CN111767566A - Partial substitution integration method and system of CFL authentication system in Fabric system - Google Patents
Partial substitution integration method and system of CFL authentication system in Fabric system Download PDFInfo
- Publication number
- CN111767566A CN111767566A CN202010560108.1A CN202010560108A CN111767566A CN 111767566 A CN111767566 A CN 111767566A CN 202010560108 A CN202010560108 A CN 202010560108A CN 111767566 A CN111767566 A CN 111767566A
- Authority
- CN
- China
- Prior art keywords
- cfl
- interface
- component
- authentication service
- msp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B20/00—Energy efficient lighting technologies, e.g. halogen lamps or gas discharge lamps
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a partial substitution integration method and system of a CFL authentication system in a Fabric system, belonging to the technical field of information security and comprising the following steps: according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface; in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component; replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly; in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively. The method realizes the application of the CFL certification system in the Fabric system by reserving the initial MSP and BCCSP components of the Fabric system.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a partial substitution integration method and system of a CFL authentication system in a Fabric system.
Background
The identity-based self-authentication certificate authentication system CFL is an authentication system which is high in safety degree, high in authentication speed, low in computing resource consumption and capable of protecting the privacy of a user, and is more suitable for information security construction of novel networks such as big data, cloud computing, mobile communication networks and smart cities.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The block chain (Blockchain) is an important concept of the bitcoin, and the core is a distributed book for recording each transaction occurring in the network, which is essentially a decentralized database, and at the same time, as the underlying technology of the bitcoin, is a series of data blocks produced by correlation by using a cryptographic method, and each data block contains information of a batch of bitcoin network transactions for verifying the validity (anti-counterfeiting) of the information and generating the next block.
Because the CFL is also an authentication technique for decentralization of application, and has the information security concept of deporing of application, supporting the authentication characteristic of security process, and complying with "nobody in network", the CFL can fully support authentication in the block chain, and based on the CFL authentication technique, five-property (confidentiality, integrity, availability, controllability, and authenticable) protection of information security of the block chain can be further provided. However, a scheme for integrating the CFL authentication mechanism into the Fabric system to enhance the information security of the blockchain is still lacking.
Disclosure of Invention
The present invention is directed to overcome the above-mentioned shortcomings in the prior art, and provides a method for integrating a CFL certification system into a Fabric system.
In order to achieve the above object, a partial replacement integration method of a CFL certification system in a Fabric system is adopted, which includes:
according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface;
in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively.
Further, the step of constructing the cryptographic algorithm component as an API call interface of the cryptographic algorithm according to the formulation rule of the Fabric initial authentication service interface includes:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
Further, the constructing the CFL component as a CFL authentication service interface according to the formulation rule of the Fabric system initial authentication service interface includes:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Further, in the BCCSP component of the Fabric system, replacing the API call interface of the initial cryptographic algorithm of the BCCSP component with the API call interface of the cryptographic algorithm includes:
and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
Further, replacing, in the MSP component of the Fabric system, the MSP initial authentication service interface with a CFL authentication service interface, comprises:
performing integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
the integration of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system.
Further, the integration of the CFL authentication service interface is performed in an instruction execution file in an instruction layer of the Fabric system, including:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
Further, the instruction execution files in the instruction layer include create.go files, join.go files, list.go files, fetch.go files, install.go files, invokeandquery.go files, and upgrade.go files.
Further, the integrating of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system, including:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
On the other hand, a partial replacement integrated system in the Fabric system adopting a CFL authentication system comprises an interface construction module, a first integrated module, a second integrated module and a replacement module, wherein:
the interface construction module is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the initial authentication service interface of the Fabric system;
the first integrated module is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module is used for replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
the replacing module is used for replacing the initial BCCSP and the MSP component API calling interface by using a new BCCSP component and a new MSP component API calling interface in an instruction execution file directory of the Fabric system.
Further, the interface construction module comprises an API call interface construction unit of the cryptographic algorithm and a CFL authentication service interface construction unit, wherein:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Compared with the prior art, the invention has the following technical effects: the method comprises the steps of reserving initial MSP and BCCSP components of the Fabric system, including source files, data structures, execution interfaces and the like, and introducing CFL components and cryptographic algorithm components. And constructing a new CFL authentication service interface by referring to the compiling rule of the initial authentication service interface of the Fabric system, and replacing the initial authentication service execution interface of the Fabric system by using the new CFL authentication service execution interface in the related components of the instruction layer and the interaction layer of the Fabric system, thereby realizing the integration of the CFL authentication system and the Fabric system and the application of the CFL authentication system in the Fabric system.
Drawings
The following detailed description of embodiments of the invention refers to the accompanying drawings in which:
FIG. 1 is a flow chart of a partial replacement integration method of a CFL certification system in a Fabric system;
FIG. 2 is a block diagram of a partially-replaced integrated system in a Fabric system with a CFL certification system.
Detailed Description
To further illustrate the features of the present invention, refer to the following detailed description of the invention and the accompanying drawings. The drawings are for reference and illustration purposes only and are not intended to limit the scope of the present disclosure.
As shown in fig. 1, the present embodiment discloses a partial replacement integration method of a CFL certification system in a Fabric system, including the following steps S1 to S4:
s1, constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compiling rule of the initial authentication service interface of the Fabric system;
s2, in the BCCSP component of the Fabric system, replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
s3, replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
and S4, replacing the initial BCCSP and MSP component API calling interfaces with the new BCCSP component and the new MSP component API calling interfaces in the instruction execution file directory of the Fabric system respectively.
Further, in step S1, constructing the cryptographic algorithm component as an API call interface of the cryptographic algorithm according to the formulation rule of the Fabric initial authentication service interface, includes:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
Further, the above step S2: in the BCCSP component of the Fabric system, replacing the initial cryptographic algorithm API call interface of the BCCSP component with the API call interface of the cryptographic algorithm to obtain a new BCCSP component, comprising: and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
Specifically, in this embodiment, the GMSF bundle is added to the packet path of the BCCSP component, the internal execution code of the cryptographic algorithm API call interface of the BCCSP is changed, and the API call interface of the GMSF bundle cryptographic algorithm, such as SM2 signature (SM2sign), SM2 signature verification (SM2verify), CPK combined key pair generation (CPKgenkey), SM3hash operation (SM3hash), is used to replace the initial cryptographic algorithm API call interface of the BCCSP.
Further, in step S1, constructing the CFL component as a CFL authentication service interface according to the rules of the Fabric initial authentication service interface includes:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
writing a calling path of the CFL file package in the MSP component package;
according to the internal coding logic of an MSP initial authentication service interface function in the Fabric system, a CFL authentication function interface with the same function as an MSP initial authentication service execution interface is constructed and obtained in an MSP assembly by calling the CFL authentication function interface of the CFL assembly; the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), an identity sequence packaging interface CFL _ Serialize () based on a CFL certificate and an MSP certificate unpacking interface CFL _ Deserialize () based on the CFL certificate.
The 5-class interfaces listed in table 1 and the MSP initial authentication service execution interface realize the same functions, and the integration of the CFL authentication system in the Fabric system can be directly realized in the Fabric instruction source code by replacing the MSP initial authentication service interface.
TABLE 1 alternate relationship of CFL-based authentication service interface to initial authentication service interface
| Serial number | CFL-based authentication service interface | Initial authentication service interface | Interface implementation function |
| 1 | CFL_Validate() | Validate()→validateIdentity() | Certificate validity verification |
| 2 | CFL_Sign() | Sign() | Certificate signing |
| 3 | CFL_Verify() | Verify() | Certificate signature verification |
| 4 | CFL_Serialize() | Serialize() | Certificate packing (serialization process) |
| 5 | CFL_Deserialize() | Deserialize() | Certificate unpacking (deserialization) |
The MSP initial certificate validity verification interface 'validateldendentty ()' calls a sub-function 'getCertification ChainForBCCSPIPendentty ()', 'validateldendentAgainst Chain ()' and 'validateldendentyou ()', and respectively realizes traversal of an X.509 certificate Authority Key Identifier (AKI), verification of whether a certificate signature is in the AKI and verification of validity of an organization information format of the certificate, so that user identity certificate authentication based on a PKI authentication system is completed; based on CFL certification interface function "CFL VerifyServerCed ()", a new MSP certificate validity verification interface "CFL valid ()" can be constructed, so that a Fabric system user certificate validity verification interface based on CFL certificate verification process is realized.
And (3) calling a CFL authentication function interface in the MSP to construct an MSP authentication service interface based on the CFL. The CFL authentication function interface and the MSP initial authentication service execution interface realize the same function, and the integration of the CFL authentication system in the Fabric system can be realized directly in an instruction layer and an interaction layer by replacing the MSP initial authentication service interface.
Further, the above step S3: replacing the MSP initial authentication service interface with the CFL authentication service interface in the MSP component of the Fabric system to obtain a new MSP component, wherein the method comprises the following subdivision steps S31 to S32:
s31, executing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
s32, executing the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system.
Specifically, the instruction execution files in the instruction layer include create.go files, join.go files, list.go files, fetch.go files, install.go files, invokeandquery.go files, and upgrade.go files.
Step S31: performing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system, including:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
Specifically, step S32: the integrating of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system, comprising:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verfy () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verfy () in a Validate () function of a txvalidator.
It should be noted that the embodiment introduces CFL and cryptographic algorithm components by retaining the original MSP and BCCSP components of the Fabric system, including source files, data structures, execution interfaces, and the like. And a new CFL authentication service interface (CFL signature, CFL signature verification, CFL certificate authentication, identity sequence packaging based on a CFL certificate and the like) is constructed by referring to the compiling rule of the initial authentication service interface, and the new CFL authentication service execution interface is used for replacing the initial authentication service execution interface in related components of a Fabric system instruction layer and an interaction layer, so that the integration of a CFL authentication system in a Fabric system is realized.
As shown in fig. 2, the present embodiment discloses a partial replacement integrated system of a CFL certification system in a Fabric system, including an interface construction module 10, a first integrated module 20, a second integrated module 30, and a replacement module 40, where:
the interface construction module 10 is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the Fabric system initial authentication service interface;
the first integrated module 20 is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module 30 is configured to replace, in the MSP component of the Fabric system, the MSP initial authentication service interface with the CFL authentication service interface to obtain a new MSP component;
the replacement module 40 is configured to replace the initial BCCSP and the MSP component API call interface with a new BCCSP component and a new MSP component API call interface, respectively, in an instruction execution file directory of the Fabric system.
The interface construction module 10 includes an API call interface construction unit of a cryptographic algorithm and a CFL authentication service interface construction unit, where:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Further, the first integration module 20 is specifically configured to add the GMSF portfolio to the package path of the BCCSP component, so as to replace the API call interface of the initial cryptographic algorithm of the BCCSP component with the API call interface of the cryptographic algorithm in the GMSF portfolio.
Further, the second integration module 30 includes an instruction layer integration unit and an interaction layer execution unit, wherein:
the instruction layer integration unit is used for executing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
and the interaction layer integration unit is used for executing the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system.
Specifically, the instruction layer integration unit is configured to replace a package interface serial () interface and a Sign () interface in the MSP initial authentication service interface with the CFL certificate-based identity sequence package interface CFL _ serial () and the CFL signature interface CFL _ Sign () to implement functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate; writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node; and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
The interaction layer integration unit is used for replacing a Deserialize () interface, a Validate0 interface and a Verify () interface in an MSP initial authentication service interface by the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a checkSignatureFromCreator () function of an endorser component msgvalidation. Adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method; replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A partial replacement integration method of a CFL certification system in a Fabric system is characterized by comprising the following steps:
according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface;
in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively.
2. The method for partial replacement integration of the CFL authentication system in the Fabric system according to claim 1, wherein the step of constructing the cryptographic algorithm component as the API calling interface of the cryptographic algorithm according to the formulation rule of the Fabric system initial authentication service interface comprises:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
3. The method for partial replacement integration of the CFL authentication system in the Fabric system according to claim 1, wherein the constructing the CFL component as the CFL authentication service interface according to the formulation rule of the Fabric system initial authentication service interface comprises:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
4. The method for partial replacement integration of the CFL certification system in the Fabric system according to claim 2, wherein the replacing, in the BCCSP component of the Fabric system, the API call interface of the cryptographic algorithm replaces the API call interface of the cryptographic algorithm originally included in the BCCSP component, so as to obtain a new BCCSP component, comprising:
and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
5. The method of claim 3, wherein the replacing, in the MSP component of the Fabric system, the MSP initial authentication service interface with the CFL authentication service interface to obtain a new MSP component comprises:
performing integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
the integration of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system.
6. The method of claim 5, wherein the integration of the CFL authentication service interface is performed in an instruction execution file in an instruction layer of the Fabric system, comprising:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
7. The method for partially replacing and integrating the CFL certification system in the Fabric system according to claim 6, wherein the instruction execution files in the instruction layer include create.
8. The method for partial replacement integration of the CFL authentication framework in a Fabric system as claimed in claim 5, wherein the performing of the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system comprises:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
9. A partial replacement integrated system of a CFL certification system in a Fabric system is characterized by comprising an interface construction module, a first integrated module, a second integrated module and a replacement module, wherein:
the interface construction module is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the initial authentication service interface of the Fabric system;
the first integrated module is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module is used for replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
the replacing module is used for replacing the initial BCCSP and the MSP component API calling interface by using a new BCCSP component and a new MSP component API calling interface in an instruction execution file directory of the Fabric system.
10. The system of claim 9, wherein the interface construction module comprises an API call interface construction unit of a cryptographic algorithm and a CFL authentication service interface construction unit, wherein:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010560108.1A CN111767566B (en) | 2020-06-18 | 2020-06-18 | Partial replacement integration method and system of CFL authentication system in Fabric system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010560108.1A CN111767566B (en) | 2020-06-18 | 2020-06-18 | Partial replacement integration method and system of CFL authentication system in Fabric system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111767566A true CN111767566A (en) | 2020-10-13 |
| CN111767566B CN111767566B (en) | 2023-07-18 |
Family
ID=72721424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010560108.1A Active CN111767566B (en) | 2020-06-18 | 2020-06-18 | Partial replacement integration method and system of CFL authentication system in Fabric system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111767566B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ITMI990426A1 (en) * | 1999-03-03 | 2000-09-03 | Ausimont Spa | FLUORINATED TRIAZINIC COMPOUNDS |
| US20050073963A1 (en) * | 2003-10-03 | 2005-04-07 | 3Com Corporation | Switching fabrics and control protocols for them |
| WO2008114360A1 (en) * | 2007-03-16 | 2008-09-25 | Fujitsu Limited | Storage system, storage device, and hot-swap method for firmware |
| WO2009061703A2 (en) * | 2007-11-08 | 2009-05-14 | Ntt Docomo, Inc. | Automated test input generation for web applications |
| US20090284183A1 (en) * | 2008-05-15 | 2009-11-19 | S.C. Johnson & Son, Inc. | CFL Auto Shutoff for Improper Use Condition |
| US20100131530A1 (en) * | 2008-11-21 | 2010-05-27 | Stubhub, Inc. | System and methods for third-party access to a network-based system for providing location-based upcoming event information |
| CN102200481A (en) * | 2010-03-23 | 2011-09-28 | 北京派科森科技有限公司 | Carbon Fiber Laminate Composite material used for Fiber Bragg Grating high voltage sensor |
| WO2018121834A1 (en) * | 2016-12-27 | 2018-07-05 | Figueira Helder Silvestre Paiva | Equivocation augmentation dynamic secrecy system |
| CN108847942A (en) * | 2018-06-03 | 2018-11-20 | 李维刚 | A kind of authentication method and system based on mark public key |
| CN109412810A (en) * | 2019-01-03 | 2019-03-01 | 李维刚 | A kind of key generation method based on mark |
| CN110048855A (en) * | 2019-04-23 | 2019-07-23 | 东软集团股份有限公司 | Introducing method and call method and device, equipment, the Fabric platform of national secret algorithm |
| CN110992030A (en) * | 2019-12-03 | 2020-04-10 | 银清科技有限公司 | Transaction method and system based on super account book fabric |
| US20200138223A1 (en) * | 2018-04-11 | 2020-05-07 | Lawrence Silverman | Smart address identification and secure mailbox |
-
2020
- 2020-06-18 CN CN202010560108.1A patent/CN111767566B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ITMI990426A1 (en) * | 1999-03-03 | 2000-09-03 | Ausimont Spa | FLUORINATED TRIAZINIC COMPOUNDS |
| US20050073963A1 (en) * | 2003-10-03 | 2005-04-07 | 3Com Corporation | Switching fabrics and control protocols for them |
| WO2008114360A1 (en) * | 2007-03-16 | 2008-09-25 | Fujitsu Limited | Storage system, storage device, and hot-swap method for firmware |
| WO2009061703A2 (en) * | 2007-11-08 | 2009-05-14 | Ntt Docomo, Inc. | Automated test input generation for web applications |
| US20090284183A1 (en) * | 2008-05-15 | 2009-11-19 | S.C. Johnson & Son, Inc. | CFL Auto Shutoff for Improper Use Condition |
| US20100131530A1 (en) * | 2008-11-21 | 2010-05-27 | Stubhub, Inc. | System and methods for third-party access to a network-based system for providing location-based upcoming event information |
| CN102200481A (en) * | 2010-03-23 | 2011-09-28 | 北京派科森科技有限公司 | Carbon Fiber Laminate Composite material used for Fiber Bragg Grating high voltage sensor |
| WO2018121834A1 (en) * | 2016-12-27 | 2018-07-05 | Figueira Helder Silvestre Paiva | Equivocation augmentation dynamic secrecy system |
| US20200138223A1 (en) * | 2018-04-11 | 2020-05-07 | Lawrence Silverman | Smart address identification and secure mailbox |
| CN108847942A (en) * | 2018-06-03 | 2018-11-20 | 李维刚 | A kind of authentication method and system based on mark public key |
| CN109412810A (en) * | 2019-01-03 | 2019-03-01 | 李维刚 | A kind of key generation method based on mark |
| CN110048855A (en) * | 2019-04-23 | 2019-07-23 | 东软集团股份有限公司 | Introducing method and call method and device, equipment, the Fabric platform of national secret algorithm |
| CN110992030A (en) * | 2019-12-03 | 2020-04-10 | 银清科技有限公司 | Transaction method and system based on super account book fabric |
Non-Patent Citations (5)
| Title |
|---|
| 吴琦; 舒展翔; 郑昌; 余祥: "基于CFL的区块链系统节点间互认机制", 指挥与控制学报, vol. 8, no. 2, pages 221 - 229 * |
| 李强; 谭阳; 余祥; 张硕: "基于CFL的区块链认证机制问题研究", 计算机软件及计算机应用, pages 38 - 41 * |
| 杜春玲;范修斌;: "CFL认证体制及其在区块链中的应用", 信息安全研究, no. 03, pages 220 - 226 * |
| 舒展翔,李腾飞,余祥,李强: "基于CFL认证体制的区块链系统认证机制研究", 计算机应用研究, vol. 38, no. 2, pages 347 - 355 * |
| 范修斌;: "新一代身份认证技术CFL", 信息安全研究, no. 07, pages 587 - 588 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111767566B (en) | 2023-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| CN101662465B (en) | Method and device for verifying dynamic password | |
| CN113256290A (en) | Decentralized encrypted communication and transaction system | |
| US8010784B2 (en) | Method and apparatus for achieving conformant public key infrastructures | |
| US9219602B2 (en) | Method and system for securely computing a base point in direct anonymous attestation | |
| TW202025665A (en) | Computer-implemented system and method for transferring access to digital resource | |
| WO2019174402A1 (en) | Group membership issuing method and device for digital group signature | |
| Patsonakis et al. | Implementing a smart contract PKI | |
| Arapinis et al. | Verifying privacy-type properties in a modular way | |
| Lin et al. | Efficient blockchain-based electronic medical record sharing with anti-malicious propagation | |
| CN111767566B (en) | Partial replacement integration method and system of CFL authentication system in Fabric system | |
| CN112615838A (en) | Extensible block chain cross-chain communication method | |
| CN116166402B (en) | Data security processing method, system, security chip and electronic equipment | |
| Salami et al. | SMAK-IOV: secure mutual authentication scheme and key exchange protocol in fog based IoV | |
| CN111767158B (en) | Complete replacement integration method and system of CFL authentication system in Fabric system | |
| Wang et al. | An alternative approach to public cloud data auditing supporting data dynamics | |
| CN115766020A (en) | Data tracing method and system for data exchange | |
| JP2024500822A (en) | Key installation methods, systems, devices, equipment and computer programs | |
| CN115378623A (en) | Identity authentication method, device, equipment and storage medium | |
| CN113962174A (en) | Software and hardware compatible method based on information security chip of Internet of things | |
| Liu et al. | DSBFT: A Delegation Based Scalable Byzantine False Tolerance Consensus Mechanism | |
| CN111555887A (en) | Block chain certificate compatibility processing method and device and computer storage medium | |
| CN113111325B (en) | Method for constructing identity chain | |
| US20230412397A1 (en) | Transitioning To and From Crypto-Agile Hybrid Public Key Infrastructures | |
| Kähler et al. | Deciding strategy properties of contract-signing protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |