user access controls in a metadata driven blockchain operating via distributed ledger technology (DLT) using granular access objects and ALFA/XACML visibility rules
US11611560B2 (en) Systems, methods, and apparatuses for implementing consensus on read via a consensus on write smart contract trigger for a distributed ledger technology (DLT) platform
US11431486B2 (en) System or method to implement consensus on read on distributed ledger/blockchain
US11741083B2 (en) Cross-shard private atomic commit
JP7161273B2 (en) Automatic data projection to smart contract groups on blockchain
US11387979B2 (en) Partially-ordered blockchain
CN111144881A (en) Selective access to asset transfer data
WO2019023286A1 (en) Blockchain-based systems, methods, and apparatus for securing access to information stores
TW201733304A (en) Agent-based Turing complete transactions integrating feedback within a blockchain system
US11194911B2 (en) Blockchain technique for agile software development framework
US20200074117A1 (en) Unfalsifiable audit logs for a blockchain
US11398911B1 (en) System for interacting objects as tokens on a blockchain using a class-based language
WO2020035094A2 (en) System and method for consensus management
CN111159753A (en) Block chain intelligent contract management method and system, storage medium and terminal
CN115705571A (en) Protecting privacy of auditable accounts
CN111698198B (en) Secret generation and share distribution
WO2022116761A1 (en) Self auditing blockchain
KR20230132878A (en) Reduce transaction cancellations in execute-order-verify blockchain models
Wang et al. Practical verifiable computation–A MapReduce case study
JP2023538497A (en) editable blockchain
Stampernas Blockchain technologies and smart contracts in the context of the Internet of Things
Lisi et al. Automated responsible disclosure of security vulnerabilities
Stengele Decentralizing Software Identity Management
Michelagnoli Quantum-resistant Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Xu Rui

Inventor after: Ma Feng

Inventor after: Tang Ning

Inventor after: Zhang Ziqian

Inventor after: Chen Yu

Inventor after: Chu Hui

Inventor before: Xu Rui

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant