CN110445795B - Block chain authentication uniqueness confirmation method - Google Patents

Block chain authentication uniqueness confirmation method Download PDF

Info

Publication number
CN110445795B
CN110445795B CN201910746615.1A CN201910746615A CN110445795B CN 110445795 B CN110445795 B CN 110445795B CN 201910746615 A CN201910746615 A CN 201910746615A CN 110445795 B CN110445795 B CN 110445795B
Authority
CN
China
Prior art keywords
node
authentication
alliance
nodes
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910746615.1A
Other languages
Chinese (zh)
Other versions
CN110445795A (en
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Easy to sign chain (Shenzhen) Technology Co.,Ltd.
Original Assignee
Easy To Sign Chain Shenzhen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Easy To Sign Chain Shenzhen Technology Co ltd filed Critical Easy To Sign Chain Shenzhen Technology Co ltd
Priority to CN201910746615.1A priority Critical patent/CN110445795B/en
Publication of CN110445795A publication Critical patent/CN110445795A/en
Application granted granted Critical
Publication of CN110445795B publication Critical patent/CN110445795B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a block chain authentication uniqueness confirmation method, which comprises the following steps: constructing a dynamic authorization node set for each alliance, and verifying the uniqueness of the virtual token by partitioning; the agent of the alliance broadcasts the block header file data to all the internal confirmation nodes; and the confirmation node can authenticate the same virtual token at the same time only once according to the sequence of the header information, namely the same VC _ ID is not allowed to appear in the block header file data of other alliances. The block chain authentication uniqueness confirmation method provided by the invention broadcasts the global alliance block to all alliance agents from the accounting node set, and then broadcasts the message or the block to the affiliated alliance authentication nodes by the agents, thereby being capable of helping to eliminate network congestion caused by directly broadcasting the message to the whole network nodes and relieving overtime of the message or overlong block updating delay.

Description

Block chain authentication uniqueness confirmation method
Technical Field
The present invention relates to a block chain, and more particularly, to a block chain authentication uniqueness confirming method.
Background
Blockchains are a distributed infrastructure that utilizes a chained data structure to verify and store data. As the block chain network can realize mutual verification among nodes through an algorithm, the distributed accounting mode can realize safe identity authentication without depending on a central server. Each newly generated block is advanced strictly according to the time line sequence, and the behavior of trying to invade and tamper the data information in the block chain is easy to trace. Therefore, the block chain technology is increasingly widely applied in the field of identity authentication. However, the blockchain in the prior art is larger and larger with the larger data volume, and if each identity authentication is verified by all authentication nodes, the delay and the throughput are obviously lower; and the data volume geometric grade of the ledger is increased by summarizing all the identity authentication data, and if the identity authentication data is maintained by a single authentication node, the storage cost of the whole block chain system is obviously higher.
Disclosure of Invention
To solve the above problems in the prior art, the present invention provides a block chain structured storage control method, which includes:
forming a block chain of a plurality of alliances, wherein the block chain formed by a plurality of authentication nodes in the alliances stores the identity authentication content of the virtual token; a set of authorized nodes is dynamically determined for each federation for verifying the uniqueness of the virtual token.
Preferably, the federations have unique identity identifiers, two parties requesting authentication can initiate authentication requests through different federations, and a virtual token can be transmitted on any one federation, wherein the virtual token is globally unique.
Preferably, the authentication request is described as:
TR=(src,des,VC_ID,key,TR_ID);
wherein VC _ ID is the unique identification of the virtual token VC in the whole network, and src represents a virtual token sender; des represents a virtual token recipient; key represents the private key of both sides requesting authentication; TR _ ID represents the unique authentication request ID of the whole network of the authentication request;
the authentication request TR has three states:
s (tr) { undetermined, not validated, validated };
by verifying that the identity authentication content meets the uniqueness, the state of the identity is changed from undetermined to effective; by verifying that the identity authentication does not satisfy uniqueness, the status of the identity is changed from undetermined to not validated.
Preferably, the authorization node sets dynamically change over time, and the authorization node sets of each federation vote to be generated from authentication nodes of other federations in the whole network.
Preferably, the operation of voting from the authentication nodes of other federations in the whole network to generate the authorization node set of each federation is initiated by the agent of the current federation, which votes out from the internal blockchain of the current federation and is responsible for communication with the agents of the other federations.
Preferably, the authorization node sets of all the alliances randomly select a group of nodes from the nodes in the whole network as an account entry node set; a confirmation node contained in the authorization node set sends a hash index meeting the uniqueness of identity authentication to the account entry node set; the set of posting nodes updates the global federation block.
Preferably, an expiration date is set for the authorization node set and the posting node set.
Compared with the prior art, the invention has the following advantages:
the invention provides a block chain structured storage control method, which realizes block capacity expansion by constructing a multi-layer block chain structure, reduces the problem of delay increase caused by an identity authentication process, and ensures the uniqueness of each identity authentication in the whole block chain system.
Drawings
FIG. 1 is a flowchart illustrating a block-chain structured storage control method according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the present invention provides a block-chain structured storage control method. FIG. 1 is a flow chart of a block-chain structured storage control method according to an embodiment of the present invention.
The invention constructs a multi-level block chain of alliances, wherein participants are a plurality of alliances, the alliances have unique identity identifiers, each alliance consists of a plurality of authentication nodes, and the block chain of each alliance stores the internal identity authentication content of a virtual token; the virtual token is globally unique and can be transmitted in any alliance; the two parties requesting authentication can initiate authentication requests through different alliances, and can transmit the virtual token on any alliance. Each alliance maintains an internal block chain, and all alliances maintain a global alliance chain collectively; and the authorization node set of each alliance verifies the uniqueness of the virtual token, so that the uniqueness of the virtual token in different alliances is ensured. By constructing a dynamic authorization node set for each alliance, partition verification is carried out on the uniqueness of the virtual token, and the system throughput is improved; the authorized node set dynamically changes along with time, and data tampering by mutual collusion of alliances is prevented.
The global federation chain stores a reliable token hash index, and the blockchain of each federation stores authentication data for internal authentication nodes. Voting an authentication node called a proxy of the alliance by the internal block chain of the alliance, wherein the proxy is responsible for communicating with the proxies of other alliances; voting from the authentication nodes of other alliances in the whole network generates an authorization node set of the current alliance.
Randomly selecting a group of nodes from the nodes of the whole network as an account entry node set by the authorization node sets of all the alliances; the initial authorized node sets of the federations are voted from the network-wide nodes by the agents of the federations, and the posting node sets are voted from the network-wide nodes by the initial node sets of all the federations. Broadcasting the block header file data to an authorized node set of the alliance by an agent of the alliance; the authorization node set of the alliance verifies whether the identity authentication meets the uniqueness;
the confirmation node of the alliance sends the hash index meeting the uniqueness of the identity authentication to an account entry node set; the set of posting nodes updates the global federation block.
And the virtual token VC is uniquely identified through a VC _ ID whole network. The authentication request is described as TR ═ (src, des, VC _ ID, key, TR _ ID), where src represents the virtual token issuer; des represents a virtual token recipient; key represents the private key of both sides requesting authentication; the TR _ ID represents an authentication request ID, and the authentication request ID is unique over the entire network. The authentication result has three states s (tr) { undetermined, not validated, validated }. By verifying that the identity authentication content meets the uniqueness, the state of the identity is changed from undetermined to valid; by verifying that the identity authentication does not satisfy uniqueness, the status of the identity is changed from undetermined to not validated. The validated authentication TR is the identity authentication satisfying the uniqueness. The alliance Ai∈{P1,…,PNAnd N represents the number of alliances in the block chain network.
Alliance AiRepresenting different participants in a blockchain network using public key addressAnd identifying the line and storing the identity of other alliances. Each federation containing a plurality of authentication nodes ANij,j≤ni,ANijRepresenting federation AiThe jth authentication node of (n)iRepresenting federation AiThe number of authentication nodes. The authentication nodes communicate with each other through an asynchronous message mechanism. Different roles are set for the wallet according to different requirements, including: the system comprises an account-entering node UN, a confirmation node VN and a common authentication node ON. The entry node is responsible for maintaining the global alliance chain; the confirmation node is responsible for verifying whether the identity authentication meets the uniqueness; both the posting node and the validation node maintain internal blockchains and verify whether identity authentication meets intra-organization uniformity. The generic authentication node simply initiates an authentication request, maintains an internal blockchain, and verifies that the identity authentication meets the unity within the organization. The authentication node is identified by a public key address.
Alliance AiAll authentication nodes AN ofijStorage federation AiPrivate key of using federation AiThe private key of (a) and the private key of the authentication node sign the block. Alliance AiVNG (authorization node set)iConsisting of validation nodes, verifying federation AiWhether the authentication of (1) satisfies uniqueness; alliance AiThe authorization node set of (2) dynamically changes with time, and a group of nodes are randomly selected from nodes in the whole network as a alliance A by the current authorization node setiThe next validity period of (c) confirms the node set. Account node set UNGiThe node set is composed of entry nodes, and the current entry node set is composed of a group of nodes randomly selected from the whole network by the main node of the authorized node set of all alliances in each unit validity period and dynamically changes along with time.
For example, suppose a network-wide federation A1,A2,A3And the three alliances respectively comprise 7 authentication nodes. Voting to select authentication node A11,A21,A31As a respective proxy for each federation. Then A is11Responsible for other alliances A2,A3In the authentication node of (1) voting to generate alliance A1VNG (authorization node set)1Assume an initial VNG1Node set is A22,A35。A21Responsible for subordinate federation A1,A3In the authentication node of (1) voting to generate alliance A2VNG (authorization node set)2Assume an initial VNG2Node set is A12,A34。A31Responsible for subordinate federation A1,A2In the authentication node of (1) voting to generate alliance A3VNG (authorization node set)3Assume an initial VNG3Node set is A15,A24. All the above authorization node sets A22,A35,A12,A34,A15,A24Randomly selecting a group of nodes from nodes of the whole network as an account-entering node set, and assuming the node set is A23,A37,A15. I.e. node a22,A35Not only for determining a set of posting nodes, but also for monitoring federation A1If the authentication satisfies the uniqueness, and the state of the authentication request ID passing the verification is modified to be valid, and then the authentication request ID is sent to the posting node set A23,A37,A15. In the same way, node A12,A34Monitoring federation A2Whether the authentication of (2) satisfies uniqueness, node A15,A24Monitoring federation A3If the authentication satisfies the uniqueness, the state of the authentication request ID passing the verification is modified to be valid and then sent to the posting node set A23,A37,A15. The set of posting nodes is used to construct a global federation block.
Based on the block chain structure of the present invention, assume a certain alliance A3Trying to tamper the authentication data and the related blocks, and if the block needs to be validated, sending the blocks in the tampered global alliance block chain to all authentication nodes (namely, A)31,…,A37) Performing verification; and the block of the global alliance chain is required to be changed after the block is changed; all other alliances (A) need to be changed at the same time1And A214 nodes total), at such a high cost that maliciously modified data is hardly effective.
The block chain inside the alliance is formed by connecting alliance sub-blocks, and the alliance block stores inside authentication data and a block header file; the block header file stores TR _ ID, authenticator list and VC _ ID of all authentications in the block; and the global alliance block links different alliance block chains to form a global alliance chain. The global federation chunk stores only valid certificates that satisfy uniqueness, in the format: GB [ < exp _ ID, PB _ ID, NB _ ID, TRset >, wherein PB _ ID represents the identification of a block chain inside the federation, NB _ ID represents a hash index value of a federation block on PB _ ID, TRset represents a TR _ ID set of trusted authentication and comprises a corresponding virtual token VC _ ID, exp _ ID represents a deadline sequence number to which the new federation belongs, and when a new federation is added, the current and new authorized node sets and an accounting node set are quickly acquired according to exp _ ID.
Authorization node set for each federation AiThe method comprises the steps that an authorization node set utilizes block header file data to verify whether identity authentication meets uniqueness or not, authentication nodes to which alliances belong maintain internal block chains through a consensus algorithm, and alliance AiThe authorization node set sends the authenticated TR _ ID without uniqueness problem to the posting node set; only if the TR _ ID of an authentication is written into the global federation chain by the set of accounting nodes, the authentication is considered a trusted authentication.
Preferably, the set of authorized nodes has a validity period. In the process of generating the authorization node set, the current authorization node set is the alliance A before the validity period arrivesiAnd constructing an authorized node set of the next validity period. Specifically, to ensure federation AiAt least more than half of the initial authorized node set of (A) exist as reliable nodesiThe agent randomly selects M confirmation nodes from the whole network as a alliance AiInitial set of authorized nodes, M>3N/4. Selecting one confirmation node in each alliance as alliance AiAuthorizing a candidate node of a set of nodes; sending the selection result to other M-1 confirmation nodes and the alliance AiThe agent of (2); taking M confirmation nodes with the most occurrence times as a alliance AiVNG (authorization node set)i(ii) a The agents of each federation broadcast the statistics to internal authentication nodes, VNGsiEach of the acknowledging nodes communicate with each other, thereby establishing a connection between the acknowledging nodes.
The Byzantine theorem shows that at least more than 3N/4 trusted nodes exist in the whole network, so that the maximum N/4 untrusted agents exist in a chain of N nodes, and therefore, a block chain updating node set at least comprises (N +1)/2 security authentication nodes, so that the block chain updating node set is trusted.
Preferably, the current set of authorized nodes VNG is before the end of the validity periodiRandomly selecting M alliances, and selecting one node satisfying the following conditions as an alliance A in each allianceiVNG for next validity periodiI.e. any node may not be continuously a validation node for any federation, and M>3N/4; the voting result of the node is sent to other M-1 confirmation nodes and the alliance AiThe agent of (2); counting again the M nodes with the largest occurrence number as the new VNGiAnd sending the final result, namely the candidate authorization node set with the next validity period, to the posting node set. The posting node set takes the confirmation node with the largest occurrence frequency of the next validity period candidate node set as the alliance AiThe next validity period of (2) authorizes the node set VNGi. And when the accounting node set calculates new authorized node sets of all the alliances, sending the node list of the new authorized node sets to the current confirmation node and the new confirmation node of each alliance. The account-entering node UN sends the VNG of each allianceiThe node list is broadcast to 1/4 Federation agents, each of which sends a node set message for the next validity period to the internal authentication nodes. Based on the mechanism, the node list information of the correct authorized node set is received by the confirmation node in the next validity period.
During each validity period, federation AiAuthorization node set of verifying federation AiWhether the authentication of (2) satisfies uniqueness. Preferably, federation AiThe agent broadcasts the internal block header file data to the alliance AiVNG (authorization node set)i;VNGiAnd broadcasting the TR _ ID meeting the unique identity authentication to the posting node set. And selecting a group of nodes from the nodes of the whole network as an account entry node set UNG of the next validity period by the authorization node sets of all the alliances.
Based on the previousWhen the authorized node set A is determined22,A35,A12,A34,A15,A24Thereafter, if a predetermined validity period, such as 10 minutes, is exceeded, node set A is authorized22,A35,A12,A34,A15,A24The authorized node role of (c) will fail. Thus within 10 minutes for federation A1,A2,A3Corresponding agent A11,A21,A31Organize Current node set A22,A35,A12,A34,A15,A24Voting is carried out, the next round of authorized node sets are reselected, and a new authorized node set selected according to the number of votes is assumed to be A25,A32,A16,A37,A11,A23Broadcasting the voting result in each alliance, and selecting an accounting node set with the next validity period from the nodes of the whole network by using a new authorization node set, for example, A13,A36,A14. The set of posting nodes is used to construct a global federation block.
After the authorization node set sends the identity authentication meeting the uniqueness to the posting node set, the posting node set constructs a global alliance block; and federation AiAfter the block header file data is sent to the authorization node set, the alliance A is continuously constructed without waiting for the verification of the authorization node setiGlobal federation block.
If the alliance broadcasts the identity authentication to all nodes in the whole network each time, the communication cost of the whole network is N2(ii) a If the alliance sends the specific identity authentication content to the internal authentication nodes of other alliances, the problem of privacy information leakage is easily caused. If the alliance broadcasts the block content to the whole network, the authentication uniqueness verification time is prolonged, and the storage and maintenance cost of the block chain is increased. In order to reduce the network communication cost and improve the system throughput, the preferred embodiment of the invention adopts the following process to verify and confirm the uniqueness of the authentication:
alliance AiThe agent broadcasts the block head file data to all internal confirmation nodes; it doesAnd the node performs the uniqueness verification of the alliance block according to the sequence of the header information and the following rules: the same virtual token at the same time can only be authenticated once, i.e. the same VC _ ID is not allowed to appear in the header file data of other federation. The block header file contains the following information: the list of all authenticated TR _ ID of the internal chunk, the list of related authenticator, the federation private key, the creation time, the hash value of the previous chunk, the list of VC _ ID, the ID of the current global federation chunk. Alliance AiThe authorization node set sends the unique authentication TR _ ID after the current node set is verified to the account entry node set in a message form, and the message format MSG is as follows: msg ═<PB_ID,NB_ID,TR_ID,VC_ID,BlockID,Key>The Block ID is a private Key of a current global alliance block number and Key representing node; and the posting node set ensures that the authentication content meets the uniqueness according to the rule that the same VC _ ID can only appear once in the same block. At the end of the current validity period, the current validation node VN terminates all block header file data verification processes and deletes unprocessed block header file data. Alliance AiVNG for broadcasting block header file data to authorized node setiIf alliance A within a certain time intervaliIf the verification result is not received, the block header file data is sent again. With the above mechanism, the delay does not exceed the time interval at most for the block header file data whose verification is suspended.
Therefore, the global alliance block is broadcasted to all alliance agents by the entry node set, and the agents broadcast the message or the block to the affiliated alliance authentication nodes; the general network condition between the internal authentication nodes is good; therefore, the mechanism based on the invention can help eliminate network congestion caused by direct broadcasting to the nodes of the whole network, and relieve message overtime or overlong block updating delay.
When a new posting node set is selected, the authorization node sets of all the unions send voting information to the current posting node set, the current posting node set counts out M nodes with the highest voting number, the M nodes are used as posting node sets of the next validity period, and meanwhile, each confirmation node sends posting node set information of the next validity period to the agents of all the unions and the posting node set of the next validity period in a multicast mode, namely, each posting node broadcasts messages to the agents of the whole network 1/4 unions and the posting nodes of the next validity period.
When the same posting task is faced, due to the difference of hardware processing capacity between different nodes, the high-computing-power node may be idle, while the low-computing-power node is always in a busy state, which affects the overall efficiency. Therefore, in a further embodiment of the invention, the computing power of the authentication node is comprehensively considered when voting for selecting the posting node. The node computing power includes but is not limited to storage capacity, core number, main frequency, bus IO rate and network bandwidth, and the computing power of the authentication node is computed in a weighted summation mode.
Firstly, the node calculation force parameters are subjected to normalization calculation:
Figure BDA0002165349930000091
wherein, UijRepresentative of federation AiNormalized calculation power parameter, U, of the jth authentication node of (1)jRepresenting federation AiBefore normalization of the jth authentication node, Umin iRepresentative of federation AiThe minimum value of the same parameter of each node in the system,
Figure BDA0002165349930000092
representative of federation AiCalculating the average value of the force parameters. n isiRepresenting federation AiThe number of authentication nodes.
According to the parameter normalization result, the calculation force of the node hardware can be accurately described, and the weighted average value U 'of each component is calculated'ij
U’ij=k1×Uij(1)+k2×Uij(2)+…+kx×Uij(x)
Wherein, Uij(1)、Uij(2)…Uij(x) Computing x components of force parameters, e.g. storage capacity, core frequency, bandwidth, etc., k, for nodes obtained from parameter normalization1,k2,…kxRepresenting the corresponding weight, i.e. the degree of influence of the performance component on the node computation.
Preferably, after each interaction process between the posting node and the authorization node, the authorization node scores the performance of the posting node to obtain a score for SCijAnd after the representative posting node j provides interaction for the authorization node i, the authorization node i gives a score to the posting node j.
Therefore, U 'will be used whenever a new set of authorized nodes picks a new set of billed nodes from the full mesh nodes'ij×SCijAs a reference weight for the full net vote.
In the process of building the global alliance block, if all nodes participate in competition to generate the global alliance block, high delay and waste of computing power are caused. The global federation block generation mechanism is therefore improved in preferred embodiments of the present invention to improve system throughput. Specifically, when a block is constructed, the block is constructed in an independent branch mode, and each branch is updated independently, so that the limitation on the system throughput is avoided. And voting for selecting a plurality of main nodes to simultaneously construct a global alliance block in each unit validity period, verifying the global alliance block constructed by each main node according to the time sequence, broadcasting the global alliance block which is verified to pass firstly to all alliances of the accounting node set, and deleting the global alliance blocks constructed by other main nodes. The problem of delay increase caused by the fact that a malicious node serves as a main node is solved by voting a plurality of main nodes to simultaneously construct a block in each unit validity period.
Each posting node judges the global alliance block which is firstly agreed and passed based on the timestamp, and broadcasts the global alliance block to agents of Z alliances, wherein N/4< Z < 3N/4; since each node receives the global alliance block for a plurality of times, the node can be guaranteed to receive the correct global alliance block.
In summary, the present invention provides a block chain structured storage control method, which realizes block capacity scalability by constructing a multi-level block chain structure, alleviates the problem of delay increase caused by an identity authentication process, and ensures uniqueness of each identity authentication in the whole block chain system.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (8)

1. A block chain authentication uniqueness confirmation method is characterized in that a block chain is a multi-level alliance block chain, participants are a plurality of alliances, each alliance is composed of a plurality of authentication nodes, each authentication node comprises a confirmation node, and the block chain of each alliance stores internal identity authentication content of a virtual token; the method is characterized in that the authorization node set of each alliance verifies the uniqueness of the virtual token to ensure that the virtual token meets the uniqueness in different alliances, and the method comprises the following steps: constructing a dynamic authorization node set for each alliance, and verifying the uniqueness of the virtual token by partitioning; the confirmation node is responsible for verifying whether the identity authentication meets the uniqueness; the authorization node set of the alliance consists of confirmation nodes; the agent of the alliance broadcasts the block header file data to all the internal confirmation nodes; and the confirmation node performs the uniqueness verification of the alliance block according to the sequence of the header information and the following rules: the same virtual token at the same time can be authenticated only once, namely the same VC _ ID is not allowed to appear in the block header file data of other alliances; the VC _ ID is a unique identification of the virtual token VC in the whole network;
the agent of the alliance votes for one authentication node selected from the internal block chain of the alliance and is responsible for communicating with the agents of other alliances; the authorization node set of the current alliance is voted from the authentication nodes of other alliances in the whole network; the method further includes voting, by an agent of the federation, an initial set of authorized nodes of the federation from the full network nodes; the method comprises the steps that an account entry node set is generated by voting from all network nodes through initial authorized node sets of all alliances, or a group of nodes are randomly selected from all network nodes through the authorized node sets of all alliances to serve as the account entry node set;
the method further comprises the following steps: and the confirmation node of the alliance sends the hash index meeting the uniqueness of the identity authentication to the accounting node set, and the accounting node set updates the global alliance block.
2. The method for confirming the uniqueness of block chain authentication as claimed in claim 1, wherein the authentication request is described as TR ═ (src, des, VC _ ID, key, TR _ ID), src represents a virtual token issuer; des represents a virtual token recipient; key represents the private key of both sides requesting authentication; the TR _ ID represents an authentication request ID, and the authentication request ID is unique over the entire network.
3. The method of claim 2, wherein the chunk header file comprises the following information: the list of all authenticated TR _ ID of the internal chunk, the list of related authenticator, the federation private key, the creation time, the hash value of the previous chunk, the list of VC _ ID, the ID of the current global federation chunk.
4. The method for confirming the uniqueness of block chain authentication as claimed in claim 2, wherein the authorized node set of the federation sends the authentication TR _ ID with uniqueness verified by the current node set to the posting node set in a message format MSG as follows: msg is < PB _ ID, NB _ ID, TR _ ID, VC _ ID, BlockID, Key >, wherein BlockID is the current private Key of the node represented by the block number of the global alliance and Key; and ensuring that the authentication content meets the uniqueness according to the rule that the same VC _ ID can only appear once in the same block, wherein PB _ ID represents the identification of the block chain in the federation, and NB _ ID represents the hash index value of the federation block on PB _ ID.
5. The blockchain authentication uniqueness validation method according to claim 1, wherein at the end of the current validity period, the current validation node VN terminates all block header file data verification processes and deletes unprocessed block header file data.
6. The method of claim 1, wherein federation A does not have a block chain authentication uniqueness schemeiVNG for broadcasting block header file data to authorized node setiIf alliance A within a certain time intervaliIf the verification result is not received, the block header file data is sent again.
7. The method of claim 1, wherein the computational power of the authentication node is taken into account when voting for selecting the posting node; the node calculation power comprises storage capacity, core number, master frequency, bus IO rate and network bandwidth, and the calculation power of the authentication node is calculated in a weighted summation mode.
8. The method of claim 7, wherein the node calculation is performed as follows:
a. and (3) carrying out normalized calculation on the node calculation force parameters:
Uij=
Figure 476834DEST_PATH_IMAGE001
(1)
wherein, UijRepresentative of federation AiNormalized calculation power parameter, U, of the jth authentication node of (1)jRepresenting federation AiThe original parameters before normalization of the jth authentication node of (1),
Figure 393974DEST_PATH_IMAGE002
representative of federation AiThe minimum value of the same parameter of each node in the system,
Figure 173711DEST_PATH_IMAGE003
representative of federation AiCalculating the average value of the force parameters; n isiRepresenting federation AiThe number of authentication nodes of (a);
b. according to the parameter normalization result, the calculation force of the node hardware can be accurately described, and the weighted average value U 'of each component is calculated'ij
U’ij= k1×Uij(1)+ k2×Uij(2)+ …+ kx×Uij(x)
Wherein, Uij(1)、Uij(2)…Uij(x) For calculating x components, k, of force parameters from nodes obtained by parameter normalization1,k2,…kxRepresenting the influence degree of the corresponding weight, namely the performance component, on the calculation force of the node;
c. after the account entry node interacts with the authorization node every time, the authorization node scores the performance of the account entry node to obtain the SCijAfter representing the posting node j to provide interaction for the authorization node i, the authorization node i gives scores to the posting node j;
u 'is selected whenever a new set of authorized nodes selects a new set of billed nodes from the full mesh nodes'ij×SCijAs a reference weight for the full net vote.
CN201910746615.1A 2018-11-30 2018-11-30 Block chain authentication uniqueness confirmation method Active CN110445795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910746615.1A CN110445795B (en) 2018-11-30 2018-11-30 Block chain authentication uniqueness confirmation method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811450068.4A CN109347877B (en) 2018-11-30 2018-11-30 Block chain structure storage controlling method
CN201910746615.1A CN110445795B (en) 2018-11-30 2018-11-30 Block chain authentication uniqueness confirmation method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201811450068.4A Division CN109347877B (en) 2018-11-30 2018-11-30 Block chain structure storage controlling method

Publications (2)

Publication Number Publication Date
CN110445795A CN110445795A (en) 2019-11-12
CN110445795B true CN110445795B (en) 2021-12-14

Family

ID=65319419

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201910746615.1A Active CN110445795B (en) 2018-11-30 2018-11-30 Block chain authentication uniqueness confirmation method
CN201811450068.4A Active CN109347877B (en) 2018-11-30 2018-11-30 Block chain structure storage controlling method

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201811450068.4A Active CN109347877B (en) 2018-11-30 2018-11-30 Block chain structure storage controlling method

Country Status (1)

Country Link
CN (2) CN110445795B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324421B (en) * 2019-07-03 2021-08-27 广东投盟科技有限公司 Information processing method and block chain node equipment
CN111818152B (en) * 2020-07-02 2021-04-30 电子科技大学 Leader election consensus method based on distributed network
CN111915303A (en) * 2020-10-14 2020-11-10 广东博嘉拓建筑科技有限公司 Workload settlement method, device, server and medium
CN112738215B (en) * 2020-12-28 2023-03-24 杭州趣链科技有限公司 Block chain node authorization method, block chain node authorization device, terminal equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN108737418A (en) * 2018-05-22 2018-11-02 飞天诚信科技股份有限公司 A kind of identity identifying method and system based on block chain
CN108833081A (en) * 2018-06-22 2018-11-16 中国人民解放军国防科技大学 Block chain-based equipment networking authentication method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107147735B (en) * 2017-05-12 2020-08-11 北京博晨技术有限公司 Distributed account book system based on hierarchical structure
CN107528886B (en) * 2017-07-25 2020-07-31 中国科学院计算技术研究所 Block chain full-network splitting method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN108737418A (en) * 2018-05-22 2018-11-02 飞天诚信科技股份有限公司 A kind of identity identifying method and system based on block chain
CN108833081A (en) * 2018-06-22 2018-11-16 中国人民解放军国防科技大学 Block chain-based equipment networking authentication method

Also Published As

Publication number Publication date
CN109347877A (en) 2019-02-15
CN110445795A (en) 2019-11-12
CN109347877B (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN110445795B (en) Block chain authentication uniqueness confirmation method
CN109842606B (en) Block chain consensus algorithm and system based on consistent Hash algorithm
CN112637189B (en) Multi-layer block chain cross-domain authentication method in application scene of Internet of things
US11128522B2 (en) Changing a master node in a blockchain system
CN108429759B (en) Decentralized storage safety implementation method
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN110288480B (en) Private transaction method and device for blockchain
WO2020133326A1 (en) Blockchain generation method and system, and computer storage medium and electronic device
CN110289966A (en) Anti-adaptive attack alliance&#39;s chain common recognition method based on Byzantine failure tolerance
CN113328997B (en) Alliance chain crossing system and method
CN111314067A (en) Block storage method and device, computer equipment and storage medium
CN115378604B (en) Identity authentication method of edge computing terminal equipment based on reputation value mechanism
CN109685505B (en) Byzantine fault-tolerant consensus optimization method based on association ring signature
CN111106940A (en) Certificate transaction verification method of resource public key infrastructure based on block chain
CN114139203B (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
CN115051985B (en) Data consensus method of Bayesian-preemption fault-tolerant consensus protocol based on dynamic nodes
CN112116349B (en) High-throughput-rate-oriented random consensus method and device for drawing account book
CN112039837B (en) Electronic evidence preservation method based on block chain and secret sharing
Le et al. A lightweight block validation method for resource-constrained iot devices in blockchain-based applications
CN111582843A (en) Block chain privacy transaction method based on aggregated signature
CN112152778A (en) Node management method and device and electronic equipment
KR20200081533A (en) Blockchain Consensus Method based Improved Dynamic Blind Voting for Internet of Things Environment
CN115270145A (en) User electricity stealing behavior detection method and system based on alliance chain and federal learning
CN114745140B (en) Urban planning field block chain consensus verification method and system based on aggregation encryption
CN114826699B (en) Byzantine attack resisting method in decentralized federal learning based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20211124

Address after: 518000 No. A15, floor 4, block r2-b, Gaoxin industrial village, No. 020, Gaoxin South seventh Road, Gaoxin community, Yuehai street, Nanshan District, Shenzhen, Guangdong

Applicant after: Easy to sign chain (Shenzhen) Technology Co.,Ltd.

Address before: 510000 Building A30, 68 Nanxiang Road, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: GUANGZHOU ZHIHONG TECHNOLOGY CO.,LTD.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant