CN110781525A - File information security management system and method based on block chain - Google Patents
File information security management system and method based on block chain Download PDFInfo
- Publication number
- CN110781525A CN110781525A CN201911155247.XA CN201911155247A CN110781525A CN 110781525 A CN110781525 A CN 110781525A CN 201911155247 A CN201911155247 A CN 201911155247A CN 110781525 A CN110781525 A CN 110781525A
- Authority
- CN
- China
- Prior art keywords
- transaction
- block
- archive
- database
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a block chain-based archive information security management system and a block chain-based archive information security management method. The system comprises a unified data management tool, a local archive system database and a blockchain network, wherein the unified data management tool is configured to be in communication connection with the local archive system database and is adaptive to various types of archive databases, the blockchain network comprises a plurality of nodes which are in communication connection with each other and performs information interaction with the unified data management tool, and the unified data management tool acquires operation logs of the local archive system database and unifies the operation logs into transaction data and issues the transaction data to the blockchain network; the blockchain network performs signature verification and transaction data consensus on the received transaction data; and the unified data management tool operates the local file system database according to the transaction result. The invention realizes efficient and automatic database log consensus and provides support for file integrity authentication, operation tracing and file data backup.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a block chain-based archive information security management system and a block chain-based archive information security management method.
Background
With the rapid development of the internet, cloud computing and mobile equipment, the data scale is increased rapidly, a large number of electronic files with storage value are generated, and further the construction of a digital file system becomes the inevitable development trend of file work. By using the electronic file management system, a convenient and quick service mode and way can be provided for file information inquiry, a foundation is laid for realizing file information resource sharing, and conditions are created for information connection of electronic government affairs and paperless office work. Through digital archives, make paper and other various forms's archives original paper obtain effective protection, both strengthened the management and conveniently utilized. However, the digital archive systems on the market are very varied, and these systems bring many potential safety hazards and challenges to digital archive authority while being efficient and convenient, such as archive data tampering, hacking, backup data cooperative recovery capability, and the like. Therefore, it is a practical issue to be solved urgently to construct a security management method and mechanism for different digital archive database systems.
Digital archive database system data typically includes digitized archive data, user data, and user operational data. The digital archive data is the core element of the digital archive data, such as a lightweight paper archive digital copy, a native electronic file, directory data and metadata, and a storage path of a weighted archive file; the user data comprises basic information and authority management information of a digital file system user; the user operation data is formed by performing operations such as writing, modifying, data reporting, statistics and the like on the data of the file system, and the operation traces can trace the use history of the digital file system by the user. The digital archive system data is an important certificate of history, is an important content of digital resource accumulation, use and management, and once damaged, the data can cause irreparable loss to countries, enterprises and society.
The data backup work of the digital archive database is the basis and the premise of safely managing the archive database, and the current mainstream data backup technology comprises a data snapshot technology and a data replication technology. The data snapshot technology refers to a fully available copy of a specified data set, and can perform data recovery in time when an application failure or file damage occurs to a storage device, so as to recover the data to a state of a snapshot generation time point. The snapshot technology has the advantages of short backup and recovery windows, small performance loss, high capacity utilization rate and the like, is suitable for protecting data loss caused by soft faults such as human errors and the like, but cannot realize real-time data backup, namely, data after a snapshot generation time point is lost. Data replication, i.e., data mirroring, is a simple operation of replicating data from one host (or disk) to another host (disk) in real time by replication software to generate a data copy. However, the data replication technology generally needs the support of related hardware devices, and if the device size is large, the cost is high. In addition, it cannot prevent the occurrence of disasters such as system failures, data loss, damage, and erroneous deletion. If the primary site data is lost, corrupted or mistakenly deleted, the data on the backup site will also have a chain reaction.
The prior art still faces a plurality of difficulties in the research of data disaster recovery and operation tracing of different digital archive database systems. Firstly, difficulties caused by different database systems adopted by each unit are reflected in different modes of data access, submission, backup and the like of different archive databases, and the transactional supporting capability is different, so that the archive data disaster recovery center needs to simultaneously face various different databases, and the related interface development work is carried out on a specific database, so that the archive data disaster recovery center is complex in construction and high in cost; secondly, the operation data of the file system is difficult to trace back and recover due to artificial false deletion, malicious tampering, data loss caused by a data migration process and the like; finally, the management is difficult, the digital archive data of the same unit can be scattered to be stored in different departments, the centralized and unified management is difficult, and the management difficulty is increased because the modes of the data disaster recovery centers are different.
Disclosure of Invention
The present invention is directed to overcome the above-mentioned drawbacks of the prior art, and to provide a block chain-based archive information security management system and method.
According to a first aspect of the present invention, a block chain-based archive information security management system is provided. The system comprises a unified data management tool, a local archive system database, and a blockchain network, wherein the unified data management tool is configured to be in communication connection with the local archive system database and to be adapted to multiple types of archive databases, the blockchain network comprises a plurality of nodes in communication connection with each other, and the blockchain network is configured to perform information interaction with the unified data management tool, and the unified data management tool comprises: the unified data management tool acquires the operation logs of the local file system database and unifies the operation logs into transaction data to be issued to the block chain network; the blockchain network performs signature verification and transaction data consensus on the received transaction data; and the unified data management tool operates the local file system database according to the transaction result fed back by the block chain network.
In one embodiment, the transaction data consensus comprises:
selecting a block proposer, extracting the transaction from the verified transaction pool and packaging the transaction into blocks, broadcasting the block submission information to all verification nodes of the block chain network, entering the next round of block consensus if the transaction is invalid or the broadcast is overtime, and entering a pre-vote stage if the transaction is valid;
the verification node enters a pre-voting stage after receiving the block information broadcast by the block proposer, votes for the block submitted in the previous round under the condition that the verification node is locked in the previous round of submission, and votes for the block submitted currently if the verification node is not locked in the previous round of submission;
entering the next round of block consensus under the condition that the result of the pre-vote does not meet the set consensus standard, and otherwise entering a pre-submission stage;
and entering the block consensus of the next round if the pre-submission result does not meet the set consensus standard, or entering a block submission stage if the pre-submission result does not meet the set consensus standard.
In one embodiment, the unified data management tool is configured to utilize mycat database middleware to adapt to multiple types of archive databases.
In one embodiment, the unified data management tool is configured to select whether to chain transaction data or perform a transaction rollback operation according to the stored account authority of the operator of the local archive system database after acquiring the operation log of the local archive system database.
In one embodiment, the construction of the verified transaction pool comprises:
and the unified data management tool submits the transaction to a transaction cache pool, verifies the local transaction, returns the transaction to the unified data management tool for processing if the verification fails, and adds the transaction to the verified transaction pool if the verification succeeds.
In one embodiment, the consensus criteria is set to favor tickets over 2/3.
In one embodiment, the block proposer is a verification node with the smallest public key or the largest weight in the block chain network.
In one embodiment, the blockchain network is configured such that a local node issues a signature of a private key required for a transaction, and a non-local node needs to have an authorized private key when accessing data of nodes in the blockchain network.
According to a second aspect of the present invention, a block chain-based archive information security management method is provided. The method comprises the following steps:
acquiring operation logs of a local file system database, unifying the operation logs into transaction data, and issuing the transaction data to a block chain network;
the blockchain network performs signature verification and transaction data consensus on the received transaction data;
and operating the local file system database according to the transaction result fed back by the block chain network.
Compared with the prior art, the invention has the advantages that: the characteristics of strong expansibility, high universality, wide support service and the like of a data management tool are combined to realize grafting of various existing digital file database systems; by utilizing the characteristics of decentralization, node data sharing, tamper resistance and the like in the block chain technology, the problems of low safety, weak disaster recovery capability and the like of a digital archive database are solved, efficient and automatic database log consensus is realized, and support is provided for applications such as file integrity authentication, operation tracing, archive data backup and the like.
Drawings
The invention is illustrated and described only by way of example and not by way of limitation in the scope of the invention as set forth in the following drawings, in which:
FIG. 1 is a schematic network structure diagram of a block chain-based archive information security management system according to an embodiment of the present invention;
FIG. 2 is a topological diagram of a block chain based archive information security management system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a block chain-based archive information security management method according to an embodiment of the present invention;
FIG. 4 is a flow diagram of blockchain consensus according to one embodiment of the present invention;
FIG. 5 is a flowchart of uplink transmission of file data according to an embodiment of the present invention;
FIG. 6 is a flow diagram of reading data from a blockchain according to one embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions, design methods, and advantages of the present invention more apparent, the present invention will be further described in detail by specific embodiments with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not as a limitation. Thus, other examples of the exemplary embodiments may have different values.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
The archive information security management system and method based on the block chain, which are provided by the invention, improve the existing management method of the existing archive database system by combining a unified data management tool and the block chain technology, and achieve the purposes of safe, credible, non-falsifiable and efficient management of archive data.
The block chain is a technical system which is commonly maintained by multiple parties, stores data in a block chain structure, ensures transmission and access safety by using cryptography, and can realize consistent storage, tampering and repudiation of the data. Blockchains can be understood as a nationwide accounting technique that records and stores every transaction that occurs in the network, creating a history of irrevocable and auditable transactions. The invention applies the block chain to the archive information security management, and has the advantages of decentralization, time sequence data, collective maintenance, security, credibility and the like.
Referring to fig. 1 and fig. 2, a network structure of a block chain-based archive information security management method according to an embodiment of the present invention includes a block chain network, an archive system database (or local archive database, which includes a local archive management system and a database), and a unified data management tool, where the unified data management tool has information interaction with the block chain network and the local archive database, and the block chain network includes interconnected nodes, for example, interconnected through a network interface, and in practical applications, the local archive database and the unified data management tool may be carried on one server (e.g., labeled as archive server 1), or the local archive database may be carried on one computer, and the unified data management tool is carried on another computer.
1) About a local archive database
And the matched database system is used at each local file without replacing the local database system software. The local database can support a database system administrator to perform conventional database read-write operation, and has a database logging function to support rollback and reconstruction of transactions. The local archive database converts local operations on the data table into a log form and provides an access interface of the database operation log.
2) Unified data management tool
The unified data management tool is erected between a block chain network and a local archive database, and supports the adaptation of Oracle and MySQL databases, for example, various types of databases are indirectly adapted through the mycat database middleware. The unified data management tool can be deployed on a local computer as a background service, and corresponding adaptation selection is performed according to the type of a local database system. After the adaptation is completed, the unified data management tool can call a log access interface provided by the local archive database, obtain the authority of accessing the local database by configuring the account number and the password of the corresponding database administrator, acquire the operation log of the local database and unify the operation log into a specific transaction format. For example, corresponding public and private keys are configured for different database accounts, a transaction is packaged and signed by a private key, and then the transaction is issued to the blockchain network, and the feedback of consensus of the blockchain network is waited.
The unified data management tool has the function of reading transaction data in the block chain, and automatically strips out database operation log data stored in the transaction by reading the transaction data in the block chain, so as to be used as support for transaction rollback and reconstruction of the local database.
3) For blockchain networks
Each locally deployed block link point forms a block link network, and the block link network is responsible for verifying signatures and identifying data of transactions issued by the unified data management tool. And if the transaction is successful, storing the transaction data into the block chain, and feeding back the transaction success information to the unified data management tool. And if the transaction fails, feeding back transaction failure information to the unified data management tool, wherein the unified data management tool is responsible for performing transaction rollback operation on the local database.
With reference to the network structures in fig. 1 and fig. 2, the archive information security management method based on the block chain according to the embodiment of the present invention includes the following steps, as shown in fig. 3:
step S310, the local database provides an interface for accessing the database operation log.
The local archive database (referred to as local database or archive database for short) has an operation log recording function and can record all statements for changing data. The local archive database provides an interface for accessing the database operation log externally.
Step S320, the unified data management tool obtains the database operation log through the log access interface provided by the local database.
A unified data management tool is deployed locally, a corresponding data receiving mode is set according to the type of a local database, and an operation log of the database is obtained through a log access interface provided by the local database. There are various methods for acquiring the operation records of the database by the unified data management tool, such as a real-time log extraction method and a polling log extraction method.
For example, for a real-time log extraction mode, the real-time data extraction is realized by setting a corresponding trigger, a storage process and a java program in an archive database, and the main processes include:
step S11, create a stored procedure to add a user fine-grained audit. When the ADMIN wants to audit a user and its list, a fine-grained audit is added to the user by creating a storage process, and the DML statement of the user is recorded. After the storage process is successfully established, operation audit can be quickly and conveniently added to the user in the database.
Step S12, after adding fine-grained AUDIT to the ADMIN of the user, all DML operation records of the ADMIN will be recorded in the sys. FGA _ log $ table, and since there are too many useless fields in the table, a simplified AUDIT view DBA _ FGA _ audio _ TRAIL is constructed by extracting useful fields.
Step S13, in order to realize automatic extraction and transmission of data, a trigger needs to be set for all tables that are included in the operation audit range, and when the user performs DML operation on the table, the trigger is triggered, and the latest operation record of the user is automatically obtained and packaged into a predetermined data format.
Step S14, after the table trigger obtains the operation record, a data transmission channel needs to be constructed to send the operation record to the block chain middleware in real time. And writing a java program in the database to serve as a socket client, and starting a real-time socket server by the blockchain middleware to receive the operation data.
The log extraction mode can realize the real-time extraction of the newly added operation records in the database and send the operation records to the block chain network to achieve effective consensus. However, in this method, a trigger needs to be set for the database table, and if too many data tables exist in the database, the trigger will burden the database and reduce the efficiency of accessing the database, so that the method is suitable for an environment with high real-time requirement and few data tables.
For another example, for the polling log extraction method, a timing access service is set in the background service of the blockchain middleware, and a new operation record in the database is extracted in an external polling manner. The implementation process mainly comprises the following steps:
step S21, create a stored procedure to add a user fine-grained audit. When the hypervisor wants to audit a user and its tables, the hypervisor audits the user' S DML statements by creating a storage process to add a fine-grained audit (same as step S11).
At step S22, after adding fine-grained AUDIT to the ADMIN of the user, all DML operation records of the ADMIN will be recorded in the sys. FGA _ log $ table, and since there are too many useless fields in the table, a simplified AUDIT view DBA _ FGA _ audio _ TRAIL is constructed by extracting useful fields (same as step S12).
And step S23, extracting new operation records from the AUDIT view DBA _ FGA _ AUDIT _ TRAIL at regular time by an external polling mode. Because a large amount of operation records can be accumulated in the view, a message buffer queue is created in the external background service, so that the scalability of the system is supported, and the pressure of receiving transactions by the blockchain network is relieved.
The polling log extraction mode extracts newly added operation records in the database through timing polling, and is externally provided with a message cache queue to cache a large amount of operation records acquired each time, so that the pressure of processing transactions by a block chain network is relieved. The method is suitable for the environment with low real-time requirement, more data tables and more operation records.
In practical application, the unified data management tool can adopt self-developed software and is composed of a PC client and a background server, for example, the PC client is built and developed by using an Electron-vue framework, and the background server is built and developed by using a Springboot framework.
Step S330, the unified data management tool unifies the acquired database operation logs into a specific transaction format, and packages and sends the transaction format to the block chain network.
In step S340, the blockchain network performs consensus processing on the received transaction data.
And simultaneously deploying a block chain node at each local file to form a block chain network. The block chain network is responsible for receiving the transaction data sent by the unified data management tool, and the efficient consensus algorithm is combined to achieve block chain network data consensus and store the block chain network data consensus in the block chain. The consensus process for blockchains will be described in more detail below.
In step S350, each node of the blockchain network provides an external interface for accessing the blockchain transaction data.
After the data are identified and synchronized in the block chain, the data are read from different nodes, each node provides an interface for accessing block chain transaction data to the outside, and corresponding database logs are provided for transaction rollback and reconstruction requirements put forward by a local database.
After the block chain network is built, an interface for writing transaction into the block chain and an interface for inquiring transaction information on the chain are provided outwards.
For example, for a write transaction interface, the creatTX function is first called to prepare the transaction for packaging, including: writing OS _ USERNAME (operating system user), DB _ USERNAME (database user NAME), TX _ TIMESTAMP (time), OBJ _ OWNER (table OWNER), OBJ _ NAME (table NAME), TX _ SQL _ BIND (value involved in operation) and TX _ SQL _ TEXT (specific SQL statement) into the mapping table assetData in the form of map < String, String >; OBJ _ NAME (table NAME) is set as metaData; the key pair KeyPair of the user is read. Calling a doreate function to transfer three parameters of assetData, metaData and KeyPair; finally, calling sendTransaction function to send the transaction to the blockchain network and return the id of the transaction. And the block chain network verifies the transaction after receiving the transaction, and writes the transaction into the block if the transaction is legal.
Searching an interface for inquiring transaction related information on a chain through a transaction id, providing an interface getTransactionById for accurate searching by a block chain, and inputting the id of a transaction to inquire the detailed information of the transaction; searching through keywords in the assetData, providing an interface getAssets for keyword searching by a block chain, inputting the keyword to be searched, acquiring all transaction id lists containing the keyword in all the assetData, and circularly and accurately searching the transaction id lists to acquire all related transaction information on the chain; searching through keywords in the metaData, inputting a keyword to be searched by a block chain providing an interface getMetaData for keyword searching, acquiring all transaction id lists containing the keyword in all the metaData, and acquiring all related transaction information on the chain by circularly and accurately searching the transaction id lists; the block chain provides an interface getLocksByTransactionId for searching the block height based on the transaction id, and the block height of the transaction can be obtained by inputting the id of a certain transaction; the block chain provides an interface getlock that looks at all information in a block based on the height of the block, and by entering a certain height number, all transaction information in the block can be obtained.
Embodiments relating to blockchain network consensus
For the blockchain network, when various digital file systems can access the blockchain network through the unified data management tool, some file systems may generate file data at a higher frequency (e.g., frequently adding electronic files, frequently performing user operations, etc.), and thus the blockchain network must have a very high transaction processing speed to match the digital file systems with a high transaction generation frequency, so as to link the transaction in time. Accordingly, in one embodiment, a BFT (Byzantine fault tolerance) -based consensus algorithm mechanism is selected, and compared with a traditional PBFT (practical Byzantine fault tolerance) algorithm, the BFT mechanism provided by the invention introduces an election mechanism among nodes, and consensus can be achieved only by two rounds of voting.
Referring to fig. 4, the blockchain network consensus process generally involves: proposer- > pre-vote- > pre-commit- > new block, for 5 stages.
Firstly, the unified data management tool is responsible for submitting the transaction to a transaction cache pool, the transaction is verified locally, if the verification fails, the transaction is returned to the unified data management tool for processing, and if the verification succeeds, the transaction is added to the verified transaction pool. The method comprises the following specific steps.
Step S410, selecting the block proposer
A new round of consensus process begins, selecting a block proposer from the blockchain network based on a round-robin scheduling algorithm, the block proposer extracting transactions from the verified transaction pool and packaging into blocks, and being responsible for broadcasting block submission information to all verification nodes of the blockchain network. If the transaction is invalid or the broadcast is overtime, entering a new round of block consensus, and if the transaction is valid, entering a pre-voting stage.
Specifically, each verification node of the blockchain network commonly maintains the same origination file, json, where one configuration item in the file is a list corresponding to all the verification nodes, the list records pub _ key (public key) and power (weight) of each verification node, and it is assumed that there are four verification nodes V1, V2, V3, and V4 at present, the weights power are 10, 20, 30, and the weight total of the entire network at present is 90.
First poll election block advocate:
V1.Accum=10:V1.Accum+V1.power=0+10=10
V2.Accum=20:V2.Accum+V2.power=0+20=20
V3.Accum=30:V3.Accum+V3.power=0+30=30
V4.Accum=30:V4.Accum+V4.power=0+30=30
since V3 and V4 have a maximum weight of 30, and are sorted from small to large according to pub _ key of V3 and V4, assuming that the public key of V3 is smaller, V3 is selected as the block chain advocate in the current round, where V3.accum is 30-90-60.
Polling election block initiatives for the second time:
V1.Accum=20:V1.Accum+V1.power=10+10=20
V2.Accum=40:V2.Accum+V2.power=20+20=40
V3.Accum=-30:V3.Accum+V3.power=-60+30=-30
V4.Accum=60:V4.Accum+V4.power=30+30=60
since the weight of V4 in this round is 60 at maximum, V4 is selected as the block chain advocate in this round, where V4.accum 60-90-30
Polling election block initiatives for the third time:
V1.Accum=30:V1.Accum+V1.power=20+10=30
V2.Accum=60:V2.Accum+V2.power=40+20=60
V3.Accum=0:V3.Accum+V3.power=-30+30=0
V4.Accum=0:V4.Accum+V4.power=-30+30=0
since the weight of V2 in this round is 60 at maximum, V2 is selected as the block chain advocate in this round, where V2. accum-60-90-30.
Step S420, verifying the node to perform pre-voting
Each block comprises a current block height and a plurality of transaction records, wherein each transaction record comprises a public key address, signature information and transaction information of the current transaction. The transaction information is mainly the operation record of each database, and comprises the following steps: OS _ USERNAME (operating system user), DB _ USERNAME (database USERNAME), TX _ TIMESTAMP (time), OBJ _ ower (table OWNER), OBJ _ NAME (table NAME), TX _ SQL _ BIND (value to which operation relates), TX _ SQL _ TEXT (specific SQL statement).
The verifying nodes enter the pre-voting stage after receiving the block information broadcast by the proposer, because the broadcast received by each verifying node has time difference, if the verifying node is still locked in the last round of submission, the verifying node still votes the previously submitted block, otherwise, the verifying node votes the currently submitted block. If the block broadcast by the proposer times out or the block broadcast is invalid, the validation node casts a block ticket.
Step S430, block pre-submission is performed
If the pre-vote times out and the consensus of votes at 2/3 is not reached, a new round of block consensus is entered. Otherwise, entering into pre-submission stage, if receiving the approval ticket exceeding 2/3, then broadcasting a pre-submission message, and each node releasing the lock of the previous round of pre-submission and locking itself on the current block. If a null block vote is received that exceeds 2/3, the lock of the previous round of pre-commit is released and the null block is voted.
It should be noted that when a node locks on a block for pre-commit, it will set the current number of rounds of voting to the last round and will only vote on this block for pre-commit.
Step S440, block commit
If the pre-commit times out or the voting consensus of 2/3 is not reached, a new round of chunking consensus is entered. Otherwise, the commit phase is entered, and blocks are committed immediately after each node receives the block and receives more than 2/3 of pre-committed ticket information.
Step S450, new block phase
When the block submission is finished, the block height of the whole block chain network is increased, and a new round of block consensus is entered. Meanwhile, the block data stored in the current block chain can be inquired and updated by the unified data management tool.
The block chain-based file information system data tamper-resistant safety management method is combined with a database, a unified data management tool and a block chain technology to extract and store operation logs of various databases into the block chain.
Embodiments relating to data uplink
To further understand the present invention, fig. 5 illustrates the data chaining process, wherein a file specialist at a file updates the data status of the local database by operating the digital file management system, and the unified data management tool is responsible for acquiring the operation log of the database in real time.
Specifically, the unified data management tool needs to configure the account number and the password of the corresponding database administrator to obtain the authority of accessing the database. The unified data management tool stores the latest mark state of the current local database operation log and acquires the state of the local database in real time. By comparing the flag states, if the database is updated, the unified data management tool obtains the latest updated database operation log. And the unified data management tool confirms the authority of the operator to the updated database operation log, and if the operator is an unauthorized or illegal user, the transaction rollback operation is performed on the local database. If the operator authority is correct, the unified data management tool is responsible for unifying the log data format and packaging the transaction. Meanwhile, the unified data management tool configures corresponding public and private keys for different database accounts, signs the packaged blocks by the private keys, and broadcasts the transaction to the block chain network. The blockchain network node is responsible for verifying the legality of the transaction and the digital signature, if the transaction does not reach the consensus, the uplink failure message is returned to the tool, and the tool is responsible for performing transaction rollback operation on the local database; if the transaction agrees, the transaction is permanently stored in the blockchain.
Embodiments relating to reading blockchain data
FIG. 6 shows a process of reading data from a blockchain, where an archive places an access request to a blockchain network through a unified data management tool, the blockchain network verifies whether a node that placed the access request has permission, and feeds back a request failure message to the archive if the node has no permission to access; and if the authority is correct, starting to read the data on the block chain. The method comprises the steps that operation log data are obtained through efficient reading of data and corresponding stripping operation of the read data; after acquiring the log data, the unified data management tool restores the log into a corresponding log format for the type of the local database, so as to perform transaction operations such as log query verification or rollback reconstruction of the database at the archive.
In conclusion, the heterogeneous database system-oriented data reading and transaction operation are realized by a unified data management tool and the mycat database middleware to adapt to various databases; the unified data management tool stores accounts of all operators in a local database, and after the operation date of the database is obtained, the tool confirms the authority of the operators and selects whether to chain data or perform operation such as transaction rollback and the like; the local nodes issue the signature of the private key required by the transaction by allocating the corresponding public and private keys to the local nodes. If other nodes need to access data of a certain node in the blockchain network, the other nodes need to possess an authorized private key for accessing. The invention stores the database operation log into the block chain, and when the local database is lost, damaged or deleted by mistake, the operation log file record in the block chain is read to roll back or rebuild the local database. Meanwhile, the data in the blockchain can be used for verifying the authenticity of the data in the local database and can also be accessed by an authorized third party node.
Compared with the traditional archive database system management method, the invention has the advantages that:
1) in the conventional archive database, a database administrator or a hacker can change or delete the database records at will, which brings great potential safety hazards to the archive management work. According to the method, the database operation logs are stored in the block chain by combining the block chain technology, and the records in the block chain cannot be changed by independently modifying the database, so that the database logs cannot be tampered, and the data safety is improved.
2) The existing data base systems adopted by the unit file management department are different, so that the operations of data access, submission, backup and the like are different, and the transaction supporting capacity is also different, so that the file data disaster recovery center needs to simultaneously face various different databases, and the related interface development work is carried out on the specific databases, so that the file data disaster recovery center is complex in construction and high in cost. According to the invention, the database backup is realized by storing the database operation logs into the block chain, so that the problem that each unit needs to perform related interface development work on the local database is avoided. In addition, the invention realizes the adaptation to various database operation interfaces by erecting a unified data management tool above the database, thereby achieving the efficient log reading operation. Compared with the traditional backup method for different databases, the method using the unified data management tool has strong expansibility, high universality and wide support service; conventional database backup methods maintain database backups by configuring hardware devices at multiple locations. By using the method, each node can serve as a backup point, all nodes maintain the backup of the whole network together, and each node saves the expenditure of hardware equipment and greatly reduces the cost.
3) The method aims at the management and safety problems caused by multi-person maintenance of the existing database (the digital archive data of the same unit can be scattered in different departments for storage, and each department is also configured with different database accounts). According to the invention, by introducing the authority control mechanism, the unified data management tool verifies the authority of the database operator, and the nodes of the whole network verify the private key signature submitted by the unified data management tool for transaction, so that the purposes of automatic management and guarantee of the benefits of each node and the safety of data information are achieved.
It should be noted that, although the steps are described in a specific order, the steps are not necessarily performed in the specific order, and in fact, some of the steps may be performed concurrently or even in a changed order as long as the required functions are achieved.
The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therewith for causing a processor to implement various aspects of the present invention.
The computer readable storage medium may be a tangible device that retains and stores instructions for use by an instruction execution device. The computer readable storage medium may include, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A blockchain-based archive information security management system comprising a unified data management tool, a local archive system database, a blockchain network, the unified data management tool configured to have a communication connection with the local archive system database and to adapt to a plurality of types of archive databases, the blockchain network comprising a plurality of nodes having a communication connection with each other and the blockchain network configured to interact with information from the unified data management tool, wherein:
the unified data management tool acquires the operation logs of the local file system database and unifies the operation logs into transaction data to be issued to the block chain network;
the blockchain network performs signature verification and transaction data consensus on the received transaction data;
and the unified data management tool operates the local file system database according to the transaction result fed back by the block chain network.
2. The blockchain-based profile information security management system according to claim 1, wherein the transaction data consensus comprises:
selecting a block proposer, extracting the transaction from the verified transaction pool and packaging the transaction into blocks, broadcasting the block submission information to all verification nodes of the block chain network, entering the next round of block consensus if the transaction is invalid or the broadcast is overtime, and entering a pre-vote stage if the transaction is valid;
the verification node enters a pre-voting stage after receiving the block information broadcast by the block proposer, votes for the block submitted in the previous round under the condition that the verification node is locked in the previous round of submission, and votes for the block submitted currently if the verification node is not locked in the previous round of submission;
entering the next round of block consensus under the condition that the result of the pre-vote does not meet the set consensus standard, and otherwise entering a pre-submission stage;
and entering the block consensus of the next round if the pre-submission result does not meet the set consensus standard, or entering a block submission stage if the pre-submission result does not meet the set consensus standard.
3. The blockchain-based archive information security management system according to claim 2, wherein the unified data management tool is configured to utilize a mycat database middleware to adapt multiple types of archive databases.
4. The system according to claim 2, wherein the unified data management tool is configured to select whether to chain transaction data or perform a transaction rollback operation according to the stored account authority of the operator of the local archive system database after the operation log of the local archive system database is obtained.
5. The blockchain-based archive information security management system according to claim 2, wherein the construction of the verified transaction pool includes:
and the unified data management tool submits the transaction to a transaction cache pool, verifies the local transaction, returns the transaction to the unified data management tool for processing if the verification fails, and adds the transaction to the verified transaction pool if the verification succeeds.
6. The system for securely managing archive information based on block chain according to claim 2, wherein the consensus criterion is set to favor over 2/3.
7. The system according to claim 2, wherein the block proposer is a verification node with the smallest public key or the largest weight in the block chain network.
8. The blockchain-based profile information security management system of claim 1, wherein the blockchain network is configured such that a local node issues a signature of the private key required for the transaction, and a non-local node needs to have an authorized private key when accessing data of a node in the blockchain network.
9. A block chain-based archive information security management method comprises the following steps:
acquiring operation logs of a local file system database, unifying the operation logs into transaction data, and issuing the transaction data to a block chain network;
the blockchain network performs signature verification and transaction data consensus on the received transaction data;
and operating the local file system database according to the transaction result fed back by the block chain network.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method as claimed in claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911155247.XA CN110781525A (en) | 2019-11-22 | 2019-11-22 | File information security management system and method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911155247.XA CN110781525A (en) | 2019-11-22 | 2019-11-22 | File information security management system and method based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110781525A true CN110781525A (en) | 2020-02-11 |
Family
ID=69392523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911155247.XA Pending CN110781525A (en) | 2019-11-22 | 2019-11-22 | File information security management system and method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110781525A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111414431A (en) * | 2020-04-28 | 2020-07-14 | 武汉烽火技术服务有限公司 | Network operation and maintenance data disaster recovery backup management method and system based on block chain technology |
| CN111427869A (en) * | 2020-04-10 | 2020-07-17 | 科通工业技术(深圳)有限公司 | Log system based on block chain |
| CN111611459A (en) * | 2020-06-01 | 2020-09-01 | 浙江广厦建设职业技术学院 | File data protection method based on block chain |
| CN112084202A (en) * | 2020-09-04 | 2020-12-15 | 万翼科技有限公司 | Building information model BIM data management method and related device |
| CN112163241A (en) * | 2020-09-09 | 2021-01-01 | 法信公证云(厦门)科技有限公司 | Notarization archive information processing method, system, platform, equipment and storage medium |
| CN112200573A (en) * | 2020-10-14 | 2021-01-08 | 北京天德科技有限公司 | Block chain transaction design method capable of rolling back |
| CN112732676A (en) * | 2021-01-12 | 2021-04-30 | 成都库珀区块链科技有限公司 | Data migration method, device, equipment and storage medium based on block chain |
| CN113220665A (en) * | 2021-05-20 | 2021-08-06 | 成都质数斯达克科技有限公司 | Block chain data archiving method and device, electronic equipment and readable storage medium |
| US20210342291A1 (en) * | 2020-04-29 | 2021-11-04 | International Business Machines Corporation | Data archive |
| CN113922965A (en) * | 2021-10-09 | 2022-01-11 | 筹远(上海)信息科技有限公司 | Block chain data consensus method and device under Byzantine scene |
-
2019
- 2019-11-22 CN CN201911155247.XA patent/CN110781525A/en active Pending
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111427869A (en) * | 2020-04-10 | 2020-07-17 | 科通工业技术(深圳)有限公司 | Log system based on block chain |
| CN111414431A (en) * | 2020-04-28 | 2020-07-14 | 武汉烽火技术服务有限公司 | Network operation and maintenance data disaster recovery backup management method and system based on block chain technology |
| US20210342291A1 (en) * | 2020-04-29 | 2021-11-04 | International Business Machines Corporation | Data archive |
| US11973857B2 (en) * | 2020-04-29 | 2024-04-30 | Kyndryl, Inc. | Data archive |
| CN111611459A (en) * | 2020-06-01 | 2020-09-01 | 浙江广厦建设职业技术学院 | File data protection method based on block chain |
| CN112084202A (en) * | 2020-09-04 | 2020-12-15 | 万翼科技有限公司 | Building information model BIM data management method and related device |
| CN112163241A (en) * | 2020-09-09 | 2021-01-01 | 法信公证云(厦门)科技有限公司 | Notarization archive information processing method, system, platform, equipment and storage medium |
| CN112200573A (en) * | 2020-10-14 | 2021-01-08 | 北京天德科技有限公司 | Block chain transaction design method capable of rolling back |
| CN112732676A (en) * | 2021-01-12 | 2021-04-30 | 成都库珀区块链科技有限公司 | Data migration method, device, equipment and storage medium based on block chain |
| CN112732676B (en) * | 2021-01-12 | 2023-12-05 | 库珀科技集团有限公司 | Block chain-based data migration method, device, equipment and storage medium |
| CN113220665B (en) * | 2021-05-20 | 2023-10-20 | 成都质数斯达克科技有限公司 | Block chain data archiving method and device, electronic equipment and readable storage medium |
| CN113220665A (en) * | 2021-05-20 | 2021-08-06 | 成都质数斯达克科技有限公司 | Block chain data archiving method and device, electronic equipment and readable storage medium |
| CN113922965A (en) * | 2021-10-09 | 2022-01-11 | 筹远(上海)信息科技有限公司 | Block chain data consensus method and device under Byzantine scene |
| CN113922965B (en) * | 2021-10-09 | 2024-04-16 | 筹远(上海)信息科技有限公司 | Block chain data consensus method and device in Bayesian scene |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110781525A (en) | File information security management system and method based on block chain | |
| US10169606B2 (en) | Verifiable data destruction in a database | |
| US11455217B2 (en) | Transaction consistency query support for replicated data from recovery log to external data stores | |
| JP5254611B2 (en) | Metadata management for fixed content distributed data storage | |
| US7933872B2 (en) | Database backup, refresh and cloning system and method | |
| US8108343B2 (en) | De-duplication and completeness in multi-log based replication | |
| CN107220142B (en) | Method and device for executing data recovery operation | |
| KR100825720B1 (en) | File management method in file system and metadata server for the same | |
| US20090210429A1 (en) | System and method for asynchronous update of indexes in a distributed database | |
| CN107209704A (en) | Detect the write-in lost | |
| CN105574187B (en) | A kind of Heterogeneous Database Replication transaction consistency support method and system | |
| CN105930228A (en) | data backup method and system | |
| CN102460441A (en) | Method and system for auditing transaction data from database operations | |
| US20180225051A1 (en) | Managing data replication in a data grid | |
| US20130246358A1 (en) | Online verification of a standby database in log shipping physical replication environments | |
| CN110188103A (en) | Data account checking method, device, equipment and storage medium | |
| CN112286728A (en) | Data backup method, device, equipment and computer storage medium | |
| CN112306743A (en) | Data processing method and device, electronic equipment and computer storage medium | |
| CN210691319U (en) | File information safety management system based on block chain | |
| WO2020112993A1 (en) | Systems and methods for data usage monitoring in multi-tenancy enabled hadoop clusters | |
| CN108446346B (en) | Data centralized backup system and method | |
| US20220413971A1 (en) | System and Method for Blockchain Based Backup and Recovery | |
| CN111930753B (en) | Data retrieving method and device, electronic equipment and storage medium | |
| US20220382637A1 (en) | Snapshotting hardware security modules and disk metadata stores | |
| US11671458B1 (en) | Coherent method of consistency for purpose of cloud authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |