CN112788117B - Authentication system, blockchain system and related products arranged on Internet node - Google Patents

Abstract

The application discloses an authentication system, a blockchain system and related products which are arranged on an internet node, wherein the authentication system arranged on the internet node is deployed on a blockchain node in the blockchain system; an authentication system provided on an internet node includes: authenticating the kernel and a kernel maintenance module; the authentication kernel is used for authenticating an authentication system of the opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust kernel matrix between the two blockchain nodes. The authentication system, the blockchain system and the related products arranged on the Internet node can effectively simplify the authentication process of the blockchain node and improve the authentication efficiency of the blockchain node.

Description

Authentication system, blockchain system and related products arranged on Internet node

Technical Field

The present disclosure relates to the field of blockchain technologies, and in particular, to an authentication system, a blockchain system, and related products disposed on an internet node.

Background

The blockchain system (essentially a big data system) is an integrated application mode of technologies such as a distributed data storage system, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, and can realize trust and value transfer which cannot be realized by the traditional internet on the internet. The blockchain system comprises a plurality of blockchain nodes, and since the blockchain system is a decentralised system, if the normal and safe operation of the blockchain system is ensured, the blockchain nodes (essentially internet nodes) must be authenticated, and only if the state of the blockchain nodes is authenticated, the blockchain nodes can participate in the operation. However, in the prior art, the authentication process is complex, so that the authentication efficiency is low, and the operation of the blockchain system is greatly influenced.

Disclosure of Invention

Based on the above problems, embodiments of the present application provide an authentication system, a blockchain system, and related products that are provided on an internet node.

In a first aspect, an embodiment of the present application provides an authentication system disposed on an internet node, where the authentication system disposed on the internet node is disposed on a blockchain node in a blockchain system;

An authentication system provided on an internet node includes: authenticating the kernel and a kernel maintenance module;

the authentication kernel is used for authenticating an authentication system of the opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes.

Optionally, in a specific embodiment, the kernel maintenance module is further configured to swap the trust evaluation kernel matrix onto other blockchain nodes in the blockchain system, the other blockchain nodes being different from the two blockchain nodes.

Optionally, in a specific embodiment, the authentication system provided on the internet node further includes: and the network monitoring module is used for monitoring whether communication is carried out between two blockchain nodes in the blockchain system, and if so, triggering an authentication system for authenticating the opposite ends in the two blockchain nodes of the kernel to authenticate so as to obtain a trust evaluation kernel matrix.

Optionally, in one specific embodiment, the network monitoring module is configured to monitor network traffic generated between two blockchain nodes in the blockchain system to monitor whether communication is performed between the two blockchain nodes in the blockchain system.

Optionally, in a specific embodiment, an authentication system provided on the internet node acts as a neuron.

Optionally, in a specific embodiment, the kernel maintenance module is further configured to cause the plurality of blockchain nodes that communicate frequently to form a neuron authentication network in which all neurons share an upper layer service component.

Optionally, in one particular embodiment, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

In a second aspect, embodiments of the present application provide a blockchain system including: a plurality of blockchain nodes, each blockchain node having disposed thereon an authentication system disposed on an internet node, comprising:

authenticating the kernel and a kernel maintenance module;

the authentication kernel is used for authenticating an authentication system of the opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes.

In a third aspect, an embodiment of the present application provides an electronic device, including: a memory having stored thereon computer executable instructions and a processor for executing the computer executable instructions to perform the steps of:

Authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating of the trust evaluation core matrix is performed between two blockchain nodes.

In a fourth aspect, embodiments of the present application provide a computer storage medium having stored thereon computer-executable instructions that when executed perform the steps of:

authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating of the trust evaluation core matrix is performed between two blockchain nodes.

The application discloses an authentication system, a blockchain system and related products which are arranged on an internet node, wherein the authentication system arranged on the internet node is deployed on a blockchain node in the blockchain system; an authentication system provided on an internet node includes: authenticating the kernel and a kernel maintenance module; the authentication kernel is used for authenticating an authentication system of the opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes. The authentication system, the blockchain system and the related products arranged on the Internet node can effectively simplify the authentication process of the blockchain node and improve the authentication efficiency of the blockchain node.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive faculty for a person skilled in the art.

Fig. 1 is a schematic diagram of an authentication system provided on an internet node according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a blockchain system provided in an embodiment of the present application;

fig. 3 is a schematic diagram of an electronic device according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application;

fig. 5 is a schematic diagram of a computer storage medium according to an embodiment of the present application.

Detailed Description

It is not necessary for any of the embodiments of the present application to be practiced with all of the advantages described above.

In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Example 1

Referring to fig. 1, an embodiment of the present application provides an authentication system 10 disposed on an internet node, where the authentication system 10 disposed on the internet node is deployed on a blockchain node in a blockchain system;

the authentication system 10 provided on an internet node includes: authentication kernel 101 and kernel maintenance module 102;

the authentication kernel 101 is configured to authenticate an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and store the trust evaluation kernel matrix; the kernel maintenance module 102 is configured to update a trust evaluation kernel matrix between two blockchain nodes.

Alternatively, in this embodiment, multiple internet nodes may constitute a big data system, such as a blockchain system, such as a federated chain, a private chain, or a public chain; optionally, in this embodiment, the internet node includes a blockchain node, and the blockchain node may be a blockchain light node and a blockchain full node. The block chain full node is a node which has all transaction data of the whole network, and the block chain light node is a node which only has the transaction data related to the block chain light node.

In this embodiment, when a plurality of blockchain nodes form a blockchain system, the authentication system may be deployed on only a part of the blockchain nodes or on all of the blockchain nodes. For example, for private chains, since the number of blockchain nodes is itself relatively small, the authentication system described above may be deployed on all blockchain nodes in order to ensure safe operation of the blockchain system. For another example, for a federation chain, the authentication system described above can be deployed on all blockchain nodes with reference to a private chain. Also, for example, for private chains, since the number of blockchain nodes is relatively large, to ensure safe operation of the blockchain system, the authentication system may be deployed on some blockchain nodes, e.g., on all blockchain full nodes, and on some blockchain light nodes; alternatively, the authentication system is deployed on a small number of blockchain full nodes, while the authentication system is deployed on all blockchain light nodes.

In this embodiment, the trust evaluation kernel matrix is used to record trust authentication data of the blockchain node to the blockchain node, where it should be noted that the authentication kernel 101 may also be used to group the blockchain nodes in the blockchain system, where each group of blockchain nodes records trust authentication data between all the blockchain link points in the group; for the block chain nodes between the groups, one block chain node can be selected from one group of block chain nodes as an external contact node, and the external contact node simultaneously belongs to the other group of block chain nodes, namely, the two groups of block chain nodes have common block chain nodes, the number of the common block chain nodes can be one or a plurality of the common block chain nodes, and the specific number of the common block chain nodes can be flexibly configured according to the requirements of application scenes. For example, if the blockchain system is a public chain, because of its higher visibility on the internet, there is a greater likelihood of having a security risk from a network attack, and therefore, two groups of blockchain nodes have a common number of blockchain nodes that is multiple. For private and alliance chains, the visibility of the private and alliance chains on the internet is intersected, so that the potential for potential safety hazards caused by network attacks is small, and the number of the two groups of blockchain nodes with the same blockchain node is one.

Optionally, in one specific embodiment, the kernel maintenance module 102 is further configured to swap the trust evaluation kernel matrix onto other blockchain nodes in the blockchain system, the other blockchain nodes being different from the two blockchain nodes.

Optionally, in this embodiment, when the kernel maintenance module 102 switches the trust evaluation kernel matrix to other blockchain nodes in the blockchain system, the kernel maintenance module preferably switches to its neighboring blockchain node, that is, the other blockchain node is a neighboring blockchain node, where the neighboring blockchain node may be directly neighboring or indirectly neighboring. When indirectly adjacent, the number of neighbors can be controlled by setting the adjacent step size or the adjacent distance.

Further, when in a blockchain system, if all blockchain nodes therein are divided into groups, the kernel maintenance module 102 performs the exchange of the trust evaluation core matrix within the same group while exchanging the trust evaluation core matrix to other blockchain nodes in the blockchain system.

Further, as previously described, when two adjacent sets of blockchain nodes have a common blockchain node, the exchange of the trust evaluation core matrix between the two adjacent sets of blockchain nodes may be performed by the common blockchain node.

Optionally, in a specific embodiment, the authentication system 10 provided on the internet node further comprises: the network monitoring module is used for monitoring whether communication is carried out between two blockchain nodes in the blockchain system, and if so, triggering the authentication system of the opposite end in the two blockchain nodes of the authentication kernel 101 to authenticate so as to obtain a trust evaluation kernel matrix.

As described above, in this application, authentication is to be performed in order to ensure that the internet node participates in the system operation as a component of the internet system, so as to ensure the safe operation of the whole system based on the security of the internet node itself, and therefore, only when two internet nodes have data interaction, such security problem needs to be considered.

Optionally, in one specific embodiment, the network monitoring module is configured to monitor network traffic generated between two blockchain nodes in the blockchain system to monitor whether communication is performed between the two blockchain nodes in the blockchain system.

Optionally, in this embodiment, by monitoring network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is in progress between two blockchain nodes may be monitored rapidly.

Optionally, in a specific embodiment, the network monitoring module monitors network traffic generated between two blockchain nodes in the blockchain system by means of traffic interception.

Optionally, in this embodiment, by intercepting the network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or whether data interaction is being performed between two blockchain nodes, may be monitored rapidly.

Optionally, in a specific embodiment, the network monitoring module is further configured to query a trust evaluation core matrix of the authentication system of the opposite end in the two blockchain nodes.

Optionally, the communication between the blockchain nodes is monitored through the network monitoring module, and the network monitoring module is used as a channel for carrying out the trust evaluation core matrix exchange between the two blockchain nodes, so that the network architecture of the authentication system is simplified, and the data processing efficiency is improved.

Optionally, in one particular embodiment, communication between two blockchain nodes is initiated based on between upper layer service components.

Optionally, in this embodiment, the communication monitored by the monitoring module is based on the communication between the two blockchain nodes and the last service component, so that accuracy of authentication on the object is ensured, and availability and referential of an authentication result are further ensured when the authentication is performed.

Optionally, in a specific embodiment, the kernel maintenance module 102 is further configured to update the trust evaluation kernel matrix between two blockchain nodes through a decentralized authentication framework.

Optionally, in this embodiment, the decentralized authentication framework may implement decentralization of authentication, so that no third party is required between two blockchain nodes to perform rapid authentication, thereby ensuring the update speed of the trust evaluation core matrix.

Optionally, in a specific embodiment, the authentication system 10 provided on the internet node further comprises: the virtualized trusted management module is configured to derive a trust evaluation core matrix such that the kernel maintenance module 102 updates the trust evaluation core matrix between two blockchain nodes.

Optionally, in this embodiment, a virtualized trusted management module (VTPMS) may ensure that two blockchain nodes perform fast execution when performing the exchange of the trust evaluation core matrix, thereby ensuring that the trust evaluation core matrix on any blockchain node is updated in real time, and ensuring the real-time performance and the rapidity of the exchange.

Optionally, in a specific embodiment, an authentication system provided on the internet node acts as a neuron.

Optionally, in a specific embodiment, the kernel maintenance module 102 is further configured to cause the plurality of blockchain nodes that are frequently communicated to form a neuron authentication network in which all neurons share upper-level service components.

Alternatively, in this embodiment, by making a plurality of blockchain nodes that are frequently communicated form a neuronal authentication network and all neurons in the neuronal authentication network share an upper layer service component, an object for which authentication is determined can be focused, so that authentication is preferably performed only on those blockchain nodes that are frequently communicated, and implementation efficiency of authentication is ensured relative to authentication performed on all blockchain nodes that are only required to be communicated in a blockchain system.

Optionally, in this embodiment, since the communication behavior between the blockchain nodes is changed in real time, for this reason, the communication frequency is also changed continuously, so the composition of the neuron authentication network is also changed dynamically.

Optionally, in one particular embodiment, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

Alternatively, in this embodiment, the unified interface may be configured on a blockchain node that has a higher authority or has a higher security annual property of the neuronal authentication network.

Example two

Referring to fig. 2, an embodiment of the present application provides a blockchain system, including: a plurality of blockchain nodes 301, each having disposed thereon an authentication system 10 disposed on an internet node, comprising:

authentication kernel 101 and kernel maintenance module 102;

the authentication kernel 101 is configured to authenticate an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and store the trust evaluation kernel matrix; the kernel maintenance module 102 is configured to update a trust evaluation kernel matrix between two blockchain nodes.

Alternatively, in this embodiment, multiple internet nodes may constitute a big data system, such as a blockchain system, such as a federated chain, a private chain, or a public chain; optionally, in this embodiment, the internet node includes a blockchain node 301, and the blockchain node 301 may be a blockchain light node and a blockchain full node. The block chain full node is a node which has all transaction data of the whole network, and the block chain light node is a node which only has the transaction data related to the block chain light node.

In this embodiment, when a plurality of blockchain nodes 301 form a blockchain system, the authentication system may be deployed only on a part of the blockchain nodes 301 or on all of the blockchain nodes 301. For example, for private chains, since the number of blockchain nodes 301 is itself relatively small, the authentication system described above may be deployed on all blockchain nodes 301 in order to ensure safe operation of the blockchain system. For another example, for a federation chain, the authentication system described above can be deployed on all blockchain nodes 301 with reference to a private chain. Also for example, for private chains, since the number of blockchain nodes 301 is itself relatively large, to ensure safe operation of the blockchain system, the authentication system may be deployed on some blockchain nodes 301, e.g., on all blockchain full nodes, and on some blockchain light nodes; alternatively, the authentication system is deployed on a small number of blockchain full nodes, while the authentication system is deployed on all blockchain light nodes.

In this embodiment, the trust evaluation kernel matrix is used to record trust authentication data of the blockchain node 301 to the blockchain node 301, where it should be noted that the authentication kernel 101 may also be used to group the blockchain nodes 301 in the blockchain system, where each group of blockchain nodes 301 records trust authentication data between all blockchain nodes 301 in the group; for the block and the block, one block chain node 301 may be selected from a group of block chain nodes 301 as an external contact node, where the external contact node belongs to another group of block chain nodes 301 at the same time, that is, two groups of block chain nodes 301 have a common block chain node 301, and the number of the common block chain nodes 301 may be one or may be multiple, and the specific number of the common block chain nodes may be flexibly configured according to the requirements of the application scenario. For example, if the blockchain system is a public chain, there is a greater potential for security hazards due to network attacks because of its higher visibility on the internet, and therefore, two groups of blockchain nodes 301 have a common number of blockchain nodes 301. Whereas for private and federated chains, there is less potential for security hazards due to network attacks due to their visibility across the internet, the number of two sets of blockchain nodes 301 having a common blockchain node 301 is one.

Optionally, in one specific embodiment, kernel maintenance module 102 is further configured to swap the trust evaluation kernel matrix onto other blockchain nodes 301 in the blockchain system, the other blockchain nodes 301 being different from the two blockchain nodes 301.

Optionally, in this embodiment, when the kernel maintenance module 102 switches the trust evaluation kernel matrix to other blockchain nodes 301 in the blockchain system, it preferably switches to its neighboring blockchain nodes 301, that is, the other blockchain nodes 301 are neighboring blockchain nodes 301, where the neighboring blockchain nodes 301 may be directly neighboring or indirectly neighboring. When indirectly adjacent, the number of neighbors can be controlled by setting the adjacent step size or the adjacent distance.

Further, when in a blockchain system, if all blockchain nodes 301 therein are grouped into groups, the kernel maintenance module 102 performs the exchange of the trust evaluation core matrix within the same group while exchanging the trust evaluation core matrix onto other blockchain nodes 301 in the blockchain system.

Further, as previously described, when two adjacent sets of blockchain nodes 301 have a common blockchain node 301, the exchange of the trust evaluation core matrix between the two adjacent sets of blockchain nodes 301 may be performed by the common blockchain node 301.

Optionally, in a specific embodiment, the authentication system 10 provided on the internet node further comprises: the network monitoring module is configured to monitor whether communication is performed between two blockchain nodes 301 in the blockchain system, and if so, trigger an authentication system of an opposite end in the two blockchain nodes 301 of the authentication kernel 101 to perform authentication to obtain a trust evaluation kernel matrix.

As described above, in this application, authentication is performed to ensure how the internet node participates in the system operation as a component of the internet system, so that the security operation of the whole system is ensured based on the security of the internet node itself, and therefore, only when two internet nodes have data interaction, such security problem needs to be considered.

Optionally, in one specific embodiment, the network monitoring module is configured to monitor network traffic generated between two blockchain nodes 301 in the blockchain system to monitor whether communication is performed between the two blockchain nodes 301 in the blockchain system.

Optionally, in this embodiment, by monitoring network traffic, it can be quickly monitored whether communication between two blockchain nodes 301 is performed, i.e. whether data interaction between two blockchain nodes 301 is about to occur or is in progress.

Optionally, in a specific embodiment, the network monitoring module monitors the network traffic generated between two blockchain nodes 301 in the blockchain system by means of traffic interception.

Optionally, in this embodiment, by intercepting the network traffic, it can be quickly monitored whether communication is performed between the two blockchain nodes 301, i.e. whether data interaction is about to occur or is in progress between the two blockchain nodes 301.

Optionally, in a specific embodiment, the network monitoring module is further configured to query a trust evaluation core matrix of the authentication system of the opposite end in the two blockchain nodes 301.

Optionally, the communication between the blockchain nodes 301 is monitored through the network monitoring module, and the network monitoring module is used as a channel for performing the trust evaluation core matrix exchange between the two blockchain nodes 301, so that the network architecture of the authentication system is simplified, and the data processing efficiency is improved.

Optionally, in one particular embodiment, communication between two blockchain nodes 301 is initiated based on between upper layer service components.

Optionally, in this embodiment, the communication monitored by the monitoring module is based on the communication between the two blockchain nodes 301 and the last service component, so that accuracy of authentication on the object is ensured, and availability and referential of an authentication result are further ensured when authentication is performed.

Optionally, in a specific embodiment, the kernel maintenance module 102 is further configured to update the trust evaluation kernel matrix between the two blockchain nodes 301 through a decentralized authentication framework.

Optionally, in this embodiment, the decentralized authentication framework may implement decentralization of authentication, so that no third party is required between the two blockchain nodes 301 to perform rapid authentication, thereby ensuring the update speed of the trust evaluation core matrix.

Optionally, in a specific embodiment, the authentication system 10 provided on the internet node further comprises: the virtualization trusted management module is configured to derive a trust evaluation core matrix such that the kernel maintenance module 102 performs an update of the trust evaluation core matrix between the two blockchain nodes 301.

Optionally, in this embodiment, a virtualized trusted management module (VTPMS) may ensure that two blockchain nodes 301 execute quickly when performing the exchange of the trust evaluation core matrix, thereby ensuring that the trust evaluation core matrix on any blockchain node 301 is updated in real time, and ensuring the real-time performance and rapidity of the exchange.

Optionally, in a specific embodiment, an authentication system provided on the internet node acts as a neuron.

Optionally, in a specific embodiment, the kernel maintenance module 102 is further configured to cause the plurality of blockchain nodes 301 that are frequently communicated to form a neuron authentication network in which all neurons share upper-layer service components.

Alternatively, in this embodiment, by making a plurality of blockchain nodes 301 that communicate frequently form a neuronal authentication network and all neurons in the neuronal authentication network share an upper layer service component, there may be a focus on determining an object for which authentication is aimed, so that it is preferable to authenticate only those blockchain nodes 301 that communicate frequently, and thus the implementation efficiency of authentication is ensured with respect to authenticating all blockchain nodes 301 in a blockchain system where communication only occurs.

Optionally, in this embodiment, since the communication behavior between the blockchain nodes 301 is changed in real time, for this reason, the communication frequency is also changed continuously, so the composition of the neuron authentication network is also changed dynamically.

Optionally, in one particular embodiment, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

Alternatively, in this embodiment, the unified interface may be configured on a blockchain node 301 that has higher authority or higher security years of the neuronal authentication network.

Example III

Referring to fig. 3, an embodiment of the present application provides an electronic device 30, including: a memory 301 and a processor 302, the memory 301 having stored thereon computer executable instructions, the processor 302 being configured to execute the computer executable instructions to perform the steps of:

authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating of the trust evaluation core matrix is performed between two blockchain nodes.

Alternatively, in this embodiment, multiple internet nodes may constitute a big data system, such as a blockchain system, such as a federated chain, a private chain, or a public chain; optionally, in this embodiment, the internet node includes a blockchain node, and the blockchain node may be a blockchain light node and a blockchain full node. The block chain full node is a node which has all transaction data of the whole network, and the block chain light node is a node which only has the transaction data related to the block chain light node.

In this embodiment, when a plurality of blockchain nodes form a blockchain system, the authentication system may be deployed on only a part of the blockchain nodes or on all of the blockchain nodes. For example, for private chains, since the number of blockchain nodes is itself relatively small, the authentication system described above may be deployed on all blockchain nodes in order to ensure safe operation of the blockchain system. For another example, for a federation chain, the authentication system described above can be deployed on all blockchain nodes with reference to a private chain. Also, for example, for private chains, since the number of blockchain nodes is relatively large, to ensure safe operation of the blockchain system, the authentication system may be deployed on some blockchain nodes, e.g., on all blockchain full nodes, and on some blockchain light nodes; alternatively, the authentication system is deployed on a small number of blockchain full nodes, while the authentication system is deployed on all blockchain light nodes.

In this embodiment, the trust evaluation kernel matrix is used to record trust authentication data of the blockchain node to the blockchain node, where it should be noted that the blockchain nodes in the blockchain system may be grouped, and each group of blockchain nodes records trust authentication data between all the blockchain link points in the group; for the block chain nodes between the groups, one block chain node can be selected from one group of block chain nodes as an external contact node, and the external contact node simultaneously belongs to the other group of block chain nodes, namely, the two groups of block chain nodes have common block chain nodes, the number of the common block chain nodes can be one or a plurality of the common block chain nodes, and the specific number of the common block chain nodes can be flexibly configured according to the requirements of application scenes. For example, if the blockchain system is a public chain, because of its higher visibility on the internet, there is a greater likelihood of having a security risk from a network attack, and therefore, two groups of blockchain nodes have a common number of blockchain nodes that is multiple. For private and alliance chains, the visibility of the private and alliance chains on the internet is intersected, so that the potential for potential safety hazards caused by network attacks is small, and the number of the two groups of blockchain nodes with the same blockchain node is one.

Optionally, in one particular embodiment, the steps further include swapping the trust evaluation core matrix to other blockchain nodes in the blockchain system that are different from the two blockchain nodes.

Optionally, in this embodiment, when the trust evaluation core matrix is exchanged to another blockchain node in the blockchain system, the trust evaluation core matrix is preferably exchanged to a neighboring blockchain node, that is, the other blockchain node is a neighboring blockchain node, and the neighboring blockchain node may be directly adjacent or indirectly adjacent. When indirectly adjacent, the number of neighbors can be controlled by setting the adjacent step size or the adjacent distance.

Further, when in a blockchain system, if all blockchain nodes in the blockchain system are divided into a plurality of groups, the trust evaluation core matrix is exchanged to other blockchain nodes in the blockchain system, and the exchange of the trust evaluation core matrix is performed in the same group.

Further, as previously described, when two adjacent sets of blockchain nodes have a common blockchain node, the exchange of the trust evaluation core matrix between the two adjacent sets of blockchain nodes may be performed by the common blockchain node.

Optionally, in a specific implementation mode, the method further comprises the step of monitoring whether communication is carried out between two blockchain nodes in the blockchain system, and if so, triggering an authentication system of an opposite end in the two blockchain nodes to authenticate to obtain a trust evaluation core matrix.

As described above, the authentication is performed in the present application to ensure that the Internet node participates in the system operation as a component of the Internet system, so that the security of the whole system is ensured based on the security of the Internet node, and therefore, only when two Internet nodes have data interaction, the security problem needs to be considered.

Optionally, in one particular embodiment, the steps further include monitoring network traffic generated between two blockchain nodes in the blockchain system to monitor whether communications are made between the two blockchain nodes in the blockchain system.

Optionally, in this embodiment, by monitoring network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is in progress between two blockchain nodes may be monitored rapidly.

Optionally, in one embodiment, the steps further comprise monitoring network traffic generated between two blockchain nodes in the blockchain system by way of traffic interception.

Optionally, in this embodiment, by intercepting the network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or whether data interaction is being performed between two blockchain nodes, may be monitored rapidly.

Optionally, in one particular embodiment, the steps further include querying a trust evaluation core matrix of an authentication system of the opposite of the two blockchain nodes.

Optionally, the communication between the blockchain nodes is monitored through the network monitoring module, and the network monitoring module is used as a channel for carrying out the trust evaluation core matrix exchange between the two blockchain nodes, so that the network architecture of the authentication system is simplified, and the data processing efficiency is improved.

Optionally, in one particular embodiment, communication between two blockchain nodes is initiated based on between upper layer service components.

Optionally, in this embodiment, the monitored communication is based on the communication between the two blockchain nodes and the last service component, so that accuracy of authentication on the object is ensured, and availability and referential of an authentication result are further ensured when authentication is performed.

Optionally, in one particular embodiment, the steps further include updating the trust evaluation core matrix between two blockchain nodes through a decentralized authentication framework.

Optionally, in this embodiment, the decentralized authentication framework may implement decentralization of authentication, so that no third party is required between two blockchain nodes to perform rapid authentication, thereby ensuring the update speed of the trust evaluation core matrix.

Optionally, in one particular embodiment, the steps further include deriving a trust evaluation core matrix such that the kernel maintenance module performs an update of the trust evaluation core matrix between the two blockchain nodes.

Optionally, in this embodiment, the trust evaluation core matrix may be derived by a virtual trusted management module (VTPMS), so that the kernel maintenance module updates the trust evaluation core matrix between two blockchain nodes, and the virtual trusted management module (VTPMS) may ensure that the two blockchain nodes perform fast execution when exchanging the trust evaluation core matrix, thereby ensuring that the trust evaluation core matrix on any one blockchain node is updated in real time, and ensuring real-time and fast performance of the exchange.

Optionally, in a specific embodiment, an authentication system provided on the internet node acts as a neuron.

Optionally, in one particular embodiment, the steps further include causing the plurality of blockchain nodes that communicate frequently to form a neuron authentication network in which all neurons share upper layer service components.

Alternatively, in this embodiment, by making a plurality of blockchain nodes that are frequently communicated form a neuronal authentication network and all neurons in the neuronal authentication network share an upper layer service component, an object for which authentication is determined can be focused, so that authentication is preferably performed only on those blockchain nodes that are frequently communicated, and implementation efficiency of authentication is ensured relative to authentication performed on all blockchain nodes that are only required to be communicated in a blockchain system.

Optionally, in this embodiment, since the communication behavior between the blockchain nodes is changed in real time, for this reason, the communication frequency is also changed continuously, so the composition of the neuron authentication network is also changed dynamically.

Optionally, in one particular embodiment, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

Alternatively, in this embodiment, the unified interface may be configured on a blockchain node that has a higher authority or has a higher security annual property of the neuronal authentication network.

Referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application; as shown in fig. 4, the hardware structure of the electronic device may include: a processor 401, a communication interface 402, a memory 403 and a communication bus 404;

wherein the processor 401, the communication interface 402 and the memory 403 complete the communication with each other through the communication bus 404;

alternatively, the communication interface 402 may be an interface of a communication module, such as an interface of a GSM module;

wherein the processor 401 may in particular be configured to run an executable program stored on the memory 403, thereby performing all or part of the processing steps of any of the method embodiments described above.

The processor 401 may be a general-purpose processor including a central processing unit (CentralProcessing Unit, CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The electronic device of the embodiments of the present application exist in a variety of forms including, but not limited to:

(1) Mobile communication devices, which are characterized by mobile communication functionality and are aimed at providing voice, data communication. Such terminals include smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, among others.

(2) Ultra mobile personal computer equipment, which belongs to the category of personal computers, has the functions of calculation and processing and generally has the characteristic of mobile internet surfing. Such terminals include PDA, MID and UMPC devices, etc., such as iPad.

(3) Portable entertainment devices such devices can display and play multimedia content. Such devices include audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.

(4) The server, which is a device for providing computing services, is composed of a processor 710, a hard disk, a memory, a system bus, etc., and is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing power, stability, reliability, security, scalability, manageability, etc.

(4) Other electronic devices with data interaction function.

In the present embodiment, the processor 401 may take the form of, for example, a microprocessor or a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), a programmable logic processor, and an embedded microprocessor, examples of the processor include, but are not limited to, the following microprocessors: ARC 624D, atmel AT91SAM, microchip PIC18F26K20, and SiliconeLabs C8041F320, the memory processor may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to a processor implemented as pure computer readable program code, the same functions may be implemented entirely by logic programming method steps such that the processor is in the form of logic gates, switches, application specific integrated circuits, programmable logic processors, embedded microprocessors, etc. Such a processor may thus be considered as a hardware component, and means for performing the various functions included therein may also be considered as structure within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.

Example IV

Referring to fig. 5, an embodiment of the present application provides a computer storage medium having computer executable instructions stored thereon, which when executed perform the following steps:

authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating of the trust evaluation core matrix is performed between two blockchain nodes.

Alternatively, in this embodiment, multiple internet nodes may constitute a big data system, such as a blockchain system, such as a federated chain, a private chain, or a public chain; optionally, in this embodiment, the internet node includes a blockchain node, and the blockchain node may be a blockchain light node and a blockchain full node. The block chain full node is a node which has all transaction data of the whole network, and the block chain light node is a node which only has the transaction data related to the block chain light node.

In this embodiment, when a plurality of blockchain nodes form a blockchain system, the authentication system may be deployed on only a part of the blockchain nodes or on all of the blockchain nodes. For example, for private chains, since the number of blockchain nodes is itself relatively small, the authentication system described above may be deployed on all blockchain nodes in order to ensure safe operation of the blockchain system. For another example, for a federation chain, the authentication system described above can be deployed on all blockchain nodes with reference to a private chain. Also, for example, for private chains, since the number of blockchain nodes is relatively large, to ensure safe operation of the blockchain system, the authentication system may be deployed on some blockchain nodes, e.g., on all blockchain full nodes, and on some blockchain light nodes; alternatively, the authentication system is deployed on a small number of blockchain full nodes, while the authentication system is deployed on all blockchain light nodes.

In this embodiment, the trust evaluation kernel matrix is used to record trust authentication data of the blockchain node to the blockchain node, where it should be noted that the blockchain nodes in the blockchain system may be grouped, and each group of blockchain nodes records trust authentication data between all the blockchain link points in the group; for the block chain nodes between the groups, one block chain node can be selected from one group of block chain nodes as an external contact node, and the external contact node simultaneously belongs to the other group of block chain nodes, namely, the two groups of block chain nodes have common block chain nodes, the number of the common block chain nodes can be one or a plurality of the common block chain nodes, and the specific number of the common block chain nodes can be flexibly configured according to the requirements of application scenes. For example, if the blockchain system is a public chain, because of its higher visibility on the internet, there is a greater likelihood of having a security risk from a network attack, and therefore, two groups of blockchain nodes have a common number of blockchain nodes that is multiple. For private and alliance chains, the visibility of the private and alliance chains on the internet is intersected, so that the potential for potential safety hazards caused by network attacks is small, and the number of the two groups of blockchain nodes with the same blockchain node is one.

Optionally, in one particular embodiment, the steps further include swapping the trust evaluation core matrix to other blockchain nodes in the blockchain system that are different from the two blockchain nodes.

Optionally, in this embodiment, when the trust evaluation core matrix is exchanged to another blockchain node in the blockchain system, the trust evaluation core matrix is preferably exchanged to a neighboring blockchain node, that is, the other blockchain node is a neighboring blockchain node, and the neighboring blockchain node may be directly adjacent or indirectly adjacent. When indirectly adjacent, the number of neighbors can be controlled by setting the adjacent step size or the adjacent distance.

Further, when in a blockchain system, if all blockchain nodes in the blockchain system are divided into a plurality of groups, the trust evaluation core matrix is exchanged to other blockchain nodes in the blockchain system, and the exchange of the trust evaluation core matrix is performed in the same group.

Further, as previously described, when two adjacent sets of blockchain nodes have a common blockchain node, the exchange of the trust evaluation core matrix between the two adjacent sets of blockchain nodes may be performed by the common blockchain node.

Optionally, in a specific implementation mode, the method further comprises the step of monitoring whether communication is carried out between two blockchain nodes in the blockchain system, and if so, triggering an authentication system of an opposite end in the two blockchain nodes to authenticate to obtain a trust evaluation core matrix.

As described above, the authentication is performed in the present application to ensure that the Internet node participates in the system operation as a component of the Internet system, so that the security of the whole system is ensured based on the security of the Internet node, and therefore, only when two Internet nodes have data interaction, the security problem needs to be considered.

Optionally, in one particular embodiment, the steps further include monitoring network traffic generated between two blockchain nodes in the blockchain system to monitor whether communications are made between the two blockchain nodes in the blockchain system.

Optionally, in this embodiment, by monitoring network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is in progress between two blockchain nodes may be monitored rapidly.

Optionally, in one embodiment, the steps further comprise monitoring network traffic generated between two blockchain nodes in the blockchain system by way of traffic interception.

Optionally, in this embodiment, by intercepting the network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or whether data interaction is being performed between two blockchain nodes, may be monitored rapidly.

Optionally, in one particular embodiment, the steps further include querying a trust evaluation core matrix of an authentication system of the opposite of the two blockchain nodes.

Optionally, the communication between the blockchain nodes is monitored through the network monitoring module, and the network monitoring module is used as a channel for carrying out the trust evaluation core matrix exchange between the two blockchain nodes, so that the network architecture of the authentication system is simplified, and the data processing efficiency is improved.

Optionally, in one particular embodiment, communication between two blockchain nodes is initiated based on between upper layer service components.

Optionally, in this embodiment, the monitored communication is based on the communication between the two blockchain nodes and the last service component, so that accuracy of authentication on the object is ensured, and availability and referential of an authentication result are further ensured when authentication is performed.

Optionally, in one particular embodiment, the steps further include updating the trust evaluation core matrix between two blockchain nodes through a decentralized authentication framework.

Optionally, in this embodiment, the decentralized authentication framework may implement decentralization of authentication, so that no third party is required between two blockchain nodes to perform rapid authentication, thereby ensuring the update speed of the trust evaluation core matrix.

Optionally, in one particular embodiment, the steps further include deriving a trust evaluation core matrix such that the kernel maintenance module performs an update of the trust evaluation core matrix between the two blockchain nodes.

Optionally, in this embodiment, the trust evaluation core matrix may be derived by a virtual trusted management module (VTPMS), so that the kernel maintenance module updates the trust evaluation core matrix between two blockchain nodes, and the virtual trusted management module (VTPMS) may ensure that the two blockchain nodes perform fast execution when exchanging the trust evaluation core matrix, thereby ensuring that the trust evaluation core matrix on any one blockchain node is updated in real time, and ensuring real-time and fast performance of the exchange.

Optionally, in a specific embodiment, an authentication system provided on the internet node acts as a neuron.

Optionally, in one particular embodiment, the steps further include causing the plurality of blockchain nodes that communicate frequently to form a neuron authentication network in which all neurons share upper layer service components.

Alternatively, in this embodiment, by making a plurality of blockchain nodes that are frequently communicated form a neuronal authentication network and all neurons in the neuronal authentication network share an upper layer service component, an object for which authentication is determined can be focused, so that authentication is preferably performed only on those blockchain nodes that are frequently communicated, and implementation efficiency of authentication is ensured relative to authentication performed on all blockchain nodes that are only required to be communicated in a blockchain system.

Optionally, in this embodiment, since the communication behavior between the blockchain nodes is changed in real time, for this reason, the communication frequency is also changed continuously, so the composition of the neuron authentication network is also changed dynamically.

Optionally, in one particular embodiment, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

Alternatively, in this embodiment, the unified interface may be configured on a blockchain node that has a higher authority or has a higher security annual property of the neuronal authentication network.

The application discloses an authentication system, a blockchain system and related products which are arranged on an internet node, wherein the authentication system arranged on the internet node is deployed on a blockchain node in the blockchain system; an authentication system provided on an internet node includes: authenticating the kernel and a kernel maintenance module; the authentication kernel is used for authenticating an authentication system of the opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes. The authentication system, the blockchain system and the related products arranged on the Internet node can effectively simplify the authentication process of the blockchain node and improve the authentication efficiency of the blockchain node.

In addition, computer storage media, including both permanent and non-permanent, removable and non-removable media, may be implemented in any method or technology for storage of information. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer storage media, as defined herein, does not include transitory computer readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular transactions or implement particular abstract data types. The application may also be practiced in distributed computing environments where transactions are performed by remote processing devices that are connected through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, with reference to the description of the method embodiments in part. The above-described embodiments of the apparatus and system are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the components illustrated as modules may or may not be physical, i.e., may be located in one place, or may be distributed over multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

The foregoing is merely one specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An authentication system provided on an internet node, wherein the authentication system provided on the internet node is deployed on a blockchain node in a blockchain system;

the authentication system provided on the internet node includes: authenticating the kernel and a kernel maintenance module;

the authentication kernel is used for authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes;

the authentication kernel is further configured to group blockchain nodes in the blockchain system, where each group of blockchain nodes records trust authentication data between all blockchain link points in the group, and the trust evaluation kernel is configured to record trust authentication data of the blockchain node to the blockchain node;

and selecting at least one blockchain node from one group of blockchain nodes among the blockchain node groups as an external contact node, wherein the external contact node simultaneously belongs to another group of blockchain nodes.

2. The authentication system of claim 1, wherein the kernel maintenance module is further configured to swap the trust evaluation kernel matrix to other blockchain nodes in the blockchain system, the other blockchain nodes being different from the two blockchain nodes.

3. The authentication system disposed on an internet node of claim 1, wherein the authentication system disposed on an internet node further comprises: and the network monitoring module is used for monitoring whether communication is carried out between the two blockchain nodes in the blockchain system, and if so, triggering the authentication system of the opposite end in the two blockchain nodes of the authentication kernel to authenticate so as to obtain the trust evaluation core matrix.

4. The authentication system of claim 3, wherein the network monitoring module is configured to monitor network traffic generated between the two blockchain nodes in the blockchain system to monitor whether communication is performed between the two blockchain nodes in the blockchain system.

5. An authentication system provided at an internet node according to any of claims 1-4, wherein an authentication system provided at the internet node acts as a neuron.

6. The authentication system of claim 5, wherein the kernel maintenance module is further configured to cause a plurality of blockchain nodes that communicate frequently to form a neuron authentication network in which all neurons share upper layer service components.

7. The authentication system of claim 6, wherein the neuronal authentication network has a unified interface for providing proof of interaction services hosted between the neurons in the neuronal authentication network.

8. A blockchain system, comprising: a plurality of blockchain nodes, each blockchain node having disposed thereon an authentication system disposed on an internet node, comprising:

authenticating the kernel and a kernel maintenance module;

the authentication kernel is used for authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation kernel matrix, and storing the trust evaluation kernel matrix; the kernel maintenance module is used for updating the trust evaluation kernel matrix between the two blockchain nodes;

the authentication kernel is further configured to group blockchain nodes in the blockchain system, where each group of blockchain nodes records trust authentication data between all blockchain link points in the group, and the trust evaluation kernel is configured to record trust authentication data of the blockchain node to the blockchain node;

And selecting at least one blockchain node from one group of blockchain nodes among the blockchain node groups as an external contact node, wherein the external contact node simultaneously belongs to another group of blockchain nodes.

9. An electronic device, comprising: a memory having stored thereon computer executable instructions for executing the computer executable instructions to perform the steps of:

authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating the trust evaluation core matrix between the two blockchain nodes;

grouping the blockchain nodes in the blockchain system, wherein each group of blockchain nodes records trust authentication data among all blockchain link points in the group, and the trust evaluation core matrix is used for recording the trust authentication data of the blockchain nodes to the blockchain nodes;

and selecting at least one blockchain node from one group of blockchain nodes among the blockchain node groups as an external contact node, wherein the external contact node simultaneously belongs to another group of blockchain nodes.

10. A computer storage medium having stored thereon computer executable instructions that when executed perform the steps of:

authenticating an authentication system of an opposite terminal when two blockchain nodes communicate to obtain a trust evaluation core matrix, and storing the trust evaluation core matrix;

updating the trust evaluation core matrix between the two blockchain nodes;

grouping the blockchain nodes in the blockchain system, wherein each group of blockchain nodes records trust authentication data among all blockchain link points in the group, and the trust evaluation core matrix is used for recording the trust authentication data of the blockchain nodes to the blockchain nodes;

and selecting at least one blockchain node from one group of blockchain nodes among the blockchain node groups as an external contact node, wherein the external contact node simultaneously belongs to another group of blockchain nodes.

Images