CN111767566A - Partial substitution integration method and system of CFL authentication system in Fabric system - Google Patents

Partial substitution integration method and system of CFL authentication system in Fabric system Download PDF

Info

Publication number
CN111767566A
CN111767566A CN202010560108.1A CN202010560108A CN111767566A CN 111767566 A CN111767566 A CN 111767566A CN 202010560108 A CN202010560108 A CN 202010560108A CN 111767566 A CN111767566 A CN 111767566A
Authority
CN
China
Prior art keywords
cfl
interface
component
authentication service
msp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010560108.1A
Other languages
Chinese (zh)
Other versions
CN111767566B (en
Inventor
李强
舒展翔
余祥
朱峰
陈立哲
李腾飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Lvben Technology Co ltd
Original Assignee
Anhui Lvben Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Lvben Technology Co ltd filed Critical Anhui Lvben Technology Co ltd
Priority to CN202010560108.1A priority Critical patent/CN111767566B/en
Publication of CN111767566A publication Critical patent/CN111767566A/en
Application granted granted Critical
Publication of CN111767566B publication Critical patent/CN111767566B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02BCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
    • Y02B20/00Energy efficient lighting technologies, e.g. halogen lamps or gas discharge lamps

Abstract

The invention discloses a partial substitution integration method and system of a CFL authentication system in a Fabric system, belonging to the technical field of information security and comprising the following steps: according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface; in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component; replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly; in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively. The method realizes the application of the CFL certification system in the Fabric system by reserving the initial MSP and BCCSP components of the Fabric system.

Description

Partial substitution integration method and system of CFL authentication system in Fabric system
Technical Field
The invention relates to the technical field of information security, in particular to a partial substitution integration method and system of a CFL authentication system in a Fabric system.
Background
The identity-based self-authentication certificate authentication system CFL is an authentication system which is high in safety degree, high in authentication speed, low in computing resource consumption and capable of protecting the privacy of a user, and is more suitable for information security construction of novel networks such as big data, cloud computing, mobile communication networks and smart cities.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The block chain (Blockchain) is an important concept of the bitcoin, and the core is a distributed book for recording each transaction occurring in the network, which is essentially a decentralized database, and at the same time, as the underlying technology of the bitcoin, is a series of data blocks produced by correlation by using a cryptographic method, and each data block contains information of a batch of bitcoin network transactions for verifying the validity (anti-counterfeiting) of the information and generating the next block.
Because the CFL is also an authentication technique for decentralization of application, and has the information security concept of deporing of application, supporting the authentication characteristic of security process, and complying with "nobody in network", the CFL can fully support authentication in the block chain, and based on the CFL authentication technique, five-property (confidentiality, integrity, availability, controllability, and authenticable) protection of information security of the block chain can be further provided. However, a scheme for integrating the CFL authentication mechanism into the Fabric system to enhance the information security of the blockchain is still lacking.
Disclosure of Invention
The present invention is directed to overcome the above-mentioned shortcomings in the prior art, and provides a method for integrating a CFL certification system into a Fabric system.
In order to achieve the above object, a partial replacement integration method of a CFL certification system in a Fabric system is adopted, which includes:
according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface;
in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively.
Further, the step of constructing the cryptographic algorithm component as an API call interface of the cryptographic algorithm according to the formulation rule of the Fabric initial authentication service interface includes:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
Further, the constructing the CFL component as a CFL authentication service interface according to the formulation rule of the Fabric system initial authentication service interface includes:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Further, in the BCCSP component of the Fabric system, replacing the API call interface of the initial cryptographic algorithm of the BCCSP component with the API call interface of the cryptographic algorithm includes:
and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
Further, replacing, in the MSP component of the Fabric system, the MSP initial authentication service interface with a CFL authentication service interface, comprises:
performing integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
the integration of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system.
Further, the integration of the CFL authentication service interface is performed in an instruction execution file in an instruction layer of the Fabric system, including:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
Further, the instruction execution files in the instruction layer include create.go files, join.go files, list.go files, fetch.go files, install.go files, invokeandquery.go files, and upgrade.go files.
Further, the integrating of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system, including:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
On the other hand, a partial replacement integrated system in the Fabric system adopting a CFL authentication system comprises an interface construction module, a first integrated module, a second integrated module and a replacement module, wherein:
the interface construction module is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the initial authentication service interface of the Fabric system;
the first integrated module is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module is used for replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
the replacing module is used for replacing the initial BCCSP and the MSP component API calling interface by using a new BCCSP component and a new MSP component API calling interface in an instruction execution file directory of the Fabric system.
Further, the interface construction module comprises an API call interface construction unit of the cryptographic algorithm and a CFL authentication service interface construction unit, wherein:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Compared with the prior art, the invention has the following technical effects: the method comprises the steps of reserving initial MSP and BCCSP components of the Fabric system, including source files, data structures, execution interfaces and the like, and introducing CFL components and cryptographic algorithm components. And constructing a new CFL authentication service interface by referring to the compiling rule of the initial authentication service interface of the Fabric system, and replacing the initial authentication service execution interface of the Fabric system by using the new CFL authentication service execution interface in the related components of the instruction layer and the interaction layer of the Fabric system, thereby realizing the integration of the CFL authentication system and the Fabric system and the application of the CFL authentication system in the Fabric system.
Drawings
The following detailed description of embodiments of the invention refers to the accompanying drawings in which:
FIG. 1 is a flow chart of a partial replacement integration method of a CFL certification system in a Fabric system;
FIG. 2 is a block diagram of a partially-replaced integrated system in a Fabric system with a CFL certification system.
Detailed Description
To further illustrate the features of the present invention, refer to the following detailed description of the invention and the accompanying drawings. The drawings are for reference and illustration purposes only and are not intended to limit the scope of the present disclosure.
As shown in fig. 1, the present embodiment discloses a partial replacement integration method of a CFL certification system in a Fabric system, including the following steps S1 to S4:
s1, constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compiling rule of the initial authentication service interface of the Fabric system;
s2, in the BCCSP component of the Fabric system, replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
s3, replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
and S4, replacing the initial BCCSP and MSP component API calling interfaces with the new BCCSP component and the new MSP component API calling interfaces in the instruction execution file directory of the Fabric system respectively.
Further, in step S1, constructing the cryptographic algorithm component as an API call interface of the cryptographic algorithm according to the formulation rule of the Fabric initial authentication service interface, includes:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
Further, the above step S2: in the BCCSP component of the Fabric system, replacing the initial cryptographic algorithm API call interface of the BCCSP component with the API call interface of the cryptographic algorithm to obtain a new BCCSP component, comprising: and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
Specifically, in this embodiment, the GMSF bundle is added to the packet path of the BCCSP component, the internal execution code of the cryptographic algorithm API call interface of the BCCSP is changed, and the API call interface of the GMSF bundle cryptographic algorithm, such as SM2 signature (SM2sign), SM2 signature verification (SM2verify), CPK combined key pair generation (CPKgenkey), SM3hash operation (SM3hash), is used to replace the initial cryptographic algorithm API call interface of the BCCSP.
Further, in step S1, constructing the CFL component as a CFL authentication service interface according to the rules of the Fabric initial authentication service interface includes:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
writing a calling path of the CFL file package in the MSP component package;
according to the internal coding logic of an MSP initial authentication service interface function in the Fabric system, a CFL authentication function interface with the same function as an MSP initial authentication service execution interface is constructed and obtained in an MSP assembly by calling the CFL authentication function interface of the CFL assembly; the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), an identity sequence packaging interface CFL _ Serialize () based on a CFL certificate and an MSP certificate unpacking interface CFL _ Deserialize () based on the CFL certificate.
The 5-class interfaces listed in table 1 and the MSP initial authentication service execution interface realize the same functions, and the integration of the CFL authentication system in the Fabric system can be directly realized in the Fabric instruction source code by replacing the MSP initial authentication service interface.
TABLE 1 alternate relationship of CFL-based authentication service interface to initial authentication service interface
Serial number CFL-based authentication service interface Initial authentication service interface Interface implementation function
1 CFL_Validate() Validate()→validateIdentity() Certificate validity verification
2 CFL_Sign() Sign() Certificate signing
3 CFL_Verify() Verify() Certificate signature verification
4 CFL_Serialize() Serialize() Certificate packing (serialization process)
5 CFL_Deserialize() Deserialize() Certificate unpacking (deserialization)
The MSP initial certificate validity verification interface 'validateldendentty ()' calls a sub-function 'getCertification ChainForBCCSPIPendentty ()', 'validateldendentAgainst Chain ()' and 'validateldendentyou ()', and respectively realizes traversal of an X.509 certificate Authority Key Identifier (AKI), verification of whether a certificate signature is in the AKI and verification of validity of an organization information format of the certificate, so that user identity certificate authentication based on a PKI authentication system is completed; based on CFL certification interface function "CFL VerifyServerCed ()", a new MSP certificate validity verification interface "CFL valid ()" can be constructed, so that a Fabric system user certificate validity verification interface based on CFL certificate verification process is realized.
And (3) calling a CFL authentication function interface in the MSP to construct an MSP authentication service interface based on the CFL. The CFL authentication function interface and the MSP initial authentication service execution interface realize the same function, and the integration of the CFL authentication system in the Fabric system can be realized directly in an instruction layer and an interaction layer by replacing the MSP initial authentication service interface.
Further, the above step S3: replacing the MSP initial authentication service interface with the CFL authentication service interface in the MSP component of the Fabric system to obtain a new MSP component, wherein the method comprises the following subdivision steps S31 to S32:
s31, executing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
s32, executing the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system.
Specifically, the instruction execution files in the instruction layer include create.go files, join.go files, list.go files, fetch.go files, install.go files, invokeandquery.go files, and upgrade.go files.
Step S31: performing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system, including:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
Specifically, step S32: the integrating of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system, comprising:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verfy () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verfy () in a Validate () function of a txvalidator.
It should be noted that the embodiment introduces CFL and cryptographic algorithm components by retaining the original MSP and BCCSP components of the Fabric system, including source files, data structures, execution interfaces, and the like. And a new CFL authentication service interface (CFL signature, CFL signature verification, CFL certificate authentication, identity sequence packaging based on a CFL certificate and the like) is constructed by referring to the compiling rule of the initial authentication service interface, and the new CFL authentication service execution interface is used for replacing the initial authentication service execution interface in related components of a Fabric system instruction layer and an interaction layer, so that the integration of a CFL authentication system in a Fabric system is realized.
As shown in fig. 2, the present embodiment discloses a partial replacement integrated system of a CFL certification system in a Fabric system, including an interface construction module 10, a first integrated module 20, a second integrated module 30, and a replacement module 40, where:
the interface construction module 10 is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the Fabric system initial authentication service interface;
the first integrated module 20 is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module 30 is configured to replace, in the MSP component of the Fabric system, the MSP initial authentication service interface with the CFL authentication service interface to obtain a new MSP component;
the replacement module 40 is configured to replace the initial BCCSP and the MSP component API call interface with a new BCCSP component and a new MSP component API call interface, respectively, in an instruction execution file directory of the Fabric system.
The interface construction module 10 includes an API call interface construction unit of a cryptographic algorithm and a CFL authentication service interface construction unit, where:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
Further, the first integration module 20 is specifically configured to add the GMSF portfolio to the package path of the BCCSP component, so as to replace the API call interface of the initial cryptographic algorithm of the BCCSP component with the API call interface of the cryptographic algorithm in the GMSF portfolio.
Further, the second integration module 30 includes an instruction layer integration unit and an interaction layer execution unit, wherein:
the instruction layer integration unit is used for executing the integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
and the interaction layer integration unit is used for executing the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system.
Specifically, the instruction layer integration unit is configured to replace a package interface serial () interface and a Sign () interface in the MSP initial authentication service interface with the CFL certificate-based identity sequence package interface CFL _ serial () and the CFL signature interface CFL _ Sign () to implement functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate; writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node; and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
The interaction layer integration unit is used for replacing a Deserialize () interface, a Validate0 interface and a Verify () interface in an MSP initial authentication service interface by the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a checkSignatureFromCreator () function of an endorser component msgvalidation. Adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method; replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A partial replacement integration method of a CFL certification system in a Fabric system is characterized by comprising the following steps:
according to the compiling rule of the Fabric system initial authentication service interface, constructing a Guomy algorithm component as an API (application program interface) calling interface of the Guomy algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface;
in the BCCSP component of the Fabric system, replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm to obtain a new BCCSP component;
replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
in the Fabric system's instruction execution file directory, the original BCCSP and MSP component API call interfaces are replaced with new BCCSP components and new MSP component API call interfaces, respectively.
2. The method for partial replacement integration of the CFL authentication system in the Fabric system according to claim 1, wherein the step of constructing the cryptographic algorithm component as the API calling interface of the cryptographic algorithm according to the formulation rule of the Fabric system initial authentication service interface comprises:
respectively packaging API calling interfaces of the national secret SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go, and forming a GMSF file package as an API calling interface provider of the national secret algorithm;
and taking a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm.
3. The method for partial replacement integration of the CFL authentication system in the Fabric system according to claim 1, wherein the constructing the CFL component as the CFL authentication service interface according to the formulation rule of the Fabric system initial authentication service interface comprises:
combining the CFL interface functions according to the different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes, and forming a CFL file package as the CFL authentication service interface provider;
and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
4. The method for partial replacement integration of the CFL certification system in the Fabric system according to claim 2, wherein the replacing, in the BCCSP component of the Fabric system, the API call interface of the cryptographic algorithm replaces the API call interface of the cryptographic algorithm originally included in the BCCSP component, so as to obtain a new BCCSP component, comprising:
and adding the GMSF file package to the package path of the BCCSP component, and replacing the initial cryptographic algorithm API calling interface of the BCCSP component with the cryptographic algorithm API calling interface in the GMSF file package.
5. The method of claim 3, wherein the replacing, in the MSP component of the Fabric system, the MSP initial authentication service interface with the CFL authentication service interface to obtain a new MSP component comprises:
performing integration of the CFL authentication service interface in an instruction execution file in an instruction layer of the Fabric system;
the integration of the CFL authentication service interface is performed in an instruction execution file in an interaction layer of the Fabric system.
6. The method of claim 5, wherein the integration of the CFL authentication service interface is performed in an instruction execution file in an instruction layer of the Fabric system, comprising:
replacing a packaging interface serial () interface and a Sign () interface in the MSP initial authentication service interface by using the identity sequence packaging interface CFL _ serial () and the CFL signature interface CFL _ Sign () based on the CFL certificate so as to realize the functions of packaging CFL certificate information of a user end and generating a CFL dynamic certificate;
writing the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () in the next line of the endorser end interaction function ProcessProposa () to realize the function of verifying the CFL certificate information validity and the CFL certificate dynamic signature validity of the received endorser node;
and writing a log printing function for printing the CFL certificate information of the endorser node and verifying the correctness of the CFL authentication interaction.
7. The method for partially replacing and integrating the CFL certification system in the Fabric system according to claim 6, wherein the instruction execution files in the instruction layer include create.
8. The method for partial replacement integration of the CFL authentication framework in a Fabric system as claimed in claim 5, wherein the performing of the integration of the CFL authentication service interface in an instruction execution file in an interaction layer of the Fabric system comprises:
in a checksignaturefrom creator () function of an endroser component msgvalidation.go file, replacing a deseliarize () interface, a Validate0 interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ deseliarize (), the CFL certificate authentication interface CFL _ valid () and the CFL signature verification interface CFL _ Verify () to realize authentication of an endroser node on the identity of a user end;
adding the CFL signature interface CFL _ Sign () into a ProcessProposal () function of an endorser component execution file endorser.go to generate a CFL dynamic certificate of an endorser node and return certificate information to a user side through a return method;
replacing a Deserialize () interface, a Validate () interface and a Verify () interface in the MSP initial authentication service interface with the CFL-based MSP certificate unpacking interface CFL _ Deserialize (), the CFL certificate authentication interface CFL _ Validate () and the CFL signature verification interface CFL _ Verify () in a Validate () function of a txvalidator.
9. A partial replacement integrated system of a CFL certification system in a Fabric system is characterized by comprising an interface construction module, a first integrated module, a second integrated module and a replacement module, wherein:
the interface construction module is used for constructing a national cryptographic algorithm component as an API (application programming interface) calling interface of the national cryptographic algorithm and constructing a CFL (computational fluid dynamics) component as a CFL (computational fluid dynamics) authentication service interface according to the compilation rule of the initial authentication service interface of the Fabric system;
the first integrated module is used for replacing an initial cryptographic algorithm API calling interface of the BCCSP component with the API calling interface of the cryptographic algorithm in the BCCSP component of the Fabric system to obtain a new BCCSP component;
the second integration module is used for replacing an MSP initial authentication service interface with a CFL authentication service interface in an MSP assembly of the Fabric system to obtain a new MSP assembly;
the replacing module is used for replacing the initial BCCSP and the MSP component API calling interface by using a new BCCSP component and a new MSP component API calling interface in an instruction execution file directory of the Fabric system.
10. The system of claim 9, wherein the interface construction module comprises an API call interface construction unit of a cryptographic algorithm and a CFL authentication service interface construction unit, wherein:
the API calling interface construction unit of the national cryptographic algorithm is used for respectively packaging API calling interfaces of the national cryptographic algorithms SM2, SM3 and CPK algorithm into Go language executable code files named by SM2.Go, SM3.Go and CPK.go and forming a GMSF file package as an API calling interface provider of the national cryptographic algorithm; using a cryptographic algorithm function execution interface in the GMSF file packet as an API (application programming interface) calling interface of the cryptographic algorithm;
the CFL authentication service interface construction unit is used for combining CFL interface functions according to different CFL authentication processes, constructing executable code files corresponding to the different CFL authentication processes and forming a CFL file package as the CFL authentication service interface provider; and taking an authentication service function execution interface in the CFL file package as the CFL authentication service interface, wherein the CFL authentication service interface comprises a CFL signature interface CFL _ Sign (), a CFL signature verification interface CFL _ Verify (), a CFL certificate authentication interface CFL _ valid (), a CFL certificate-based identity sequence packaging interface CFL _ Serialize () and a CFL-based MSP certificate unpacking interface CFL _ Deserialize ().
CN202010560108.1A 2020-06-18 2020-06-18 Partial replacement integration method and system of CFL authentication system in Fabric system Active CN111767566B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010560108.1A CN111767566B (en) 2020-06-18 2020-06-18 Partial replacement integration method and system of CFL authentication system in Fabric system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010560108.1A CN111767566B (en) 2020-06-18 2020-06-18 Partial replacement integration method and system of CFL authentication system in Fabric system

Publications (2)

Publication Number Publication Date
CN111767566A true CN111767566A (en) 2020-10-13
CN111767566B CN111767566B (en) 2023-07-18

Family

ID=72721424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010560108.1A Active CN111767566B (en) 2020-06-18 2020-06-18 Partial replacement integration method and system of CFL authentication system in Fabric system

Country Status (1)

Country Link
CN (1) CN111767566B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ITMI990426A1 (en) * 1999-03-03 2000-09-03 Ausimont Spa FLUORINATED TRIAZINIC COMPOUNDS
US20050073963A1 (en) * 2003-10-03 2005-04-07 3Com Corporation Switching fabrics and control protocols for them
WO2008114360A1 (en) * 2007-03-16 2008-09-25 Fujitsu Limited Storage system, storage device, and hot-swap method for firmware
WO2009061703A2 (en) * 2007-11-08 2009-05-14 Ntt Docomo, Inc. Automated test input generation for web applications
US20090284183A1 (en) * 2008-05-15 2009-11-19 S.C. Johnson & Son, Inc. CFL Auto Shutoff for Improper Use Condition
US20100131530A1 (en) * 2008-11-21 2010-05-27 Stubhub, Inc. System and methods for third-party access to a network-based system for providing location-based upcoming event information
CN102200481A (en) * 2010-03-23 2011-09-28 北京派科森科技有限公司 Carbon Fiber Laminate Composite material used for Fiber Bragg Grating high voltage sensor
WO2018121834A1 (en) * 2016-12-27 2018-07-05 Figueira Helder Silvestre Paiva Equivocation augmentation dynamic secrecy system
CN108847942A (en) * 2018-06-03 2018-11-20 李维刚 A kind of authentication method and system based on mark public key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark
CN110048855A (en) * 2019-04-23 2019-07-23 东软集团股份有限公司 Introducing method and call method and device, equipment, the Fabric platform of national secret algorithm
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
US20200138223A1 (en) * 2018-04-11 2020-05-07 Lawrence Silverman Smart address identification and secure mailbox

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ITMI990426A1 (en) * 1999-03-03 2000-09-03 Ausimont Spa FLUORINATED TRIAZINIC COMPOUNDS
US20050073963A1 (en) * 2003-10-03 2005-04-07 3Com Corporation Switching fabrics and control protocols for them
WO2008114360A1 (en) * 2007-03-16 2008-09-25 Fujitsu Limited Storage system, storage device, and hot-swap method for firmware
WO2009061703A2 (en) * 2007-11-08 2009-05-14 Ntt Docomo, Inc. Automated test input generation for web applications
US20090284183A1 (en) * 2008-05-15 2009-11-19 S.C. Johnson & Son, Inc. CFL Auto Shutoff for Improper Use Condition
US20100131530A1 (en) * 2008-11-21 2010-05-27 Stubhub, Inc. System and methods for third-party access to a network-based system for providing location-based upcoming event information
CN102200481A (en) * 2010-03-23 2011-09-28 北京派科森科技有限公司 Carbon Fiber Laminate Composite material used for Fiber Bragg Grating high voltage sensor
WO2018121834A1 (en) * 2016-12-27 2018-07-05 Figueira Helder Silvestre Paiva Equivocation augmentation dynamic secrecy system
US20200138223A1 (en) * 2018-04-11 2020-05-07 Lawrence Silverman Smart address identification and secure mailbox
CN108847942A (en) * 2018-06-03 2018-11-20 李维刚 A kind of authentication method and system based on mark public key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark
CN110048855A (en) * 2019-04-23 2019-07-23 东软集团股份有限公司 Introducing method and call method and device, equipment, the Fabric platform of national secret algorithm
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
吴琦; 舒展翔; 郑昌; 余祥: "基于CFL的区块链系统节点间互认机制", 指挥与控制学报, vol. 8, no. 2, pages 221 - 229 *
李强; 谭阳; 余祥; 张硕: "基于CFL的区块链认证机制问题研究", 计算机软件及计算机应用, pages 38 - 41 *
杜春玲;范修斌;: "CFL认证体制及其在区块链中的应用", 信息安全研究, no. 03, pages 220 - 226 *
舒展翔,李腾飞,余祥,李强: "基于CFL认证体制的区块链系统认证机制研究", 计算机应用研究, vol. 38, no. 2, pages 347 - 355 *
范修斌;: "新一代身份认证技术CFL", 信息安全研究, no. 07, pages 587 - 588 *

Also Published As

Publication number Publication date
CN111767566B (en) 2023-07-18

Similar Documents

Publication Publication Date Title
CN110602138B (en) Data processing method and device for block chain network, electronic equipment and storage medium
Esgin et al. Practical exact proofs from lattices: New techniques to exploit fully-splitting rings
CN113256290B (en) Decentralized encrypted communication and transaction system
CN101662465B (en) Method and device for verifying dynamic password
Liu et al. Time-bound anonymous authentication for roaming networks
Cortier et al. A method for proving observational equivalence
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
Yin et al. SmartDID: a novel privacy-preserving identity based on blockchain for IoT
WO2020065460A1 (en) Computer-implemented system and method for transferring access to digital resource
WO2019174402A1 (en) Group membership issuing method and device for digital group signature
CN111277415A (en) Privacy protection method and device based on block chain intelligent contract
Patsonakis et al. Implementing a smart contract PKI
Arapinis et al. Verifying privacy-type properties in a modular way
CN114503508A (en) Computer-implemented method and system for storing authenticated data on blockchains
Li et al. A survey on integrity auditing for data storage in the cloud: from single copy to multiple replicas
CN111767566B (en) Partial replacement integration method and system of CFL authentication system in Fabric system
CN111767158B (en) Complete replacement integration method and system of CFL authentication system in Fabric system
Wang et al. An alternative approach to public cloud data auditing supporting data dynamics
JP2019102959A (en) Server device, communication device, key sharing system, key sharing method, and program
JP2024500822A (en) Key installation methods, systems, devices, equipment and computer programs
CN115378623A (en) Identity authentication method, device, equipment and storage medium
CN113962174A (en) Software and hardware compatible method based on information security chip of Internet of things
Liu et al. DSBFT: A Delegation Based Scalable Byzantine False Tolerance Consensus Mechanism
CN112615838A (en) Extensible block chain cross-chain communication method
Lin et al. Efficient blockchain-based electronic medical record sharing with anti-malicious propagation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant