Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the invention provides an intelligent contract supply chain trusted service method based on a block chain. Fig. 1 is a flow chart of a block chain-based intelligent contract supply chain trusted service method according to an embodiment of the present invention.
The invention realizes safe storage of confidential information and protection of data privacy in a block chain-based supply chain trusted account book system. Encryption techniques are used to ensure that only authorized parties can view confidential information stored in the blockchain, thereby allowing any number of nodes to participate in the blockchain regardless of the respective permissions of the nodes. Each node of the blockchain protects its own copy of the distributed ledger. Private data associated with one node is stored on a plurality of other nodes of the blockchain, but only nodes with corresponding permissions are provided with tokens to decrypt the personal data.
When a new block is established, the generated hash value and the random number are used as the input of a password puzzle, and the new block is verified by solving the password puzzle. And the block generation node utilizes the hash value and circularly changes the value of the random number until the token of the difficult problem is obtained. When a token for a cryptographic puzzle is found, the chunk-generating node issues the token, and then the other nodes verify whether the token is the correct token.
Since the token depends on the particular hash value of each transaction within the blockchain, the token will not be verified by other nodes when the blockgenerating node attempts to modify any transaction.
In particular, if a single node attempts to modify a previous transaction within a blockchain, a combination of different hash values is generated. The tokens generated by the modifying nodes cannot solve the cryptographic puzzle for any node that is not modified. Thus, versions of new tiles generated by the modification node may be identified as including illegal modifications and consistently rejected. The inability to modify the characteristics of past transactions has resulted in blockchains being trusted and secure.
The method disclosed by the invention executes the distributed consensus action through the intelligent contract. The smart contract includes a plurality of trigger conditions that correspond to a plurality of actions when the trigger conditions are satisfied. For some smart contracts, it is determined to perform one of a plurality of actions based on a plurality of decision conditions. The supply chain nodes subscribe to a plurality of data streams, including data streams that are associated with trigger conditions or decision conditions. The supply chain nodes route data flows to the intelligent contracts, which enable the intelligent contracts to detect the occurrence of trigger conditions or analyze decision conditions to direct the nodes to perform a number of actions.
Wherein the act of accessing personal data is controlled by creating an intelligent contract. When creating the smart contract, the supervising node uses any of a variety of asymmetric public key encryption techniques. Personal data associated with the smart contract can only be stored in the distributed ledger after being encrypted using the public key of the smart contract for the first time. The supervising node ensures that only authorized nodes receive the private key of the intelligent contract. Only the party with the private key of the smart contract can decrypt the personal data.
To prevent spoofing authorized nodes to gain access to private information, the supervisory node generates a public and private key pair for a node when the node joins the blockchain. The public keys of the nodes are stored in a public key dictionary, allowing all nodes of the blockchain to have access. When the node sends a message to another node of the blockchain, the node includes a watermark signature encrypted using the private key of the node.
When the second node receives a message from the node, the second node retrieves the public key corresponding to the originating node indicated by the message. The second node decrypts the watermark signature using the public key to verify whether the message was sent by the indicated sender. Because the spoofed node does not have access to the private key of the node, the second node cannot use the public key of the node to decrypt the watermark signature applied by the spoofed node. It is easy for the second node to detect the counterfeiter and to mask the message.
The personal data is stored in the distributed ledger after being encrypted by using the public key of the intelligent contract, and the method further comprises the following steps:
establishing an original mapping table UE, wherein the original mapping table stores the mapping from a source offset to a target offset; initializing the original mapping table into a key mapping table LP by using an intelligent contract public key; converting an input code word sequence into a plaintext of an offset sequence according to a predefined relation table NW of code words and offsets; mapping the offset sequence plaintext by using a key mapping table LP to obtain a ciphertext of the offset sequence; and reversely searching the code word and offset relation table NW, and converting the offset ciphertext sequence into a code word sequence ciphertext. Wherein the original mapping table UE comprises N randomly generated original mapping tables UE1-UEN。
The key mapping table LP1-LPNEstablished by the following procedure: for the i =1 original mapping table; obtainingJ =1 bit of the key, and calculating offset of the j bit; increasing the offset of the jth bit from the jth bit of the original mapping table, then obtaining the jth +1 bit of the key, and repeating the above processing until all key bits are processed; get the ith key mapping table LPiAnd repeatedly acquiring the (i + 1) th original mapping table until i = N, namely all the key mapping tables LP are initialized.
Wherein the mapping is achieved by: mapping all other bits of the offset sequence plaintext by taking the epsilon =1 bit as a starting point, and summing the epsilon offset and a modulo Z to obtain a mapping result to obtain the epsilon bit of the offset sequence ciphertext, wherein Z is the number of code words in the code word and offset relation table; mapping all other bits of the offset sequence plaintext by taking the m = lth bit as a reference, wherein lth is the length of the offset sequence plaintext, and the mth bit of the offset sequence ciphertext is obtained by summing the mth bit and the offset of the mth bit and taking a modulus Z as a mapping result; ε is increased by 1, m is decreased by 1 and the above steps are repeated until ε ≧ m.
Through the key mapping table and the offset-based public key encryption, the key management process is simplified, and the efficiency of encrypting and storing personal data in a distributed account book for searching is greatly improved.
In the supply chain trusted ledger system of the present invention, each node maintains a copy of the distributed ledger and updates its copy of the distributed ledger as changes are made to the distributed ledger. When a certain operation node (denoted as node a) generates a transaction T, the transaction T uses data stored in the distributed ledger or uses data received by the node from outside the distributed ledger. Node a transmits the generated transaction to the supervisory node, denoted as node C, through the supply chain network.
The node C receives the transaction T and confirms that the information of the transaction T is correct. If the information contained in transaction T is incorrect, node C rejects the transaction and does not propagate transaction T. If the information contained in the transaction T is correct, node C may transmit the transaction T to its neighbor's verifying node B. Similarly, node B receives transaction T and either confirms or denies transaction T until all nodes in the network have received transaction T. Any node adds the confirmed transaction T to its own copy of the distributed ledger or to a transaction block stored in the distributed ledger.
In some embodiments, validating the transaction includes checking a cryptographic token pair of a participant involved in the transaction.
When the node C confirms that the transaction T is valid, the node adds the transaction to the newly generated block. As part of adding transaction T to the new block, node C solves the cryptographic puzzle and includes a token of the cryptographic puzzle in the new block. Or add transaction T to the transaction pool until there are enough transactions that can be stacked to create a block. Node C adds the new block to its copy of the block chain. After receiving the newly created chunk at node C, node B verifies that the new chunk of the transaction is valid by checking the token for the cryptographic puzzle provided in the new chunk. If the token is correct, the node B may add the new block to its own blockchain and send the new block to the full network.
When the blockchain monitoring node routes the transaction to a specific intelligent contract, identity information of the transaction is extracted, the identity information is utilized to query a plurality of intelligent contracts, and the intelligent contract matched with the identity information is determined. The blockchain supervisory node then indicates an action to execute the matched intelligent contract. For example, a particular smart contract indicates in response to a status indicating that a funds transfer needs to occur.
After receiving the new intelligent contract, the blockchain supervisory node generates a public-private key pair for the new intelligent contract. The blockchain supervisory node stores the newly generated public key of the new intelligent contract in the public key dictionary or issues the public key of the new intelligent contract to the blockchain by generating a new transaction associating the new intelligent contract with its public key. Thus, each node has access to the public key of the new intelligent contract.
The blockchain supervisory node then encrypts data associated with the intelligent contract using the public key of the intelligent contract. By encrypting the data using the public key of the smart contract, only the nodes that possess the private key of the smart contract can decrypt the data. Thus, the blockchain supervising node sends the private key only to nodes that are authorized to view the data. In one case, the blockchain supervisory node receives the personal data after receiving the new intelligent contract.
The blockchain supervisory node then generates a transaction that includes the encrypted data. In particular, the blockchain supervisory node includes the encrypted data in transaction information for the transaction. The identity information in the transaction information remains unencrypted to indicate which encryption token to apply to decrypt the transaction information. In some embodiments, the blockchain supervisory node includes the watermark signature in the transaction. The watermark signature is based on a private key of the blockchain supervisory node.
Optionally, the blockchain monitoring node encodes the transaction into a new block of the blockchain. The chunk and the token of the corresponding cryptographic puzzle may then be transmitted to a plurality of nodes of the blockchain. The multiple nodes then verify the token of the cryptographic puzzle and form a consensus that new blocks are added to the chain of blocks.
The new intelligent contract is associated with the document store when the supply chain node sends a request to the blockchain supervisory node to gain access to data associated with the new intelligent contract. Thus, the new smart contract indicates the date of storage of the document. When the new intelligent contract detects that the current date is a submission date, the new intelligent contract requests the blockchain supervisory node to provide access to the document.
Wherein the blockchain supervisory node verifies in advance whether the request is a valid request. Such as a blockchain supervisory node, queries a permission database to determine a plurality of permissions associated with the requesting supply chain node in an attempt to verify whether the sender of the request is the legitimate party for sending the request. If the requesting supply chain node does not have sufficient permissions to grant access to the data associated with the new intelligent contract, the blockchain supervisory node masks the request.
Similarly, the blockchain supervisory node may also verify whether the supply chain node has permission to access data associated with the new intelligent contract. Thus, the blockchain supervisory node queries the permission database to determine the access level associated with the supply chain nexus. If the supply chain node does not have sufficient permission to receive access to the data associated with the new intelligent contract, the blockchain supervisor node masks the request.
In the event that the requesting supply chain node includes a watermark signature in the request, the blockchain supervisory node further verifies the authenticity of the watermark signature. The blockchain supervisory node extracts the identity of the requesting supply chain node from the request to retrieve the public key of the requesting supply chain node from the public key dictionary. The blockchain supervisory node decrypts the watermark signature using the public key of the requesting supply chain node. If the decrypted watermark signature does not match the expected value, the blockchain supervisory node masks the request.
After the request is authenticated, the blockchain supervisory node sends the private key of the new intelligent contract to the supply chain node. The blockchain supervisor node transmits the private key of the new intelligent contract outside or within the blockchain. Prior to this, the blockchain supervisory node encrypts the private key of the new intelligent contract using the public key of the supply chain node.
The blockchain supervisory node retrieves the public key of the supply chain node from the public key dictionary or an instruction that the requesting supply chain node includes the public key of the supply chain node in the request. By encrypting the private key of the new intelligent contract using the public key of the supply chain node, only the supply chain node can decrypt the token to access data associated with the new intelligent contract.
The blockchain supervisory node then generates a transaction that includes the encrypted private key of the new smart contract. In some embodiments, the blockchain supervisory node includes the watermark signature in the transaction. The transaction may then be encoded into a new tile of the blockchain. The blockchain supervisory node then transmits the block and a token of the corresponding cryptographic puzzle to a plurality of supply chain nodes of the blockchain. The multiple nodes then verify the token of the cryptographic puzzle and form a consensus that new blocks are added to the chain of blocks.
When the supervising node detects that a new intelligent contract has been created, it may also associate a predefined policy with the intelligent contract, then generate a public-private key pair for the intelligent contract, and store the public key of the new intelligent contract in a public key dictionary. The supervising node encrypts policy data associated with the intelligent contract using the public key of the new intelligent contract. For example, the policy data may include raw material order data. When the supply chain flow changes, if the supervision node receives the additional policy data, encrypting the additional policy data in real time by using a private key of a new intelligent contract.
The monitoring node then encodes policy data associated with the intelligent contract into a first block of a block chain. Wherein the encrypted policy data is written into the transaction, in one embodiment the supervisory node associates the encrypted policy data with a watermark signature encrypted with the supervisory node's private key. When the transaction is written to a block, other transactions may also be encoded into the block.
The monitoring node distributes the first block to a plurality of nodes of a block chain. The plurality of nodes respectively attempt to solve a cryptographic puzzle based on the header of the first block and the random number. When a node solves a cryptographic puzzle, the node passes the token to other nodes to verify the token. If more than a threshold percentage of nodes verify the token, indicating a consensus that the first chunk is added to the chunk chain.
After the first block passes the consensus, the supervisory node detects providing to contract nodes of the block chain an access request for policy data associated with the new intelligent contract. The contract node is associated with a particular feature associated with a policy. In one embodiment, the supervisory node generates the access request in response to an indication of the new smart contract itself. In addition, another node of the blockchain may also send a request to the supervising node to provide access to the policy data.
Wherein the supervisory node validates the access request to provide access to the policy data. The validation includes determining a permission level associated with the node sending the request or the contracting node receiving the access. If the node is not associated with the correct permission level, the supervising node masks the request. When the request further includes a watermark signature associated with the sending node, the supervising node attempts to decrypt the watermark signature using the public key of the sending node. If the supervising node cannot decrypt the watermark signature, the request is masked.
If the node is associated with the correct permission level, the supervisory node generates a transaction indicating the contract node receiving access to the policy data and the private key of the new intelligent contract. The supervising node encrypts the private key of the new intelligent contract using the public key of the contract node before including the private key of the new intelligent contract in the transaction. In one embodiment, the supervisory node may also include a watermark signature based on the supervisory node private key in the transaction.
The supervisory node then encodes the transaction including the private key of the new smart contract into a second block of the blockchain. In some embodiments, the second block is the same as the first block. The supervisory node distributes the second block to a plurality of nodes of the blockchain. The plurality of nodes respectively attempt to solve the cryptographic puzzle based on the header of the second block and the random number. When a node solves a cryptographic puzzle, the node passes the token to other nodes to verify the token. If more than a threshold percentage of nodes verify the token, this indicates that a second chunk is added to the consensus of the chunk chain.
For access management of the plurality of intelligent contracts, the method of the present invention stores the plurality of intelligent contracts in a blockchain infrastructure applied to the supply chain and accesses the intelligent contracts via a plurality of application interfaces, inputs data to and retrieves data from the particular intelligent contract of the given participant; generating a model representing a trade order for a given participant based on the plurality of intelligent contract data; the particular intelligent contract for each participant is updated throughout the life cycle of the respective participant.
Wherein the intelligent contracts are individually assigned to specific participants; wherein the plurality of participants includes at least an embedded client for providing the participant's transaction data to the plurality of application interfaces.
In order to improve the defect that the consistency of the distributed ledger address cannot be guaranteed during the token creation in the prior art, before the token of the cryptogra phic puzzle is provided for the supply chain node, the method further comprises a token creation process, specifically:
providing a first predefined key pair comprising a first symmetric public key and a corresponding first symmetric private key, wherein the first symmetric private key corresponds to a first public key associated with a distributed ledger address; and wherein the first symmetric private key is stored at a first verification node connected to the distributed public transaction ledger through the internet;
providing a second predefined key pair comprising a second symmetric public key and a corresponding second symmetric private key, wherein the second symmetric private key corresponds to a second public key associated with the distributed ledger address; and wherein the second symmetric private key is stored at a second authentication node, the second authentication node being physically separate from the first authentication node;
providing corresponding smart contract instructions for the token, the smart contract instructions being associated with a first contract address of a distributed ledger address, wherein the smart contract instructions include creation of the token, diversion of the token, destruction of the token, authorization instructions for a first predefined key pair; and an authorization instruction for a second predefined key pair;
receiving, by a supply chain trusted ledger system, a license acquisition request for acquiring a license of a second combination through a first combination of tokens, wherein the license acquisition request is from a requesting user having a first compute node key pair, including a first compute node public key and a corresponding first compute node private key;
transferring the first combination of tokens to a first public address: generating, by the supply chain trusted ledger system, a first instruction from the first public address to the contract address to obtain a first combined set of tokens to transfer the first combined set to the first public address; sending a first instruction from a supply chain trusted ledger system to a first operational node; signing, by a first verification node, a first instruction using the first symmetric private key to generate a first signed instruction; sending a first signature instruction from a first verification node to a token system; sending a first signature instruction from the token system to a plurality of verifying nodes; wherein the first signature instructions are executed by the plurality of verification nodes according to the first contract instructions; the first combination of tokens that has been obtained is confirmed by the supply chain trusted ledger system and transferred to the first public address based on a reference to the blockchain.
Optionally, the method further comprises providing a third predefined key pair comprising a third symmetric public key and a corresponding third symmetric private key; wherein the third symmetric private key is stored on a third authentication node that is physically separate from the first authentication node and the second authentication node; and wherein the smart contract instructions further comprise: authorization instructions for a third predefined key pair; transferring the third combination of tokens to the second public address: generating, by the supply chain trusted ledger system, a third instruction from the third public address to the first contract address to obtain a third combination of tokens and transferring the third combination to the second public address; transmitting a third instruction to a third authentication node; signing, by the third verification node, the third instruction using a third symmetric private key to generate a third signed instruction; wherein the plurality of verification nodes execute the third signature according to the first contract instructions.
In summary, the invention provides an intelligent contract supply chain trusted service method based on a block chain, which is based on an intelligent contract mechanism and realizes access of a single node to confidential transaction information stored in the block chain through authorization control on the basis of maintaining the block chain openness, thereby effectively realizing trusted data privacy protection of the supply chain.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.