CN113506107A - Method for realizing block chain link point virtualization and block chain link point - Google Patents
Method for realizing block chain link point virtualization and block chain link point Download PDFInfo
- Publication number
- CN113506107A CN113506107A CN202110689687.4A CN202110689687A CN113506107A CN 113506107 A CN113506107 A CN 113506107A CN 202110689687 A CN202110689687 A CN 202110689687A CN 113506107 A CN113506107 A CN 113506107A
- Authority
- CN
- China
- Prior art keywords
- node unit
- local node
- block
- remote node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000012795 verification Methods 0.000 claims description 80
- 230000008569 process Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 claims 1
- 238000012544 monitoring process Methods 0.000 claims 1
- 239000002699 waste material Substances 0.000 abstract description 4
- 230000000694 effects Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Abstract
A realization method for block link point virtualization and a block link point are provided, wherein the block link point comprises: a local node unit and a remote node unit, the local node unit running on a local host and the remote node unit deployed on a virtualization server, the method comprising: the local node unit performs operations related to user account security, and the remote node unit performs operations not related to user account security using resources of the virtualized server. On the premise of ensuring that the safety of each block chain link point is not reduced, the existing and universal virtualization service is flexibly used as required to build the block chain nodes through virtualization, so that the effects of reducing the cost of the block chain link points and reducing the resource waste are achieved.
Description
Technical Field
The present disclosure relates to the field of block chains, and more particularly, to a method for implementing block link point virtualization and a block link point.
Background
Block-linked points often require significant network, storage, and computational power, with many block-linked points deployed using dedicated hardware. These dedicated hardware have no other use than as block link points, and there is a significant waste of resources.
Virtualization is a resource management technology, so that resource users can flexibly use resources as required, and most cloud service providers provide virtualization schemes. However, there is a great security risk in directly deploying the block link points on the virtualized server through the virtualization technology.
Disclosure of Invention
The application provides a block chain link point virtualization implementation method and a block chain link point, so that the cost of the block chain link point is reduced, and the resource waste is reduced.
The application provides a method for realizing block chain link point virtualization, wherein the block chain link point comprises the following steps: a local node unit and a remote node unit, the local node unit running on a local host and the remote node unit deployed on a virtualization server, the method comprising:
the local node unit performs operations related to user account security, and the remote node unit performs operations not related to user account security using resources of the virtualized server.
Compared with the related art, in the embodiment of the application, the block link point comprises a local node unit and a remote node unit, the local node unit runs on a local host, the remote node unit is deployed on the virtualization server, the local node unit executes operations related to user account security, and the remote node unit executes operations not related to user account security by using resources of the virtualization server. According to the embodiment of the application, on the premise that the safety of each block chain link point is not reduced, the existing and universal virtualization service is flexibly used to build the block chain nodes as required through virtualization, so that the effects of reducing the cost of the block chain link points and reducing the resource waste are achieved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. Other advantages of the application may be realized and attained by the instrumentalities and combinations particularly pointed out in the specification, claims, and drawings.
Drawings
The accompanying drawings are included to provide an understanding of the present disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the examples serve to explain the principles of the disclosure and not to limit the disclosure.
Fig. 1 is a schematic composition diagram of a blockchain node according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for implementing block link point virtualization according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of a synchronization block according to an embodiment of the present application;
FIG. 4 is a flow chart of the method for drawing lots and generating candidate blocks by using the drawn consensus algorithm according to the embodiment of the present application;
FIG. 5 is a flowchart illustrating processing of a received candidate block using a consensus with draw algorithm according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating a candidate block generated by a non-drawing consensus algorithm according to an embodiment of the present application;
fig. 7 is a flowchart illustrating processing of received candidate blocks by a non-drawing consensus algorithm according to an embodiment of the present application.
Detailed Description
The present application describes embodiments, but the description is illustrative rather than limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or instead of any other feature or element in any other embodiment, unless expressly limited otherwise.
The present application includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements disclosed in this application may also be combined with any conventional features or elements to form a unique inventive concept as defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive aspects to form yet another unique inventive aspect, as defined by the claims. Thus, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not limited except as by the appended claims and their equivalents. Furthermore, various modifications and changes may be made within the scope of the appended claims.
Further, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other orders of steps are possible as will be understood by those of ordinary skill in the art. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Further, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present application.
As shown in fig. 1, the present embodiment divides the block link point into two parts: a local node unit and a remote node unit.
And the local node unit runs on the local host and is used for executing the operation related to the user account security.
The local node unit is deployed on a host machine controllable by a user, and the user can ensure the safety of the local node unit through network safety means such as a local firewall and the like and can also ensure the safety of a user key through safety equipment such as an UKey and the like. All operations related to the security of the user account are executed in the local node unit, such as: initiate a transaction request, participate in consensus, etc.
And the remote node unit is deployed on the virtualization server and used for executing operations which do not relate to the security of the user account by using the resources of the virtualization server.
The virtualization server may be a cloud server, a dedicated server, a personal computer, or the like, which may manage general computing resources, storage resources, and network resources through a virtualization technology.
The remote node unit is deployed on the virtualization server through virtualization technology, and uses storage resources and computing resources of the virtualization server. All operations not related to user account security may be performed at the remote node unit, such as: synchronization history block, World State maintenance and auxiliary participation consensus.
The interfaces of the remote node unit are as follows:
1) the remote node unit provides a historical block information retrieval interface and supports block-based retrieval, transaction-based retrieval, account number-based retrieval and the like.
2) The remote node unit provides a World State retrieval interface, supports the World State information retrieval, and at least comprises: searching account information in the World State corresponding to the root hash value of the specified World State, wherein the account information at least comprises the following steps: balance, extended information, etc.
3) The remote node unit provides a candidate block check interface. After receiving the candidate block, the local node unit delivers the candidate block to the remote node unit for verification.
4) The remote node unit provides a get unpackaged transaction aggregation interface.
5) When the consensus algorithm comprises a PoW algorithm, the remote node element provides an interface to execute the PoW algorithm.
The block link point of the embodiment of the present application includes: as shown in fig. 2, the method for implementing block link point virtualization according to the embodiment of the present application includes:
when the lifecycle of the remote node unit is controlled by the local node unit, the local node unit initiates the remote node unit deployed on a virtualization server through a virtualization server management interface.
In one embodiment, the local node unit controls the lifecycle of the remote node, which may include, but is not limited to, installation, update, uninstall, load, stop, status check of system image files, installation, update, uninstall, start, stop, status check of software packages.
The local node unit starts and stops the remote node unit through an interface of a virtualization service provider, and deploys software in the remote node unit through a virtualization server management interface.
In one embodiment, the local node unit detects the remote node unit's boot process and, upon verification of the signature, confirms booting of the remote node unit.
In an embodiment, the local node unit monitors the operating state of the remote node to confirm that the system, process, memory, network, IO, and file system states meet expectations.
In an embodiment, the local node unit presets an operation state reporting mechanism in a system image file of the remote node unit, periodically reports operation state information to the local node unit, detects the operation state information, and stops the operation of the remote node unit when the remote node unit operates abnormally.
In one embodiment, the local node unit periodically detects the operation status of the remote node unit through a detection means provided by a virtualization service, and stops the operation of the remote node unit when the remote node unit is found to be abnormal.
In an embodiment, the local node unit detects the remote node unit through the response of other nodes in the blockchain network to the message sent by the local node unit, and stops the remote node unit from operating when the response of other nodes in the blockchain network to the message sent by the local node unit is found to be abnormal.
The remote node unit may be hacked during operation to deploy its own software. When the local node unit makes a virtualized mirror image, it may add control on process start in the mirror image, for example, only the process passing signature verification can be started, and may also add a run-time detection program in the mirror image, and when the run-time program is found to be abnormal, it immediately notifies the local node unit and stops the remote node unit.
In one embodiment, the local node unit and the remote node unit communicate with each other through a secure channel, and the identity of the remote node unit is verified and the transmitted content is encrypted through the secure channel; wherein the identity key and certificate of the remote node unit are specified by the local node unit.
When the cloud server virtualization server where the remote node operates is provided by a network service provider, the secure channel is arranged in the access network, and the security of the secure channel in the transmission process is guaranteed by using the service of the network service provider.
In an embodiment, the local node unit uses a root certificate or a CA certificate of the remote node unit as a trusted certificate, the local node unit establishing a TLS/SSL-based communication channel with the remote node unit.
At step 202, the local node unit performs operations related to user account security, and the remote node unit performs operations not related to user account security using resources of the virtualized server.
The local node unit generates a transaction and signs the transaction.
The local node unit participates in block consensus, generates candidate blocks, participates in voting and notes recording, and signs the consensus blocks.
And the remote node unit synchronizes the historical block according to the block chain information provided by the local node, checks the validity of the transaction set in the historical block, maintains the World State, and provides block chain information, historical block information, historical transaction information, WorldState information and account information retrieval service for the local node.
Step 202 is described below as the execution of some operations.
1. When the operation related to the security of the user account is to initiate a transaction request, the local node unit executes the operation related to the security of the user account, which includes:
the local node unit generates a transaction, signs the transaction, generates a transaction request message, and sends the transaction request message to the blockchain network.
2. When the operation related to the user account security is participation in consensus and the operation not related to the user account security is a synchronization history block, as shown in fig. 3, the local node unit performs the operation related to the user account security, and the remote node unit performs the operation not related to the user account security using the resource of the virtualization server, which may include:
step 301, the local node unit obtains new block information according to the consensus.
The new block information at least includes a new block height, a block Hash, World State information, block header information, and the like, and the World State information at least includes a World State root Hash and the like.
In step 302, the local node unit sends the obtained block information to a remote node, requesting the remote node to synchronize a block corresponding to the block information with a history block.
And step 304, the remote node generates verification information which can prove the correctness and the integrity of the work content of the remote node according to the request information and the synchronization process information.
The remote node unit returns the synchronization results and the verification information to the local node, step 305.
And step 306, the local node unit receives the synchronization result and the verification information returned from the remote node and verifies the verification information.
3. And (3) participating in consensus:
the local node unit participates in block consensus, generates candidate blocks, participates in voting and notes recording, and signs the consensus blocks.
The remote node unit assists in participating in consensus, namely the local node unit participates in consensus and executes auxiliary work, wherein the auxiliary work comprises the steps of collecting and verifying unpacked transactions to form a transaction set, forming World State information containing the transaction set, and executing a PoW algorithm.
The consensus algorithm is of a wide variety, which also affects the interaction between the local node unit and the remote node unit.
The consensus algorithm with and without draw will be explained below.
1) Consensus with draw algorithm:
as shown in fig. 4, the method comprises the following steps:
And the local node unit finishes the drawing according to the drawing algorithm.
The local node unit may attach the block information obtained in step 401 when notifying the remote node unit.
Step 406, if the consensus algorithm comprises a PoW algorithm, the local node unit requests the remote node unit to execute the PoW algorithm and provides information of the generated candidate block.
Besides the above steps, the method further comprises a processing procedure of the received candidate block:
in drawing a lot or not, as shown in fig. 5, the method further includes:
step 409, the local node unit checks the block header of the candidate block received in this round, and sends the candidate block information, the transaction information in the candidate block and the world state root hash of the candidate block to the remote node unit, and requests the remote node unit to check the transaction set of the candidate block.
Step 411, the local node unit receives the verification information and the verification result from the remote node unit, verifies the verification information, and trusts the verification result from the remote node unit after the verification is passed; when the block header of the candidate block and the transaction set both pass the check, the local node unit determines that the candidate block is valid.
When the consensus algorithm comprises a voting algorithm, the local node unit votes and notes the valid candidate blocks, and generates new blocks of the current round from the valid candidate blocks according to the consensus algorithm, step 412.
In step 413, when the consensus algorithm does not include the voting algorithm, the local node unit generates a new block of the current round from the valid candidate blocks according to the consensus algorithm.
2) The consensus algorithm without drawing:
as shown in fig. 6, the method comprises the following steps:
step 501, the local node unit completes the previous round of consensus algorithm, takes the block obtained by the previous round of consensus algorithm as the current block, and starts a new round of consensus algorithm; the local node unit requests the remote node unit to collect unpackaged transactions and provide current block information.
And step 504, after the verification is passed, the local node unit generates a candidate block according to the transaction set generated by the remote node unit, the updated world state root hash and the block information.
And 505, if the consensus algorithm does not include the workload certification PoW algorithm, the local node unit sends the information of the candidate block to the blockchain network.
Besides the above steps, the method further comprises a processing procedure of the received candidate block:
in step 509, the local node unit checks the block header of the candidate block received in this round, and sends the candidate block information, the transaction information in the candidate block, and the world state root hash of the candidate block to the remote node unit, and requests the remote node unit to check the transaction set of the candidate block.
Step 511, the local node unit receives the verification information and the verification result from the remote node unit, verifies the verification information, and trusts the verification result from the remote node unit after the verification is passed; when the block header of the candidate block and the transaction set both pass the check, the local node unit determines that the candidate block is valid.
And step 512, when the consensus algorithm comprises a voting algorithm, the local node unit votes and notes the valid candidate blocks, and generates new blocks of the current round from the valid candidate blocks according to the consensus algorithm.
Step 513, when the consensus algorithm does not include the voting algorithm, the local node unit generates a new block of the current round from the valid candidate blocks according to the consensus algorithm
The following discussion is directed to security of remote node units
1. The process performed by the remote node unit does not result in the local node unit issuing illegitimate messages or even sending illegitimate messages without affecting the blockchain network.
The transaction message is generated entirely at the local node unit and the remote node unit cannot be counterfeited.
The set of transactions in the candidate block is generated by the remote node unit. When the transaction set contains fake transactions or packaged transactions, other nodes are easy to find, and therefore the blockchain network is not affected. When all transactions are not contained in the transaction set, the mechanism of the blockchain itself can ensure that the process does not affect the blockchain network. The World State of the candidate block is generated by the remote node unit. The local transaction checks its structure so the root hash of the World State can represent the new World State. When the new World State calculates an error, other nodes can easily find the error, and therefore, the block chain network is not affected.
The World State is maintained by the remote node unit. The validity of the World State can be ensured by the structure of the block chain.
2. The information returned by the remote node unit comprises checking information of working correctness and completeness of the remote node unit. The local node unit can verify the work of the remote node unit through the verification information and the block header information obtained by the local node unit.
3. The lifecycle of the remote node unit may be controlled by the local node unit when the operating environment of the remote node unit and the operating environment of the local node unit are of the same interest principal.
The life cycle of the remote node unit is controlled by the local node unit. The local node unit starts and stops the remote node unit through the interface of the virtualization service provider, and deploys software in the remote node unit through the interface of the virtualization service provider. The virtualization service provider provides a number of interfaces through which the virtualized instance can be verified. Taking docker as an example, a virtualized instance (container) run by docker has a corresponding relationship with its mirror image (image). The image id of the image is a digest of the image, and can identify the content of the image. The image is provided by the local node unit, which may know its image id in advance. The local node unit can check whether the image id corresponding to the virtualized instance is consistent with the image id deployed by the local node unit. In this manner, the local node unit may determine that the running instance of the remote node unit is as expected and valid.
The remote node unit may be hacked during operation to deploy its own software. When the local node unit makes a virtualized mirror image, it may add control on process start in the mirror image, for example, only the process passing signature verification can be started, and may also add a run-time detection program in the mirror image, and when the run-time program is found to be abnormal, it immediately notifies the local node unit and stops the remote node unit.
The local node element may also utilize services of the virtualization service provider to monitor the operational status of the remote node element. When an operational anomaly is found, the local node unit stops the remote node unit.
The local node unit can also indirectly judge whether the remote node unit has abnormity by using feedback of other nodes in the block chain network to the message sent by the local node unit. When an operational anomaly is found, the local node unit stops the remote node unit. For example, in the consensus process, the message sent by the remote node unit is always not correctly fed back for a period of time, and the remote node unit may be abnormal.
4. The remote node unit and the local node unit communicate using a secure channel.
The remote node unit and the local node unit communicate using a secure channel through which the transmitted content is encrypted. The secure channel encrypts all content for transmission.
The local node unit verifies the identity of the remote node unit through the secure channel.
The identity key and certificate of the remote node unit are specified by the local node unit when the lifecycle of the remote node unit is controlled by the local node unit. The identity key of the remote node may be specially secured. The local node unit may preset a unique security key, certificate, in the remote node unit image to establish a secure, secret communication channel between the remote node unit and the local node unit. Hacking such a unique secure key is difficult with little profit. Hackers can only attack one node, and when the attack is successful, only one node can be affected, so that the benefit is small. When the assets held by the nodes are large, the key management service of the virtualization service provider can be used for managing the security keys of the remote node units, and the key security of the remote nodes is further improved.
The secure channel preferentially runs in the access network, and the service of a network service provider is used for ensuring the security of the secure channel in the transmission process.
In the conditional case, the communication path between the local node unit and the remote node unit employs a private network, and the security of the communication path is enhanced using the services of the network provider. In this case the remote node unit operates in both networks, the interaction between the remote node unit and the local node unit is performed in a private network and the interaction between the remote node unit and the blockchain network is performed in the network in which the blockchain network is located. For example, the local node element is deployed within the access network and the remote node element is deployed on a virtualization server of the access network service provider.
5. An attack from the outside.
This attack is the same as the attack that a normal block link point faces. The defense means that ordinary block chain link point can adopt all adapt to the block chain node that this application embodiment provided.
The embodiment of the present application further provides a block link point, including: the system comprises a first memory, a first processor, a second memory and a second processor; the first memory is used for storing a first program used for executing operations related to user account security, the first processor is used for reading and executing the first program to realize the operations of the local node unit in the implementation method of block chain link point virtualization, the second memory is used for storing a second program used for executing operations not related to user account security, and the second processor is used for reading and executing the second program to realize the operations of the remote node unit in the implementation method of block chain link point virtualization.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (14)
1. A method for implementing block link point virtualization is characterized in that the block link node comprises: a local node unit and a remote node unit, the local node unit running on a local host and the remote node unit deployed on a virtualization server, the method comprising:
the local node unit performs operations related to user account security, and the remote node unit performs operations not related to user account security using resources of the virtualized server.
2. The method of claim 1,
the operations related to the security of the user account number comprise initiating a transaction request and participating in consensus;
the operations not related to user account security include synchronization history block, World State maintenance and assisted participation consensus.
3. The method of claim 1, further comprising:
and the local node unit and the remote node unit adopt a secure channel for communication, and the identity of the remote node unit is verified and the transmitted content is encrypted through the secure channel.
4. The method of claim 3, wherein when the virtualization server on which the remote node operates is provided by a network service provider, the secure channel is provided in an access network, and the secure channel is secured during transmission using a service of the network service provider.
5. The method of claim 2, wherein when the operation involving user account security is participation in consensus and the operation not involving user account security is a synchronization history block,
the local node unit executes operations related to user account security, and the operations comprise:
obtaining new block information according to the consensus;
sending the obtained block information to a remote node, and requesting the remote node to synchronize a block corresponding to the block information and a historical block;
receiving a synchronization result and verification information returned from the remote node, and verifying;
the remote node unit performs operations relating to security without a user account, including:
according to the block information provided by the local node, synchronizing historical blocks from the block chain network, and checking the historical blocks one by one to form World State;
the remote node generates verification information which can prove the correctness and the integrity of the work content of the remote node according to the request information and the synchronization process information;
and returning the synchronization result and the check information to the local node.
6. The method of claim 2, wherein when the operation related to the security of the user account is participation in consensus, the operation not related to the security of the user account is auxiliary participation in consensus, and the consensus process requires a draw,
the local node unit executes operations related to user account security, and the operations comprise:
the local node unit receives the new block and finishes drawing according to a drawing algorithm;
when drawing a lot, the local node unit requests the remote node unit to collect unpacked transactions, and the local node unit provides a current world state root hash;
the local node unit receives the unpacked transaction set, the World State Root Hash and the verification information returned from the remote node and verifies the verification information;
the local node unit generates a candidate block according to the transaction set generated by the remote node unit, the updated world state root hash and the block information after the verification is passed;
if the consensus algorithm does not contain a workload attestation (PoW) algorithm, the local node unit sends information of the candidate tiles to a blockchain network;
if the consensus algorithm comprises a PoW algorithm, the local node unit requesting the remote node unit to perform a PoW algorithm and providing information of the generated candidate block; receiving the algorithm result and the verification information from the remote node unit, verifying the verification information, putting the algorithm result into the candidate block after the verification is passed to form a new candidate block, and sending the new candidate block to the block chain network;
the remote node unit performs operations not related to user account security, including:
the remote node unit collects unpackaged transactions according to the request of the local node unit, verifies the unpackaged transactions, generates a transaction set and provides the transaction set for the local node unit; forming a new World State according to the World State Root Hash in the current block information in the request and the unpacked transaction, and obtaining an updated World State Root Hash and providing the updated World State Root Hash to the local node unit; generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and providing the verification information to the local node unit;
if the consensus algorithm comprises a PoW algorithm, the remote node unit performs the PoW algorithm on the candidate block received from the local node unit, generates an algorithm result and returns the algorithm result to the local node unit; and generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and providing the verification information to the local node unit.
7. The method of claim 6, wherein the local node unit performs operations relating to user account security while drawing a lot or not drawing a lot, further comprising:
the local node unit checks the block header of the candidate block received in the current round, sends the candidate block information, the transaction information in the candidate block and the world state root hash of the candidate block to the remote node unit, and requests the remote node unit to check the transaction set of the candidate block; the local node unit receives the verification information and the verification result from the remote node unit, verifies the verification information, and trusts the verification result from the remote node unit after the verification is passed; when the block header of the candidate block and the transaction set pass the verification, the local node unit determines that the candidate block is valid;
when the consensus algorithm comprises a voting algorithm, the local node unit votes and notes the effective candidate blocks, and generates new blocks of the current round from the effective candidate blocks according to the consensus algorithm;
when the consensus algorithm does not comprise the voting algorithm, the local node unit generates a new block of the current round from the effective candidate blocks according to the consensus algorithm;
the remote node unit performs operations not related to user account security, further comprising:
the remote node checks the transaction set of the candidate block according to the request of the local node, verifies the correctness of the candidate block world state root hash, generates a check result and returns the check result to the local node unit; and generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and returning the verification information to the local node unit.
8. The method of claim 2, wherein when the operation related to the security of the user account is participation consensus, the operation not related to the security of the user account is auxiliary participation consensus, and the consensus process does not require a draw,
the local node unit executes operations related to user account security, and the operations comprise:
the local node unit completes the previous round of consensus algorithm, takes the block obtained by the previous round of consensus algorithm as the current block, and starts a new round of consensus algorithm; requesting the remote node unit to collect an unpacked transaction set, the local node unit providing a current world state root hash;
the local node unit receives the unpacked transaction set, the World State Root Hash and the verification information returned from the remote node and verifies the verification information;
the local node unit generates a candidate block according to the transaction set generated by the remote node unit, the updated world state root hash and the block information after passing the verification;
if the consensus algorithm does not contain a workload attestation (PoW) algorithm, the local node unit sends information of the candidate tiles to a blockchain network;
if the consensus algorithm comprises a PoW algorithm, the local node unit requesting the remote node unit to perform a PoW algorithm and providing information of the generated candidate block; receiving the algorithm result and the verification information from the remote node unit, verifying the verification information, putting the algorithm result into the candidate block after the verification is passed to form a new candidate block, and sending the new candidate block to the block chain network;
the remote node unit performs operations not related to user account security, including:
the remote node unit collects unpackaged transactions according to the request of the local node unit, verifies the unpackaged transactions, generates a transaction set and provides the transaction set for the local node unit; forming a new World State according to the World State Root Hash in the current block information in the request and the unpacked transaction, and obtaining an updated World State Root Hash and providing the updated World State Root Hash to the local node unit; generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and providing the verification information to the local node unit;
if the consensus algorithm comprises a PoW algorithm, the remote node unit executes the PoW algorithm on the candidate block information received from the local node unit, generates an algorithm result and returns the algorithm result to the local node unit; and generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and providing the verification information to the local node unit.
9. The method of claim 8, wherein the local node element performs operations relating to user account security, further comprising:
the local node unit checks the block header of the candidate block received in the current round, sends the candidate block information, the transaction information in the candidate block and the world state root hash of the candidate block to the remote node unit, and requests the remote node unit to check the transaction set of the candidate block; the local node unit receives the verification information and the verification result from the remote node unit, verifies the verification information, and trusts the verification result from the remote node unit after the verification is passed; when the block header of the candidate block and the transaction set pass the verification, the local node unit determines that the candidate block is valid;
when the consensus algorithm comprises a voting algorithm, the local node unit votes and notes the effective candidate blocks, and generates new blocks of the current round from the effective candidate blocks according to the consensus algorithm;
when the consensus algorithm does not comprise the voting algorithm, the local node unit generates a new block of the current round from the effective candidate blocks according to the consensus algorithm;
the remote node unit performs operations not related to user account security, further comprising:
the remote node checks the transaction set of the candidate block according to the request of the local node, verifies the correctness of the candidate block world state root hash, generates a check result and returns the check result to the local node unit; and generating verification information which can prove the working correctness and integrity of the local node unit according to the request information and the execution process information and returning the verification information to the local node unit.
10. The method of claim 1, further comprising:
the local node unit is simultaneously connected with one or more remote node units;
the remote node unit may provide service to one or more local node units simultaneously.
11. The method of claim 1, further comprising:
the local node unit controls the life cycle of the remote node;
the local node unit monitors the operating state of the remote node;
the identity key and certificate of the remote node unit are specified by the local node unit.
12. The method of claim 11, wherein the local node unit monitoring the operational status of the remote node unit comprises at least one of:
the local node unit presets an operation state reporting mechanism in a system image file of the remote node unit, periodically reports operation state information to the local node unit, detects the operation state information, and stops the operation of the remote node unit when the remote node unit operates abnormally;
the local node unit detects the running state of the remote node unit regularly through a detection means provided by a virtualization service, and stops the remote node unit when the remote node unit is found to run abnormally;
the local node unit detects the remote node unit through the reaction of other nodes in the block chain network to the message sent by the local node unit, and stops the remote node unit when the abnormal reaction of other nodes in the block chain network to the message sent by the local node unit is found.
13. A block link point, comprising:
the local node unit runs on a local host and is used for executing the operation related to the security of the user account;
and the remote node unit is deployed on the virtualization server and uses the resources of the virtualization server for executing operations which do not relate to the security of the user account.
14. A block link point, comprising: the system comprises a first memory, a first processor, a second memory and a second processor; the first memory is used for storing a first program used for executing operations related to user account security, and the first processor is used for reading and executing the first program to realize the operations of the local node unit in the realization method of block chain link point virtualization according to any one of claims 1 to 12; the second memory is used for storing a second program for executing operations not related to user account security, and the second processor is used for reading and executing the second program to realize the operations of the remote node unit in the realization method of block link point virtualization according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110689687.4A CN113506107A (en) | 2021-06-21 | 2021-06-21 | Method for realizing block chain link point virtualization and block chain link point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110689687.4A CN113506107A (en) | 2021-06-21 | 2021-06-21 | Method for realizing block chain link point virtualization and block chain link point |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113506107A true CN113506107A (en) | 2021-10-15 |
Family
ID=78010620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110689687.4A Pending CN113506107A (en) | 2021-06-21 | 2021-06-21 | Method for realizing block chain link point virtualization and block chain link point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113506107A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111488393A (en) * | 2019-01-25 | 2020-08-04 | 国际商业机器公司 | Virtual block chain |
| CN111667268A (en) * | 2020-05-29 | 2020-09-15 | 中国工商银行股份有限公司 | Transaction method, node and system based on block chain |
| US20200342456A1 (en) * | 2019-03-18 | 2020-10-29 | Reliance Jio Infocomm Limited | Systems and methods for hybrid synchronization in virtual distributed ledger networks |
| US20210049157A1 (en) * | 2019-11-29 | 2021-02-18 | Alipay (Hangzhou) Information Technology Co., Ltd. | Taking snapshots of blockchain data |
| CN112541758A (en) * | 2020-12-01 | 2021-03-23 | 鲁静 | Multi-round voting type fault-tolerant sequencing consensus mechanism and method based on block chain |
| CN112988334A (en) * | 2021-05-06 | 2021-06-18 | 云宏信息科技股份有限公司 | Method and readable medium for managing multiple hosts in virtualized environment |
-
2021
- 2021-06-21 CN CN202110689687.4A patent/CN113506107A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111488393A (en) * | 2019-01-25 | 2020-08-04 | 国际商业机器公司 | Virtual block chain |
| US20200342456A1 (en) * | 2019-03-18 | 2020-10-29 | Reliance Jio Infocomm Limited | Systems and methods for hybrid synchronization in virtual distributed ledger networks |
| US20210049157A1 (en) * | 2019-11-29 | 2021-02-18 | Alipay (Hangzhou) Information Technology Co., Ltd. | Taking snapshots of blockchain data |
| CN111667268A (en) * | 2020-05-29 | 2020-09-15 | 中国工商银行股份有限公司 | Transaction method, node and system based on block chain |
| CN112541758A (en) * | 2020-12-01 | 2021-03-23 | 鲁静 | Multi-round voting type fault-tolerant sequencing consensus mechanism and method based on block chain |
| CN112988334A (en) * | 2021-05-06 | 2021-06-18 | 云宏信息科技股份有限公司 | Method and readable medium for managing multiple hosts in virtualized environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7199775B2 (en) | Data processing method, data processing device, node device, and computer program based on smart contract | |
| US9832177B2 (en) | Managing credentials in a computer system | |
| CN110633323B (en) | Service data storage method, device, storage medium and computer equipment | |
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| Paccagnella et al. | Custos: Practical tamper-evident auditing of operating systems using trusted execution | |
| CN112417379B (en) | Cluster license management method and device, authorization server and storage medium | |
| CN113098907B (en) | Group division method and device for block chain | |
| US8522361B2 (en) | Tokenized resource access | |
| US7996713B2 (en) | Server-to-server integrity checking | |
| EP1805571B1 (en) | Verifying binding of an initial trusted device to a secured processing system | |
| CN110598446A (en) | Block chain based test method and device, storage medium and computer equipment | |
| US20200106775A1 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| KR20080014878A (en) | Protected clock management based upon a non-trusted persistent time source | |
| CN104715183A (en) | Trusted verifying method and equipment used in running process of virtual machine | |
| CN110084600B (en) | Processing and verifying method, device, equipment and medium for resolution transaction request | |
| CN111460410A (en) | Server login method, device and system and computer readable storage medium | |
| US8646070B1 (en) | Verifying authenticity in data storage management systems | |
| Szalachowski | Padva: A blockchain-based tls notary service | |
| US20220294637A1 (en) | System and Method of Establishing a Trusted Relationship in a Distributed System | |
| CN111866044A (en) | Data acquisition method, device, equipment and computer readable storage medium | |
| CN116991948A (en) | Block data synchronization system and method, electronic device and storage medium | |
| CN110324315B (en) | Off-line authentication system and method thereof | |
| CN115589298B (en) | Method, device, system, equipment and medium for verifying information of block chain | |
| CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment | |
| CN113506107A (en) | Method for realizing block chain link point virtualization and block chain link point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |