CN111881486A - Multi-party data backup method, device and system based on block chain - Google Patents
Multi-party data backup method, device and system based on block chain Download PDFInfo
- Publication number
- CN111881486A CN111881486A CN202010716517.6A CN202010716517A CN111881486A CN 111881486 A CN111881486 A CN 111881486A CN 202010716517 A CN202010716517 A CN 202010716517A CN 111881486 A CN111881486 A CN 111881486A
- Authority
- CN
- China
- Prior art keywords
- data
- consensus
- request
- uplink
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012795 verification Methods 0.000 claims abstract description 41
- 238000004891 communication Methods 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 13
- 230000007246 mechanism Effects 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000013500 data storage Methods 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 11
- 238000007726 management method Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 238000006424 Flood reaction Methods 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention provides a block chain-based multi-party data backup method, a device and a system, comprising the following steps: verifying a signature in a data uplink request received from a terminal by adopting an asymmetric encryption algorithm; the data uplink request passing the verification is broadcasted after being signed by adopting an asymmetric encryption algorithm; and performing consensus according to the number of the received data uplink requests sent by other nodes. The method and the device establish the data backup block chain based on the distributed data storage of the block chain technology, the strong consistency of data of all nodes on the chain and the characteristics that the data cannot be falsified and forged. The mechanism with the data backup requirement can apply for access and upload data to the chain, data backup is realized by means of nodes of other mechanisms on the chain, data loss is avoided, meanwhile, a symmetric encryption algorithm is adopted for encryption before data chaining, and an encryption key is held by the mechanism uploading data, so that data leakage can be effectively prevented.
Description
Technical Field
The present application belongs to the technical field of data security, and in particular, to a block chain-based multi-party data backup method, device and system.
Background
With the rapid development of information technology, institutions such as government offices, hospitals, school enterprises and public institutions and the like start to build information systems to improve the self operation efficiency, the importance of data in the process is more and more emphasized, in order to avoid operation risks caused by data loss, financial institutions such as large commercial banks and the like start to perform data backup in a mode of establishing a data center in a different place, and the mode is effective practically but has higher capital investment and is not suitable for institutions with smaller volume.
Disclosure of Invention
The application provides a block chain-based multi-party data backup method, device and system, which are used for at least solving the problem of high cost caused by data backup in a mode of establishing a remote data center at present.
According to an aspect of the present application, there is provided a multi-party data backup method, including:
verifying a signature in a data uplink request received from a terminal by adopting an asymmetric encryption algorithm;
the data uplink request passing the verification is broadcasted after being signed by adopting an asymmetric encryption algorithm;
and performing consensus according to the number of the received data uplink requests sent by other nodes.
In one embodiment, the identifying according to the number of received uplink data requests sent by other nodes comprises:
judging the number of data uplink requests;
generating a consensus request when the number of the data uplink requests is higher than a preset value;
encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
To the above method, the present application correspondingly provides a multi-party data backup device, which is arranged in a master node of a data backup block chain, and includes:
a verification unit for verifying a signature in a data uplink request received from a terminal using an asymmetric encryption algorithm;
the signature broadcasting unit is used for broadcasting the verified data uplink request after signature by adopting an asymmetric encryption algorithm;
a consensus unit, configured to perform consensus according to the number of received data uplink requests sent by other nodes.
In one embodiment, the consensus unit comprises:
the quantity judging module is used for judging the quantity of the data uplink requests;
the consensus request generating module is used for generating consensus requests when the number of the data uplink requests is higher than a preset value;
the encryption broadcasting module is used for encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and the verification consensus module is used for verifying the signature of the consensus request sent by other nodes and performing consensus on the consensus request passing the verification.
The application also provides another multi-party data backup method, which comprises the following steps:
verifying the signature of the data uplink request broadcasted by the main node by adopting an asymmetric encryption algorithm;
generating a local data uplink request according to the data uplink request passing the verification and broadcasting the local data uplink request;
and performing consensus according to the number of the received data uplink requests sent by other nodes.
In one embodiment, the identifying according to the number of received uplink data requests sent by other nodes comprises:
judging the number of data uplink requests;
generating a consensus request when the number of the data uplink requests is higher than a preset value;
encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
To the foregoing method, the present application further provides a multi-party data backup device, which is arranged in a slave node of a data backup block chain, and includes:
the signature verification unit is used for verifying the signature of the data uplink request broadcast by the main node by adopting an asymmetric encryption algorithm;
the broadcast unit is used for generating and broadcasting a local data uplink request according to the data uplink request passing the verification;
a consensus unit, configured to perform consensus according to the number of received data uplink requests sent by other nodes.
In one embodiment, the consensus unit comprises:
the judging module is used for judging the quantity of the data uplink requests;
the consensus generating module is used for generating consensus requests when the number of the data uplink requests is higher than a preset value;
the encryption module is used for encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and the consensus module is used for verifying the signature of the consensus request sent by other nodes and performing consensus on the consensus request passing the verification.
The present application further provides a multi-party data backup system, comprising:
the terminal comprises an encryption machine and a backup encryption machine which are in communication connection with the terminal;
the data backup block chain comprises a main node and a plurality of slave nodes, and the main node is in communication connection with the terminal;
a multi-party data backup device is arranged in the main node;
the slave node is provided with a multi-party data backup device.
The application provides a block chain-based multi-party data backup method, device and system, wherein a data backup block chain is established based on distributed data storage of a block chain technology, strong consistency of data of all nodes on the chain and the characteristics of incapability of tampering and counterfeiting of the data. The mechanism with the data backup requirement can apply for access and upload data to the chain, data backup is realized by means of nodes of other mechanisms on the chain, data loss is avoided, meanwhile, a symmetric encryption algorithm is adopted for encryption before data chaining, and an encryption key is held by the mechanism uploading data, so that data leakage can be effectively prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a multi-party data backup method provided in the present application.
Fig. 2 is a flowchart illustrating a method for performing consensus according to the number of uplink data requests in the present embodiment.
FIG. 3 is a flow chart of another multi-party data backup method provided by the present application.
Fig. 4 is a flowchart illustrating a method for performing consensus according to the number of uplink data requests according to an embodiment of the present application.
Fig. 5 is a diagram illustrating a multi-party data backup system according to the present application.
Fig. 6 is a block diagram of a multi-party data backup device according to the present application.
Fig. 7 is a block diagram of a consensus unit in the embodiment of the present application.
Fig. 8 is a block diagram of a multi-party data backup device according to the present application.
Fig. 9 is a block diagram of a structure of a consensus unit in the embodiment of the present application.
Fig. 10 is a specific implementation of an electronic device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, a financial institution such as a large commercial bank starts to perform data backup by establishing a remote data center, but the capital investment cost of the method is too high, and based on the problem, the application provides a block chain-based multi-party data backup system, as shown in fig. 5, including: the system comprises a terminal 1, an encryption machine 2, a backup encryption machine 3, a main node 4 and slave nodes 5, wherein the main node 4, the slave nodes 5 and other slave nodes are used as consensus nodes to jointly form a data backup block chain, the number of the consensus nodes is generally 3f +1 according to the requirement of a PBFT (physical bypath fault-tolerant algorithm), wherein f represents the number of the fault-tolerant nodes which can be supported in the block chain system, and the minimum number is 1. The terminal 1 is configured to send a data encryption request to the encryptor 2, convert data to be uplink backed up into a ciphertext form by using a symmetric encryption algorithm through the encryptor 2, and send a data uplink request to the main node 4 of the data backup block chain, thereby implementing data backup. When the backup data needs to be extracted subsequently, the terminal 1 firstly acquires the ciphertext data from the data backup block chain, then sends a data decryption request to the encryption machine 2, and converts the data which is backed up on the chain into the plaintext by adopting a symmetric encryption algorithm through the encryption machine 2.
The encryption machine 2 is used for receiving a data encryption request sent by the terminal 1, converting data to be backed up into a ciphertext by adopting a symmetric encryption algorithm, storing a key used by the symmetric encryption algorithm, and synchronizing the changed key to the backup encryption machine 3 when the key is changed, wherein the symmetric encryption algorithm selects 3 DES. When the backup data needs to be extracted subsequently, the terminal 1 firstly acquires the ciphertext data from the data backup block chain, then sends a data decryption request to the encryptor 2, and converts the data which is backed up on the chain into the plaintext by adopting a symmetric encryption algorithm through the encryptor 2.
Preferably, the symmetric encryption algorithm can support the SM4 expanded domestic key algorithm.
The backup encryption machine 3 is used for receiving a data encryption request sent by the terminal 1 in place of the encryption machine 2 when the encryption machine 2 fails, converting data to be backed up into a ciphertext by adopting a symmetric encryption algorithm, and meanwhile, is also used for storing a key used by the symmetric encryption algorithm, and the backup encryption machine 3 is similar to the encryption machine 2 in structure. The backup encryptor 3 is not started as a cold standby when there is no need to work in place of the encryptor 2 and no need to update the key. The backup encryption device 3 and the encryption device 2 can be deployed in different machine rooms, so that machine room level faults caused by natural disasters (such as earthquakes, floods and the like) are avoided.
Preferably, the terminal 1, the encryption device 2 and the backup encryption device 3 belong to the same mechanism, and can use internal network communication to prevent data leakage, and can also select an asymmetric encryption algorithm to encrypt, decrypt and sign and check communication messages, wherein the asymmetric encryption algorithm selects RSA and can support the expansion of a domestic key algorithm SM 2.
And the main node 4 is used for receiving a data uplink request initiated by the client and interacting with other slave nodes on the data backup block chain to complete data uplink.
And the slave node 5 is used for interacting with the master node and other slave nodes on the data backup blockchain to complete data uplink. The structure of the slave node 5 is consistent with that of the master node 4, a plurality of slave nodes are generally arranged on the data backup block chain, and the structure of all the slave nodes is the same as that of the slave node 5.
According to the requirement of the PBFT algorithm, the data uplink needs to be executed in the following three stages:
1. pre-prepare, the master node broadcasting data uplink requests to other slave nodes in the chain;
2. preparing a prefix, receiving data uplink requests from all slave nodes on a chain, broadcasting the same requests to nodes (including a master node) except the node, simultaneously receiving the requests by all the nodes on the chain, and if a certain node receives the requests of more than 2f different nodes within a certain time range, representing that a prefix stage is finished, and entering a consensus submitting stage;
3. and (3) consensus submission, wherein nodes including the master node and all slave nodes in the chain initiate consensus and broadcast consensus requests to nodes except the nodes, and if a certain node receives 2f +1 consensus requests (including the node itself) within a certain time range, the node represents that most nodes enter a consensus phase, and if the consensus is achieved in the phase, the node executes the request and writes data.
When each node on the chain communicates, the asymmetric encryption algorithm is adopted to sign and check the request. Each node signs the initiated request by using a private key stored in the local and checks the received request by using a corresponding public key, wherein the RSA is selected as the asymmetric encryption algorithm.
Preferably, the asymmetric encryption algorithm can support the SM2 expanded domestic key algorithm.
Preferably, the master node 4 and the slave node 5 can use internal network communication to prevent data leakage, and can also select an asymmetric encryption algorithm to encrypt and decrypt the communication message, wherein the asymmetric encryption algorithm selects RSA and can support the expansion into a domestic key algorithm SM 2.
Meanwhile, the master node and the slave nodes are not fixed, when the master node fails, the slave nodes detect that the master node goes offline, and then the viewchange protocol is triggered to select a new master node from the slave nodes.
Based on the above system, the present application provides a multi-party data backup method, which, from the perspective of a master node (taking the master node as an execution main body), as shown in fig. 1, includes:
s101: the signature in the data uplink request received from the terminal is verified using an asymmetric encryption algorithm.
In a specific embodiment, a terminal transmits data to be backed up to an encryption machine, the encryption machine encrypts the data by using a symmetric encryption algorithm, then returns the encrypted data (ciphertext) to the terminal, the terminal initiates a data uplink request to a main node by using the ciphertext as the data to be uplink, and signs the request by using an asymmetric encryption algorithm. And after receiving a data uplink request sent by the terminal, the main node in the data backup block chain verifies the signature in the request by adopting an asymmetric encryption algorithm.
S102: and the data uplink request passing the verification is signed by adopting an asymmetric encryption algorithm and then broadcasted.
In one embodiment, the master node broadcasts the verified data uplink request to other slave nodes in the data backup blockchain, wherein the master node signs the verified data uplink request by using an asymmetric encryption algorithm.
S103: and performing consensus according to the number of the received data uplink requests sent by other nodes.
In one embodiment, the data uplink request sent by the primary node is received by other secondary nodes, and the signature of the request is verified firstly, and the data uplink request passing the verification is signed and then returned to the primary node. The main node judges whether to initiate consensus according to the number of the data uplink requests sent by the slave node received by the main node.
In an embodiment, the performing the consensus according to the number of received uplink data requests sent by other nodes, as shown in fig. 2, includes:
s201: the number of data uplink requests is determined.
In a specific embodiment, the method comprises the steps of firstly judging the number of data uplink requests received by a main node, when the main node receives 2f +1 data uplink requests, initiating consensus by the main node, and sending consensus requests to all other nodes in a data backup block chain, wherein the consensus requests are signed by the main node by adopting an asymmetric encryption algorithm.
S202: and generating the consensus request when the number of the data uplink requests is higher than a preset value.
In one embodiment, the primary node initiates the consensus when the number of data uplink requests received by the primary node reaches 2f + 1.
S203: and encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm.
In a specific embodiment, the master node encrypts the generated consensus request by using an asymmetric encryption algorithm, and then broadcasts the signed consensus request to all other nodes in the data backup block chain.
S204: and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
In a specific embodiment, a master node in a data backup block chain receives consensus requests sent by other slave nodes, verifies signatures on the received consensus requests by using an asymmetric encryption algorithm, judges the number of the received consensus requests after the signature verification is passed, and achieves consensus if the master node receives 2f +1 consensus requests (including the consensus requests of the master node), and at this time, the master node sends response success information to a terminal. When the terminal receives the f +1 response success messages, the uplink of data is confirmed to be successful.
From the perspective of a slave node in a data backup block chain, the present application also provides another multi-party data backup method, as shown in fig. 3, including:
s301: and verifying the signature of the data uplink request broadcast by the main node by adopting an asymmetric encryption algorithm.
In an embodiment, after receiving a data uplink request broadcast by a master node, a slave node in a data backup block chain verifies a signature of the data uplink request by using an asymmetric encryption algorithm.
S302: and generating and broadcasting a local data uplink request according to the data uplink request passing the verification.
In one embodiment, after the signature of the data uplink request is verified, the same data uplink request is broadcast from the node to all other nodes in the data backup blockchain, and the signature is performed on the data uplink request by using an asymmetric encryption algorithm.
S303: and performing consensus according to the number of the received data uplink requests sent by other nodes.
In one embodiment, the slave node determines the number of received data uplink requests sent by other nodes, and initiates a consensus if the number of received data uplink requests reaches a certain value.
In an embodiment, the performing the consensus according to the number of received uplink data requests sent by other nodes, as shown in fig. 4, includes:
s401: the number of data uplink requests is determined.
In one embodiment, the slave node determines in real time the number of data uplink requests it has received.
S402: and generating the consensus request when the number of the data uplink requests is higher than a preset value.
In one embodiment, the slave node initiates the consensus when the number of data uplink requests received from the slave node reaches 2f + 1.
S403: and encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm.
In a specific embodiment, the slave node encrypts the generated consensus request using an asymmetric encryption algorithm and then broadcasts the signed consensus request to all other nodes in the data backup blockchain.
S404: and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
In a specific embodiment, the slave node in the data backup block chain receives the consensus requests sent by other nodes, verifies the signatures on the received consensus requests by using an asymmetric encryption algorithm, judges the number of the received consensus requests after the signature verification is passed, and achieves consensus if the slave node receives 2f +1 consensus requests (including the consensus request of the master node). And when the agreement is achieved, the main node sends response success information to the terminal. When the terminal receives the f +1 response success messages, the uplink of data is confirmed to be successful.
Based on the same inventive concept, the embodiment of the present application further provides a multi-party data backup device, which can be used to implement the methods described in the above embodiments, as described in the following embodiments. Because the principle of solving the problem of the multi-party data backup device is similar to that of the multi-party data backup method, the implementation of the multi-party data backup device can refer to the implementation of the multi-party data backup method, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
From the perspective of the master node of the data backup block chain, the present application provides a multi-party data backup apparatus, which is arranged in the master node of the data backup block chain, as shown in fig. 6, and includes:
a verification unit 601, configured to verify a signature in a data uplink request received from a terminal by using an asymmetric encryption algorithm;
a signature broadcasting unit 602, configured to broadcast the verified data uplink request after signing the verified data uplink request by using an asymmetric encryption algorithm;
a consensus unit 603 configured to perform consensus according to the number of received uplink data requests sent by other nodes.
In one embodiment, as shown in fig. 7, the consensus unit 603 comprises:
a number determining module 701, configured to determine the number of uplink data requests;
a consensus request generating module 702, configured to generate a consensus request when the number of data uplink requests is higher than a preset value;
the encryption broadcasting module 703 is configured to encrypt and broadcast the consensus request by using an asymmetric encryption algorithm;
and the verification consensus module 704 is used for verifying the signature of the consensus request sent by other nodes and performing consensus on the consensus request passing the verification.
From the perspective of the slave node of the data backup block chain, the present application also provides another multi-party data backup apparatus, which is arranged in the slave node of the data backup block chain, as shown in fig. 8, and includes:
a signature verification unit 801, configured to verify a signature of a data uplink request broadcast by a master node by using an asymmetric encryption algorithm;
a broadcast unit 802, configured to generate and broadcast a local data uplink request according to the data uplink request passing the verification;
a consensus unit 803, configured to perform consensus according to the number of received uplink data requests sent by other nodes.
In one embodiment, as shown in fig. 9, the consensus unit 803 comprises:
a determining module 901, configured to determine the number of uplink data requests;
a consensus generating module 902, configured to generate a consensus request when the number of data uplink requests is higher than a preset value;
an encryption module 903, configured to encrypt and broadcast the consensus request by using an asymmetric encryption algorithm;
and the consensus module 904 is configured to verify signatures of consensus requests sent by other nodes, and perform consensus on the consensus requests passing the verification.
The encryption machine 2 specifically comprises the following modules: the device comprises a communication module, a main control module and an encryption and decryption module, wherein the encryption and decryption module is subdivided into an operation module and a key management module.
The communication module is used for interacting with the terminal 1, and specifically includes receiving a data encryption request to be backed up initiated by the terminal 1, sending an encrypted ciphertext to the terminal 1, and meanwhile, being used for communication processing when sending a key update request to the backup encryptor 3.
And the main control module is used for controlling the whole processing flow, and comprises the steps of encrypting the data to be backed up, decrypting the backed-up data, updating the local key and sending a key updating request to the backup encryption machine 3.
And the encryption and decryption module is used for carrying out encryption and decryption processing on the data backup and adopts a symmetric encryption algorithm.
Preferably, the encryption and decryption module can also be used for encrypting and decrypting messages and signing and checking labels communicated between the encryption machine 2 and the terminal 1 and the backup encryption machine 3, and an asymmetric encryption algorithm is adopted.
And the operation module is used for executing a symmetric encryption algorithm for encrypting and decrypting the backup data and an asymmetric encryption algorithm for encrypting and decrypting the communication message and signing the signature, wherein the symmetric encryption algorithm selects 3DES, and the asymmetric algorithm selects RSA.
The key management module is used for locally storing a 3DES key of a symmetric encryption algorithm and an RSA key of an asymmetric encryption algorithm of encryption and decryption of a communication message and signature verification, wherein for the encryption and decryption of the communication message and the signature verification, a private key of the key management module and a public key of an opposite party are locally stored, for a sent message, the public key of the opposite party is used for encryption and signature, and for a received message, the private key of the key management module is used for decryption and signature verification by using the public key of the opposite party.
Preferably, the symmetric encryption algorithm can support the expansion to the domestic key algorithm SM4, and the asymmetric encryption algorithm can support the expansion to the domestic key algorithm SM 2.
The host node 4 specifically includes the following modules: the device comprises a communication module, a main control module, a consensus module and an encryption and decryption module, wherein the encryption and decryption module is subdivided into an operation module and a key management module.
The communication module is used for interacting with the terminal 1, and specifically includes receiving a data uplink request to be backed up, which is initiated by the terminal 1, and responding to the terminal 1, and also used for communication processing when interacting with other nodes on the link.
The main control module is used for controlling the whole processing flow, including interacting with the terminal 1, pre-prepare, prepare and commit three-stage processing of data uplink, and viewchange protocol processing of changing the main node.
And the consensus module is used for finishing pre-prepare, prepare and commit three-stage processing of data uplink and viewchange protocol processing of replacing the main node.
And the encryption and decryption module is used for signature verification processing of communication between the terminal 1 and the node and communication between the node and other nodes, and adopts an asymmetric encryption algorithm.
And the operation module is used for executing an asymmetric encryption algorithm for signature verification and an asymmetric encryption algorithm for message encryption and decryption, wherein the asymmetric encryption algorithm selects RSA.
The key management module is used for locally storing an RSA key for encrypting and decrypting the communication message and verifying the signature, wherein for encrypting and decrypting the communication message and verifying the signature, a private key of the key management module and a public key of the opposite party are locally stored, for the sent message, the private key of the key management module is used for signing, and for the received message, the public key of the opposite party is used for verifying the signature.
The optimized encryption and decryption module can also be used for encryption and decryption processing of communication between the terminal 1 and the node and communication between the node and other nodes, and an asymmetric encryption algorithm is adopted and is selected from RSA.
Preferably, the asymmetric encryption algorithm selection RSA can support the SM2 expanded domestic key algorithm.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
An embodiment of the present application further provides a specific implementation manner of an electronic device capable of implementing all steps in the method in the foregoing embodiment, and referring to fig. 10, the electronic device specifically includes the following contents:
a processor (processor)1001, a memory 1002, a communication Interface (Communications Interface)1003, a bus 1004, and a nonvolatile memory 1005;
the processor 1001, the memory 1002, and the communication interface 1003 complete mutual communication through the bus 1004;
the processor 1001 is configured to call the computer programs in the memory 1002 and the nonvolatile memory 1005, and when the processor executes the computer programs, the processor implements all the steps in the methods in the embodiments, for example, the processor implements the steps of S101 to S103 and S301 to S303 when executing the computer programs.
Embodiments of the present application also provide a computer-readable storage medium capable of implementing all the steps of the method in the above embodiments, and the computer-readable storage medium stores thereon a computer program, which when executed by a processor implements all the steps of the method in the above embodiments, for example, the processor implements the steps of S101-S102, S301-S302 when executing the computer program.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment. Although embodiments of the present description provide method steps as described in embodiments or flowcharts, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the embodiments of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein. The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification.
In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction. The above description is only an example of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present specification should be included in the scope of the claims of the embodiments of the present specification.
Claims (13)
1. A multi-party data backup method based on a block chain is characterized by comprising the following steps:
the main node adopts an asymmetric encryption algorithm to verify the signature in the data uplink request received from the terminal;
the data uplink request passing the verification is broadcasted after being signed by adopting an asymmetric encryption algorithm;
and performing consensus according to the number of the data uplink requests sent by other nodes in the received data backup block chain.
2. The multi-party data backup method according to claim 1, wherein said identifying according to the number of received uplink data requests sent by other nodes in the data backup blockchain comprises:
judging the number of the data uplink requests;
generating a consensus request when the number of the data uplink requests is higher than a preset value;
encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
3. A multi-party data backup device based on a block chain is arranged in a main node of the data backup block chain, and is characterized by comprising:
a verification unit for verifying a signature in a data uplink request received from a terminal using an asymmetric encryption algorithm;
the signature broadcasting unit is used for broadcasting the verified data uplink request after signature by adopting an asymmetric encryption algorithm;
a consensus unit, configured to perform consensus according to the number of received data uplink requests sent by other nodes.
4. The multi-party data backup device of claim 3, wherein the consensus unit comprises:
a quantity judging module for judging the quantity of the data uplink requests;
a consensus request generation module, configured to generate a consensus request when the number of uplink data requests is higher than a preset value;
the encryption broadcasting module is used for encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and the verification consensus module is used for verifying the signature of the consensus request sent by other nodes and performing consensus on the consensus request passing the verification.
5. A multi-party data backup method based on a block chain is characterized by comprising the following steps:
the slave node adopts an asymmetric encryption algorithm to verify the signature of a data uplink request broadcast by a master node in a data backup block chain;
generating a local data uplink request according to the data uplink request passing the verification and broadcasting the local data uplink request;
and performing consensus according to the number of the received data uplink requests sent by other nodes in the data backup block chain.
6. The multi-party data backup method according to claim 5, wherein said performing consensus according to the number of received uplink data requests sent by other nodes comprises:
judging the number of the data uplink requests;
generating a consensus request when the number of the data uplink requests is higher than a preset value;
encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and verifying the signature of the consensus request sent by other nodes, and performing consensus on the consensus requests passing the verification.
7. A multi-party data backup device based on a block chain is arranged in a slave node of the data backup block chain, and is characterized by comprising:
the signature verification unit is used for verifying the signature of the data uplink request broadcast by the main node by adopting an asymmetric encryption algorithm;
the broadcast unit is used for generating and broadcasting a local data uplink request according to the data uplink request passing the verification;
a consensus unit, configured to perform consensus according to the number of received data uplink requests sent by other nodes.
8. The multi-party data backup device of claim 7, wherein the consensus unit comprises:
a judging module, configured to judge the number of the data uplink requests;
a consensus generating module, configured to generate a consensus request when the number of uplink data requests is higher than a preset value;
the encryption module is used for encrypting and broadcasting the consensus request by adopting an asymmetric encryption algorithm;
and the consensus module is used for verifying the signature of the consensus request sent by other nodes and performing consensus on the consensus request passing the verification.
9. A multi-party data backup method based on a block chain is characterized by comprising the following steps:
the terminal encrypts the data to be backed up by adopting an encryption machine and then generates a data uplink request;
and sending the data uplink request to a main node in a data backup block chain, so that the main node verifies the signature in the data uplink request by adopting an asymmetric encryption algorithm, and broadcasting and identifying the data uplink request after the verification is passed.
10. A multi-party data backup device based on a block chain, comprising:
the request encryption unit is used for encrypting the data to be backed up by adopting an encryption machine and then generating a data uplink request;
and the uplink unit is used for sending the data uplink request to a main node in the data backup block chain so that the main node verifies the signature in the data uplink request by adopting an asymmetric encryption algorithm and broadcasts and identifies the data uplink request after the verification is passed.
11. A block chain based multi-party data backup system, comprising:
the terminal comprises an encryption machine and a backup encryption machine which are in communication connection with the terminal;
the data backup block chain comprises a main node and a plurality of slave nodes, and the main node is in communication connection with the terminal;
the main node is provided with a multi-party data backup device according to claims 3 to 4;
the slave node is provided with a multi-party data backup device according to claims 7 to 8.
12. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the multi-party data backup method of any one of claims 1-2, 5-6, and 9 when executing the program.
13. A computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the multi-party data backup method of any of claims 1-2, 5-6 and 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716517.6A CN111881486A (en) | 2020-07-23 | 2020-07-23 | Multi-party data backup method, device and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716517.6A CN111881486A (en) | 2020-07-23 | 2020-07-23 | Multi-party data backup method, device and system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111881486A true CN111881486A (en) | 2020-11-03 |
Family
ID=73155367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010716517.6A Pending CN111881486A (en) | 2020-07-23 | 2020-07-23 | Multi-party data backup method, device and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111881486A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112486736A (en) * | 2020-12-28 | 2021-03-12 | 山西中液互联能源有限公司 | Block chain based data backup system and backup method |
| CN112926983A (en) * | 2021-04-13 | 2021-06-08 | 无锡井通网络科技有限公司 | Block chain-based deposit certificate transaction encryption system and method |
| CN117726421A (en) * | 2024-02-07 | 2024-03-19 | 湖南三湘银行股份有限公司 | Rights management method applied to bank |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| CN109766673A (en) * | 2019-01-18 | 2019-05-17 | 四川大学 | A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method |
| US20190278944A1 (en) * | 2018-12-21 | 2019-09-12 | Alibaba Group Holding Limited | Verifying integrity of data stored in a consortium blockchain using a public sidechain |
| CN110351133A (en) * | 2019-06-28 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Method and device for the host node hand-off process in block catenary system |
| CN110990408A (en) * | 2019-12-02 | 2020-04-10 | 中国银行股份有限公司 | Block chain-based business information cooperation method, business system and alliance chain |
-
2020
- 2020-07-23 CN CN202010716517.6A patent/CN111881486A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| US20190278944A1 (en) * | 2018-12-21 | 2019-09-12 | Alibaba Group Holding Limited | Verifying integrity of data stored in a consortium blockchain using a public sidechain |
| CN109766673A (en) * | 2019-01-18 | 2019-05-17 | 四川大学 | A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method |
| CN110351133A (en) * | 2019-06-28 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Method and device for the host node hand-off process in block catenary system |
| CN110990408A (en) * | 2019-12-02 | 2020-04-10 | 中国银行股份有限公司 | Block chain-based business information cooperation method, business system and alliance chain |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112486736A (en) * | 2020-12-28 | 2021-03-12 | 山西中液互联能源有限公司 | Block chain based data backup system and backup method |
| CN112926983A (en) * | 2021-04-13 | 2021-06-08 | 无锡井通网络科技有限公司 | Block chain-based deposit certificate transaction encryption system and method |
| CN117726421A (en) * | 2024-02-07 | 2024-03-19 | 湖南三湘银行股份有限公司 | Rights management method applied to bank |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102157452B1 (en) | Performing a recovery process for network nodes in a distributed system | |
| US11614994B2 (en) | Method, apparatus and electronic device for blockchain-based transaction consensus processing | |
| AU2019207312B2 (en) | Distributed key management for trusted execution environments | |
| KR102237219B1 (en) | Achieving consensus among network nodes in a distributed system | |
| RU2716558C1 (en) | Performing modification of primary node in distributed system | |
| WO2020168937A1 (en) | Block chain multi-party witness method, apparatus and device, and computer-readable storage medium | |
| CN111681003B (en) | Resource cross-chain transfer method and device, computer equipment and storage medium | |
| US20200235988A1 (en) | Changing a master node in a blockchain system | |
| US10659233B1 (en) | Authentication based on a recovered public key | |
| CN111881486A (en) | Multi-party data backup method, device and system based on block chain | |
| CN109981279B (en) | Block chain system, communication method, device, equipment and medium | |
| CN111740966B (en) | Data processing method based on block chain network and related equipment | |
| CN103490892A (en) | Digital signing method and system, application server and cloud cipher server | |
| CN111339199B (en) | Block chain key recovery method and device | |
| CN111464315B (en) | Digital signature processing method, device, computer equipment and storage medium | |
| CN112333213B (en) | Privacy protection method and device for business data of power Internet of things | |
| CN110149323B (en) | Processing device with ten-million-level TPS (platform secure protocol) contract processing capacity | |
| CN112468571B (en) | Intranet and extranet data synchronization method and device, electronic equipment and storage medium | |
| CN105468659A (en) | Data synchronizing method and apparatus | |
| CN110347689A (en) | Date storage method, equipment and computer readable storage medium | |
| CN113449322A (en) | Data sharing method and device based on block chain, electronic equipment and readable medium | |
| EP3833153A1 (en) | Network connection methods and devices | |
| CN111709053A (en) | Operation method and operation device based on loose coupling transaction network | |
| CN113034140B (en) | Method, system, equipment and storage medium for realizing intelligent contract encryption | |
| CN111311412B (en) | Decentralized transaction confirmation method and device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |