CN111383021A

CN111383021A - Node management method, device, equipment and medium based on block chain network

Info

Publication number: CN111383021A
Application number: CN202010471558.3A
Authority: CN
Inventors: 朱耿良
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2020-05-29
Filing date: 2020-05-29
Publication date: 2020-07-07
Anticipated expiration: 2040-05-29
Also published as: CN111383021B

Abstract

The application discloses a node management method, device, equipment and medium based on a block chain network; the method comprises the following steps: the trusted node receives a node registration request sent by target equipment, and detects the consensus qualification of the target equipment in a trusted execution environment according to an identity certificate and equipment information in the node registration request; the trusted execution environment refers to a secure area that is located in the trusted node and is isolated from the operating system of the trusted node. If the target equipment is determined to have the consensus qualification, signing the identity certificate; and returning the signed identity certificate to the target equipment, so that the target equipment requests the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and the target equipment is used as a new consensus node of the block chain network to participate in the consensus processing of the block chain network according to the permission participation notice returned by the historical consensus node after passing the consensus. The method and the device can effectively improve the information security of the device information in the process of identifying the target device.

Description

Node management method, device, equipment and medium based on block chain network

Technical Field

The present invention relates to the field of internet technologies, and in particular, to a node management method based on a blockchain network, a node management apparatus based on a blockchain network, a computer device, and a computer storage medium.

Background

With the development of internet technology, blockchain networks gradually appear in the field of vision of people; and the block chain network has safe and reliable performance by virtue of a unique consensus mechanism. The consensus mechanism is a mechanism for completing verification and confirmation of transaction data in a short time through voting of the consensus node. With the continuous expansion of the blockchain network, more and more devices are to become consensus nodes in the blockchain network to participate in the consensus process of the blockchain network. Therefore, in order to ensure the performance of the blockchain network, how to better manage the target device to be the consensus node in the blockchain network becomes a research hotspot.

Disclosure of Invention

The embodiment of the invention provides a node management method, a node management device and a node management medium based on a block chain network, which can effectively improve the information security of device information in the process of identifying target devices.

On one hand, the embodiment of the invention provides a node management method based on a block chain network; the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the method is performed by the trusted node, the method comprising:

receiving a node registration request sent by target equipment, wherein the node registration request is generated according to an identity certificate of the target equipment and equipment information;

detecting, in the trusted execution environment, a consensus qualification of the target device based on the identity certificate and device information;

if the target device is determined to have the consensus qualification, signing the identity certificate;

and returning the signed identity certificate to the target equipment, so that the target equipment requests the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and the target equipment is used as a new consensus node of the block chain network to participate in the consensus processing of the block chain network according to an allowed participation notification returned by the historical consensus node after passing the consensus.

On one hand, the embodiment of the invention provides a node management method based on a block chain network; the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the method is performed by a target device, and comprises the following steps:

generating a node registration request according to the identity certificate of the target equipment and the equipment information;

sending the node registration request to the trusted node, so that the trusted node signs the identity certificate and returns the signed identity certificate after determining that the target device has the consensus qualification according to the identity certificate and the device information in the trusted execution environment;

if the signed identity certificate returned by the trusted node is received, sending a consensus participation request carrying the signed identity certificate to the historical consensus node so as to request the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and returning a participation permission notice after the target equipment passes the consensus;

and if the permission participation notification returned by the historical consensus node is received, the new consensus node serving as the block chain network participates in the consensus processing of the block chain network.

In one aspect, an embodiment of the present invention provides a node management apparatus based on a block chain network; the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the apparatus operating in the trusted node, the apparatus comprising:

a receiving unit, configured to receive a node registration request sent by a target device, where the node registration request is generated according to an identity certificate of the target device and device information;

a processing unit, configured to detect, in the trusted execution environment, a consensus qualification of the target device according to the identity certificate and device information;

the processing unit is further configured to sign the identity certificate if it is determined that the target device has the consensus qualification;

and the sending unit is used for returning the signed identity certificate to the target equipment, so that the target equipment requests the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and the target equipment is used as a new consensus node of the block chain network to participate in the consensus processing of the block chain network according to the permission participation notification returned by the historical consensus node after passing the consensus.

In one aspect, an embodiment of the present invention provides a node management apparatus based on a block chain network; the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the apparatus operates in a target device, the apparatus comprising:

the processing unit is used for generating a node registration request according to the identity certificate of the target equipment and the equipment information;

a sending unit, configured to send the node registration request to the trusted node, so that the trusted node signs the identity certificate and returns the signed identity certificate after determining that the target device has a consensus qualification according to the identity certificate and the device information in the trusted execution environment;

the sending unit is configured to send a consensus participation request carrying the signed identity certificate to the history consensus node if the signed identity certificate returned by the trusted node is received, so as to request the history consensus node to perform consensus processing on the target device according to the signed identity certificate, and return a participation permission notification after the target device passes the consensus;

and the consensus unit is used for participating in consensus processing of the blockchain network as a new consensus node of the blockchain network if the permission participation notification returned by the historical consensus node is received.

In one aspect, an embodiment of the present invention provides a computer device, where the computer device may be the above-mentioned trusted node or target device; the computer device includes an input interface and an output interface, the computer device further including:

a processor adapted to implement one or more instructions; and a computer storage medium;

when the computer device is a trusted node, the computer storage medium stores one or more first instructions adapted to be loaded by the processor and to perform the steps of:

When the computer device is a target device, the computer storage medium stores one or more second instructions adapted to be loaded by the processor and to perform the steps of:

In one aspect, an embodiment of the present invention provides a computer storage medium, where one or more first instructions are stored, where the one or more first instructions are adapted to be loaded by a processor and execute the node management method on the trusted node side; alternatively, the computer storage medium stores one or more second instructions, and the one or more second instructions are adapted to be loaded by the processor and execute the node management method on the target device side.

When the target device in the embodiment of the invention is about to participate in the consensus processing of the block chain network, a node registration request carrying an identity certificate and device information can be sent to a trusted node; and enabling the trusted node to detect the consensus qualification of the target equipment in the trusted execution environment according to the identity certificate and the equipment information. Because the trusted execution environment is positioned in the trusted node and is isolated from the operating system of the trusted node, the leakage of equipment information can be prevented by depending on the security mechanism of the trusted execution environment, and the privacy of qualification detection is improved. After determining that the target device has the consensus qualification, the trusted node can sign the identity certificate and return the signed identity certificate to the target device, so that the target device requests a history consensus node in the block chain network to perform consensus processing on the target device according to the signed identity certificate, and the target device is used as a new consensus node of the block chain network to participate in the consensus processing of the block chain network after passing the consensus. Therefore, the embodiment of the invention does not need to send the sensitive equipment information to the consensus node for consensus processing; therefore, network resources can be effectively saved, and equipment information can be effectively prevented from being leaked, so that the information security of the equipment information is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1a is a block chain network architecture according to an embodiment of the present invention;

fig. 1b is a schematic structural diagram of a trusted node according to an embodiment of the present invention;

FIG. 1c is a schematic diagram of a node management scheme according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a node management method based on a blockchain network according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating a node management method based on a blockchain network according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a node management apparatus based on a blockchain network according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a node management apparatus based on a blockchain network according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), a consensus mechanism, an encryption algorithm and the like; which is essentially a decentralized database, is a string of blocks of data that are related using cryptographic methods. A data block may also be referred to herein as a block, which is essentially a data structure for recording data information; each data block (block) contains information of a batch of network transactions, which is used to verify the validity (i.e. anti-counterfeiting) of the information and generate the next block. A network formed based on a blockchain and a peer-to-peer network (P2P network) may be referred to as a blockchain network, and computer devices performing data processing in the blockchain network may be referred to as node devices (nodes for short). It should be understood that any computer device (i.e., node) in the blockchain network may be either a terminal device or a server. The terminal device can be a smart phone, a tablet computer, a notebook computer, a desktop computer and the like, and is not limited; the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like, which is not limited thereto.

Wherein, cloud computing is a computing mode; the computing task is distributed on a resource ground formed by a large number of computers, so that various application systems can acquire computing power, storage space and a network for providing resources by information service according to needs, and the network can be called as 'cloud', and the resources in the 'cloud' support the functions of acquiring at any time, using as needed, expanding at any time and the like. That is, cloud Computing is a product of development and fusion of traditional computer and Network technologies, such as Grid Computing (Grid Computing), Distributed Computing (Distributed Computing), parallel Computing (ParallelComputing), Utility Computing (Utility Computing), Network storage (Network storage technologies), Virtualization (Virtualization), Load balancing (Load Balance), and the like. Big data is a data set which cannot be captured, managed and processed by a conventional software tool within a certain time range, and is a massive, high-growth-rate and diversified information asset which can have stronger decision-making power, insight discovery power and flow optimization capability only by a new processing mode.

In order to better manage a target device to be a common node in a blockchain network, an embodiment of the present invention first provides a novel blockchain network. Referring to fig. 1a, a block chain network according to an embodiment of the present invention may include at least: one or more history consensus nodes 11, certificate issuing nodes 12, and trusted nodes 13 (RA nodes). The historical consensus node 11 is a node that performs consensus processing based on a consensus mechanism and is already present in the blockchain network. The certificate issuing node 12 refers to a node in the blockchain network for providing the certificate issuing service, and the certificate issuing node 12 can communicate with the trusted node 13. The Trusted node 13 is a node in the blockchain network, configured to store device information of each node, and detect a consensus qualification of a target device by performing Trusted Computing (TC) in a Trusted Execution Environment (TEE); the feasible execution environment refers to a safe region which is located in the trusted node and is isolated from an operating System (Soc) of the trusted node; so-called trusted computing, also called trusted computing, is a technology that is motivated and developed by the trusted computing group (trusted computing cluster, TCPA for short).

Specifically, a schematic structural diagram of the trusted node 13 can be seen in fig. 1 b; it may at least comprise: trusted execution environment, other zones, and hardware supporting trusted nodes. The trusted execution environment may include a Trusted Application (TA), an API (Application Programming Interface) Interface of the trusted execution environment, and a security system; the trusted execution environment can ensure the safe transmission, storage and processing of sensitive data and ensure the confidentiality and integrity of TA execution through the combination of hardware and software. Other areas may include other modules, other API interfaces, and operating systems (e.g., android, IOS operating systems, etc.); the hardware may include a video transmitter for communication, a Central Processing Unit (CPU), a hard disk, etc.

It should be understood that fig. 1a is merely an example representation of the architecture of a blockchain network; but the specific architecture of the blockchain network is not limited. For example, the blockchain network shown in FIG. 1a includes a certificate issuing node 12; however, in actual deployment, the certificate issuing node 12 may not be deployed in the blockchain network, but a certificate issuing authority outside the blockchain network may be used to provide the certificate issuing service in a unified manner. For another example, the blockchain network may include other nodes such as a synchronization node, a service node, and an SPV (simple Payment Verification) node, in addition to the nodes shown in fig. 1 a; the synchronous node refers to a node participating in block synchronization in a block chain network, the service node refers to a node providing service processing service in the block chain network, and the SPV node refers to a node only providing storage service in the block chain network. As another example, the number of trusted nodes 13 in the blockchain network shown in fig. 1a is one, but in actual deployment, a plurality of trusted nodes 13 may be deployed in the blockchain network, and so on.

Based on the above block chain network, the embodiment of the present invention provides a node management scheme; the node management scheme is mainly used for carrying out safety supervision on target equipment and improving the safety of equipment information of the target equipment. The target device is a device to be a consensus node in the blockchain network to participate in the consensus processing of the blockchain network; which may include, but are not limited to: any device located outside the blockchain network, a non-consensus node (e.g., a synchronization node, a service node, etc.) located within the blockchain network. Referring to fig. 1c, the general principle of the node management scheme is as follows: the target device needs to apply for an identity certificate from the certificate issuing node through step s 11; the target device may then submit its identity certificate and device information to the trusted node, via step s 12. Accordingly, the trusted node may load the identity certificate and the device information of the target device into the trusted execution environment to perform trusted computing through step s13, so as to detect whether the target device has the consensus qualification as a consensus node. If the target device is determined to have the consensus qualification, performing a signature operation on the identity certificate of the target device in the trusted execution environment; and returns the signed identity certificate via step s 14. After receiving the signed identity certificate returned by the trusted node, the target device may request, through step s15, a history consensus node in the blockchain network to agree that the target device participates in consensus according to the signed identity certificate. Correspondingly, after the historical consensus node verifies the approval of the trusted node according to the signed identity certificate, the target device can be allowed to participate in subsequent consensus processing; at this time, the target device may become a new consensus node in the blockchain network and participate in the consensus process of the blockchain network with the identity of the new consensus node.

Therefore, when the node management scheme is adopted to manage the target equipment, the target equipment does not need to send sensitive equipment information to the consensus node for consensus processing; therefore, network resources can be effectively saved, and equipment information can be effectively prevented from being leaked, so that the information security of the equipment information is improved. And, because the trusted execution environment is a secure area located in the trusted node and isolated from the operating system of the trusted node; therefore, by loading the device information and the identity certificate into the trusted execution environment for trusted computing, the privacy of qualification detection can be improved by relying on a security mechanism of the trusted execution environment, and the leakage of the device information is further prevented.

Based on the above description of the node management scheme, an embodiment of the present invention provides a node management method based on a block chain network. Referring to fig. 2, the node management method may include the following steps S201 to S207:

s201, the target device generates a node registration request according to the identity certificate of the target device and the device information.

In a specific implementation, if the target device is to become a consensus node in the blockchain network to participate in the consensus processing of the blockchain network, an identity certificate and device information of the target device may be obtained first; the identity certificate here may be applied from a certificate issuing node in the blockchain network, or may be applied from a certificate issuing authority outside the blockchain network, which is not limited by the embodiment of the present invention. The device information of the target device may include, but is not limited to: device identification of the target device, status information of the target device, etc. The state information is used for indicating the equipment state of the target equipment; the device state may include an idle state or an occupied state. After acquiring the identity certificate and the equipment information of the target equipment, the target equipment can directly generate a node registration request carrying the identity certificate and the equipment information; in this case, the node registration request carries an identity certificate and device information.

In one embodiment, after the target device obtains the identity certificate and the device information of the target device, the identity certificate and the device information may also be encrypted by using a system private key of the target device to obtain encrypted identity information; and then, generating a node registration request according to the encrypted identity information. By encrypting the identity certificate and the equipment information, the identity certificate and the equipment information can be effectively prevented from being stolen in the process of being sent to the trusted node, and therefore the safety of the identity certificate and the equipment information is effectively improved. Under the condition, the node registration request carries encrypted identity information; the encrypted identity information is obtained by encrypting the identity certificate and the equipment information by adopting a system private key of the target equipment.

S202, the target device sends the node registration request to the trusted node.

After the target device generates the node registration request in step S201, the node registration request may be sent to the trusted node in step S202, so that the trusted node signs the identity certificate and returns the signed identity certificate after determining that the target device has the consensus qualification according to the identity certificate and the device information in the trusted execution environment. Accordingly, the trusted node may receive the node registration request sent by the target device and perform steps S203-S205.

S203, the trusted node detects the consensus qualification of the target device in the trusted execution environment according to the identity certificate and the device information.

As can be seen from the foregoing, the node registration request is generated according to the identity certificate of the target device and the device information; the node registration request may directly carry an identity certificate and device information, or may carry encrypted identity information. Therefore, in a specific implementation, if the node registration request directly carries the identity certificate and the device information, the trusted node may perform step S203. If the node registration request carries the encrypted identity information, the trusted node can firstly analyze the node registration request to obtain the encrypted identity information; secondly, a system public key of the target equipment can be obtained, and the encrypted identity information is decrypted by adopting the system public key to obtain an identity certificate and equipment information; then, the identity certificate and the device information are loaded into the trusted execution environment of the trusted node, and step S203 is executed.

In the specific implementation process of step S203, the target device may perform identity verification on the target device according to the identity certificate in the trusted execution environment. If the target device passes the identity verification, the trusted node can detect the consensus ability of the target device according to the device information. If the target device has the consensus capacity, determining that the target device has the consensus qualification; in this case, the trusted node may perform steps S204-S205. If the target device does not have the consensus capability, determining that the target device does not have the consensus qualification; in this case, the trusted node may refuse to sign the identity certificate of the target device and return a refusal signature notification to the target device. If the target equipment receives the signature rejection notification returned by the trusted node, the target equipment can send a node registration request to the trusted node again; or end the entire flow.

And S204, if the trusted node determines that the target device has the consensus qualification, signing the identity certificate.

And S205, the trusted node returns the signed identity certificate to the target equipment.

In steps S204-S205, if the target device has a consensus qualification, the trusted node may sign the identity certificate by using a device private key of the trusted execution environment to obtain a signed identity certificate; the signed identity certificate carries signature information of the trusted node. The private key of the equipment in the trusted execution environment is only stored in the trusted execution environment and cannot be acquired by the outside; and, the trusted execution environment is a secure area with hardware encryption mechanisms; therefore, the signature operation is executed by adopting the equipment private key in the trusted execution environment, so that the whole signature process is invisible to the outside, and the reliability of the signed identity certificate can be effectively improved. After the signed identity certificate is obtained, the trusted node can return the signed identity certificate to the target equipment; and enabling the target equipment to request the history consensus node to perform consensus processing on the target equipment according to the signed identity certificate, so that the target equipment is enabled to participate in the consensus processing of the block chain network as a new consensus node of the block chain network according to the permission participation notification returned by the history consensus node after passing the consensus.

And S206, if the target equipment receives the signed identity certificate returned by the trusted node, sending a consensus participation request carrying the signed identity certificate to the history consensus node so as to request the history consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and returning a participation permission notice after the target equipment passes the consensus.

Correspondingly, after receiving the consensus participation request sent by the target device, the history consensus node may first analyze the consensus participation request to obtain the signed identity certificate. And then, performing consensus processing on the target equipment according to the signed identity certificate. In one embodiment, if only one history consensus node is included in the blockchain network, the history consensus node may detect whether signature information of a trusted node exists in the signed identity certificate. If yes, determining that the target device passes the consensus; in this case, the consensus node may return a permission participation notification to the target device. If not, determining that the target device fails to pass the consensus; in this case, the consensus node may return a prohibit participation notification to the target device. The specific implementation manner of detecting whether the signature information of the trusted node exists in the signed identity certificate is as follows: acquiring an equipment public key of a trusted execution environment of the trusted node, and verifying signature information in the signed identity certificate by adopting the equipment public key; if the verification is successful, the signature information of the trusted node in the signed identity certificate can be determined; and if the verification fails, determining that the signed identity certificate does not have the signature information of the trusted node.

In one embodiment, if a plurality of history consensus nodes are included in the blockchain network, the plurality of history consensus nodes may respectively detect whether signature information of a trusted node exists in the signed identity certificate. Secondly, whether the target equipment passes the consensus or not can be voted according to the detection result obtained by the target equipment, and the voting result of each historical consensus node is obtained; the voting result here may include a support voting result indicating that the target devices are supported by consensus or a pair voting result against which the target devices are opposed to being supported by consensus. If the number of the voting support results meets a preset condition, determining that the target equipment passes consensus; otherwise, it may be determined that the target device fails the consensus. Wherein the preset condition may include any one of: the number of supported voting results is greater than the number of anti-voting results, the number of supported voting results is greater than a number threshold, and so on.

And S207, if the target device receives the participation permission notification returned by the historical consensus node, the target device participates in consensus processing of the block chain network as a new consensus node of the block chain network.

Fig. 3 is a schematic flowchart of another node management method based on a blockchain network according to an embodiment of the present invention. Referring to fig. 3, the node management method may include the following steps S301 to S311:

s301, the target device obtains the identity certificate and the device information of the target device.

S302, the target device encrypts the identity certificate and the device information by using a system private key of the target device to obtain encrypted identity information.

And S303, the target equipment generates a node registration request according to the encrypted identity information and sends the node registration request to the trusted node.

S304, the trusted node analyzes the node registration request to obtain the encrypted identity information.

S305, the trusted node acquires the system public key of the target device, and decrypts the encrypted identity information by adopting the system public key to obtain the identity certificate and the device information.

S306, the trusted node loads the identity certificate and the equipment information into a trusted execution environment of the trusted node.

S307, the trusted node detects the consensus qualification of the target device in the trusted execution environment according to the identity certificate and the device information. In a specific implementation, step S307 may include the following steps S21-S23:

and step s21, in the trusted execution environment, performing identity verification on the target device according to the identity certificate.

In one embodiment, the target device may detect whether the device to which the identity certificate is bound is the target device directly in the trusted execution environment; if yes, the target device can be determined to pass the identity verification. Otherwise, it may be determined that the target device fails the identity check. In one embodiment, the target device may also verify the validity of the identity certificate in the trusted execution environment before performing the step of detecting whether the device to which the identity certificate is bound is the target device in the trusted execution environment. If the identity certificate passes the validity check, then executing the step of detecting whether the equipment bound by the identity certificate is the target equipment in the trusted execution environment; if the identity certificate does not pass the validity check, the target device can be directly determined to not pass the identity check. The specific implementation manner of verifying the validity of the identity certificate in the trusted execution environment may be as follows: acquiring a root certificate from a certificate issuing node (or a certificate issuing authority), wherein the root certificate is generated by adopting a self-signature algorithm; the identity certificate is then verified using the root certificate. If the verification is successful, determining that the identity certificate passes the validity check; otherwise, the identity certificate is determined not to pass the validity check.

And step s22, if the target device passes the identity verification, detecting the consensus ability of the target device according to the device information.

In one embodiment, if the device information includes a device identifier, it may be detected whether the target device has the consensus capability by obtaining transaction data mentioned by the history of the target device according to the device identifier. Specifically, the trusted node may first obtain at least one data submission record of the target device according to the device identifier, where the data submission record is used to record transaction data submitted by the target device to the history consensus node. Secondly, determining violation transaction data historically submitted by the target device according to at least one data submission record; the violation transaction data herein may include at least one of: false transaction data, transaction data signed with a false certificate, and transaction data not signed with an identity certificate. Determining that the target device has consensus capabilities if the data volume of the illegal transaction data is less than a first volume threshold; determining that the target device does not have consensus capabilities if the amount of data of the illegal transaction data is greater than or equal to a first quantity threshold; wherein the first number threshold may be set according to an empirical value or a traffic demand. It should be appreciated that if the target device has not historically submitted the violation data, it may result in the violation data not being determinable from the at least one data record; in this case, it can be directly determined that the target device has the consensus capability.

In one embodiment, if the target device is a node participating in block synchronization in the blockchain network, that is, the target device is a synchronization node in the blockchain network; it can be detected whether the target device has the consensus capability according to the historical synchronization information generated by the target device during the course of the historical synchronization block. Specifically, the trusted node may first acquire historical synchronization information generated by the target device in a process of historical block synchronization participating in the block chain network; here, the history synchronization information may include at least one of: transaction data volume of history synchronization and synchronization efficiency of history synchronization. If the historical synchronization information meets the preset condition, determining that the target equipment has the consensus capacity; and if the historical synchronization information does not meet the preset condition, determining that the target equipment does not have the consensus capacity. Wherein the preset condition may include at least one of: the transaction data amount of the history synchronization is greater than a second amount threshold, and the synchronization efficiency of the history synchronization is greater than an efficiency threshold; it should be understood that the second quantity threshold and the efficiency threshold herein may both be set based on empirical values or traffic requirements.

In one embodiment, if the device information includes status information of the target device, the device status includes an idle status or an occupied status since the status information may be used to indicate a device status of the target device; it is therefore possible to detect whether the target device has the consensus capability according to the device status of the target device. Specifically, if the status information indicates that the device status of the target device is an idle status, it may be determined that the target device has the consensus capability. Further, if the device information further includes a total duration of the idle state; if the status information indicates that the device status of the target device is an idle status, the specific implementation of determining that the target device has the consensus capability may also be: if the state information indicates that the equipment state of the target equipment is an idle state, determining the idle time of the target equipment in the idle state; and determining the remaining idle time of the target device according to the total duration of the idle state and the idle time. If the remaining idle time is greater than the first time threshold, determining that the target device has the consensus capacity; and if the remaining idle time is less than or equal to the first time threshold, determining that the target device does not have the consensus capacity. The first time threshold may be set according to an empirical value or a traffic demand.

If the status information indicates that the device status of the target device is an occupied status, it may be determined that the target device does not have the consensus capability. Further, if the device information further includes the total duration of the occupied state; if the status information indicates that the device status of the target device is an occupied status, the specific implementation of determining that the target device does not have the consensus capability may also be: if the state information indicates that the equipment state of the target equipment is an occupied state, determining the occupied duration of the target equipment in the occupied state; and determining the remaining occupied time of the target equipment according to the total duration and the occupied time of the occupied state. If the residual occupied time is less than the second time threshold, determining that the target equipment has the consensus capacity; and if the residual occupied time is greater than or equal to the second time threshold, determining that the target equipment does not have the consensus capacity. The second duration threshold may be set according to an empirical value or a service requirement.

Step s23, if the target device has the consensus ability, determining that the target device has the consensus qualification; otherwise, the target device is determined not to have consensus qualifications.

S308, if the trusted node determines that the target device has the consensus qualification, the trusted node signs the identity certificate.

S309, the trusted node returns the signed identity certificate to the target device.

And S310, if the target equipment receives the signed identity certificate returned by the trusted node, sending a consensus participation request carrying the signed identity certificate to the historical consensus node so as to request the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and returning a participation permission notice after the target equipment passes the consensus.

And S311, if the target device receives the participation permission notification returned by the historical consensus node, the target device participates in consensus processing of the block chain network as a new consensus node of the block chain network.

Based on the description of the embodiment of the node management method, the embodiment of the invention also discloses a node management device based on the block chain network. The block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is located in the trusted node and is isolated from an operating system of the trusted node. The node management means may be a computer program (comprising program code) running in a trusted node in a blockchain network, and the node management means may perform part of the method steps shown in fig. 2-3. Referring to fig. 4, the node management apparatus may operate as follows:

a receiving unit 401, configured to receive a node registration request sent by a target device, where the node registration request is generated according to an identity certificate of the target device and device information;

a processing unit 402, configured to detect, in the trusted execution environment, a consensus qualification of the target device according to the identity certificate and device information;

the processing unit 402, further configured to sign the identity certificate if it is determined that the target device has the consensus qualification;

a sending unit 403, configured to return the signed identity certificate to the target device, so that the target device requests the history consensus node to perform consensus processing on the target device according to the signed identity certificate, so that the target device participates in the consensus processing of the blockchain network as a new consensus node of the blockchain network according to an allowance participation notification returned by the history consensus node after passing the consensus.

In an embodiment, the processing unit 402, when being configured to detect the consensus qualification of the target device in the trusted execution environment according to the identity certificate and the device information, is specifically configured to: in the trusted execution environment, performing identity verification on the target equipment according to the identity certificate; if the target equipment passes the identity verification, detecting the consensus ability of the target equipment according to the equipment information; if the target device has the consensus capacity, determining that the target device has the consensus qualification; otherwise, determining that the target device does not have consensus qualifications.

In one embodiment, the device information includes a device identification; correspondingly, when the processing unit 402 is configured to detect the consensus capability of the target device according to the device information, it may specifically be configured to: acquiring at least one data submission record of the target equipment according to the equipment identifier, wherein the data submission record is used for recording transaction data submitted by the target equipment to the history consensus node; determining violation transaction data historically submitted by the target device according to the at least one data submission record; the violation transaction data includes at least one of: false transaction data, transaction data signed with a false certificate, and transaction data not signed with the identity certificate; if the data volume of the illegal transaction data is smaller than a first quantity threshold value, determining that the target device has consensus capacity; determining that the target device does not have consensus capabilities if the amount of data of the illegal transaction data is greater than or equal to the first quantity threshold.

In one embodiment, the target device is a node participating in block synchronization in the blockchain network; correspondingly, when the processing unit 402 is configured to detect the consensus capability of the target device according to the device information, it may specifically be configured to: acquiring historical synchronization information generated by the target device in the process of historical participation in block synchronization of the blockchain network, wherein the historical synchronization information comprises at least one of the following: transaction data volume of history synchronization and synchronization efficiency of history synchronization; if the historical synchronization information meets a preset condition, determining that the target equipment has the consensus capacity; if the historical synchronization information does not meet the preset condition, determining that the target equipment does not have the consensus ability; wherein the preset condition comprises at least one of the following: the historical synchronized transaction data amount is greater than a second amount threshold, and the synchronization efficiency of the historical synchronization is greater than an efficiency threshold.

In one embodiment, the device information includes status information of the target device, where the status information is used to indicate a device status of the target device, and the device status includes an idle status or an occupied status; correspondingly, when the processing unit 402 is configured to detect the consensus capability of the target device according to the device information, it may specifically be configured to: if the state information indicates that the equipment state of the target equipment is the idle state, determining that the target equipment has the consensus capability; and if the state information indicates that the equipment state of the target equipment is the occupied state, determining that the target equipment does not have the consensus capability.

In one embodiment, the device information further includes a total duration of the idle state; correspondingly, when the processing unit 402 is configured to determine that the target device has the consensus capability if the status information indicates that the device status of the target device is the idle status, the processing unit may specifically be configured to: if the state information indicates that the equipment state of the target equipment is the idle state, determining the idle time of the target equipment in the idle state; determining the remaining idle time of the target equipment according to the total duration of the idle state and the idle time; if the remaining idle time is greater than a first time threshold, determining that the target device has the consensus capability; and if the remaining idle time is less than or equal to the first time threshold, determining that the target device does not have the consensus capability.

In one embodiment, the device information further includes a total duration of the occupancy state; correspondingly, when the processing unit 402 is configured to determine that the target device does not have the consensus capability if the status information indicates that the device status of the target device is the occupied status, it may specifically be configured to: if the state information indicates that the equipment state of the target equipment is the occupied state, determining the occupied duration of the target equipment in the occupied state; determining the remaining occupied time of the target equipment according to the total duration of the occupied state and the occupied time; if the residual occupied time is smaller than a second time threshold, determining that the target equipment has the consensus ability; and if the residual occupied time is greater than or equal to the second time threshold, determining that the target equipment does not have the consensus capacity.

In one embodiment, the node registration request carries encrypted identity information, and the encrypted identity information is obtained by encrypting the identity certificate and the device information by using a system private key of the target device; accordingly, the processing unit 402, before being configured to detect the consensus qualification of the target device in the trusted execution environment based on the identity certificate and the device information, is further configured to: analyzing the node registration request to obtain the encrypted identity information; acquiring a system public key of the target equipment, and decrypting the encrypted identity information by adopting the system public key to obtain the identity certificate and the equipment information; loading the identity certificate and the device information into a trusted execution environment of the trusted node.

According to an embodiment of the present invention, some steps involved in the methods shown in fig. 2-3 may be performed by each unit in the node management apparatus shown in fig. 4. For example, steps S203-S204 shown in fig. 2 may all be performed by the processing unit 402 shown in fig. 4, and step S205 may be performed by the transmitting unit 403 shown in fig. 4; as another example, steps S304-S308 shown in fig. 3 may all be performed by the processing unit 402 shown in fig. 4, and step S309 may be performed by the transmitting unit 403 shown in fig. 4.

According to another embodiment of the present invention, the units in the node management apparatus shown in fig. 4 may be respectively or entirely combined into one or several other units to form the node management apparatus, or some unit(s) therein may be further split into multiple units with smaller functions to form the node management apparatus, which may implement the same operation without affecting implementation of technical effects of embodiments of the present invention. The units are divided based on logic functions, and in practical application, the functions of one unit can be realized by a plurality of units, or the functions of a plurality of units can be realized by one unit. In other embodiments of the present invention, the node-based management apparatus may also include other units, and in practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.

According to another embodiment of the present invention, the node management apparatus device as shown in fig. 4 may be constructed by running a computer program (including program codes) capable of executing a part of steps involved in the respective methods as shown in fig. 2 to 3 on a general-purpose computing device such as a computer including a processing element such as a Central Processing Unit (CPU), a random access storage medium (RAM), a read only storage medium (ROM), and a storage element, and a node management method according to an embodiment of the present invention may be implemented. The computer program may be recorded on a computer-readable recording medium, for example, and loaded and executed in the above-described computing apparatus via the computer-readable recording medium.

Based on the description of the embodiment of the node management method, the embodiment of the invention also discloses a node management device based on the block chain network. The block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is located in the trusted node and is isolated from an operating system of the trusted node. The node management means may be a computer program (comprising program code) running in the above mentioned target device, and the node management means may perform part of the method steps shown in fig. 2-3. Referring to fig. 5, the node management apparatus may operate as follows:

a processing unit 501, configured to generate a node registration request according to the identity certificate of the target device and the device information;

a sending unit 502, configured to send the node registration request to the trusted node, so that the trusted node signs the identity certificate and returns the signed identity certificate after determining that the target device has a consensus qualification according to the identity certificate and the device information in the trusted execution environment;

the sending unit 502 is configured to send a consensus participation request carrying the signed identity certificate to the history consensus node if the signed identity certificate returned by the trusted node is received, so as to request the history consensus node to perform consensus processing on the target device according to the signed identity certificate, and return a participation permission notification after the target device passes consensus;

a consensus unit 503, configured to participate in consensus processing of the blockchain network as a new consensus node of the blockchain network if the permission participation notification returned by the history consensus node is received.

In an embodiment, when the processing unit 501 is configured to generate a node registration request according to the identity certificate of the target device and the device information, the processing unit is specifically configured to: acquiring an identity certificate and equipment information of the target equipment; encrypting the identity certificate and the equipment information by adopting a system private key of the target equipment to obtain encrypted identity information; and generating a node registration request according to the encrypted identity information.

According to an embodiment of the present invention, some steps involved in the methods shown in fig. 2-3 may be performed by each unit in the node management apparatus shown in fig. 5. For example, step S201 shown in fig. 2 may be performed by the processing unit 501 shown in fig. 5, steps S202 and S206 may be both performed by the transmitting unit 502 shown in fig. 5, and step S207 may be performed by the recognizing unit 503 shown in fig. 5; as another example, steps S301 to S302 shown in fig. 3 and step "generating a node registration request according to encrypted identity information" in step S303 may be performed by the processing unit 501 shown in fig. 5, step "sending a node registration request to a trusted node" in step S303 and step S310 may be performed by the sending unit 502 shown in fig. 5, and step S311 may be performed by the consensus unit 503 shown in fig. 5.

According to another embodiment of the present invention, the units in the node management apparatus shown in fig. 5 may be respectively or entirely combined into one or several other units to form the node management apparatus, or some unit(s) thereof may be further split into multiple units with smaller functions to form the node management apparatus, which may implement the same operation without affecting implementation of technical effects of embodiments of the present invention. The units are divided based on logic functions, and in practical application, the functions of one unit can be realized by a plurality of units, or the functions of a plurality of units can be realized by one unit. In other embodiments of the present invention, the node-based management apparatus may also include other units, and in practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.

According to another embodiment of the present invention, the node management apparatus device as shown in fig. 5 may be constructed by running a computer program (including program codes) capable of executing a part of steps involved in the respective methods as shown in fig. 2 to 3 on a general-purpose computing device such as a computer including a processing element such as a Central Processing Unit (CPU), a random access storage medium (RAM), a read only storage medium (ROM), and a storage element, and a node management method according to an embodiment of the present invention may be implemented. The computer program may be recorded on a computer-readable recording medium, for example, and loaded and executed in the above-described computing apparatus via the computer-readable recording medium.

Based on the description of the method embodiment and the device embodiment, the embodiment of the invention also provides a computer device; the computer device may be the trusted node mentioned above or the target device mentioned above. Referring to fig. 6, the computer device comprises at least a processor 601, an input interface 602, an output interface 603, and a computer storage medium 604. The processor 601, the input interface 602, the output interface 603, and the computer storage medium 604 in the computer device may be connected by a bus or other means. A computer storage medium 604 may be stored in the memory of the computer device, the computer storage medium 604 being used for storing a computer program comprising program instructions, the processor 601 being used for executing the program instructions stored by the computer storage medium 604. The processor 601 (or CPU) is a computing core and a control core of the computer device, and is adapted to implement one or more instructions, and in particular, is adapted to load and execute one or more instructions so as to implement a corresponding method flow or a corresponding function.

In an embodiment, if the computer device is a trusted node, the processor 601 according to the embodiment of the present invention may be configured to be controlled by the trusted node to perform a series of node management processes, including: receiving a node registration request sent by target equipment, wherein the node registration request is generated according to an identity certificate of the target equipment and equipment information; detecting, in the trusted execution environment, a consensus qualification of the target device based on the identity certificate and device information; if the target device is determined to have the consensus qualification, signing the identity certificate; and returning the signed identity certificate to the target equipment, so that the target equipment requests the history consensus node to perform consensus processing on the target equipment according to the signed identity certificate, so that the target equipment passes the consensus and then participates in the consensus processing of the block chain network as a new consensus node of the block chain network according to an allowed participation notification returned by the history consensus node, and the like.

In an embodiment, if the computer device is a target device, the processor 601 according to the embodiment of the present invention may be controlled by the target device to perform a series of node management processes, including: generating a node registration request according to the identity certificate of the target equipment and the equipment information; sending the node registration request to the trusted node, so that the trusted node signs the identity certificate and returns the signed identity certificate after determining that the target device has the consensus qualification according to the identity certificate and the device information in the trusted execution environment; if the signed identity certificate returned by the trusted node is received, sending a consensus participation request carrying the signed identity certificate to the historical consensus node so as to request the historical consensus node to perform consensus processing on the target equipment according to the signed identity certificate, and returning a participation permission notice after the target equipment passes the consensus; and if the permission participation notification returned by the historical consensus node is received, participating in consensus processing of the blockchain network as a new consensus node of the blockchain network, and the like.

An embodiment of the present invention further provides a computer storage medium (Memory), which is a Memory device in a computer device and is used to store programs and data. It is understood that the computer storage medium herein may include both built-in storage media in the computer device and, of course, extended storage media supported by the computer device. Computer storage media provide storage space that stores an operating system for a computer device. Also stored in this memory space are one or more instructions, which may be one or more computer programs (including program code), suitable for loading and execution by processor 601. The computer storage medium may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), such as at least one disk memory; it may also optionally be at least one computer storage medium located remotely from the aforementioned processor.

In one embodiment, if the computer device is a trusted node, one or more first instructions may be stored in the computer storage medium; and one or more first instructions stored in the computer storage medium may be loaded and executed by the processor 601 to implement the corresponding steps in the above-described related node management method embodiments; in particular implementations, one or more first instructions in the computer storage medium are loaded by the processor 601 and perform the following steps:

In one embodiment, when detecting the consensus qualification of the target device in the trusted execution environment based on the identity certificate and the device information, the one or more first instructions are loaded and specifically executed by processor 601: in the trusted execution environment, performing identity verification on the target equipment according to the identity certificate; if the target equipment passes the identity verification, detecting the consensus ability of the target equipment according to the equipment information; if the target device has the consensus capacity, determining that the target device has the consensus qualification; otherwise, determining that the target device does not have consensus qualifications.

In one embodiment, the device information includes a device identification; correspondingly, when the consensus ability of the target device is detected according to the device information, the one or more first instructions are loaded and specifically executed by the processor 601: acquiring at least one data submission record of the target equipment according to the equipment identifier, wherein the data submission record is used for recording transaction data submitted by the target equipment to the history consensus node; determining violation transaction data historically submitted by the target device according to the at least one data submission record; the violation transaction data includes at least one of: false transaction data, transaction data signed with a false certificate, and transaction data not signed with the identity certificate; if the data volume of the illegal transaction data is smaller than a first quantity threshold value, determining that the target device has consensus capacity; determining that the target device does not have consensus capabilities if the amount of data of the illegal transaction data is greater than or equal to the first quantity threshold.

In one embodiment, the target device is a node participating in block synchronization in the blockchain network; correspondingly, when the consensus ability of the target device is detected according to the device information, the one or more first instructions are loaded and specifically executed by the processor 601: acquiring historical synchronization information generated by the target device in the process of historical participation in block synchronization of the blockchain network, wherein the historical synchronization information comprises at least one of the following: transaction data volume of history synchronization and synchronization efficiency of history synchronization; if the historical synchronization information meets a preset condition, determining that the target equipment has the consensus capacity; if the historical synchronization information does not meet the preset condition, determining that the target equipment does not have the consensus ability; wherein the preset condition comprises at least one of the following: the historical synchronized transaction data amount is greater than a second amount threshold, and the synchronization efficiency of the historical synchronization is greater than an efficiency threshold.

In one embodiment, the device information includes status information of the target device, where the status information is used to indicate a device status of the target device, and the device status includes an idle status or an occupied status; correspondingly, when the consensus ability of the target device is detected according to the device information, the one or more first instructions are loaded and specifically executed by the processor 601: if the state information indicates that the equipment state of the target equipment is the idle state, determining that the target equipment has the consensus capability; and if the state information indicates that the equipment state of the target equipment is the occupied state, determining that the target equipment does not have the consensus capability.

In one embodiment, the device information further includes a total duration of the idle state; correspondingly, when it is determined that the target device has the consensus capability if the state information indicates that the device state of the target device is the idle state, the one or more first instructions are loaded and specifically executed by the processor 601: if the state information indicates that the equipment state of the target equipment is the idle state, determining the idle time of the target equipment in the idle state; determining the remaining idle time of the target equipment according to the total duration of the idle state and the idle time; if the remaining idle time is greater than a first time threshold, determining that the target device has the consensus capability; and if the remaining idle time is less than or equal to the first time threshold, determining that the target device does not have the consensus capability.

In one embodiment, the device information further includes a total duration of the occupancy state; correspondingly, when it is determined that the target device does not have the consensus capability if the state information indicates that the device state of the target device is the occupied state, the one or more first instructions are loaded and specifically executed by the processor 601: if the state information indicates that the equipment state of the target equipment is the occupied state, determining the occupied duration of the target equipment in the occupied state; determining the remaining occupied time of the target equipment according to the total duration of the occupied state and the occupied time; if the residual occupied time is smaller than a second time threshold, determining that the target equipment has the consensus ability; and if the residual occupied time is greater than or equal to the second time threshold, determining that the target equipment does not have the consensus capacity.

In one embodiment, the node registration request carries encrypted identity information, and the encrypted identity information is obtained by encrypting the identity certificate and the device information by using a system private key of the target device; accordingly, before detecting the consensus qualification of the target device in the trusted execution environment according to the identity certificate and the device information, the one or more first instructions may be further loaded and specifically executed by the processor 601: analyzing the node registration request to obtain the encrypted identity information; acquiring a system public key of the target equipment, and decrypting the encrypted identity information by adopting the system public key to obtain the identity certificate and the equipment information; loading the identity certificate and the device information into a trusted execution environment of the trusted node.

In one embodiment, if the computer device is a target device, one or more second instructions may be stored in the computer storage medium; and one or more second instructions stored in the computer storage medium may be loaded and executed by the processor 601 to implement the corresponding steps in the above-described embodiments of the node management method; in a specific implementation, one or more second instructions in the computer storage medium are loaded by the processor 601 and perform the following steps:

In one embodiment, when generating the node registration request according to the identity certificate of the target device and the device information, the one or more second instructions are loaded and specifically executed by the processor 601: acquiring an identity certificate and equipment information of the target equipment; encrypting the identity certificate and the equipment information by adopting a system private key of the target equipment to obtain encrypted identity information; and generating a node registration request according to the encrypted identity information.

The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.

Claims

1. A node management method based on a block chain network is characterized in that the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the method is performed by the trusted node, the method comprising:

2. The method of claim 1, wherein detecting consensus qualification of the target device in the trusted execution environment based on the identity certificate and device information comprises:

in the trusted execution environment, performing identity verification on the target equipment according to the identity certificate;

if the target equipment passes the identity verification, detecting the consensus ability of the target equipment according to the equipment information;

if the target device has the consensus capacity, determining that the target device has the consensus qualification; otherwise, determining that the target device does not have consensus qualifications.

3. The method of claim 2, wherein the device information includes a device identification, and wherein the detecting the consensus capability of the target device from the device information comprises:

acquiring at least one data submission record of the target equipment according to the equipment identifier, wherein the data submission record is used for recording transaction data submitted by the target equipment to the history consensus node;

determining violation transaction data historically submitted by the target device according to the at least one data submission record; the violation transaction data includes at least one of: false transaction data, transaction data signed with a false certificate, and transaction data not signed with the identity certificate;

if the data volume of the illegal transaction data is smaller than a first quantity threshold value, determining that the target device has consensus capacity; determining that the target device does not have consensus capabilities if the amount of data of the illegal transaction data is greater than or equal to the first quantity threshold.

4. The method of claim 2, wherein the target device is a node participating in block synchronization in the blockchain network; the detecting the consensus capability of the target device according to the device information includes:

acquiring historical synchronization information generated by the target device in the process of historical participation in block synchronization of the blockchain network, wherein the historical synchronization information comprises at least one of the following: transaction data volume of history synchronization and synchronization efficiency of history synchronization;

if the historical synchronization information meets a preset condition, determining that the target equipment has the consensus capacity; if the historical synchronization information does not meet the preset condition, determining that the target equipment does not have the consensus ability; wherein the preset condition comprises at least one of the following: the historical synchronized transaction data amount is greater than a second amount threshold, and the synchronization efficiency of the historical synchronization is greater than an efficiency threshold.

5. The method of claim 2, wherein the device information comprises status information of the target device, the status information indicating a device status of the target device, the device status comprising an idle status or an occupied status; the detecting the consensus capability of the target device according to the device information includes:

if the state information indicates that the equipment state of the target equipment is the idle state, determining that the target equipment has the consensus capability;

and if the state information indicates that the equipment state of the target equipment is the occupied state, determining that the target equipment does not have the consensus capability.

6. The method of claim 5, wherein the device information further comprises a total duration of the idle state; if the status information indicates that the device status of the target device is the idle status, determining that the target device has a consensus capability, including:

if the state information indicates that the equipment state of the target equipment is the idle state, determining the idle time of the target equipment in the idle state;

determining the remaining idle time of the target equipment according to the total duration of the idle state and the idle time;

if the remaining idle time is greater than a first time threshold, determining that the target device has the consensus capability; and if the remaining idle time is less than or equal to the first time threshold, determining that the target device does not have the consensus capability.

7. The method of claim 5, wherein the device information further includes a total duration of the occupancy state; if the status information indicates that the device status of the target device is the occupied status, determining that the target device does not have the consensus capability, including:

if the state information indicates that the equipment state of the target equipment is the occupied state, determining the occupied duration of the target equipment in the occupied state;

determining the remaining occupied time of the target equipment according to the total duration of the occupied state and the occupied time;

if the residual occupied time is smaller than a second time threshold, determining that the target equipment has the consensus ability; and if the residual occupied time is greater than or equal to the second time threshold, determining that the target equipment does not have the consensus capacity.

8. The method of claim 1, wherein the node registration request carries encrypted identity information, the encrypted identity information being obtained by encrypting the identity certificate and the device information using a system private key of the target device; before detecting the consensus qualification of the target device according to the identity certificate and the device information in the trusted execution environment, the method further includes:

analyzing the node registration request to obtain the encrypted identity information;

acquiring a system public key of the target equipment, and decrypting the encrypted identity information by adopting the system public key to obtain the identity certificate and the equipment information;

loading the identity certificate and the device information into a trusted execution environment of the trusted node.

9. A node management method based on a block chain network is characterized in that the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the method is performed by a target device, the method comprising:

10. The method of claim 9, wherein generating a node registration request based on the identity certificate of the target device and device information comprises:

acquiring an identity certificate and equipment information of the target equipment;

encrypting the identity certificate and the equipment information by adopting a system private key of the target equipment to obtain encrypted identity information;

and generating a node registration request according to the encrypted identity information.

11. The node management device based on the block chain network is characterized in that the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the apparatus operating in the trusted node, the apparatus comprising:

12. The node management device based on the block chain network is characterized in that the block chain network comprises a history consensus node and a credible node; the trusted node provides certificate issuing service based on a trusted execution environment, wherein the trusted execution environment is a safe area which is positioned in the trusted node and is isolated from an operating system of the trusted node; the apparatus operates in a target device, the apparatus comprising:

13. A computer device comprising an input interface and an output interface, further comprising:

a processor adapted to implement one or more instructions; and the number of the first and second groups,

a computer storage medium storing one or more first instructions adapted to be loaded by the processor and to perform the method of node management based on a blockchain network according to any one of claims 1 to 8; alternatively, the computer storage medium stores one or more second instructions adapted to be loaded by the processor and to perform the method of node management based on a blockchain network according to any one of claims 9 to 10.

14. A computer storage medium, characterized in that the computer storage medium stores one or more first instructions adapted to be loaded by a processor and to perform the method of node management based on a blockchain network according to any one of claims 1 to 8; alternatively, the computer storage medium stores one or more second instructions adapted to be loaded by the processor and to perform the method of node management based on a blockchain network according to any one of claims 9 to 10.