CN111711607A - Block chain-based flow type micro-service trusted loading and verifying method - Google Patents

Block chain-based flow type micro-service trusted loading and verifying method Download PDF

Info

Publication number
CN111711607A
CN111711607A CN202010430763.5A CN202010430763A CN111711607A CN 111711607 A CN111711607 A CN 111711607A CN 202010430763 A CN202010430763 A CN 202010430763A CN 111711607 A CN111711607 A CN 111711607A
Authority
CN
China
Prior art keywords
user
service
micro
block chain
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010430763.5A
Other languages
Chinese (zh)
Other versions
CN111711607B (en
Inventor
王一川
田钰滢
任炬
黑新宏
朱赫
尹欣悦
马冰
丁一凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Technology
Original Assignee
Xian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Technology filed Critical Xian University of Technology
Priority to CN202010430763.5A priority Critical patent/CN111711607B/en
Publication of CN111711607A publication Critical patent/CN111711607A/en
Application granted granted Critical
Publication of CN111711607B publication Critical patent/CN111711607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a block chain-based flow type microservice credible loading and verifying method, which specifically comprises the following steps: firstly, a service provider submits a registration application in a blockchain network, acquires a Token generated by a user registration certificate and sends the Token to a user; the block chain network verifies the effectiveness of the Token and uploads the effective Token to the block chain network; the service provider stores the micro service and the micro service relation graph into a block chain network; a user requests a micro service from a blockchain network, the blockchain network traverses metadata in a micro service relation graph based on a graph search algorithm, and returns an address of a specified service provider to the user; and finally, the user requests the micro service from the specified service provider through an HTTP protocol, the blockchain network verifies the reasonability of the user for requesting the micro service, and response information is sent to the user. The problem of network security risk of a network service computing model in a complex IoT application scene in the prior art is solved.

Description

Block chain-based flow type micro-service trusted loading and verifying method
Technical Field
The invention belongs to the technical field of micro services, and particularly relates to a block chain-based trusted loading and verification method for a streaming micro service.
Background
With the coming of the internet era, the explosive growth of lightweight mobile terminal devices and the requirement for real-time response among the devices are higher and higher. Baas (block Stream as a service) is a more secure, flexible and dynamically balanced model. In this new cloud service model, instead of running the application completely in the data center or downloading the entire application from the application store to the client, the application is divided into micro-services. In addition, some micro services are operated at the server side, and simultaneously, the blocks which need to be operated locally on the equipment are subjected to stream processing. The user can obtain the required service through the network, and after enjoying the service, the user can abandon the service and obtain a new service from the network.
However, such emerging network service computing model also faces certain network security risks in a complex IoT application scenario, and there are mainly the following 3 unsafe scenarios: (1) malicious behaviors may exist in the user, and the service requested by the user from the service provider is unreasonable or even nonexistent; (2) the service provider may have malicious behaviors, and the service provider is deceived by the malicious behaviors to provide incorrect services for the user; (3) malicious behaviors may exist in the service transmission process, when the service provider transmits the service to the user, the service provider is attacked on the network, and the service received by the user is maliciously replaced or tampered.
The block chain technology originates from white paper of bitcoin released in 2008, and is widely concerned by various social circles because of decentralization, openness, tamper resistance, anonymity and traceability. The blockchain is essentially a decentralized, distributed ledger and database. The block chains can be divided into public chains and alliance chains according to the openness degree of the block chains. The public link is often used as the underlying support for the tile system, and anyone can participate, typically represented by Bitcoin (BTC), ether house (ETH), EOS, etc. The alliance chain is only opened for a specific organization group, namely only alliance members participate, the consensus process is controlled by the preselected nodes, and the nodes can be joined or withdrawn only after authorization. It is very significant to introduce the blockchain technique to improve the security of the network service computing model.
Disclosure of Invention
The invention aims to provide a block chain-based stream-type micro-service trusted loading and verification method, which solves the problem of network security risk of a network service computing model in a complex IoT application scene in the prior art.
The technical scheme adopted by the invention is that a block chain-based flow type micro-service trusted loading and verification method is implemented according to the following steps:
step 1, a service provider submits a registration application in a blockchain network, acquires a Token generated by a user registration certificate and sends the Token to a user;
step 2, the block chain network verifies the effectiveness of the Token, and uploads the effective Token to the block chain network;
step 3, the service provider stores the micro service and the micro service relation graph into a block chain network;
step 4, the user requests the block chain network for the micro service, the block chain network traverses the metadata in the micro service relational graph based on the graph search algorithm, and returns the address of the appointed service provider to the user;
and step 5, the user requests the micro service from the specified service provider through the HTTP, the block chain network verifies the rationality of the micro service requested by the user, and response information is sent to the user.
The present invention is also characterized in that,
the step 1 is implemented according to the following steps:
step 1.1, the block chain network obtains a registration application of a service provider, sets a public and private key path, verifies whether a user exists, and returns to finish if the user exists; if the user is a new user, starting to register and register, and returning a user name and a password;
step 1.2, the certificate issuing organization issues a registration certificate through the user name and the password, generates Token through the registration certificate, and sends the Token to the user.
The step 1.2 is specifically as follows:
the certificate authority adopts a Hash algorithm to operate the registration certificate to obtain Hash1, then adopts a private key of the certificate authority and an RSA algorithm to encrypt Hash1 to obtain an encrypted certificate, namely Token, and sends the Token to the user.
Token is used for the user to add and inquire the identity certificate of the event in the block chain network.
The step 2 is implemented according to the following steps:
step 2.1, decrypting Token by using a public key of a certificate authority to obtain a Hash value Hash2, and calculating a registration certificate plaintext by using SHA256 to obtain a ciphertext Hash 1;
and 2.2, comparing the value of the Hash1 with the value of the Hash2, if the Hash1 is the same as the Hash2, the verification of the registration certificate is passed, otherwise, the user holds an invalid Token, and finishing the verification.
Step 3 is specifically implemented according to the following steps:
step 3.1, the service provider encrypts the executable file of the micro service by adopting a message digest algorithm to generate a hash value;
step 3.2, performing digital signature on the hash value by adopting a private key of a service provider, and submitting the digital signature and a public key to a block chain network;
step 3.3, storing the micro service relation graph by adopting the service relation adjacency matrix and the service relation reachability matrix, carrying out digital signature on the micro service relation graph by adopting a private key of a service provider, and submitting the digital signature and the public key to the block chain network;
step 3.4, generating a proposal by the block chain according to the digital signature and the public key in the step 3.2 and the step 3.3, and submitting the proposal to an endorsement node in the block chain;
step 3.5, the endorsement node simulates and executes a proposal, verifies whether the digital signature is valid, if so, calls the SDK to generate a transaction, and sorts the transaction by the sorting service node to generate a block; otherwise, ending.
The micro-service relational graph is a directed acyclic graph; the service relation adjacency matrix represents the direct service relation among the micro services; the service relationship reachability matrix represents an indirect service relationship between the microservices.
Step 5 is specifically implemented according to the following steps:
step 5.1, the user establishes TCP connection with a server of a specified service provider, and after the connection is opened, the user sends request information to a corresponding port of the server;
step 5.2, the specified service provider processes the request information, namely, the block chain network traverses the micro-service relation graph based on the graph search algorithm;
step 5.3, if the corresponding micro-service relationship is found, namely the micro-service requested by the user is reasonable, providing the micro-service for the user, and jumping to the step 5.4, otherwise, the micro-service requested by the user is not reasonable, rejecting the micro-service request of the user;
step 5.4, after the user obtains the micro-service, the user adopts a hash algorithm to operate the micro-service to obtain a new hash value, and the new hash value is compared with the micro-service hash value stored in the block chain network;
step 5.5, if the new hash value is the same as the hash value, the micro service is provided by the appointed service provider, and the micro service is not attacked, tampered and replaced in the transmission process; otherwise, the user refuses to accept the microservice.
The micro service requested by the user is reasonable, and a specified service provider transmits the micro service to the user through an SSL protocol;
the SSL protocol communication specifically includes:
a user provides an SSL version, a random number a and an encryption mode for a specified service provider; the appointed service provider sends the new encryption mode, the digital certificate and the random number b to the user; the user confirms the validity of the digital certificate, then generates a random number, encrypts the random number by adopting a digital certificate public key of a specified service provider and sends the encrypted random number to the user; the appointed service provider decrypts the random number by using the private key; the user and the appointed service provider generate a session key by a new encryption mode through the random number and the random number a and the random number b.
The beneficial effect of the invention is that,
the invention relates to a block chain-based trusted loading and verification method for a streaming micro-service, which can avoid malicious behaviors of a user, namely unreasonable or even nonexistent service requested by the user to a service provider; the service provider can be prevented from providing incorrect service to the user after being deceived; malicious behaviors existing in the transmission process of the micro-service can be avoided, namely, when a service provider transmits the service to a user, the service provider is attacked on the network, and the service received by the user can be maliciously replaced or tampered; the invention relates to a block chain-based credible loading and verification method for a streaming micro service.A micro service and micro service relation graph issued by a service provider is uploaded to a block chain network, the block chain network is used as a verification platform between the service provider and a user, and the interactive evidence of the service provider and the user is recorded, so that the micro service is safely and credibly loaded and verified between the service provider and the user; the invention relates to a block chain-based credible loading and verifying method for a streaming micro service.
Drawings
FIG. 1 is a flow chart of a block chain-based method for trusted loading and verification of streaming microservice according to the present invention;
FIG. 2 is a flow chart of micro-service and service relation graph storage in a block chain-based method for trusted loading and verification of streaming micro-service according to the present invention;
fig. 3 is a schematic diagram of verifying Token validity in the block chain-based streaming microservice trusted loading and verifying method of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
The invention discloses a block chain-based stream-type microservice trusted loading and verifying method, which is implemented according to the following steps as shown in figure 1:
step 1, a service provider submits a registration application in a blockchain network, acquires a Token generated by a user registration certificate and sends the Token to a user;
the step 1 is implemented according to the following steps:
step 1.1, the block chain network obtains a registration application of a service provider, sets a public and private key path, verifies whether a user exists, and returns to finish if the user exists; if the user is a new user, starting to register and register, and returning a user name and a password;
step 1.2, a certificate issuing organization issues a registration certificate through a user name and a password, generates Token through the registration certificate and sends the Token to a user; the method specifically comprises the following steps:
the certificate authority adopts a Hash algorithm to calculate the registration certificate to obtain Hash1, then adopts a private key of the certificate authority and an RSA algorithm to encrypt Hash1 to obtain an encrypted certificate, namely Token, and sends the Token to the user;
wherein, Token is used for the user to add and inquire the identity voucher of the event in the block chain network;
step 2, the block chain network verifies the validity of Token, and uploads the valid Token to the block chain network, as shown in fig. 3; the method is implemented according to the following steps:
step 2.1, decrypting Token by using a public key of a certificate authority to obtain a Hash value Hash2, and calculating a registration certificate plaintext by using SHA256 to obtain a ciphertext Hash 1;
step 2.2, comparing the value of the Hash1 with the value of the Hash2, if the Hash1 is the same as the Hash2, the verification of the registration certificate is passed, otherwise, the user holds an invalid Token, and the verification is finished;
step 3, the service provider stores the micro service and the micro service relation graph into a block chain network, as shown in fig. 2; the method is implemented according to the following steps:
step 3.1, the service provider encrypts the executable file of the micro service by adopting a message digest algorithm to generate a hash value;
step 3.2, performing digital signature on the hash value by adopting a private key of a service provider, and submitting the digital signature and a public key to a block chain network;
step 3.3, storing the micro service relation graph by adopting the service relation adjacency matrix and the service relation reachability matrix, carrying out digital signature on the micro service relation graph by adopting a private key of a service provider, and submitting the digital signature and the public key to the block chain network;
step 3.4, generating a proposal by the block chain according to the digital signature and the public key in the step 3.2 and the step 3.3, and submitting the proposal to an endorsement node in the block chain;
step 3.5, the endorsement node simulates and executes a proposal, verifies whether the digital signature is valid, if so, calls the SDK to generate a transaction, and sorts the transaction by the sorting service node to generate a block; otherwise, ending;
wherein, the micro service relation graph is a directed acyclic graph; the service relation adjacency matrix represents the direct service relation among the micro services; the service relation reachability matrix represents an indirect service relation between the micro services;
step 4, the user requests the block chain network for the micro service, the block chain network traverses the metadata in the micro service relational graph based on the graph search algorithm, and returns the address of the appointed service provider to the user;
step 5, the user requests the specified service provider for the micro service through the HTTP protocol, the block chain network verifies the rationality of the micro service requested by the user, and response information is sent to the user; the method is implemented according to the following steps:
step 5.1, the user establishes TCP connection with a server of a specified service provider, and after the connection is opened, the user sends request information to a corresponding port of the server;
step 5.2, the specified service provider processes the request information, namely, the block chain network traverses the micro-service relation graph based on the graph search algorithm;
step 5.3, if the corresponding micro-service relationship is found, namely the micro-service requested by the user is reasonable, providing the micro-service for the user, and jumping to the step 5.4, otherwise, the micro-service requested by the user is not reasonable, rejecting the micro-service request of the user;
step 5.4, after the user obtains the micro-service, the user adopts a hash algorithm to operate the micro-service to obtain a new hash value, and the new hash value is compared with the micro-service hash value stored in the block chain network;
step 5.5, if the new hash value is the same as the hash value, the micro service is provided by the appointed service provider, and the micro service is not attacked, tampered and replaced in the transmission process; otherwise, the user refuses to accept the micro service;
the micro service requested by the user is reasonable, and a specified service provider transmits the micro service to the user through an SSL protocol;
the SSL protocol communication specifically includes:
a user provides an SSL version, a random number a and an encryption mode for a specified service provider; the appointed service provider sends the new encryption mode, the digital certificate and the random number b to the user; the user confirms the validity of the digital certificate, then generates a random number, encrypts the random number by adopting a digital certificate public key of a specified service provider and sends the encrypted random number to the user; the appointed service provider decrypts the random number by using the private key; the user and the appointed service provider generate a session key by a new encryption mode through the random number and the random number a and the random number b.
Examples
The block flow is an edge computing scene of the service, and the segmented App application block is a micro service which is transmitted and loaded in a streaming mode in a cloud service provider and Internet of things equipment. Take alliance blockchain HyperLegend as an example:
after a cloud service provider is registered in a certificate authority of the Fabric and successfully logs in, firstly, storing a micro service and a micro service relation graph in the Fabric, wherein the micro service and the micro service relation graph comprise a hash value; before requesting for service, the Internet of things equipment queries a service provider capable of providing the needed micro service from Fabric, and requests the micro service from a specified cloud service provider;
when a cloud service provider receives a request, the cloud service provider queries a micro-service relation graph through the Fabric, after the rationality of the micro-service request is verified, the micro-service executable file is safely transmitted to the Internet of things equipment, after the Internet of things equipment receives the file, the same hash algorithm operation is carried out on the file, the obtained new hash value is compared with the hash value of the file stored in the Fabric, if the new hash value is consistent with the hash value, the micro-service is proved to be provided by a credible cloud service provider, and the file is not attacked, tampered or even replaced in the transmission process. And if the new hash value is inconsistent with the hash value, refusing to accept the micro service.

Claims (9)

1. A block chain-based stream-type micro-service trusted loading and verification method is characterized by comprising the following steps:
step 1, a service provider submits a registration application in a blockchain network, acquires a Token generated by a user registration certificate and sends the Token to a user;
step 2, the block chain network verifies the effectiveness of the Token, and uploads the effective Token to the block chain network;
step 3, the service provider stores the micro service and the micro service relation graph into a block chain network;
step 4, the user requests the block chain network for micro service, the block chain network traverses metadata in the micro service relational graph based on a graph search algorithm, and returns the address of the appointed service provider to the user;
and step 5, the user requests the micro service from the appointed service provider through the HTTP, the block chain network verifies the rationality of the micro service requested by the user, and response information is sent to the user.
2. The block chain-based streaming microservice trusted loading and verifying method according to claim 1, wherein the step 1 is specifically implemented according to the following steps:
step 1.1, the block chain network obtains a registration application of a service provider, sets a public and private key path, verifies whether a user exists, and returns to finish if the user exists; if the user is a new user, starting to register and register, and returning a user name and a password;
step 1.2, the certificate authority issues a registration certificate through the user name and the password, then generates Token through the registration certificate, and sends the Token to the user.
3. The block chain-based streaming microservice trusted loading and verifying method according to claim 2, wherein the step 1.2 is specifically:
the certificate authority adopts a Hash algorithm to calculate the registration certificate to obtain Hash1, then adopts a private key of the certificate authority and an RSA algorithm to encrypt the Hash1 to obtain an encrypted certificate, namely Token, and sends the Token to the user.
4. The method according to claim 2, wherein the Token is used for a user to add and query an identity credential of an event in a blockchain network.
5. The block chain-based streaming microservice trusted loading and verifying method according to claim 3, wherein the step 2 is specifically implemented according to the following steps:
step 2.1, decrypting Token by using the public key of the certificate authority to obtain a Hash value Hash2, and calculating a registration certificate plaintext by using SHA256 to obtain a ciphertext Hash 1;
and 2.2, comparing the value of the Hash1 with the value of the Hash2, if the Hash1 is the same as the Hash2, the verification of the registration certificate is passed, otherwise, the user holds an invalid Token, and finishing the verification.
6. The block chain-based streaming microservice trusted loading and verifying method according to claim 2, wherein the step 3 is specifically implemented according to the following steps:
step 3.1, the service provider encrypts the executable file of the micro service by adopting a message digest algorithm to generate a hash value;
step 3.2, performing digital signature on the hash value by adopting a private key of a service provider, and submitting the digital signature and a public key to a block chain network;
step 3.3, storing the micro service relation graph by adopting a service relation adjacency matrix and a service relation reachability matrix, carrying out digital signature on the micro service relation graph by adopting a private key of a service provider, and submitting the digital signature and the public key to a block chain network;
step 3.4, generating a proposal by the block chain according to the digital signature and the public key in the step 3.2 and the step 3.3, and submitting the proposal to an endorsement node in the block chain;
step 3.5, the endorsement node simulates and executes a proposal, verifies whether the digital signature is valid, if so, calls the SDK to generate a transaction, sorts the transaction by a sorting service node, and generates a block; otherwise, ending.
7. The block chain-based streaming micro-service trusted loading and verification method according to claim 6, wherein the micro-service relationship graph is a directed acyclic graph; the service relation adjacency matrix represents a direct service relation among the micro services; the service relationship reachability matrix represents indirect service relationships between microservices.
8. The block chain-based streaming microservice trusted loading and verifying method according to claim 6, wherein the step 5 is implemented specifically according to the following steps:
step 5.1, a user establishes TCP connection with a server of a specified service provider, and after the connection is opened, the user sends request information to a corresponding port of the server;
step 5.2, the specified service provider processes the request information, namely, the block chain network traverses the micro-service relation graph based on a graph search algorithm;
step 5.3, if the corresponding micro-service relationship is found, namely the micro-service requested by the user is reasonable, providing the micro-service for the user, and jumping to the step 5.4, otherwise, the micro-service requested by the user is not reasonable, rejecting the micro-service request of the user;
step 5.4, after the user obtains the micro service, the micro service is operated by adopting a hash algorithm to obtain a new hash value, and the new hash value is compared with the micro service hash value stored in the block chain network;
step 5.5, if the new hash value is the same as the hash value, the micro service is provided by a specified service provider, and the micro service is not attacked, tampered and replaced in the transmission process; otherwise, the user refuses to accept the microservice.
9. The trusted loading and verification method for blockchain-based streaming microservice as claimed in claim 8, wherein the microservice requested by a user is reasonable, and the specified service provider transmits the microservice to the user through SSL protocol;
the SSL protocol communication specifically comprises the following steps:
a user provides an SSL version, a random number a and an encryption mode for a specified service provider; the appointed service provider sends a new encryption mode, a digital certificate and a random number b to a user; the user confirms the validity of the digital certificate, then a random number is generated, and the random number is encrypted by adopting a digital certificate public key of a specified service provider and then is sent to the user; the appointed service provider uses the private key to decrypt the random number; and the user and the appointed service provider generate a session key by the random number and the random number a and the random number b in the new encryption mode for communication.
CN202010430763.5A 2020-05-20 2020-05-20 Block chain-based flow type micro-service trusted loading and verifying method Active CN111711607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010430763.5A CN111711607B (en) 2020-05-20 2020-05-20 Block chain-based flow type micro-service trusted loading and verifying method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010430763.5A CN111711607B (en) 2020-05-20 2020-05-20 Block chain-based flow type micro-service trusted loading and verifying method

Publications (2)

Publication Number Publication Date
CN111711607A true CN111711607A (en) 2020-09-25
CN111711607B CN111711607B (en) 2022-04-22

Family

ID=72538383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010430763.5A Active CN111711607B (en) 2020-05-20 2020-05-20 Block chain-based flow type micro-service trusted loading and verifying method

Country Status (1)

Country Link
CN (1) CN111711607B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685321A (en) * 2021-01-11 2021-04-20 河南中原消费金融股份有限公司 Method, system and storage medium for testing microservice
CN114553495A (en) * 2022-01-27 2022-05-27 南京第三极区块链科技有限公司 Service registration and discovery system based on block chain and use method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170244687A1 (en) * 2016-02-24 2017-08-24 Whitewood Encryption Systems, Inc. Techniques for confidential delivery of random data over a network
CN109213616A (en) * 2018-09-25 2019-01-15 江苏润和软件股份有限公司 A kind of micro services software systems method for detecting abnormality based on calling map analysis
CN111177080A (en) * 2019-12-31 2020-05-19 西安理工大学 Knowledge graph storage and verification method based on block chain and IPFS

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170244687A1 (en) * 2016-02-24 2017-08-24 Whitewood Encryption Systems, Inc. Techniques for confidential delivery of random data over a network
CN109213616A (en) * 2018-09-25 2019-01-15 江苏润和软件股份有限公司 A kind of micro services software systems method for detecting abnormality based on calling map analysis
CN111177080A (en) * 2019-12-31 2020-05-19 西安理工大学 Knowledge graph storage and verification method based on block chain and IPFS

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DANIELE MAZZEI 等: "A Blockchain Tokenizer for Industrial IOT trustless applications", 《FUTURE GENERATION COMPUTER SYSTEMS》 *
YONGHYUN KIM 等: "Power Trading Blockchain using Hyperledger Fabric", 《2020 INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING》 *
罗鑫: "基于区块链的可信存储系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685321A (en) * 2021-01-11 2021-04-20 河南中原消费金融股份有限公司 Method, system and storage medium for testing microservice
CN114553495A (en) * 2022-01-27 2022-05-27 南京第三极区块链科技有限公司 Service registration and discovery system based on block chain and use method thereof

Also Published As

Publication number Publication date
CN111711607B (en) 2022-04-22

Similar Documents

Publication Publication Date Title
Lu et al. A blockchain-based privacy-preserving authentication scheme for VANETs
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
US11128477B2 (en) Electronic certification system
CN109309565B (en) Security authentication method and device
US10027670B2 (en) Distributed authentication
TWI744532B (en) Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network
CN109495490B (en) Block chain-based unified identity authentication method
CN113553574A (en) Internet of things trusted data management method based on block chain technology
CN109617692B (en) Anonymous login method and system based on block chain
US20200412554A1 (en) Id as service based on blockchain
Chai et al. CyberChain: Cybertwin empowered blockchain for lightweight and privacy-preserving authentication in Internet of Vehicles
Sun et al. Non-repudiation storage and access control scheme of insurance data based on blockchain in IPFS
CN111294352A (en) Data security authentication method between cloud and edge node
CN109687965A (en) The real name identification method of subscriber identity information in a kind of protection network
CN114139203B (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
WO2022089420A1 (en) Voting method and apparatus based on blockchain
CN111711607B (en) Block chain-based flow type micro-service trusted loading and verifying method
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
CN112543166A (en) Real name login method and device
JPWO2020010279A5 (en)
CN110662091A (en) Third-party live video access method, storage medium, electronic device and system
CN114125773A (en) Vehicle networking identity management system and management method based on block chain and identification password
CN114679332A (en) APT detection method of distributed system
CN110572392A (en) Identity authentication method based on HyperLegger network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant