CN112287398B - Block chain network node switching system based on safe storage hardware - Google Patents
Block chain network node switching system based on safe storage hardware Download PDFInfo
- Publication number
- CN112287398B CN112287398B CN202011587649.XA CN202011587649A CN112287398B CN 112287398 B CN112287398 B CN 112287398B CN 202011587649 A CN202011587649 A CN 202011587649A CN 112287398 B CN112287398 B CN 112287398B
- Authority
- CN
- China
- Prior art keywords
- node
- nodes
- storage
- path
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a block chain network node switching system based on safe storage hardware, belongs to the field of block chains, relates to a block chain network node switching technology, and is used for solving the problem of safely selecting proper safe storage hardware as a new carrier; the switching instruction is generated by the main node module, so that the requirement of node replacement can be automatically selected by the block link points, and the problem of data loss or data theft is avoided; meanwhile, the node switching module randomly selects qualified network nodes and carries out node switching, so that an attacker is prevented from attacking the switched nodes again after tracing, and data security in the nodes is avoided; the block chain data is backed up in the optimal backup node through the backup node module, so that the problem of data loss when the existing node is broken in the node switching process is solved.
Description
Technical Field
The invention belongs to the field of block chains, relates to a block chain network node switching technology, and particularly relates to a block chain network node switching system based on secure storage hardware.
Background
The block chain verifies and stores data by using a block chain type data structure, generates and updates data by using a distributed node consensus algorithm, ensures the access and the safety of a data creation book by using a cryptographic mode, and is a brand new distributed infrastructure and computing paradigm for changing and operating data by using an intelligent contract consisting of automatic script codes. In short, emerging application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The blockchain is a self-generated super platform with Trust and security (Trust & security) and payment functions. Compared with the current internet platform, the blockchain constructs a credit mechanism with almost zero cost through code algorithm and rules, in the system, the transaction does not need a centralized third party, such as endorsements of mechanisms such as banks, securities and the like, and the nodes are a very broad concept and represent different meanings in different contexts and systems. For example, a node in a blockchain is not synonymous with a node in a p2p network, and nodes in different blockchains are different, and in a blockchain network, there are conventionally three types of nodes that provide different functions in the network. These node types are: broadcast nodes, which only send transactions and receive blockchain information from third parties, are widely used in mobile devices or are only used by people who do not want to download the entire blockchain. And (4) a complete node, and installing complete node software such as Bitcoin Core. The mining node is used for helping to create a new block and also publishing and spreading transactions;
however, when a block link point is attacked or needs to be transferred, how to safely select appropriate safe storage hardware as a new carrier becomes a problem to be solved.
Disclosure of Invention
The invention aims to provide a block chain network node switching system based on secure storage hardware, which is used for solving the problem of safely selecting proper secure storage hardware as a new carrier.
The purpose of the invention can be realized by the following technical scheme:
a block chain network node switching system based on safe storage hardware comprises a hardware area, a node switching module, a main node module and a backup node module;
the hardware area comprises a plurality of safe storage chips, the safe storage chips jointly form a safe storage network, and each safe storage chip is a carrier of a block chain network node;
the node switching module is used for randomly selecting qualified network nodes and switching the nodes;
the main node module is used for marking the main node in the current block chain and generating main node replacement node information;
and the backup node module is used for marking the backup nodes in the current block chain and generating the backup information of the main node.
Further, the master node module is configured to mark a master node in the current block chain, and generate master node replacement node information specifically as follows:
the method comprises the steps that a main node module marks a main node in a current block chain as a starting node and generates a switching instruction, wherein the main node module generates the switching instruction specifically, when the safe storage grade of the block chain in the main node is improved and the current node does not meet the safe storage requirement, the main node module generates the switching instruction; when the block chain in the main node is increased and the current node does not meet the storage requirement, the main node module generates a switching instruction; when the storage of the block chain in the main node reaches a storage threshold value, the main node module generates a switching instruction; when a dangerous block chain is stored in the main node, the main node module generates a switching instruction; when the main node is attacked by the network, the main node module generates a switching instruction; the master node module generates a switch instruction when more than 50% of the nodes connected to the master node are authenticated as not meeting the secure storage requirement.
The node switching module is used for randomly selecting qualified network nodes and switching the nodes, specifically, after receiving a switching instruction, randomly selecting the qualified network nodes, marking the qualified network nodes as destination nodes, acquiring all node paths between a current starting node and the destination nodes, acquiring an optimal switching path through the node cloud model, and sending the optimal switching path to the backup node module.
Further, the backup node module marks all nodes in the optimal switching path as backup nodes, acquires storage indexes in the backup nodes, determines the backup node as a preferred backup node when the storage indexes meet backup requirements, and backs up the block chain data in the preferred backup node.
Further, the blockchain data backed up in the preferred backup node is deleted when the blockchain data is backed up in the next preferred backup node.
Further, the qualified network node meets the requirement of blockchain secure storage, the blockchain storage in the current node does not exceed a storage threshold value of 110%, the security level of the blockchain stored in the current node is only lower than one level of blockchain data to be backed up, and the attack frequency of the current node is less than a preset threshold value.
Further, the acquiring all node paths between the current departure node and the destination node specifically includes:
acquiring all block chain nodes in a secure storage network, and acquiring a destination node and a departure node;
acquiring block chain link points connected with a terminal node, marking the block chain link points connected with the terminal node as first extension nodes, and marking the first extension nodes as primary base regions; and then selecting block link points connected with the primary base region, marking the block link points connected with the primary base region as second extension nodes, and marking the second extension nodes as secondary base regions, wherein the second extension nodes do not comprise the first extension nodes, then selecting the block link points connected with the secondary base region, marking the block link points connected with the secondary base regions as third extension nodes, and marking the third extension nodes as tertiary base regions, wherein the third extension nodes do not comprise the second extension nodes, repeating the extension until a starting node exists in the base regions for N times, and then taking the current path as a node path.
Further, the node cloud model obtains the optimal switching path specifically as,
acquiring the safe storage level of each node in the node path, and rejecting the current node path when the node safe storage level in the node path is smaller than the safe storage requirement;
acquiring a storage threshold value of each node in a node path, and when the storage threshold value of the nodes in the node path exceeds the threshold value by 110%, rejecting the current node path;
acquiring the historical attacked times of each node in the node path, and rejecting the current node path when the historical attacked times of the nodes in the node path are larger than a preset threshold value;
acquiring the security level of the existing storage block chain in each node in the node path, and when the node in the node path stores the block chain with the security level lower than the security storage requirement, rejecting the current node path;
acquiring a node path which is not rejected, and marking a starting node as an initial value;
accumulating 1 unit value for the initial value when each block chain node passes through the node path from the starting node to the destination node, and marking the initial value when the destination node is reached as a path value;
sorting according to the path values of the node paths, wherein the smaller the path value is, the higher the ranking is;
and selecting the node path with the first ranking as the optimal switching path.
Further, when the storage of the block chain in the main node reaches a storage threshold value, wherein the storage threshold value is 70% of the total storage amount of the current node;
when the current node does not meet the safe storage requirement, wherein the safe storage requirement is specifically that the current node is not attacked; the current node storage security level meets the storage requirement.
Further, the safe storage level includes a risk level, a general level, a middle level, and a high level.
Compared with the prior art, the invention has the beneficial effects that:
the switching instruction is generated by the main node module, so that the requirement of node replacement can be automatically selected by the block link points, and the problem of data loss or data theft is avoided; meanwhile, the node switching module randomly selects qualified network nodes and carries out node switching, so that an attacker is prevented from attacking the switched nodes again after tracing, and data security in the nodes is avoided;
the blockchain data are backed up in the preferred backup node through the backup node module, so that the problem of data loss when the existing node is broken in the node switching process is solved, meanwhile, the blockchain data backed up in the preferred backup node are deleted when the blockchain data are backed up in the next preferred backup node, so that the backup data are deleted from the preferred backup node when the backup data are switched to the destination blockchain, and the problem of data insecurity caused by data backup in a plurality of nodes is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block diagram of a secure storage network according to the present invention;
FIG. 2 is a block diagram of the routing base region of the present invention;
FIG. 3 is a block diagram of a backup node of the present invention;
FIG. 4 is a functional block diagram of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Thus, the detailed description of the embodiments of the present invention provided in the following drawings is not intended to limit the scope of the invention as claimed, but is merely representative of selected embodiments of the invention.
As shown in fig. 1 to 4, a system for switching a blockchain network node based on secure storage hardware includes a hardware area, a node switching module, a master node module, and a backup node module;
the hardware area comprises a plurality of safe storage chips, the safe storage chips jointly form a safe storage network, and each safe storage chip is a carrier of a block chain network node;
the node switching module is used for randomly selecting qualified network nodes and switching the nodes, specifically, after receiving a switching instruction, randomly selecting the qualified network nodes, marking the qualified network nodes as destination nodes, acquiring all node paths between a current starting node and the destination nodes, acquiring an optimal switching path through a node cloud model, and sending the optimal switching path to the backup node module;
preferably, when the present invention is implemented specifically, acquiring all node paths between the current departure node and the destination node specifically includes:
acquiring all block chain nodes in a secure storage network, and acquiring a destination node and a departure node;
acquiring block chain link points connected with a terminal node, marking the block chain link points connected with the terminal node as first extension nodes, and marking the first extension nodes as primary base regions; and then selecting block link points connected with the primary base region, marking the block link points connected with the primary base region as second extension nodes, and marking the second extension nodes as secondary base regions, wherein the second extension nodes do not comprise the first extension nodes, then selecting the block link points connected with the secondary base region, marking the block link points connected with the secondary base regions as third extension nodes, and marking the third extension nodes as tertiary base regions, wherein the third extension nodes do not comprise the second extension nodes, repeating the extension until a starting node exists in the base regions for N times, and then taking the current path as a node path.
In the embodiment of the present invention, the qualified network node meets the requirement of blockchain security storage, and the blockchain storage in the current node does not exceed the storage threshold 110%, and the security level of the blockchain stored in the current node is only lower than one level of the blockchain data to be backed up, and the number of times of attack on the current node is less than the preset threshold.
More preferably, in the specific implementation of the present invention, the node cloud model obtains the optimal switching path specifically,
acquiring the safe storage level of each node in the node path, and rejecting the current node path when the node safe storage level in the node path is smaller than the safe storage requirement;
acquiring a storage threshold value of each node in a node path, and when the storage threshold value of the nodes in the node path exceeds the threshold value by 110%, rejecting the current node path;
acquiring the historical attacked times of each node in the node path, and rejecting the current node path when the historical attacked times of the nodes in the node path are larger than a preset threshold value;
acquiring the security level of the existing storage block chain in each node in the node path, and when the node in the node path stores the block chain with the security level lower than the security storage requirement, rejecting the current node path;
acquiring a node path which is not rejected, and marking a starting node as an initial value;
accumulating 1 unit value for the initial value when each block chain node passes through the node path from the starting node to the destination node, and marking the initial value when the destination node is reached as a path value;
sorting according to the path values of the node paths, wherein the smaller the path value is, the higher the ranking is;
and selecting the node path with the first ranking as the optimal switching path.
The master node module is used for marking master nodes in the current block chain and generating master node replacement node information, and specifically comprises:
the method comprises the steps that a main node module marks a main node in a current block chain as a starting node and generates a switching instruction, wherein the main node module generates the switching instruction specifically, when the safe storage grade of the block chain in the main node is improved and the current node does not meet the safe storage requirement, the main node module generates the switching instruction; when the block chain in the main node is increased and the current node does not meet the storage requirement, the main node module generates a switching instruction; when the storage of the block chain in the main node reaches a storage threshold value, the main node module generates a switching instruction; when a dangerous block chain is stored in the main node, the main node module generates a switching instruction; when the main node is attacked by the network, the main node module generates a switching instruction; the master node module generates a switch instruction when more than 50% of the nodes connected to the master node are authenticated as not meeting the secure storage requirement.
The backup node module is used for marking backup nodes in the current block chain and generating main node backup information, and specifically, the backup node module marks all the nodes in the optimal switching path as backup nodes and acquires storage indexes in the backup nodes, and when the storage indexes meet backup requirements, the backup nodes are considered as preferred backup nodes and the block chain data are backed up in the preferred backup nodes;
in the implementation of the present invention, the blockchain data backed up in the preferred backup node is deleted when the blockchain data is backed up in the next preferred backup node.
When the method is implemented specifically, when the storage of the block chain in the main node reaches a storage threshold value, wherein the storage threshold value is 70% of the total storage amount of the current node;
when the method is implemented specifically, when the current node does not meet the safe storage requirement, wherein the safe storage requirement is specifically that the current node is not attacked; the current node storage security level meets the storage requirement.
In the implementation of the invention, the safe storage grade comprises a risk grade, a general grade, a medium grade and a high grade.
Wherein, the secure memory chip used in the embodiment of the invention is a memory chip with identity authentication and access authority control,
the chip memory circuit can adopt the concept of partition according to the difference of the memory content and the operation object thereof, and respectively set the access control strategy. The partition of the memory circuit may be based on chip memory content, chip operation object, operation authority level, etc., and the designer may select an appropriate or combined partition mode according to different application situations. The invention takes an internal FLASH memory of an SoC chip as an example, and divides a main storage area into four storage areas according to different storage contents:
COS memory area, application program memory area, block chain key block memory area and temporary block memory area. Wherein the size of each memory area may vary according to the specific application requirements. Each memory area is simultaneously provided with a group of registers (consisting of two registers of an authentication Register and an access control Register), and the four groups of registers are generally positioned in an NVR (Non-Volatile Register) memory area of the FLASH memory of the chip.
Secondly, setting an independent identity authentication and access control circuit for each independent partition: the authentication and access control circuit is comprised of a pair of registers and a pair of comparison circuits, wherein:
1. the register values come from memory with non-volatile characteristics, i.e. no data is lost if power is lost, and the values can be stored using the NVR storage area of the on-chip non-volatile memory. The pair of registers are respectively an authentication register and an access control register, the authentication register is used for storing an identity authentication code, and the access control register is used for storing an access control code.
2. The pair of comparison circuits are respectively an identity authentication code comparison circuit and an access control code comparison circuit. The access control code comparison circuit has its inputs from the access control register and from the constant solidified in the chip, and when the two are compared, the comparison circuit will output the read or write switch signal of the corresponding memory area, and when the comparison is not passed, it can not read or write the corresponding memory area. Read or write operation attributes depend on the attributes of the memory itself, as in the case of a blockchain critical block memory, which is typically only write and not read. The input of the identity authentication code comparison circuit is from the authentication register, and the input of the identity authentication code comparison circuit is from the off-chip input buffer memory, when the identity authentication code comparison circuit and the off-chip input buffer memory pass comparison, the identity authentication code comparison circuit and the access control register can be read and written, otherwise, the identity authentication code comparison circuit cannot be read and written. The identity authentication code comparison circuit comprises a comparison counter for counting the number of times of comparison of the authentication code, and an upper limit (N) of the number of times of comparison can be set. Taking the COS storage area as an example, the identity authentication and access control circuit is composed of two parts: COS authentication circuit and COS access control circuit. The COS authentication circuit comprises an authentication code reading circuit, an authentication mapping register, an authentication code input cache circuit, an authentication code comparison logic circuit, a register access control logic circuit and the like, wherein: the authentication code reading circuit, the authentication mapping register, the authentication code comparison logic circuit and the register access control logic circuit are sequentially connected; the authentication code comparison logic circuit is connected with the authentication code input cache circuit; the register access control logic circuit is connected with the authentication counter. Once the chip receives the authentication enabling signal, the chip starts the authentication code reading operation, the authentication code reading circuit reads the authentication code from COS _ VER _ REG to the authentication mapping register according to the reading time sequence of the FLASH memory, meanwhile, a user inputs an authentication message or summary information from outside the chip, if the message is received, the chip caches the summary information obtained after the message is processed by the algorithm circuit to the authentication code input cache, if the message is the summary information, the message is directly cached to the authentication code input cache, the authentication code comparison circuit compares the value of the COS _ VER _ REG with the authentication code input cache value, the comparison result is output to the register access control logic, and the circuit controls whether the authentication register and the access control register can be rewritten or not according to the comparison result. If the comparison result passes, the read-write operation authority of the authentication register and the access control register is opened, and the user can update the authentication register and the access control register, otherwise, the authentication register and the access control register are in an inoperable state. In addition, the authentication circuit comprises an authentication counter, the counter is added by 1 when the chip receives an authentication enabling signal once and the authentication is not passed, the circuit does not accept the authentication enabling signal any more until the counter counts to N (the upper limit of the authentication times), and the register access control logic permanently closes the write operation of COS _ VER _ REG and COS _ CTR _ REG. The COS access control circuit comprises an access control code reading circuit, an access control mapping register, an access control code constant circuit, an access control code comparison logic circuit, a storage area access control logic circuit and the like, wherein: the access control code reading circuit, the access control mapping register, the access control code comparison logic circuit and the storage area access control logic circuit are sequentially connected, and the access control code comparison logic circuit is connected with the access control code constant circuit. Under the normal working state, the value of the COS _ CTR _ REG and the access control code constant are not equal, and the COS memory area is in a non-writable state. When a user needs to update the chip COS, the write permission of the COS _ CTR _ REG needs to be obtained through authentication, then the access control code is written into the COS _ CTR _ REG, and then the access control comparison operation is started. The access control code reading circuit firstly reads the access control code from the COS _ CTR _ REG to the access control mapping register according to the reading operation time sequence of the FLASH, the access control code comparison logic compares the access control mapping register with the access control code constant, the comparison result is output to the storage area access control logic, and the corresponding control signal can be output according to the comparison result and the storage area access control logic, so that a user is allowed to obtain the reading and writing permission of the COS storage area.
Thirdly, the working state of the access control circuit of each independent partition jumps the flow: after the chip is reset, the access control circuit is in an idle state by default, and enters an access control code reading state once an enable signal is detected in the idle state, the access control code enters an access control code comparison state after being read out, an access control switch signal is turned on or turned off according to a comparison result, the access control circuit enters a waiting reset state after the comparison is completed, and then enters the idle state again once the circuit receives the reset or turn-off enable signal.
The access control circuit defines 4 operating states: an idle state, an access control code read state, an access control code compare state, and a wait for reset state. Taking the COS memory area access control circuit as an example, after the chip is reset, the access control circuit is in an idle state. Once the circuit receives the compare enable signal, the access control circuit enters an access control code read state. In the state, the access control circuit reads the access control code from COS _ CTR _ REG to the access control mapping register in the read operation time sequence of FLASH, after the read operation is completed, the circuit enters an access control code comparison state, the access control code comparison circuit compares the access control mapping register with the access control code constant and outputs a comparison result, after the comparison is completed, the circuit enters a waiting reset state, once the circuit receives a reset or close enabling signal, the access control mapping register is reset, the comparison result does not pass, the access authority of the COS memory area is kept locked, and the circuit enters an idle state. If the comparison is passed, the operator can perform the updating operation of the COS during the waiting reset period of the circuit, and after the updating is completed, the operator performs the reset operation and the circuit returns to the idle state. The state transitions are shown in figure 3. According to the description, the access control code is controlled by the hardware circuit from reading to comparing with the access control code constant and then outputting the storage access control signal, so that the circuit can resist the attack of malicious software and has stronger safety protection capability.
Fourthly, skipping the working state of the identity authentication circuit of each independent partition: after the chip is reset, the identity authentication circuit is in an idle state. When a user needs to perform identity authentication, the identity authentication circuit is enabled firstly, after the identity authentication circuit receives an authentication enabling signal, the circuit enters an identity authentication code reading state, an identity authentication code is read and then enters a counter judging state, if i is less than or equal to N, the circuit enters an authentication code input state, otherwise, the circuit indicates that the identity authentication code comparison exceeds the limit times, and the circuit enters a permanent locking state. After the authentication code is input, the circuit enters an authentication code comparison state, whether the access authority switches of the register and the access control register are turned on or not is determined according to a comparison result, and after the comparison is finished, the circuit waits for resetting or turning off an enabling signal and then returns to an idle state.
The circuit defines 7 operating states: the system comprises an idle state, an authentication code reading state, a counter judging state, an authentication code input state, an authentication code comparing state, a waiting reset state and an authentication circuit locking state. Taking the identity authentication circuit of the COS storage area as an example, after the chip is reset, the identity authentication circuit is in an idle state. Once the chip receives the authentication enabling signal, the identity authentication circuit enters an authentication code reading state. Under the state, the identity authentication circuit reads an authentication code from COS _ VER _ REG to an authentication mapping register according to the read operation time sequence of FLASH, the circuit enters a counter judgment state after the read operation is finished, if i is less than or equal to N and indicates that the upper limit of the authentication times N is not reached, the user is allowed to continuously try to input the authentication code, the circuit enters an authentication code input state, namely, the user is allowed to write the authentication code into an authentication code input cache, the authentication counter is automatically added with '1' after the writing is finished, the circuit enters an authentication code comparison state, the authentication mapping register is compared with the authentication code input cache by the authentication code comparison circuit and outputs a comparison result, the counter i is cleared when the comparison is passed, the circuit enters a waiting reset state, the comparison is failed, the counter i is added with 1, the circuit reenters the counter judgment state, and if i is less than or equal to N, the, otherwise, the authentication circuit enters a locked state, the state does not jump any more and the authentication circuit is locked permanently. The identity authentication code reading, transmission, comparison and generation of the register access control signal are all completed by a hardware circuit, no software participates in the process, and the safety is higher.
The above formulas are all calculated by taking the numerical value of the dimension, the formula is a formula which obtains the latest real situation by acquiring a large amount of data and performing software simulation, and the preset parameters in the formula are set by the technical personnel in the field according to the actual situation.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and there may be other divisions when the actual implementation is performed; the modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the method of the embodiment.
It will also be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above examples are only intended to illustrate the technical process of the present invention and not to limit the same, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical process of the present invention without departing from the spirit and scope of the technical process of the present invention.
Claims (8)
1. A block chain network node switching system based on safe storage hardware is characterized by comprising a hardware area, a node switching module, a main node module and a backup node module;
the hardware area comprises a plurality of safe storage chips, the safe storage chips jointly form a safe storage network, and each safe storage chip is a carrier of a block chain network node;
the node switching module is used for randomly selecting qualified network nodes and switching the nodes;
the main node module is used for marking the main node in the current block chain and generating main node replacement node information;
the backup node module is used for marking backup nodes in the current block chain and generating backup information of the main node;
the node switching module is used for randomly selecting qualified network nodes and switching the nodes, and specifically, after a switching instruction is received, the qualified network nodes are randomly selected, the qualified network nodes are marked as destination nodes, all node paths between the current starting node and the destination nodes are obtained, the optimal switching path is obtained through a node cloud model, and the optimal switching path is sent to the backup node module;
the node cloud model obtains the optimal switching path specifically,
acquiring the safe storage level of each node in the node path, and rejecting the current node path when the node safe storage level in the node path is smaller than the safe storage requirement;
acquiring a storage threshold value of each node in a node path, and when the storage threshold value of the nodes in the node path exceeds the threshold value by 110%, rejecting the current node path;
acquiring the historical attacked times of each node in the node path, and rejecting the current node path when the historical attacked times of the nodes in the node path are larger than a preset threshold value;
acquiring the security level of the existing storage block chain in each node in the node path, and when the node in the node path stores the block chain with the security level lower than the security storage requirement, rejecting the current node path;
acquiring a node path which is not rejected, and marking a starting node as an initial value;
accumulating 1 unit value for the initial value when each block chain node passes through the node path from the starting node to the destination node, and marking the initial value when the destination node is reached as a path value;
sorting according to the path values of the node paths, wherein the smaller the path value is, the higher the ranking is;
and selecting the node path with the first ranking as the optimal switching path.
2. The system of claim 1, wherein the master node module is configured to mark a master node in a current blockchain and generate master node replacement node information, specifically:
the method comprises the steps that a main node module marks a main node in a current block chain as a starting node and generates a switching instruction, wherein the main node module generates the switching instruction specifically, when the safe storage grade of the block chain in the main node is improved and the current node does not meet the safe storage requirement, the main node module generates the switching instruction; when the block chain in the main node is increased and the current node does not meet the storage requirement, the main node module generates a switching instruction; when the storage of the block chain in the main node reaches a storage threshold value, the main node module generates a switching instruction; when a dangerous block chain is stored in the main node, the main node module generates a switching instruction; when the main node is attacked by the network, the main node module generates a switching instruction; when more than 50% of the nodes connected with the master node are authenticated as not meeting the safe storage requirement, the master node module generates a switching instruction.
3. The system according to claim 2, wherein the backup node module marks all nodes in the optimal switching path as backup nodes, obtains storage indexes in the backup nodes, determines the backup node as a preferred backup node when the storage indexes meet backup requirements, and backs up the blockchain data in the preferred backup node.
4. A system as claimed in claim 3, wherein the blockchain data backed up in the preferred backup node is deleted when the blockchain data is backed up in the next preferred backup node.
5. The system of claim 4, wherein the qualified network nodes comprise network nodes that satisfy blockchain storage requirements, and the blockchain storage in the current node does not exceed a storage threshold of 110%, and the blockchain storage in the current node has a security level that is lower than the level of blockchain data to be backed up by only one, and the number of times the current node is attacked is less than a predetermined threshold.
6. The system according to claim 5, wherein the acquiring all node paths between the current departure node and the destination node specifically comprises:
acquiring all block chain nodes in a secure storage network, and acquiring a destination node and a departure node;
acquiring block chain link points connected with a terminal node, marking the block chain link points connected with the terminal node as first extension nodes, and marking the first extension nodes as primary base regions; and then selecting block link points connected with the primary base region, marking the block link points connected with the primary base region as second extension nodes, and marking the second extension nodes as secondary base regions, wherein the second extension nodes do not comprise the first extension nodes, then selecting the block link points connected with the secondary base region, marking the block link points connected with the secondary base regions as third extension nodes, and marking the third extension nodes as tertiary base regions, wherein the third extension nodes do not comprise the second extension nodes, repeating the extension until a starting node exists in the base regions for N times, and then taking the current path as a node path.
7. A safe storage hardware-based blockchain network node switching system according to claim 6, wherein when the storage of the blockchain in the main node reaches a storage threshold, wherein the storage threshold is 70% of the total storage amount of the current node;
when the current node does not meet the safe storage requirement, wherein the safe storage requirement is specifically that the current node is not attacked; the current node storage security level meets the storage requirement.
8. A secure storage hardware based blockchain network node switching system as in claim 7 wherein said secure storage levels include a risk level, a general level, a medium level and a high level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011587649.XA CN112287398B (en) | 2020-12-29 | 2020-12-29 | Block chain network node switching system based on safe storage hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011587649.XA CN112287398B (en) | 2020-12-29 | 2020-12-29 | Block chain network node switching system based on safe storage hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112287398A CN112287398A (en) | 2021-01-29 |
| CN112287398B true CN112287398B (en) | 2021-04-20 |
Family
ID=74426601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011587649.XA Active CN112287398B (en) | 2020-12-29 | 2020-12-29 | Block chain network node switching system based on safe storage hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112287398B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666149B (en) * | 2022-04-07 | 2024-01-26 | 杭州集联科技有限公司 | Block chain-based Internet of things environment safety monitoring system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106557543A (en) * | 2016-10-14 | 2017-04-05 | 深圳前海微众银行股份有限公司 | Node switching method and system |
| CN106713412A (en) * | 2016-11-09 | 2017-05-24 | 弗洛格(武汉)信息科技有限公司 | Block chain system and construction method of block chain system |
| CN111245857A (en) * | 2020-01-17 | 2020-06-05 | 安徽师范大学 | Channel network steady state evolution game method in block link environment |
| CN111277645A (en) * | 2020-01-16 | 2020-06-12 | 深圳市网心科技有限公司 | Hot switching method for main and standby nodes, block chain system, block chain node and medium |
-
2020
- 2020-12-29 CN CN202011587649.XA patent/CN112287398B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106557543A (en) * | 2016-10-14 | 2017-04-05 | 深圳前海微众银行股份有限公司 | Node switching method and system |
| CN106713412A (en) * | 2016-11-09 | 2017-05-24 | 弗洛格(武汉)信息科技有限公司 | Block chain system and construction method of block chain system |
| CN111277645A (en) * | 2020-01-16 | 2020-06-12 | 深圳市网心科技有限公司 | Hot switching method for main and standby nodes, block chain system, block chain node and medium |
| CN111245857A (en) * | 2020-01-17 | 2020-06-05 | 安徽师范大学 | Channel network steady state evolution game method in block link environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112287398A (en) | 2021-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240005310A1 (en) | Implementing logic gate functionality using a blockchain | |
| ES2837395T3 (en) | Method and device for writing service data to a blockchain system | |
| CN109257334B (en) | Block chain-based data uplink system, method and storage medium | |
| CN103202049A (en) | Conflict handling in self-organizing networks | |
| CN111431903A (en) | Cross-link relay method, device and computer readable storage medium | |
| CN110135993B (en) | Method, equipment and storage medium for adapting UTXO model to intelligent contract account model | |
| CN108256354B (en) | Test data-based storage method and storage medium | |
| CN101908120A (en) | Method for realizing all-in-one function of single intelligent card | |
| CN101276389A (en) | Separation of logical trusted platform modules within a single physical trusted platform module | |
| CN112287398B (en) | Block chain network node switching system based on safe storage hardware | |
| CN109191287A (en) | A kind of sharding method, device and the electronic equipment of block chain intelligence contract | |
| CN111597167A (en) | Big data management system and method applying block chain technology | |
| CN115134069A (en) | Block chain editing method and block chain link point | |
| CN111597269A (en) | Block chain-based contract implementation method, device and equipment | |
| WO2022065016A1 (en) | Automatic authentication ic chip | |
| CN116471103B (en) | Internal and external network data security exchange method, device and equipment based on boundary network | |
| CN114978651B (en) | Privacy calculation evidence-storing method and device, electronic equipment and storage medium | |
| CN115037472B (en) | Transaction processing method and system based on double-layer DAG consensus mechanism and service equipment | |
| Wu et al. | Blockchain consensus mechanism for distributed energy transactions | |
| CN111147575B (en) | Data storage system based on block chain | |
| CN113535067A (en) | Data storage method, device, equipment and storage medium | |
| CN110290113A (en) | Device identification building method, device and computer readable storage medium based on PoW algorithm | |
| CN110049109A (en) | Accounting method, system and the computer readable storage medium of the shared storage of block chain | |
| CN111953773B (en) | De-centralized address mapping method and device | |
| CN112905657B (en) | Block chain data processing method and system capable of protecting user privacy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |