CN109639406B - Efficient trust solution method based on block chain and IPFS - Google Patents

Efficient trust solution method based on block chain and IPFS Download PDF

Info

Publication number
CN109639406B
CN109639406B CN201811583218.9A CN201811583218A CN109639406B CN 109639406 B CN109639406 B CN 109639406B CN 201811583218 A CN201811583218 A CN 201811583218A CN 109639406 B CN109639406 B CN 109639406B
Authority
CN
China
Prior art keywords
private
chain
enterprise
user
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811583218.9A
Other languages
Chinese (zh)
Other versions
CN109639406A (en
Inventor
俞枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guotai Junan Securities Co Ltd
Original Assignee
Guotai Junan Securities Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guotai Junan Securities Co Ltd filed Critical Guotai Junan Securities Co Ltd
Priority to CN201811583218.9A priority Critical patent/CN109639406B/en
Publication of CN109639406A publication Critical patent/CN109639406A/en
Application granted granted Critical
Publication of CN109639406B publication Critical patent/CN109639406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a high-efficiency trust solution method based on a block chain and an IPFS (internet protocol file system), which comprises an account system, a data management and authority management module, wherein an interplanetary file transmission network which runs independently and is parallel to the block chain network is constructed by utilizing the IPFS technology, all computing devices with the same file management mode are connected together, a public chain and private chain mixed architecture is adopted, all users are equal, the users can only control information related to the users, and simultaneously, a national approved CA (certificate authority) certificate is introduced to ensure that the users on the chain are trusted; the trusted users can develop the applications of the users based on the private chain by registering the private chain, and simultaneously get through the data interaction among the private chains, and all the users are equal based on the public chain and the side chain, so that the financial enterprises can build the private chain, the problems of performance, individuation and the like are solved, and the processes of consensus and the like are not needed.

Description

Efficient trust solution method based on block chain and IPFS
Technical Field
The invention provides an efficient trust solution based on a block chain and IPFS (Internet protocol File System), which is used for solving some practical problems in the financial field in using the block chain. The invention provides a public chain and private chain mixed architecture, which relates to high concurrent operation of a block chain, and is characterized in that an enterprise carries out data exchange access, permission control of the block chain, big data storage of the block chain and the like through the private chain.
Technical Field
IPFS (Inter-platform File System) is a point-to-point distributed hypermedia distribution protocol, which integrates the best distributed System ideas over the last few years, provides all with a globally uniform addressable space, including git, self-documenting File systems SFS, BitTorrent, and DHT, and is also considered to be a new generation of Internet protocol that is most likely to replace HTTP.
The block chain is a string of data blocks which are associated by using a cryptographic method, and each data block contains information of all bitcoin network transactions in the past ten minutes and is used for verifying the validity (anti-counterfeiting) of the information and generating the next block. Blockchains (Blockchain) are an important concept of bitcoin.
The latest technology application of block chains: the bitcoin technique, whose miscarriage occurred in 2008, provides a decentralised, credit-building paradigm that does not require trust accumulation. The Block chain technology is essentially a decentralized and distributed structure data storage, transmission and certification method, a data Block (Block) is used for replacing the dependence of the internet on a central server at present, all data changes or transaction items are recorded on a cloud system, the data self-certification in data transmission is realized theoretically, the information verification paradigm needing to depend on the center in the traditional and conventional meanings is surpassed, the establishment cost of global credit is reduced, the point-to-point verification generates a basic protocol, the basic protocol is a novel form of distributed artificial intelligence, and a brand new interface and a shared interface of human brain intelligence and machine intelligence are established.
The function of the bitcoin wallet relies on validation with a blockchain, one validation being referred to as one validation. Typically, several confirmations are obtained for a transaction. A lightweight (SPV) bitcoin wallet whose client only needs to save data locally related to user-disposable transactions, rather than storing a complete blockchain.
The block chain-based p2p hypermedia protocol IPFS has the prime of becoming an internet subsystem, and can be complete or even replace HTTP through reasonable configuration.
Difference between IPFS and HTTP: HTTP has the problem of over-centralization, while IPFS fundamentally changes the way it is looked up, which is its most important feature. What we look for is location using HTTP, while what we look for is content using IPFS.
The IPFS approach is to pay no attention to the location of the central server, and no consideration to the name and path of the file, but only to the content that may appear in the file. It uses a DHT to find the node where the file resides, retrieve the file, and verify the file data.
IPFS is a general-purpose infrastructure with essentially no storage restrictions. The large file is divided into small blocks, and can be simultaneously obtained from a plurality of servers when being downloaded. The IPFS network is an unfixed, fine-grained and distributed network, and can well meet the requirements of a Content Delivery Network (CDN). The design can well share various data, including images, video streams, distributed databases, whole operating systems, module chains, backup of floppy disks, and most important-static websites.
The IPFS file can also be abstracted into a special IPFS directory, so that a readable file name is marked, and a directory index is obtained like HTTP when the IPFS file is accessed. The process of building a web site on an IPFS is the same as in the past, and the instruction to add a web site to an IPFS node requires only one instruction:
ipfs add -r yoursitedirectory。
the connection between the web pages does not need to be maintained by people any more, and the searching of the IPFS can be solved.
IPFS does not require every node to store all the content, and the owner of the node is free to choose the data that it wants to maintain. This is like a bookmark, and in addition to backing up its own web site, it is voluntary to serve other content of interest.
The copying, storing and website supporting among IPFS nodes only needs to use one instruction and the hash of the website, and the rest IPFS can be determined.
The IPFS is implemented with an HTTP gateway so that an existing browser can also access the IPFS. It is possible to start using IPFS as a facility for storing, distributing and building web sites without waiting.
The block chain is used as a trust connector, advocates using technology to solve trust problems, can solve a plurality of problems in the current centralized financial system, and still has a plurality of problems to be solved.
1. The financial enterprises have higher requirements on information confidentiality, which is greatly different from the characteristics of open, open and transparent block chains;
2. the financial enterprises have higher requirements on transaction processing performance, but the TPS of the current bitcoin is only about dozens after SegWit isolation witness upgrading, and the small concurrency is difficult to meet the actual business scene requirements of the financial industry;
3. financial enterprises have high requirements on transaction data volume, for example, banks, insurance and securities have huge user groups at present, the transaction data volume is huge, and mainstream block chain systems such as bitcoin and ether house cannot store mass data, so that the high requirements of the financial industry on transaction processing performance are difficult to meet;
4. the financial enterprise has various business types, various requirements for blocks and frequent system change. At present, bit coins are difficult to meet some personalized requirements, and the intelligent contracts of Etheng have some potential safety hazards.
Application No.: 201810256936.9 discloses a data processing method and device based on block chain, a block chain link point network, an operator and a readable storage medium. The method comprises the following steps: the block chain link point network receives transaction data to be written into a block chain, wherein the transaction data corresponds to a block chain identifier; the block chain node network determines a block chain corresponding to the block chain identifier from at least two block chains according to the block chain identifier; the block link point network writes the transaction data to a block chain corresponding to the block chain identifier. Through the technical scheme, the problem caused by the block chain being too big can be solved or improved.
Application No.: 201810468531.1 discloses a mixed blockchain architecture system, a processing method and a processing system. The system comprises: the system comprises an upper layer block chain, a current block chain and a lower layer block chain, wherein the input end of the current block chain is connected with the lower layer block chain, and the output end of the current block chain is connected with the upper layer block chain; the current block chain is used for receiving the block packing information from the lower layer block chain and simultaneously packing the packing information in the current block chain to the upper layer block chain. By adopting the architecture system, the block chain can adapt to various complex application scenes, so that the informatization level is improved.
Application No.: 201810314945.9 the invention discloses a block chain based Internet of things data sharing method, S1) an account system module; registering a user; a user logs in; user information; managing a user; s2) data management; a data providing module; a data request module; a task issuing module; a task execution module; a data query module; a task query module; s3) rights management; data access control; data authorization management; data release and audit; the method is based on a mainstream browser, and PC computers are more and more widely applied, so that users can conveniently participate in the use, and the admission threshold is low. Compared with the traditional data sharing system with centralized management, the data sharing system without the centralized management saves a large amount of data intermediary cost and solves the safety problem of the centralized management. The characteristic of distrust of the block chain technology also solves the problem of mutual trust among nodes in the data sharing of the Internet of things; the IPFS distributed file system is adopted, so that the safe storage of mass data is realized, and the expandability is good.
It is based on private chains, with the super account managing everything on the chain. Registering and managing the ordinary users based on super account audit; data generation and viewing of the emphasis federation chain; the administrator reviews the data generated by the publisher, and the data publisher controls the visitor viewing permission.
Disclosure of Invention
The invention aims to: the efficient trust solution based on the block chain and the IPFS is provided, and all users are equal and only can control information related to the users on the premise of guaranteeing the safety and the credibility of the users on the chain based on the side chain and the public chain.
The purpose of the invention is realized by the following scheme: the efficient trust solution method based on the block chain and the IPFS comprises an account system, a data management and authority management module, an independent operating interplanetary file transmission network parallel to a block chain network is built by utilizing an IPFS technology, all computing devices with the same file management mode are connected together, a public chain and private chain mixed architecture is adopted, all users are equal, the users can only control information related to the users, and simultaneously, a national approved CA certificate is introduced to ensure that the users on the chain are trusted; the trusted user develops own application of the user based on the private chain by registering the private chain, and simultaneously makes through data interaction among the private chains, and the trusted user at least comprises the following modules:
1) the system comprises a user registration module, a block chain network management module and a block chain management module, wherein the user registration module provides individual and enterprise registration, after the enterprise registration is successful, a CA center of national unified certification issues a CA certificate and an enterprise key using the CA certificate as a credit endorsement, and the enterprise performs enterprise private chain operation parameter registration from the block chain network by means of the enterprise key to develop enterprise-level application of the enterprise; after the individual user successfully registers, a secret key certificate known by the individual is generated, and the user carries out transaction in a public link network and an attached private link network of the local block chain by virtue of the secret key;
data management:
2) the data uploading module is used for providing video, audio, picture and text files for a user to upload according to the registered and distributed secret key account, and the uploaded files are loaded to each node of the block chain by utilizing an IPFS interplanetary transmission network and run independently without occupying the space of the block chain;
3) the private chain registration module is used for providing the configuration of a private chain system of an enterprise user, and the block chain system generates a corresponding private chain network through the configuration of the private chain;
4) the authority management module provides an authority role configuration function for enterprise users, through the function, the enterprise users open own private link modules to other enterprise users, and a plurality of enterprises achieve mutual limitation through mutual configuration to form an alliance link system which is satisfied by each party, or exchange private link data of each other through mutual limitation;
5) the data storage module provides a relevant API (application programming interface) interface for reading and storing all data of the blockchain network and also provides a relevant API interface for relevant storage and search of information of the blockchain network and the IPFS network;
6) the IPFS module is used for constructing an interplanetary file transmission network which runs independently and is parallel to the block chain network and is used for loading large file storage of the block chain network;
7) the data consensus module adopts a pluggable mode of a consensus algorithm so as to conveniently replace the consensus algorithm at any time according to the service requirement;
8) the private link data exchange module is used for controlling data exchange among private links, and an enterprise user can only access the private link module of the other party authorized by the other party;
9) an access request module for controlling the distribution of the request, distributing the request to the IPFS network through the access request module, and then distributing the request to the data storage module according to the feedback of the IPFS module); when the enterprise user accesses the private link data of other enterprise users, the request is also distributed to the private link data exchange module through the access request module, and the next processing is continued according to the feedback result verified by the access request module;
10) and the private link module is used for deploying functions after the enterprise user successfully applies for the private link and automatically expanding and developing external applications of the enterprise user on the private link network.
The invention provides an efficient trust solution based on a block chain and an IPFS (Internet protocol File System), which adopts a public chain and private chain mixed architecture, so that a financial enterprise can build a private chain, solve the problems of performance, individuation and the like, and does not need processes such as consensus and the like. The private chain can carry out interaction and consistency maintenance with the public chain in an 'anchoring' mode, and meanwhile, data access can be carried out between the enterprise private chain and the public chain safely. And the problems of massive data storage of the block chain and the like are solved by utilizing the perfect combination of IPFS and the block chain.
The invention is based on public chains and side chains, all users being equal. The user can only control information about himself. And meanwhile, a national approved CA certificate is introduced, so that the user on the chain can be trusted. The trusted user can also register a private chain and develop the application of the user based on the private chain. And meanwhile, data interaction among the private chains is opened. In the account system, the invention adds the enterprise CA identity authentication based on the public chain and the registration of the operation parameters of the private chain of the enterprise. In the aspect of data management, the invention focuses on public link evidence storage of side-chain transaction and data interaction among side chains. In the aspect of authority management, authority control among side chains is increased.
On the basis of the scheme, the user registration module is used for receiving relevant data information of the user, performing registered user identification and user information filling, applying for an enterprise-level CA certificate, applying for a public link identity, and uploading enterprise information by using the data uploading module, wherein the data uploading module is used for uploading enterprise qualification information, credit endorsement is performed on a private link of an enterprise user, a unique hash value and an enterprise user address binding are generated, and a block link user views propaganda information of the enterprise user at any time through the address of the enterprise user.
An enterprise user applies for an enterprise-level CA certificate to a CA certificate center by using a user registration module, fills corresponding enterprise information, uses a data uploading module to deliver corresponding enterprise materials, and after passing verification, the CA certificate center issues the enterprise-level CA certificate to the enterprise user and/or applies for a block chain identity to a block chain, and associates the block chain identity with the CA certificate identity to ensure that the behavior of the enterprise user on the block chain and the behavior of the CA certificate have the same legal effect, and discloses the CA certificate identity of the enterprise user on a block chain network, wherein the information is commonly maintained by the whole network to ensure the authenticity and the non-falsification of the information, and the nodes of the whole network can verify the identity of the enterprise user through a block chain interface.
On the basis of the scheme, the same private key of the CA certificate and the private key of the blockchain are generated uniformly at the blockchain client, the generated private keys are stored by enterprise users, the private keys do not need to be stored in a blockchain network and a CA certificate center through a network, and meanwhile, the public key common to the blockchain identity and the CA certificate identity is stored in the blockchain and the CA certificate center through the network.
On the basis of the scheme, after the enterprise user finishes CA certificate and blockchain identity registration, an independent private chain network application is applied in a private chain registration module (30), and the transaction information on the private chain is encrypted into summary information by a public and private key of the enterprise user on the blockchain and is stored on the blockchain; and the enterprise user automatically determines whether to store the encrypted abstract on the block chain or not according to the own business requirement and whether to be jointly maintained by the whole network nodes of the block chain or not.
On the basis of the scheme, the private chain registration is performed according to the following procedures:
s30: configuring relevant parameters by using the private chain registration module, applying for a private chain by an enterprise user with an enterprise-level CA certificate and a blockchain identity through a blockchain client, signing a relevant protocol by the enterprise user by using a private key of the enterprise user, and disclosing the private chain on a blockchain basic network, and viewing the information of the enterprise user by a whole network user through a private chain list-related relevant protocol; after applying for private chain registration, the user configures private chain parameters, including: the private chain name, the application type, the block generation speed and whether the private chain data are automatically synchronized to a block chain, the default number of private chain tokens, a label, a private chain source code address, a private chain icon URL and a private chain matched application or not are registered successfully, and corresponding private chain information is generated in a private chain list of the block chain;
s31: generating codes by using the private chain registration module and deploying the codes to the private chain nodes, downloading source codes configured by parameters to a hardware server of an enterprise user, and after starting service, enabling the enterprise user to have a private chain block chain network which operates autonomously, wherein the block chain is only concentrated in applications concerned by the enterprise user;
s32 developing a private chain external application module based on the private chain nodes: the enterprise users deploy own individual application based on the private chain according to enterprise requirements, the enterprise users popularize own private chain application by themselves, other block chain users automatically determine whether to carry out transaction on the private chain according to the integrity of information disclosed by the enterprise users and the protocol content signed by the enterprise users, the enterprise users attract the block chain users by a series of methods of reducing transaction cost and improving transaction confirmation speed, and the enterprise users and the block chain users can automatically determine whether to synchronize to the block chain or not according to transaction data generated by the private chain application and are maintained by the whole network nodes together;
s33, when the enterprise user independently runs and maintains the private chain system, for the blockchain user, the step S33 of the private chain system becomes unreliable.
In order to solve the problem that the independent operation and maintenance private chain system of enterprise users is not credible to block chain users, the following method is adopted:
s100, generating blocks by the private chain module according to a plurality of transactions at fixed time intervals, and storing the generated blocks in a chain structure;
s101, the HASH values of the blocks generated by the private chain module are sent to the data storage module and are commonly maintained by the whole network, if a private chain owner changes a certain transaction of a private chain, the HASH values of the blocks can be changed, and the HASH values cannot be matched with the HASH values stored in the data storage module, so that the private chain data cannot be changed, and the data are maintained to be uniform.
For the protection of individual user transaction information, the following steps are carried out:
s100: the private chain module returns the relevant transaction information of the user;
s101: the private key generated by the personal user registration module is used for encrypting the transaction summary and then sending the transaction summary to the private link server, namely, the personal user selects the transaction which is felt necessary by the personal user through the external application of the private link module to generate a transaction combination original text packet, the original text packet generates a hash value by using an SHA-256 encryption algorithm, and then the hash value is encrypted by using a private link public key, namely, the doubly encrypted ciphertext and the transaction combination original text packet are sent to the private link server;
s102: the private link server side encrypts the encrypted summary again by using the enterprise secret key and sends the encrypted summary to the individual user, and all transactions on the private link are checked through external application of the private link module;
s103: the private chain transaction information is backed up by the individual user, and the HASH signature summary of the backed up transaction information is sent to the data storage module;
s104: after receiving the ciphertext and the original text packet, the private chain server side firstly verifies the correctness of the original text packet by using the server side data, generates a hash value by using SHA-256 for the original text packet after the verification is successful, verifies the correctness of the ciphertext by using the generated hash value and the private chain public key, and judges that the request of the block chain user is valid after the verification is passed;
and S105, after receiving the ciphertext signed by the private chain private key, the individual user decrypts the ciphertext by using the public key, compares the decrypted ciphertext with the ciphertext transmitted to the server in the step S100 to verify, and stores the original text packet to the local after the verification is successful, so as to be used as a basis for seeking rights and interests of the user.
The authority control module executes management authority according to the following steps:
s40: the authority control module configures a private chain module and an enterprise user mapping relation, the configured mapping relation is stored in the block chain system, authority verification is carried out when the enterprise user accesses the private chain of other enterprise users through the mapping relation, and the authorized enterprise user has the right to access the data of the private chain.
S41: the data storage module supports mutual authorization of two parties of an enterprise user relative to each other, and data interaction between private chains is realized;
s50: the authority control module configures the alliance chain, and when a plurality of enterprise users form the alliance chain to exchange data, the authority of each party needs to be configured, so that the restriction of data access among a plurality of private chains is achieved, and a single system of the plurality of private chains forms a large-scale system across enterprises.
The IPFS-based processing flow is as follows:
s60: the IPFS module generates a unique HASH summary from audio, video, pictures and large texts uploaded by a user, updates the large file into an IPFS interplanetary file transmission network in real time, other users can access the large file through http requests, and the generated HASH summary is used as an http access identifier of the uploaded large file;
s61: the IPFS module automatically addresses according to HASH, if the access request node does not have a large file corresponding to the HASH abstract, the adjacent nodes are removed according to a local distributed HASH table to effectively search a large-scale network, and the average connection log2N node is inquired;
s62: the IPFS module makes redundant backup on files uploaded by a user, so that the files uploaded by the user cannot be deleted theoretically, and a permanent WEB corresponding to the block chain is formed;
s63: the IPFS processing module can perform version control on a submitted object, the submitted object is represented as a specific snapshot in the object version history, the comparison of two different submitted objects reveals the difference between two version files, as long as a single submission is valid, all version objects quoted by the IPFS processing module are accessible, all rolling versions are available, and the whole history of file system changes can be accessed.
The invention has the advantages that: the invention provides an efficient trust solution based on a block chain and an IPFS (Internet protocol File System), which adopts a public chain and private chain mixed architecture, and is based on a public chain and a side chain, all users are equal, so that a financial enterprise can build a private chain, the problems of performance, individuation and the like are solved, and the processes of consensus and the like are not needed. The private chain can carry out interaction and consistency maintenance with the public chain in an 'anchoring' mode, and meanwhile, data access can be carried out between the enterprise private chain and the public chain safely. And the problems of massive data storage of the block chain and the like are solved by utilizing the perfect combination of IPFS and the block chain.
In the invention, the user can only control the information related to the user, and enterprise CA identity authentication based on a public chain is introduced, so that the user on the chain can be trusted; the trusted enterprise user can also register a private chain and develop the user's own application based on the private chain. And in an account system, the private chain operation parameter registration of the enterprise is added. The invention focuses on public link evidence storage of side chain transaction and data interaction among side chains. In the aspect of authority management, authority control among side chains is increased.
Drawings
FIG. 1 is a schematic diagram of the relationship of core modules according to the present invention;
FIG. 2 is a schematic diagram illustrating a user registration process according to the present invention;
FIG. 3 is a schematic diagram of private chain registration process according to the present invention;
FIG. 4 is a schematic diagram illustrating a relationship between blockchain data and private chain data according to the present invention;
FIG. 5 is a schematic flow chart illustrating a process of saving private chain transaction information to a blockchain by an individual user according to the present invention;
FIG. 6 is a schematic diagram of a private chain privilege management process according to the present invention;
FIG. 7 is a schematic view of a process for accessing other private link data by an enterprise user according to the present invention;
FIG. 8 is a flow chart of the IPFS process of the present invention;
FIG. 9 is a flow chart illustrating the relationship between the blockchain and the IPFS according to the present invention.
Detailed Description
The embodiments of the present invention will be described in detail below with reference to the drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In the description of the present invention, "enterprise users" represent enterprises on a blockchain network that have applied for a private chain network; "personal user" represents a common user on the blockchain network who can trade on the blockchain as well as on the private chain; "private public key" represents the public key of an enterprise user; the "private chain private key" represents the private key of the enterprise user.
Referring to fig. 1, fig. 1 is a schematic diagram of a core module relationship of an efficient trust integration scheme based on a block chain and an IPFS of the present invention:
a high-efficiency trust solution method based on a block chain and an IPFS comprises an account system and a data management and authority management module, and is characterized in that an IPFS technology is utilized to construct an interstellar file transmission network which runs independently and is parallel to a block chain network, all computing devices with the same file management mode are connected together, a public chain and private chain mixed architecture is adopted, all users are equal, the users can only control information related to the users, and simultaneously, a state approved CA certificate is introduced to ensure that the users on the chain are trusted; the trusted user develops own application of the user based on the private chain by registering the private chain, and simultaneously makes through data interaction between the private chains, and the method comprises the following modules:
1) the user registration module 10 is used for providing individual and enterprise registration, wherein after the enterprise registration is successful, a CA center of national unified certification issues a CA certificate and an enterprise key using the CA certificate as a credit endorsement, and the enterprise performs enterprise private chain operation parameter registration from a blockchain network by means of the enterprise key to develop enterprise-level application of the enterprise; after the individual user successfully registers, a secret key certificate known by the individual is generated, and the user carries out transaction in a public link network and an attached private link network of the local block chain by virtue of the secret key;
data management:
2) the data uploading module 20 is used for providing video, audio, picture and text files uploaded by a user according to the registered and distributed secret key account, and the transmitted files are loaded to each node of the block chain by utilizing an IPFS interplanetary transmission network and run independently without occupying the space of the block chain;
3) the private chain registration module 30 is used for providing the configuration of a private chain system of an enterprise user, and the block chain system generates a corresponding private chain network through the configuration of the private chain;
4) the authority management module 40 provides an authority role configuration function for enterprise users, through the function, the enterprise users open own private link modules to other enterprise users, a plurality of enterprises achieve mutual limitation through mutual configuration to form an alliance link system which is satisfied by each party, or exchange private link data of each other through mutual limitation;
5) the data storage module 50 provides a relevant API interface for reading and storing all data of the blockchain network, and also provides a relevant API interface for relevant storage and search of information of the blockchain network and the IPFS network;
6) the IPFS module 60 constructs an interplanetary file transmission network which runs independently and is parallel to the block chain network and is used for loading large file storage of the block chain network;
7) the data consensus module 70 adopts a pluggable mode of a consensus algorithm so as to conveniently replace the consensus algorithm at any time according to the service requirement;
8) a private link data exchange module 80, which is used for controlling data exchange among private links, and an enterprise user can only access an opposite private link module authorized by an opposite party;
9) the access request module 90 is used for controlling the distribution of the request, distributing the request to the IPFS network through the access request module, and then distributing the request to the data storage module 50 according to the feedback of the IPFS module 60; when the enterprise user accesses the private link data of other enterprise users, the request is also distributed to the private link data exchange module 80 through the access request module 90, and then the next processing is continued according to the feedback result verified by the access request module 90;
10) the private link module 100 is an external application deployed by the enterprise user after the enterprise user successfully applies for the private link and automatically expands and develops the private link on the private link network.
In this embodiment, a 101 server is used to build a blockchain basic network, support other blockchain users to participate in maintaining blockchain data together, provide a relevant interface to support application of a blockchain identity, verification of a blockchain identity, check of blockchain identity information, verification of association of a blockchain identity and a CA certificate, support enterprise users to apply for a private chain, support hash encryption of private chain information to store to a blockchain, support data interaction between private chains, and support private chain authority access control. The method solves the problem of storing the identity information of the block chain by using the IPFS technology, solves the problem of inconsistent identity information of the IPFS by using the block chain, and ensures the traceability and invariability of the past behaviors of people by using the technology, thereby realizing the cautious self-service, changing the trust of people into the trust of people for the technology, solving the problems of low concurrency, high delay and the like of the block chain system, and constructing a high-efficiency credible decentralized system. The system comprises the following specific implementation steps:
in the core module schematic diagram, the efficient trust integration scheme based on the blockchain and the IPFS includes:
the module 10, the said user registers the module and will provide the individual and register the function with the enterprise, after the individual user registers successfully, will produce the secret key certificate that only the individual knows, the user can trade in the public chain network and affiliated private chain network of this block chain with the secret key; after the enterprise user is successfully registered, a CA center of national uniform certification issues a CA certificate and an enterprise key taking the CA certificate as a credit endorsement, and the enterprise can register a private link network from a blockchain network to develop enterprise-level application of the enterprise by means of the enterprise key.
The module 20, the data upload module will provide users to upload large files such as video, audio, pictures, text and the like according to the registered and distributed key account, and the transmitted files are loaded to each node of the block chain by using an IPFS interplanetary transmission network, but operate independently, do not occupy the space of the block chain, and well solve the storage limit of the large files of the block chain.
Module 30, the private chain registration module will provide the configuration function of the private chain system of the enterprise user, and the blockchain system will generate the corresponding private chain network through the configuration of the private chain.
The module 40, the authority management module will provide the authority role configuration function for the enterprise users, through this function, the enterprise users can open their own private link module to other enterprise users, multiple enterprises can achieve mutual restriction through mutual configuration, form the alliance link system that all parties are satisfied, can also exchange each other's private link data through mutual restriction.
The module 50, the data storage module, will provide a relevant API interface for reading and storing all data of the blockchain network, and also provide a relevant API interface for the associated storage and search of information of the blockchain network and the IPFS network.
Module 60, the IPFS module will construct an independent operating interplanetary file transfer system in parallel with the blockchain network for loading the large file storage of the blockchain network.
The module 70, the data consensus module adopts a pluggable mode of consensus algorithm, the consensus algorithm can be changed at any time according to the business needs, if PBFT consensus algorithm is selected, the public, transparent, consistent and irreversibility of the block chain network data can be ensured, the consensus module can tolerate the simultaneous error of 1/3 consignee nodes at most, and the transaction and the block can not be rolled back as long as the consignee joint cheating or large-scale theft does not occur, so that the transaction confirmation speed can be very high, and the basic safety requirements can be met after 2-time confirmation.
Module 80, the private link data exchange module is used for data exchange control between private links, and the enterprise user can only access the other private link module authorized by the other party.
The module 90 is used for controlling the distribution of the request, for example, the request module distributes the request to the IPFS network if the large file storage request is transmitted, and then the request is distributed to the data storage module according to the feedback of the IPFS; when the enterprise user accesses the private link data of other enterprise users, the request module also distributes the request to the private link data exchange module, and then the next processing is continued according to the feedback result of the access request verification module.
Module 100, the private link module is a function deployed after an enterprise user successfully applies for a private link and an external application developed by the enterprise user in a private link network by self-expansion.
Referring to fig. 2, a schematic diagram of a user registration process of the efficient trust integration scheme based on the blockchain and IPFS of the present invention is shown. The efficient trust integration scheme based on the block chain and the IPFS further comprises the following steps:
step S10, the user registration module is configured to receive identity information of a user, which is an enterprise and an individual, where the two identities are different in terms of rights and obligations in the blockchain network, the enterprise is used as an owner of a private chain, the information is more strictly checked, the individual user may not fill any information, and the user registration module may also allocate a unique key for identification.
The user registration module is deployed on a plurality of hardware servers and provides a series of pictures, and a user can use a series of functions provided by the blockchain to the outside through the pictures.
In step S11, the user registration module is used to receive the relevant data information of the user and apply for the enterprise-level CA certificate.
Step S12, the enterprise user applies for the enterprise CA certificate to the CA certificate center by the user registration module, fills in the corresponding enterprise information, submits the corresponding enterprise material, and issues the enterprise CA certificate to the enterprise user by the CA certificate center after passing the verification.
Step S13, applying for enterprise CA certificate, applying for blockchain identity to blockchain, associating the blockchain identity with CA said identity through technology, ensuring that enterprise user acts on blockchain and CA certificate has equal legal effect, and disclosing the CA certificate identity of enterprise user on blockchain network, the information is maintained by whole network, thus ensuring the authenticity and non-falsification of the information, the nodes of whole network can verify enterprise user identity through blockchain interface, according to the 'electronic signature law' issued in 2005, it is confirmed that 'reliable electronic signature and hand-written signature or stamp has equal legal effect', making people 'S trust to people' S technology become trust.
According to the conclusion, the same private key of the CA certificate and the private key of the block chain are uniformly generated at the block chain client, the generated private keys are stored by an enterprise user, and are not required to be stored in a block chain network and a CA certificate center through a network, and meanwhile, the public key common to the block chain identity and the CA certificate identity is stored in the block chain and the CA certificate center through the network.
The CA private key encryption signature digest can be verified by a public key on the blockchain, and the private key encryption signature digest on the blockchain can also be verified by the public key on the CA, so that the user can be restricted and protected by law in the blockchain.
After the enterprise user finishes the CA certificate and the blockchain identity, the independent private chain network application can be applied in the private chain application module, and the transaction information on the private chain can be encrypted into summary information by the public and private keys of the enterprise user on the blockchain and stored on the blockchain; the enterprise user can decide whether to store the encrypted abstract on the block chain or not according to the business requirement of the enterprise user, and whether to be commonly maintained by the block chain whole network nodes or not.
And step S20, uploading the qualification information of the enterprise by using the data uploading module, wherein the qualification information can be used for credit endorsement of the private chain of the enterprise user, so that the enterprise user can better advertise the private chain network.
The capacity problem is solved by combining with the IPFS technology, and the IPFS (inter platform File System) is a point-to-point distributed hypermedia distribution protocol and can connect all computing devices with the same File management mode together. The enterprise users upload information (company propaganda materials, committed recording video, enterprise information of a CA center, fixed assets or intangible assets of a company) capable of increasing the credible value of the enterprise users to the IPFS, a unique hash value and an enterprise user address binding are generated, and the block chain users watch the propaganda information of the enterprise users at any time through the addresses of the enterprise users so as to judge whether to invest the enterprise users.
The existing financial industry consumes a large amount of manpower and material resources to prove that the financial industry is the problem of 'him', and the problem of the certification can be very simple by combining the IPFS and the block chain technology, because the IPFS is distributed file storage, the uploaded data of the IPFS cannot be deleted or changed, and because no method is available for changing all nodes; if the data information of a plurality of nodes is inconsistent, the hash value generated by the data is compared with the hash value of the block chain, and the same value is true.
Referring to fig. 3, a schematic diagram of a private chain registration process of the efficient trust integration scheme based on the blockchain and the IPFS according to the present invention is shown, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
step S21, the data upload module is used to upload the related data for credit endorsement on the private link network to be applied.
Step S30, an enterprise with an enterprise-level CA certificate and a blockchain identity can apply for a private chain through a blockchain client, and after signing a relevant protocol with its own private key, an enterprise user is disclosed to a blockchain basic network, and all network users can view the private chain through the relevant protocol related to the private chain list.
After applying for the private chain to pass, the user can configure the private chain parameters, such as: and after the private chain information is successfully registered, generating corresponding private chain information in the private chain list of the block chain.
And step S31, downloading the source code of the parameter configuration to the hardware server of the user, and after starting the service, the user has the private link block chain network which operates autonomously, and the user removes the unnecessary applications on the block chain and only concentrates on the concerned applications, thereby reducing unnecessary resource waste and saving cost.
Step S32, enterprise users can deploy their own individual application based on private chain according to their enterprise needs, enterprise users can promote their own private chain application, other users of the block chain can decide whether to trade on the private chain according to the integrity of the information disclosed by enterprise users and the agreement content signed by enterprise users, enterprise users can attract users of the block chain by a series of methods such as reducing the trade fee, increasing the trade confirmation speed, etc., the enterprise users and the block chain users can decide whether to synchronize to the block chain by themselves according to the trade data generated by the private chain application, and the block chain users and the enterprise users are maintained by the nodes of the whole network.
Step S33, the user independently operates and maintains the private chain system, and as with a centralized system of conventional enterprise operation and maintenance, the user has the excellent features of all centralized systems such as privacy, high throughput, low latency, etc., but these are all for the enterprise user, but for the blockchain user, he will also become untrusted, and fig. 4 will describe how to solve the untrusted of the blockchain user in further detail.
Referring to fig. 4, a schematic diagram of a relationship flow between blockchain data and private chain data of the efficient trust integration scheme based on a blockchain and an IPFS according to the present invention is shown, where the efficient trust integration scheme based on a blockchain and an IPFS further includes:
and S100, generating blocks by the private chain module according to a plurality of transactions at fixed time intervals, and storing the generated blocks in a chain structure.
Step S101, the HASH value of the block generated by the private chain module is sent to the data storage module and is commonly maintained by the whole network, if a private chain owner enterprise changes a certain transaction of the private chain, the HASH value of the block is changed, and the HASH value of the block cannot be matched with the HASH value stored in the storage module, so that the private chain data cannot be changed, and the data uniformity is maintained.
Referring to fig. 5, a schematic flow chart of saving private chain transaction information to a blockchain for an individual user of the efficient trust integration scheme based on the blockchain and the IPFS according to the present invention, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
in step S102, the individual user may view all transactions on the private chain through the external application of the private chain module.
If the enterprise deletes the data of all the nodes of the private link, the personal user cannot check the transaction information of the personal user, if the transaction information is important, great loss such as crowd funding, contract and the like can be caused to the personal user, so that the private link module supports the personal user to backup the private link transaction information, and the HASH signature summary supporting the backup transaction information is sent to the storage module.
Step S103, the individual user can select the transaction which the individual user feels necessary through the external application of the private link module, a transaction combination original text packet is generated, the original text packet generates a hash value by using an SHA-256 encryption algorithm, the hash value is encrypted by using a private link public key, and then the encrypted ciphertext and the transaction combination original text packet are sent to the private link server.
The external application of the private chain module exists in the same sense as the external application of the block chain, and the difference of the block chain is that the transaction data generated by the external application of the private chain module is only temporarily stored in the private chain basic network.
When the individual user exchanges on the private chain, only the assets of the users of the block chain on the private chain can be exchanged, the asset exchange between the block chain and the private chain is temporarily not supported, and the asset exchange between the private chain and the private chain is temporarily not supported.
And step S104, after the private chain server receives the ciphertext and the original text packet, verifying the correctness of the original text packet by using the server data, after the verification is successful, generating a hash value for the original text packet by using SHA-256, verifying the correctness of the ciphertext by using the generated hash value and the private chain public key, and after the verification is passed, judging that the request of the block chain user is valid.
And the private chain server uses the private chain private key to sign the private key on the ciphertext to show that the block chain user agrees to the transaction rights and interests, and the signed information has legal effect as described above, and then sends the signed ciphertext to the block chain user.
And step S105, after receiving the ciphertext signed by the private chain private key, the individual user decrypts the ciphertext by using the public key, compares the decrypted ciphertext with the ciphertext transmitted to the server side in the step S100 and verifies the decrypted ciphertext, and after the verification is successful, stores the original text packet to the local as a basis for the user to seek rights and interests in the future.
And the individual user stores the private chain private key signature ciphertext received from the server side and the private key signature of the individual user in the block chain. The block chain specially provides an API interface for block chain users to store transaction information on the private chain to ensure and maintain the information jointly in the whole network, and in the storage process, the block chain users need to pay certain transaction procedure cost.
Referring to fig. 6, a schematic diagram of a private chain authority management process of the efficient trust integration scheme based on the blockchain and the IPFS according to the present invention is shown, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
step S40, the authority control module can configure the mapping relationship between the private chain module and the enterprise user, the configured mapping relationship is stored in the blockchain system, and the authority can be verified when the enterprise user accesses the private chain of other enterprise users through the mapping relationship, and only authorized enterprise users can access the data of the private chain.
And step S41, the data storage module can support mutual authorization of both parties of the enterprise user relative to each other, and data interaction between the private chains is realized.
In step S50, the rights control module may configure a federation chain. When a plurality of enterprise users want to form a alliance chain to exchange data, the authority of each party can be configured, so that the restriction of data access among a plurality of private chains is achieved, and a single system of the plurality of private chains forms a large-scale system across enterprises.
Referring to fig. 7, a schematic flow diagram of the process of accessing other private chain data by an enterprise user based on the efficient trust integration scheme of the blockchain and IPFS according to the present invention is shown, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
step S90, the access request module sends a data access request to the private link data exchange module. If the access request is the non-public data of the request private chain, the access request can be continued after the authentication of the permission removing authentication module is passed, and the request with the authentication failure is stopped.
And step S81, the authority verification module feeds back an authority verification result according to the mapping relation between the enterprise user and the private chain of the data storage module, and the authorized party can continue to access the data storage module.
And step S91, the access request module controls the request result according to the feedback result of the authority verification module.
Referring to fig. 8, it is a flowchart illustrating an IPFS processing flow of the efficient trust integration scheme based on the blockchain and the IPFS according to the present invention, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
step S60, the IPFS processing module may generate a unique HASH digest from the audio, video, picture, and large text uploaded by the user, and update the large file to the IPFS interplanetary file transmission network in real time, where other users may access the large file through http request, and the generated HASH digest is used as the http access identifier of the uploaded large file.
Step S61, the IPFS handler module automatically addresses according to HASH. If the access request node does not have the large file corresponding to the HASH abstract, the adjacent nodes are searched for the large-scale network effectively according to the local distributed HASH table, and the average connection log2N nodes are inquired. (e.g., a network of 10000000 nodes has 20 hops).
In step S62, the IPFS processing module may perform redundant backup on the file uploaded by the user, so that the file uploaded by the user cannot be deleted theoretically, thereby forming a permanent WEB corresponding to the blockchain.
In step S63, the IPFS process module may perform version control on the submitted object, where the submitted object is represented as a specific snapshot in the object version history. Comparing two differently submitted objects reveals the difference between the two version files. As long as a single commit is valid, all version objects it references are accessible, all rolling versions are available, and the entire history of file system changes is accessible.
Referring to fig. 9, a schematic diagram of a relationship flow between a blockchain and an IPFS of the efficient trust integration scheme based on the blockchain and the IPFS according to the present invention is shown, where the efficient trust integration scheme based on the blockchain and the IPFS further includes:
step S22, the data uploading module sends the access request to the access request module, and the access request module uniformly determines whether the large file carried by the request needs to be uploaded to the IPFS network. Step S92, the access request module sends the large file to the IPFS module, and the IPFS module processes the large file uniformly. And step S64, the IPFS module uploads the large file to the IPFS network, generates a HASH unique summary identifier representing the large file, and returns the processing result and the HASH unique summary identifier to the access request module. And step S93, the access request module sends IPFS feedback information to the storage module, and the storage module stores the processing result and the HASH unique summary identification in the block chain personal area of the uploader. And step S51, the storage module feeds back the processing result to the data uploading module through the access request module, and the data uploading module informs the uploader of the uploading result.

Claims (8)

1. A high-efficiency trust solution method based on a block chain and an IPFS comprises an account system, data management and authority management, and is characterized in that an IPFS technology is utilized to construct an interstellar file transmission network which runs independently and is parallel to a block chain network, all computing devices with the same file management mode are connected together, a public chain and private chain mixed architecture is adopted, all users are equal, the users can only control information related to the users, and simultaneously, a state approved CA certificate is introduced to ensure that the users on the chain are trusted; the trusted user develops own application of the user based on the private chain by registering the private chain, and simultaneously makes through data interaction between the private chains, and the solution at least adopts the following modules:
1) the user registration module (10) provides individual and enterprise registration, wherein after the enterprise registration is successful, a CA center of national unified certification issues a CA certificate and an enterprise key taking the CA certificate as a credit endorsement, and the enterprise performs enterprise private chain operation parameter registration from the blockchain network by virtue of the enterprise key to develop enterprise-level application of the enterprise; after the individual user successfully registers, a secret key certificate known by the individual is generated, and the user carries out transaction in a public link network and an attached private link network of the local block chain by virtue of the secret key;
2) the data uploading module (20) is used for providing video, audio, picture and text files for the user to upload according to the registered and distributed secret key account, and the uploaded files are loaded to each node of the block chain by utilizing an IPFS (internet protocol file system) interplanetary transmission network and run independently without occupying the space of the block chain;
3) a private chain registration module (30) for providing the configuration of a private chain system of an enterprise user, and the block chain system generates a corresponding private chain network through the configuration of the private chain;
4) the authority management module (40) provides an authority role configuration function for enterprise users, through the function, the enterprise users open own private link modules to other enterprise users, and a plurality of enterprises achieve mutual limitation through mutual configuration to form an alliance link system which is satisfied by each party, or exchange private link data of each other through mutual limitation;
5) the data storage module (50) provides a relevant API interface for reading and storing all data of the blockchain network, and also provides a relevant API interface for relevant storage and searching of information of the blockchain network and the IPFS network;
6) the IPFS module (60) is used for constructing an interplanetary file transmission network which runs independently and is parallel to the block chain network and is used for loading large file storage of the block chain network;
7) the data consensus module (70) adopts a pluggable mode of a consensus algorithm so as to conveniently replace the consensus algorithm at any time according to the business needs;
8) the private chain data exchange module (80) is used for controlling data exchange among private chains, and an enterprise user can only access the private chain module of the opposite side authorized by the opposite side;
9) an access request module (90) for controlling the distribution of the request, the request is distributed to the IPFS network through the access request module, and then is distributed to the data storage module (50) according to the feedback of the IPFS module (60); when the enterprise user accesses the private link data of other enterprise users, the request is also distributed to the private link data exchange module (80) through the access request module (90), and the next processing is continued according to the feedback result verified by the access request module (90);
10) the private chain module (100) is used for deploying functions after the enterprise user successfully applies for the private chain and external applications of the enterprise user in self-expansion development on the private chain network; wherein the content of the first and second substances,
the system comprises a user registration module (10), a data uploading module (20), a block chain user and a block chain user, wherein the user registration module (10) is used for receiving relevant data information of a user, performing registered user identification and user information filling, applying for an enterprise-level CA certificate, applying for a public chain identity, and uploading enterprise information by the data uploading module (20), the data uploading module (20) is used for uploading enterprise qualification information, performing credit endorsement on a private chain of an enterprise user, generating a unique hash value and binding an enterprise user address, and the block chain user views propaganda information of the enterprise user at any time through the address of the enterprise user;
the private chain registration is performed according to the following procedures:
s30: configuring related parameters by using the private chain registration module (30), applying for a private chain by an enterprise user with an enterprise-level CA certificate and a block chain identity through a block chain client, signing a related protocol by the enterprise user with a private key, disclosing the protocol onto a block chain basic network, and viewing the enterprise user information by a whole network user through a private chain list related protocol; after applying for private chain registration, the user configures private chain parameters, including: the private chain name, the application type, the block generation speed and whether the private chain data are automatically synchronized to a block chain, the default number of private chain tokens, a label, a private chain source code address, a private chain icon URL and a private chain matched application or not are registered successfully, and corresponding private chain information is generated in a private chain list of the block chain;
s31: generating codes by using the private chain registration module (30) and deploying the codes to private chain nodes, downloading source codes configured by parameters to a hardware server of an enterprise user, starting service, and enabling the enterprise user to have a private chain block chain network which operates autonomously, wherein the block chain is only concentrated in applications concerned by the enterprise user;
s32: developing a private chain external application module based on the private chain nodes: the enterprise users deploy own individual application based on the private chain according to enterprise requirements, the enterprise users popularize own private chain application by themselves, other block chain users automatically determine whether to carry out transaction on the private chain according to the integrity of information disclosed by the enterprise users and the protocol content signed by the enterprise users, the enterprise users attract the block chain users by a series of methods of reducing transaction cost and improving transaction confirmation speed, and the enterprise users and the block chain users can automatically determine whether to synchronize to the block chain or not according to transaction data generated by the private chain application and are maintained by the whole network nodes together;
s33 when the enterprise user runs and maintains the private chain system independently, the private chain system will become untrustworthy for the blockchain user.
2. The efficient blockchain and IPFS trust solution in accordance with claim 1, characterized in that enterprise users apply for enterprise-level CA certificates to a CA certificate center by using a user registration module (10), fill in corresponding enterprise information, submit corresponding enterprise materials by using a data uploading module (20), issue enterprise-level CA certificates to the enterprise users by the CA certificate center after passing verification, and/or applying for a blockchain identity to the blockchain, and associating the blockchain identity with the CA certificate identity, to ensure that the behavior of the enterprise user on the blockchain and the behavior of the CA certificate have equal legal effect, and to disclose the identity of the CA certificate of the enterprise user on the blockchain network, the information is commonly maintained by the whole network, the authenticity and the non-falsification of the information are ensured, and the nodes of the whole network can verify the identity of the enterprise user through the block link interfaces.
3. The efficient trust solution based on blockchain and IPFS according to claim 2, wherein the same CA certificate private key and blockchain private key are generated uniformly at the blockchain client, the generated private keys are stored by the enterprise user without being stored to the blockchain network and the CA certificate center through the network, and meanwhile, the public key common to the blockchain identity and the CA certificate identity is stored to the blockchain and the CA certificate center through the network.
4. The efficient blockchain and IPFS trust solution of claim 2, wherein,
after the enterprise user finishes CA certificate and blockchain identity registration, an independent private chain network application is applied in a private chain registration module (30), and the transaction information on the private chain is encrypted into summary information by a public and private key of the enterprise user on the blockchain and is stored on the blockchain; and the enterprise user automatically determines whether to store the encrypted abstract on the block chain or not according to the own business requirement and whether to be jointly maintained by the whole network nodes of the block chain or not.
5. The efficient trust solution for blockchain and IPFS according to claim 1, wherein to solve the problem that the independent operation and maintenance of the private chain system by enterprise users becomes untrusted to users of blockchain, the following methods are used:
step S100, the private chain module (100) generates a plurality of transaction blocks according to a fixed time interval, and the generated blocks are stored in a chain structure;
step S101, the HASH value of the block generated by the private chain module is sent to the data storage module (50) and is commonly maintained by the whole network, if a private chain owner changes a certain transaction of the private chain, the HASH value of the block is changed, and the HASH value of the block cannot be matched with the HASH value stored in the data storage module (50), so that the private chain data cannot be changed, and the data is maintained to be uniform.
6. The efficient blockchain and IPFS based trust solution according to claim 1, wherein for protection of personal user transaction information, the following steps are performed:
s100: returning, by said private chain module (100), user-related transaction information;
s101: the private key generated by the personal user registration module (10) is used for encrypting the transaction summary and then sending the transaction summary to the private link server, namely, the personal user selects the transaction which is felt necessary by the personal user through the external application of the private link module (100), generates a transaction combination original text packet, uses the SHA-256 encryption algorithm to generate a hash value for the original text packet, and then uses the private link public key to encrypt the hash value, namely, the doubly encrypted ciphertext and the transaction combination original text packet are sent to the private link server;
s102: the private link server side encrypts the encrypted summary again by using the enterprise secret key and sends the encrypted summary to the individual user, and all transactions on the private link are checked through an external application of the private link module (100);
s103: the private chain transaction information is backed up by the individual user, and the HASH signature summary of the backed up transaction information is sent to the data storage module (50);
s104: after receiving the ciphertext and the original text packet, the private chain server side firstly verifies the correctness of the original text packet by using the server side data, generates a hash value by using SHA-256 for the original text packet after the verification is successful, verifies the correctness of the ciphertext by using the generated hash value and the private chain public key, and judges that the request of the block chain user is valid after the verification is passed;
and S105, after receiving the ciphertext signed by the private chain private key, the individual user decrypts the ciphertext by using the public key, compares the decrypted ciphertext with the ciphertext transmitted to the server in the step S100 to verify, and stores the original text packet to the local after the verification is successful, so as to be used as a basis for seeking rights and interests of the user.
7. The efficient blockchain and IPFS based trust solution according to claim 1, wherein the double encryption and two-way validation of the transaction information of the individual user comprises the following steps:
the right management module (40) executes management right according to the following steps:
s40: the authority management module (40) configures a mapping relation between a private chain module and an enterprise user, the configured mapping relation is stored in a block chain system, authority verification is carried out when the enterprise user accesses private chains of other enterprise users through the mapping relation, and authorized enterprise users have the right to access data of the private chain;
s41: the data storage module (50) supports mutual authorization of two parties of an enterprise user relative to each other, and data interaction between private chains is realized;
s50: the authority management module configures the alliance chain, and when a plurality of enterprise users form the alliance chain to exchange data, the authority of each party needs to be configured, so that the restriction of data access among a plurality of private chains is achieved, and a single system of the plurality of private chains forms a large-scale system across enterprises.
8. The efficient trust solution based on blockchain and IPFS of claim 1, wherein the IPFS-based process flow is as follows:
s60: the IPFS module generates a unique HASH summary from audio, video, pictures and large texts uploaded by a user, updates the large file into an IPFS interplanetary file transmission network in real time, other users can access the large file through http requests, and the generated HASH summary is used as an http access identifier of the uploaded large file;
s61: the IPFS module automatically addresses according to HASH, if the access request node does not have a large file corresponding to the HASH abstract, the adjacent nodes are removed according to a local distributed HASH table to effectively search a large-scale network, and the average connection log2N node is inquired;
s62: the IPFS module makes redundant backup on files uploaded by a user, so that the files uploaded by the user cannot be deleted theoretically, and a permanent WEB corresponding to the block chain is formed;
s63: the IPFS processing module can perform version control on a submitted object, the submitted object is represented as a specific snapshot in the object version history, the comparison of two different submitted objects reveals the difference between two version files, as long as a single submission is valid, all version objects quoted by the IPFS processing module are accessible, all rolling versions are available, and the whole history of file system changes can be accessed.
CN201811583218.9A 2018-12-24 2018-12-24 Efficient trust solution method based on block chain and IPFS Active CN109639406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811583218.9A CN109639406B (en) 2018-12-24 2018-12-24 Efficient trust solution method based on block chain and IPFS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811583218.9A CN109639406B (en) 2018-12-24 2018-12-24 Efficient trust solution method based on block chain and IPFS

Publications (2)

Publication Number Publication Date
CN109639406A CN109639406A (en) 2019-04-16
CN109639406B true CN109639406B (en) 2022-03-04

Family

ID=66076940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811583218.9A Active CN109639406B (en) 2018-12-24 2018-12-24 Efficient trust solution method based on block chain and IPFS

Country Status (1)

Country Link
CN (1) CN109639406B (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2706183C1 (en) * 2019-04-11 2019-11-14 Алексей Владиславович Потанин Method of fixing data associated with production and sale of products, and corresponding system
CN110119429B (en) * 2019-04-22 2021-12-03 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN110175471B (en) * 2019-05-23 2021-07-30 语联网(武汉)信息技术有限公司 File storage method and system
CN110392094B (en) * 2019-06-03 2021-03-19 网宿科技股份有限公司 Method for acquiring service data and converged CDN system
CN110379474A (en) * 2019-06-18 2019-10-25 武汉联影医疗科技有限公司 Medical data management method, system, device, computer equipment and storage medium
CN110417739B (en) * 2019-06-27 2021-06-25 华东师范大学 Safe network in-band measurement method based on block chain technology
CN112241548A (en) * 2019-07-18 2021-01-19 深圳市云歌人工智能技术有限公司 User authentication and authorization based on block chain and authentication and authorization method
CN110445851A (en) * 2019-07-26 2019-11-12 达闼科技成都有限公司 Communication means, device, storage medium and electronic equipment based on distributed network
CN110569654B (en) * 2019-08-30 2020-05-12 广州奇化有限公司 Block chain credible data processing method and device for supply chain quick response mode
CN110866273B (en) * 2019-11-09 2023-05-12 北京工业大学 Inter-enterprise standard consensus method based on blockchain and interstellar file system
CN111460489B (en) * 2019-12-09 2023-06-06 重庆锐云科技有限公司 IPFS-based block chain customer perpetual storage method
CN111125763B (en) * 2019-12-24 2022-09-20 百度在线网络技术(北京)有限公司 Method, device, equipment and medium for processing private data
CN111125256B (en) * 2019-12-24 2023-10-31 深圳前海乐寻坊区块链科技有限公司 Human credit authentication method, device, equipment and storage medium based on blockchain
CN111343001B (en) * 2020-02-07 2022-04-12 复旦大学 Social data sharing system based on block chain
CN111245861B (en) * 2020-02-07 2022-01-25 上海应用技术大学 Power data storage and sharing method
CN111311192B (en) * 2020-02-26 2021-01-01 杭州新中大科技股份有限公司 Artificial intelligence enterprise management method and system combining block chains and big data
CN113379416A (en) * 2020-03-10 2021-09-10 本无链科技(深圳)有限公司 Method and system for realizing similar biological groups with consistent memory but different behaviors
CN111445245A (en) * 2020-03-27 2020-07-24 北京瑞卓喜投科技发展有限公司 Certificate index updating method and device for security type general certificate
CN111461887B (en) * 2020-04-01 2022-06-03 杭州溪塔科技有限公司 Block chain consensus processing method and device and electronic equipment
CN111460395B (en) * 2020-04-03 2024-01-30 北京邮电大学 Shared data storage and copyright protection tracing method and system
CN111212276A (en) * 2020-04-22 2020-05-29 杭州趣链科技有限公司 Monitoring method, system, equipment and storage medium based on camera module
CN111209542B (en) * 2020-04-23 2020-08-04 雪球(北京)技术开发有限公司 Authority management method and device, storage medium and electronic equipment
CN111552955B (en) * 2020-04-29 2023-03-28 合肥井创数字科技有限公司 Personal identity authentication method and device based on block chain and IPFS
CN111626735B (en) * 2020-05-28 2020-12-22 上海逐鲨智能科技有限公司 Data interaction system, method and module
CN113836589A (en) * 2020-06-24 2021-12-24 西安赋能区块链技术咨询服务有限公司 Digital description, deposit certificate and use method of enterprise credit
TWI824173B (en) * 2020-08-26 2023-12-01 中華電信股份有限公司 A method of mixing public blockchains with private blockchains and computer readable medium
CN112068900A (en) * 2020-09-09 2020-12-11 上海万向区块链股份公司 Hot plug switching system for BFT consensus algorithm
CN112055025B (en) * 2020-09-10 2021-06-22 广西师范大学 Privacy data protection method based on block chain
CN112511553B (en) * 2020-12-08 2021-12-07 清华大学 Hierarchical Internet trust degree sharing method
CN113221158B (en) * 2020-12-31 2023-08-08 上海零数众合信息科技有限公司 Block chain-based security verification method for stock of securities work
CN112836229B (en) * 2021-02-10 2023-01-31 北京深安信息科技有限公司 Trusted data access control scheme for attribute-based encryption and block chaining
CN113014577B (en) * 2021-02-24 2022-04-01 中国科学院数学与系统科学研究院 Mixed block chain system and trusted block identification method thereof
CN113036756B (en) * 2021-03-15 2023-01-20 四川电力设计咨询有限责任公司 Networking system and method for decentralized networking of micro-grid
KR102650336B1 (en) * 2021-05-04 2024-03-22 계명대학교 산학협력단 Method and apparatus for providing lightweight blockchain using external strorage and pbft consensus algorithm
CN113434094A (en) * 2021-07-08 2021-09-24 山东中科好靓科技有限公司 Data file storage and extraction method based on IPFS
CN113572618B (en) * 2021-08-10 2022-11-18 东北大学 Fabric and IPFS combined decentralized storage system and data storage method thereof
CN113761492A (en) * 2021-08-17 2021-12-07 国网山东省电力公司信息通信公司 Trusted data storage method and system, computer equipment and terminal
CN113821478A (en) * 2021-11-24 2021-12-21 南京金宁汇科技有限公司 Block chain-based large file storage method and system
CN114119235B (en) * 2021-12-03 2023-05-30 西华大学 Block chain-based platform anti-monopoly algorithm behavior self-evidence transaction method
CN114564756B (en) * 2022-03-03 2023-01-10 广州万辉信息科技有限公司 Block chain-based patent pledge service processing platform and method
CN114499894B (en) * 2022-04-01 2022-09-09 南京金宁汇科技有限公司 File storage and reading method and system in block chain network
CN114866323B (en) * 2022-04-29 2023-09-29 华中科技大学 User-controllable privacy data authorization sharing system and method
CN115208676B (en) * 2022-07-19 2023-09-08 中软航科数据科技(珠海横琴)有限公司 Data encryption method and system based on blockchain technology
CN117726334A (en) * 2024-02-08 2024-03-19 泉州行创网络科技有限公司 Financial data processing method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107301522A (en) * 2017-06-26 2017-10-27 深圳前海华深安信物联技术有限公司 A kind of warehouse receipt system and application method based on block chain
CN108270551A (en) * 2018-02-02 2018-07-10 上海二秒科技有限公司 A kind of safety service structure system on block chain
CN108683705A (en) * 2018-04-10 2018-10-19 北京工业大学 Internet of Things data sharing method based on block chain
CN109040235A (en) * 2018-08-01 2018-12-18 厦门大学 A kind of storage method of the industrial control system operation note based on block chain technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107301522A (en) * 2017-06-26 2017-10-27 深圳前海华深安信物联技术有限公司 A kind of warehouse receipt system and application method based on block chain
CN108270551A (en) * 2018-02-02 2018-07-10 上海二秒科技有限公司 A kind of safety service structure system on block chain
CN108683705A (en) * 2018-04-10 2018-10-19 北京工业大学 Internet of Things data sharing method based on block chain
CN109040235A (en) * 2018-08-01 2018-12-18 厦门大学 A kind of storage method of the industrial control system operation note based on block chain technology

Also Published As

Publication number Publication date
CN109639406A (en) 2019-04-16

Similar Documents

Publication Publication Date Title
CN109639406B (en) Efficient trust solution method based on block chain and IPFS
US11025435B2 (en) System and method for blockchain-based cross-entity authentication
CA3058013C (en) Managing sensitive data elements in a blockchain network
CN111066020B (en) System and method for creating a decentralised identity
EP4047487A1 (en) File storage method, terminal, and storage medium
CN111095865B (en) System and method for issuing verifiable claims
CN111295869B (en) System and method for authenticating decentralized identity
US20210075589A1 (en) System and method for blockchain-based cross-entity authentication
US20190036895A1 (en) Data distribution over nodal elements
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN110417750B (en) Block chain technology-based file reading and storing method, terminal device and storage medium
CN111095327A (en) System and method for verifying verifiable claims
CN109753815B (en) Data processing method based on block chain, data processing network and electronic equipment
CN111294379B (en) Block chain network service platform, authority hosting method thereof and storage medium
Malik et al. Blockchain based identity verification model
Liu et al. Design patterns for blockchain-based self-sovereign identity
CN115769241A (en) Privacy preserving architecture for licensed blockchains
CN111291394B (en) False information management method, false information management device and storage medium
Li et al. Deduplication with blockchain for secure cloud storage
Li et al. Blockchain-based secure and reliable distributed deduplication scheme
CN115705571A (en) Protecting privacy of auditable accounts
Chen et al. FileWallet: A File Management System Based on IPFS and Hyperledger Fabric.
JP2024509666A (en) Blockchain data segregation
JP2024501401A (en) Decentralized broadcast encryption and key generation facility
Liu et al. A decentralized copyright protection, transaction and content distribution system based on blockchain 3.0

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant