CN113438212A - Block chain node-based communication security management method and block chain security system - Google Patents
Block chain node-based communication security management method and block chain security system Download PDFInfo
- Publication number
- CN113438212A CN113438212A CN202110639683.5A CN202110639683A CN113438212A CN 113438212 A CN113438212 A CN 113438212A CN 202110639683 A CN202110639683 A CN 202110639683A CN 113438212 A CN113438212 A CN 113438212A
- Authority
- CN
- China
- Prior art keywords
- block chain
- security
- verification
- account
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2365—Ensuring data consistency and integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present disclosure provides a communication security management method and a blockchain security system based on blockchain nodes, which obtains a current security identifier from a user terminal, updating the current block chain security vector to a target block chain security vector configured by a first preset encryption algorithm configured for the current security identifier based on the initial security identifier, generating a first verification vector for indicating that cloud block chain nodes not including the current security identifier verify the validity of the target block chain security vector according to the target block chain security vector, the first preset encryption algorithm and the initial security identifier, therefore, the digital fingerprint configured for the current security identifier is used as a first preset encryption algorithm, so that the cloud block chain node can identify the target block chain security vector corresponding to the authentication master block chain node, and the communication success rate between the master block chain node and the cloud block chain node can be improved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a communication security management method based on blockchain nodes and a blockchain security system.
Background
With the development of network technology, it is common for a network cluster to process various services for users. In the related art, a master blockchain node is generally used as a deployment station for a user terminal and a cloud blockchain node for processing a service, in order to ensure the security of the entire network cluster, a security verification identifier (e.g., a blockchain security vector) of the master blockchain node needs to be updated and replaced at set intervals, and a specific update frequency may be determined according to the security requirement of the network cluster for processing the service. After the security verification identification of the master blockchain node is updated, a plurality of cloud blockchain nodes in communication connection with the master blockchain node also need to be updated synchronously so as to be capable of identifying the security verification identification of the master blockchain node, otherwise, the indication of the master blockchain node cannot be received for service processing. With the increase of the number of network clusters, service time difference and the like may exist between each cloud block chain node and the main block chain node, so that when the main block chain node updates the safety verification identifier, it cannot be guaranteed that each cloud block chain node can synchronously complete effective identification of the updated safety verification identifier of the main block chain node, and then communication efficiency of the whole network cluster can be reduced, and network safety of the whole network cluster cannot be completely guaranteed.
Disclosure of Invention
The present disclosure provides a communication security management method based on a blockchain node and a blockchain security system, which can improve the security of cloud blockchain nodes in a network cluster.
In a first aspect, an embodiment of the present disclosure provides a communication security management method based on a blockchain node, where the method is executed by a master blockchain node, and includes:
receiving a request verification instruction sent by a user terminal, and acquiring a current safety identification from the user terminal according to the request verification instruction;
updating the current block chain security vector to a target block chain security vector configured by a first preset encryption algorithm; the first preset encryption algorithm refers to a digital fingerprint with an initial security identifier configured for the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, and the generation time of the initial security identifier is earlier than that of the current security identifier;
generating a first verification vector corresponding to the main block chain link point according to the target block chain security vector, the first preset encryption algorithm and an initial security identifier; the first verification vector is used for indicating that the cloud block chain node which does not contain the current security identifier verifies the validity of the target block chain security vector.
In a second aspect, an embodiment of the present disclosure provides a communication security management method based on a blockchain node, where the method is performed by a cloud blockchain node, and includes:
receiving message data sent by a main blockchain node, and acquiring a target blockchain safety vector carried by the message data;
acquiring a public key of the first preset encryption algorithm, and verifying the identity in the target block chain security vector according to the public key of the first preset encryption algorithm;
when the identity in the target block chain security vector is correct, acquiring a public key of the initial digital fingerprint, and verifying the identity in the first preset encryption algorithm according to the public key of the initial digital fingerprint;
when the identity in the first preset encryption algorithm is correct, verifying the identity in the initial digital fingerprint according to the public key of the initial digital fingerprint;
if the public key of the initial digital fingerprint is the same as that of the initial security identifier, determining the initial digital fingerprint as the initial security identifier;
if the initial digital fingerprint in the first verification vector is an initial security identifier, determining that the first verification vector passes verification;
determining that the target block chain safety vector meets a validity condition according to a first verification vector passing verification; the first preset encryption algorithm in the verified first verification vector is a digital fingerprint configured by the initial security identifier as the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, the current security identifier and the initial security identifier are both generated by a user terminal, and the generation time of the initial security identifier is earlier than that of the current security identifier.
Compared with the prior art, the beneficial effects that this disclosure provided include: the method comprises the steps of obtaining a current security identifier from a user terminal, updating a current blockchain security vector into a target blockchain security vector configured by a first preset encryption algorithm configured for the current security identifier based on an initial security identifier, generating a first verification vector for indicating that cloud blockchain nodes not including the current security identifier verify the validity of the target blockchain security vector according to the target blockchain security vector, the first preset encryption algorithm and the initial security identifier, and enabling the cloud blockchain nodes to identify and authenticate the target blockchain security vector corresponding to a main blockchain link point compared with the cloud blockchain nodes which cannot stably maintain communication between main service and service processing after updating the security verification identifier of the main blockchain node in the related art by using a digital fingerprint configured for the current security identifier as the first preset encryption algorithm, the communication success rate between the main blockchain node and the cloud blockchain node can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments will be briefly described below. It is appreciated that the following drawings depict only certain embodiments of the disclosure and are therefore not to be considered limiting of its scope. For a person skilled in the art, it is possible to derive other relevant figures from these figures without inventive effort.
Fig. 1 is a schematic structural diagram of a communication security management system based on a blockchain node according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart illustrating steps of a communication security management method based on a blockchain node according to an embodiment of the present disclosure;
fig. 3 is a schematic block diagram of a structure of a communication security management apparatus based on a blockchain node according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a computer device for executing a communication security management method based on a blockchain node according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described below in detail and completely with reference to the accompanying drawings in the embodiments of the present disclosure. It is to be understood that the described embodiments are only a few, and not all, of the disclosed embodiments. The components of the embodiments of the present disclosure, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Specific embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings.
Fig. 1 is an interaction diagram of a communication security management system based on blockchain nodes according to an embodiment of the present disclosure. The communication security management system based on the blockchain node may include a master blockchain node 100, and a user terminal 200 and a cloud blockchain node 400 communicatively connected to the master blockchain node 100. The communication security management system based on the blockchain node shown in fig. 1 is only one possible example, and in other possible embodiments, the communication security management system based on the blockchain node may also include only one of the components shown in fig. 1 or may also include other components.
In this embodiment, the master blockchain node 100, the user terminal 200, and the cloud blockchain node 400 in the communication security management system based on the blockchain node may cooperatively execute the communication security management method based on the blockchain node described in the following method embodiment, and specifically, the execution steps of the master blockchain node 100, the user terminal 200, and the cloud blockchain node 400 may refer to the detailed description of the following method embodiment.
In order to solve the technical problem in the foregoing background art, fig. 2 is a schematic flowchart of a communication security management method based on a blockchain node according to an embodiment of the present disclosure, and the communication security management method based on a blockchain node according to the present embodiment may be executed by the master blockchain node 100 shown in fig. 1, and the communication security management method based on a blockchain node is described in detail below.
Step S101, receiving a request authentication instruction sent by the user terminal 200, and acquiring the current security identifier from the user terminal 200 according to the request authentication instruction.
Specifically, after receiving the security identifier replacement command, the user terminal 200 may generate a current security identifier (which may also be referred to as a new security identifier), and perform cross authentication on the current security identifier and an initial security identifier (which may also be referred to as an old security identifier) of the user terminal 200 to obtain a first preset encryption algorithm and a second preset encryption algorithm, where the current security identifier and the initial security identifier may both be generated by the user terminal 200, and the generation time of the current security identifier is later than the generation time of the initial security identifier; the user terminal 200 may update the initial security identifier to the current security identifier and the second preset encryption algorithm, and update the self-service according to the current security identifier, the first preset encryption algorithm, and the second preset encryption algorithm, and the cross-authentication process between the current security identifier and the initial security identifier, and the self-service update process of the user terminal 200 may refer to the description in the corresponding embodiment, which is not described herein again. After the user terminal 200 completes the updating process of the initial security identifier and its own service, it may submit a request verification instruction to the network cluster in the network cluster through the master block chain node 100 in the intermediate routing layer, where the request verification instruction is used to generate the latest security identifier corresponding to the user terminal 200.
A request verification instruction submitted by a user terminal 200 to a network cluster is firstly sent to a main blockchain node 100 in an intermediate routing layer, the main blockchain node 100 can obtain an initial security identifier carried by the request verification instruction, and the initial security identifier is subjected to validity verification according to a public key corresponding to the user terminal 200 to obtain a root identity verification result corresponding to the initial security identifier; and when the root identity authentication result is an authentication passing result, forwarding the request authentication instruction to the network cluster so that the network cluster encapsulates the request authentication instruction into a broadcast packet and broadcasts the broadcast packet. In other words, the user terminal 200 may submit a request verification instruction to the network cluster using old identity information (i.e., the initial security identifier), after receiving the request verification instruction, the master blockchain node 100 may also verify the initial security identifier carried in the request verification instruction using the locally downloaded initial security identifier, that is, verify the initial security identifier carried in the request verification instruction using the public key in the locally downloaded initial security identifier, and when the verification passes, it indicates that the master blockchain node 100 may authenticate and recognize the identity of the user terminal 200, and may forward the request verification instruction to the network cluster; and if the verification fails, identifying that the master blockchain node 100 cannot authenticate and identify the identity of the user terminal 200, not forwarding the request verification instruction to the network cluster, generating verification failure information, and returning the verification failure information to the user terminal 200 to prompt the user terminal 200 to resubmit the request verification instruction.
The operation recording server in the network cluster may encapsulate the request verification indication into a broadcast packet, perform consensus on the broadcast packet in the network cluster, and perform accounting processing on the broadcast packet after the consensus is achieved on the broadcast packet. The network cluster may return the agreed broadcast packet to the master blockchain node 100, and the master blockchain node 100 forwards the broadcast packet to the witness network, so that the cloud blockchain node 400 in the witness network may perform accounting processing on the broadcast packet locally.
When the master blockchain node 100 reads the request verification instruction, it indicates that the master blockchain node 100 needs to update the security identifier and the current blockchain security vector; at this time, the master blockchain node 100 may send a security encryption instruction to the user terminal 200, after receiving the security encryption instruction sent by the master blockchain node 100, the user terminal 200 may return the current security identifier and the second preset encryption algorithm requested to be downloaded by the master blockchain node 100 to the master blockchain node 100, and the master blockchain node 100 may receive the current security identifier and the second preset encryption algorithm returned by the user terminal 200, and update the initial security identifier installed in the master blockchain node 100 according to the current security identifier and the second preset encryption algorithm. In other words, the master blockchain node 100 may download the current security identifier and the second preset encryption algorithm from the user terminal 200 through the security encryption service provided by the user terminal 200.
Step S102, updating the current block chain safety vector to a target block chain safety vector configured by a first preset encryption algorithm; the first preset encryption algorithm refers to a digital fingerprint which is configured by the initial security identifier as the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, and the generation time of the initial security identifier is earlier than that of the current security identifier.
Specifically, after the user terminal 200 updates the initial security identifier to the current security identifier and the first preset encryption algorithm, it indicates that all digital fingerprints issued by the initial security identifier need to be updated, that is, the master blockchain node 100 also needs to update the current blockchain security vector. The master blockchain node 100 may send a first security vector iteration indication to the user terminal 200, so that the user terminal 200 obtains a current blockchain security vector associated with the first security vector iteration indication, and signs information of the master blockchain node 100 in the current blockchain security vector according to a private key of a first preset encryption algorithm to generate a target blockchain security vector; the master blockchain node 100 may receive the target blockchain security vector returned by the user terminal 200, and update the current blockchain security vector to the target blockchain security vector. After receiving the first security vector iteration indication sent by the master blockchain node 100, the user terminal 200 may obtain a current blockchain security vector of the master blockchain node 100, obtain master blockchain node 100 information from the current blockchain security vector, sign the master blockchain node 100 information using a private key of a first preset encryption algorithm (which may also be understood as a private key of a current security identifier), generate a target blockchain security vector, and return the target blockchain security vector to the master blockchain node 100, where the difference between the target blockchain security vector and the current blockchain security vector is as follows: the identity is different from the configurator, and the rest of information is the same, such as the public key of the master blockchain node 100, the name of the master blockchain node 100, and the like. In other words, master blockchain node 100 may obtain the target blockchain security vector from user terminal 200 through the security update service provided by user terminal 200.
The digital fingerprint issued by the user terminal 200 may include the following:
the field information value indicates the data obtained by calculating the vector content by the Signature Algorithm according to the Public Key Signature (Signature) of the Public Key (Public) of the digital fingerprint holder, and is used for verifying whether the digital fingerprint is falsified or Not
It is to be understood that, for the current blockchain security vector, the object name may be the name of the primary blockchain node 100, the fingerprint generator may be the initial security identifier, the signature algorithm may be signature algorithm 1, the sequence number may be xxxxx1, the validity period may be xx month xx day in 201x year, the expiration period may be xx day in 202x year, the public key may be represented as a corresponding public key of the primary blockchain node 100, and the signature may be a signature obtained by using a private key of the initial security identifier. And the fingerprint generator in the updated target block chain security vector changes the signature of the first preset encryption algorithm into the signature obtained by using the private key of the first preset encryption algorithm, and the rest contents are kept unchanged.
Step S103, generating a first verification vector corresponding to the master block chain node 100 according to the target block chain security vector, a first preset encryption algorithm and the initial security identifier; the first verification vector is used to indicate that cloud blockchain node 400 that does not contain the current security identity verifies the validity of the target blockchain security vector.
Specifically, after the digital fingerprint of the master blockchain node 100 itself is updated, the corresponding verification vector is changed accordingly. The master blockchain node 100 may determine, among the security information elements included in the target blockchain security vector, that a configurator of the target blockchain security vector is a first preset encryption algorithm, set a first security vector element for the target blockchain security vector, and set a second security vector element for the first preset encryption algorithm; the master blockchain node 100 may determine, in the security information elements included in the first preset encryption algorithm, that a configuring party of the first preset encryption algorithm is an initial security identifier, set a third security vector element for the initial security identifier, and generate a first verification vector corresponding to the master blockchain node 100 according to the first security vector element, the second security vector element, and the third security vector element; since the first verification vector includes the initial security identifier and the first preset encryption algorithm, all the cloud blockchain nodes 400 including the current security identifier and the cloud blockchain nodes 400 not including the current security identifier may verify the validity of the target blockchain security vector, that is, all the cloud blockchain nodes 400 in the current security identifier system and the initial security identifier system may recognize and authenticate the master blockchain node 100. In other words, the master blockchain node 100 may query the previous layer of digital fingerprint according to the configuring party included in the target blockchain security vector, and then search the digital fingerprint upwards according to the configuring party included in the previous layer of digital fingerprint until the initial security identifier is found, where the time from the target blockchain security vector to the initial security identifier may be referred to as a first verification vector corresponding to the master blockchain node 100.
It is understood that the user terminal 200 may make a security signature of the node by replacing the security identifier with the third party reference fingerprint to ensure the security of the security identifier. The initial security identifier is a digital fingerprint configured by the user terminal 200, the third-party reference fingerprint 1, the third-party reference fingerprint 2 and the third-party reference fingerprint 3 are digital fingerprints configured by the initial security identifier, the digital fingerprint 1 and the digital fingerprint 2 are digital fingerprints configured by the third-party reference fingerprint 1, the digital fingerprint 3 and the digital fingerprint 4 are digital fingerprints configured by the third-party reference fingerprint 2, and the digital fingerprint 5 and the digital fingerprint 6 are digital fingerprints configured by the third-party reference fingerprint 3. Initial security identifier → third party reference fingerprint 1 → digital fingerprint 1 may be a verification vector, initial security identifier → third party reference fingerprint 1 → digital fingerprint 2 may be a verification vector, initial security identifier → third party reference fingerprint 2 → digital fingerprint 3 may be a verification vector, initial security identifier → third party reference fingerprint 2 → digital fingerprint 4 may be a verification vector, initial security identifier → third party reference fingerprint 3 → digital fingerprint 5 may be a verification vector, initial security identifier → third party reference fingerprint 3 → digital fingerprint 6 may be a verification vector. If the current security identifier is signed by using the private key of the initial security identifier, a first preset encryption algorithm is generated, the third-party reference fingerprint 1 is updated to the third-party reference fingerprint 11 configured by the first preset encryption algorithm, and the digital fingerprint 1 is updated to the digital fingerprint 11 configured by the third-party reference fingerprint 11, then the initial security identifier → the third-party reference fingerprint 1 → the digital fingerprint 1 may be updated as follows: initial security identifier → first preset encryption algorithm → third party reference fingerprint 11 → digital fingerprint 11.
In the embodiment of the present disclosure, after receiving the request verification instruction, the master blockchain node 100 may download a new security identifier (that is, a current security identifier) from the user terminal 200, update the identity information of the local master blockchain node 100, and update the local master blockchain node 100 to a target blockchain security vector configured by a first preset encryption algorithm, because the first preset encryption algorithm is a digital fingerprint in which an initial security identifier is configured for the current security identifier, when the master blockchain node 100 communicates with the cloud blockchain node 400, whether the cloud blockchain node 400 that downloads the current security identifier or the cloud blockchain node 400 that does not download the current security identifier may recognize the target blockchain security vector corresponding to the authentication blockchain node 100, and may improve a success rate of communication between the master blockchain node 100 and the cloud blockchain node 400.
The disclosed embodiments provide an example in which both master blockchain node 100 and cloud blockchain node 400 may be node servers in a network cluster, or other node devices in a network cluster. This example may include the steps of:
step S201, a request validation instruction is submitted.
For a specific implementation manner of step S201, reference may be made to the description of step S101 in the above corresponding embodiment, and details are not described here again.
Step S202, a first security vector iteration indication is sent.
Specifically, after the master blockchain node 100 reads the request verification instruction, it indicates that the master blockchain node 100 needs to update the locally downloaded initial security identifier and the current blockchain security vector of the master blockchain node, and the master blockchain node 100 may send a first security vector iteration instruction to the user terminal 200 to request to acquire a new security identifier (i.e., the current security identifier) and an updated target blockchain security vector.
And step S203, returning the current security identifier and the target block chain security vector.
Specifically, after receiving the first security vector iteration indication, the user terminal 200 may obtain the current security identifier and the second preset encryption algorithm. The user terminal 200 may obtain a current blockchain security vector associated with the first security vector iteration indication, and sign the information of the master blockchain node 100 in the current blockchain security vector according to a private key of a first preset encryption algorithm, so as to generate a target blockchain security vector. User terminal 200 may return the current security identification, the second preset encryption algorithm, and the target blockchain security vector to master blockchain node 100. The first preset encryption algorithm may refer to that the initial security identifier is a digital fingerprint configured for the current security identifier, the first preset encryption algorithm and the current security identifier may have the same encryption rule, the second preset encryption algorithm may refer to that the current security identifier is a digital fingerprint configured for the initial security identifier, the second preset encryption algorithm and the initial security identifier may have the same encryption rule, the generation time of the initial security identifier is earlier than the generation time of the current security identifier, that is, the current security identifier may be referred to as a new security identifier, the initial security identifier is referred to as an old security identifier, and the generation process of the target block chain security vector may refer to the step of step S102 in the corresponding embodiment, which is not described herein again.
Step S204, updating the initial security identifier and the current block chain security vector.
Specifically, the master blockchain node 100 may receive a current security identifier, a second preset encryption algorithm, and a target blockchain security vector returned by the user terminal 200, update an initial security identifier in a first security identifier set to the current security identifier and the second preset encryption algorithm, and update the current blockchain security vector to a target blockchain security vector configured by the first preset encryption algorithm, where the first security identifier set is a security identifier set downloaded locally by the master blockchain node 100, and the first security identifier set may include latest security identifiers corresponding to one or more user terminals 200 downloaded by the master blockchain node 100. After the master blockchain node 100 updates the current blockchain security vector to the target blockchain security vector, the verification vector corresponding to the master blockchain node 100 also changes, that is, a first verification vector corresponding to the master blockchain node 100 may be generated according to the target blockchain security vector, the first preset encryption algorithm, and the initial security identifier, and a specific structural description of the first verification vector may refer to the description of step S103 in the corresponding embodiment, which is not described herein again.
Step S205, message data is transmitted.
Specifically, after the master blockchain node 100 updates the current blockchain security vector to the target blockchain security vector, the target blockchain security vector is used to send message data to the cloud blockchain node 400, for example, the master blockchain node 100 forwards a service processing result message returned by the network cluster to the cloud blockchain node 400.
Step S206, verifying the target block chain safety vector.
Specifically, the cloud block chain node 400 may receive message data sent by the master block chain node 100, and obtain a target block chain security vector carried by the message data; the cloud blockchain node 400 may determine, from a configurator in the target master blockchain node 100, that a previous security vector of the target blockchain security vector is configured by the first preset encryption algorithm, and determine, according to a configurator included in the first preset encryption algorithm, that the previous security vector of the first preset encryption algorithm is an initial security vector (may also be referred to as a security identifier), that is, the cloud blockchain node 400 may obtain a first verification vector including the target blockchain security vector, the first preset encryption algorithm, and the initial digital fingerprint, and verify the first verification vector, so as to obtain a verification result of the first verification vector.
Further, the specific verification process of the first verification vector may include: the cloud blockchain node 400 may obtain a public key of a first preset encryption algorithm, and verify the identity in the target blockchain security vector according to the public key of the first preset encryption algorithm, that is, the cloud blockchain node 400 may analyze the target blockchain security vector to obtain a vector element (for example, information such as the name of the master blockchain node 100, the certificate serial number, the validity period, the expiration period, and the public key corresponding to the master blockchain node 100 included in table 1) and an identity in the target blockchain security vector, and the cloud blockchain node 400 may calculate digital digest information of the vector element by using the same hash algorithm (the same as the hash algorithm used by the configuration party to generate the identity); the cloud blockchain node 400 may also determine from the target blockchain security vector that the configurator is: the first preset encryption algorithm is used for acquiring a public key of the first preset encryption algorithm to decrypt the identity in the target block chain security vector to obtain decrypted digital digest information, and if the digital digest information calculated by the cloud block chain node 400 through the hash algorithm is different from the decrypted digital digest information, the identity in the target block chain security vector can be indicated to be incorrect, and then the verification result of the first verification vector can be determined to be that verification fails.
If the digital digest information calculated by the cloud blockchain node 400 using the hash algorithm is the same as the decrypted digital digest information, it may indicate that the identity in the target blockchain security vector is correct, the target blockchain security vector is a legal security vector authenticated by the first preset encryption algorithm, the cloud blockchain node 400 needs to further determine whether the identity of the first preset encryption algorithm is legal, and then the cloud blockchain node 400 may also verify the first preset encryption algorithm using the above-mentioned method, that is, may obtain the public key of the initial digital fingerprint, verify the identity in the first preset encryption algorithm according to the public key of the initial digital fingerprint, when the identity in the first preset encryption algorithm is correct, verify the identity in the initial digital fingerprint according to the public key of the initial digital fingerprint, and when the identity is correct, the starting digital fingerprint may be determined to be a security identifier; if the public key of the initial digital fingerprint is the same as that of the initial security identifier, determining that the initial digital fingerprint is the initial security identifier, and determining that the first verification vector passes verification; when the first verification vector passes the verification, the target blockchain security vector included in the first verification vector satisfies the validity condition, that is, the cloud blockchain node 400 can identify and authenticate the identity of the master blockchain node 100. The first preset encryption algorithm in the verified first verification vector is a digital fingerprint with an initial security identifier configured for the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, both the current security identifier and the initial security identifier are generated by the user terminal 200, and the generation time of the initial security identifier is earlier than that of the current security identifier. It can be known that the cloud blockchain node 400 at this time has not updated the locally downloaded initial security identifier, and the updated target blockchain security vector can be identified and authenticated by using the initial security identifier.
Optionally, if the cloud block chain node 400 at this time updates the initial security identifier downloaded locally, that is, the current security identifier is installed locally in the cloud block chain node 400, and since the encryption rule of the first preset encryption algorithm is the same as the encryption rule of the current security identifier, the cloud block chain node 400 may also identify and authenticate the target block chain security vector.
If the first verification vector corresponding to the master blockchain node 100 is the following: initial security identifier → first preset encryption algorithm → target blockchain security vector. The initial security identifier may include information such as a name of the user terminal 200, a public key of the user terminal 200, and an identity identifier 1, where the identity identifier is a self-signature of the user terminal 200; the first preset encryption algorithm may include information such as a current security identifier name, a current security identifier public key, an initial security identifier name, and an identity 2, where the identity 2 is a signature generated by the initial security identifier for the first preset encryption algorithm; the target blockchain security vector may include information such as a name of the master blockchain node 100, a public key of the master blockchain node 100, a name of a first preset encryption algorithm (i.e., a current security identifier name), and an identity 3, where the identity 3 is a signature generated by the first preset encryption algorithm for the target blockchain security vector.
After the cloud blockchain node 400 obtains the first verification vector according to the target blockchain security vector, the public key of a first preset encryption algorithm (namely, the current security identifier public key) can be used for carrying out validity verification on the identity identifier 3 in the target blockchain security vector, after the identity identifier 3 passes the verification, the public key of the initial security identifier (namely, the public key of the user terminal 200) can be used for carrying out validity verification on the identity identifier 2 in the first preset encryption algorithm, after the identity identifier 2 passes the verification, the initial security identifier can be verified, when the cloud blockchain node 400 locally downloads the initial security identifier, the cloud blockchain node 400 indicates that the cloud blockchain node 400 unconditionally trusts the user terminal 200, and the first verification vector can be determined to pass the verification.
It should be noted that, in the verification process of the first verification vector, in addition to verifying the validity of the identity identifier included in each vector, it is also necessary to verify whether the content of the vector included in each vector is valid, for example, whether the configuring party in the verification vector is an authorized third party, whether the vector is within the validity period, whether the vector holder information included in the vector is correct, and the like, where any of the above conditions is not satisfied, and the verification result of the first verification vector may be determined as a verification failure; the first authentication vector can only be determined to be authenticated when there is no problem with the identity and the vector content of all vectors contained in the first authentication vector.
Step S207, the first verification packet is sent.
Specifically, when the security identifier is replaced in the network cluster, the cloud block chain node 400 in the witness network does not need to automatically read the request verification indication, but only needs to normally execute the responded service, and when the cloud block chain node 400 generates the first verification data packet according to the user operation, the first verification data packet can be uploaded to the network cluster through the main block chain node 100. In other words, the first verification packet is first sent to the master blockchain node 100, the master blockchain node 100 performs identification and authentication on the identity of the cloud blockchain node 400, and the first verification packet is forwarded to the network cluster after the identity authentication is passed.
Optionally, taking the electronic invoice service as an example, when an enterprise or an individual needs to invoice, an invoice issuing request may be submitted to a tax office through a request terminal (the request terminal may be a client), at this time, the tax office may be understood as a cloud block chain node 400, the cloud block chain node 400 may receive the invoice issuing request of the request terminal, obtain electronic invoice data to be verified associated with the invoice issuing request, further encapsulate the electronic invoice data to be verified into a first verification data packet, and send the first verification data packet to the master block chain node 100, so that the master block chain node 100 forwards the first verification data packet to the network cluster for broadcasting, and obtain an invoice issuing result corresponding to the first verification data packet. Certainly, after receiving the first verification data packet, the master blockchain node 100 needs to authenticate the identity of the sender of the first verification data packet, and after the authentication is passed, the first transaction data is forwarded to the network cluster, so that the network cluster broadcasts the first verification data packet and obtains an invoicing result corresponding to the first verification data packet, and the network cluster can return the invoicing result to the cloud blockchain node 400 through the master blockchain node 100.
Step S208, verifying the identity information of the cloud block chain node 400.
Specifically, after receiving a first verification data packet sent by the cloud block chain node 400, the main block chain node 100 may obtain identity information of the cloud block chain node 400 carried by the first verification data packet, determine a configuring party of the identity information of the cloud block chain node 400 from the identity information of the cloud block chain node 400, obtain a public key of the configuring party, verify the identity information of the cloud block chain node 400 according to the public key of the configuring party, and obtain an identity verification result corresponding to the identity information of the cloud block chain node 400; and then, the security verification result corresponding to the cloud block chain node 400 may be determined according to the identity verification result, the initial security identifier, and the current security identifier.
The specific process of obtaining the authentication result corresponding to the identity information of the cloud block chain node 400 may include: the master blockchain node 100 may obtain a second verification vector corresponding to the identity information of the cloud blockchain node 400, and obtain a first digital fingerprint and a second digital fingerprint from the second verification vector, where the first digital fingerprint and the second digital fingerprint are two adjacent digital fingerprints in the second verification vector, the second verification vector may include the identity information of the cloud blockchain node 400, the second digital fingerprint is a configuration party of the identity information of the cloud blockchain node 400, and the first digital fingerprint is a configuration party of the second digital fingerprint. It should be noted that the second authentication vector may include at least two digital fingerprints, and the number of digital fingerprints included in the second authentication vector is associated with an actual application scenario, and is not limited herein. In the embodiment of the present disclosure, the second authentication vector includes at least three digital fingerprints as an example.
The master blockchain node 100 may obtain the public key of the second digital fingerprint, and verify the identity in the identity information of the cloud blockchain node 400 according to the public key of the second digital fingerprint, and when the identity in the identity information of the cloud blockchain node 400 is correct, may continue to verify the identity in the second digital fingerprint according to the public key of the first digital fingerprint; when the identity in the second digital fingerprint is correct, the identity in the first digital fingerprint is continuously verified according to the public key corresponding to the configurator of the first digital fingerprint; when the first digital fingerprint is the initial digital fingerprint in the second verification vector and the first digital fingerprint is the initial security identifier, determining that the identity verification result of the identity information of the cloud block chain node 400 is passed according to the initial security identifier; and when the first digital fingerprint is the initial digital fingerprint in the second verification vector and the first digital fingerprint is the current security identifier, determining that the identity verification result of the identity information of the cloud block chain node 400 is verified according to the current security identifier. It should be noted that, at this time, the first security identifier set of the master blockchain node 100 includes the current security identifier and the second preset encryption algorithm, and both the digital fingerprint configured by the current security identifier and the digital fingerprint configured by the initial security identifier can be identified and authenticated. The verification process of the identity information of the cloud blockchain node 400 is similar to the verification process of the target blockchain security vector, and the specific verification process of the second verification vector may refer to the description of the verification process of the first verification vector in step S206, which is not described herein again.
The specific process of obtaining the security verification result of the cloud block chain node 400 may include: if the identity verification result is matched with the initial security identifier, that is, the initial digital fingerprint in the second verification vector is the initial security identifier, generating verification passing information and security identifier update information, and using the verification passing information and the security identifier update information as a security verification result, where the security identifier update information may be used to prompt the cloud blockchain node 400 to update the locally downloaded initial security identifier and the identity information of the cloud blockchain node 400; if the identity verification result is matched with the current security identifier, namely the initial digital fingerprint in the second verification vector is the current security identifier, generating verification passing information, and taking the verification passing information as a security verification result; and if the identity verification result is not matched with the initial security identifier and the current security identifier, namely the initial digital fingerprint in the second verification vector is not the current security identifier or the initial security identifier, generating verification failure information, and taking the verification failure information as a security verification result. Of course, if any certificate in the second verification vector exceeds the preset acting time or the content of the vector is wrong, generating verification failure information, and taking the verification failure information as a safety verification result. In other words, the identity verification result of the cloud block chain node 400 identity information is that the identity verification is passed, which indicates that the cloud block chain node 400 passes the identity authentication; the identity verification result of the cloud block chain node 400 identity information is an illegal result, which indicates that the cloud block chain node 400 fails the identity authentication.
Step S209 returns the security verification result of the cloud block chain node 400.
Specifically, after obtaining the security verification result of the cloud block chain node 400, the main block chain node 100 may return the security verification result corresponding to the cloud block chain node 400.
Step S210, when the security verification result includes the security identifier update information, sending a second security vector iteration indication.
Specifically, the cloud block chain node 400 receives a security verification result returned by the master block chain node 100, and when the security verification result includes security identifier update information, it indicates that the cloud block chain node 400 needs to update the initial security identifier in the second security identifier set, and the cloud block chain node 400 needs to update its own identity information (i.e., the cloud block chain node 400 identity information). Therefore, the cloud blockchain node 400 may send a second security vector iteration indication to the user terminal 200 to request to acquire a new security identifier (i.e., the current security identifier) and updated cloud blockchain node 400 identity information (i.e., the target cloud blockchain node 400 identity information).
Step S211, returns the current security identifier and the identity information of the target cloud block chain node 400.
Specifically, after receiving the second security vector iteration indication, the user terminal 200 may obtain the current security identifier and the second preset encryption algorithm. The user terminal 200 may obtain the cloud segment chain node 400 identity information associated with the second security vector iteration indication, and sign the cloud segment chain node 400 information in the cloud segment chain node 400 identity information according to a private key of a first preset encryption algorithm, to generate target cloud segment chain node 400 identity information. The user terminal 200 may return the current security identifier, the second preset encryption algorithm, and the target cloud blockchain node 400 identity information to the cloud blockchain node 400. The generation process of the identity information of the target cloud blockchain node 400 is the same as the generation process of the target blockchain security vector, and for specific description, reference may be made to the step S102 in the above corresponding embodiment, which is not described herein again.
Step S212, the initial security identifier and the cloud block chain node 400 identity information are updated.
Specifically, the cloud blockchain node 400 may receive a current security identifier, a second preset encryption algorithm, and identity information of the target cloud blockchain node 400, which are returned by the user terminal 200, update an initial security identifier in a second security identifier set to the current security identifier and the second preset encryption algorithm, and update identity information of the current cloud blockchain node 400 to identity information of the target cloud blockchain node 400 configured by the first preset encryption algorithm, where the second security identifier set is a security identifier set locally downloaded by the cloud blockchain node 400, and the second security identifier set may include latest security identifiers corresponding to one or more user terminals 200 downloaded by the cloud blockchain node 400. After the cloud block chain node 400 updates the identity information of the current cloud block chain node 400 to the identity information of the target cloud block chain node 400, the verification vector corresponding to the cloud block chain node 400 also changes, that is, a second verification vector corresponding to the cloud block chain node 400 may be generated according to the identity information of the target cloud block chain node 400, the first preset encryption algorithm and the initial security identifier, where a specific structure of the second verification vector is similar to the first verification vector, and specific description may refer to the description of step S103 in the corresponding embodiment, which is not described herein again.
According to the above steps S201 to S212, all the cloud blockchain nodes 400 and the master blockchain node 100 in the network cluster may implement the update process of the security identifier. It should be noted that, when the preset acting time of the second preset encryption algorithm expires, the second preset encryption algorithm is disabled, and at this time, the initial security identifier is all updated to the current security identifier by the whole network cluster. Taking the master blockchain node 100 as an example, the master blockchain node 100 may obtain the preset action time corresponding to the second preset encryption algorithm in real time; if the current time information does not belong to the preset action time, determining that the second preset encryption algorithm belongs to an invalid state, deleting the second preset encryption algorithm in the first security identifier set, and after the second preset encryption algorithm fails, indicating that the master blockchain node 100 cannot identify the digital fingerprint issued by the authentication initial security identifier; when the main blockchain node 100 receives a second verification data packet sent by the cloud blockchain node 400, verifying the identity information of the cloud blockchain node 400 carried by the second verification data packet to obtain an undetermined verification result aiming at the identity information of the cloud blockchain node 400; if the pending verification result is matched with the initial security identifier, that is, the cloud block chain node 400 identity information is a digital fingerprint configured for the initial security identifier, and the cloud block chain node 400 does not update the cloud block chain node 400 identity information of the cloud block chain node 400, verification failure information is generated, and the verification failure information is returned to the cloud block chain node 400, that is, the cloud block chain node 400 is not approved for the master block chain node 100. For example, when the preset action time of the second preset encryption algorithm expires, the cloud block chain node 400A does not update its own identity information, and the cloud block chain node 400B has updated its own identity information, so that when the cloud block chain node 400A communicates with the master block chain node 100, if the cloud block chain node 400A sends transaction data to the master block chain node 100, the master block chain node 100 cannot authenticate the identity information of the cloud block chain node 400A, that is, cannot confirm the identity of the cloud block chain node 400A, and the communication between the cloud block chain node 400A and the master block chain node 100 cannot be performed normally; when the cloud block chain node 400B communicates with the master block chain node 100, the master block chain node 100 may authenticate the identity information of the cloud block chain node 400B, that is, may confirm the identity of the cloud block chain node 400B, and this communication between the cloud block chain node 400B and the master block chain node 100 may be performed normally.
In the embodiment of the application, an example is further provided, an account set with public trust may be referred to as a standard user account group, and an expansion account set may be referred to as an undetermined user account group, that is, an account set to which a terminal device belongs is referred to as a standard user account group, an account in the standard user account group is referred to as a standard user account, and a terminal device that generates a standard user account is referred to as a master blockchain node 100; the terminal device cluster is a node cluster of a capacity expansion account set, and may include a user terminal 200a, user terminals 200b, …, and a user terminal 200c, where an account set to which the terminal device cluster belongs is referred to as an undetermined user account group, and an account in the undetermined user account group is referred to as a user account.
The cloud blockchain node 400 (also including cloud blockchain node 400a, cloud blockchain nodes 400b, …, cloud blockchain node 400 c) transmits the traffic data (i.e., transaction data) to any user terminal 200 (e.g., user terminal 200a, user terminals 200b, …, or user terminal 200 c) in the end device cluster. Taking the user terminal 200a as an example, after receiving the transaction data, the user terminal 200a generates a user account from the transaction data, and uploads the user account to the pending user account group; at time T1, the user terminal 200a sends a request verification instruction to the master blockchain node 100, where the request verification instruction includes a first account parameter, where the first account parameter is an account parameter of the user account at time T1, and may include operation data of the user account, an operation characteristic at time T1, and an operation characteristic value at time T1, and after the master blockchain node 100 acquires the first account parameter, the master blockchain node 100 may generate a standard user account a8 by using the first account parameter as a part of transaction data (that is, the first account parameter belongs to data in account information in the standard user account a 8), and upload the standard user account a8 to a standard user account group to which the master blockchain node 100 belongs; thereafter, user terminal 200a transmits a double check validation instruction to main block chain node 100 at time T2, the double check validation instruction containing the second account parameter, the second account parameter may include operation data of the user account at time T2, operation characteristics at time T2, and operation characteristic values at time T2, and after the master block chain node 100 obtains the second account parameter, obtaining the standard user account a8 from the standard user account group according to the operation data, and further obtaining the first account parameter in the account information of the standard user account a8, determining an account verification result based on a comparison of the first account parameter and the second account parameter, that is, it is determined whether the user account at the time T1 is identical to the user account at the time T2, and it is then verified whether the user account is tampered with after uploading. As can be seen from the above, the user terminal 200a stores specific transaction data sent by the cloud block chain node 400, the master block chain node 100 stores account parameters (including operation data, operation features corresponding to the operation data, and operation feature values corresponding to the operation data) in the pending user account group, the storage pressure of the master block chain node 100 and the standard user account group is relieved, and the reliability of the transaction data in the pending user account group is also ensured through subsequent verification.
The transaction data stored in the cloud block chain node 400 may be exchanged, that is, the transaction data in the cloud block chain node 400a may be sent to the cloud block chain node 400b or the cloud block chain node 400c, and similarly, the transaction data in the cloud block chain node 400b may be sent to the cloud block chain node 400a or the cloud block chain node 400 c.
The transaction data in the cloud block link node 400a may be sent to the user terminal 200a, or may be sent to the user terminal 200b or the user terminal 200 c; the transaction data in the cloud block link node 400b may be sent to the user terminal 200a, or may be sent to the user terminal 200b or the user terminal 200 c; similarly, the transaction data in the cloud block link node 400c may be sent to the user terminal 200a, or may also be sent to the user terminal 200b or the user terminal 200 c; when the transaction data in the cloud block chain node 400a is sent to the user terminal 200a, the user terminal 200a firstly verifies the transaction data, stores the transaction data into the memory pool after the verification is completed, and updates the hash tree for recording the transaction data; then, updating the updating time stamp to the time when the transaction data are received, calculating the characteristic value of the transaction data by using a Hash algorithm or other cryptographic algorithms, storing the transaction data and the corresponding characteristic value after the characteristics are obtained, generating an operation characteristic and an account main body, and obtaining a newly generated user account; subsequently, the user terminal 200a sends the newly generated user account to other terminals in the pending user account group where the user terminal 200a is located, such as the user terminal 200b and the user terminal 200c, respectively, according to the node identifiers of the other nodes in the pending user account group, the newly generated user account is verified by the other terminals, and after the verification is completed, the newly generated user account is added to the pending user account group stored by the user terminal 200 a. Similarly, when the transaction data in the cloud block chain node 400a is sent to the user terminal 200b or c, or when the transaction data in the cloud block chain node 400c is sent to the user terminal 200b or c, or other scenarios such as other scenarios, the newly generated user account is also added to the pending user account group to which the user terminal 200 belongs in the above-described method.
It is mentioned in the foregoing that the interaction between main block chain node 100 and the terminal device cluster, or the interaction between the standard user account group to which main block chain node 100 belongs and the pending user account group to which the terminal device cluster belongs, may also be implemented in the above manner (the terminal device cluster sends the account parameter of the user account to main block chain node 100 and main block chain node 100 uploads the account parameter of the user account) when there are multiple pending user account groups, if there are 5 pending user account groups, then 1 pending user account group a may upload the operation data, the operation feature corresponding to the operation data, and the operation feature value corresponding to the operation data in its own account group to the other 4 pending user account groups, and the other 4 pending user account groups may verify the received operation data, Whether the operation characteristics corresponding to the operation data and the operation characteristic values corresponding to the operation data are abnormal or not is judged, when all the 4 undetermined user account groups pass the verification, the account stored in the undetermined user account group A is reliable, and by analogy, whether the accounts stored in other undetermined user account groups are reliable or not can be verified.
Further, the user terminal 200 obtains account registration data sent by the cloud block chain node 400 at different time periods, and may generate corresponding user accounts (e.g., a user account B7 and a user account B8 in the pending user account group B) according to the account registration data at different time periods; at a first time T1, the user terminal 200 sends a first account parameter of the user account b8 to the master block chain node 100, where the first account parameter is an account parameter of the user account b8 at the first time T1, and the first account parameter may include operation data b8 of the user account b8, an operation feature at the time T1, and an operation feature value at the time T1; after acquiring a request verification instruction sent by the user terminal 200, the master blockchain node 100 generates a standard user account a8 according to the first account parameter, and adds the standard user account a8 to a standard user account group a; when the second time T2 is reached (T2 > T1), the user terminal 200 sends the second account parameter of the user account b8 to the master block chain node 100, where the second account parameter is an account parameter of the user account b8 at the second time T2, where the second account parameter may include operation data b8 of the user account b8 and an operation characteristic feature value at the time T2, after the master block chain node 100 obtains the double check verification instruction, the master block chain node 100 may obtain the standard user account a8 from the standard user account group a according to the operation data b8 of the user account b8, then obtain the operation characteristic feature value at the time T1 according to the transaction data (i.e. the first account parameter) in the account information of the standard user account a8, and the master block chain node 100 may verify whether the user account b8 is tampered with the time period T638-T638, if the operation characteristic feature value at the time T1 is the same as the operation characteristic feature value at the time T2, it is determined that the user account b8 has not been tampered in the time period T1-T2, and if the operation characteristic feature value at the time T1 is not the same as the operation characteristic feature value at the time T2, it is determined that the user account b8 has been tampered in the time period T1-T2, in this case, the master block chain node 100 needs to return a verification failure prompt to the user terminal 200, and prompts that the user account b8 has been tampered in the time period T1-T2, and needs to perform an abnormality detection operation.
Verifying whether the user account B8 in the user account group B to be determined is tampered after uploading, in addition to sending a double-check verification instruction to the master blockchain node 100, the user terminal 200 may actively obtain the first account parameter in the standard user account group a from the master blockchain node 100 according to the operation data B8, and then the user terminal 200 verifies by itself whether the user account B8 is tampered in the time period T1-T2.
Further, a flow of a data verification method based on an account set provided by the embodiment of the present disclosure may include:
step S301, the main block chain node 100 obtains a request verification instruction sent by the user terminal 200 at a first moment; the request verification indication comprises first account parameters of the user account at the first time; the user account refers to an account that is already logged in a pending user account group to which the user terminal 200 belongs.
Specifically, when the user terminal 200 adds a newly generated user account b8 to an undetermined user account group at a time TI (i.e., a first time), a request verification instruction is sent to the master block chain node 100 at the same time, after receiving the request verification instruction, the master block chain node 100 obtains a first account parameter in the request verification instruction, where the first account parameter includes operation data b8 and an operation feature value corresponding to the user account b8 at the time TI, and optionally, the first account parameter may further include an operation feature corresponding to the user account b8 at the time TI, for convenience of understanding and description, an operation feature corresponding to the user account b8 at the time TI is referred to as a first operation feature, and an operation feature value corresponding to the user account b8 at the time TI is referred to as a first operation feature value; the first operation characteristics include b7H, b8I, b8T, the operation characteristic value of a preceding account (i.e., account b 7) of the user account b8 represented by b7H, the characteristic value corresponding to the transaction data of the user account b8 represented by b8I, such as a mercker tree root formed by the characteristic values of data 1a to data na in the account information of the user account b8, and the generation timestamp of the user account b8 represented by b8T, which is used for updating the maximum generation timestamp on the pending user account group. The first account parameter of the user account b8 newly generated just now is sent to the master blockchain node 100 in the above manner, so that the reliability of the first account parameter obtained by the master blockchain node 100 is ensured, and the possibility that the data uploaded to the standard user account group is tampered data is avoided.
The following method may also be referred to upload data in the pending user account group to the standard user account group, and send the first account parameter to the master block chain node 100 in units of 3 user accounts on the pending user account group, where the first account parameter sent at the TI time includes operation data b7, an operation feature corresponding to the user account b7 at the T1 time, an operation feature value corresponding to the user account b7 at the T1 time, an operation feature corresponding to the user account b8 at the operation data b8 and T1 times, an operation feature value corresponding to the user account b8 at the T1 time, an operation feature corresponding to the user account b9 at the operation data b9 and T1 times, and an operation feature value corresponding to the user account b9 at the T1 time.
Step S302, generating a standard user account according to the first account parameter, and adding the standard user account to the standard user account group to which the master block chain node 100 belongs.
Specifically, in step S301, it is known that the master block chain node 100 obtains a request verification instruction sent by the user terminal 200, the master block chain node 100 generates a standard user account a8 according to the first account parameter carried in the request verification instruction, and the data 2b in the account information of the standard user account a8 stores the first account parameter. The first account parameter uploading process is as described above, and is not described herein again.
Step S303, when acquiring a rechecking verification instruction sent by the user terminal 200 at a second time, acquiring a second account parameter carried by the rechecking verification instruction; the second account parameter refers to an account parameter of the user account at the second time; the second time is greater than the first time.
Specifically, for example, at time T2 (second time), the user terminal 200 transmits the second account parameter of the user account b8 at time T2 to the master block chain node 100, where the second account parameter may include the second operation data (the same as the first operation data) of the user account b8 at time T2 and the second operation feature value corresponding to the second operation data at time T2.
Step S304, performing user side exception verification on the user account according to the standard user account and the second account parameter.
Specifically, the second account parameter includes second operation data and a second operation characteristic feature value corresponding to the second operation data; acquiring the standard user account in the standard user account group according to the second operation data; acquiring a first account parameter in the account information of the standard user account; the first operational data in the first account parameter is the same as the second operational data; if the first operation characteristic feature value is equal to the second operation characteristic feature value, determining that the user account is a normal account; if the first operation characteristic feature value is not equal to the second operation characteristic feature value, determining that the user account is an abnormal account; when the user account is a normal account, returning an authentication pass prompt to the user terminal 200 so that the user terminal 200 continues to execute the processing operation of requesting the authentication instruction; when the user account is an abnormal account, the user terminal 200 returns a verification failure prompt to stop the user terminal 200 from requesting the verification instruction processing operation and executing the abnormal detection operation.
At time T2, the master block chain node 100 obtains a review verification instruction sent by the user terminal 200, where the review verification instruction includes a second account parameter of the user account b8 at time T2, and the second account parameter includes operation data b8 and an operation feature value (i.e., a second operation feature value) corresponding to the operation data b8 at time T2; the main block chain node 100 acquires a standard user account a8 from a standard user account group according to operation data b8, wherein data 2b of account information of the standard user account a8 is a first account parameter, and acquires a first operation characteristic feature value in the first account parameter; master blockchain node 100 may verify that user account b8 was tampered with during the T1-T2 time period based on the first operational characteristic feature value and the second operational characteristic feature value in the second account parameter; if the first operation characteristic feature value is equal to the second operation characteristic feature value, determining that the user account b8 is a normal account, i.e. the user account b8 has not been tampered with transaction data in the time period from T1 to T2; if the first operation characteristic feature value is not equal to the second operation characteristic feature value, determining that the user account b8 is an abnormal account, namely the user account b8 is tampered with transaction data in a time period from T1 to T2; when the user account b8 is a normal account, returning an authentication pass prompt to the user terminal 200 so that the user terminal 200 continues to execute the processing operation of requesting the authentication instruction; when the user account b8 is an abnormal account, the user terminal 200 returns a verification failed prompt so that the user terminal 200 stops the request verification instruction processing operation and executes an abnormal detection operation.
The embodiment of the present disclosure obtains a request verification instruction sent by the user terminal 200 at a first time through the master blockchain node 100; the request verification indication comprises first account parameters of the user account at the first time; the user account refers to a logged-in account in the pending user account group to which the user terminal 200 belongs; generating a standard user account according to the first account parameter, and adding the standard user account into a standard user account group to which the master block chain node 100 belongs; when a rechecking verification instruction sent by the user terminal 200 at a second moment is obtained, obtaining a second account parameter carried by the rechecking verification instruction; the second account parameter refers to an account parameter of the user account at the second time; the second time is greater than the first time; and performing user side exception verification on the user account according to the standard user account and the second account parameter. As can be seen from the above, the user accounts in the pending user account group store transaction data, and then the first account parameter in the user account is sent to the master blockchain node 100 through the user terminal 200 at the first time, and the master blockchain node 100 generates the standard user account and uploads the standard user account after obtaining the first account parameter; at the second moment, the user terminal 200 sends the second account parameter of the user account to the master blockchain node 100, and the master blockchain node 100 can determine whether the transaction data in the user account is tampered by comparing the second account parameter with the first account parameter in the standard user account group, so that by adopting the method and the system, not only can the capacity of the standard user account group be expanded, but also the reliability of the transaction data stored in the expanded pending user account group is ensured.
Optionally, after acquiring the request verification instruction sent by the user terminal 200, the master block chain node 100 may also perform validity confirmation on the first account parameter in the request verification instruction, which is specifically as follows:
the first account parameter comprises the first operation data, a first operation characteristic corresponding to the first operation data and a first operation characteristic value corresponding to the first operation data; acquiring a target standard user account in the standard user account group based on the first operation data; the account information of the target standard user account comprises historical account parameters, the historical account parameters are account parameters corresponding to a previous user account of the user account, the previous user account of the user account can be a historical account, and the historical account parameters comprise operation characteristic feature values corresponding to historical operation features; acquiring a current characteristic value in the first operation characteristic, and acquiring an operation characteristic value corresponding to the historical operation characteristic; if the current characteristic value is the same as the operation characteristic value corresponding to the historical operation characteristic, determining that the first account parameter is legal; if the current characteristic value is different from the operation characteristic value corresponding to the historical operation characteristic, determining that the first account parameter is not legal; if the first account parameter does not have validity, the master block chain node 100 returns account authentication failure information to the user terminal 200, so that the user terminal 200 stops the request authentication instruction processing operation and executes a validity detection operation; if the first account parameter is legal, a standard user account is generated according to the first account parameter, and the standard user account is added to the standard user account group to which the master blockchain node 100 belongs.
At time T1, the master block chain node 100 acquires a request verification instruction sent by the user terminal 200, and before uploading a first account parameter of the user account b8, it needs to be determined that the first account parameter is legal, where the first account parameter includes operation characteristics (first operation characteristics) corresponding to operation data b8, operation data b8 at time T1, and an operation characteristic feature value (first operation characteristic value) corresponding to operation data b8 at time T1; the first operation characteristics comprise b7H, b8I and b8T, the operation characteristic values of a previous account (namely the user account b 7) of the user account b8 represented by b7H, and the characteristic values corresponding to the transaction data of the user account b8 represented by b 8I; the master block chain node 100 firstly acquires a target standard user account according to operation data b8 in the first account parameters, assuming that the standard user account a7 is a target standard user account, and account information of the standard user account a7 includes historical account parameters, where the historical account parameters include first operation data b7 of a user account b7 (the user account b7 is a subsequent account of the user account b 8) at an uploading time (the uploading time here refers to the uploading time of the user account b7, and is before the uploading time T1 of the user account b 8), a first operation feature corresponding to the first operation data b7 at the uploading time, and a first operation feature value corresponding to the first operation data b7 at the uploading time; according to a first operation characteristic feature value corresponding to first operation data b7 in the historical account parameters and b7H in a first operation feature corresponding to operation data b8, the master block chain node 100 may verify whether the first account parameter is legal, if the first operation characteristic feature value corresponding to the first operation data b7 is identical to b7H, the master block chain node 100 determines that the first account parameter is legal, and if the first operation characteristic feature value corresponding to the first operation data b7 is identical to b7H, the master block chain node 100 determines that the first account parameter is not legal; when the first account parameter does not have validity, that is, the transaction data of the user account b7 is verified to be tampered, the master block chain node 100 returns account verification failure information of the first account parameter and the transaction data tampering information of the user account b7 to the user terminal 200, so that the user terminal 200 stops requesting verification indication processing operation and executes validity detection operation, that is, the user account b7 is detected, and the method may include initiating a request for verifying the user account b7 to other terminals in the pending user account group; if the first account parameter is legal, that is, if the transaction data of the user account b7 is verified not to be tampered, a standard user account a8 is generated according to the first account parameter, and the account information data 2b of the standard user account a8 is the first account parameter.
If the manner of sending the request verification instruction to the master block chain node 100 is the above procedure, and the master block chain node 100 still verifies the validity of the first account parameter according to the above procedure after receiving the first account parameter, first determines the minimum operation data in the first account parameter, where the first account parameter includes the first operation feature corresponding to operation data b7, T1 time operation data b7, the first operation feature value corresponding to T1 time operation data b7, the first operation feature corresponding to operation data b8, T1 time operation data b8, the first operation feature value corresponding to T1 time operation data b8, the first operation feature corresponding to operation data b9, T1 time operation data b9, and the first operation feature value corresponding to T1 time operation data b9, then determines the target standard user account in the standard user account group according to operation data b7 (including the previous account 7 of the user account, namely, the user account 2006), obtaining historical account parameters in the account information of the target standard user account, and then obtaining an operation characteristic feature value corresponding to the historical operation feature; then, whether the first account parameter is legal or not is verified according to the current feature value in the first operation feature corresponding to the operation data b7 at the time T1 and the operation feature value corresponding to the historical operation feature, and the subsequent process is similar to the previous process, and is not repeated here.
The first account parameter verification is performed before uploading to ensure that the uploaded first account parameters are legal, which proves that the transaction data in the pending user account group is not tampered at time T1.
Further, the embodiment of the present disclosure provides a data verification method based on an account set, which may include the following steps:
step S401, the user terminal 200 acquires transaction data sent by the cloud block link node 400, generates a user account based on the transaction data, and adds the user account to a pending user account group to which the user terminal 200 belongs.
Specifically, an account with the largest generation timestamp is acquired from the account group of the pending user as a current account, and an operation characteristic value of the current account is used as a current characteristic value; generating the user account based on the current characteristic value and the transaction data; the generation timestamp in the user account is used for updating the maximum generation timestamp on the user account group to be determined; broadcasting the user account to all terminals on the pending user account group; and when determining that all the terminals on the undetermined user account group reach a consensus, adding the user account into the undetermined user account group.
Another scenario of data uploading based on account sets is described below, for example, the user terminal 200 acquires account registration data sent by the cloud block chain node 400, where the account registration data includes account registration data 1, account registration data 2, …, and account registration data n, and assuming that the transaction data amount stored in each user account (also including user account B7, and user account B8) in the pending user account group B is 100, the account registration data 1 to account registration data 100 are stored in the user account a1, and so on, the account registration data 701 to account registration data 800 are stored in the user account B8, and the account registration data 801 to account registration data 900 are stored in the user account B9; taking the generation process of the user account b8 as an example, describing the detailed process of user account generation, the user terminal 200 acquires account registration data 701 sent by the cloud block chain node 400, firstly verifying the account registration data 701, storing the account registration data 701 to a memory pool after the verification is passed, updating a time stamp of a hash tree according to the time stamp of the acquired account registration data 701, and then calculating a characteristic value of the account registration data 701 by using a hash algorithm; the user terminal 200 acquires the account registration data 702 sent by the cloud block chain node 400, obtains the feature value of the account registration data 702 through the above process until the feature value of the account registration data 800 is obtained through calculation, then stores the account registration data 701 to the account registration data 800 into the account information of the user account b8, generates the feature value corresponding to the user account b8 according to the feature value of the account registration data 701, … and the feature value of the account registration data 800, generates the user account b8 to be verified according to the operation feature value of the user account b7, the feature value corresponding to the user account b8 and the account registration data 701 to the account registration data 800, broadcasts the user account b8 to be verified to other user terminals 200 in the pending user account group, verifies the user account b8 to be verified by the other user terminals 200, and adds the user account B8 to be authenticated to the pending user account group B stored by the user terminal 200 after completion of the verification. Similarly, when the master block chain node 100 acquires transaction data to be verified, the newly generated standard user account is added to the standard user account group through the above process.
Step S402, the user terminal 200 sends a request verification instruction to the master blockchain node 100 at a first time, so that the master blockchain node 100 generates a standard user account according to the first account parameter, and adds the standard user account to a standard user account group to which the master blockchain node 100 belongs; the request verification indication includes the first account parameter of the user account at the first time.
The specific implementation method of step S402 can be referred to the description of step S301 in the above corresponding embodiment.
Step S403, the user terminal 200 obtains a second account parameter of the user account at a second time from the pending user account group, and obtains the standard user account from the standard user account group based on the second account parameter; the second time is greater than the first time.
Specifically, in the foregoing embodiment, the description of step S303 is that the user terminal 200 sends the second account parameter of the user account at the second time to the master blockchain node 100, so that the master blockchain node 100 verifies the user account; in this step, the user terminal 200 actively acquires a standard user account in the standard user account group through the master blockchain node 100, so as to verify the user account; at a second time, obtaining a second account parameter of the user account, where the second account parameter includes second operation data (the same as the first operation data) of the user account at the second time and a second operation characteristic value corresponding to the second operation data, and obtaining a standard user account in the standard user account group according to the second operation data, where the standard user account is generated by the master blockchain node 100 according to the first account parameter of the user account at the first time, and the first account parameter includes the first operation data and the first operation characteristic value corresponding to the first operation data.
Step S404, performing user side exception verification on the user account according to the standard user account and the second account parameter.
Specifically, according to the second operation data, a first account parameter in the account information of the standard user account is obtained; the first operational data in the first account parameter is the same as the second operational data; if the first operation characteristic feature value is equal to the second operation characteristic feature value, determining that the user account is a normal account; and if the first operation characteristic feature value is not equal to the second operation characteristic feature value, determining that the user account is an abnormal account. When the user account is a normal account, the user terminal 200 continues to perform the request verification instruction processing operation; when the user account is an abnormal account, the user terminal 200 stops the request authentication instruction processing operation and performs an abnormal detection operation.
The user accounts in the pending user account group in the embodiment of the present disclosure may be used to store transaction data, and then the first account parameter in the user account is sent to the master blockchain node 100 through the user terminal 200 at a first time, and the master blockchain node 100 generates a standard user account after obtaining the first account parameter and uploads the standard user account; at the second time, the user terminal 200 sends the second account parameter of the user account (the second account parameter is the account parameter of the user account at the second time) to the master block chain node 100, and the master block chain node 100 can identify whether the transaction data in the user account is tampered by comparing the second account parameter with the first account parameter in the standard user account group, so that by adopting the method and the system, capacity expansion can be performed on the standard user account group, and reliability of the transaction data stored in the undetermined user account group after capacity expansion is also ensured.
Fig. 3 is a schematic functional block diagram of a communication security management apparatus 300 based on a blockchain node according to an embodiment of the present disclosure, and the functions of the functional blocks of the communication security management apparatus 300 based on the blockchain node are described in detail below.
The obtaining module 310 is configured to receive a request verification instruction sent by a user terminal, and obtain a current security identifier from the user terminal according to the request verification instruction.
The updating module 320 is configured to update the current blockchain security vector to a target blockchain security vector configured by the first predetermined encryption algorithm. The first preset encryption algorithm refers to a digital fingerprint which is configured by the initial security identifier as the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, and the generation time of the initial security identifier is earlier than that of the current security identifier.
The generating module 330 is configured to generate a first verification vector corresponding to the master block chain link point according to the target block chain security vector, the first preset encryption algorithm, and the initial security identifier. The first verification vector is used for indicating that the cloud block chain node which does not contain the current security identifier verifies the validity of the target block chain security vector.
Fig. 4 illustrates a hardware structure of a master blockchain node 100 for implementing the above-described communication security management method based on blockchain nodes according to an embodiment of the present disclosure, and as shown in fig. 4, the master blockchain node 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.
In a specific implementation process, the processors 110 execute computer-executable instructions stored in the machine-readable storage medium 120, so that the processors 110 may execute the communication security management method based on the blockchain node according to the above method embodiment, where the processors 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processors 110 may be configured to control transceiving actions of the transceiver 140, so as to perform data transceiving with the aforementioned network access device 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the master blockchain node 100, which implement the principle and the technical effect similarly, and this embodiment is not described herein again.
In addition, an embodiment of the present disclosure further provides a readable storage medium, where a computer execution instruction is preset in the readable storage medium, and when a processor executes the computer execution instruction, the above communication security management method based on the blockchain node is implemented.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated. The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.
Claims (10)
1. A communication security management method based on a blockchain node, the method being performed by a master blockchain node, comprising:
receiving a request verification instruction sent by the user terminal, and acquiring a current safety identification from the user terminal according to the request verification instruction;
updating the current block chain security vector to a target block chain security vector configured by a first preset encryption algorithm; the first preset encryption algorithm refers to a digital fingerprint with an initial security identifier configured for the current security identifier, the first preset encryption algorithm and the current security identifier have the same encryption rule, and the generation time of the initial security identifier is earlier than that of the current security identifier;
generating a first verification vector corresponding to the main block chain link point according to the target block chain security vector, the first preset encryption algorithm and an initial security identifier; the first verification vector is used for indicating that the cloud block chain node which does not contain the current security identifier verifies the validity of the target block chain security vector.
2. The method of claim 1, further comprising:
acquiring a second preset encryption algorithm from the user terminal according to the request verification indication, updating an initial security identifier in a first security identifier set to the current security identifier, and adding the second preset encryption algorithm to the first security identifier set; the second preset encryption algorithm refers to the digital fingerprint which is configured by the initial security identifier and the current security identifier, and the second preset encryption algorithm and the initial security identifier have the same encryption rule;
when a first verification data packet sent by a cloud block chain node is received, acquiring cloud block chain node identity information carried by the first verification data packet;
verifying the cloud block chain node identity information according to a public key corresponding to a configuration party of the cloud block chain node identity information to obtain an identity verification result corresponding to the cloud block chain node identity information;
and determining a security verification result corresponding to the cloud block chain node according to the identity verification result, the initial security identifier and the current security identifier, and returning the security verification result to the cloud block chain node.
3. The method according to claim 2, wherein the verifying the cloud block chain node identity information according to a public key corresponding to a configurator of the cloud block chain node identity information to obtain an identity verification result corresponding to the cloud block chain node identity information includes:
acquiring a second verification vector corresponding to the cloud block chain node identity information, and acquiring a first digital fingerprint and a second digital fingerprint from the second verification vector; the second verification vector comprises cloud block chain node identity information, the second digital fingerprint is a configurator of the cloud block chain node identity information, and the first digital fingerprint is a configurator of the second digital fingerprint;
verifying the identity in the cloud block chain node identity information according to the public key of the second digital fingerprint, and verifying the identity in the second digital fingerprint according to the public key of the first digital fingerprint when the identity in the cloud block chain node identity information is correct;
when the identity in the second digital fingerprint is correct, verifying the identity in the first digital fingerprint according to a public key corresponding to a configurator of the first digital fingerprint;
when the first digital fingerprint is the initial digital fingerprint in the second verification vector and the first digital fingerprint is the initial security identifier, determining that the identity verification result of the cloud block chain node identity information is verified according to the initial security identifier;
and when the first digital fingerprint is the initial digital fingerprint in the second verification vector and the first digital fingerprint is the current security identifier, determining that the identity verification result of the cloud block chain node identity information is passed according to the current security identifier.
4. The method according to claim 2, wherein the determining a security verification result corresponding to the cloud block chain node according to the identity verification result, the initial security identifier and the current security identifier and returning the security verification result to the cloud block chain node comprises:
if the identity verification result is matched with the initial security identifier, verification passing information and security identifier updating information are generated, the verification passing information and the security identifier updating information are used as the security verification result and returned to the cloud block chain node, so that the cloud block chain node updates the identity information of the cloud block chain node and the initial security identifier in a second security identifier set according to the security identifier updating information;
if the identity verification result is matched with the current security identification, verification passing information is generated, and the verification passing information is used as the security verification result and returned to the cloud block chain node;
and if the identity verification result is not matched with the initial security identification and the current security identification, generating verification failure information, and returning the verification failure information serving as the security verification result to the cloud block chain node.
5. The method of claim 1, wherein updating the current blockchain security vector to the target blockchain security vector configured by the first predetermined encryption algorithm comprises:
sending a first security vector iteration indication to the user terminal so that the user terminal obtains the current blockchain security vector associated with the first security vector iteration indication, and signing main blockchain node information in the current blockchain security vector according to a private key of a first preset encryption algorithm to generate the target blockchain security vector;
and receiving the target block chain safety vector returned by the user terminal, and updating the current block chain safety vector into the target block chain safety vector.
6. The method according to claim 1, wherein the generating a first verification vector corresponding to the master block chain link point according to the target block chain security vector, the first preset encryption algorithm and an initial security identifier comprises:
determining a configurator of the target block chain security vector as the first preset encryption algorithm in security information elements contained in the target block chain security vector;
setting a first safety vector element for the target block chain safety vector and setting a second safety vector element for the first preset encryption algorithm;
determining a configurator of the first preset encryption algorithm as the initial security identifier in a security information element contained in the first preset encryption algorithm;
and setting a third safety vector element for the initial safety identification, and generating a first verification vector corresponding to the master block chain link point according to the first safety vector element, the second safety vector element and the third safety vector element.
7. The method of claim 2, further comprising:
acquiring a preset action time corresponding to the second preset encryption algorithm;
if the current time information does not belong to the preset action time, determining that the second preset encryption algorithm belongs to an invalid state, and deleting the second preset encryption algorithm from the first security identifier set;
when a second verification data packet sent by the cloud block chain node is received, verifying the cloud block chain node identity information carried by the second verification data packet to obtain an undetermined verification result aiming at the cloud block chain node identity information;
and if the pending verification result is matched with the initial security identifier, generating verification failure information, and returning the verification failure information to the cloud block chain node.
8. The method of claim 1, further comprising:
acquiring an initial security identifier carried by the request verification instruction, and performing validity verification on the initial security identifier according to a public key corresponding to the user terminal to obtain a root identity verification result corresponding to the initial security identifier;
and when the root identity authentication result is an authentication passing result, forwarding the request authentication instruction to a network cluster so that the network cluster encapsulates the request authentication instruction into a broadcast packet and broadcasts the broadcast packet.
9. The method of claim 1, further comprising the step of verifying the request verification indication, the step comprising:
acquiring a request verification instruction sent by a user terminal at a first moment; the request validation indication comprises first account parameters of the user account at the first time; the user account refers to a logged account in a pending user account group to which the user terminal belongs; the first account parameters comprise first operation data and first operation characteristics corresponding to the first operation data;
acquiring a target standard user account in a standard user account group based on the first operation data; the account information of the target standard user account comprises historical account parameters, and the historical account parameters are account parameters corresponding to a previous user account of the user account;
acquiring a current characteristic value in the first operation characteristic, and acquiring an operation characteristic value corresponding to a historical operation characteristic;
if the current characteristic value is the same as the operation characteristic value corresponding to the historical operation characteristic, determining that the first account parameter is legal;
if the current characteristic value is different from the operation characteristic value corresponding to the historical operation characteristic, determining that the first account parameter is not legal;
if the first account parameter is legal, generating a standard user account according to the first account parameter, and adding the standard user account into a standard user account group to which the master block chain node belongs; if the first account parameter does not have validity, the main block chain node returns account verification failure information to the user terminal so that the user terminal stops requesting verification indication processing operation and executes validity detection operation; when a rechecking verification instruction sent by the user terminal at a second moment is obtained, a second account parameter carried by the rechecking verification instruction is obtained; the second account parameter refers to the account parameter of the user account at the second moment; the second time is greater than the first time;
acquiring the standard user account in the standard user account group according to second operation data;
acquiring a first account parameter in the account information of the standard user account; the first operational data in the first account parameters is the same as the second operational data;
if the first operation characteristic feature value is equal to the second operation characteristic feature value, determining that the user account is a normal account;
if the first operation characteristic feature value is not equal to the second operation characteristic feature value, determining that the user account is an abnormal account, wherein the first account parameters comprise first operation data and a first operation characteristic feature value corresponding to the first operation data; the second account parameter comprises the second operation data and a second operation characteristic feature value corresponding to the second operation data;
when the user account is a normal account, returning a verification passing prompt to the user terminal so that the user terminal continues to execute the processing operation of requesting a verification indication;
and when the user account is an abnormal account, returning a verification failure prompt to the user terminal so that the user terminal stops requesting verification indication processing operation and executes abnormal detection operation.
10. A blockchain security system comprising a master blockchain node and a cloud blockchain node, the master blockchain node comprising a machine-readable storage medium and a processor, the machine-readable storage medium having stored therein machine-executable instructions that when executed implement the method of communication security management based on blockchain nodes of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110639683.5A CN113438212A (en) | 2021-06-08 | 2021-06-08 | Block chain node-based communication security management method and block chain security system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110639683.5A CN113438212A (en) | 2021-06-08 | 2021-06-08 | Block chain node-based communication security management method and block chain security system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113438212A true CN113438212A (en) | 2021-09-24 |
Family
ID=77755399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110639683.5A Withdrawn CN113438212A (en) | 2021-06-08 | 2021-06-08 | Block chain node-based communication security management method and block chain security system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113438212A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115396087A (en) * | 2022-06-20 | 2022-11-25 | 中国联合网络通信集团有限公司 | Identity authentication method, device, equipment and medium based on temporary identity certificate |
-
2021
- 2021-06-08 CN CN202110639683.5A patent/CN113438212A/en not_active Withdrawn
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115396087A (en) * | 2022-06-20 | 2022-11-25 | 中国联合网络通信集团有限公司 | Identity authentication method, device, equipment and medium based on temporary identity certificate |
| CN115396087B (en) * | 2022-06-20 | 2024-04-30 | 中国联合网络通信集团有限公司 | Identity authentication method, device, equipment and medium based on temporary identity certificate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102161114B1 (en) | Identification System Using a Relay Server and Identification Method by the Same | |
| US11456879B2 (en) | Secure processing of an authorization verification request | |
| CN109242467B (en) | Block chain-based networking method and device, computer equipment and storage medium | |
| US20190245704A1 (en) | Template based credential provisioning | |
| CN112311735B (en) | Credible authentication method, network equipment, system and storage medium | |
| CN108521333B (en) | Login method and system for off-line authentication based on dynamic password | |
| CN111541551B (en) | Threshold signature message processing method, system, storage medium and server | |
| CN113141259B (en) | Method and device for replacing identity certificate in block chain network | |
| CN108696356B (en) | Block chain-based digital certificate deleting method, device and system | |
| WO2019077351A1 (en) | Asset update service | |
| US11368315B2 (en) | Systems and methods of device ownership self-verification | |
| US11962698B2 (en) | Token node locking with fingerprints authenticated by digital certificates | |
| CN113676452B (en) | Replay attack resisting method and system based on one-time key | |
| CN113285932B (en) | Method for acquiring edge service, server and edge device | |
| CN112702315B (en) | Cross-domain device access control method, device, computer device and storage medium | |
| CN112311779B (en) | Data access control method and device applied to block chain system | |
| CN114731279A (en) | Method and apparatus for automatic digital certificate verification | |
| KR20190120559A (en) | System and Method for Security Provisioning based on Blockchain | |
| CN114338242A (en) | Cross-domain single sign-on access method and system based on block chain technology | |
| CN114117551B (en) | Access verification method and device | |
| CN113438212A (en) | Block chain node-based communication security management method and block chain security system | |
| CN116415227A (en) | Key updating method, server, client and storage medium | |
| CN112600831B (en) | Network client identity authentication system and method | |
| CN112235290A (en) | Block chain-based Internet of things equipment management method and first Internet of things equipment | |
| CN116915480A (en) | Electric power internet of things safety management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210924 |
|
| WW01 | Invention patent application withdrawn after publication |