CN113256297A

CN113256297A - Data processing method, device and equipment based on block chain and readable storage medium

Info

Publication number: CN113256297A
Application number: CN202110747229.1A
Authority: CN
Inventors: 朱耿良
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-07-02
Filing date: 2021-07-02
Publication date: 2021-08-13
Anticipated expiration: 2041-07-02
Also published as: CN113256297B

Abstract

The application discloses a data processing method, a device, equipment and a readable storage medium based on a block chain, wherein the method comprises the following steps: traversing the certificate issuing node cluster by the first representative node based on the service creation request; acquiring a first target certificate issuing node according to the service type corresponding to the first service; sending a service creation request to a first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate for a first sub-consensus node cluster, and chaining the first node certificate of the first sub-consensus node cluster; when a first node certificate of a first sub-consensus node cluster is successfully uplink, a main chain certificate issuing node is obtained, a service creation request is sent to the main chain certificate issuing node, so that the main chain certificate issuing node issues a main chain certificate for a first representative node, and the main chain certificate of the first representative node is uplink through the main consensus node cluster. By adopting the method and the device, the node computing resource can be saved and the consensus efficiency can be improved in the block chain consensus service.

Description

Data processing method, device and equipment based on block chain and readable storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a data processing method, apparatus, device, and readable storage medium based on a block chain.

Background

In a blockchain network, communication between blockchain nodes generally needs to verify the identity of each other to ensure the security of chain data on the blockchain network and the blockchain, and for this reason, it is generally necessary to issue a public and private key for each blockchain node, and also to issue an identity Certificate (i.e., an identity Certificate that a blockchain node is a public key owner) for each blockchain node, where the identity Certificate is generally issued by an authoritative Authority, such as a Certificate Authority (CA).

Currently, in the blockchain consensus service, an identity certificate of each consensus node is issued by a unified CA, and all the consensus nodes can participate in consensus of blocks for each service (each consensus node uses its own computing resource to rob block-out authority for transaction data and then vote for consensus with other consensus nodes).

However, when the blockchain is used in some special service scenarios (for example, service scenarios involving confidential and private data), not all blockchain nodes will have enough computing resources and necessity to become common nodes for common identification, and if all blockchain nodes use the computing resources to rob block authority, resource waste of the blockchain nodes is greatly caused; meanwhile, in the mode of participating all the block chain nodes in consensus, the number of the nodes is large, so that large-scale broadcast data is needed, and the consensus efficiency is also influenced.

Disclosure of Invention

The embodiment of the application provides a data processing method, a data processing device, data processing equipment and a readable storage medium based on a block chain, which can save node computing resources and improve consensus efficiency in a block chain consensus service.

An embodiment of the present application provides a data processing method based on a block chain, including:

traversing the certificate issuing node cluster by the first representative node based on the service creation request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to the first service;

acquiring a first target certificate issuing node in a certificate issuing node cluster according to the service type corresponding to the first service; the execution service type corresponding to the first target certificate issuing node is matched with the service type corresponding to the first service;

sending the service creation request to a first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate for a first sub-common knowledge node cluster based on the service creation request, and uplink is performed on the first node certificate corresponding to the first sub-common knowledge node cluster; a first node certificate corresponding to the first sub-consensus node cluster is used for granting a consensus right of the first sub-consensus node cluster for the first service;

when a first node certificate corresponding to a first sub-common recognition node cluster is successfully uplink-linked, a main chain certificate issuing node is obtained in the certificate issuing node cluster, a service creation request is sent to the main chain certificate issuing node, so that the main chain certificate issuing node issues a main chain certificate for the first representative node based on the service creation request, and the main chain certificate corresponding to the first representative node is uplink-linked through the main common recognition node cluster; the uplink main chain certificate is used for representing that the first representative node belongs to the main consensus node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting a consensus right of the second sub-consensus node cluster for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

An embodiment of the present application provides a data processing apparatus based on a block chain, including:

the cluster traversing module is used for traversing the certificate issuing node cluster based on the service creating request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to the first service;

the node acquisition module is used for acquiring a first target certificate issuing node in the certificate issuing node cluster according to the service type corresponding to the first service; the execution service type corresponding to the first target certificate issuing node is matched with the service type corresponding to the first service;

the request sending module is used for sending the service creation request to the first target certificate issuing node so that the first target certificate issuing node issues a first node certificate for the first sub-common identification node cluster based on the service creation request and carries out uplink on the first node certificate corresponding to the first sub-common identification node cluster; a first node certificate corresponding to the first sub-consensus node cluster is used for granting a consensus right of the first sub-consensus node cluster for the first service;

the request sending module is further configured to, when a first node certificate corresponding to the first sub-common consensus node cluster is successfully uplink-bound, obtain a main chain certificate issuing node in the certificate issuing node cluster, send a service creation request to the main chain certificate issuing node, so that the main chain certificate issuing node issues a main chain certificate for the first representative node based on the service creation request, and uplink-bound the main chain certificate corresponding to the first representative node through the main common consensus node cluster; the uplink main chain certificate is used for representing that the first representative node belongs to the main consensus node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting a consensus right of the second sub-consensus node cluster for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

In one embodiment, the node acquisition module includes:

the system comprises a set acquisition unit, a service type setting unit and a service type setting unit, wherein the set acquisition unit is used for acquiring an execution service type corresponding to each certificate issuing node in a certificate issuing node cluster to obtain an execution service type set;

a node determining unit, configured to obtain a service type corresponding to a first service, and determine, as a target execution service type, an execution service type that matches the service type corresponding to the first service in an execution service type set;

and the node determining unit is further configured to determine the certificate issuing node corresponding to the target execution service type as the first target certificate issuing node.

In one embodiment, the block chain based data processing apparatus further comprises:

the request receiving module is used for receiving a cross-service consensus request aiming at a first target block and sent by a second representative node; the first target block is generated by the second representative node according to the first transaction data; the first transaction data is associated with a first service and a second service; the cross-business consensus request carries a third node certificate issued by the first target certificate issuing node for the second sub-consensus node cluster; the third node certificate is used for granting the second sub-consensus node cluster with consensus authority aiming at the first service;

the certificate acquisition module is used for acquiring a fourth node certificate corresponding to the first sub-consensus node cluster based on the cross-service consensus request; the fourth node certificate is issued by the second target certificate issuing node; the fourth node certificate is used for granting the first sub-consensus node cluster with consensus right for the second service;

and the consensus module is used for performing cross-service consensus on the first target block in the first sub-consensus node cluster and the second sub-consensus node cluster based on a fourth node certificate corresponding to the first sub-consensus node cluster and a third node certificate corresponding to the second sub-consensus node cluster.

In one embodiment, the certificate acquisition module comprises:

the account book traversing unit is used for traversing the data account book in the block chain network based on the cross-business consensus request;

a certificate obtaining unit, configured to determine, if a certificate issued by a second target certificate issuing node for a first sub-consensus node cluster exists in the data ledger, and a certificate certification time of the certificate issued by the second target certificate issuing node for the first sub-consensus node cluster is valid time, a certificate stored in the data ledger and issued by the second target certificate issuing node for the first sub-consensus node cluster is determined to be a fourth node certificate corresponding to the first sub-consensus node cluster;

the certificate obtaining unit is further configured to generate a certificate issuance request if the certificate certification time is expiration time or a certificate issued by the second target certificate issuance node for the first sub-consensus node cluster does not exist in the data book, and obtain a fourth node certificate corresponding to the first sub-consensus node cluster according to the certificate issuance request and the certificate issuance node cluster.

In an embodiment, the certificate acquisition unit is further specifically configured to traverse the certificate issuing node cluster, and acquire a second target certificate issuing node in the certificate issuing node cluster;

the certificate acquisition unit is further specifically configured to send a certificate issuance request to the second target certificate issuance node, so that the second target certificate issuance node issues a fourth node certificate to the first sub-consensus node cluster based on the certificate issuance request, and adds the fourth node certificate to the data book;

the certificate obtaining unit is further specifically configured to receive certificate issuance success information returned by the second target certificate issuance node, and obtain, based on the certificate issuance success information, a fourth node certificate corresponding to the first sub-consensus node cluster in the data ledger.

the block generation module is used for receiving second transaction data which is sent by the service node and is associated with the first service, and generating a second target block according to the second transaction data;

the block consensus module is used for sending the second target block to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

the block consensus module is also used for receiving voting information returned by the rest nodes based on the second target block;

the block consensus module is further used for determining a consensus result aiming at the second target block based on the voting information;

and the block uplink module is used for performing uplink on the second target block when the common identification result is a common identification passing result.

In one embodiment, the number of remaining nodes is at least two; the number of the voting information is at least two;

a block consensus module, comprising:

an information acquisition unit, configured to determine voting information used to indicate that a vote passes in at least two pieces of voting information as passing voting information, and count the number of the passing voting information;

the information acquisition unit is further used for acquiring the number of the representative nodes of the first representative node and the number of at least two remaining nodes;

the operation unit is used for adding the number of the representative nodes and the number of the at least two residual nodes to obtain the total number of the nodes;

the operation unit is also used for adding the number of the representative nodes and the number of the passing voting information to obtain a passing number;

and a result determining unit, configured to determine a consensus result for the second target block according to the total number of nodes and the pass number.

In an embodiment, the result determining unit is further specifically configured to determine a ratio between the pass number and the total number of nodes;

the result determining unit is further specifically configured to determine the consensus result for the second target block as a consensus pass result if the ratio value is greater than or equal to the ratio threshold;

the result determining unit is further specifically configured to determine the consensus result for the second target block as a consensus failure result if the ratio value is smaller than the ratio threshold.

In one embodiment, the block uplink module comprises:

a block adding unit, configured to add a second target block to the node cache of the first representative node when the consensus result is a consensus pass result;

the auction information generating unit is used for acquiring the blocks to be uplink stored in the node cache and the block number of the blocks to be uplink; the block to be uplink comprises a second target block;

the auction information generating unit is further used for determining the block uplink assets aiming at the second target block according to the number of the blocks, acquiring the node identification of the first representative node, and generating the block auction information aiming at the second target block according to the node identification and the block uplink assets;

the information sending unit is used for sending the block auction information to the second representative node so as to enable the second representative node to return auction voting information based on the block auction information;

the block adding unit is used for determining the uplink authority of the first representative node aiming at the second target block according to the auction voting information;

and the block adding unit is further used for adding the second target block to a data account book in the blockchain network when the first representative node has the uplink right.

In an embodiment, the block adding unit is further specifically configured to obtain a largest block having a largest generation timestamp in the data book, and obtain a block hash value corresponding to the largest block;

the block adding unit is further specifically used for adding the block hash value to the second target block to obtain a block to be added;

the block adding unit is further specifically used for acquiring a private key corresponding to the first representative node, and signing the block to be added based on the private key corresponding to the first representative node to obtain a first digital signature;

the block adding unit is further specifically used for sending the block to be added and the first digital signature to the second representative node, so that the second representative node obtains a public key corresponding to the main chain certificate issuing node based on the block to be added and the first digital signature, performs identity verification on the main chain certificate corresponding to the first representative node based on the public key corresponding to the main chain certificate issuing node, obtains a public key corresponding to the first representative node after verification is passed, and performs signature verification on the first digital signature based on the public key corresponding to the first representative node to obtain a signature verification result;

and the block adding unit is further specifically used for adding the block to be added to the data account book when the signature checking result is a signature checking passing result.

the block receiving module is used for receiving a third target block sent by the remaining nodes; the third target block is generated by the remaining nodes according to third transaction data associated with the first service; the third target block carries a second digital signature obtained by the remaining nodes signing the third target block based on the private keys corresponding to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

the signature checking module is used for acquiring public keys corresponding to the remaining nodes;

the signature checking module is also used for checking the signature of the second digital signature based on the public keys corresponding to the remaining nodes, and after the signature checking is passed, the signature checking module and the remaining nodes jointly identify the third target block;

and the block writing module is used for adding the third target block into the data account book of the block chain network after the third target block passes the consensus.

In one embodiment, the signature verification module comprises:

the certificate acquisition unit is used for acquiring first node certificates corresponding to the remaining nodes in the data account book; the first node certificates corresponding to the remaining nodes comprise public keys of the first target certificate issuing node to the remaining nodes based on the private key of the first target certificate issuing node and signature information obtained after the identity information of the remaining nodes is signed;

the public key acquisition unit is used for acquiring a public key corresponding to the first target certificate issuing node and verifying the signature information based on the public key corresponding to the first target certificate issuing node;

and the public key acquisition unit is also used for acquiring the public keys corresponding to the remaining nodes and the identity information of the remaining nodes after the verification is passed.

An aspect of an embodiment of the present application provides a computer device, including: a processor and a memory;

the memory stores a computer program that, when executed by the processor, causes the processor to perform the method in the embodiments of the present application.

An aspect of the embodiments of the present application provides a computer-readable storage medium, in which a computer program is stored, where the computer program includes program instructions, and the program instructions, when executed by a processor, perform the method in the embodiments of the present application.

In one aspect of the application, a computer program product or computer program is provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided by one aspect of the embodiments of the present application.

In this embodiment of the present application, the common node in the block chain network may be divided into different clusters (each cluster may be referred to as a sub common node cluster), and one sub common node cluster is responsible for common identification for one service. In order to enable sub-consensus node clusters not to interfere with each other, a certificate issuing node can be additionally arranged for each service, when each service is online, a certificate can be issued for the sub-consensus node cluster of the service based on the certificate issuing node corresponding to the service, after the certificate is owned, the sub-consensus node clusters can be operated online, and it should be understood that only when the certificates of any two consensus nodes are issued by the same certificate issuing node, the two consensus nodes can trust each other and perform communication consensus with each other; therefore, when other malicious nodes which are not the service maliciously acquire the data of the service, the malicious nodes do not have the certificate issued by the certificate issuing node corresponding to the service, the sub-consensus node cluster of the service does not trust the malicious nodes, the sub-consensus node cluster does not send the data of the service to the malicious nodes, and the safety of the data of the service can be greatly improved. Meanwhile, the sub-consensus node cluster is in charge of performing consensus on a service, when performing consensus on transaction data of a certain service, all block chain nodes in a block chain network do not need to use own computing resources to contend for consensus on the consensus nodes of the transaction data, and only the sub-consensus node cluster corresponding to the service needs to perform consensus on the transaction data, so that the computing resources of the block chain nodes in the block chain network can be well saved; in the consensus process, the number of the nodes of the sub-consensus node cluster is far less than that of all the consensus nodes in the block chain network, and only small-range data broadcasting is needed, so that the consensus efficiency can be improved. In conclusion, the method and the device can save node computing resources, improve consensus efficiency and improve safety of transaction data in the block chain consensus service.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a schematic diagram of an application environment of a method provided by an embodiment of the present application;

fig. 2 is a block chain network according to an embodiment of the present disclosure;

FIG. 3 is a block chain network applied to an electronic ticket scenario;

fig. 4 is a block chain consensus network according to an embodiment of the present disclosure;

fig. 5 is a block chain-based data processing method according to an embodiment of the present disclosure;

FIG. 6 is a schematic diagram of adding blocks to a data ledger according to an embodiment of the present disclosure;

fig. 7 is a schematic flowchart of cross issuing a certificate for a cluster of child consensus nodes according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a data processing apparatus based on a block chain according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Referring to fig. 1, fig. 1 is a schematic diagram of an application environment of a method according to an embodiment of the present disclosure. As shown in fig. 1, the data processing method based on the blockchain provided by the present application can be applied to a blockchain network 100. The blockchain network comprises a network formed by related nodes for recording and inquiring data blocks on the blockchain, wherein each node in the blockchain network is a blockchain node and is computer equipment capable of inquiring or recording the data blocks. As shown in fig. 1, the blockchain network 100 may include a traffic network 1100, a routing layer 1200, and a consensus network 1300. Service node 1102 in service network 1100 and routing node 1202 in routing layer 120 are connected by a network. Routing node 1202 and consensus node 1302 in consensus network 1300 are connected by a network. Communication between the service network 1100 and the consensus network 1300 is therefore required through the routing node 1202.

The service node 1102 may be a desktop terminal or a mobile terminal used by a service party generating transaction information, and the mobile terminal may be an intelligent terminal with a data processing function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart television, a smart sound box, a desktop computer, a smart watch, and a vehicle-mounted terminal, but is not limited thereto. Routing node 1202 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers. The consensus node 1302 in the consensus network 1300 may record the transaction information (transaction data) generated by the service node onto the blockchain, the consensus node 1302 may be implemented by an independent server or a server cluster composed of a plurality of servers, and each consensus node in the consensus network 1300 may be authorized to be set by an authority, for example, when the consensus network 1300 is applied to an application scenario for processing electronic ticket data, the consensus node in the consensus network 1300 may be generally authorized to be set by a regulatory agency.

Blockchains are a carrier and organization way to run blockchain technology. The block chain technology (BT), also called distributed book technology, is an internet database technology, and is characterized by decentralization and public transparency, so that everyone can participate in database recording. The blockchain technique is a distributed infrastructure and computing approach that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, utilizes cryptographic approaches to secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data.

For ease of understanding, the blockchain and its related concepts will be described below:

the block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, and is mainly used for sorting data according to a time sequence and encrypting the data into an account book, so that the data cannot be falsified or forged, and meanwhile, the data can be verified, stored and updated. The blockchain is essentially a decentralized database, each node in the database stores an identical blockchain, and the blockchain network divides the nodes into core nodes, data nodes and light nodes, wherein the core nodes are responsible for the consensus of the whole blockchain network, that is, the core nodes are the consensus nodes in the blockchain network. The process of entering the consensus service process for the consensus node in the blockchain network may be that the client sends the transaction data to the data node or the light node, and then the transaction data is transmitted between the data node or the light node in the blockchain network in a baton manner until the consensus node receives the transaction data, and then the consensus node packs the transaction data into the block to perform consensus with other consensus nodes.

After receiving transaction data sent by the data node or the light node, any core node can store the transaction data into a memory pool (such as a transaction pool) and update a hash tree used for recording input data; then, updating the updating timestamp to the time of receiving the transaction data, trying different random numbers to calculate the characteristic value, and when the characteristic value is obtained, determining that the core node obtaining the characteristic value robs the block-out authority aiming at the transaction data, and correspondingly storing the transaction data by the core node to generate a block head and a block main body to obtain a newly generated block; then, the core node may send the newly generated tile to other core nodes in the blockchain network where the newly generated tile is located according to node identifiers of other core nodes (i.e., common nodes) in the blockchain network, check (i.e., perform common identification) the newly generated tile by the other core nodes, and add the newly generated tile to the blockchain stored in the newly generated tile after the check is completed. Each core node in the blockchain network has a node identifier corresponding thereto, and each core node in the blockchain network may store node identifiers of other core nodes in the blockchain network, so that the generated block is broadcast to other core nodes in the blockchain network according to the node identifiers of the other core nodes, and transaction data stored in all the core nodes in the blockchain network are consistent.

For the sake of understanding the architecture of the blockchain network of the present application, please refer to fig. 2 together, and fig. 2 is a schematic diagram of an architecture of a blockchain network according to an embodiment of the present application. As shown in fig. 2, the blockchain network may include a traffic network 2100, a routing layer 2200, and a consensus network 2300. The service network 2100 may include a service node 2101 (the service node 2101 may validate a data block that a consensus node records onto a blockchain), and the consensus network 2300 may include a consensus node 2301 that records a data block onto a blockchain. The service network 2100 and the consensus network 2300 may be connected through a routing layer 2200, a routing node 2201 in the routing layer 2200 may transfer a data processing request sent by the service node 2101 to the consensus node 2301, and the routing node 2201 may further forward transaction information (such as an execution result for transaction data) on a blockchain acquired from the consensus node 2301 to the service node 2101. Service node 2101 is deployed in a service network in a public network, and consensus node 2301 running a blockchain consensus protocol is deployed in a private consensus network, and the two nodes can interact through a routing node (e.g., routing node 2201). Routing node 2201 may serve as an isolation between the traffic network 2100 and the core's consensus network 2300. In the service network 2100, Peer-To-Peer (Peer To Peer, P2P) networks are formed between service nodes, where the P2P Protocol is an application layer Protocol operating on top of a Transmission Control Protocol (TCP). Service node 2101 may pass a message received from routing node 2201 to surrounding service nodes such that the message can be propagated between each service node in the service network.

In order to facilitate understanding of the application scenario of the blockchain network, a specific scenario architecture will be described below by taking an example of applying the blockchain network to an electronic bill scenario. Referring to fig. 3, fig. 3 is a schematic diagram of an architecture for applying a blockchain network to an electronic ticket scenario.

When the blockchain network shown in fig. 2 is applied to a scene of an electronic bill, the blockchain network may record transaction information generated in the whole circulation process of the electronic bill. As shown in fig. 3, the blockchain network may include a services network 3200, a routing layer 3400, and a consensus network 3600.

The circulation process of the electronic bill can comprise the processes of application of the electronic bill, issuance of the electronic bill, reimbursement of the electronic bill, tax declaration of the electronic bill and the like. Since the roles involved in the whole circulation process of the electronic bill include a monitoring authority, a billing party, an invoicing party and a tax declaring party, the business network 3200 may include a monitoring authority private network 3201 in which the monitoring authority provides related services, a public cloud 3202 in which the billing party, the invoicing party and the tax declaring party provide related services, and a private cloud 3203 in which electronic bill preservation services are provided for consumers. The special network 3201 of the supervision structure may include computer devices used by the supervision authorities involved in the electronic tickets, including the supervision authority terminal 32011. The public cloud 3202 may include computer devices used by invoices, reimbursers and tax payers designed by electronic bills, including an invoicing party terminal 32021, an reimburser terminal 32022 and a tax payer terminal 32023, wherein the invoicing party may be an invoicing facilitator, the reimburser may be an reimburser, and the enterprise terminal may access the public cloud. The private cloud 3203 may include computer devices used by users involved in electronic bills, including a payment terminal 32031 for making payment, an electronic bill circulation terminal 32032 for temporarily storing electronic bills for the users, and a dedicated terminal 32033 of a business, and the private cloud may be accessed by consumer terminals. Computer devices in the private network 3201, the public cloud 3202 and the private cloud 3202 of the regulatory agency can all serve as service nodes to send data uplink requests or data query requests for electronic tickets to the consensus network through the routing nodes.

Any routing node in routing layer 3400 may include functional modules that provide authentication services 3401, certificate caches 3402, routing services 3403, and P2P services 3404. The authentication service 3401 may be configured to perform identity verification on service nodes in a service network, the certificate cache 3402 may be configured to cache identity certificates of the respective service nodes, the routing service 3403 may be configured to implement network isolation between the service network and a common identification network, the P2P server may be configured to distribute tasks among routing nodes having idempotent properties, the routing nodes form a peer-to-peer (P2P) network, and the P2P protocol is an application layer protocol operating on top of a TCP protocol.

The consensus network 3600 may include a plurality of consensus branched networks 360, each consensus branched network 360 may include a plurality of consensus nodes 3601, and the plurality of consensus nodes 3601 maintain sub-blockchains corresponding to the consensus branched networks 360. For example, some of the sub-block chains are used for recording the transaction information related to the electronic bill belonging to a certain bill number section interval, and some of the sub-block chains are used for recording the transaction information related to the flushed electronic bill. When the data related to the electronic bill needs to be recorded, the sub-block chain to be recorded can be determined according to the authority of the service node, and then the sub-block chain is recorded by the consensus branch network maintaining the sub-block chain. The consensus node 3601 may generally be a computer device used by regulatory agencies in various regions. The consensus nodes 3601 in each consensus branching network 360 may include an authority contract storing flow logic about the whole life cycle of an electronic ticket, such as the ticket state of the electronic ticket, flow process, access authority of data, electronic ticket claim condition, electronic ticket issuing condition, and the like. The consensus node 3601 may also include cache and data blocks that may provide support for uplink and query of transaction information.

It can be understood that, in order to save node computing resources and improve the security of transaction data in the blockchain consensus service, the blockchain consensus network is divided into a plurality of consensus sub-networks, each consensus sub-network can be responsible for storing consensus for different services, each consensus sub-network can have a network cache belonging to its own network, and each block can be stored into the network cache in its own network when one block is generated; meanwhile, the block chain network may have a block chain (may be referred to as a main network chain) in common, and the blocks generated by each sub-consensus network may be stored in the main network chain, so as to uniformly manage all the sub-consensus networks. That is to say, the above-mentioned architecture and system flow are basic frameworks of the present application, and on this basis, the present application divides the block chain consensus network into a plurality of sub-consensus networks, each sub-consensus network may include one or more consensus nodes, that is, each sub-consensus network is a sub-consensus node cluster, and each cluster may be responsible for performing storage consensus for different services. And when a service is added, a sub-common node cluster can be added. For ease of understanding, please refer to fig. 4, where fig. 4 is a schematic diagram illustrating an architecture of a blockchain consensus network according to an embodiment of the present disclosure.

As shown in fig. 4, the consensus network may include a sub-consensus network 4100, a sub-consensus network 4200, a sub-consensus network 4300, and a sub-consensus network 4400. The sub-consensus network 4100 may be responsible for performing storage consensus on the transaction information of the invoice service, the sub-consensus network 4200 may be responsible for performing storage consensus on the transaction information of the export service, the sub-consensus network 4300 may be responsible for performing storage consensus on the transaction information of the credit investigation service, and the sub-consensus network 4400 may be responsible for performing storage consensus on the transaction information of the corporate service. As shown in fig. 4, the blockchain consensus network may further include a blockchain 400, where the blockchain 400 may be a main blockchain, and the transaction finally processed by each sub-consensus network needs to be submitted to the main blockchain (i.e., the blockchain 400), so that the transactions of the sub-consensus networks can be uniformly stored and managed through the main blockchain.

It is understood that each sub-consensus network may include a representative node, and the data that each sub-consensus network needs to submit to the main network link may be promoted by the representative node to the main network link. As shown in fig. 4, the sub-consensus network 4100 may include a representative node 4101, the sub-consensus network 4200 may include a representative node 4201, the sub-consensus network 4300 may include a representative node 4301, the sub-consensus network 4400 may include a representative node 4401, and the representative node 4101, the representative node 4201, the representative node 4301, and the representative node 4401 may be configured to submit the transaction in the own network to the main network chain 400.

It should be understood that the blockchain network of the present application may be composed of the aforementioned service network, routing layer, and consensus network (e.g., the consensus network corresponding to fig. 4). Under the framework that the sub-consensus network comprises a plurality of sub-consensus networks, one sub-consensus network can be responsible for storing consensus for one service, so that all nodes in a block chain network do not need to participate in block consensus of a certain service by utilizing computing resources of the nodes, and node resources can be saved. On the framework, aiming identity management can be carried out on the common-identification nodes in each sub common-identification network, and meanwhile, the sub common-identification networks are managed in a unified way, different secondary certificate authentication centers can be added for different services through a root certificate authentication center, a secondary certificate authentication center can be added for a main network chain, the secondary certificate authentication center corresponding to each service can be used for signing and issuing an identity certificate for the common-identification node corresponding to one service, a secondary certificate authentication center can be added for each new service, and an identity certificate is signed for the corresponding sub common-identification node cluster (the node cluster corresponding to the sub common-identification network) through the secondary certificate authentication center; the secondary certificate authentication center in the main network chain can be used for issuing an identity certificate for the representative nodes in each sub consensus network, so that the representative nodes can participate in communication consensus in the main network chain; by means of the secondary certificate authentication center, flexible and safe management of the root certificate authentication center on the identities of the nodes of the sub consensus networks can be effectively guaranteed. The specific method for issuing the identity certificate can be referred to the following description in the embodiment corresponding to fig. 5.

For ease of understanding, please refer to fig. 5, where fig. 5 is a block chain-based data processing method according to an embodiment of the present application. The data processing method is a method for issuing an identity certificate in a blockchain network, where the blockchain network may include a service network, a consensus network (such as the consensus network shown in fig. 4) and a routing layer for isolating the service network from the consensus network; the following method is applied to the representative node (e.g., representative node 4101) in the embodiment corresponding to fig. 4. As shown in fig. 5, the data processing method based on the block chain may include the following steps S101 to S104:

step S101, traversing a certificate issuing node cluster by a first representative node based on a service creation request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to the first service.

In this application, the certificate issuing node cluster may include one or more certificate issuing nodes, and each certificate issuing node may be understood as a secondary certificate authority. It should be understood that, the present application may allocate different sub-common identification node clusters and secondary certificate authentication centers to each service (e.g., invoice service, export service, legal service, credit investigation service, etc.), and each new service may be issued a secondary certificate authentication center by the root certificate authentication center, and an identity certificate may be issued to the sub-common identification node cluster corresponding to the service by the secondary certificate authentication center corresponding to the service.

It can be understood that the certificate authority is a block chain node that issues an identity certificate. The certificate authentication center can be divided into a root certificate authentication center, a primary certificate authentication center and a secondary certificate authentication center according to the management logic of each service. Taking the service as an electronic bill service as an example, the root certificate authentication center may be configured to generate a root certificate, where the root certificate is a certificate signed by the root certificate authentication center for other certificates, and the root certificate is self-signed by the root certificate authentication center. The root certificate authentication center can determine a primary certificate authentication center according to the root certificate and issues a primary identity certificate for the primary certificate authentication center, and the primary certificate authentication center is usually a supervision authority terminal, that is, the root certificate authentication center issues a supervision authority identity certificate for the supervision authority terminal. The primary certificate authentication center is used for determining a secondary certificate authentication center according to the primary identity certificate and issuing a secondary identity certificate for the secondary certificate authentication center, and the secondary certificate authentication center is usually a management authority terminal, namely issuing a management authority identity certificate for the management authority terminal through the primary certificate authentication center. The secondary certificate authentication center in the present application may be configured to determine a basic unit authentication center according to a secondary identity certificate, and issue a basic unit identity certificate for the basic unit authentication center, where the basic unit is generally a service node and a common identity node, for example, the terminal devices in a public cloud and a private cloud in the service network and the terminal devices in the common identity network in the embodiment corresponding to fig. 3 may all issue an identity certificate for the service node and the common identity node through the secondary certificate authentication center.

In the application, each secondary certificate authority can be called a certificate issuing node, each service can correspond to different certificate issuing nodes, and the identity certificate corresponding to each sub-consensus node cluster corresponding to each service can be issued by the certificate issuing node corresponding to the service. And the identity certificate of the representative node in each sub-consensus node cluster can be issued by a secondary certificate authority (i.e. a main chain certificate issuing node) in the main network chain. When each service is on-line, a representative node in the sub-consensus node cluster thereof may initiate a request (e.g., a service creation request) to a root certificate authority (which may be referred to as a root certificate authority), at which time the root certificate authority may add a secondary certificate authority for the newly added service, and the added secondary certificate authority may be dedicated to take charge of the service (i.e., the type of execution service corresponding to the secondary certificate authority matches the type of service of the service). The root certificate issuing node can store the newly-added secondary certificate issuing node into a secondary certificate issuing node cluster, so that a representative node corresponding to the service can traverse the secondary certificate issuing node cluster based on the service creation request to find a secondary certificate issuing node matched with the service type of the service, and then the secondary certificate issuing node issues an identity certificate for a sub-common node cluster where the representative node is located.

Any service in the present application may be referred to as a first service, a sub-common node cluster corresponding to the first service may be referred to as a first sub-common node cluster, and a representative node in the first sub-common node cluster may be referred to as a first representative node. It should be appreciated that each cluster of sub-consensus nodes forms a sub-consensus network.

Step S102, a first target certificate issuing node is obtained in the certificate issuing node cluster according to the service type corresponding to the first service; and the execution service type corresponding to the first target certificate issuing node is matched with the service type corresponding to the first service.

In the application, the first target certificate issuing node can be a secondary certificate issuing node for the root certificate issuing node to issue the first service additionally, and can be acquired in the certificate issuing node cluster through the service type corresponding to the first service. The specific method comprises the following steps: the method comprises the steps that an execution service type corresponding to each certificate issuing node in a certificate issuing node cluster can be obtained, and an execution service type set is obtained; then, the service type corresponding to the first service can be obtained, and the execution service type matched with the service type corresponding to the first service in the execution service type set is determined as a target execution service type; subsequently, the certificate issuing node corresponding to the target execution service type can be determined as a first target certificate issuing node.

Step S103, sending the service creation request to the first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate to the first sub-consensus node cluster based on the service creation request, and uplink is performed on the first node certificate corresponding to the first sub-consensus node cluster; and a first node certificate corresponding to the first sub-consensus node cluster is used for granting the first sub-consensus node cluster a consensus right for the first service.

In the application, after the first representative node finds the first target certificate issuing node, the first target certificate issuing node may issue an identity certificate for each consensus node in the first sub-consensus node cluster where the first representative node is located, where the identity certificate may include a communication certificate and a signature certificate. The first sub-consensus node cluster may include a consensus node participating in consensus and a non-consensus node not participating in consensus, and the first representative node may request the first target certificate issuing node to issue (i.e., issue) a communication certificate and a signature certificate (i.e., a dual certificate, the dual certificate corresponding to the consensus node may be referred to as a first node certificate corresponding to the consensus node) for the consensus node in the first sub-consensus node cluster and to issue a communication certificate (the communication certificate corresponding to the non-consensus node may be referred to as a first node certificate corresponding to the non-consensus node) for the non-consensus node in the first sub-consensus node cluster. Meanwhile, after issuing certificates for each node in the first sub-common node cluster, the first target certificate issuing node may perform uplink on the first node certificate corresponding to the first sub-common node cluster (i.e., the first node certificate corresponding to the common node corresponds to the non-common node), where the uplink is generated as a block and added to a main network chain (such as the block chain 400 in the architecture diagram corresponding to fig. 4) in the block chain network.

After the first target certificate issuing node chains the first node certificate corresponding to the first sub-consensus node cluster to the main network chain, each node in the first sub-consensus node cluster may obtain the identity certificate corresponding to itself from the main network chain, and perform online operation after obtaining the identity certificate (e.g., perform consensus on a transaction corresponding to the first service).

Step S104, when a first node certificate corresponding to the first sub-consensus node cluster is successfully uplink-linked, acquiring a main chain certificate issuing node in the certificate issuing node cluster, sending the service creation request to the main chain certificate issuing node, so that the main chain certificate issuing node issues a main chain certificate for the first representative node based on the service creation request, and uplink-linking the main chain certificate corresponding to the first representative node through the main consensus node cluster; the chain-linked main chain certificate is used for representing that the first representative node belongs to the main common node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting the second sub-consensus node cluster a consensus right for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

In this application, because the transactions respectively corresponding to each sub-consensus node cluster need to be stored in the main network chain, and the transaction in each sub-consensus node cluster is submitted to the main network chain by the representative node, the representative node in this application needs to have an identity certificate for communication consensus on the main network chain in addition to an identity certificate issued by the secondary certificate issuing node corresponding to the cluster itself, and the first representative node needs to request the primary chain secondary issuing node to issue a primary chain certificate (which may include a communication certificate and a signature certificate) for itself in addition to an identity certificate for service consensus in the cluster itself. Similarly, after the main chain secondary issuing node issues the main chain certificate for the first representative node, the main chain certificate of the first representative node can also be linked to the main network chain, and the first representative node can obtain the main chain certificate in the main network chain and perform consensus interaction with other representative nodes in the main network chain based on the main chain certificate.

It can be understood that each sub-consensus node cluster can be used for recording and consensus on transaction data of different services, wherein consensus refers to a process that multiple participating blockchain nodes interact to agree on certain data, behaviors or processes under a preset rule. In this application, when any one consensus node in each sub-consensus node cluster receives transaction information to be recorded on a main network chain, the identity certificate of a node sending the transaction information to the node can be verified based on the identity certificate (including the public key of the secondary certificate issuing node) of the secondary certificate issuing node corresponding to the cluster in the main network chain, if the verification is passed, each consensus node can perform consensus on the transaction information, and after the consensus passes, the transaction information can be submitted to the main network chain for storage by a representative node of the cluster.

Taking the example that the first representative node receives the second transaction data sent by the service node and generates the second target block, the first representative node may send the second target block to all other common identification nodes in the first sub common identification node cluster, and all other common identification nodes may verify the identity certificate of the first representative node and perform common identification on the second target block after the verification is passed. The specific method comprises the following steps: second transaction data which is sent by the service node and is associated with the first service can be received, and a second target block can be generated according to the second transaction data; subsequently, the second target block may be sent to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node; receiving voting information returned by the remaining nodes based on the second target block, and determining a consensus result aiming at the second target block based on the voting information; and when the result of the consensus is a result of the consensus passing, performing uplink on the second target block.

Wherein, the number of the residual nodes is at least two; the number of the voting information is at least two, and a specific method for determining the consensus result for the second target block based on the voting information may be: determining voting information used for indicating the passage of votes in the at least two pieces of voting information as passage voting information, and counting the number of the passage voting information; acquiring the number of representative nodes of the first representative node and the number of at least two residual nodes; adding the number of the representative nodes and the number of at least two residual nodes to obtain the total number of the nodes; adding the number of the representative nodes and the number of the passing voting information to obtain a passing number; and determining a consensus result for the second target block according to the total number of the nodes and the passing number.

The specific method for determining the consensus result for the second target block according to the total number of nodes and the passing number may be: a proportional value between the passing number and the total number of nodes can be determined; if the proportion value is larger than or equal to the proportion threshold value, determining the consensus result aiming at the second target block as a consensus passing result; and if the proportion value is smaller than the proportion threshold value, determining the consensus result aiming at the second target block as a consensus failure result.

It should be understood that, when determining whether the second target block passes the consensus, a first number corresponding to the consensus node that the vote passed and a second number corresponding to the consensus node that the vote failed may be obtained, and the consensus result of the second target block may be determined according to at least one of the first number and the second number. For example, it may be that the consensus result is by when at least one of the following conditions is satisfied: the first number is greater than the second number, the first number reaches a first predetermined threshold, and a ratio of the first number to the number of consensus nodes involved in the consensus check reaches a second predetermined threshold (e.g., 2/3). The specific values corresponding to the first preset threshold and the second preset threshold can be set as required. For example, if the voting results of the consensus nodes 1 to 2 are respectively pass and fail, and the voting result of the first representative node is pass, the first number may be 2, the second number is 1, and if the condition that the consensus is passed is that the ratio of the first number to the number of the consensus nodes participating in the consensus check is greater than (or equal to) 2/3, the consensus result of the second target block may be determined to be a consensus pass result.

In order to avoid collective deteriorations of the common nodes in the sub common node clusters and guarantee authenticity of data, the data blocks in each sub common node cluster can be synchronized into the main network chain, and therefore supervision on the data in the sub common node clusters is achieved. Taking the second target block as an example, after passing the consensus, the second target block may be linked into the main link. The specific method comprises the following steps: when the consensus result is a consensus passing result, adding the second target block into the node cache of the first representative node; then, the block to be uplink stored in the node cache and the block number of the block to be uplink can be obtained; the block to be uplink comprises a second target block; determining a block uplink asset aiming at a second target block according to the number of the blocks, acquiring a node identifier of a first representative node, and generating block auction information aiming at the second target block according to the node identifier and the block uplink asset; sending the block auction information to a second representative node so that the second representative node returns auction voting information based on the block auction information; and determining the uplink authority of the first representative node aiming at the second target block according to the auction voting information, and adding the second target block into a data account book in the block chain network when the first representative node has the uplink authority. It should be understood that the data book may be the main network link.

The specific method for adding the second target block to the data book in the blockchain network may be as follows: the method comprises the steps of obtaining a maximum block with a maximum generation timestamp in a data account book, and obtaining a block hash value corresponding to the maximum block; adding the block hash value into a second target block to obtain a block to be added; then, a private key corresponding to the first representative node can be obtained, and the block to be added is signed based on the private key corresponding to the first representative node to obtain a first digital signature; sending the block to be added and the first digital signature to a second representative node, so that the second representative node obtains a public key corresponding to a main chain certificate issuing node based on the block to be added and the first digital signature, performing identity verification on a main chain certificate corresponding to the first representative node based on the public key corresponding to the main chain certificate issuing node, obtaining a public key corresponding to the first representative node after the verification is passed, and performing signature verification on the first digital signature based on the public key corresponding to the first representative node to obtain a signature verification result; and when the signature checking result is a signature checking passing result, adding the block to be added into the data account book.

It should be understood that the representative node in the first sub-common node cluster may include a node cache, in which blocks to be uplink-linked to the main network chain after common identification are stored, and after the second target block passes common identification, the first representative node may determine an auction asset based on the number of blocks to be uplink-linked but not yet uplink-linked in the node cache (e.g., the larger the number of blocks to be uplink-linked but not yet uplink-linked, the larger the auction asset determined based on the number will be for quickly uplink-linking the blocks in the node cache). It should be understood that when a first representative node possesses a backbone certificate in a backbone chain, the first representative node may possess an auction authority in the backbone chain, the first representative node may compete with other representative nodes for a block-out authority in the backbone chain based on the auction asset (e.g., if the auction asset of the first representative node is a maximum auction asset, the first representative node may obtain the block-out authority), and after obtaining the block-out authority by the first representative node, a block with a maximum generation timestamp (i.e., a most newly generated block in the backbone chain) in the backbone chain may be obtained, and a block hash value of the block is obtained; then, the first representative node may add the block hash value to a second target block to obtain a block to be added; subsequently, the first representative node may sign the block to be added based on a private key, and send the signed block to be added to a consensus node (which may include a second representative node) participating in consensus verification in the main network chain, where the second representative node may obtain a public key of a first target issuing node in the main network chain, which issues an identity certificate for the first representative node, and verify identity information of the first representative node based on the public key, and after the verification is passed, it may be considered that a consensus result of the block to be added in the main network chain is a consensus passing result, and at this time, the block to be added may be added to the main network chain.

It should be understood that the process of verifying the identity information of the first representative node by the second representative node may be understood as a consensus process of the to-be-added block. In this process, each representative node may perform an auction vote at the same time to determine which representative node blocks the next block after the block to be added (i.e., determine who the target representative node having the block-out authority of the next block is).

It should be understood that, if the transaction information in each sub-consensus node cluster is submitted to the main network chain by a representative node, the first representative node in the first sub-consensus node cluster may also receive a block sent by other consensus nodes in the first sub-consensus node cluster, and the first representative node also needs to vote for consensus on the block and submit the block to the main network chain after the consensus is passed (store the block to the node cache, determine an auction asset, and add the block to the main network chain after acquiring a block right based on the auction asset). The specific method comprises the following steps: receiving a third target block sent by the remaining nodes; the third target block is generated by the remaining nodes according to third transaction data associated with the first service; the third target block carries a second digital signature obtained by the remaining nodes signing the third target block based on the private keys corresponding to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node; acquiring public keys corresponding to the remaining nodes, checking the second digital signature based on the public keys corresponding to the remaining nodes, and commonly identifying the third target block together with the remaining nodes after the check is passed; and after the third target block passes the consensus, adding the third target block into a data book of the block chain network.

The specific method for obtaining the public keys corresponding to the remaining nodes may be as follows: first node certificates corresponding to the remaining nodes can be obtained from the data account book; the first node certificates corresponding to the remaining nodes comprise public keys of the first target certificate issuing node to the remaining nodes based on the private key of the first target certificate issuing node and signature information obtained after the identity information of the remaining nodes is signed; acquiring a public key corresponding to the first target certificate issuing node, and verifying the signature information based on the public key corresponding to the first target certificate issuing node; and after the verification is passed, acquiring public keys corresponding to the remaining nodes and identity information of the remaining nodes.

For a specific process of uplink of a block to a data book (home network link) by a representative node, please refer to fig. 6 together, and fig. 6 is a schematic diagram illustrating an example of adding a block to a data book according to the present application.

As shown in fig. 6, taking the sub-common node cluster 6100 corresponding to the invoice service as an example, the block 6002 generated by the sub-common node cluster 6100 (a block generated by a common node in the sub-common node cluster 6100) should include the hash value of the last block generated by the sub-common node cluster 6100 (the last block of the block 6002, e.g., the block 6001); each sub-consensus cluster may organize its own sub-chain of traffic (a traffic chain containing only invoice traffic) according to the hash value of the last chunk included in each chunk. After the cluster of sub-common nodes performs common identification on the block 6002 and the block 6002 passes the common identification, the representative node 6101 in the cluster of sub-common nodes may determine a block auction asset based on the number of blocks to be uplink but not yet uplink in its node cache.

Taking the example that all blocks (except block 6002) in the node cache of the node 6101 are linked to the main network chain (i.e., block chain 600 shown in fig. 6), the last block, block 6001, in the sub-common node cluster 6100 corresponds to C1 in the block chain 600 (i.e., the latest block 6001 generated by the sub-common node cluster 6100 has been successfully linked to the block chain 600 before block 6002 is generated), and at this time, only the block 6002 that was just stored in the node cache is included in the node cache, and a auction asset can be determined according to the number 1. Subsequently, representative node 6101 may compete for out-of-block privileges in the main network chain with other representative nodes in the main network chain based on the auction asset.

Taking the example of the representative node 6101 contending for block right, the representative node 6101 may query the blockchain 600 to obtain the largest block with the largest generation timestamp as D1, the representative node 6101 may obtain the chunk hash value of the largest block D1, generate a block C2 based on the chunk hash value of the largest block D1 and the block 6002, and then add the block C2 to the blockchain 600 (i.e., to the back of block D1). It should be appreciated that after chunk C2 is added to the blockchain 600, the chunk C2 may serve as the largest chunk in the blockchain 600 having the largest timestamp. It should be understood that since the main network link stores all information of the whole service ecology (i.e. besides the invoice service, information of other services, such as export service, legal service, credit investigation service, etc.), unified management and examination can be facilitated.

Further, it should be understood that, since the block chain network is divided into a plurality of block chain sub-consensus networks in the present application, when different sub-consensus networks require cross access, a certificate issuing node cluster may be accessed, and a time-limited cross-validation certificate may be issued by the certificate issuing node cluster. If the sub-consensus node cluster A has a secondary certificate issuing node a, and the cluster B has a secondary certificate issuing node B. The second-level certificate issuing node a and the second-level certificate issuing node b are issued by a root certificate issuing node R.

Since the consensus node between the sub-consensus node cluster A and the sub-consensus node cluster B is only responsible for the business consensus of the node itself, they cannot verify each other, but if the need for cross-business communication arises, the sub-consensus node cluster A and the sub-consensus node cluster B may first submit applications to the CA contract in the certificate issuing node cluster, respectively, an identity certificate a1 with a time limit (e.g., within one hour) may be issued by the secondary certificate issuing node a in the certificate issuing node cluster for the sub-consensus node cluster B, an identity certificate B1 with a time limit (e.g., within one hour) may be issued by the secondary certificate issuing node B in the certificate issuing node cluster for the sub-consensus node cluster A, and the newly issued certificates a1, B1 are generated and block-committed into the master chain.

Further, the nodes in the sub-consensus node cluster a and the sub-consensus node cluster B may retrieve the certificate a1 and the certificate B1 from the main network chain after waiting for the new block corresponding to the certificate a1, B1 to be confirmed by the main network chain. Wherein it should be appreciated that the certificate chain for certificate a1 should be R-b-a1 (i.e., a root certificate issuing node R has issued a secondary certificate issuing node b, which in turn has issued certificate a 1); the certificate chain for certificate b1 is R-a-b1 (i.e., root certificate issuing node R issued secondary certificate issuing node a, which in turn issued certificate b 1).

At this time, the nodes between the sub-consensus node cluster a and the sub-consensus node cluster B may add the certificate a1 and the certificate B1 to their own certificate pools (both the certificate a1 and the certificate B1 have a validity period), and during the validity period, the nodes between the sub-consensus node cluster a and the sub-consensus node cluster B may communicate with each other through identity certificates or perform identity authentication with each other.

To facilitate understanding of a method for cross-issuing a certificate for a cluster of sub-consensus nodes when performing communication across businesses, please refer to fig. 7 together, and fig. 7 is a schematic flowchart illustrating a process for cross-issuing a certificate for a cluster of sub-consensus nodes according to an embodiment of the present disclosure. The following will be described by taking the first representative node corresponding to fig. 5 as an example to execute the present flow, and as shown in fig. 7, the flow may include the following steps S201 to S203:

step S201, receiving a cross-service consensus request aiming at a first target block sent by a second representative node; the first target block is generated by the second representative node according to the first transaction data; the first transaction data is associated with a first service and a second service; the cross-business consensus request carries a third node certificate issued by the first target certificate issuing node for the second sub-consensus node cluster; and the third node certificate is used for granting the second sub-consensus node cluster with the consensus authority aiming at the first service.

Specifically, the first target block may refer to a block generated by the second representative node based on the first transaction data, which is related to both the first service and the second service. At this time, if the first target block is to be commonly identified, a first sub-common node cluster corresponding to the first service and a second sub-common node cluster corresponding to the second service are required to commonly identify the first target block. However, because the first sub-consensus node cluster does not have the consensus authority for the second service, and the second sub-consensus node cluster does not have the consensus authority for the first service, if the first sub-consensus node cluster and the second sub-consensus node cluster are to participate in the consensus check of the first target block, the first sub-consensus node cluster needs to have the certificate issued by the second target certificate issuing node corresponding to the second service, and the second sub-consensus node cluster needs to have the certificate issued by the first target certificate issuing node corresponding to the first service.

Taking the example that the second representative node has successfully acquired the certificate issued by the first target certificate issuing node (i.e., the third node certificate), the second representative node may send the first target block to the first representative node when acquiring the third node certificate.

Step S202, a fourth node certificate corresponding to the first sub-consensus node cluster is obtained based on the cross-service consensus request; the fourth node certificate is issued by the second target certificate issuing node; and the fourth node certificate is used for granting the first sub-consensus node cluster with consensus right for the second service.

Specifically, at this time, if the first representative node desires to perform cross-service interaction with the second sub-consensus node cluster, the first representative node needs to acquire a certificate (i.e., a fourth node certificate) issued by the second target certificate issuing node.

Firstly, a first representative node can preferentially traverse a main network chain and inquire whether an identity certificate issued by a first sub-consensus node cluster by a second target certificate issuing node exists in the main network chain, if so, the validity period of the identity certificate can be detected, and if not, the identity certificate can be directly obtained; if the identity certificate issued by the second target certificate issuing node for the first sub-consensus node cluster does not exist in the main network chain or the validity period of the identity certificate issued for the second target certificate issuing node is expired, the first representative node may send a request to the second target certificate issuing node to request the second target certificate issuing node to issue the identity certificate for the first sub-consensus node cluster.

The specific method comprises the following steps: data ledgers in the blockchain network (i.e., the main network chain) may be traversed based on cross-business consensus requests; if a certificate issued by the second target certificate issuing node for the first sub-consensus node cluster exists in the data ledger, and the certificate certification time of the certificate issued by the second target certificate issuing node for the first sub-consensus node cluster is valid time, determining the certificate issued by the second target certificate issuing node for the first sub-consensus node cluster, which is stored in the data ledger, as a fourth node certificate corresponding to the first sub-consensus node cluster; and if the certificate certification time is the expiration time or a certificate issued by the second target certificate issuing node for the first sub-common consensus node cluster does not exist in the data book, generating a certificate issuing request, and acquiring a fourth node certificate corresponding to the first sub-common consensus node cluster according to the certificate issuing request and the certificate issuing node cluster.

The specific method for acquiring the fourth node certificate corresponding to the first sub-consensus node cluster according to the certificate issuance request and the certificate issuance node cluster may be: traversing the certificate issuing node cluster, and acquiring a second target certificate issuing node in the certificate issuing node cluster; subsequently, a certificate issuance request may be sent to the second target certificate issuance node, so that the second target certificate issuance node issues a fourth node certificate for the first sub-consensus node cluster based on the certificate issuance request, and adds the fourth node certificate to the data ledger; and then, receiving certificate issuing success information returned by the second target certificate issuing node, and acquiring a fourth node certificate corresponding to the first sub-consensus node cluster in the data book based on the certificate issuing success information.

Step S203, based on the fourth node certificate corresponding to the first sub consensus node cluster and the third node certificate corresponding to the second sub consensus node cluster, performing cross-business consensus on the first target block in the first sub consensus node cluster and the second sub consensus node cluster.

Specifically, after each consensus node in the first sub-consensus node cluster acquires the identity certificate issued by the second target certificate issuing node, and each consensus node in the second sub-consensus node cluster acquires the identity certificate issued by the first target certificate issuing node, cross-service interaction can be performed based on the identity certificates.

Further, please refer to fig. 8, where fig. 8 is a schematic structural diagram of a data processing apparatus based on a block chain according to an embodiment of the present application. The above-mentioned blockchain based data processing apparatus may be a computer program (including program code) running in a computer device, for example, the blockchain based data processing apparatus is an application software; the apparatus may be used to perform the corresponding steps in the methods provided by the embodiments of the present application. The block chain based data processing apparatus 1 may include: a cluster traversing module 11, a node obtaining module 12 and a request sending module 13.

The cluster traversing module 11 is configured to traverse the certificate issuing node cluster based on the service creation request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to the first service;

the node obtaining module 12 is configured to obtain a first target certificate issuing node in the certificate issuing node cluster according to a service type corresponding to the first service; the execution service type corresponding to the first target certificate issuing node is matched with the service type corresponding to the first service;

a request sending module 13, configured to send a service creation request to a first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate to a first sub-consensus node cluster based on the service creation request, and performs uplink on the first node certificate corresponding to the first sub-consensus node cluster; a first node certificate corresponding to the first sub-consensus node cluster is used for granting a consensus right of the first sub-consensus node cluster for the first service;

the request sending module 13 is further configured to, when a first node certificate corresponding to the first sub-common identification node cluster is successfully uplink-bound, obtain a main chain certificate issuing node in the certificate issuing node cluster, send a service creation request to the main chain certificate issuing node, so that the main chain certificate issuing node issues a main chain certificate to the first representative node based on the service creation request, and uplink-bound the main chain certificate corresponding to the first representative node through the main common identification node cluster; the uplink main chain certificate is used for representing that the first representative node belongs to the main consensus node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting a consensus right of the second sub-consensus node cluster for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

For specific implementation manners of the cluster traversing module 11, the node obtaining module 12, and the request sending module 13, reference may be made to descriptions in steps S101 to S104 in the embodiment corresponding to fig. 5, which will not be described herein again.

In one embodiment, the node acquisition module 12 may include: a set acquisition unit 121 and a node determination unit 122.

A set obtaining unit 121, configured to obtain an execution service type corresponding to each certificate issuing node in the certificate issuing node cluster, to obtain an execution service type set;

a node determining unit 122, configured to obtain a service type corresponding to the first service, and determine, as a target execution service type, an execution service type that is matched with the service type corresponding to the first service in the execution service type set;

the node determining unit 122 is further configured to determine a certificate issuing node corresponding to the target execution service type as a first target certificate issuing node.

For specific implementation manners of the set obtaining unit 121 and the node determining unit 122, reference may be made to the description in step S102 in the embodiment corresponding to fig. 5, and details will not be described here.

In one embodiment, the block chain based data processing apparatus 1 may further include: a request receiving module 14, a certificate obtaining module 15 and a consensus module 16.

A request receiving module 14, configured to receive a cross-service consensus request for a first target block sent by a second representative node; the first target block is generated by the second representative node according to the first transaction data; the first transaction data is associated with a first service and a second service; the cross-business consensus request carries a third node certificate issued by the first target certificate issuing node for the second sub-consensus node cluster; the third node certificate is used for granting the second sub-consensus node cluster with consensus authority aiming at the first service;

the certificate acquisition module 15 is configured to acquire a fourth node certificate corresponding to the first sub-consensus node cluster based on the cross-service consensus request; the fourth node certificate is issued by the second target certificate issuing node; the fourth node certificate is used for granting the first sub-consensus node cluster with consensus right for the second service;

and the consensus module 16 is configured to perform cross-service consensus on the first target block in the first sub-consensus node cluster and the second sub-consensus node cluster based on a fourth node certificate corresponding to the first sub-consensus node cluster and a third node certificate corresponding to the second sub-consensus node cluster.

For specific implementation manners of the request receiving module 14, the certificate obtaining module 15, and the consensus module 16, reference may be made to descriptions in step S201 to step S203 in the embodiment corresponding to fig. 6, which will not be described herein again.

In one embodiment, the certificate acquisition module 15 may include: the ledger traversal unit 151 and the certificate acquisition unit 152.

An account book traversing unit 151, configured to traverse a data account book in a blockchain network based on a cross-business consensus request;

a certificate obtaining unit 152, configured to determine, if a certificate issued by the second target certificate issuing node for the first sub-consensus node cluster exists in the data ledger, and a certificate certification time of the certificate issued by the second target certificate issuing node for the first sub-consensus node cluster is valid time, a certificate stored in the data ledger and issued by the second target certificate issuing node for the first sub-consensus node cluster is determined to be a fourth node certificate corresponding to the first sub-consensus node cluster;

the certificate obtaining unit 152 is further configured to generate a certificate issuance request if the certificate certification time is expiration time or there is no certificate issued by the second target certificate issuance node for the first sub-consensus node cluster in the data book, and obtain a fourth node certificate corresponding to the first sub-consensus node cluster according to the certificate issuance request and the certificate issuance node cluster.

For specific implementation manners of the ledger traversal unit 151 and the certificate acquisition unit 152, reference may be made to the description in step S202 in the embodiment corresponding to fig. 6, and details are not repeated here.

In an embodiment, the certificate obtaining unit 152 is further specifically configured to traverse the certificate issuing node cluster, and obtain a second target certificate issuing node in the certificate issuing node cluster;

the certificate obtaining unit 152 is further specifically configured to send a certificate issuance request to the second target certificate issuance node, so that the second target certificate issuance node issues a fourth node certificate to the first sub-consensus node cluster based on the certificate issuance request, and adds the fourth node certificate to the data book;

the certificate obtaining unit 152 is further specifically configured to receive certificate issuance success information returned by the second target certificate issuance node, and obtain, based on the certificate issuance success information, a fourth node certificate corresponding to the first sub-consensus node cluster in the data ledger.

In one embodiment, the block chain based data processing apparatus 1 may further include: a block generation module 17, a block consensus module 18 and a block uplink module 19.

The block generating module 17 is configured to receive second transaction data associated with the first service and sent by the service node, and generate a second target block according to the second transaction data;

a block consensus module 18, configured to send the second target block to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

the block consensus module 18 is further configured to receive voting information returned by the remaining nodes based on the second target block;

the block consensus module 18 is further configured to determine a consensus result for the second target block based on the voting information;

the block uplink module 19 is configured to uplink the second target block when the common identification result is the common identification passing result.

The specific implementation manner of the block generation module 17, the block consensus module 18, and the block uplink module 19 may refer to the description in step S104 in the embodiment corresponding to fig. 5, which will not be described herein again.

referring to fig. 8, the block consensus module 18 may include: an information acquisition unit 181, an arithmetic unit 182, and a result determination unit 183.

An information obtaining unit 181, configured to determine voting information indicating a passage of a vote among the at least two pieces of voting information as passage voting information, and count the number of passage voting information;

an information obtaining unit 181, further configured to obtain a number of representative nodes of the first representative node, and a number of at least two remaining nodes;

an arithmetic unit 182, configured to add the number of the representative nodes and the number of the at least two remaining nodes to obtain the total number of nodes;

an operation unit 182, further configured to add the number of representative nodes and the number of passing voting information to obtain a passing number;

a result determining unit 183, configured to determine a consensus result for the second target block according to the total number of nodes and the pass number.

For specific implementation of the information obtaining unit 181, the operation unit 182, and the result determining unit 183, reference may be made to the description in step S104 in the embodiment corresponding to fig. 5, which will not be described herein again.

In one embodiment, the result determining unit 183 is further specifically configured to determine a ratio value between the pass number and the total number of nodes;

the result determining unit 183 is further specifically configured to determine the consensus result for the second target block as a consensus pass result if the ratio value is greater than or equal to the ratio threshold;

the result determining unit 183 is further specifically configured to determine the consensus result for the second target block as a consensus failure result if the ratio value is smaller than the ratio threshold.

In one embodiment, the block uplink module 19 may include: a tile adding unit 191, an auction information generating unit 192, an information transmitting unit 193, and a tile adding unit 194.

A block adding unit 191, configured to add the second target block to the node cache of the first representative node when the consensus result is a consensus pass result;

an auction information generating unit 192, configured to obtain the blocks to be uplink stored in the node cache and the number of the blocks to be uplink; the block to be uplink comprises a second target block;

the auction information generating unit 192 is further configured to determine a block uplink asset for the second target block according to the number of blocks, obtain a node identifier of the first representative node, and generate block auction information for the second target block according to the node identifier and the block uplink asset;

an information sending unit 193 for sending the tile auction information to the second representative node so that the second representative node returns auction voting information based on the tile auction information;

a block adding unit 194, configured to determine, according to the auction voting information, an uplink permission of the first representative node for the second target block;

the block adding unit 194 is further configured to add the second target block to the data book in the blockchain network when the first representative node has the uplink right.

For specific implementation of the block adding unit 191, the auction information generating unit 192, the information sending unit 193, and the block adding unit 194, reference may be made to the description in step S104 in the embodiment corresponding to fig. 5, which will not be repeated herein.

In an embodiment, the block adding unit 194 is further specifically configured to obtain a largest block having a largest generation timestamp in the data book, and obtain a block hash value corresponding to the largest block;

the block adding unit 194 is further specifically configured to add the block hash value to the second target block, so as to obtain a block to be added;

the block adding unit 194 is further specifically configured to obtain a private key corresponding to the first representative node, and sign the block to be added based on the private key corresponding to the first representative node to obtain a first digital signature;

the block adding unit 194 is further specifically configured to send the block to be added and the first digital signature to the second representative node, so that the second representative node obtains a public key corresponding to the master chain certificate issuing node based on the block to be added and the first digital signature, performs identity verification on the master chain certificate corresponding to the first representative node based on the public key corresponding to the master chain certificate issuing node, obtains a public key corresponding to the first representative node after the verification is passed, and performs signature verification on the first digital signature based on the public key corresponding to the first representative node to obtain a signature verification result;

the block adding unit 194 is further specifically configured to add the block to be added to the data ledger when the signature checking result is the signature checking passing result.

In one embodiment, the block chain based data processing apparatus 1 may further include: a block receiving module 20, a signature verification module 21 and a block writing module 22.

A block receiving module 20, configured to receive a third target block sent by the remaining nodes; the third target block is generated by the remaining nodes according to third transaction data associated with the first service; the third target block carries a second digital signature obtained by the remaining nodes signing the third target block based on the private keys corresponding to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

the signature verification module 21 is configured to obtain public keys corresponding to the remaining nodes;

the signature checking module 21 is further configured to check the signature of the second digital signature based on the public keys corresponding to the remaining nodes, and perform consensus on the third target block together with the remaining nodes after the signature checking is passed;

the block writing module 22 is configured to add the third target block to the data book of the blockchain network after the third target block passes the consensus.

The specific implementation manner of the block receiving module 20, the signature checking module 21, and the block writing module 22 may refer to the description in step S104 in the embodiment corresponding to fig. 5, and will not be described herein again.

In one embodiment, the signature verification module 21 may include: a certificate acquisition unit 211 and a public key acquisition unit 212.

A certificate obtaining unit 211, configured to obtain a first node certificate corresponding to the remaining node in the data ledger; the first node certificates corresponding to the remaining nodes comprise public keys of the first target certificate issuing node to the remaining nodes based on the private key of the first target certificate issuing node and signature information obtained after the identity information of the remaining nodes is signed;

a public key obtaining unit 212, configured to obtain a public key corresponding to the first target certificate issuing node, and verify the signature information based on the public key corresponding to the first target certificate issuing node;

the public key obtaining unit 212 is further configured to obtain a public key corresponding to the remaining node and identity information of the remaining node after the verification is passed.

For specific implementation of the certificate obtaining unit 211 and the public key obtaining unit 212, reference may be made to the description in step S104 in the embodiment corresponding to fig. 5, which will not be described herein again.

Further, please refer to fig. 9, where fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 9, the data processing apparatus 1 based on the block chain in the embodiment corresponding to fig. 8 may be applied to the computer device 1000, where the computer device 1000 may include: the processor 1001, the network interface 1004, and the memory 1005, and the computer apparatus 1000 further includes: a user interface 1003, and at least one communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display) and a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a standard wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may optionally be at least one memory device located remotely from the processor 1001. As shown in fig. 9, a memory 1005, which is a kind of computer-readable storage medium, may include therein an operating system, a network communication module, a user interface module, and a device control application program.

In the computer device 1000 shown in fig. 9, the network interface 1004 may provide a network communication function; the user interface 1003 is an interface for providing a user with input; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:

traversing the certificate issuing node cluster based on the service creation request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to the first service;

It should be understood that the computer device 1000 described in this embodiment of the present application may perform the description of the data processing method based on the blockchain in the embodiment corresponding to fig. 5, and may also perform the description of the data processing apparatus 1 based on the blockchain in the embodiment corresponding to fig. 8, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail.

Further, here, it is to be noted that: an embodiment of the present application further provides a computer-readable storage medium, where a computer program executed by the aforementioned data processing computer device 1000 is stored in the computer-readable storage medium, and the computer program includes program instructions, and when the processor executes the program instructions, the description of the data processing method in the embodiment corresponding to fig. 5 can be executed, so that details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in embodiments of the computer-readable storage medium referred to in the present application, reference is made to the description of embodiments of the method of the present application.

The computer-readable storage medium may be the data processing apparatus based on the block chain provided in any of the foregoing embodiments or an internal storage unit of the computer device, such as a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) card, a flash card (flash card), and the like, provided on the computer device. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the computer device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the computer device. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.

The terms "first," "second," and the like in the description and in the claims and drawings of the embodiments of the present application are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprises" and any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, apparatus, product, or apparatus that comprises a list of steps or elements is not limited to the listed steps or modules, but may alternatively include other steps or modules not listed or inherent to such process, method, apparatus, product, or apparatus.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The method and the related apparatus provided by the embodiments of the present application are described with reference to the flowchart and/or the structural diagram of the method provided by the embodiments of the present application, and each flow and/or block of the flowchart and/or the structural diagram of the method, and the combination of the flow and/or block in the flowchart and/or the block diagram can be specifically implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block or blocks of the block diagram. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block or blocks of the block diagram. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block or blocks.

The above disclosure is only for the purpose of illustrating the preferred embodiments of the present application and is not to be construed as limiting the scope of the present application, so that the present application is not limited thereto, and all equivalent variations and modifications can be made to the present application.

Claims

1. A data processing method based on a block chain is characterized by comprising the following steps:

traversing the certificate issuing node cluster by the first representative node based on the service creation request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to a first service;

acquiring a first target certificate issuing node in the certificate issuing node cluster according to the service type corresponding to the first service; the execution service type corresponding to the first target certificate issuing node is matched with the service type corresponding to the first service;

sending the service creation request to the first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate to the first sub-consensus node cluster based on the service creation request, and uplink is performed on the first node certificate corresponding to the first sub-consensus node cluster; a first node certificate corresponding to the first sub-consensus node cluster is used for granting the first sub-consensus node cluster a consensus right for the first service;

when a first node certificate corresponding to the first sub-consensus node cluster is successfully uplinked, acquiring a main chain certificate issuing node in the certificate issuing node cluster, sending the service creation request to the main chain certificate issuing node so that the main chain certificate issuing node issues a main chain certificate to the first representative node based on the service creation request, and uplinking the main chain certificate corresponding to the first representative node through the main consensus node cluster; the chain-linked main chain certificate is used for representing that the first representative node belongs to the main common node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting the second sub-consensus node cluster a consensus right for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

2. The method of claim 1, wherein the obtaining a first target certificate issuing node in the certificate issuing node cluster according to the service type corresponding to the first service comprises:

acquiring an execution service type corresponding to each certificate issuing node in the certificate issuing node cluster to obtain an execution service type set;

acquiring a service type corresponding to the first service, and determining an execution service type matched with the service type corresponding to the first service in the execution service type set as a target execution service type;

and determining the certificate issuing node corresponding to the target execution service type as the first target certificate issuing node.

3. The method of claim 1, further comprising:

receiving a cross-service consensus request for a first target block sent by the second representative node; the first target block is generated by the second representative node according to first transaction data; the first transaction data is associated with the first transaction and the second transaction; the cross-business consensus request carries a third node certificate issued by the first target certificate issuing node for the second sub-consensus node cluster; the third node certificate is used for granting the second sub-consensus node cluster with consensus authority for the first service;

acquiring a fourth node certificate corresponding to the first sub-consensus node cluster based on the cross-service consensus request; the fourth node certificate issued by the second target certificate issuing node; the fourth node certificate is used for granting the first sub-consensus node cluster with consensus right for the second service;

and performing cross-service consensus on the first target block in the first sub-consensus node cluster and the second sub-consensus node cluster based on the fourth node certificate corresponding to the first sub-consensus node cluster and the third node certificate corresponding to the second sub-consensus node cluster.

4. The method according to claim 3, wherein the obtaining a fourth node certificate corresponding to the first sub-consensus node cluster based on the cross-business consensus request comprises:

traversing a data ledger in the blockchain network based on the cross-business consensus request;

if a certificate issued by the second target certificate issuing node for the first sub-consensus node cluster exists in the data ledger, and the certificate certification time of the certificate issued by the second target certificate issuing node for the first sub-consensus node cluster is valid time, determining the certificate stored in the data ledger and issued by the second target certificate issuing node for the first sub-consensus node cluster as a fourth node certificate corresponding to the first sub-consensus node cluster;

if the certificate certification time is expiration time, or a certificate issued by the second target certificate issuing node for the first sub-common knowledge node cluster does not exist in the data book, generating a certificate issuing request, and acquiring a fourth node certificate corresponding to the first sub-common knowledge node cluster according to the certificate issuing request and the certificate issuing node cluster.

5. The method according to claim 4, wherein the obtaining, according to the certificate issuance request, a fourth node certificate corresponding to the first sub-consensus node cluster from the certificate issuance node cluster comprises:

traversing the certificate issuing node cluster, and acquiring the second target certificate issuing node in the certificate issuing node cluster;

sending the certificate issuance request to the second target certificate issuance node, so that the second target certificate issuance node issues the fourth node certificate for the first sub-consensus node cluster based on the certificate issuance request, and adds the fourth node certificate to the data book;

and receiving certificate issuing success information returned by the second target certificate issuing node, and acquiring the fourth node certificate corresponding to the first sub-consensus node cluster in the data book based on the certificate issuing success information.

6. The method of claim 1, further comprising:

receiving second transaction data which is sent by a service node and is associated with the first service, and generating a second target block according to the second transaction data;

sending the second target block to the remaining nodes; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

receiving voting information returned by the remaining nodes based on the second target block, and determining consensus results for the second target block based on the voting information;

and when the consensus result is a consensus passing result, performing uplink on the second target block.

7. The method of claim 6, wherein the number of remaining nodes is at least two; the number of the voting information is at least two;

the determining consensus results for the second target tile based on the voting information comprises:

determining voting information used for indicating the passing of the votes in at least two pieces of voting information as passing voting information, and counting the number of the passing voting information;

acquiring the number of representative nodes of the first representative node and the number of the at least two remaining nodes;

adding the number of the representative nodes and the number of the at least two remaining nodes to obtain the total number of the nodes;

adding the number of the representative nodes and the number of the passing voting information to obtain a passing number;

determining a consensus result for the second target block according to the total number of nodes and the passing number.

8. The method of claim 7, wherein the determining the consensus result for the second target block according to the total number of nodes and the pass number comprises:

determining a proportional value between the pass number and the total number of nodes;

if the proportion value is larger than or equal to a proportion threshold value, determining a consensus result aiming at the second target block as a consensus passing result;

and if the proportion value is smaller than the proportion threshold value, determining the consensus result aiming at the second target block as a consensus failure result.

9. The method of claim 6, wherein the uplink transmission of the second target block when the consensus result is a consensus pass result comprises:

when the consensus result is a consensus passing result, adding the second target block to a node cache of the first representative node;

acquiring a block to be uplink stored in the node cache and the number of the blocks to be uplink; the block to be uplink comprises the second target block;

determining a block uplink asset aiming at the second target block according to the number of the blocks, acquiring a node identifier of the first representative node, and generating block auction information aiming at the second target block according to the node identifier and the block uplink asset;

sending the block auction information to the second representative node so that the second representative node returns auction voting information based on the block auction information;

and determining uplink permission of the first representative node for the second target block according to the auction voting information, and adding the second target block to a data book in the block chain network when the first representative node has the uplink permission.

10. The method of claim 9, wherein the adding the second target block to a data book in the blockchain network comprises:

acquiring a maximum block with a maximum generation timestamp in the data account book, and acquiring a block hash value corresponding to the maximum block;

adding the block hash value to the second target block to obtain a block to be added;

acquiring a private key corresponding to the first representative node, and signing the block to be added based on the private key corresponding to the first representative node to obtain a first digital signature;

sending the block to be added and the first digital signature to the second representative node, so that the second representative node obtains a public key corresponding to the main chain certificate issuing node based on the block to be added and the first digital signature, performing identity verification on the main chain certificate corresponding to the first representative node based on the public key corresponding to the main chain certificate issuing node, obtaining a public key corresponding to the first representative node after verification is passed, and performing signature verification on the first digital signature based on the public key corresponding to the first representative node to obtain a signature verification result;

and when the signature checking result is a signature checking passing result, adding the block to be added into the data account book.

11. The method of claim 1, further comprising:

receiving a third target block sent by the remaining nodes; the third target block is generated by the remaining node according to third transaction data associated with the first service; the third target block carries a second digital signature obtained by the residual node signing the third target block based on a private key corresponding to the residual node; the rest nodes are nodes in the first sub-common node cluster except the first representative node;

acquiring a public key corresponding to the residual node, checking the second digital signature based on the public key corresponding to the residual node, and commonly identifying the third target block together with the residual node after the check is passed;

and after the third target block passes the consensus, adding the third target block to a data book of the blockchain network.

12. The method of claim 11, wherein obtaining the public keys corresponding to the remaining nodes comprises:

acquiring a first node certificate corresponding to the remaining node in the data account book; the first node certificate corresponding to the remaining node comprises a public key of the first target certificate issuing node for signing the remaining node based on a private key of the first target certificate issuing node and signature information obtained after the identity information of the remaining node is signed;

acquiring a public key corresponding to the first target certificate issuing node, and verifying the signature information based on the public key corresponding to the first target certificate issuing node;

and after the verification is passed, acquiring the public key corresponding to the residual node and the identity information of the residual node.

13. A blockchain-based data processing apparatus, comprising:

the cluster traversing module is used for traversing the certificate issuing node cluster based on the service creating request; the first representative node belongs to a first sub-consensus node cluster; the service creation request carries a service type corresponding to a first service;

a request sending module, configured to send the service creation request to the first target certificate issuing node, so that the first target certificate issuing node issues a first node certificate to the first sub-consensus node cluster based on the service creation request, and performs uplink on the first node certificate corresponding to the first sub-consensus node cluster; a first node certificate corresponding to the first sub-consensus node cluster is used for granting the first sub-consensus node cluster a consensus right for the first service;

the request sending module is further configured to, when a first node certificate corresponding to the first sub-consensus node cluster is successfully uplink-bound, obtain a master chain certificate issuing node in the certificate issuing node cluster, send the service creation request to the master chain certificate issuing node, so that the master chain certificate issuing node issues a master chain certificate for the first representative node based on the service creation request, and uplink the master chain certificate corresponding to the first representative node through the master consensus node cluster; the chain-linked main chain certificate is used for representing that the first representative node belongs to the main common node cluster; the first representative node in the main common-identification node cluster and the second representative node in the second sub common-identification node cluster are used for carrying out common-identification interaction; the second sub-consensus node cluster is provided with a second node certificate issued by a second target certificate issuing node in the certificate issuing node cluster, and the second node certificate is used for granting the second sub-consensus node cluster a consensus right for a second service; the execution service type corresponding to the second target certificate issuing node is matched with the service type corresponding to the second service; the first service is different from the second service; the first sub-common identification node cluster, the second sub-common identification node cluster and the main common identification node cluster are in the same block chain network.

14. A computer device, comprising: a processor, a memory, and a network interface;

the processor is coupled to the memory and the network interface, wherein the network interface is configured to provide network communication functionality, the memory is configured to store program code, and the processor is configured to invoke the program code to cause the computer device to perform the method of any of claims 1-12.

15. A computer-readable storage medium, in which a computer program is stored which is adapted to be loaded by a processor and to carry out the method of any one of claims 1 to 12.