CN113221166A - Method and device for acquiring block chain data, electronic equipment and storage medium - Google Patents
Method and device for acquiring block chain data, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113221166A CN113221166A CN202110513055.2A CN202110513055A CN113221166A CN 113221166 A CN113221166 A CN 113221166A CN 202110513055 A CN202110513055 A CN 202110513055A CN 113221166 A CN113221166 A CN 113221166A
- Authority
- CN
- China
- Prior art keywords
- service program
- data
- predictive
- trusted
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 56
- 238000004458 analytical method Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 41
- 230000008569 process Effects 0.000 description 15
- 238000005516 engineering process Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000036961 partial effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004873 anchoring Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
One or more embodiments of the present specification provide a method, an apparatus, an electronic device, and a storage medium for obtaining blockchain data, where the method is applied to a first trusted computing node, and a trusted application runs in a first trusted execution environment deployed by the first trusted computing node, and the method includes: obtaining a remote authentication report for a predictive-machine service program, wherein the predictive-machine service program runs in a second trusted execution environment; under the condition that the prediction machine service program is determined to be credible according to the remote authentication report, sending a block chain data query request acquired from the credible application to the prediction machine service program so that the prediction machine service program can respond to the block chain data query request to acquire block data on a target block chain; and receiving the block data returned by the language predicting machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the signature verification of the digital signature is successful through the public key corresponding to the language predicting machine service program.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of blockchain technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for obtaining blockchain data.
Background
In the related art, in order to ensure the security of the Trusted application running in the TEE (Trusted Execution Environment) at the operating system level, a system call interface such as a network call interface is not generally provided, which results in that the Trusted application in the TEE cannot securely access and acquire the related data on the blockchain.
Disclosure of Invention
In view of the above, one or more embodiments of the present specification provide a method, an apparatus, an electronic device, and a storage medium for acquiring blockchain data.
To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, there is provided a method for obtaining blockchain data, the method being applied to a first trusted computing node, the first trusted computing node being deployed with a trusted application running in a first trusted execution environment, the method including:
obtaining a remote authentication report for a predictive-machine service program, the predictive-machine service program running in a second trusted execution environment;
under the condition that the prediction machine service program is determined to be credible according to the remote authentication report, sending a block chain data query request acquired from the credible application to the prediction machine service program so that the prediction machine service program can respond to the block chain data query request to acquire block data on a target block chain;
and receiving the block data returned by the language predictive machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the signature verification of the digital signature is successful through a public key corresponding to the language predictive machine service program.
According to a second aspect of one or more embodiments of the present specification, there is provided an apparatus for obtaining blockchain data, the apparatus being applied to a first trusted computing node, the first trusted computing node being deployed with a trusted application running in a first trusted execution environment, the apparatus including:
a report acquisition unit, configured to acquire a remote authentication report for a predictive-machine service program, where the predictive-machine service program runs in a second trusted execution environment;
a request sending unit, configured to send, to the talker server, a blockchain data query request obtained from the trusted application, in a case where it is determined that the talker server is trusted according to the remote authentication report, so that the talker server obtains blockchain data on a target blockchain in response to the blockchain data query request;
and the data receiving unit is used for receiving the block data returned by the language prediction machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the digital signature is successfully verified through the public key corresponding to the language prediction machine service program.
According to a third aspect of one or more embodiments of the present specification, there is provided an electronic apparatus including:
a processor; a memory for storing processor-executable instructions; the processor executes the executable instructions to implement the steps of the method for acquiring the blockchain data.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a computer-readable storage medium having stored thereon executable instructions; wherein the instructions, when executed by the processor, implement the steps of the method for obtaining blockchain data.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic diagram of a network environment related to a block chain provided in the present specification.
Fig. 2 is a diagram of a network architecture provided by the present specification in accordance with an exemplary embodiment.
Fig. 3 is a flowchart of a method for acquiring blockchain data according to an exemplary embodiment of the present disclosure.
Fig. 4 is an interaction flow diagram of a method for acquiring blockchain data according to an exemplary embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of an apparatus according to an exemplary embodiment.
Fig. 6 is a block diagram of an apparatus for acquiring blockchain data according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating a network environment related to a blockchain according to the present disclosure.
In a network environment as shown in fig. 1, may include a client-side computing device 101, a server-side 102, and at least one blockchain system; such as blockchain system 103, blockchain system 104, and blockchain system 105.
In one embodiment, the client-side computing device 101, may include a variety of different types of client-side computing devices; for example, the client side terminal device may include devices such as a PC terminal device, a mobile terminal device, an internet of things device, and other forms of smart devices with certain computing capabilities, and so on.
In one embodiment, at least a portion of the computing devices in the client-side terminal device 101 may be connected to the server-side 102 through various communication networks; for example, the device 1 and the device 2 shown in fig. 1 are connected to the server side 102.
It is understood that some terminal devices in the client-side terminal device 101 may not be connected to the server-side terminal device 102, but may be directly connected to the blockchain system as blockchain nodes through various communication networks; for example, the apparatus 4 shown in fig. 1 may be connected as a blockchain link point to a blockchain system.
Wherein, the communication network may comprise a wired and/or wireless communication network; for example, the Network may be a Local Area Network (LAN), a Wide Area Network (WAN), the internet, or a combination thereof, implemented based on a wired access Network or a wireless access Network provided by an operator, such as a mobile cellular Network.
In one embodiment, the client-side computing device 101, may also include one or more user-side servers; such as the device 5 shown in fig. 1. At least a part of the computing devices in the client-side terminal device 101 may be connected to the user-side server, and the user-side server may further be connected to the server 102; for example, the devices 1 and 2 shown in fig. 1 are connected to the device 5, and the device 5 is further connected to the server side 102.
In an embodiment, the user-side server may be implemented by a service entity that establishes a user account system; the service entity may include an operation entity providing various service bearers for online and/or offline services to a user;
the service carrier may include a service carrier in a software form, and may also include a service carrier in a hardware form.
In one embodiment, the service carrier may include various client software providing online internet services; such as a website, web page, APP, etc.
In an embodiment, the service carrier may also include various intelligent devices deployed offline and capable of providing offline services; for example, intelligent express cabinets are deployed in residential areas, office areas, and public places.
Correspondingly, the operation entity may include an operator corresponding to the service bearer; for example, the operation entity may include an individual, an organization, a company, an enterprise, and the like that operate and manage the service carrier.
In one embodiment, the server side 102 may also be connected to one or more blockchain systems through various communication networks; for example, the server side 102 shown in fig. 1 may be connected to the blockchain system 103, the blockchain system 104, and the blockchain system 105, respectively, and so on.
In one embodiment, each blockchain system may maintain one or more blockchains (e.g., public blockchains, private blockchains, federation blockchains, etc.) and include a plurality of blockchain nodes for carrying the one or more blockchains; for example, a block chain node 1, a block link point 2, a block link point 3, a block link point 4, a block link point i, etc., as shown in fig. 1, may collectively carry one or more block chains. And cross-chain data access can be performed among the blockchains contained in each blockchain system and among the blockchain systems.
In one embodiment, the block link points may include full nodes and light nodes. The whole node can download the blockchain transaction contained in each block in the blockchain in a whole amount, and can perform consensus verification on the blockchain transaction contained in each blockchain according to the carried blockchain consensus algorithm.
And the light node may not download the complete blockchain, but may only download the data of the block header of each block in the blockchain, and use the data contained in the block header as a verification root for verifying the authenticity of the blockchain transaction. Light nodes may attach to full nodes to access more functions of the blockchain.
For example, each blockchain node in the blockchain system 103 shown in fig. 1 may be a full node; the device 4 shown in fig. 1, which is directly connected to the blockchain system, may be attached to each full node in the blockchain system 103 as a light node.
In one embodiment, a block link point may be a physical device, or may be a virtual device implemented in a server or a server cluster;
for example, the block-node device may be a physical host in a server cluster, or may be a virtual machine created after a virtualization technology is performed on a server or a hardware resource carried by the server cluster. Each blockchain node can be connected together by various types of communication methods (such as TCP/IP) to form a network so as to carry one or more blockchains.
In one embodiment, the server 102 may include a BaaS platform (also referred to as a BaaS cloud) for providing a Blockchain as a Service (BaaS). The BaaS platform can provide a pre-programmed software mode for activities (such as subscription and notification, user verification, database management and remote updating) occurring on a block chain, provides simple and easy-to-use block chain service which is deployed by one key, fast in verification and flexible and customizable for client-side computing equipment connected with the BaaS platform, and further can accelerate the development, test and online of block chain service application and assist the landing of block chain business application scenes of various industries.
For example, in one example, a BaaS platform may provide software such as MQ (Message Queue) services; the client-side computing equipment connected with the BaaS platform can subscribe an intelligent contract deployed on a certain block chain in a block chain system connected with the BaaS platform and trigger a contract event generated on the block chain after execution; and the BaaS platform can monitor the event generated on the block chain after the intelligent contract is triggered to execute, and then add the contract event into the message queue in the form of notification message based on the software related to MQ service, so that the client-side computing device subscribing the message queue can obtain the notification related to the contract event.
In one embodiment, the BaaS platform may also provide enterprise-level platform services based on blockchain technology to help enterprise-level customers construct a secure and stable blockchain environment and easily manage deployment, operation, maintenance, and development of blockchains.
For example, in one example, the BaaS platform may implement rich security policies and multi-tenant isolation environments based on cloud technology, provide advanced security protection based on chip encryption technology, provide highly reliable data storage based on high availability end-to-end services that can be quickly extended without interruption;
in another example, enhanced management functionality may also be provided to assist customers in building enterprise-level blockchain network environments; and, local support can also be provided for standard blockchain applications and data, supporting mainstream open source blockchain technologies such as Hyperhedger Fabric and Enterprise Ethereum-Quorum, to build an open and inclusive technology ecosystem.
In the embodiment of the present specification, the device 5 serving as the client-side computing device 101 provides a trusted computing service, a deployed TEE runs a trusted application capable of providing the trusted computing service to a user, the BaaS platform included in the server-side 102 provides a predictive machine service, and a predictive machine service program corresponding to the predictive machine service runs in the TEE deployed at the server-side 102, and from another perspective, this is equivalent to that the device 5 directly connected to the server-side 102 in the client-side computing device 101 shown in fig. 1 may be regarded as a first trusted computing node referred to in the present specification, and the server-side 102 may be regarded as a second trusted computing node referred to in the present specification running the predictive machine service program.
Fig. 2 is a diagram of a network architecture according to an exemplary embodiment of the present disclosure, where the network architecture includes a first trusted computing node, a second trusted computing node, and a target blockchain, where the first trusted computing node may be the second trusted computing node, or the first trusted computing node is different from the second trusted computing node, the first trusted computing node has a first trusted execution environment deployed therein, the first trusted execution environment has a trusted application running therein, the second trusted computing node has a second trusted execution environment deployed therein, the second trusted execution environment has a predictive computer service program running therein, the target blockchain refers to a chain blockchain system in which blockchain data indicated by a blockchain data query request issued by the trusted application is located, and includes a number of blockchain nodes, and the predictive computer service program can establish network connection implementation information interaction with a corresponding blockchain link point of the blockchain system (the target blockchain shown in fig. 2), and network connection can be established with the corresponding block chain link points of a plurality of different block chain systems at the same time to realize information interaction.
The first credible execution environment is also operated with a communication service program, the first credible computing node can realize information interaction through local calling between the communication service program and a credible application on one hand, and can establish network connection with a prediction machine service program through the communication service program on the other hand so as to realize information interaction, in the case where the first trusted computing node and the second trusted computing node are the same hardware node, it may be considered that both the first trusted execution environment and the second trusted execution environment are deployed in the first trusted computing node, namely, the communication service program and the predictive speaker service program run on the same hardware node, so that the communication service program and the predictive speaker service program can be directly called locally to realize information interaction without establishing network connection, and certainly, communication can also be carried out in a form of establishing network connection. It should be noted that, in a case that the first trusted computing node and the second trusted computing node are the same hardware node, the second trusted execution environment and the first trusted execution environment may be the same trusted execution environment, or the second trusted execution environment is different from the first trusted execution environment, which is not limited in this specification.
Embodiments of the present specification relate to a Trusted Execution Environment (TEE) that may provide a secure execution environment for software, where the TEE is a CPU hardware-based secure extension and is completely isolated from the outside. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The industry is concerned with TEE solutions, and almost all mainstream chip and software consortiums have their own TEE solutions, such as TPM (Trusted Platform Module) in software, and Intel SGX, ARM Trustzone (Trusted zone), AMD PSP (Platform Security Processor) in hardware.
The Intel SGX (hereinafter referred to as SGX) technology is taken as an example. The trusted computing node may create enclave (enclosure or enclave) based on SGX technology as a TEE for performing blockchain transactions. The block link point may allocate a partial area EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) in the memory by using a newly added processor instruction in the CPU, so as to reside the above-mentioned enclosure. The memory area corresponding to the EPC is encrypted by a memory Encryption engine mee (memory Encryption engine) inside the CPU, the contents (code and data in the enclave) in the memory area can be decrypted only in the CPU core, and a key for Encryption and decryption is generated and stored in the CPU only when the EPC is started. It can be seen that the security boundary of enclave only includes itself and the CPU, and no matter privileged or non-privileged software can not access enclave, even an operating system administrator and a VMM (virtual machine monitor, or called Hypervisor) can not affect code and data in enclave, so that the enclave has extremely high security.
The trusted application referred to in the embodiments of the present specification refers to an application that runs in a TEE and is implemented using a verifiable computing technology, and when the trusted application runs in a WASM (web assembly) virtual machine, anyone may upload a WASM bytecode to the TEE and call the WASM code by the WASM virtual machine to form a trusted application, and the WASM virtual machine further executes the trusted application and obtains an execution result. Since the trusted application runs in the TEE, it can be verified to anyone through a remote authentication process that the trusted application does run in the TEE and that the internal code has not been tampered with, indeed executed as intended by the user.
Fig. 3 is a flowchart illustrating a trusted computing program invocation method applied to a first trusted computing node shown in fig. 2, in which a trusted application runs in a first trusted execution environment deployed at the first trusted computing node, according to an exemplary embodiment, and the method includes the following steps:
s301: obtaining a remote authentication report for a predictive-machine service program, the predictive-machine service program running in a second trusted execution environment.
The method according to the embodiment of the present description is specifically applied to a communication service program running in a first trusted execution environment deployed by a first trusted computing node, where the communication service program provides a local call interface for a trusted application in the first trusted execution environment to implement information interaction with the trusted application on the one hand, and provides a network interface for the outside to implement external information interaction, for example, network communication between the communication service program and a talker service program can be implemented through the network interface. In addition, the communication service program can call other programs such as a remote authentication report verification program, a digital signature verification program and the like in the first trusted execution environment to realize corresponding functions.
In this embodiment of the specification, before sending the block chain data query request to the language-predictive machine service program running in the second trusted execution environment, the first trusted computing node needs to ensure that the language-predictive machine service program runs in the second trusted execution environment and the corresponding program code is not tampered, that is, ensure that the language-predictive machine service program is trusted by obtaining a remote authentication report for the language-predictive machine service program.
The first trusted computing node may obtain a remote authentication report for the predictive service program in various ways, for example, by sending a remote authentication challenge for the predictive service program to obtain the remote authentication report, in which case, the first trusted computing node may receive the remote authentication report sent by the predictive service program and returned by the authentication server after completing authentication of self-recommendation information, where the self-recommendation information includes a first hash value corresponding to program code included in the predictive service program and a second hash value corresponding to a public key of the predictive service program; or,
the self-referral information sent by the language-predicting machine service program is received, the self-referral information is sent to the authentication server, and the remote authentication report for the language-predicting machine service program returned by the authentication server after the self-referral information is authenticated is received.
In particular, embodiments of the present specification relate to remote authentication reporting resulting from a remote authentication process for a predictive-machine service program in a second trusted execution environment. After the predictive server program receives a remote authentication challenge sent by a first trusted computing node, the remote authentication challenge is responded, a remote authentication service in the predictive server program is called, so that a remote authentication process is executed, specifically, the predictive server program first extracts all program codes contained in the predictive server program running in a second trusted execution environment, the programs comprise a network interface program, a block link interface program, a block chain verification program and the like in the predictive server program, the program codes obtain a program hash value (a first hash value) through hash operation, similarly, a public key maintained by the predictive server program and used for indicating the identity of the predictive server program also obtains a public key hash value (a second hash value) through hash operation, and finally the program hash value and the public key hash value are packaged to obtain self-recommendation information, the self-recommendation information is verified by the authentication server, the predicting machine service program receives a remote authentication report for the self-recommendation information provided by the authentication server, the remote authentication report is used for indicating that the predicting machine service program running in the second trusted execution environment is trusted, the self-recommendation information may further include a hash value of a public key of a program developer, a hash value of a program version number, and the like, and the description does not limit the self-recommendation information.
For example, taking the Intel SGX technology as an example, the second trusted execution environment is enclave created on the second trusted computing node for running a predictive service program, and the remote authentication process further involves another special enclave on the second trusted computing node, namely, Quoting Enclave (QE), which is an architectural enclave (architectural enclave) provided and signed by Intel. The envelope running the preplan service program first needs to generate a REPORT structure for local authentication, and the QE verifies whether the envelope is on the same platform as itself based on the REPORT structure, and then the QE packages the REPORT structure combining the program hash value and the public key hash value into a structure body qualte (i.e. self-recommended information), and uses an epid (enhanced private identification) key for signature. The EPID key not only represents a platform of the private computing node under the chain, but also represents the credibility of the bottom layer hardware of the second credible computing node, and can bind information such as the version of processor firmware and the like, and only QE can access the EPID key for signing the structure QUOTE. In the SGX technology, the authentication server may be an IAS (intel authentication service) server provided by intel corporation, and the talker servlet sends the signed structure quantity to the IAS server, so that the IAS server can verify the signature and return a corresponding remote authentication report to the talker servlet.
After the predictive server service program obtains the remote authentication report, the remote authentication report can be directly sent to the first trusted computing node, so that the first trusted computing node is assisted to obtain the remote authentication report.
In an embodiment, after obtaining the remote authentication challenge, the predictive service program only calculates the self-referral information according to the above-mentioned manner and does not send the self-referral information to the authentication server, but first sends the self-referral information to the first trusted computing node, so that the first trusted computing node completes a subsequent remote authentication process, sends the self-referral information to the authentication server, and receives the remote authentication report returned by the authentication server after completing authentication of the self-referral information.
In addition to sending the remote authentication challenge for the language-predictive machine service program to the language-predictive machine service program in the language-predictive machine service program, in an embodiment, the first trusted computing node may further obtain the remote authentication report for the language-predictive machine service program by querying a remote authentication report library locally maintained by the first trusted computing node, where the remote authentication report and a corresponding update time of the language-predictive machine service program are stored in advance, and each time the first trusted computing node obtains a latest remote authentication report through the remote authentication challenge or in another form, the remote authentication report corresponding to the language-predictive machine service program in the remote authentication report library is updated, so that the remote authentication report of each language-predictive machine service program in the remote authentication report library can be updated in time, and thus the validity of the proof is enhanced.
S302: and under the condition that the prediction machine service program is determined to be credible according to the remote authentication report, sending a block chain data query request acquired from the credible application to the prediction machine service program so that the prediction machine service program responds to the block chain data query request to acquire block data on a target block chain.
The determining the credibility of the predictive phone service program according to the remote authentication report in the embodiment of the present specification specifically includes: after the first trusted computing node obtains the remote authentication report, the signature of the remote authentication report is authenticated through the public key of the authentication server, and then the remote authentication report is confirmed to be issued by the authentication server, and further the program hash value and the public key hash value recorded in the authentication report are read out, and compared with the program standard hash value and the public key standard hash value stored by the first trusted computing node, if the program hash value is consistent with the program standard hash value, the fact that the predictive server service program in the trusted computing node is not tampered and operates in a second trusted execution environment can be proved, if the public key hash value is consistent with the public key standard hash value, the fact that the public key corresponding to the predictive server service program held by the first trusted computing node is the public key capable of indicating the true identity of the predictive server service program can be proved, and under the condition that the two comparisons are consistent, it may be determined that the predictive server service program is authentic. The program standard hash value is obtained by performing hash operation on all program codes in the language predictive service program which is externally disclosed, the public key standard hash value is obtained by performing hash operation on a public key which is held by the first trusted computing node and is considered to correspond to the language predictive service program at present, it needs to be pointed out that the hash operation function for calculating the program standard hash value is consistent with the hash operation function for calculating the program hash value, and the hash operation function for calculating the public key standard hash value is consistent with the hash operation function for calculating the public key hash value.
In one embodiment, the first trusted computing node pre-stores locally a remote authentication report for the predictive-machine service program, the first trusted computing node is therefore able to execute a corresponding remote authentication report validation procedure at any time in the first trusted execution environment to verify that the remote authentication report indicates that the talker server is trusted, for example, the first trusted computing node may verify the remote authentication report in advance, and store the verification result, when it is required to determine whether the talker servlet is trusted, only the pre-saved authentication result needs to be checked without repeating the authentication work, and the talker server can be determined to be trusted when the authentication result is trusted, which is equivalent to the first node device anchoring trust to the talker server, directly taking the verification result of the remote authentication report aiming at the predictive server service program as a corresponding trust certificate; of course, when the requirement of determining whether the predictive server service program is authentic is needed, the remote authentication report can be verified again so as to obtain the verification result in real time.
When a trusted application generates a block chain data query demand, the trusted application initiatively initiates a block chain data query request to a communication service program, the request includes description information such as a block chain domain name, a block hash and a transaction hash for pointing to specific required block data, after receiving the request, the communication service program firstly checks whether a remote authentication report of a language predictive machine service program is stored locally, for example, when a remote authentication report for the language predictive machine service program is stored in a local remote authentication report library, a remote authentication report verification program is called to verify the remote authentication report, when a verification result is received as untrusted, the block chain data query request sent by the trusted application is temporarily cached, and whether remote authentication reports of other language predictive machine service programs are stored locally is continuously searched, and when the remote authentication report of the language predictive machine service program does not exist locally or the corresponding remote authentication report is not authentic, the remote authentication report of the language predictive machine service program or the corresponding remote authentication report is not locally Under the condition, the first trusted computing node initiates a remote authentication report to the trusted computing node where one or more predictive computer service programs of the externally-open IP address are located through the communication service program to obtain a related remote authentication report, and then continuously verifies the remote authentication report through the remote authentication report verification program until the verification result of receiving a certain remote authentication report is trusted, the predictive computer service program corresponding to the remote authentication report can be determined to be trusted, and at the moment, the first trusted computing node can send the block chain data query request to the predictive computer service program determined to be trusted through the communication service program. Certainly, under the condition that the first node device does not find any trusted talker server after passing through the above flow, the blockchain data query request sent by the trusted application is returned by the communication server, and a corresponding error code is notified to the trusted application, so as to remind a user corresponding to the trusted application that a trusted agent (talker server) is absent at present, and therefore, the blockchain data query service cannot be completed.
After receiving a blockchain data query request sent by a first trusted computing node, a predictive server service program parses description information such as a blockchain domain name, a blockchain hash and a transaction hash, which is used for pointing to specific required blockchain data, from the request, and then determines an address of the blockchain data according to the description information, specifically, the predictive server service program may maintain network connection with corresponding blockchain link points in one or more blockchain systems, so that different blockchain domain names are used for different blockchain system crowns, and a corresponding relationship between the blockchain domain name and network addresses such as an IP address and a port number of a blockchain node corresponding to the corresponding blockchain system is maintained, so that the predictive server service program can determine which blockchain system the required blockchain data is located in through the blockchain domain name, and use the determined blockchain system as a target blockchain, that is, the target blockchain referred to in this specification specifically refers to the blockchain system pointed to by the blockchain domain name included in the blockchain data query request. And determining which block on the target block chain the required block data is located in through the block hash, taking the determined block as the target block, and finally determining which transaction data on the target block the required block data specifically corresponds to through the transaction hash. The tile data referred to in this specification may include transaction data on the tile, and may also include transaction receipt data, tile header data of the tile, and other data on the tile, which is not limited in this specification.
The talker server in the present specification has a capability of accessing a blockchain system, and thus, the talker server may continuously access a plurality of blockchain systems to obtain blockchain data on each blockchain system in advance, for example, after a new block is generated by any blockchain system, a proxy blockchain link node that triggers a network connection to the talker server in any blockchain system provides a block update message to the talker server, and then the talker server may obtain a newly added block by calling a blockchain data access interface provided by the proxy blockchain link node, so that complete blockchain data of any blockchain system is maintained locally by the talker server.
In an embodiment, after receiving the data query request of the block chain and determining to obtain the target block chain, the predictive server service program searches whether each block corresponding to the data query request of the block chain, which is pre-stored locally, includes block data corresponding to the block hash and the transaction hash in the data query request of the block chain, and acquires the block data under the condition that the block data is pre-stored locally.
In another embodiment, after the predictive server service program receives the block chain data query request and determines to obtain the target block chain, the predictive server service program accesses the target block chain in real time to obtain corresponding block data, in this embodiment, the predictive server service program may not need to store the complete block data of the target block chain in advance, so that the storage burden of the located device is reduced, and even if the predictive server service program stores the complete block data of the target block chain in advance, since the predictive server service program may not update the block of the target block chain in real time, there may be a case that the block data corresponding to the block chain data query request cannot be obtained by local query but is actually already in the latest block of the target block chain, and thus the block data on the latest target block chain can be ensured to be obtained by accessing the target block chain in real time when the block chain data query request is received, the possibility that the block data acquisition fails due to the fact that the local pre-stored complete block data on the target block chain is not updated in time by the prediction machine service program is avoided.
In an embodiment, the predictive server service program may obtain the block data by calling a block chain data access interface provided by a block chain link point corresponding to the target block chain, where a block chain link point corresponding to any block chain system that is established with a network connection with the predictive server service program and can be accessed by the predictive server service program is used as a proxy block chain node corresponding to the target block chain, and a trust relationship may be anchored with the predictive server service program in advance, that is, the proxy block chain link point obtains and verifies a remote authentication report for the predictive server service program in advance to determine that the predictive server service program is trusted, and a corresponding verification process is the same as the verification method for the remote authentication report, which is not described herein again. The proxy blockchain node may provide a blockchain data access interface that only allows access by the predictive machine service program if it is determined that the predictive machine service program is authentic, through which the predictive machine service program may securely and unimpededly access database information on the proxy blockchain node, including all blocks stored and maintained on the proxy blockchain node, contract codes and contract states for the respective intelligent contracts, and the like.
In another embodiment, the predictive engine service program is further capable of acquiring the tile data by initiating a tile data acquisition transaction to a predictive engine contract on the target blockchain and listening for tile data acquisition events contained in a receipt for the tile data acquisition transaction generated by the predictive engine contract. In this embodiment, the corresponding block data may be acquired by initiating a cross-chain transaction to a target blockchain and monitoring an event, and specifically, the predictive engine service program may initiate a block data acquisition transaction to a predictive engine contract on the target blockchain through a proxy blockchain node on the target blockchain, where the transaction includes a block hash and a transaction hash, so that the predictive engine contract executes the transaction, queries and obtains transaction data pointed by the block hash and the transaction hash included in the transaction and writes the transaction data into a block data acquisition event included in a receipt of the transaction, and the predictive engine service program acquires a receipt of the transaction by further acquiring the block data through monitoring the proxy blockchain node on the target blockchain and reads the required transaction data from the receipt. In this embodiment, since the related block data is acquired in the form of cross-chain transaction, the behavior of accessing the block data this time can be verified on the target block chain, so that the process of acquiring the block data is transparent and traceable, and the subsequent first trusted computing node can also check whether the block data acquisition transaction is executed on the target block chain through a third party, thereby ensuring that the acquired block data is indeed from the target block chain, and improving the security of the system.
S303: and receiving the block data returned by the language predictive machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the signature verification of the digital signature is successful through a public key corresponding to the language predictive machine service program.
After responding to the block chain data query request to obtain the block data on the target block chain, the predictive server service program performs hash operation on the block data to obtain block data hash, then uses a private key which is maintained by the predictive server service program and used for indicating the true identity of the predictive server service program to sign the block data hash to obtain a digital signature corresponding to the block data, and finally returns the obtained block data and the corresponding digital signature to the communication service program in the first trusted computing node. After receiving the block data returned by the language predictive service program and the digital signature corresponding to the block data, the communication service program calls a digital signature verification program in a first trusted execution environment to verify the digital signature, specifically, the communication service program takes the block data and the corresponding digital signature as input parameters and transmits the input parameters to the digital signature verification program, the digital signature verification program performs hash operation on the received block data to obtain standard block data hash, then decrypts the digital signature by using a public key which is verified to be capable of indicating the true identity of the language predictive service program to obtain block data hash to be verified, compares the block data hash to be verified with the standard block data hash, determines that the digital signature is verified successfully under the condition of consistent comparison, and returns a callback result of successful verification to the communication service program, after receiving the callback result of successful verification, the communication service program determines that the block data is returned from the trusted prediction machine service program, trusts the block data, and returns the block data to the trusted application as the callback result of the block chain data query request sent by the previous trusted application.
The technical scheme provided by the embodiment of the specification can have the following beneficial effects:
in embodiments of the present description, the first trusted computing node anchors trust in the predictive-machine service by obtaining a remote authentication report for the predictive-machine service so that a trusted application running in the first trusted execution environment deployed by the first trusted computing node can securely access and obtain tile data on the blockchain by way of the trusted predictive-machine service.
Optionally, the chunk data and the digital signature corresponding to the chunk data are returned by the talker service program when the authenticity verification of the chunk data is successful. After the block data is obtained, the block data is further verified by the prediction machine service program, the block data is signed under the condition that the verification of the authenticity is successful, and the block data and the corresponding digital signature are returned to the communication service program in the first trusted computing node.
In this embodiment of the present specification, the talker servlet needs to perform authenticity verification on the acquired tile data, and returns the obtained tile data to the first trusted computing node only if the verification is successful, thereby ensuring that the block data source obtained by the predictive server service program is credible and has not been tampered, so that the first trusted computing node does not need to repeatedly verify the authenticity of the block data at the block level under the condition that the predictive server service program is trusted (because the first trusted computing node can determine that the predictive server service program contains a code segment for executing the block chain verification program for verifying the block data when verifying the remote authentication report), the digital signature corresponding to the block data is only required to be checked, and after the check is successful, the block data can be directly transmitted back to the trusted application for use by the user because the block data can be ensured to be sourced from the trusted language prediction machine service program.
Optionally, the verifying the authenticity of the block data is successful, including: and under the condition that the verification result corresponding to the target block chain locally maintained by the predicting machine service program shows that all blocks on the target block chain are legal and the corresponding Merkle roots are successfully verified, determining that the authenticity verification of the block data is successful.
When the block data on the target blockchain is acquired from the target blockchain in real time by the predictive server service program, the predictive server service program needs to verify the authenticity of the block data acquired in real time, specifically, the predictive server service program not only acquires the block data pointed by the blockchain data query request, but also acquires all the blocks of the target blockchain, maintains all the blocks of the target blockchain locally, verifies the Merkle root and the block hash of each block according to the block sequence from the creation block, performs hash operation on all transactions contained in any block to obtain a plurality of transaction hashes, recalculates the Merkle root in a manner of solving the Merkle root, compares the recalculated Merkle root with the Merkle root recorded at the block head of any block, and indicates that the transaction on any block is not tampered and therefore any block if the comparison is consistent, thereby determining that the Merkle root of the any block is verified successfully, and in case of inconsistency, the transaction on the any block is tampered, so that the any block is not trusted, thereby determining that the Merkle root of the any block is verified unsuccessfully; at the same time, the block hash needs to be verified to prove the validity of the block itself, specifically, the block header of each block except the created block is encapsulated with the block hash of its corresponding parent block, it is therefore necessary to verify whether all blocks of the target blockchain are arranged in the order of their defined blocks, from the same blockchain, for example, for any block other than the newest block, if it is desired to verify whether the block is tampered with, the block head of the block is merged to calculate the block hash corresponding to the block, and the block hash is compared with the block hash of the parent block recorded on the block head of the sub-block corresponding to the block, if the comparison is consistent, it can be proved that the block and the previously verified block belong to the same block chain, the block is legal, and if the comparison is inconsistent, the block and the blocks of the block sequence after the block are illegal. After the verification of the Merkle roots and the block hashes is completed on all the blocks of the target block chain maintained locally, a verification result is generated and used for recording the trusted parts (the blocks which are proved to be trusted and legal through the verification of the Merkle roots and the block hashes) in all the blocks of the target block chain as the verification result of the target block chain, and the authenticity verification of the block data is determined to be successful under the condition that the verification result shows that all the blocks on the target block chain are legal and the corresponding Merkle roots are verified successfully.
In the case that the block data on the target block chain is obtained from the target block chain in advance by the predictive service program, the predictive service program already stores the complete block data corresponding to the target block chain in advance locally, so that the Merkle root and block hash verification can be performed on all blocks on the target block chain in advance, for example, the predictive service program can perform Merkle root verification on a block in time when obtaining a block on a target block chain, and the block is also used for verifying the validity of the corresponding parent block (performing verification by using block hash in the same manner as the above), so that a timely updated verification result for the target block chain is maintained locally, and the verification result records the trusted parts in all blocks of the target block chain, that is, the predictive service program can only verify a newly added block at a time without verifying all blocks on the target block chain at a time, this makes it possible for the predictive service program to determine whether all blocks on the target block chain are legal and whether the corresponding Merkle root is successfully verified by reading the verification result of the target block chain maintained locally at any time.
In fact, the oracle service program may also only locally pre-store the chunk headers of all chunks on the target chunk chain, so as to pre-prove the validity of the chunks and retain the authentication process of the Merkle root, in this case, after determining the chunk data on the target chunk chain according to the chunk chain data query request, the oracle service program needs to request the target chunk chain for chunk data, at this time, only request the target chunk chain for obtaining the chunk where the chunk data is located (according to the chunk hash carried in the chunk chain data query request) but not all chunks on the target chunk chain, after obtaining the chunk, determine the chunk data as the transaction data according to the transaction hash, and perform Merkle root authentication on the obtained chunk, compare the recalculated Merkle root with not only the Merkle root recorded on the chunk header of the obtained chunk, but also the Merkle root recorded on the chunk header of the locally maintained chunk data chunk, and determining that the obtained block data conforms to a block head of a target block chain serving as a trust certificate maintained locally under the condition that the comparison is consistent, namely determining that the block data is not tampered.
In addition, the predictive service program may also pre-store transaction hashes of all blocks on the target blockchain, specifically, after the complete block data corresponding to the target blockchain is obtained, the transaction hashes calculated by each transaction are stored according to the sequence between the blocks and the arrangement sequence in the blocks (i.e. the execution sequence of the transaction), after the verification of the Merkle root and the block hashes is completed and the verification result is maintained locally, the block parts in all the blocks can be deleted completely from the local, so that the predictive service program only needs to request the block data itself from the target blockchain after determining the block data on the target blockchain according to the block chain data query request, since all verification processes on the block level are completed in advance and the locally maintained verification result is used as a certificate, the predictive service program only needs to check the verification result and perform the hash operation on the obtained block data, and when the verification result can indicate that all blocks on the target block chain are legal and the corresponding Merkle roots are successfully verified, and the received hash value obtained by performing hash operation on the block data provided by the target block chain is consistent with the transaction hash contained in the block chain data query request, the authenticity verification of the block data can be determined to be successful.
In this embodiment, the validity of the block data is determined to be successfully verified only when all blocks on the target block chain are legal and the corresponding Merkle roots are successfully verified, and the strict verification method can ensure the validity and the reliability of the block data source to the maximum extent.
In another embodiment, the authenticity of the block data can be determined to be successfully verified under the condition that a verification result corresponding to the target block chain locally maintained by the predictive server service program indicates that the block where the block data is located is legal and the corresponding Merkle roots are successfully verified.
Optionally, the sending the blockchain data query request to the talker server includes:
encrypting the block chain data query request by using a public key corresponding to the talker service program to obtain a block chain data query request ciphertext; and sending the block chain data query request ciphertext to the language predictive machine service program.
In the embodiment of the present specification, an encrypted channel between the first trusted computing node and the talker server is implemented by using asymmetric encryption, so that only the talker server can decrypt the block chain data query request sent by the first trusted computing node, thereby ensuring privacy of the block chain data obtaining process. The public key corresponding to the predictive server service program used here may be a public key which can indicate the true identity of the predictive server service program after being verified through a remote authentication report in the past, or may be another public key which can indicate the true identity of the predictive server service program, and it is only necessary to ensure that the private key corresponding to the public key used here for encrypting the block chain data query request is indeed held by the predictive server service program, so that after the predictive server service program receives the block chain data query request ciphertext, the block chain data query request ciphertext can be decrypted through the private key maintained by itself to obtain the corresponding block chain data query request.
Optionally, the block chain data query request includes a public key corresponding to a first trusted computing node, and the receiving the block data returned by the talker server and the digital signature corresponding to the block data includes:
receiving a block data ciphertext and a digital signature ciphertext returned by the language predicting machine service program, and respectively decrypting the block data ciphertext and the digital signature ciphertext by using a first trusted computing node private key to obtain the block data and a digital signature corresponding to the block data; and the block data ciphertext and the digital signature ciphertext are obtained by the prediction machine service program respectively encrypting the block data and the digital signature corresponding to the block data by using a first trusted computing node public key.
In the embodiment of the present specification, an encrypted channel between the first trusted computing node and the talker server is implemented by using asymmetric encryption, so that only the communication service program on the first trusted computing node can decrypt the block data and the corresponding digital signature sent by the talker server, thereby ensuring privacy of the process of obtaining the block chain data. Since the public key for indicating the true identity of the first trusted computing node is carried in the block chain data query request sent to the predictive server service program, when the subsequent predictive server service program is ready to return the block data and the digital signature to the first trusted computing node, the public key contained in the block chain data query request can be used for encryption, so that the encrypted block data ciphertext and the digital signature ciphertext are sent to the communication service program on the first trusted computing node, and the communication service program decrypts by using the private key maintained by the communication service program to obtain the corresponding block data and the digital signature.
Optionally, the maintaining, by the first trusted computing node, an analysis plug-in corresponding to each blockchain type, and returning the blockchain data to the trusted application includes:
and analyzing the block data according to an analysis plug-in corresponding to the block chain type of the target block chain, and returning the analyzed block data to the trusted application. Since the data structures and form definitions of the blocks corresponding to different types of blockchains are greatly different, for example, the Transaction format of a blockchain based on uxto (open Transaction output) is greatly different from that of a blockchain based on an ethernet, different parsing manners need to be adopted according to different versions and different types of the obtained blocks to obtain the available data of the data portion.
In this embodiment of the present description, since the first trusted computing node maintains the analysis plug-in corresponding to each blockchain type, the obtained blockchain data corresponding to each blockchain type can be correctly analyzed and processed, so as to obtain the analyzed blockchain data that can be identified by the trusted application, and enable the optional application running under the chain to access the data on the chain on various heterogeneous chains in a trusted and compatible manner.
Optionally, the trusted application runs in a virtual machine encapsulated within a first trusted execution environment, and the virtual machine includes: a stack-structured virtual machine based on binary operation instructions. Taking fig. 1 as an example, the trusted application running in the first trusted execution environment is actually running in a virtual machine encapsulated in the first trusted execution environment, and the virtual machine includes a WASM virtual machine.
The WASM virtual machine according to the embodiment of the present specification is a virtual machine with a stack structure based on binary operation instructions, and only supports running a program code written in a WASM language, the WASM language is another programming language that can be run on a web page besides JavaScript, the WASM as a new coding mode can run in a modern web browser, belongs to a low-level assembly code class, has a compact binary format, can directly operate an instruction code of a CPU, such as an assembly code on an x86 instruction set, has an instruction set, a register, a stack and the like, and thus can run with performance close to a native level, and provides a compilation target for a high-level language such as C/C + to enable the high-level language to run on the browser. The WASM language is designed to coexist with JavaScript so that the two can run simultaneously, compatible with each other.
In the embodiment of the present specification, since the virtual machine program theoretically satisfies the graph agility and supports the execution of any program, the trusted computing requirements for various programs can be satisfied by running the WASM virtual machine in the TEE.
In the following, a detailed description is given of a scheme of acquiring blockchain data in this specification, taking an example that a trusted application in a first trusted computing node in fig. 2 requests to acquire transaction data on a target blockchain through a talker service on a second trusted computing node. Fig. 4 is an interactive flowchart of a method for acquiring blockchain data according to an exemplary embodiment, please refer to fig. 4, which is implemented based on cooperation between a first trusted computing node, a second trusted computing node, and a block link point, where the block link point belongs to a target blockchain, and the method may include the following steps:
s401: and constructing a block chain data query request by a trusted application in the first trusted computing node, wherein the block chain domain name, the block hash and the transaction hash are contained in the block chain data query request.
S402: the trusted application sends a block chain data query request to a communication service program in the first trusted computing node, the communication service program caches the received block chain data query request, and sends a remote authentication challenge to a talker service program in the second trusted computing node.
S403: responding to a remote authentication challenge by a pre-talker service program, randomly generating and maintaining a pair of public and private keys, respectively carrying out hash operation on a program code of the pre-talker service program and a generated public key to obtain a program hash value and a public key hash value, then using a CPU private key of the pre-talker service program to carry out signature to obtain a program hash signature and a public key hash signature, finally packaging the program hash value, the public key hash value, the program hash signature and the public key hash signature to obtain self-recommendation information, and sending the self-recommendation information to an IAS server so that the IAS server receives a remote authentication report returned by the IAS server after finishing authentication.
S404: and the speaker service program returns the acquired remote authentication report aiming at the speaker service program and the generated public key to the communication service program in the first trusted computing node.
S405: the communication service program calls a remote authentication report verification program in a first trusted execution environment to verify a received verification report, firstly, a public key of an IAS server is used to verify the signature of the remote authentication report, under the condition that the remote authentication report is confirmed to be issued by the IAS server, the recorded authentication result is checked, if the authentication result shows that the predictive server program is indeed operated in a second trusted execution environment, then, the program hash value and the public key hash value are obtained by analyzing self-recommended information contained in the remote authentication report, all program codes of the public predictive server program in the second trusted computing node stored in a database are calculated in real time, or the hash value corresponding to all program codes of the predictive server program in the second trusted computing node is directly searched and obtained from the network is compared with the program hash value, and meanwhile, comparing the hash value obtained by calculating the public key received from the predictive server service program with the hash value of the public key, and under the condition that the comparison results of the two times are consistent, proving that the program code of the predictive server service program is not tampered and the obtained public key corresponding to the predictive server service program has authenticity, namely proving that the predictive server service program is trusted.
S406: and the communication service program in the first trusted computing node sends the cached block chain data query request to the prediction machine service program in the second trusted computing node.
S407: the block chain data query request is responded by the predictive server service program, corresponding block chain domain names, block hashes and transaction hashes are obtained through analysis, a block chain system where the required transaction data are located is determined to be a target block chain through the block chain domain names, and therefore a block chain data access interface of a corresponding block chain node in the target block chain which is known in advance is called, and a block chain data access request is sent to the block chain node.
S408: after receiving a block chain data access request sent by a predictive server service program, a block chain node determines that the predictive server service program is credible through a remote authentication report aiming at the predictive server service program acquired in advance, and then returns all blocks on a target block chain to the predictive server service program in response to the block chain data access request.
S409: and the predictive server service program determines and acquires the transaction data which is required by the application program and corresponds to the block chain data query request from all the blocks on the target block chain according to the block hash and the transaction hash in the block chain data query request, and simultaneously verifies the Merkle root and the block hash of all the blocks on the target block chain one by one and generates a verification result corresponding to the target block chain to be maintained locally.
S410: and under the condition that the verification result of the local maintenance of the language predictive machine service program shows that all blocks on the target block chain are legal and the corresponding Merkle roots are verified successfully, signing the transaction data by using a private key in a public and private key pair generated previously to obtain a digital signature corresponding to the transaction data.
S411: and the predicting machine service program returns the transaction data and the digital signature corresponding to the transaction data to the communication service program in the first trusted computing node.
S412: after the communication service program receives the transaction data returned by the language predictive machine service program and the digital signature corresponding to the transaction data, the digital signature verification program in the first trusted execution environment is invoked to verify the digital signature, the digital signature verification program first performs a hash operation on the received transaction data to obtain a standard transaction data hash, then, the digital signature is decrypted by using the public key which is proved to be corresponding to the language-predictive machine service program through the remote authentication report to obtain the transaction data hash to be verified, the transaction data hash to be verified is compared with the standard transaction data hash, if the comparison is consistent, the success of the digital signature verification is determined, after the communication service program receives the callback result of the success of the signature verification, determining that the transaction data was indeed returned from the trusted talker server, thereby trusting the transaction data.
S413: and the communication service program adopts a corresponding analysis plug-in to analyze according to the block chain type of the transaction data so as to obtain the analyzed transaction data, and returns the analyzed transaction data to the trusted application to serve as a request result corresponding to the block chain data query request sent by the trusted application.
In this embodiment of the specification, the first trusted computing node anchors a trust relationship for the predictive server service program by acquiring a remote authentication report for the predictive server service program, so that after the first trusted computing node acquires transaction data on a target blockchain through the predictive server service program, the authenticity of the transaction data can be certified only by verifying a digital signature corresponding to the acquired transaction data to ensure that the transaction data is indeed derived from the trusted predictive server service program, and the authenticity of the transaction data does not need to be repeatedly verified at a blockchain level, thereby providing a safe and trusted blockchain information query service for trusted applications running in the first trusted execution environment.
The present specification also provides embodiments of an apparatus, an electronic device, and a storage medium, corresponding to embodiments of the foregoing method.
FIG. 5 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 5, at the hardware level, the apparatus includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 502 reading corresponding computer programs from non-volatile storage 510 into memory 508 and then running. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
As shown in fig. 6, fig. 6 is a block diagram of an apparatus for obtaining blockchain data according to an exemplary embodiment, which may be applied to the device shown in fig. 5 to implement the technical solution of the present specification, and which is applied to a first trusted computing node deployed in a first trusted execution environment running a trusted application, and includes:
a report acquisition unit 601, configured to acquire a remote authentication report for a predictive-machine service program, where the predictive-machine service program runs in a second trusted execution environment;
a request sending unit 602, configured to send, to the talker server, a blockchain data query request obtained from the trusted application, in a case that it is determined that the talker server is trusted according to the remote authentication report, so that the talker server obtains blockchain data on a target blockchain in response to the blockchain data query request;
a data receiving unit 603, configured to receive the block data returned by the language-predictive service program and a digital signature corresponding to the block data, and return the block data to the trusted application when the signature of the digital signature is successfully verified through a public key corresponding to the language-predictive service program.
Optionally, the blockchain data query request includes a blockchain domain name and a transaction hash, the target blockchain is determined by the blockchain domain name in the blockchain data query request, and the blockchain data on the target blockchain is determined by the transaction hash in the blockchain data query request.
Optionally, the block data on the target block chain is acquired from the target block chain by the predictive service program in real time, or acquired from the target block chain by the predictive service program in advance.
Optionally, the obtaining, by the talker service program in the request sending unit 602, the chunk data includes:
the predicting machine service program acquires the block data by calling a block chain data access interface provided by a block chain link point corresponding to the target block chain; or,
the predictive engine service program acquires the block data by initiating a block data acquisition transaction to a predictive engine contract on the target block chain and monitoring a block data acquisition event contained in a receipt of the block data acquisition transaction generated by the predictive engine contract.
Optionally, the chunk data and the digital signature corresponding to the chunk data are returned by the talker service program when the authenticity verification of the chunk data is successful.
Optionally, the verifying the authenticity of the block data is successful, including:
and under the condition that the verification result corresponding to the target block chain locally maintained by the predicting machine service program shows that all blocks on the target block chain are legal and the corresponding Merkle roots are successfully verified, determining that the authenticity verification of the block data is successful.
Optionally, the request sending unit 602 sends the blockchain data query request to the talker server, where the sending request includes:
encrypting the block chain data query request by using a public key corresponding to the talker service program to obtain a block chain data query request ciphertext;
and sending the block chain data query request ciphertext to the language predictive machine service program.
Optionally, the block chain data query request includes a public key corresponding to the first trusted computing node, and the receiving unit 603 receives the block data returned by the talker server and a digital signature corresponding to the block data, including:
receiving a block data ciphertext and a digital signature ciphertext returned by the language predicting machine service program, and respectively decrypting the block data ciphertext and the digital signature ciphertext by using a first trusted computing node private key to obtain the block data and a digital signature corresponding to the block data; and the block data ciphertext and the digital signature ciphertext are obtained by the prediction machine service program respectively encrypting the block data and the digital signature corresponding to the block data by using a first trusted computing node public key.
Optionally, the first trusted computing node maintains an analysis plug-in corresponding to each blockchain type, and the data receiving unit 603 returns the blockchain data to the trusted application, where the method includes:
and analyzing the block data according to an analysis plug-in corresponding to the block chain type of the target block chain, and returning the analyzed block data to the trusted application.
Optionally, the trusted application runs in a virtual machine encapsulated within a first trusted execution environment, and the virtual machine includes: a stack-structured virtual machine based on binary operation instructions.
Alternatively to this, the first and second parts may,
the second trusted execution environment is deployed at a second trusted computing node; or,
the second trusted execution environment is deployed at the first trusted computing node; wherein the second trusted execution environment is the same trusted execution environment as the first trusted execution environment, or the second trusted execution environment is different from the first trusted execution environment.
Optionally, the report obtaining unit 601 is specifically configured to:
receiving the remote authentication report for the language-predictive service program, which is sent by the language-predictive service program and returned by an authentication server after the authentication of self-referral information is completed, wherein the self-referral information comprises a first hash value corresponding to a program code of the language-predictive service program and a second hash value corresponding to a public key of the language-predictive service program; or,
the self-referral information sent by the language-predicting machine service program is received, the self-referral information is sent to the authentication server, and the remote authentication report for the language-predicting machine service program returned by the authentication server after the self-referral information is authenticated is received.
Optionally, in a case that the remote authentication report is signed by the authentication server, and the self-referral information in the remote authentication report satisfies the following condition, the request sending unit 602 can determine that the talker service is trusted:
comparing and matching a first hash value and a third hash value in the self-referral information, and comparing and matching a second hash value and a fourth hash value in the self-referral information; the third hash value is obtained by performing hash operation on a program code contained in the public language predicting machine service program, and the fourth hash value is obtained by performing hash operation on a public key which is currently held by the first trusted computing node and corresponds to the language predicting machine service program.
Correspondingly, the present specification also provides an apparatus comprising a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of implementing the trusted computing method provided by all of the above method embodiments.
Accordingly, the present specification also provides a computer readable storage medium having executable instructions stored thereon; wherein the instructions, when executed by the processor, implement the steps of implementing the trusted computing method provided by all of the above method embodiments.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.
Claims (16)
1. A method of obtaining blockchain data, the method being applied to a first trusted computing node deployed with a trusted application running in a first trusted execution environment, the method comprising:
obtaining a remote authentication report for a predictive-machine service program, the predictive-machine service program running in a second trusted execution environment;
under the condition that the prediction machine service program is determined to be credible according to the remote authentication report, sending a block chain data query request acquired from the credible application to the prediction machine service program so that the prediction machine service program can respond to the block chain data query request to acquire block data on a target block chain;
and receiving the block data returned by the language predictive machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the signature verification of the digital signature is successful through a public key corresponding to the language predictive machine service program.
2. The method of claim 1, the blockchain data query request including a blockchain domain name and a transaction hash, the target blockchain determined by the blockchain domain name in the blockchain data query request, the blockchain data on the target blockchain determined by the transaction hash in the blockchain data query request.
3. The method of claim 1, wherein the block data on the target blockchain is obtained from the target blockchain by the predictive service program in real time, or is obtained from the target blockchain by the predictive service program in advance.
4. The method of claim 1, the predictive server program obtaining the chunk data, comprising:
the predicting machine service program acquires the block data by calling a block chain data access interface provided by a block chain link point corresponding to the target block chain; or,
the predictive engine service program acquires the block data by initiating a block data acquisition transaction to a predictive engine contract on the target block chain and monitoring a block data acquisition event contained in a receipt of the block data acquisition transaction generated by the predictive engine contract.
5. The method of claim 1, the tile data and a digital signature corresponding to the tile data are returned by the predictive service program if the authenticity verification of the tile data is successful.
6. The method of claim 5, the authenticity verification of the tile data being successful, comprising:
and under the condition that the verification result corresponding to the target block chain locally maintained by the predicting machine service program shows that all blocks on the target block chain are legal and the corresponding Merkle roots are successfully verified, determining that the authenticity verification of the block data is successful.
7. The method of claim 1, the sending a blockchain data query request to the predictive server service routine, comprising:
encrypting the block chain data query request by using a public key corresponding to the talker service program to obtain a block chain data query request ciphertext;
and sending the block chain data query request ciphertext to the language predictive machine service program.
8. The method of claim 1, wherein the blockchain data query request includes a public key corresponding to a first trusted computing node, and the receiving the blockchain data returned by the talker server and a digital signature corresponding to the blockchain data comprises:
receiving a block data ciphertext and a digital signature ciphertext returned by the language predicting machine service program, and respectively decrypting the block data ciphertext and the digital signature ciphertext by using a first trusted computing node private key to obtain the block data and a digital signature corresponding to the block data; and the block data ciphertext and the digital signature ciphertext are obtained by the prediction machine service program respectively encrypting the block data and the digital signature corresponding to the block data by using a first trusted computing node public key.
9. The method of claim 1, the first trusted computing node maintaining a resolving plug-in corresponding to each blockchain type, the returning the blockchain data to the trusted application comprising:
and analyzing the block data according to an analysis plug-in corresponding to the block chain type of the target block chain, and returning the analyzed block data to the trusted application.
10. The method of claim 1, the trusted application running in a virtual machine encapsulated within a first trusted execution environment, the virtual machine comprising: a stack-structured virtual machine based on binary operation instructions.
11. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
the second trusted execution environment is deployed at a second trusted computing node; or,
the second trusted execution environment is deployed at the first trusted computing node; wherein the second trusted execution environment is the same trusted execution environment as the first trusted execution environment, or the second trusted execution environment is different from the first trusted execution environment.
12. The method of claim 1, the obtaining a remote authentication report for a predictive-speaker service, comprising:
receiving the remote authentication report for the language-predictive service program, which is sent by the language-predictive service program and returned by an authentication server after the authentication of self-referral information is completed, wherein the self-referral information comprises a first hash value corresponding to a program code of the language-predictive service program and a second hash value corresponding to a public key of the language-predictive service program; or,
the self-referral information sent by the language-predicting machine service program is received, the self-referral information is sent to the authentication server, and the remote authentication report for the language-predicting machine service program returned by the authentication server after the self-referral information is authenticated is received.
13. The method of claim 12, determining that the predictive server service is trusted if the remote authentication report is signed by the authentication server and self-referral information in the remote authentication report satisfies the following condition:
comparing and matching a first hash value and a third hash value in the self-referral information, and comparing and matching a second hash value and a fourth hash value in the self-referral information; the third hash value is obtained by performing hash operation on a program code contained in the public language predicting machine service program, and the fourth hash value is obtained by performing hash operation on a public key which is currently held by the first trusted computing node and corresponds to the language predicting machine service program.
14. An apparatus for obtaining blockchain data, the apparatus being applied to a first trusted computing node deployed with a trusted application running in a first trusted execution environment, the apparatus comprising:
a report acquisition unit, configured to acquire a remote authentication report for a predictive-machine service program, where the predictive-machine service program runs in a second trusted execution environment;
a request sending unit, configured to send, to the talker server, a blockchain data query request obtained from the trusted application, in a case where it is determined that the talker server is trusted according to the remote authentication report, so that the talker server obtains blockchain data on a target blockchain in response to the blockchain data query request;
and the data receiving unit is used for receiving the block data returned by the language prediction machine service program and the digital signature corresponding to the block data, and returning the block data to the trusted application under the condition that the digital signature is successfully verified through the public key corresponding to the language prediction machine service program.
15. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-13 by executing the executable instructions.
16. A computer-readable storage medium having stored thereon computer instructions, which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 13.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110513055.2A CN113221166A (en) | 2021-05-11 | 2021-05-11 | Method and device for acquiring block chain data, electronic equipment and storage medium |
| PCT/CN2021/133167 WO2022237123A1 (en) | 2021-05-11 | 2021-11-25 | Method and apparatus for acquiring blockchain data, electronic device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110513055.2A CN113221166A (en) | 2021-05-11 | 2021-05-11 | Method and device for acquiring block chain data, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113221166A true CN113221166A (en) | 2021-08-06 |
Family
ID=77094741
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110513055.2A Pending CN113221166A (en) | 2021-05-11 | 2021-05-11 | Method and device for acquiring block chain data, electronic equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113221166A (en) |
| WO (1) | WO2022237123A1 (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113472544A (en) * | 2021-08-31 | 2021-10-01 | 北京微芯感知科技有限公司 | Digital identity verification method and device, computer equipment and storage medium |
| CN113836147A (en) * | 2021-11-26 | 2021-12-24 | 广东辰宜信息科技有限公司 | Chain identifier generation method and device, chain cluster management method, system and medium |
| CN113901498A (en) * | 2021-10-15 | 2022-01-07 | 北京智融云河科技有限公司 | Data sharing method, device, equipment and storage medium |
| CN114172689A (en) * | 2021-11-11 | 2022-03-11 | 卓尔智联(武汉)研究院有限公司 | Information processing method and device |
| CN114240657A (en) * | 2021-12-15 | 2022-03-25 | 杭州趣链科技有限公司 | Data processing method, block chain, terminal device and storage medium |
| CN114338054A (en) * | 2022-03-17 | 2022-04-12 | 北京笔新互联网科技有限公司 | Block chain trusted data transmission, verification and acquisition method and device |
| CN114422215A (en) * | 2021-12-31 | 2022-04-29 | 国网安徽省电力有限公司合肥供电公司 | Cross-platform and trusted energy data sharing system and method based on block chain |
| WO2022237123A1 (en) * | 2021-05-11 | 2022-11-17 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for acquiring blockchain data, electronic device, and storage medium |
| CN117251883A (en) * | 2023-11-02 | 2023-12-19 | 中国南方电网有限责任公司 | Data reliability verification method, device, computer equipment and storage medium |
| US20230421570A1 (en) * | 2022-06-27 | 2023-12-28 | Unstoppable Domains, Inc. | Accessing data on a blockchain with proof of data verification |
| CN117579331A (en) * | 2023-11-15 | 2024-02-20 | 北京火山引擎科技有限公司 | Remote proving method, device, electronic equipment and storage medium |
| CN117728961A (en) * | 2024-02-07 | 2024-03-19 | 成都信息工程大学 | Method and system for trusted time service predictor in blockchain |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN111092914A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for accessing external data |
| CN112199701A (en) * | 2020-03-18 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Contract calling method and device |
| CN112329041A (en) * | 2020-03-18 | 2021-02-05 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
| CN112711774A (en) * | 2021-03-25 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109670335A (en) * | 2018-12-20 | 2019-04-23 | 众安信息技术服务有限公司 | For in the method and device interacted between data outside block chain and chain |
| CN109981679B (en) * | 2019-04-08 | 2021-08-10 | 上海点融信息科技有限责任公司 | Method and apparatus for performing transactions in a blockchain network |
| CN110598469B (en) * | 2019-09-11 | 2024-05-17 | 腾讯科技(深圳)有限公司 | Information processing method, device and computer storage medium |
| CN111429254B (en) * | 2020-03-19 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Business data processing method and device and readable storage medium |
| CN113221166A (en) * | 2021-05-11 | 2021-08-06 | 支付宝(杭州)信息技术有限公司 | Method and device for acquiring block chain data, electronic equipment and storage medium |
-
2021
- 2021-05-11 CN CN202110513055.2A patent/CN113221166A/en active Pending
- 2021-11-25 WO PCT/CN2021/133167 patent/WO2022237123A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN111092914A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for accessing external data |
| CN112199701A (en) * | 2020-03-18 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Contract calling method and device |
| CN112329041A (en) * | 2020-03-18 | 2021-02-05 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
| CN112711774A (en) * | 2021-03-25 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022237123A1 (en) * | 2021-05-11 | 2022-11-17 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for acquiring blockchain data, electronic device, and storage medium |
| CN113472544A (en) * | 2021-08-31 | 2021-10-01 | 北京微芯感知科技有限公司 | Digital identity verification method and device, computer equipment and storage medium |
| CN113901498A (en) * | 2021-10-15 | 2022-01-07 | 北京智融云河科技有限公司 | Data sharing method, device, equipment and storage medium |
| CN113901498B (en) * | 2021-10-15 | 2023-12-26 | 北京智融云河科技有限公司 | Data sharing method, device, equipment and storage medium |
| CN114172689A (en) * | 2021-11-11 | 2022-03-11 | 卓尔智联(武汉)研究院有限公司 | Information processing method and device |
| CN114172689B (en) * | 2021-11-11 | 2023-11-28 | 卓尔智联(武汉)研究院有限公司 | Information processing method and equipment |
| CN113836147A (en) * | 2021-11-26 | 2021-12-24 | 广东辰宜信息科技有限公司 | Chain identifier generation method and device, chain cluster management method, system and medium |
| CN114240657A (en) * | 2021-12-15 | 2022-03-25 | 杭州趣链科技有限公司 | Data processing method, block chain, terminal device and storage medium |
| CN114422215A (en) * | 2021-12-31 | 2022-04-29 | 国网安徽省电力有限公司合肥供电公司 | Cross-platform and trusted energy data sharing system and method based on block chain |
| CN114338054B (en) * | 2022-03-17 | 2022-06-07 | 北京笔新互联网科技有限公司 | Block chain trusted data transmission, verification and acquisition method and device |
| CN114338054A (en) * | 2022-03-17 | 2022-04-12 | 北京笔新互联网科技有限公司 | Block chain trusted data transmission, verification and acquisition method and device |
| US20230421570A1 (en) * | 2022-06-27 | 2023-12-28 | Unstoppable Domains, Inc. | Accessing data on a blockchain with proof of data verification |
| CN117251883A (en) * | 2023-11-02 | 2023-12-19 | 中国南方电网有限责任公司 | Data reliability verification method, device, computer equipment and storage medium |
| CN117251883B (en) * | 2023-11-02 | 2024-06-04 | 中国南方电网有限责任公司 | Data reliability verification method, device, computer equipment and storage medium |
| CN117579331A (en) * | 2023-11-15 | 2024-02-20 | 北京火山引擎科技有限公司 | Remote proving method, device, electronic equipment and storage medium |
| CN117728961A (en) * | 2024-02-07 | 2024-03-19 | 成都信息工程大学 | Method and system for trusted time service predictor in blockchain |
| CN117728961B (en) * | 2024-02-07 | 2024-05-28 | 成都信息工程大学 | Method and system for trusted time service predictor in blockchain |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022237123A1 (en) | 2022-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113221166A (en) | Method and device for acquiring block chain data, electronic equipment and storage medium | |
| CN112948810B (en) | Trusted computing program calling method and device, electronic equipment and storage medium | |
| US8572692B2 (en) | Method and system for a platform-based trust verifying service for multi-party verification | |
| EP3382537B1 (en) | Verifying that usage of virtual network function (vnf) by a plurality of compute nodes comply with allowed usage rights | |
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| CN112948153B (en) | Method and device for message cross-link transmission | |
| US20230259386A1 (en) | Data processing method based on container engine and related device | |
| CN112989319B (en) | Method, device, electronic equipment and storage medium for realizing trusted computing | |
| CN111740966B (en) | Data processing method based on block chain network and related equipment | |
| CN110245518B (en) | Data storage method, device and equipment | |
| US10783277B2 (en) | Blockchain-type data storage | |
| JP2014112892A (en) | Method and apparatus for providing security to devices | |
| KR20210151926A (en) | Version history management using blockchain | |
| AU2018391625B2 (en) | Re-encrypting data on a hash chain | |
| KR102134491B1 (en) | Network based management of protected data sets | |
| US11496302B2 (en) | Securely processing secret values in application configurations | |
| US11132449B2 (en) | Incorporating at-rest data encryption into a cloud-based storage architecture | |
| WO2022116761A1 (en) | Self auditing blockchain | |
| CN115248919A (en) | Method and device for calling function interface, electronic equipment and storage medium | |
| CN113704211B (en) | Data query method and device, electronic equipment and storage medium | |
| US20220045866A1 (en) | Method and system for authentication seal deployment in networked immutable transactions | |
| Galanou et al. | Trustworthy confidential virtual machines for the masses | |
| US20230244797A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| US20200220898A1 (en) | Providing attributes of a network service | |
| CN113849558A (en) | Method and device for deploying data sharing service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210806 |
|
| RJ01 | Rejection of invention patent application after publication |