CN111277553B - Credible node determination method and device based on block chain network - Google Patents
Credible node determination method and device based on block chain network Download PDFInfo
- Publication number
- CN111277553B CN111277553B CN201811481860.6A CN201811481860A CN111277553B CN 111277553 B CN111277553 B CN 111277553B CN 201811481860 A CN201811481860 A CN 201811481860A CN 111277553 B CN111277553 B CN 111277553B
- Authority
- CN
- China
- Prior art keywords
- program
- information
- node
- contract object
- blockchain network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The embodiment of the application provides a method and a device for determining a trusted node based on a block chain network, wherein the method comprises the following steps: when a device accesses the blockchain network, a first program on a node of the blockchain network acquires the certification information of the access device, wherein the certification information comprises the safety information of the access device; the first program calls the first contract object, and the first contract object generates security evaluation information aiming at the access equipment according to the certification information; and the node corresponding to the first program judges whether the access equipment is a trusted node or not according to the safety evaluation information. In the embodiment of the application, the safety information of the internet of things equipment is used as the selection condition of the block chain network trusted node of the networking, so that the overall safety of the consensus mechanism can be kept or even improved on the premise of not losing the high performance of the weak-centered consensus algorithm.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for determining a trusted node based on a blockchain network.
Background
With the development of the internet of things IoT, access management and data processing of a large number of global internet of things devices are difficult to handle in the visible future for traditional centralized internet of things backend services (e.g., device management platform DMP, connection management platform CMP, data aggregation and analysis service) and the like, and the topology of the internet of things will also develop from the current end-edge-cloud to a cloud-edge-end + P2P distributed network in the future.
How to establish a trusted connection, data interaction and de-intermediation service in the internet of things with the size and complexity is a real challenge. The block chain provides a technical option for solving related problems of the Internet of things in the aspects of decentralization, peer-to-peer network P2P, data non-tampering and the like.
In the related implementation of the block chain visible in the current market, the public block chain (bitjoint, Ethereum) is not suitable for a future internet of things environment requiring high concurrency and low delay due to the adoption of a consensus algorithm with high power consumption and long acknowledgement delay.
Disclosure of Invention
In view of the above problems, embodiments of the present application are provided to provide a method for determining a trusted node based on a blockchain network and a corresponding apparatus for determining a trusted node based on a blockchain network, which overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present application discloses a method for determining a trusted node based on a blockchain network, where at least one node of the blockchain network is deployed with a first contract object and/or a first program for accessing the first contract object, the method including:
when a device accesses the blockchain network, a first program on a node of the blockchain network acquires the certification information of the access device, wherein the certification information comprises the safety information of the access device;
the first program calls the first contract object, and the first contract object generates security evaluation information aiming at the access equipment according to the certification information;
and the node corresponding to the first program judges whether the access equipment is a trusted node or not according to the safety evaluation information.
Preferably, the method further comprises the following steps:
and if the access equipment is a trusted node, the node corresponding to the first program adds the access equipment into a preset trusted node pool.
Preferably, at least one node of the blockchain network is deployed with a second contract object and/or a second program for accessing the second contract object;
before the first program acquires the certification information of the access device, the method further includes:
a second program on a node of the block chain network receives the certification information and the identification information of the equipment;
the step of the first program acquiring the certification information of the access device comprises the following steps:
the first program acquires identification information of the access equipment;
the first program generates a certification information acquisition request and sends the certification information acquisition request to the second program, wherein the certification information acquisition request comprises identification information of the access equipment;
and the first program receives the certification information sent by the second program, and the certification information is searched by the second program according to the identification information.
Preferably, the method further comprises the following steps:
and the second program calls the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
Preferably, the method further comprises the following steps:
and when the second program receives a certification information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object extracts the certification information corresponding to the identification information from the preset distributed file system.
Preferably, the step of acquiring, by the first program, the identification information of the access device includes:
the first program receives identification information of the access device sent by a trusted node of the blockchain network.
Preferably, the first program is a first decentralized program DApp and the second program is a second DApp.
The embodiment of the invention also discloses a device for determining the trusted node based on the blockchain network, wherein at least one node of the blockchain network is provided with a first contract object and/or a first program for accessing the first contract object, and the device comprises:
a first program, and a node where the first program is located;
the first program includes:
the system comprises a certificate information acquisition module, a certificate information acquisition module and a certificate information acquisition module, wherein the certificate information acquisition module is used for acquiring certificate information of access equipment when the equipment is accessed to the block chain network, and the certificate information comprises safety information of the access equipment;
the first calling module is used for calling the first contract object, and the first contract object is used for generating security evaluation information aiming at the access equipment according to the certification information;
the node where the first program is located includes:
and the trusted node judgment module is used for judging whether the access equipment is a trusted node or not according to the security evaluation information.
Preferably, the node where the first program is located further includes:
and the trusted node pool adding module is used for adding the access equipment into a preset trusted node pool if the access equipment is a trusted node.
Preferably, at least one node of the blockchain network is deployed with a second contract object and/or a second program for accessing the second contract object; the device further comprises:
a second program, at a node of the blockchain network, comprising: the information receiving module is used for receiving the certification information and the identification information of the equipment;
the certification information acquiring module of the first program includes:
the identification acquisition submodule is used for acquiring identification information of the access equipment;
the request submodule is used for generating a certification information acquisition request and sending the certification information acquisition request to the second program, wherein the certification information acquisition request comprises identification information of the access equipment;
and the certification information receiving submodule is used for receiving the certification information sent by the second program, and the certification information is searched by the second program according to the identification information.
Preferably, the second program further includes:
and the second calling module is used for calling the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
Preferably, the second program further includes:
and the third calling module is used for calling the second contract object when receiving the certification information acquisition request sent by the first program, and extracting the certification information corresponding to the identification information from the preset distributed file system by the second contract object.
Preferably, the identifier obtaining sub-module includes:
and the identification receiving unit is used for receiving the identification information of the access equipment sent by a trusted node of the block chain network.
Preferably, the first program is a first decentralized program DApp and the second program is a second DApp.
The embodiment of the invention also discloses a device, which comprises:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform one or more methods as described above.
Embodiments of the invention also disclose one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform one or more of the methods described above.
The embodiment of the application has the following advantages:
in the embodiment of the application, the security information of the internet of things equipment can be encrypted and added into the certification information, and the certification information is transmitted in the blockchain network, so that the security of the internet of things equipment can be evaluated by the intelligent contract and the program deployed at the node of the blockchain network based on the security information in the certification information. Under the multisource heterogeneous hardware scene of the Internet of things, the safety information of the Internet of things equipment of different types is different, and the corresponding safety evaluation information can be generated for the Internet of things equipment of different types, so that the safety evaluation method and the safety evaluation device are suitable for safety evaluation of the Internet of things equipment under the multisource heterogeneous hardware scene of the Internet of things. In the environment of the Internet of things, human intervention factors are reduced, and the automatic intervention network of the equipment of the Internet of things is a main application scene. In the embodiment of the application, the safety information of the internet of things equipment is used as the selection condition of the block chain network trusted node of the networking, so that the overall safety of the consensus mechanism can be kept or even improved on the premise of not losing the high performance of the weak-centered consensus algorithm.
Drawings
Fig. 1 is a flowchart illustrating steps of a first embodiment of a method for determining a trusted node based on a blockchain network according to the present application;
fig. 2 is a flowchart illustrating steps of a second method for determining a trusted node based on a blockchain network according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of the present application;
FIG. 4 is a schematic diagram of a blockchain network for uploading identification information and credential information of a device;
fig. 5 is a schematic diagram of a process for accessing a device of a blockchain network;
FIG. 6 is a schematic diagram of transaction processing for a blockchain network;
fig. 7 is a block diagram of an embodiment of a trusted node determination apparatus based on a blockchain network according to the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
Referring to fig. 1, a flowchart of steps of a first embodiment of a method for determining a trusted node based on a blockchain network according to the present application is shown, where at least one node of the blockchain network is deployed with a first contract object and/or is deployed with a first program for accessing the first contract object, and the method may specifically include the following steps:
step 101, when a device accesses the blockchain network, a first program on a node of the blockchain network acquires the certification information of the access device, wherein the certification information comprises the security information of the access device;
blockchain networks are decentralized, which means that without a server, the client does not need to rely on a server to obtain or process data. In a blockchain network, there are nodes. A node is both a client and a server. The blockchain network is a P2P (Peer-to-Peer) network, and each node in the blockchain network can be directly connected to other nodes, and its topology is flat.
In practice, during the production stage of the internet of things device, the manufacturer may burn the related key for the device security authentication and the unique identification information (e.g., DID (Distributed ID)) of the device into the secure storage area of the device. The manufacturer may also install the distributed ledger node SDK (Software Development Kit) embedded in the device firmware. The distributed account book node SDK may provide a capability of network connection between the device and the blockchain, and may also provide a service of collecting data of device security authentication (attention) at the device side and reporting the data to the blockchain.
When the IOT equipment accesses the blockchain network, other nodes in the blockchain network can be found and links can be established with the other nodes. The internet of things equipment accessed to the blockchain network is a node of the blockchain network.
In the embodiment of the application, the nodes forming the block chain network may be deployed on a BaaS (block chain as a Service) platform of a cloud Service provider, or may be deployed on an edge computing server, or deployed on a computationally-rich edge device in the internet of things.
In the embodiment of the application, a related security module (Secure Component) in the internet of things device self-generates a related security certification certificate by using a key burnt into the device, and returns the certificate to the device merchant. For example, an entity authentication token eat (entity authentication token) is generated as a pass-through. Of course, except for using EAT as the pass, the pass may be generated in other manners, and the embodiment of the present application is not limited herein.
The related security Module may include SE (Secure Element), TEE (Trusted Execution Environment), software security sandbox, SIM (Subscriber Identity Module), Secure MCU (Secure Microcontroller Unit), TPM (Secure chip), and the like.
In the embodiment of the application, the evidence information includes safety information of the internet of things equipment, and the safety information is information which can measure whether the internet of things equipment is safe or not from the perspective of the physical world. For example, whether the device has a security module; whether the core firmware of the device is safely updated by a trusted party, whether the device is safely booted (Secure boot), whether a key App/SDK running in the device is signed and deployed by the trusted party, whether a block chain SDK deployed in the device runs in a security module, and the like. In practice, the security information may be set according to a specific service requirement of the internet of things device, and the embodiment of the present application is not limited herein.
In an embodiment of the present application, the first contract object is an intelligent contract for generating security evaluation information for a device from the certification information. The first program is used for acquiring the certification information and calling the first contract object.
The first program may be deployed on a plurality of nodes, and the first program on each node may be executed to obtain the certification information and call the first contract object individually. The operation of the first contract object to generate security assessment information for the access device requires a consensus mechanism that relies on the blockchain network.
In the embodiment of the application, the contract object refers to an intelligent contract, the intelligent contract is an application program which can be deployed in a virtual machine of a blockchain network node, and the intelligent contract is generally deployed in a plurality of nodes in the blockchain network.
In an embodiment of the present application, the first procedure may be a first decentralized procedure.
A decentralized application DApp (decentralized application) is a distributed application that may be deployed on one or more nodes of a blockchain network, and is a client application (e.g., front-end application) for accessing an intelligent contract, and is mainly responsible for implementing calls to the intelligent contract and implementing logic of some service layers. It should be noted that the DApp and the smart contract may be deployed without necessarily being deployed on the same node. The execution of the DApp is independent of the consensus mechanism of the blockchain network, but the execution result of the intelligent contract called by the DApp needs the consensus mechanism of the blockchain network.
And 102, the first program calls the first contract object, and the first contract object generates security evaluation information aiming at the access equipment according to the certification information.
In this embodiment of the application, when an internet of things device accesses a blockchain network, a first program running on a certain node of the blockchain network acquires certification information of the internet of things device and calls a first contract object, and the first contract object may generate security evaluation information for the device according to security information in the certification information.
For example, if the security information is: the access device does not have any security module, the block chain App/SDK deployed in the device does not have a signature of a trusted party, and the intelligent contract deployed runs a virtual machine Image (Image) without a signature of a trusted party. The access device may be considered a low security level device and the security assessment information generated by the first contract object may be information indicating a low security level.
For another example, if the security information is: the access device is provided with a plurality of security modules, a block chain App/SDK deployed in the device is signed by a trusted party, and a deployed intelligent contract runs a virtual machine Image (Image) which is signed by the trusted party. The access device may be considered a high security level device and the security assessment information generated by the first contract object may be information indicating a high security level.
Of course, the security level is only used as an example for the security evaluation information, and other forms of security evaluation messages may be generated in practice, and the embodiments of the present application are not limited herein.
And 103, judging whether the access equipment is a trusted node or not by the node corresponding to the first program according to the security evaluation information.
A trusted node is a node that can be used to run a consensus algorithm. In a transaction in a blockchain network, a certain node is required to run a consensus algorithm whenever a node submits the transaction.
In the embodiment of the application, whether the access can be used as a trusted node can be judged according to the security evaluation information of the access device.
For example, if the security evaluation information indicates that the security level of the access device is high, the node running the first program may determine that the access device is a trusted node. If the security evaluation information indicates that the security level of the access device is low, the node running the first program may determine that the access device is not a trusted node.
The above-described manner of determining whether the access device is a trusted node according to the security assessment message is merely an example, and in practice, it may also be determined whether the access device is a trusted node according to the security assessment message in other manners.
In the embodiment of the application, the security information of the internet of things equipment can be encrypted and added into the certification information, and the certification information is transmitted in the blockchain network, so that the security of the internet of things equipment can be evaluated by the intelligent contract and the program deployed at the node of the blockchain network based on the security information in the certification information. Under the multisource heterogeneous hardware scene of the Internet of things, the safety information of the Internet of things equipment of different types is different, and the safety evaluation information generation method and device can generate corresponding safety evaluation information for the Internet of things equipment of different types, and are suitable for safety evaluation of the Internet of things equipment under the multisource heterogeneous hardware scene of the Internet of things. In the environment of the Internet of things, human intervention factors are reduced, and the automatic intervention network of the equipment of the Internet of things is a main application scene. In the embodiment of the application, the safety information of the internet of things equipment is used as the selection condition of the block chain network trusted node of the networking, so that the overall safety of the consensus mechanism can be kept or even improved on the premise of not losing the high performance of the weak-centered consensus algorithm. For example, if a blockchain network has 1 million nodes, 100 nodes are randomly selected as the competing consensus nodes to improve the efficiency of the consensus mechanism, and since the 100 competing consensus nodes are randomly selected and the number of the competing consensus nodes is reduced from 1 million to 100, the consensus security is reduced. If the 100 competing consensus nodes are selected from 1 ten thousand nodes with high security level, the security can be guaranteed.
Referring to fig. 2, a flowchart illustrating steps of a second embodiment of a block chain network-based trusted node determination method according to the present application is shown, where at least one node of the block chain network is deployed with a first contract object and/or is deployed with a first program for accessing the first contract object; at least one node of the blockchain network is deployed with a second contract object and/or a second program for accessing the second contract object; that is, the first contract object and the first program may be deployed in the same node, or may be deployed in different nodes; the second contract object and the second program can be deployed in the same node or different nodes; the first contract object and the second contract object can be deployed in the same node or different nodes; the first program and the second program can be deployed in the same node or different nodes;
the method may specifically comprise the steps of:
in practice, a manufacturer of the internet of things device may access the second program at one node, and send the identification information and the certification information of the internet of things device to the second program. The identification information of the Internet of things equipment uniquely corresponds to the Internet of things equipment.
In the embodiment of the application, the second contract object is used for managing the certification information and the identification information of the internet of things equipment; the second contract object may store the certification information and the identification information in a database in a one-to-one correspondence, or extract the certification information and the identification information from the database.
And the second program is used for receiving the certification information and the identification information sent by other nodes, then calling the second contract object, and storing/extracting the certification information and the identification information by the second contract object.
In an embodiment of the present application, the second procedure may be a second decentralized procedure.
In this embodiment, the method may further include: and the second program calls the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
A distributed File System (e.g., IPFS (internet File System)) is not part of the blockchain network, and provides a down-link data storage service outside of the distributed ledger System of the blockchain network.
in an embodiment of the present application, the first process may be a first decentralized process.
In this embodiment, the step 202 may include: the first program receives identification information of the access device sent by a trusted node of the blockchain network.
Specifically, when the internet of things device accesses the blockchain network, the nodes of the blockchain network broadcast the identification information of the access device, so that the nodes in the whole network can acquire the identification information of the access device. In the embodiment of the application, the identification information of the access device may be stored in the distributed ledger system of the blockchain network, and the identification information is prevented from being tampered by using the non-tampering characteristic of the distributed ledger system.
After the internet of things device accesses the blockchain network, a known Trusted node (Trusted Peer) of the blockchain network may send identification information of the access device to a first program running on a certain node to request the first program to perform security evaluation processing on the access device.
after the first program acquires the identification information of the access device, a certification information acquisition request may be generated and sent to the second program.
In this embodiment, the method may further include: and when the second program receives a certification information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object extracts the certification information corresponding to the identification information from the preset distributed file system.
Specifically, the second program calls the second contract object after receiving the certification information obtaining request, and the second contract object extracts the certification information corresponding to the identification information from the distributed file system according to the identification information.
In the embodiment of the application, the internet of things equipment can be evaluated based on the safety information of the internet of things equipment, and under the multi-source heterogeneous hardware scene of the internet of things, the safety information of the internet of things equipment of different types is different, so that the corresponding safety evaluation information can be generated for the internet of things equipment of different types, and the safety evaluation method and the safety evaluation device are suitable for evaluating the safety of the internet of things equipment under the multi-source heterogeneous hardware scene of the internet of things.
after the first contract object generates the security evaluation information of the access device, the node running the first program may determine whether to add the access device to the trusted node pool according to the security evaluation information.
In an embodiment of the application, when a node submits a transaction record to the blockchain network, the blockchain network may select a trusted node from a pool of trusted nodes to perform the consensus algorithm.
Referring to fig. 3, a schematic diagram of a trusted node executing a consensus algorithm in this embodiment of the present application is shown. The method is characterized in that the trusted node can only be selected from the trusted node pool as a competition consensus node no matter the transaction initiated by the trusted node or the transaction initiated by the common node.
In the environment of the Internet of things, human intervention factors are reduced, and the automatic intervention network of the equipment of the Internet of things is a main application scene. In the embodiment of the application, the safety information of the internet of things equipment is used as the selection condition of the block chain network trusted node of the networking, so that the overall safety of the consensus mechanism can be kept or even improved on the premise of not losing the high performance of the weak-centered consensus algorithm.
In order to enable those skilled in the art to better understand the embodiments of the present application, the following description is given by way of example:
referring to fig. 4, a schematic diagram of uploading identification information and certification information of a device to a blockchain network is shown. The uploading process may specifically include:
1. an equipment manufacturer of the Internet of things equipment can configure identification information, a secret key and a distributed account book node (SDK) for the Internet of things equipment A;
2. a related security module of the internet of things device A can generate the certification information by adopting key autocorrelation; the certification information comprises safety information of the Internet of things equipment A;
3. the Internet of things equipment A can send the certification information to the equipment business node;
4. a part of nodes in the block chain network are deployed with a second contract object and a second DApp, and the equipment quotient node can send the identification information and the certification information of the Internet of things equipment A to the second DApp running at a certain node;
5. the second DApp may invoke the second contract object, and store the identification information and the certification information of the internet of things device a in the distributed file system.
Referring to fig. 5, a schematic diagram of a process performed by a device accessing a blockchain network is shown. The processing procedure may specifically include:
1. the Internet of things equipment A accesses a block chain network and provides identification information;
2. a part of nodes in the block chain network are deployed with a first contract object and a first DApp, identification information of the Internet of things equipment A is broadcasted among the nodes of the block chain network, and the trusted node accesses the first DApp;
3. the first DApp requests the second DApp to acquire corresponding evidence-passing information according to the identification information of the Internet of things equipment A;
4. the second DApp calls a second contract object, and the second contract object extracts corresponding certification information from the distributed file system;
5. the second DApp acquires the certification information extracted from the distributed file system;
6. the second DApp sends the certification information to the first DApp;
7. the first DApp calls a first contract object, and the first contract object generates security evaluation information according to the certification information;
8. and operating the trusted node of the first DApp, judging whether the Internet of things equipment A is the trusted node according to the safety evaluation information, and if so, adding the Internet of things equipment A into the trusted node pool.
Referring to fig. 6, a transaction processing for a blockchain network is shown. The transaction process may specifically include:
1. the Internet of things equipment B submits a transaction record to the blockchain network;
2. the block chain network selects a competition consensus node from the credible node pool;
3. the Internet of things equipment A can be selected as a competition consensus node;
4. the Internet of things equipment A executes a consensus algorithm to generate a new block;
5. the Internet of things equipment A broadcasts a new block to the block chain network;
6. and (4) determining the transaction.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
Referring to fig. 7, a block diagram illustrating an embodiment of a trusted node determination apparatus based on a blockchain network according to the present application is shown, where at least one node of the blockchain network is deployed with a first contract object and/or is deployed with a first program for accessing the first contract object, and the apparatus may specifically include the following modules:
a first program 70, and a node 71 where the first program is located;
the first program 70 includes:
a certificate information obtaining module 701, configured to obtain certificate information of an access device when a device accesses the blockchain network, where the certificate information includes security information of the access device;
a first invoking module 702, configured to invoke the first contract object, where the first contract object is configured to generate security evaluation information for the access device according to the certification information;
the node 71 where the first program is located may include:
and the trusted node determining module 711 is configured to determine whether the access device is a trusted node according to the security assessment information.
In this embodiment of the application, the node 71 where the first program is located may further include:
and the trusted node pool adding module is used for adding the access equipment into a preset trusted node pool if the access equipment is a trusted node.
In an embodiment of the application, at least one node of the blockchain network is deployed with a second contract object and/or is deployed with a second program for accessing the second contract object; the apparatus may further include:
a second program, at a node of the blockchain network, comprising: the information receiving module is used for receiving the certification information and the identification information of the equipment;
the certification information acquiring module 701 of the first program 70 may include:
the identification acquisition submodule is used for acquiring identification information of the access equipment;
the request submodule is used for generating a certification information acquisition request and sending the certification information acquisition request to the second program; the certification information acquisition request comprises identification information of the access equipment;
the evidence information receiving submodule is used for receiving the evidence information sent by the second program; and the certification information is searched and obtained by the second program according to the identification information.
In an embodiment of the present application, the second program may further include:
and the second calling module is used for calling the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
In an embodiment of the present application, the second program may further include:
and the third calling module is used for calling the second contract object when receiving the certification information acquisition request sent by the first program, and extracting the certification information corresponding to the identification information from the preset distributed file system by the second contract object.
In this embodiment of the present application, the identifier obtaining sub-module may include:
and the identification receiving unit is used for receiving the identification information of the access equipment sent by a trusted node of the block chain network.
In an embodiment of the present application, the first program is a first decentralized program DApp, and the second program is a second DApp.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
An embodiment of the present application further provides an apparatus, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform methods as described in embodiments of the present application.
Embodiments of the present application also provide one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform the methods of embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or terminal equipment comprising the element.
The above detailed description is given on a block chain network-based trusted node determination method and a block chain network-based trusted node determination apparatus, and specific examples are applied in this document to explain the principles and embodiments of the present application, and the descriptions of the above embodiments are only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (16)
1. A method for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object and/or a first program for accessing the first contract object, the method comprising:
when a device accesses the blockchain network, a first program on a node of the blockchain network acquires the certification information of the access device, wherein the certification information comprises the safety information of the access device; the execution of the first program is independent of a consensus mechanism of the blockchain network;
the first program calls the first contract object, and the first contract object generates security evaluation information aiming at the access equipment according to the certification information;
and the node corresponding to the first program judges whether the access equipment is a trusted node or not according to the safety evaluation information.
2. The method of claim 1, further comprising:
and if the access equipment is a trusted node, the node corresponding to the first program adds the access equipment into a preset trusted node pool.
3. A method according to claim 1 or 2, wherein at least one node of the blockchain network is deployed with a second contract object and/or with a second program for accessing the second contract object;
before the first program acquires the certification information of the access device, the method further includes:
a second program on a node of the block chain network receives the certification information and the identification information of the equipment;
the step of the first program acquiring the certification information of the access device comprises the following steps:
the first program acquires identification information of the access equipment;
the first program generates a certification information acquisition request and sends the certification information acquisition request to the second program, wherein the certification information acquisition request comprises identification information of the access equipment;
and the first program receives the certification information sent by the second program, and the certification information is searched by the second program according to the identification information.
4. The method of claim 3, further comprising:
and the second program calls the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
5. The method of claim 4, further comprising:
and when the second program receives a certification information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object extracts the certification information corresponding to the identification information from the preset distributed file system.
6. The method of claim 3, wherein the step of the first program obtaining the identification information of the access device comprises:
the first program receives identification information of the access device sent by a trusted node of the blockchain network.
7. The method of claim 3, wherein the first program is a first decentralized program (DApp) and the second program is a second DApp.
8. An apparatus for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object and/or a first program for accessing the first contract object, the apparatus comprising:
a first program, and a node where the first program is located;
the first program includes:
the system comprises a certificate information acquisition module, a certificate information acquisition module and a certificate information acquisition module, wherein the certificate information acquisition module is used for acquiring certificate information of access equipment when the equipment is accessed to the block chain network, and the certificate information comprises safety information of the access equipment; the execution of the first program is independent of a consensus mechanism of the blockchain network;
the first calling module is used for calling the first contract object, and the first contract object is used for generating security evaluation information aiming at the access equipment according to the certification information;
the node where the first program is located includes:
and the trusted node judgment module is used for judging whether the access equipment is a trusted node or not according to the security evaluation information.
9. The apparatus of claim 8, wherein the node at which the first program is located further comprises:
and the trusted node pool adding module is used for adding the access equipment into a preset trusted node pool if the access equipment is a trusted node.
10. An apparatus according to claim 8 or 9, wherein at least one node of the blockchain network is deployed with a second contract object and/or with a second program for accessing the second contract object; the device further comprises:
a second program, at a node of the blockchain network, comprising: the information receiving module is used for receiving the certification information and the identification information of the equipment;
the certification information acquiring module of the first program includes:
the identification acquisition submodule is used for acquiring identification information of the access equipment;
the request submodule is used for generating a certification information acquisition request and sending the certification information acquisition request to the second program, wherein the certification information acquisition request comprises identification information of the access equipment;
and the evidence information receiving submodule is used for receiving the evidence information sent by the second program, and the evidence information is searched by the second program according to the identification information.
11. The apparatus of claim 10, wherein the second program further comprises:
and the second calling module is used for calling the second contract object, and the second contract object stores the certification information and the identification information of the equipment to a preset distributed file system.
12. The apparatus of claim 11, wherein the second program further comprises:
and the third calling module is used for calling the second contract object when receiving the certification information acquisition request sent by the first program, and extracting the certification information corresponding to the identification information from the preset distributed file system by the second contract object.
13. The apparatus of claim 10, wherein the identity acquisition sub-module comprises:
and the identification receiving unit is used for receiving the identification information of the access equipment sent by a trusted node of the block chain network.
14. The apparatus of claim 10, wherein the first program is a first decentralized program DApp and the second program is a second DApp.
15. A trusted node determination apparatus based on a blockchain network, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform a method of trusted node determination based on blockchain networks as claimed in any one of claims 1 to 7.
16. One or more machine readable media having instructions stored thereon that, when executed by one or more processors, cause the processors to perform a method of trusted node determination based on blockchain networks as claimed in any one of claims 1 to 7.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811481860.6A CN111277553B (en) | 2018-12-05 | 2018-12-05 | Credible node determination method and device based on block chain network |
| TW108130001A TW202023238A (en) | 2018-12-05 | 2019-08-22 | Trusted node determining method and apparatus based on block chain network |
| PCT/CN2019/122641 WO2020114385A1 (en) | 2018-12-05 | 2019-12-03 | Trusted node determining method and apparatus based on block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811481860.6A CN111277553B (en) | 2018-12-05 | 2018-12-05 | Credible node determination method and device based on block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111277553A CN111277553A (en) | 2020-06-12 |
| CN111277553B true CN111277553B (en) | 2022-05-24 |
Family
ID=70974484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811481860.6A Active CN111277553B (en) | 2018-12-05 | 2018-12-05 | Credible node determination method and device based on block chain network |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN111277553B (en) |
| TW (1) | TW202023238A (en) |
| WO (1) | WO2020114385A1 (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113971289A (en) | 2020-07-08 | 2022-01-25 | 支付宝(杭州)信息技术有限公司 | Trusted starting method and device of block chain all-in-one machine |
| CN112491812B (en) | 2020-07-08 | 2022-03-01 | 支付宝(杭州)信息技术有限公司 | Hash updating method and device of block chain all-in-one machine |
| TWI827867B (en) * | 2020-07-28 | 2024-01-01 | 林修德 | Blockchain-based file storage device and file access authorization system and method thereof |
| CN111859457A (en) * | 2020-07-31 | 2020-10-30 | 联想(北京)有限公司 | Intelligent contract setting method and system |
| CN112153067B (en) * | 2020-09-28 | 2022-08-12 | 周口师范学院 | Edge computing safety system based on block chain |
| US11575499B2 (en) * | 2020-12-02 | 2023-02-07 | International Business Machines Corporation | Self auditing blockchain |
| US11374755B1 (en) * | 2020-12-08 | 2022-06-28 | International Business Machines Corporation | Entangled token structure for blockchain networks |
| CN112469044B (en) * | 2020-12-17 | 2023-07-11 | 国网辽宁省电力有限公司信息通信分公司 | Edge access control method and controller for heterogeneous terminal |
| CN112929361B (en) * | 2021-02-03 | 2023-06-02 | 中国联合网络通信集团有限公司 | Device authentication method, access node and computer readable storage medium |
| CN113076315A (en) * | 2021-04-01 | 2021-07-06 | 洪璐 | Intelligent home data chaining method and system of Internet of things on block chain |
| CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
| CN115018284B (en) * | 2022-05-24 | 2023-06-09 | 中国气象局气象探测中心 | Meteorological observation data quality assessment method |
| CN115190127A (en) * | 2022-07-08 | 2022-10-14 | 中国联合网络通信集团有限公司 | Evidence storing method, device and system for computing power service |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107734502A (en) * | 2017-09-07 | 2018-02-23 | 京信通信系统(中国)有限公司 | Micro-base station communication management method, system and equipment based on block chain |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106548342B (en) * | 2015-09-22 | 2023-07-04 | 创新先进技术有限公司 | Trusted device determining method and device |
| US10122695B2 (en) * | 2015-10-28 | 2018-11-06 | Cisco Technology, Inc. | Remote crowd attestation in a network |
| CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
| US11829998B2 (en) * | 2016-06-07 | 2023-11-28 | Cornell University | Authenticated data feed for blockchains |
| CN107819848A (en) * | 2017-11-08 | 2018-03-20 | 济南浪潮高新科技投资发展有限公司 | A kind of internet of things equipment autonomy interconnected method based on block chain |
| CN108566653B (en) * | 2018-07-02 | 2021-07-13 | 中国联合网络通信集团有限公司 | Operation management method of base station equipment and base station equipment |
-
2018
- 2018-12-05 CN CN201811481860.6A patent/CN111277553B/en active Active
-
2019
- 2019-08-22 TW TW108130001A patent/TW202023238A/en unknown
- 2019-12-03 WO PCT/CN2019/122641 patent/WO2020114385A1/en active Application Filing
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107734502A (en) * | 2017-09-07 | 2018-02-23 | 京信通信系统(中国)有限公司 | Micro-base station communication management method, system and equipment based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的远程证明模型;刘明达、拾以娟;《计算机科学》;20180228;第48-52页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111277553A (en) | 2020-06-12 |
| TW202023238A (en) | 2020-06-16 |
| WO2020114385A1 (en) | 2020-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111277553B (en) | Credible node determination method and device based on block chain network | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| WO2020258846A1 (en) | Method and apparatus for sending certifiable messages across chains | |
| CN109819443B (en) | Registration authentication method, device and system based on block chain | |
| CN109492380B (en) | Equipment authentication method and device and block link point | |
| JP6574168B2 (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
| CN110049087B (en) | Credibility verification method, system, device and equipment of alliance chain | |
| CN111654465A (en) | Power service cross-domain credible authentication system and method based on block chain | |
| CN111191283B (en) | Beidou positioning information security encryption method and device based on alliance block chain | |
| KR101253341B1 (en) | System and method for verifying counterfeit or falsification of application for mobile | |
| EP3210107A1 (en) | Method and apparatus for facilitating the login of an account | |
| CN109447799B (en) | Intelligent contract trading method and system based on block chain network | |
| RU2012151502A (en) | CONTENT REPUTATION SERVICE BASED ON DECLARATION | |
| KR102230471B1 (en) | Method of generating group proof for efficient transaction on blockchain network | |
| CN110046901B (en) | Credibility verification method, system, device and equipment of alliance chain | |
| CN110597918A (en) | Account management method and device and computer readable storage medium | |
| CN112749968B (en) | Service data recording method and device based on block chain | |
| CN110912689A (en) | Method and system for generating and verifying unique value | |
| EP3248349A1 (en) | Methods and apparatus for obtaining a scoped token | |
| CN110990790B (en) | Data processing method and equipment | |
| CN113904854B (en) | Block chain data encryption method and device based on quotient algorithm | |
| CN110110551B (en) | Data storage method and device | |
| CN111092958B (en) | Node access method, device, system and storage medium | |
| CN111597537B (en) | Block chain network-based certificate issuing method, related equipment and medium | |
| CN111353136B (en) | Method and device for processing operation request |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40031977 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |