CN113098879B - Method, system and block chain network for preventing back end from tampering uplink data - Google Patents
Method, system and block chain network for preventing back end from tampering uplink data Download PDFInfo
- Publication number
- CN113098879B CN113098879B CN202110365984.3A CN202110365984A CN113098879B CN 113098879 B CN113098879 B CN 113098879B CN 202110365984 A CN202110365984 A CN 202110365984A CN 113098879 B CN113098879 B CN 113098879B
- Authority
- CN
- China
- Prior art keywords
- data
- certificate
- block chain
- transaction
- uplink
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention provides a method for preventing a back end from tampering uplink data, which comprises the following steps: the front end acquires a front end certificate of the front end from the block chain, and a corresponding root certificate is stored in the block chain; the front end signs data by using the front end certificate, and sends packed data to the back end, wherein the packed data comprises the front end certificate, the front end data and a data signature; after receiving the packaged data, the back end constructs a transaction to chain the packaged data; the blockchain verifies a front-end certificate in the transaction using the root certificate, and performs tamper-resistant verification of the packaged data by the smart contract. The invention also correspondingly provides a system and a block chain network for preventing the back end from tampering the uplink data. The invention aims at the block chain modification of the traditional C/S architecture, has low modification cost and prevents the uplink data from being tampered.
Description
Technical Field
The present invention relates to the field of intelligent contracts for blockchain, and more particularly, to a method, a system, and a blockchain network for preventing a back end from tampering with uplink data.
Background
With the development of the block chain technology becoming more mature and more use scenes increasing, more traditional industry traditional architectures hope to upgrade and reform the block chain, and the traditional data is stored and verified by utilizing the distributed, decentralization and traceable and trustable mechanism of the block chain technology. However, in the transformation process, how to fit the traditional architecture with the block chain occurs, and how to chain the data in what link is difficult to transform, so that the transformation on the original architecture is too large, and the stability of the original architecture cannot be guaranteed in a short time; the block chain ensures the safe and traceable source of the uplink data at which stage the data of the self-structure is uplink, but the uplink data is tampered before uplink, and how to prevent the tampering needs to be focused on in the modification process.
Disclosure of Invention
The invention aims at the safety problem of the traditional C/S framework in the block chain reconstruction process, and provides a method for preventing a back end from tampering uplink data, which comprises the following steps: the front end acquires a front end certificate of the front end from the block chain, and a corresponding root certificate is stored in the block chain; the front end signs data by using the front end certificate, and sends packed data to the back end, wherein the packed data comprises the front end certificate, the front end data and a data signature; after receiving the packaged data, the back end constructs a transaction to chain the packaged data; the blockchain verifies a front-end certificate in the transaction using the root certificate, and performs tamper-resistant verification of the packaged data by the smart contract.
The present invention further provides a system for preventing back-end tampering with uplink data, comprising: the system comprises a front end, a back end and a block chain network, wherein the front end acquires a self front end certificate from the block chain network, and signs front end data by using the front end certificate, and the packed data comprises the front end certificate, the front end data and a data signature; the back end constructs a transaction to link the packaged data after receiving the packaged data from the front end; the block chain network is used for generating the front-end certificate, storing a corresponding root certificate, verifying the transaction and performing tamper-proof verification of packaged data through an intelligent contract.
The invention also provides a blockchain network for preventing back-end tampering with the uplink data, which comprises blockchain nodes, wherein the blockchain nodes can complete the following operations: generating a front-end certificate, sending the front-end certificate to a front end, and storing a corresponding root certificate; receiving a chain transaction of a back end, wherein the chain transaction comprises packed data, the packed data comprises a front-end certificate, front-end data and a data signature, and the data signature is obtained by signing the front-end data through the front-end certificate; and performing signature verification of the front-end certificate, and performing tamper-proof verification of the packaged data by the intelligent contract.
The invention is based on the certificate system and the intelligent contract of the block chain, has low modification cost to the C/S architecture and prevents the data from being tampered before the uplink.
Firstly, block chain upgrading and reconstruction are carried out on a C/S architecture, and a block chain network can be erected at the tail end of the whole original data stream under the condition that the original architecture is not changed, so that the original work business process is guaranteed to be unchanged. The end of the original data stream, that is, the back-end server, needs to rearrange the data according to the transaction format that can be received by the blockchain network, and signs the transaction data by using an account (a pair of public and private keys) in the blockchain network, and submits the signed transaction data to the blockchain network.
To prevent malicious tampering with data before it is uplinked at the back-end, the front-end ensures that the data is verifiable before sending it to the back-end. I.e. the blockchain generates a root certificate, and different front-ends need to apply their own certificate to the blockchain. After applying for the certificate of the front end, the front end signs the data to be sent to the back end, and then packs the certificate and the data signature together with the data and sends the data to the back end.
The back end still constructs the transaction by the front end packed data according to the block chain chaining mode, submits the transaction signature attached to the front end, and verifies the transaction by the block chain after submitting the transaction signature, wherein the verification of the transaction signature and the verification of the packaging data by the intelligent contract are included.
The intelligent contract extracts the front-end certificate in the packed data, the validity of the front-end certificate is verified by utilizing a verification mode of a certificate system, and after the front-end certificate passes the verification, the signature of the front-end data is verified by using the front-end certificate, so that the tampered data is prevented from being linked up. And after detecting the data tampering, returning the uplink failure to the back end, and the front end can not inquire on the chain to know that the data is not successfully uplink, and contacting the back end to detect and re-uplink.
Drawings
In order that the invention may be more readily understood, it will be described in more detail with reference to specific embodiments thereof that are illustrated in the accompanying drawings. These drawings depict only typical embodiments of the invention and are not therefore to be considered to limit the scope of the invention.
Fig. 1 is a schematic flow chart of different front ends obtaining respective digital certificates through a blockchain.
Fig. 2 is a schematic flow chart of verifying whether packed data is tampered by a blockchain through an intelligent contract.
FIG. 3 is a block chain modification and anti-tampering of the C/S architecture.
Detailed Description
Embodiments of the present invention will be described below with reference to the accompanying drawings so that those skilled in the art can better understand the present invention and can carry out the present invention, but the illustrated embodiments are not intended to limit the present invention, and technical features in the following embodiments and embodiments can be combined with each other without conflict, wherein like parts are denoted by like reference numerals.
The method mainly solves the problem that uplink data is tampered in block chain modification of the traditional C/S architecture, namely, after a back end (S end) receives data D of a front end (C end), before the back end uploads the data D to the block chain, the data D is possibly tampered, and after uplink, the block chain cannot verify whether the data D is tampered. The invention uses a certificate system to protect data sent by front ends, each front end user is assigned a certificate, a block chain is provided with a root certificate corresponding to the certificate, the front end uses the certificate to sign the data to be sent, then packs the front end data, the data signature and the user certificate into a data packet P and sends the data packet P to a rear end, the rear end uploads the data packet P to the block chain, the block chain uses an intelligent contract and the root certificate to verify the correctness of the front end certificate in the packed content, and then uses the front end certificate to verify the correctness of the data signature, thereby ensuring that the data is not tampered at the rear end and ensuring the safety and correctness of the uplink data. Therefore, under the conditions of not adjusting the original C/S architecture and adjusting the data uplink mode, the method ensures that the front-end (C-end) data is not tampered in the process of being sent from the front end to the final uplink by using the intelligent execution mechanism of the man-in-the-middle attack prevention and block chain intelligent contract of the certificate system, and is safe, reliable, convenient to modify and efficient.
In one embodiment, as shown in fig. 1-3, the method of the present invention comprises:
step S1, the front-end obtains its own front-end certificate from the blockchain, the front-end certificate is used for data signing when the front-end sends data to the back-end and prevents man-in-the-middle attack by using the certificate. Thus, the blockchain network becomes the root certificate holder.
Step S2, the front end uses its own front end certificate to sign its own data, and then sends the packaged data to the back end, where the packaged data includes: its own front-end certificate, front-end data and data signature.
Step S3, after receiving the packaged data, the back end forms a uplink transaction according to the uplink block link requirement, and uses the uplink block link account to sign and submit the uplink transaction.
The back end follows the block chain chaining mode in the data chaining process, firstly, the back end has an account in the block chain network, namely a pair of public and private keys, and when in data chaining, the front end packaged data is constructed according to the block chain transaction format and is signed by using the public key.
Step S4, after the block chain network receives the uplink transaction, the signature verification is performed on the transaction, and then the tamper-proof verification of the packaged data is performed by the intelligent contract. The tamper-proof verification includes: the method comprises the steps of firstly verifying the validity of a front-end certificate in packaged data, and then verifying the signature of the packaged data by using the front-end certificate so as to achieve data tamper resistance.
In step S5, after all the verifications pass and the block chain consensus is passed, the data falls into the block, and the data uplink is completed. Once a certain link is verified to be failed, the data stops chaining, the follow-up consensus is terminated, a chaining failure notification is returned to the rear end, the front end cannot inquire the data chaining failure on the chain, and then the rear end manager is notified, checks the failure reason and re-chains the data.
In another aspect, the present invention provides a system for preventing back-end tampering with uplink data, comprising a front-end, a back-end, and a blockchain node. The blockchain nodes can be multiple to form a blockchain network.
The front end obtains a self front end certificate from the block chain link point, signs data by using the front end certificate and sends the data to the rear end, and the packed data comprises the front end certificate, the data and a data signature. And after the back end receives the packaged data from the front end, the data is packaged to form a chain transaction, and the chain transaction is signed and submitted through the block chain account. The block chain link points are used for generating the front-end certificate and storing the certificate. And after receiving the uplink transaction, the block link point performs signature verification on the uplink transaction, performs tamper-proof verification on the packaged data based on the intelligent contract, and after the verification is passed and the block link is identified, the data falls into the block.
According to another aspect, the present invention provides a blockchain network for preventing a back-end from tampering with uplink data, where a node in the blockchain network generates and sends a front-end certificate to a front-end, and stores a corresponding root certificate. The method comprises the steps that a node receives uplink transaction of a back end, wherein the uplink transaction comprises packed data, the packed data comprises a front-end certificate, front-end data and a data signature, and the data signature is obtained by signing the front-end data through the front-end certificate. The node performs signature verification of the front-end certificate, and performs tamper-proof verification of the packaged data by the intelligent contract. More specifically, the block chain node extracts the front-end certificate from the packed data, and verifies the front-end data using the front-end certificate.
The invention introduces a certificate system in a block chain network, under the guarantee based on digital signature and the safety mechanism of the certificate system, after a block chain receives packed data, the legitimacy of a front-end certificate in the packed data is verified through a root certificate, then the signature in the packed data and the data are verified and signed by using the certificate, and double verification guarantee data are sent from the front end to be uploaded to the block chain and are not tampered.
The invention solves the problem of data chaining in the traditional industry, solves the problem of data chaining in the traditional industry by modifying as little as possible, has more complicated existing schemes, directly removes the rear end and uses the block chain as the rear end, and has the problems that the current TPS (system throughput) of the block chain is lower than the centralized mode of the traditional industry, and the block chain directly used as the rear end to receive data can not meet the requirement.
The invention solves the problem that the existing scheme can not avoid the data tampering through the uplink at the rear end to solve the anti-tampering of the uplink data in the traditional industry. The invention solves the risk of data tampering at the back end by using the scheme of front-end certificate and block chain intelligent contract verification. The back end of the invention has no certificate, the root certificate is deployed on the block chain, and the certificate in the block chain is used for preventing the front end data from being tampered in the process of passing the back end uplink.
The embodiments described above are merely preferred specific embodiments of the present invention, and the present specification uses the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the present disclosure. General changes and substitutions by those skilled in the art within the technical scope of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A method for preventing back-end tampering with uplink data, comprising:
the front end acquires a front end certificate of the front end from the block chain, and a corresponding root certificate is stored in the block chain;
the front end signs data by using the front end certificate, and sends packed data to the back end, wherein the packed data comprises the front end certificate, the front end data and a data signature;
after receiving the packaged data, the back end constructs a transaction to chain the packaged data;
the blockchain verifies a front-end certificate in the transaction by using the root certificate, and performs tamper-proof verification on the packaged data through an intelligent contract;
and after all verification passes and the block chain consensus is carried out, the data falls into the block to finish the data chaining, and if the verification fails in a certain link, the data stops the chaining and terminates the subsequent consensus.
2. The method of claim 1, wherein the method for preventing back-end tampering with the uplink data,
and the back end forms a chain-up transaction after receiving the packaging data, signs the chain-up transaction through the block chain account and submits, and the block chain receives the chain-up transaction and then carries out signature verification on the chain-up transaction.
3. The method of claim 2, wherein the method for preventing back-end tampering with the uplink data,
and the block chain extracts the front-end certificate from the packed data and verifies the front-end data by using the front-end certificate.
4. A system for preventing back-end tampering with uplink data, comprising: a front end, a back end and a blockchain network,
the front end acquires a self front end certificate from the block chain network, signs the front end data by using the front end certificate, packs the front end data, the data signature and the front end certificate to form packed data and sends the packed data to the back end;
after receiving the packaged data from the front end, the rear end constructs a transaction to link the packaged data;
the block chain network is used for generating the front-end certificate, storing a corresponding root certificate, verifying the transaction and carrying out tamper-proof verification on the packed data through an intelligent contract;
and after all the verification passes and the block chain consensus passes, the block chain network drops the data into the block to finish the data chaining, and if the verification fails in a certain link, the data stops the chaining and terminates the subsequent consensus.
5. The system for preventing back-end tampering with uplink data as defined in claim 4,
and the back end forms the uplink transaction after receiving the packaging data, and signs the uplink transaction through the block chain account to submit.
6. The system for preventing back-end tampering with uplink data as defined in claim 5,
and the block chain extracts the front-end certificate from the packed data and verifies the front-end data by using the front-end certificate.
7. A blockchain network for preventing back-end tampering with uplink data, comprising a blockchain node capable of:
generating a front-end certificate, sending the front-end certificate to a front end, and storing a corresponding root certificate;
receiving a chain transaction of a back end, wherein the chain transaction comprises packed data, the packed data comprises a front-end certificate, front-end data and a data signature, and the data signature is obtained by signing the front-end data through the front-end certificate;
signature verification of a front-end certificate is carried out, and tamper-proof verification of packaged data is carried out by an intelligent contract;
and after the verification is passed, block chain consensus is carried out, the data falls into the blocks, data uplink is completed, and if the verification is not passed, the uplink is rejected, and the subsequent consensus is terminated.
8. A blockchain network according to claim 7 wherein a blockchain node extracts the front-end certificate from the packetized data and uses the front-end certificate to validate the front-end data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110365984.3A CN113098879B (en) | 2021-04-06 | 2021-04-06 | Method, system and block chain network for preventing back end from tampering uplink data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110365984.3A CN113098879B (en) | 2021-04-06 | 2021-04-06 | Method, system and block chain network for preventing back end from tampering uplink data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113098879A CN113098879A (en) | 2021-07-09 |
| CN113098879B true CN113098879B (en) | 2022-09-20 |
Family
ID=76673962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110365984.3A Active CN113098879B (en) | 2021-04-06 | 2021-04-06 | Method, system and block chain network for preventing back end from tampering uplink data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113098879B (en) |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190303541A1 (en) * | 2018-04-02 | 2019-10-03 | Ca, Inc. | Auditing smart contracts configured to manage and document software audits |
| CN108964924B (en) * | 2018-07-24 | 2020-06-05 | 腾讯科技(深圳)有限公司 | Digital certificate verification method and device, computer equipment and storage medium |
| CN109325775A (en) * | 2018-08-08 | 2019-02-12 | 广东技术师范学院 | A kind of anti-tamper system for tracing and managing of medicine information based on mobile block chain |
| CN109522747A (en) * | 2018-11-12 | 2019-03-26 | 杭州趣链科技有限公司 | A kind of anti-tamper diary record system and method based on block chain |
| CN110874493A (en) * | 2018-12-29 | 2020-03-10 | 厦门安妮股份有限公司 | Block chain-based enterprise data tamper-proofing method |
| US11025643B2 (en) * | 2019-04-02 | 2021-06-01 | International Business Machines Corporation | Mobile multi-party digitally signed documents and techniques for using these allowing detection of tamper |
| CN110011793A (en) * | 2019-04-03 | 2019-07-12 | 上海中商网络股份有限公司 | Anti-fake data processing method of tracing to the source, device, equipment and medium |
| CN110311787B (en) * | 2019-06-21 | 2022-04-12 | 深圳壹账通智能科技有限公司 | Authorization management method, system, device and computer readable storage medium |
| CN110532809A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of block chain multistage endorsement method based on configuration block |
| CN110602083B (en) * | 2019-09-10 | 2022-04-29 | 上海黔易数据科技有限公司 | Secure transmission and storage method of digital identity authentication data |
| CN110808959A (en) * | 2019-10-10 | 2020-02-18 | 深圳创链数据科技有限公司 | Intelligent equipment data acquisition system and method based on block chain |
| CN111339203B (en) * | 2020-02-28 | 2023-07-14 | 北京金和网络股份有限公司 | Block chain data acquisition method, device and system |
| CN111475574B (en) * | 2020-04-09 | 2023-07-11 | 成都九宽科技有限公司 | Data acquisition device based on block chain |
| CN111786791A (en) * | 2020-06-16 | 2020-10-16 | 湖南天河国云科技有限公司 | Industrial Internet data acquisition method based on block chain and gateway |
| CN112422290A (en) * | 2020-10-27 | 2021-02-26 | 中思博安科技(北京)有限公司 | Block chain-based data uplink method, device and system |
| CN112070502A (en) * | 2020-11-10 | 2020-12-11 | 支付宝(杭州)信息技术有限公司 | Data verification method and system based on block chain |
-
2021
- 2021-04-06 CN CN202110365984.3A patent/CN113098879B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113098879A (en) | 2021-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109741056B (en) | Method and device for uploading electronic certificate | |
| CN108492183B (en) | Block chain account transaction method, system and computer readable storage medium | |
| TWI449395B (en) | Secure digital signature system | |
| CN108764848B (en) | Electronic contract signing method and system | |
| CN106020139B (en) | A kind of substation configuration description file consistency ensuring method based on flow management and control | |
| CN111681003A (en) | Resource cross-chain transfer method and device, computer equipment and storage medium | |
| CN112733178B (en) | Cross-chain trust method, device, equipment and medium based on digital certificate authentication | |
| CA2675620A1 (en) | Generation of electronic negotiable instruments using predefined electronic files for providing promise of payment | |
| CN110598375B (en) | Data processing method, device and storage medium | |
| CN112700246B (en) | Block chain-based data processing method, device, equipment and readable storage medium | |
| CN110866755A (en) | Processing method, equipment and medium for bill data | |
| CN107980132A (en) | A kind of APK signature authentications method and system | |
| CN114567643B (en) | Cross-blockchain data transfer method, device and related equipment | |
| CN112311779B (en) | Data access control method and device applied to block chain system | |
| CN108038388A (en) | The implementation method and client of Web page seal, server | |
| CN110599175A (en) | Block processing method and related equipment | |
| CN107528877A (en) | Security electronic document handling system and method based on block chain structure | |
| JP3905907B2 (en) | Electronic value exchange system and electronic value exchange method | |
| CN101540677B (en) | Method, apparatus and system for signiture | |
| CN110730074A (en) | Implementation method and data structure of nested traceable digital twin body | |
| CN113098879B (en) | Method, system and block chain network for preventing back end from tampering uplink data | |
| CN109670289A (en) | A kind of method and system identifying background server legitimacy | |
| JP2000338868A (en) | Method for issuing public key certificate, method for verifying, system and recording medium | |
| CN110189125B (en) | Interactive digital signature method and system | |
| CN114157428A (en) | Block chain-based digital certificate management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |