CN113592677A - Education certificate management system based on alliance chain and building method - Google Patents

Abstract

The invention discloses an education certificate management system based on a alliance chain and a construction method thereof, wherein the management system comprises a user layer, an application layer, a data layer and a network layer; the user layer is a visual web interface of the system and provides different functional interfaces according to different user types; the application layer comprises an application service module and an application module; the data layer comprises a data interaction module and a data storage module; the network layer is responsible for information communication of each node, generates a new block by consensus and maintains stable operation of a block chain network; the network layer comprises a P2P network running a blockchain system decentralized, wherein a part of P2P nodes are combined with other routing devices to form an anycast network. The invention adopts a block chain technology to store the education certificate, based on the Fabric alliance chain, adopts an asymmetric encryption technology to ensure the safety of the certificate, adopts Kafka multichannel technology to optimize sequencing service, and performs performance test through the Fabric Tape, thereby realizing an education certificate information management and authentication system which ensures that data cannot be tampered and transparent and traceable.

Description

Education certificate management system based on alliance chain and building method

Technical Field

The invention belongs to the technical field of education certificate management, and particularly relates to an education certificate management system based on a alliance chain and a construction method thereof.

Background

Under the current social background of great competition, the fake certificate is inundated, and a user generally checks the authenticity of the certificate through a learning communication network, so that the efficiency is low, and wrong recognition and decision can be made under the conditions of certificate counterfeiting and untimely information updating on the network. The existing certificate management system cannot meet the requirement of quickly, efficiently and accurately verifying information by a human unit, and is difficult to resist illegal competition. Therefore, a large optimization space exists in the authentication and management system of the academic certificate.

Disclosure of Invention

The invention aims to provide an education certificate management system based on a alliance chain and a construction method thereof, and solves the technical problems that in the prior art, a certificate management system cannot meet the requirements of a user unit for quickly, efficiently and accurately verifying information, and is difficult to resist illegal competition.

In order to solve the technical problems, the invention adopts the following technical scheme:

the education certificate management system based on the alliance chain comprises a user layer, an application layer, a data layer and a network layer;

the user layer is a visual web interface of the system and provides different functional interfaces according to different user types;

the application layer comprises an application service module and an application module;

the data layer comprises a data interaction module and a data storage module;

the network layer is responsible for information communication of each node, generates a new block by consensus and maintains stable operation of a block chain network; the network layer comprises a P2P network running a blockchain system decentralized, wherein a part of P2P nodes are combined with other routing devices to form an anycast network.

Further optimizing, the user layer comprises a student interface, a certificate issuing user interface, an education management user management interface and a certificate verification user interface;

the student interface and the certificate verification user interface are foreground interfaces, and the certificate issuing user interface and the education management user management interface are background management interfaces.

Further optimization, the application service module comprises an authentication service and a security service; the authentication service carries out identity recognition based on MSP service and Fabric-CA, and the security service carries out security guarantee on nodes, accounts and transactions based on a consensus mechanism;

the application module comprises a user login function module, a user logout function module, a certificate data query function module, a certificate verification function module, a certificate revocation function module, a certificate information display function module, a personal information display function module and a personal information modification function module; wherein the certificate revocation is achieved by changing the certificate data state.

Further optimizing, the data interaction module is used for interaction of transaction information and completes a series of operations of transaction generation, endorsement, verification and query through an intelligent contract; the data storage module stores user information into a MySQL database in a data storage process, stores important information such as education certificates and the like which need to be stored in a confidential mode into a Fabric alliance chain, and caches partial data of the system into a redis database.

The method for establishing the education certificate management system based on the alliance chain comprises the following steps:

s1, building a user side system:

s11, completing the basic design of the front-end page by using html + css;

s12, using thymeleaf as a rear-end template engine for filling page data; meanwhile, permission management is realized by combining shiro;

s13, developing a project by using a maven aggregation technology, wherein five modules are arranged in the project, and the maven is used for managing the dependence of all the modules;

s14, integrating each system module by using a springboot frame, and configuring the whole system;

s15, the core web service module uses springmvc + spring + mybatis as an integral framework, and provides an external access interface through a controller control layer, a service business logic layer and a mapper data access layer, so that the functions of user login, user logout, certificate data query, certificate verification, certificate revocation, certificate information display, personal information modification and the like are realized; receiving the exception given to the control layer by the service logic layer through the global exception handler and carrying out corresponding processing; customizing the structure of the response data to ensure the uniform format of the back-end response data;

s16, the HyperLegger Fabric interaction module uses Fabric-java-sdk to provide Fabric network initialization operation, including creating a channel, adding a node into the channel, creating a Fabric access user, installing chain codes, executing intelligent contracts and the like;

s17, the system security module uses the shiro framework as a solution for project authentication and authorization;

s18, the system cache module uses redis as a cache solution of partial data of the system;

s2, Fabric Environment construction: installing cURL, Goang, gopm, Docker and Docker-compound on a Linux system, cloning a hyper-bridge/Fabric-samples storage library from githu.com, installing a hyper-bridge Fabric platform specific binary file and a configuration file of a specified version into a root directory of the Fabric-samples storage library, downloading a hyper-bridge Fabric mirror image file of the specified version, and completing environment construction;

s3, building a block chain network layer and RBAC background management system: compiling each configuration file according to the project design scheme, and generating each supporting file to create a block chain network; based on the constructed Fabric network, chain codes are compiled by using Fabric-sdk-go to interact with the blockchain, and a calling interface is provided for an application layer; the application layer uses SpringBoot + Layui to realize a background management system based on a user authority model;

s4, system testing and optimizing: the Fabric Probe may generate appropriate parameters for the Fabric's Smart contract to optimize system performance; directly establishing the number of gPC connections through the Fabric Tape, and sending the signed suggestion to a peer through the number of gPC clients to perform performance test;

s5, system use: the student interface and the certificate verification user interface are operated by logging in a foreground, and the certificate issuing user interface and the education management user interface are operated by logging in a background management interface.

Further optimization, in the step S11, the basic design of the front-end page includes a structural design and a style design of the web page; the technologies of javascript + jquery and the like are used for completing the basic interaction function of the front-end page, improving the use experience of the page and performing basic data access interaction with the rear-end interface.

Further optimization, in step S3, building a block chain network layer and RBAC background management system, specifically including the following steps:

s31, realizing by each organization: according to the design thought of the system, users are divided into four types, namely student users, certificate issuing users, education management users and certificate verification users, and each type of user corresponds to an organization; the specific implementation method is divided into three aspects from the Fabric network layer to the application layer:

s311, when a network is constructed, appropriate organization and node number need to be designed, and an appropriate endorsement strategy and a consensus algorithm are selected;

s312, when sdk is used for associating the web application with the network, a complete method is written to realize unification of the application method and the network design;

s313, the application layer needs to adopt an RBAC model for authority management, namely users with different roles in specific implementation show different interfaces, and the rear end calls different sdk methods.

S32, network layer configuration: the network structure of the Fabric is basically realized by configuration files, and the two most basic configuration files are a cryptogen module configuration file and a configxgen configuration file; besides the two basic configuration files, the construction of the network also needs to create a configuration file related to a docker image corresponding to each node, and the storage directory, domain name and port detailed information of the node data are established on the basis of configuration;

s33, interacting the application layer and the block chain: after the design of the block chain storage structure is finished, a system is built on the basis of the block chain and the cocochDB; in the management system, the security of data in the process of accessing the chain application and obtaining the data by other applications is not guaranteed, and the data needs to be encrypted when an interface is called;

and S34, unifying the data types of the upper-layer application and the chain application in the development process.

Further optimization, in step S5, the student user may check the existing certificate and apply for certificate verification; the certificate issuing user can apply for certificate issuing, issue certificates, apply for revocation certificates, inquire certificates, manage student users and apply for deletion students; the education management user can manage the certificate issuing user, the student user, the certificate issuing and revocation submitted by the certificate issuing user, delete the application, the revocation certificate and the query certificate of the student user and the like; the certificate verifying user can inquire the authenticity of the certificate and check the educational certificate shown by a certain student user.

Further optimizing, creating a digital file containing basic information, signing the certificate content by using a private key of a student user, and then attaching a signature to the certificate body; depending on the generated hash value, it may be verified whether the certificate content is tampered with; finally, a digital record is created on the alliance chain by using a private key, so that the consistency of the student user information and the certificate content is ensured; the certificate issuing user signs a digital certificate with complete certificate information by using a private key of the certificate issuing user, the hash value of the digital certificate is stored in a block chain, the chain code ensures that the certificate information is valid during each issuing and inquiring, and the digital certificate is distributed to the verification user during transaction output.

Further optimizing, the education management user uses the client user created by the organization manager certificate generated by the block chain network to execute the chain code operation and register the user operation; when an education management user distributes management users for certificate issuing users, a user is registered under a corresponding block chain organization, then a user name and a returned private key are bound to a newly added user record in a system, and then the certificate issuing users can use the user identity to access the block chain to execute chain code operation; the certificate issuing user accesses the network by using the bound blockchain user identity; the authority control of certificate state updating is determined by a program according to the user contexts of different block chains bound by the current user; querying a history record of a certain key by a GetHistoryForKey method of a chain code, namely querying a complete operation record of a certain certificate record;

the Fabric network realizes authority authentication based on PKI specification, a user with a block chain user certificate can access the network, each operation of the network needs a user signature, and meanwhile, endorsement transaction of multiple organization nodes can be set to ensure the transaction accuracy.

Compared with the prior art, the invention has the beneficial effects that:

1. the education certificate management system based on HyperLegger Fabric is designed, aiming at the phenomenon that the certificate authenticity is difficult to detect by all organizations due to the common counterfeiting phenomenon of the current academic calendar and other education certificates, a block chain technology is adopted to store the education certificates, based on the Fabry alliance chain, an asymmetric encryption technology is adopted to ensure the certificate safety, Kafka multi-channel technology optimization sequencing service is adopted, and the performance test is carried out through the Fabry Tape, so that the education certificate information management and authentication system which ensures that data cannot be falsified and transparent traceability is realized. The certificate authentication is carried out by schools and other authorities, user interaction is realized through a web foreground system, and the operations such as verification management and the like are carried out by education management departments, colleges and universities, personnel taking units and students, so that the fairness and transparency of the education certificates are promoted.

2. The decentralized authentication requirements are met: the application can weaken the defects brought by over-centralization and mediation of the existing authentication system, and the individual is used as a node to perform education certificate authentication, so that decentralization can be realized, the certificate issuing process is simplified, and low-cost shared education authentication is provided. The authorization of the student user can be used as a certificate to verify that the user accesses the certificate obtained by the student user, so that the authentication mode is changed, the authentication efficiency is improved, and the effective verification of the certificate is ensured.

3. Providing a secure and efficient educational certificate management system: the system is reasonable in design, and the high-efficiency operation of the system can be guaranteed by functional module division. The application of the block chain technology ensures that the education certificate is effective, accelerates the process of certificate checking and verification, accelerates the speed of information transmission in the society, ensures the safety and accuracy of the education certificate, meets the requirements of various education institutions, graduates and personnel units, and also conforms to the rapid pace trend of the current society.

Drawings

FIG. 1 is a diagram of a user-side project architecture according to the present invention;

FIG. 2 is a technical architecture design diagram of a federation chain-based educational certificate management system;

fig. 3 is a system functional block diagram of a federation chain-based educational certificate management system.

Detailed Description

In order to make the purpose and technical solution of the present invention clearer, the following will clearly and completely describe the technical solution of the present invention with reference to the embodiments of the present invention.

The first embodiment is as follows:

1-3, the educational certificate management system based on federation chain includes a user layer, an application layer, a data layer and a network layer;

the user layer is a visual web interface of the system and provides different functional interfaces according to different user types;

the application layer comprises an application service module and an application module;

the data layer comprises a data interaction module and a data storage module;

the network layer is responsible for information communication of each node, generates a new block by consensus and maintains stable operation of a block chain network; the network layer comprises a P2P network running a blockchain system decentralized, wherein a part of P2P nodes are combined with other routing devices to form an anycast network.

In this embodiment, the user layer includes a student interface, a certificate issuance user interface, an educational management user management interface, and a certificate verification user interface;

the student interface and the certificate verification user interface are foreground interfaces, and the certificate issuing user interface and the education management user management interface are background management interfaces.

In this embodiment, the application service module includes an authentication service and a security service; the authentication service carries out identity recognition based on MSP service and Fabric-CA, and the security service carries out security guarantee on nodes, accounts and transactions based on a consensus mechanism;

the application module comprises a user login function module, a user logout function module, a certificate data query function module, a certificate verification function module, a certificate revocation function module, a certificate information display function module, a personal information display function module and a personal information modification function module; wherein the certificate revocation is achieved by changing the certificate data state.

In this embodiment, the data interaction module is used for interaction of transaction information, and completes a series of operations of transaction generation, endorsement, verification and query through an intelligent contract; the data storage module stores user information into a MySQL database in a data storage process, stores important information such as education certificates and the like which need to be stored in a confidential mode into a Fabric alliance chain, and caches partial data of the system into a redis database.

The education certificate management system based on the alliance chain, wherein the database comprises various levels of academic certificates and various education honor certificates obtained by students, and the system provides the following operations:

a. the certificate issuing system is used for schools and other authoritative organizations to issue certificates to students;

b. the system is used for enterprises, public institutions, schools and students to inquire and verify education certificates which are acquired by the students, and is used for inquiry reference of human units and enrollment units;

c. the system is used for the education management department and the school to arrange and analyze the student certificates and the scores obtained from all aspects;

d. the students can classify and arrange the obtained education certificates;

the system takes the education certificate as the main component of the student education archive, the archive comprises the education certificate and other education certificates of students, the growth experience, the learning process and result, the mastered skills, the completed learning items and other detailed data are recorded and stored, and the system can be used as an important reference basis for the promotion of students and unit recruitment.

The users are divided into four types, namely student users, certificate issuing users (including schools and authorities issuing education certificates), education management users and certificate verification users. The student users are users who are issued certificates, and the student users are registered by the education institution; the certificate issuing user is a user with authority to issue the certificate, and comprises various authorities and schools for issuing the certificate; the education management user is a system administrator and is used for managing the certificate issuing authority of the certificate issuing user and managing the whole system; the certificate verification user is a user needing to verify the authenticity of the student certificate or inquire the certificate obtained by the student, and can carry out time-limited inquiry after taking the secret key given by the student user.

The user authorities are as follows: student users have the right to view existing certificates and apply for certificate verification. The certificate issuing user has the authority to apply for certificate issuing, issue certificates, apply for revocation certificates, inquire certificates, manage student users (the operation of adding and deleting the student users) and apply for deleting the student users. The education management user has the authority of managing the certificate issuing user, managing the student user, issuing and canceling the certificate submitted by the management certificate issuing user, deleting the application, canceling the certificate and inquiring the certificate of the student user and the like. The certificate verification user has the authority to inquire the authenticity of the certificate and check the educational certificate shown by a certain student user.

Based on the characteristics of the block chain, the certificate information is guaranteed to be not falsifiable and transparent and traceable, correct education certificate information is provided, and a database of the certificate information is constructed by using the Hyperhedger Fabric alliance chain.

Example two:

the method for establishing the education certificate management system based on the alliance chain comprises the following steps:

s1, building a user side system:

s11, completing the basic design of the front-end page by using html + css;

s12, using thymeleaf as a rear-end template engine for filling page data; meanwhile, permission management is realized by combining shiro;

s13, developing a project by using a maven aggregation technology, wherein five modules are arranged in the project, and the maven is used for managing the dependence of all the modules;

s14, integrating each system module by using a springboot frame, and configuring the whole system;

s15, the core web service module uses springmvc + spring + mybatis as an integral framework, and provides an external access interface through a controller control layer, a service business logic layer and a mapper data access layer, so that the functions of user login, user logout, certificate data query, certificate verification, certificate revocation, certificate information display, personal information modification and the like are realized; receiving the exception given to the control layer by the service logic layer through the global exception handler and carrying out corresponding processing; customizing the structure of the response data to ensure the uniform format of the back-end response data;

s16, the HyperLegger Fabric interaction module uses Fabric-java-sdk to provide Fabric network initialization operation, including creating a channel, adding a node into the channel, creating a Fabric access user, installing chain codes, executing intelligent contracts and the like;

s17, the system security module uses the shiro framework as a solution for project authentication and authorization;

s18, the system cache module uses redis as a cache solution of partial data of the system;

s2, Fabric Environment construction: installing cURL, Goang, gopm, Docker and Docker-compound on a Linux system, cloning a hyper-bridge/Fabric-samples storage library from githu.com, installing a hyper-bridge Fabric platform specific binary file and a configuration file of a specified version into a root directory of the Fabric-samples storage library, downloading a hyper-bridge Fabric mirror image file of the specified version, and completing environment construction;

s3, building a block chain network layer and RBAC background management system: compiling each configuration file according to the project design scheme, and generating each supporting file to create a block chain network; based on the constructed Fabric network, chain codes are compiled by using Fabric-sdk-go to interact with the blockchain, and a calling interface is provided for an application layer; the application layer uses SpringBoot + Layui to realize a background management system based on a user authority model;

s4, system testing and optimizing: the Fabric Probe may generate appropriate parameters for the Fabric's Smart contract to optimize system performance; directly establishing the number of gPC connections through the Fabric Tape, and sending the signed suggestion to a peer through the number of gPC clients to perform performance test;

s5, system use: the student interface and the certificate verification user interface are operated by logging in a foreground, and the certificate issuing user interface and the education management user interface are operated by logging in a background management interface.

In this embodiment, in step S11, the basic design of the front page includes a structural design and a style design of the web page; the technologies of javascript + jquery and the like are used for completing the basic interaction function of the front-end page, improving the use experience of the page and performing basic data access interaction with the rear-end interface.

In this embodiment, in step S3, the building a block chain network layer and RBAC background management system specifically includes the following steps:

s31, realizing by each organization: according to the design thought of the system, users are divided into four types, namely student users, certificate issuing users, education management users and certificate verification users, and each type of user corresponds to an organization; the specific implementation method is divided into three aspects from the Fabric network layer to the application layer:

s311, when a network is constructed, appropriate organization and node number need to be designed, and an appropriate endorsement strategy and a consensus algorithm are selected;

s312, when sdk is used for associating the web application with the network, a complete method is written to realize unification of the application method and the network design;

s313, the application layer needs to adopt an RBAC model for authority management, namely users with different roles in specific implementation show different interfaces, and the rear end calls different sdk methods.

S32, network layer configuration: the network structure of the Fabric is basically realized by configuration files, and the two most basic configuration files are a cryptogen module configuration file and a configxgen configuration file; besides the two basic configuration files, the construction of the network also needs to create a configuration file related to a docker image corresponding to each node, and the storage directory, domain name and port detailed information of the node data are established on the basis of configuration;

s33, interacting the application layer and the block chain: after the design of the block chain storage structure is finished, a system is built on the basis of the block chain and the cocochDB; in the management system, the security of data in the process of accessing the chain application and obtaining the data by other applications is not guaranteed, and the data needs to be encrypted when an interface is called;

and S34, unifying the data types of the upper-layer application and the chain application in the development process.

In this embodiment, in step S5, the student user may check the existing certificate and apply for certificate verification; the certificate issuing user can apply for certificate issuing, issue certificates, apply for revocation certificates, inquire certificates, manage student users and apply for deletion students; the education management user can manage the certificate issuing user, the student user, the certificate issuing and revocation submitted by the certificate issuing user, delete the application, the revocation certificate and the query certificate of the student user and the like; the certificate verifying user can inquire the authenticity of the certificate and check the educational certificate shown by a certain student user.

In the embodiment, a digital file containing basic information is created, the content of the certificate is signed by using a private key of a student user, and then the signature is attached to the certificate body; depending on the generated hash value, it may be verified whether the certificate content is tampered with; finally, a digital record is created on the alliance chain by using a private key, so that the consistency of the student user information and the certificate content is ensured; the certificate issuing user signs a digital certificate with complete certificate information by using a private key of the certificate issuing user, the hash value of the digital certificate is stored in a block chain, the chain code ensures that the certificate information is valid during each issuing and inquiring, and the digital certificate is distributed to the verification user during transaction output.

In this embodiment, the education management user performs a chain code operation and a registered user operation using a client user created by an organization administrator certificate generated by a block chain network; when an education management user distributes management users for certificate issuing users, a user is registered under a corresponding block chain organization, then a user name and a returned private key are bound to a newly added user record in a system, and then the certificate issuing users can use the user identity to access the block chain to execute chain code operation; the certificate issuing user accesses the network by using the bound blockchain user identity; the authority control of certificate state updating is determined by a program according to the user contexts of different block chains bound by the current user; querying a history record of a certain key by a GetHistoryForKey method of a chain code, namely querying a complete operation record of a certain certificate record;

the Fabric network realizes authority authentication based on PKI specification, a user with a block chain user certificate can access the network, each operation of the network needs a user signature, and meanwhile, endorsement transaction of multiple organization nodes can be set to ensure the transaction accuracy.

The system realizes system optimization by using various technologies and related algorithms such as a block chain encryption technology, a Kafka multichannel technology and the like; the ranking service is an important ring in the consensus mechanism, and all transactions can achieve the network-wide consensus through the ranking of the ranking service. Kafka mainly provides distributed message processing and distribution services, and each Kafka cluster is composed of a plurality of service nodes. The Hyperledger Fabric utilizes Kafka to sequence transaction information, provides high-throughput and low-delay processing capability, and supports node fault tolerance inside the cluster.

In the Fabric consensus process, the endorsement node verifies the signature of the client and then executes the intelligent contract code simulation transaction. And after the transaction processing is finished, signing the transaction information and returning the signature to the client. And the client sends the signed transaction information to the sequencing service node for sequencing. And the sequencing service node sequences and packages the transaction information into blocks, broadcasts the blocks to the accounting node, and writes the blocks into a block chain.

The system provides performance testing and optimizing functions and optimizes system performance. The Fabric Probe may generate appropriate parameters for the Fabric's Smart contract. Since different block parameters, networks, link languages and link logic may affect the final TPS, Probe may provide a method of controlling SUT and LGC, providing loop test control for a given array of block parameters, and providing TPS result review via GUI to find the best block configuration logic for a particular link of a particular fabric network.

The Fabric Tape is a flow generator used for executing performance test, the number of gPC connections can be directly established, and the signed suggestion is sent to a peer side through the number of gPC clients for performance test.

The above embodiments are merely illustrative of the technical ideas and features of the present invention, and the purpose thereof is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (10)

1. The education certificate management system based on the alliance chain is characterized by comprising a user layer, an application layer, a data layer and a network layer;

the user layer is a visual web interface of the system and provides different functional interfaces according to different user types;

the application layer comprises an application service module and an application module;

the data layer comprises a data interaction module and a data storage module;

the network layer is responsible for information communication of each node, generates a new block by consensus and maintains stable operation of a block chain network; the network layer comprises a P2P network running a blockchain system decentralized, wherein a part of P2P nodes are combined with other routing devices to form an anycast network.

2. The federation chain-based education certificate management system of claim 1, wherein the user layer comprises a student interface, a certificate issuance user interface, an education management user management interface, and a certificate verification user interface;

the student interface and the certificate verification user interface are foreground interfaces, and the certificate issuing user interface and the education management user management interface are background management interfaces.

3. A federation chain-based educational certificate management system as claimed in claim 1, wherein the application service module comprises an authentication service and a security service; the authentication service carries out identity recognition based on MSP service and Fabric-CA, and the security service carries out security guarantee on nodes, accounts and transactions based on a consensus mechanism;

the application module comprises a user login function module, a user logout function module, a certificate data query function module, a certificate verification function module, a certificate revocation function module, a certificate information display function module, a personal information display function module and a personal information modification function module; wherein the certificate revocation is achieved by changing the certificate data state.

4. A federation chain-based education certificate management system as claimed in claim 1, wherein the data interaction module is used for interaction of transaction information, and a series of operations of transaction generation, endorsement, verification and inquiry are completed through intelligent contracts; the data storage module stores user information into a MySQL database in a data storage process, stores important information such as education certificates and the like which need to be stored in a confidential mode into a Fabric alliance chain, and caches partial data of the system into a redis database.

5. A building method of a federation chain-based education certificate management system based on any one of claims 1-4, characterized by comprising the following steps:

s1, building a user side system:

s11, completing the basic design of the front-end page by using html + css;

s12, using thymeleaf as a rear-end template engine for filling page data; meanwhile, permission management is realized by combining shiro;

s13, developing a project by using a maven aggregation technology, wherein five modules are arranged in the project, and the maven is used for managing the dependence of all the modules;

s14, integrating each system module by using a springboot frame, and configuring the whole system;

s15, the core web service module uses springmvc + spring + mybatis as an integral framework, and provides an external access interface through a controller control layer, a service business logic layer and a mapper data access layer, so that the functions of user login, user logout, certificate data query, certificate verification, certificate revocation, certificate information display, personal information modification and the like are realized; receiving the exception given to the control layer by the service logic layer through the global exception handler and carrying out corresponding processing; customizing the structure of the response data to ensure the uniform format of the back-end response data;

s16, the HyperLegger Fabric interaction module uses Fabric-java-sdk to provide Fabric network initialization operation, including creating a channel, adding a node into the channel, creating a Fabric access user, installing chain codes, executing intelligent contracts and the like;

s17, the system security module uses the shiro framework as a solution for project authentication and authorization;

s18, the system cache module uses redis as a cache solution of partial data of the system;

s2, Fabric Environment construction: installing cURL, Goang, gopm, Docker and Docker-compound on a Linux system, cloning a hyper-bridge/Fabric-samples storage library from githu.com, installing a hyper-bridge Fabric platform specific binary file and a configuration file of a specified version into a root directory of the Fabric-samples storage library, downloading a hyper-bridge Fabric mirror image file of the specified version, and completing environment construction;

s3, building a block chain network layer and RBAC background management system: compiling each configuration file according to the project design scheme, and generating each supporting file to create a block chain network; based on the constructed Fabric network, chain codes are compiled by using Fabric-sdk-go to interact with the blockchain, and a calling interface is provided for an application layer; the application layer uses SpringBoot + Layui to realize a background management system based on a user authority model;

s4, system testing and optimizing: the Fabric Probe may generate appropriate parameters for the Fabric's Smart contract to optimize system performance; directly establishing the number of gPC connections through the Fabric Tape, and sending the signed suggestion to a peer through the number of gPC clients to perform performance test;

s5, system use: the student interface and the certificate verification user interface are operated by logging in a foreground, and the certificate issuing user interface and the education management user interface are operated by logging in a background management interface.

6. The building method of the education certificate management system based on the alliance chain as claimed in claim 5, wherein in the step S11, the basic design of the front end page comprises the structural design and the style design of the web page; the technologies of javascript + jquery and the like are used for completing the basic interaction function of the front-end page, improving the use experience of the page and performing basic data access interaction with the rear-end interface.

7. The method for building an education certificate management system based on a federation chain as claimed in claim 5, wherein in the step S3, building a block chain network layer and RBAC background management system specifically comprises the following steps:

s31, realizing by each organization: according to the design thought of the system, users are divided into four types, namely student users, certificate issuing users, education management users and certificate verification users, and each type of user corresponds to an organization; the specific implementation method is divided into three aspects from the Fabric network layer to the application layer:

s311, when a network is constructed, appropriate organization and node number need to be designed, and an appropriate endorsement strategy and a consensus algorithm are selected;

s312, when sdk is used for associating the web application with the network, a complete method is written to realize unification of the application method and the network design;

s313, the application layer needs to adopt an RBAC model for authority management, namely users with different roles in specific implementation show different interfaces, and the rear end calls different sdk methods.

S32, network layer configuration: the network structure of the Fabric is basically realized by configuration files, and the two most basic configuration files are a cryptogen module configuration file and a configxgen configuration file; besides the two basic configuration files, the construction of the network also needs to create a configuration file related to a docker image corresponding to each node, and the storage directory, domain name and port detailed information of the node data are established on the basis of configuration;

s33, interacting the application layer and the block chain: after the design of the block chain storage structure is finished, a system is built on the basis of the block chain and the cocochDB; in the management system, the security of data in the process of accessing the chain application and obtaining the data by other applications is not guaranteed, and the data needs to be encrypted when an interface is called;

and S34, unifying the data types of the upper-layer application and the chain application in the development process.

8. The method for building an education certificate management system based on alliance chain as claimed in claim 5 wherein in step S5, student user can check existing certificate and apply for certificate verification; the certificate issuing user can apply for certificate issuing, issue certificates, apply for revocation certificates, inquire certificates, manage student users and apply for deletion students; the education management user can manage the certificate issuing user, the student user, the certificate issuing and revocation submitted by the certificate issuing user, delete the application, the revocation certificate and the query certificate of the student user and the like; the certificate verifying user can inquire the authenticity of the certificate and check the educational certificate shown by a certain student user.

9. The method for building an education certificate management system based on the alliance chain as claimed in claim 5, wherein a digital file containing basic information is created, the certificate content is signed by using a private key of a student user, and then the certificate body is signed; depending on the generated hash value, it may be verified whether the certificate content is tampered with; finally, a digital record is created on the alliance chain by using a private key, so that the consistency of the student user information and the certificate content is ensured; the certificate issuing user signs a digital certificate with complete certificate information by using a private key of the certificate issuing user, the hash value of the digital certificate is stored in a block chain, the chain code ensures that the certificate information is valid during each issuing and inquiring, and the digital certificate is distributed to the verification user during transaction output.

10. The method for building an education certificate management system based on a federation chain as claimed in claim 5, wherein the education management user uses a client user created by an organization administrator certificate generated by a block chain network to execute a chain code operation and a registered user operation; when an education management user distributes management users for certificate issuing users, a user is registered under a corresponding block chain organization, then a user name and a returned private key are bound to a newly added user record in a system, and then the certificate issuing users can use the user identity to access the block chain to execute chain code operation; the certificate issuing user accesses the network by using the bound blockchain user identity; the authority control of certificate state updating is determined by a program according to the user contexts of different block chains bound by the current user; querying a history record of a certain key by a GetHistoryForKey method of a chain code, namely querying a complete operation record of a certain certificate record;

the Fabric network realizes authority authentication based on PKI specification, a user with a block chain user certificate can access the network, each operation of the network needs a user signature, and meanwhile, endorsement transaction of multiple organization nodes can be set to ensure the transaction accuracy.

Images