CN113420084A - Block chain system - Google Patents
Block chain system Download PDFInfo
- Publication number
- CN113420084A CN113420084A CN202110629705.XA CN202110629705A CN113420084A CN 113420084 A CN113420084 A CN 113420084A CN 202110629705 A CN202110629705 A CN 202110629705A CN 113420084 A CN113420084 A CN 113420084A
- Authority
- CN
- China
- Prior art keywords
- server
- blockchain system
- access service
- uplink
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Abstract
The invention discloses a block chain system, comprising: the system comprises a blockchain system and at least one safety access service device arranged between the blockchain system and an external server, wherein the safety access service device comprises: a firewall. In the invention, the safety access service device is closely connected with the block chain system. The external service needing to access the blockchain system must be accessed through the external server, so that the data security and the like of the blockchain system are effectively guaranteed.
Description
Technical Field
The invention relates to the technical field of internet security, in particular to a block chain system.
Background
Conventional network security often requires a firewall, associated modules, and records from the information system, which are often not available in firewall or gatekeeper blockchain systems, and are typically protected by an internal consensus protocol. But the code of the block chain is a fully open source, any hacker can analyze the code, any contract can also analyze the code, and if the nodes are too many to be blacked out, great hidden danger exists.
Therefore, there is a need in the art for a solution to the above problems.
Disclosure of Invention
The invention provides a block chain system, which aims to solve the problem of potential safety hazard of the current block chain system.
The invention provides a block chain system.
The blockchain system comprises: the system comprises a blockchain system and at least one safety access service device arranged between the blockchain system and an external server, wherein the safety access service device comprises: a firewall.
Specifically, the secure access service apparatus further includes: a network gate.
Specifically, in the security access service device, the number of gatekeepers corresponds to the number of firewalls one to one.
Specifically, the blockchain system itself comprises at least one of a presupposition contract server, an intelligent contract server, a main chain server, a ledger server and a cascading ledger server; the safety access service devices are arranged among the connections of the presupposition contract server, the intelligent contract server, the main chain server, the ledger server, the cascading ledger server and the external server.
Specifically, the access number of the security access service device is determined according to the throughput of the blockchain system.
Specifically, each of the secure access service apparatuses is configured to perform:
acquiring data access behaviors and/or uplink behaviors of an external server to a blockchain system;
and judging whether to allow the data access behavior and/or the uplink behavior to be accessed to the block chain system according to the data access behavior and/or the uplink behavior.
Specifically, each of the secure access service apparatuses is further configured to perform:
if the data access behavior and/or the uplink behavior belong to preset illegal behaviors;
the data access behaviour and/or uplink behaviour is intercepted and recorded.
Specifically, each of the security access service devices shares the illegal data access behavior and/or uplink behavior.
Specifically, the external server includes a WEB server and a WS server.
Compared with the prior art, the scheme of the invention has the following advantages:
the invention discloses a block chain system, comprising: the system comprises a blockchain system and at least one safety access service device arranged between the blockchain system and an external server, wherein the safety access service device comprises: a firewall. In the invention, the safety access service device is closely connected with the block chain system. The external service needing to access the blockchain system must be accessed through the external server, so that the data security and the like of the blockchain system are effectively guaranteed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an embodiment of a blockchain system according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
In some of the flows described in the present specification and claims and in the above figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, with the order of the operations being indicated as 101, 102, etc. merely to distinguish between the various operations, and the order of the operations by themselves does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
Referring to fig. 1, the present invention provides a blockchain system.
The blockchain system comprises: the system comprises a blockchain system and at least one safety access service device arranged between the blockchain system and an external server connection. The secure access service device includes: a firewall. The secure access service device is tightly connected to the blockchain system itself.
The invention realizes the physical firewall protection of the block chain operating system, and physically isolates the block chain operating system from an external server through the firewall of the block chain operating system, thereby ensuring the safety and stability of the block chain operating system.
The external server includes a WEB server and a WS server.
In the preferred embodiment of the present application, the deployment of the firewall achieves the protection state of the single-open and single-close effect at the gatekeeper level. The trusted node service/web server is disconnected in the middle, and a direct intersection is not made. The method comprises the following specific steps:
1. the CA user writes the uplink request into an uplink request variable a of the WEB terminal;
2. the firewall reads the uplink request variable a, identifies whether the attack is caused, if not, writes the attack into the execution request variable b of the node server, and executes uplink;
3. the node server writes the uplink result back to a return variable c of the node server end;
4. the firewall backfills (carries) the value of the return variable c to a return variable d of the WEB end, and the d returns the uplink result to the uplink user.
The Web server generally refers to a website server, refers to a program residing on a certain type of computer on the Internet, can process requests of Web clients such as a browser and the like and return corresponding responses, and can also place website files for browsing all over the world; data files can be placed for download all over the world.
WS server, i.e. websocket server. The WebSocket protocol is a new network protocol based on TCP. It enables full-duplex (full-duplex) browser to server communication-allowing the server to actively send information to the client.
In a specific embodiment of the present invention, the secure access service apparatus further includes: a network gate.
The safety access service device utilizes a network gate to realize information ferry, namely conditional access between different completely isolated network segments can be realized, and the external server and the block chain system are conditionally interacted.
Specifically, in the security access service device, the number of gatekeepers corresponds to the number of firewalls one to one.
For example, in a security service device, if the number of firewalls is 5, the number of gatekeepers is also 5.
Specifically, the blockchain system itself comprises at least one of a presupposition contract server, an intelligent contract server, a main chain server, a ledger server and a cascading ledger server; the safety access service devices are arranged among the connections of the presupposition contract server, the intelligent contract server, the main chain server, the ledger server, the cascading ledger server and the external server.
In order to ensure physical isolation and conditional access between the blockchain system and an external server, when each data server in the blockchain system is in communication connection with the external server, the secure access service device needs to be accessed between each server and the external server.
Preferably, the secure access service device is located between an external server and the blockchain system (including data servers such as a main chain server, a reservation contract server, a ledger server, an intelligent contract server, and a cascading ledger server), each data server is independently provided with 50 sets of secure access service devices, and one blockchain system is generally divided into a reservation contract server, an intelligent contract server, a main chain server, a ledger server, and a cascading ledger server, so that one blockchain system at least has the secure access service device.
Of course, the number of sets of the set security access service devices may be adjusted according to specific situations, for example, 40 sets of security access service devices may be independently set for each data server.
Specifically, the access number of the security access service device is determined according to the throughput of the blockchain system.
In the embodiment of the present invention, the access number of the secure access service device is determined according to a preset ratio according to the throughput of the blockchain system. The channel is ensured to be unblocked while providing the safety protection service.
For example, the safety access service device is calculated according to the throughput of the block chain system according to the proportion of 1:100, and the channel is guaranteed to be unblocked while the safety protection service is provided.
Specifically, each of the secure access service apparatuses is configured to perform:
acquiring data access behaviors and/or uplink behaviors of an external server to a blockchain system;
and judging whether to allow the data access behavior and/or the uplink behavior to be accessed to the block chain system according to the data access behavior and/or the uplink behavior.
In the embodiment of the invention, when the data access behavior and/or the uplink behavior are obtained, the data access behavior and/or the uplink behavior are analyzed and identified. For example, the digital signature data is analyzed and identified, and the timestamp is compared with the random number to identify whether the signature data is repeatedly linked. And when the data access behaviors and/or the uplink behaviors are illegal behaviors, namely, when an effort attack and a hacking attack behaviors exist, intercepting and forbidding the data access behaviors and/or the uplink behaviors.
In the embodiment of the invention, in the face of abnormal data access behaviors or uplink behaviors, such as computational attack, a plurality of machines are controlled simultaneously, most of uplink data are the same, the same user and the same IP initiate a large amount of same account book data, and uplink is carried out for a plurality of times, so that a large amount of invalid uplink data of the same user can be realized through the safety access service device; and the account book is tampered, and the modified account book is sent out with nodes such as a plurality of safe access service devices.
The computing attack has general behavior characteristics, such as uplink data repetition, a large number of requests of the same IP address and the like. Hacking refers to anonymous identity, irregular packets, etc.
Specifically, each of the secure access service apparatuses is further configured to perform:
if the data access behavior and/or the uplink behavior belong to preset illegal behaviors;
the data access behaviour and/or uplink behaviour is intercepted and recorded.
Specifically, each of the security access service devices shares the illegal data access behavior and/or uplink behavior.
In the embodiment of the invention, if the above illegal behaviors are found, for example, malicious access behaviors (such as hackers, viruses or pseudo signatures) are cut off, and a defense strategy of the full-link deployment characteristic of the security access service device in the blockchain system is used, that is, as long as a variable of one node finds the attack behavior, the blockchain system is informed to actively block the full-link network, and the recorded current attack behavior is automatically intercepted when the same type of attack behavior is encountered next time.
In the embodiment of the invention, the safety access service devices of all the server nodes are integrated into a set of protection system. The secure access service device is in close contact with the blockchain system itself. The external service needing to access the blockchain system must be accessed through an external server, for example, a web server, a secure access service device is arranged between the external server and the blockchain system, and the external server can access data and interact data with the blockchain system server only through a defense strategy of the secure access service device.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
It will be understood by those skilled in the art that all or part of the steps in the method for implementing the above embodiments may be implemented by hardware that is instructed to implement by a program, and the program may be stored in a readable storage medium, and the above mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
While the embodiments of the technical solutions provided by the present invention have been described in detail, for a person skilled in the art, there may be variations in the specific implementation manners and application ranges according to the ideas of the embodiments of the present invention, and in summary, the content of the present description should not be construed as limiting the present invention.
Claims (9)
1. A blockchain system, comprising: the system comprises a blockchain system and at least one safety access service device arranged between the blockchain system and an external server, wherein the safety access service device comprises: a firewall.
2. The blockchain system of claim 1, wherein the secure access service further comprises: a network gate.
3. The blockchain system of claim 2, wherein the number of gatekeepers corresponds to the number of firewalls in the security access service device.
4. The blockchain system of claim 1, wherein the blockchain system itself includes at least one of a predictive contract server, an intelligent contract server, a main chain server, a ledger server, a cascading ledger server; the safety access service devices are arranged among the connections of the presupposition contract server, the intelligent contract server, the main chain server, the ledger server, the cascading ledger server and the external server.
5. The blockchain system of claim 1, wherein the number of accesses of the security access service is determined according to a throughput of the blockchain system.
6. The blockchain system of claim 1, wherein each of the security access service devices is configured to perform:
acquiring data access behaviors and/or uplink behaviors of an external server to a blockchain system;
and judging whether to allow the data access behavior and/or the uplink behavior to be accessed to the block chain system according to the data access behavior and/or the uplink behavior.
7. The blockchain system of claim 6, wherein each of the security access service devices is further configured to perform:
if the data access behavior and/or the uplink behavior belong to preset illegal behaviors;
the data access behaviour and/or uplink behaviour is intercepted and recorded.
8. The system according to claim 7, wherein each of said plurality of security access service devices shares said illegal data access activity and/or uplink activity.
9. The blockchain system of claim 7, wherein the external servers include a WEB server and a WS server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110629705.XA CN113420084B (en) | 2021-06-07 | 2021-06-07 | Block chain system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110629705.XA CN113420084B (en) | 2021-06-07 | 2021-06-07 | Block chain system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113420084A true CN113420084A (en) | 2021-09-21 |
| CN113420084B CN113420084B (en) | 2023-09-26 |
Family
ID=77713995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110629705.XA Active CN113420084B (en) | 2021-06-07 | 2021-06-07 | Block chain system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420084B (en) |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530932A (en) * | 2012-07-02 | 2014-01-22 | 航天信息股份有限公司 | System and method for real-time invoice authenticity verifying |
| CN104184735A (en) * | 2014-08-26 | 2014-12-03 | 国家电网公司 | Electric marketing mobile application safe protection system |
| CN108055138A (en) * | 2018-02-01 | 2018-05-18 | 国家计算机网络与信息安全管理中心 | Distributed recorder method and system is applied based on block chain |
| CN109274652A (en) * | 2018-08-30 | 2019-01-25 | 腾讯科技(深圳)有限公司 | Identity information verifies system, method and device and computer storage medium |
| CN109413069A (en) * | 2018-10-29 | 2019-03-01 | 北京百悟科技有限公司 | The application method and device of virtual site firewall based on block chain |
| CN110351297A (en) * | 2019-07-23 | 2019-10-18 | 深圳前海微众银行股份有限公司 | A kind of verification method and device applied to block chain |
| US20190327080A1 (en) * | 2018-04-24 | 2019-10-24 | International Business Machines Corporation | Document transfer processing for blockchains |
| CN110380919A (en) * | 2019-08-30 | 2019-10-25 | 北京东软望海科技有限公司 | Processing method, device, electronic equipment and the readable storage medium storing program for executing of block chain request |
| CN110661812A (en) * | 2019-10-10 | 2020-01-07 | 国网山东省电力公司信息通信公司 | Block chain-based cascade authentication system |
| CN111046416A (en) * | 2019-11-18 | 2020-04-21 | 姚其新 | Big health data management platform based on block chain |
| CN111324881A (en) * | 2020-02-20 | 2020-06-23 | 铭数科技(青岛)有限公司 | Data security sharing system and method fusing Kerberos authentication server and block chain |
| CN111428267A (en) * | 2020-03-24 | 2020-07-17 | 大唐七台河发电有限责任公司 | Distributed enterprise information management system and method based on information sharing mechanism |
| CN111711637A (en) * | 2020-06-28 | 2020-09-25 | 盐城工学院 | Network communication technology's promotion safety guarantee system |
| CN112039855A (en) * | 2020-08-14 | 2020-12-04 | 海南大学 | Scientific and technological resource data safe storage and sharing method based on alliance chain |
| CN112468508A (en) * | 2020-12-07 | 2021-03-09 | 中国科学院上海高等研究院 | Multi-active security isolation method, system and terminal |
| CN112699418A (en) * | 2021-01-29 | 2021-04-23 | 杭州宇链科技有限公司 | Floating population management method and system based on block chain |
| CN112735549A (en) * | 2021-01-12 | 2021-04-30 | 陕西太古科技有限公司 | Data processing method and data processing system based on medical insurance data |
| CN112751920A (en) * | 2020-12-28 | 2021-05-04 | 杭州趣链科技有限公司 | Block chain-based network interaction behavior evidence obtaining method and device and terminal |
-
2021
- 2021-06-07 CN CN202110629705.XA patent/CN113420084B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530932A (en) * | 2012-07-02 | 2014-01-22 | 航天信息股份有限公司 | System and method for real-time invoice authenticity verifying |
| CN104184735A (en) * | 2014-08-26 | 2014-12-03 | 国家电网公司 | Electric marketing mobile application safe protection system |
| CN108055138A (en) * | 2018-02-01 | 2018-05-18 | 国家计算机网络与信息安全管理中心 | Distributed recorder method and system is applied based on block chain |
| US20190327080A1 (en) * | 2018-04-24 | 2019-10-24 | International Business Machines Corporation | Document transfer processing for blockchains |
| CN109274652A (en) * | 2018-08-30 | 2019-01-25 | 腾讯科技(深圳)有限公司 | Identity information verifies system, method and device and computer storage medium |
| CN109413069A (en) * | 2018-10-29 | 2019-03-01 | 北京百悟科技有限公司 | The application method and device of virtual site firewall based on block chain |
| CN110351297A (en) * | 2019-07-23 | 2019-10-18 | 深圳前海微众银行股份有限公司 | A kind of verification method and device applied to block chain |
| CN110380919A (en) * | 2019-08-30 | 2019-10-25 | 北京东软望海科技有限公司 | Processing method, device, electronic equipment and the readable storage medium storing program for executing of block chain request |
| CN110661812A (en) * | 2019-10-10 | 2020-01-07 | 国网山东省电力公司信息通信公司 | Block chain-based cascade authentication system |
| CN111046416A (en) * | 2019-11-18 | 2020-04-21 | 姚其新 | Big health data management platform based on block chain |
| CN111324881A (en) * | 2020-02-20 | 2020-06-23 | 铭数科技(青岛)有限公司 | Data security sharing system and method fusing Kerberos authentication server and block chain |
| CN111428267A (en) * | 2020-03-24 | 2020-07-17 | 大唐七台河发电有限责任公司 | Distributed enterprise information management system and method based on information sharing mechanism |
| CN111711637A (en) * | 2020-06-28 | 2020-09-25 | 盐城工学院 | Network communication technology's promotion safety guarantee system |
| CN112039855A (en) * | 2020-08-14 | 2020-12-04 | 海南大学 | Scientific and technological resource data safe storage and sharing method based on alliance chain |
| CN112468508A (en) * | 2020-12-07 | 2021-03-09 | 中国科学院上海高等研究院 | Multi-active security isolation method, system and terminal |
| CN112751920A (en) * | 2020-12-28 | 2021-05-04 | 杭州趣链科技有限公司 | Block chain-based network interaction behavior evidence obtaining method and device and terminal |
| CN112735549A (en) * | 2021-01-12 | 2021-04-30 | 陕西太古科技有限公司 | Data processing method and data processing system based on medical insurance data |
| CN112699418A (en) * | 2021-01-29 | 2021-04-23 | 杭州宇链科技有限公司 | Floating population management method and system based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 张利华 等: "基于双区块链的医疗记录安全存储与共享方案", 《计算机工程与科学》, vol. 41, no. 09, pages 1581 - 1587 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113420084B (en) | 2023-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9985994B2 (en) | Enforcing compliance with a policy on a client | |
| US9773109B2 (en) | Alternate files returned for suspicious processes in a compromised computer network | |
| Reynolds et al. | The design and implementation of an intrusion tolerant system | |
| US9325725B2 (en) | Automated deployment of protection agents to devices connected to a distributed computer network | |
| US7793094B2 (en) | HTTP cookie protection by a network security device | |
| US8161538B2 (en) | Stateful application firewall | |
| US20020184362A1 (en) | System and method for extending server security through monitored load management | |
| WO2007032967A1 (en) | Distributed network security service | |
| US20220217164A1 (en) | Inline malware detection | |
| US20210019412A1 (en) | Generating models for performing inline malware detection | |
| Pouget et al. | A pointillist approach for comparing honeypots | |
| US7774847B2 (en) | Tracking computer infections | |
| JP2024023875A (en) | Inline malware detection | |
| KR102125966B1 (en) | System for collecting traffic and feature of TOR network using private network and virtual machine | |
| CN113420084A (en) | Block chain system | |
| CN114567472A (en) | Data processing method and device, electronic equipment and storage medium | |
| Yan et al. | Anti‐virus in‐the‐cloud service: are we ready for the security evolution? | |
| US20230231857A1 (en) | Deep learning pipeline to detect malicious command and control traffic | |
| Kayikci | Multiple discriminant data analysis for distributed denial of service attacks | |
| Douglas | Circumvention of censorship of internet access and publication | |
| Uda | Protocol and method for preventing attacks from the web | |
| Janczewski | Handling distributed denial-of-service attacks | |
| Thakare et al. | Computer attacks and intrusion detection system: A need review | |
| Stankovic et al. | A Holistic Approach to Securing Web Applications | |
| CN116707873A (en) | Attack event analysis method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |