CN114301624A - Block chain-based tamper-proof system applied to financial business - Google Patents
Block chain-based tamper-proof system applied to financial business Download PDFInfo
- Publication number
- CN114301624A CN114301624A CN202111406189.0A CN202111406189A CN114301624A CN 114301624 A CN114301624 A CN 114301624A CN 202111406189 A CN202111406189 A CN 202111406189A CN 114301624 A CN114301624 A CN 114301624A
- Authority
- CN
- China
- Prior art keywords
- data
- hash
- client
- database
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain-based tamper-proof system applied to financial services, which has the following advantages: the system encrypts the logs through a block chain technology and realizes that the operation logs are packaged into block chain links, protection can be realized without any application program modification, and block information can be used for tracing historical operations to support information inquiry for auditing, evidence obtaining and other purposes, so that the system is favorable for protecting data from being attacked by any attacker or high-privilege users (including a database administrator (DBA), a system administrator and a cloud administrator), and the system has stronger anti-tampering performance; the distributed mechanism of the system supports a plurality of nodes to share the state of a business process, all the nodes can record and verify the integrity of stored data, meanwhile, the problems that the computing power is greatly wasted and the block discharging speed is low due to a workload (POW) -based consensus algorithm of a traditional block chain system are improved, the system is more suitable for the requirements of a financial system on the performance of a storage system, and the whole process consumes less time.
Description
Technical Field
The invention relates to the technical field of financial block chains, in particular to a block chain-based tamper-proof system applied to financial business.
Background
Blockchains are a term of art in information technology. In essence, the system is a shared database, and the data or information stored in the shared database has the characteristics of 'unforgeability', 'whole-course trace', 'traceability', 'public transparency', 'collective maintenance', and the like. Based on the characteristics, the block chain technology lays a solid 'trust' foundation, creates a reliable 'cooperation' mechanism and has wide application prospect. Blockchain technology is also widely used in the financial field. In financial systems where existing financial system storage systems have high security requirements, establishing trust around the integrity of data stored in a database system has long been a problem. The traditional auditing mode needs to be implemented by field inspection, such as checking auditing logs, checking identity authentication and checking access control. While these manual processes may expose potential security breaches, they do not provide strong evidence that the data has not been tampered with, the tamper resistance of conventional systems is poor, and the overall process is very time consuming.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a block chain-based anti-tampering system applied to financial business, which has the advantages of strong anti-tampering performance, high safety, low calculation power, short time consumption of system application and the like, and solves the problems of poor system safety, low anti-tampering performance and time consumption of the system application operation process in the prior art.
(II) technical scheme
In order to achieve the purposes of strong anti-tampering performance, high safety, low calculation power and short time consumption of system application, the invention provides the following technical scheme: a block chain-based tamper-proof system applied to financial business comprises the following steps:
(1) the storage system initially creates odd database working nodes, the system randomly distributes a master database in a random time period, and the rest nodes are used as slave databases;
(2) the application system or the client accesses the storage system by carrying a specific access token;
(3) each transaction received by the storage system needs to be subjected to hash encryption processing;
(4) the master database caches the log after receiving the data writing request, and then transmits the log to the slave database;
(5) after receiving data from the database as cache, sending a 'cache completion' mark to the master database;
(6) if the master database receives more than half of slave nodes to finish caching marks, the log cache is written into the database, and the written log marks are transmitted to the slave database;
(7) completing the writing of the respective data logs after receiving the written logs from the database;
(8) when the primary database is not available, the election of the primary data is restarted.
Preferably, the system can select whether to use alone or join the existing data system network when initializing,
data system initialization used alone:
the administrator inputs the password as the network password of the data system, the system generates an initialized encrypted data signature according to the network password of the data system, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the signature data structure comprises: unique hash identification (obtained by performing HMAC hash on administrator password, network card MAC address, disk system serial number, initialization node number, current time and random number), initialization log encrypted by using administrator key, and hash identification of data system (the value of the new system is the hash identification of the local computer);
after the data system is initialized according to the logic, generating a public key file and a secret key file;
data system initialization to prepare for joining an existing data system network:
the administrator inputs the password and IP address of the data system to be added, after the password is verified to be correct by the node to be added, the public key file of the data system to be added is uploaded, the network administrator inputs the password of the current data system, the system generates an initialized encrypted data signature according to the password of the current administrator, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the data structure comprises: the unique hash mark (obtained by performing HMAC hash on an administrator password, a network card MAC address, a disk system serial number, the number of initialization nodes, the current time and a random number), the initialization log encrypted by using an administrator key and the hash mark of a data system to be added. Through the process, the initialization of the data system and the addition of the physical trusted nodes of the data network can be realized, and the possibility of counterfeit addition of the non-trusted data nodes of the third party is avoided.
Preferably, in order to restrict access to the data system by the untrusted client, the data system accepts only packets carrying legitimate tokens, wherein a token consists of three parts: the system comprises a head, a load and a signature, wherein the head indicates the data source and the type, the load is a corresponding operation command, and the signature is an authorization code issued by a data system;
the authorization code and authorization key issuing process is as follows:
(1) the client accesses the data system to apply;
(2) the client uploads a client public key;
(3) the data system records the IP address and the public key of the client, and a system administrator inputs an administrator password and the failure time in the background and then passes the authorization;
(4) the data system generates an authorization code through encryption of a client public key according to the client IP address, the client public key file md5 code, the application time and the random number;
(5) the data system generates an AES key which is used as an authorization key for communication between the client and the data system, and the authorization key and the authorization code are encrypted by using a client public key and then transmitted to the client;
(6) after the client side decrypts by using the key, storing an authorization key and an authorization code;
communication verification flow:
(1) in the client request, the header, the load data and the signature data are encrypted by an authorized key in an AES (advanced encryption standard) mode, and after encryption is completed, BASE64 encoding is carried out and the encrypted data are sent to a data system for verification;
(2) after receiving the data packet, the data system carries out BASE64 decoding, and judges which pair of authorization keys is used according to the source of the request IP address;
(3) verifying whether the decryption can be normally performed or not, and if the decryption cannot be normally performed, considering that the illegal request is discarded;
(4) after decryption, whether the actual source is consistent with the data request source is verified, if not, the illegal request is determined to be discarded;
(5) verifying whether the authorization codes are consistent or not, and if not, determining that the illegal request is discarded;
(6) after verification is completed, processing the request according to the decrypted load data;
(7) and after the processing is finished, returning a processing result obtained by using the authorization key to carry out AES encryption.
Preferably, the log structure is divided into three parts: and the hash value of the previous transaction is used as the input of the current hash function, the operation content of the current transaction and the transaction hash trusted tree. After receiving a client request, the storage system interacts with a main node, the main node performs hash encryption on a transaction and then packs the transaction into a block, the block comprises a hash value of the previous operation, the current operation content and a hash credible tree of the current transaction, the continuity of all data operation transactions is ensured, and more than half of nodes perform writing after confirming block information; the blocks are organized through a Merkle tree, when a single block is tampered, the corresponding hash changes, when the transaction on the chain involves error data, the consensus mechanism can detect and reject the tampered data, and the fact that most of the remaining healthy nodes on the chain continue to jointly identify the blocks is guaranteed.
Preferably, the hash value in the log is defined as M, the system random number is N, the current database node number is C, the expected return result length is σ, the memory size is R, the iteration number is λ, the current data system election option number is ρ, the system key is K, and the transaction content is X.
(1) And calculating a 64-bit hash value required to be generated by current log encryption, wherein the formula is as follows:
U0=U(C,σ,R,λ,ρ,2,<M>,M,<N>,N,<K>,K,<X>,X)
(2) calculating the required memory block:
the blocks are stored in a matrix of Q [ i ] [ j ], with C rows and L ═ r' ÷ C columns, defined as follows for the block values in the λ -th iteration:
Qλ[i][j],λ>0
the block value calculation method comprises the following steps:
Q1[i][j]=G(Q1[i][j-1],Q1[i′][j′]),0≤i≤C,2≤j≤L;
u' is a variable length hash algorithm based on U in the Blake2b hash algorithm, Blake2b is a Blake2b hash algorithm function according to a G (m, n) function, and the method realizes receiving data with the length of two 1024 bytes, hashing the data and outputting data with one 1024 byte.
For λ >1, there is always:
the final block value calculation formula is:
carrying out variable-length hash on the encryption data, namely, outputting the encryption data as final encryption:
Result=H′(Qf)。
preferably, the working node condition and the internal details of the storage system are invisible to an upper application system, and the working details of a database engine in the storage system are invisible to the outside and can not be directly operated; all operations of the client can be carried out only by carrying an access token to unlock the system; communication between nodes requires a white list mechanism through the system public key and TLS-based protocol.
Preferably, a plurality of storage nodes can communicate with each other only by authorization, a plurality of database working nodes use a consensus algorithm based on a voting mechanism, one master node is selected, other machines become slave nodes, subsequent log operation is dominated by the master node, log data can only flow to the slave nodes from the master node, when one node is down or is disconnected with other machines, the master node is reselected again, and if more than half of the machines are normal, the system can still normally provide service, so that the breakdown of a down network of a single node or the falsification of data is avoided; the master node is represented by a continuous self-increment task number, the task number divides time into pieces, one task number represents a period of time, each node stores which task belongs to currently, communication among the nodes is accompanied by the task, and if the task is found to be larger than the task of the master node, the task of the master node is updated; if the period is found to be less than the own period, the request of the other party is rejected, and only one main node is elected in one period number.
(III) advantageous effects
Compared with the prior art, the invention provides a block chain-based tamper-proof system applied to financial services, which has the following beneficial effects:
1. according to the block chain-based tamper-proof system applied to financial business, logs are encrypted through a block chain technology, operation logs are packaged into block chaining, protection can be achieved without any application program change, block information can be used for tracing historical operation to support information inquiry for auditing, evidence obtaining and other purposes, and data can be protected from attacks of attackers or high-privilege users (including database administrators (DBAs), system administrators and cloud administrators). The traditional auditing mode needs to be implemented by field inspection, such as checking auditing logs, checking identity authentication and checking access control. Although these manual processes may expose potential security holes, they cannot provide strong evidence that the data is not tampered with, and the whole process is time-consuming, the block chain technique used by the system can automatically discover and discard the tampered or wrong data node, so that the tamper-proof performance of the system is strong.
2. According to the block chain-based tamper-resistant system applied to financial services, a distributed mechanism of the system supports multiple nodes to share the state of a service process, the whole service node is managed through a voting-based consensus algorithm, all the nodes can record and verify the integrity of stored data, meanwhile, the problems that the computing power is greatly wasted and the block discharging speed is low due to a workload (POW) -based consensus algorithm of a traditional block chain system are solved, the requirements of the financial system on the performance of a storage system are better met, and the time consumed in the whole process is shorter.
Drawings
Fig. 1 is a schematic flow structure diagram of a block chain-based tamper-resistant system applied to financial services according to the present invention;
fig. 2 is a schematic diagram of a log structure of a block chain-based tamper-resistant system applied to financial services according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, a block chain-based tamper-resistant system for financial services includes the following steps:
(1) the storage system initially creates odd database working nodes, the system randomly distributes a master database in a random time period, and the rest nodes are used as slave databases;
(2) the application system or the client accesses the storage system by carrying a specific access token;
(3) each transaction received by the storage system needs to be subjected to hash encryption processing;
(4) the master database caches the log after receiving the data writing request, and then transmits the log to the slave database;
(5) after receiving data from the database as cache, sending a 'cache completion' mark to the master database;
(6) if the master database receives more than half of slave nodes to finish caching marks, the log cache is written into the database, and the written log marks are transmitted to the slave database;
(7) completing the writing of the respective data logs after receiving the written logs from the database;
(8) when the primary database is not available, the election of the primary data is restarted.
As a preferable technical scheme of the invention: the system may choose to use alone or join an existing data system network at system initialization,
data system initialization used alone:
the administrator inputs the password as the network password of the data system, the system generates an initialized encrypted data signature according to the network password of the data system, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the signature data structure comprises: unique hash identification (obtained by performing HMAC hash on administrator password, network card MAC address, disk system serial number, initialization node number, current time and random number), initialization log encrypted by using administrator key, and hash identification of data system (the value of the new system is the hash identification of the local computer);
after the data system is initialized according to the logic, generating a public key file and a secret key file;
data system initialization to prepare for joining an existing data system network:
the administrator inputs the password and IP address of the data system to be added, after the password is verified to be correct by the node to be added, the public key file of the data system to be added is uploaded, the network administrator inputs the password of the current data system, the system generates an initialized encrypted data signature according to the password of the current administrator, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the data structure comprises: the method comprises the following steps of unique hash identification (obtained by performing HMAC hash on an administrator password, a network card MAC address, a disk system serial number, an initialization node number, the current time and a random number), an initialization log encrypted by using an administrator key and hash identification of a data system to be added;
as a preferable technical scheme of the invention:
the token consists of three parts: the head part explains the data source and the type, the load is a corresponding operation command, and the signature is an authorization code issued by the data system;
the authorization code and authorization key issuing process is as follows:
(1) the client accesses the data system to apply;
(2) the client uploads a client public key;
(3) the data system records the IP address and the public key of the client, and a system administrator inputs an administrator password and the failure time in the background and then passes the authorization;
(4) the data system generates an authorization code through encryption of a client public key according to the client IP address, the client public key file md5 code, the application time and the random number;
(5) the data system generates an AES key which is used as an authorization key for communication between the client and the data system, and the authorization key and the authorization code are encrypted by using a client public key and then transmitted to the client;
(6) after the client side decrypts by using the key, storing an authorization key and an authorization code;
communication verification flow:
(1) in the client request, the header, the load data and the signature data are encrypted by an authorized key in an AES (advanced encryption standard) mode, and after encryption is completed, BASE64 encoding is carried out and the encrypted data are sent to a data system for verification;
(2) after receiving the data packet, the data system carries out BASE64 decoding, and judges which pair of authorization keys is used according to the source of the request IP address;
(3) verifying whether the decryption can be normally performed or not, and if the decryption cannot be normally performed, considering that the illegal request is discarded;
(4) after decryption, whether the actual source is consistent with the data request source is verified, if not, the illegal request is determined to be discarded;
(5) verifying whether the authorization codes are consistent or not, and if not, determining that the illegal request is discarded;
(6) after verification is completed, processing the request according to the decrypted load data;
(7) after the processing is finished, returning a processing result obtained after AES encryption by using the authorization key;
as a preferable technical scheme of the invention: the log structure is divided into three parts: and the hash value of the previous transaction is used as the input of the current hash function, the operation content of the current transaction and the transaction hash trusted tree. After receiving a client request, the storage system interacts with a main node, the main node performs hash encryption on a transaction and then packs the transaction into a block, the block comprises a hash value of the previous operation, the current operation content and a hash credible tree of the current transaction, the continuity of all data operation transactions is ensured, and more than half of nodes perform writing after confirming block information; the blocks are organized through a Merkle tree, when a single block is tampered, the corresponding hash can change, when the transaction on the chain involves error data, the consensus mechanism can detect and reject the tampered data, and the fact that most of the remaining healthy nodes on the chain continuously agree with the blocks is guaranteed;
as a preferable technical scheme of the invention:
defining the hash value in the log as M, the system random number as N, the current database node number as C, the expected return result length as sigma, the memory size as R, the iteration number as lambda, the current data system election option number as rho, the system key as K and the transaction content as X.
(1) And calculating a 64-bit hash value required to be generated by current log encryption, wherein the formula is as follows:
U0=U(C,σ,R,λ,ρ,2,<M>,M,<N>,N,<K>,K,<X>,X)
(2) calculating the required memory block:
the blocks are stored in a matrix of Q [ i ] [ j ], with C rows and L ═ r' ÷ C columns, defined as follows for the block values in the λ -th iteration:
Qλ[i][j],λ>0
the block value calculation method comprises the following steps:
Q1[i][j]=G(Q1[i][j-1],Q1[i′][j′]),0≤i≤C,2≤j≤L;
u' is a variable length hash algorithm based on U in the Blake2b hash algorithm, Blake2b is a Blake2b hash algorithm function according to a G (m, n) function, and the method realizes receiving data with the length of two 1024 bytes, hashing the data and outputting data with one 1024 byte.
For λ >1, there is always:
the final block value calculation formula is:
carrying out variable-length hash on the encryption data, namely, outputting the encryption data as final encryption:
Result=H′(Qf);
as a preferable technical scheme of the invention: the working node condition and the internal details of the storage system are invisible to an upper application system, and the working details of an internal database engine of the storage system are invisible to the outside and can not be directly operated; all operations of the client can be carried out only by carrying an access token to unlock the system; the communication between the nodes needs to pass through a system public key and a white list mechanism based on a TLS protocol;
as a preferable technical scheme of the invention: the method comprises the steps that a plurality of storage nodes can communicate with each other only by authorization, a plurality of database working nodes use a consensus algorithm based on a voting mechanism, one main node is selected, other machines become slave nodes, subsequent log operation is dominated by the main node, log data can only flow to the slave nodes from the main node, when one node is down or is disconnected with other machines, the main node is reselected again, and if a plurality of machines are normal, a system can still normally provide service, so that the breakdown of a network with the down single node or the tampering of data is avoided; the master node is represented by a continuous self-increment task number, the task number divides time into pieces, one task number represents a period of time, each node stores which task belongs to currently, communication among the nodes is accompanied by the task, and if the task is found to be larger than the task of the master node, the task of the master node is updated; if the period is found to be less than the own period, the request of the other party is rejected, and only one main node is elected in one period number.
As a preferable technical scheme of the invention: the tamper-proof system is integrated in software and directly applied to a server, and after the server is sold to a client, the client can automatically run the software and the system by starting the server through networking.
In summary, in the anti-tampering system based on the blockchain applied to the financial business, the system encrypts the logs through the blockchain technology and packages the operation logs into the blockchain, so that protection can be realized without any application program modification, and the block information can be used for tracing the historical operation to support information inquiry for auditing, forensics and other purposes, thereby being beneficial to protecting data from being attacked by any attacker or high-privilege users (including a database administrator (DBA), a system administrator and a cloud administrator). The traditional auditing mode needs to be implemented by field inspection, such as checking auditing logs, checking identity authentication and checking access control. Although these manual processes may expose potential security holes, they do not provide strong evidence that the data has not been tampered with, and the whole process is time-consuming, the block chain technique used by the present system can automatically discover and discard the tampered or erroneous data node; the distributed mechanism of the system supports multiple nodes to share the state of a service process, the whole service node is managed through a consensus algorithm based on voting, all the nodes can record and verify the integrity of stored data, meanwhile, the problems that the computing power is greatly wasted and the block discharging speed is low due to the consensus algorithm based on workload (POW) of the traditional block chain system are improved, and the system is more suitable for the requirements of a financial system on the performance of a storage system.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the use of the verb "comprise a" to define an element does not exclude the presence of another, same element in a process, method, article, or apparatus that comprises the element.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A blockchain-based tamper resistant system for financial transactions, comprising the steps of:
(1) the storage system initially creates odd database working nodes, the system randomly distributes a master database in a random time period, and the rest nodes are used as slave databases;
(2) the application system or the client accesses the storage system by carrying a specific access token;
(3) each transaction received by the storage system needs to be subjected to hash encryption processing;
(4) the master database caches the log after receiving the data writing request, and then transmits the log to the slave database;
(5) after receiving data from the database as cache, sending a 'cache completion' mark to the master database;
(6) if the master database receives more than half of slave nodes to finish caching marks, the log cache is written into the database, and the written log marks are transmitted to the slave database;
(7) completing the writing of the respective data logs after receiving the written logs from the database;
(8) when the primary database is not available, the election of the primary data is restarted.
2. The block chain-based tamper-proof system applied to financial services according to claim 1, wherein: the system may choose to use alone or join an existing data system network at system initialization,
data system initialization used alone:
the administrator inputs the password as the network password of the data system, the system generates an initialized encrypted data signature according to the network password of the data system, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the signature data structure comprises: unique hash identification (obtained by performing HMAC hash on administrator password, network card MAC address, disk system serial number, initialization node number, current time and random number), initialization log encrypted by using administrator key, and hash identification of data system (the value of the new system is the hash identification of the local computer);
after the data system is initialized according to the logic, generating a public key file and a secret key file;
data system initialization to prepare for joining an existing data system network:
the administrator inputs the password and IP address of the data system to be added, after the password is verified to be correct by the node to be added, the public key file of the data system to be added is uploaded, the network administrator inputs the password of the current data system, the system generates an initialized encrypted data signature according to the password of the current administrator, the MAC address of the network card, the serial number of the disk system, the number of the initialized nodes, the current time and the random number, and the data structure comprises: the unique hash mark (obtained by performing HMAC hash on an administrator password, a network card MAC address, a disk system serial number, the number of initialization nodes, the current time and a random number), the initialization log encrypted by using an administrator key and the hash mark of a data system to be added.
3. The block chain-based tamper-proof system applied to financial services according to claim 1, wherein: the token consists of three parts: the head part explains the data source and the type, the load is a corresponding operation command, and the signature is an authorization code issued by the data system;
the authorization code and authorization key issuing process is as follows:
(1) the client accesses the data system to apply;
(2) the client uploads a client public key;
(3) the data system records the IP address and the public key of the client, and a system administrator inputs an administrator password and the failure time in the background and then passes the authorization;
(4) the data system generates an authorization code through encryption of a client public key according to the client IP address, the client public key file md5 code, the application time and the random number;
(5) the data system generates an AES key which is used as an authorization key for communication between the client and the data system, and the authorization key and the authorization code are encrypted by using a client public key and then transmitted to the client;
(6) after the client side decrypts by using the key, storing an authorization key and an authorization code;
communication verification flow:
(1) in the client request, the header, the load data and the signature data are encrypted by an authorized key in an AES (advanced encryption standard) mode, and after encryption is completed, BASE64 encoding is carried out and the encrypted data are sent to a data system for verification;
(2) after receiving the data packet, the data system carries out BASE64 decoding, and judges which pair of authorization keys is used according to the source of the request IP address;
(3) verifying whether the decryption can be normally performed or not, and if the decryption cannot be normally performed, considering that the illegal request is discarded;
(4) after decryption, whether the actual source is consistent with the data request source is verified, if not, the illegal request is determined to be discarded;
(5) verifying whether the authorization codes are consistent or not, and if not, determining that the illegal request is discarded;
(6) after verification is completed, processing the request according to the decrypted load data;
(7) and after the processing is finished, returning a processing result obtained by using the authorization key to carry out AES encryption.
4. The block chain-based tamper-proof system applied to financial services according to claim 1, wherein: the log structure is divided into three parts: and the hash value of the previous transaction is used as the input of the current hash function, the operation content of the current transaction and the transaction hash trusted tree.
5. The block chain based tamper-proof system applied to financial services according to claim 4, wherein: defining the hash value in the log as M, the system random number as N, the current database node number as C, the expected return result length as sigma, the memory size as R, the iteration number as lambda, the current data system election option number as rho, the system key as K and the transaction content as X.
(1) And calculating a 64-bit hash value required to be generated by current log encryption, wherein the formula is as follows:
U0=U(C,σ,R,λ,ρ,2,<M>,M,<N>,N,<K>,K,<X>,X)
(2) calculating the required memory block:
the blocks are stored in a matrix of Q [ i ] [ j ], with C rows and L ═ r' ÷ C columns, defined as follows for the block values in the λ -th iteration:
Qλ[i][j],λ>0
the block value calculation method comprises the following steps:
Q1[i][j]=G(Q1[i][j-1],Q1[i′][j′]),0≤i≤C,2≤j≤L;
u' is a variable length hash algorithm based on U in the Blake2b hash algorithm, Blake2b is a Blake2b hash algorithm function according to a G (m, n) function, and the method realizes receiving data with the length of two 1024 bytes, hashing the data and outputting data with one 1024 byte.
For λ >1, there is always:
the final block value calculation formula is:
carrying out variable-length hash on the encryption data, namely, outputting the encryption data as final encryption:
Result=H′(Qf)。
6. the block chain-based tamper-proof system applied to financial services according to claim 1, wherein: the working node condition and the internal details of the storage system are invisible to an upper-layer application system.
7. The block chain-based tamper-proof system applied to financial services according to claim 1, wherein: a plurality of storage nodes need to be authorized to communicate with each other, and a plurality of database working nodes use a consensus algorithm based on a voting mechanism.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111406189.0A CN114301624A (en) | 2021-11-24 | 2021-11-24 | Block chain-based tamper-proof system applied to financial business |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111406189.0A CN114301624A (en) | 2021-11-24 | 2021-11-24 | Block chain-based tamper-proof system applied to financial business |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114301624A true CN114301624A (en) | 2022-04-08 |
Family
ID=80965306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111406189.0A Pending CN114301624A (en) | 2021-11-24 | 2021-11-24 | Block chain-based tamper-proof system applied to financial business |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301624A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115495714A (en) * | 2022-09-14 | 2022-12-20 | 湖南大学 | Financial artificial intelligence algorithm integration method and system based on block chain |
| CN116052832A (en) * | 2023-04-03 | 2023-05-02 | 青岛市妇女儿童医院(青岛市妇幼保健院、青岛市残疾儿童医疗康复中心、青岛市新生儿疾病筛查中心) | Tamper-proof transmission method based on medical information |
| CN116185767A (en) * | 2023-02-02 | 2023-05-30 | 广东为辰信息科技有限公司 | Method for monitoring data flow direction based on encryption technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110084069A (en) * | 2019-04-17 | 2019-08-02 | 江苏全链通信息科技有限公司 | Server log monitoring method and system based on block chain |
| WO2020062211A1 (en) * | 2018-09-30 | 2020-04-02 | 北京大学深圳研究生院 | Method and system for mimicry storage tamper-proof log fused with blockchain technology |
| CN111949726A (en) * | 2020-06-07 | 2020-11-17 | 中信银行股份有限公司 | Relational database synchronization method and system based on block chain |
| US20210350887A1 (en) * | 2020-04-22 | 2021-11-11 | Atrium Separate IP Holdings Number 1, LLC | Blockchain architecture, system, method and device for facilitating secure medical testing, data collection and controlled distribution using a decentralized health information platform and token ecosystem |
-
2021
- 2021-11-24 CN CN202111406189.0A patent/CN114301624A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020062211A1 (en) * | 2018-09-30 | 2020-04-02 | 北京大学深圳研究生院 | Method and system for mimicry storage tamper-proof log fused with blockchain technology |
| CN110084069A (en) * | 2019-04-17 | 2019-08-02 | 江苏全链通信息科技有限公司 | Server log monitoring method and system based on block chain |
| US20210350887A1 (en) * | 2020-04-22 | 2021-11-11 | Atrium Separate IP Holdings Number 1, LLC | Blockchain architecture, system, method and device for facilitating secure medical testing, data collection and controlled distribution using a decentralized health information platform and token ecosystem |
| CN111949726A (en) * | 2020-06-07 | 2020-11-17 | 中信银行股份有限公司 | Relational database synchronization method and system based on block chain |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115495714A (en) * | 2022-09-14 | 2022-12-20 | 湖南大学 | Financial artificial intelligence algorithm integration method and system based on block chain |
| CN115495714B (en) * | 2022-09-14 | 2023-07-07 | 湖南大学 | Financial artificial intelligence algorithm integration method and system based on block chain |
| CN116185767A (en) * | 2023-02-02 | 2023-05-30 | 广东为辰信息科技有限公司 | Method for monitoring data flow direction based on encryption technology |
| CN116185767B (en) * | 2023-02-02 | 2024-04-19 | 广东为辰信息科技有限公司 | Method for monitoring data flow direction based on encryption technology |
| CN116052832A (en) * | 2023-04-03 | 2023-05-02 | 青岛市妇女儿童医院(青岛市妇幼保健院、青岛市残疾儿童医疗康复中心、青岛市新生儿疾病筛查中心) | Tamper-proof transmission method based on medical information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10623387B2 (en) | Distributed key secret for rewritable blockchain | |
| US10296248B2 (en) | Turn-control rewritable blockchain | |
| EP2957063B1 (en) | Policy enforcement with associated data | |
| CN114499895B (en) | Data trusted processing method and system fusing trusted computing and block chain | |
| KR20190075771A (en) | Authentication System Using Block Chain Through Distributed Storage after Separating Personal Information | |
| US20220253538A1 (en) | Method and system for data security, validation, verification and provenance within independent computer systems and digital networks | |
| CN114301624A (en) | Block chain-based tamper-proof system applied to financial business | |
| US11251975B1 (en) | Block chain based trusted security infrastructure | |
| US20200259646A1 (en) | System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment | |
| CN113259135B (en) | Lightweight blockchain communication authentication device and method for detecting data tamper | |
| JP6911231B1 (en) | Reliability verification system for digital asset data packets | |
| CN116167089B (en) | High security database | |
| Liu et al. | Data integrity audit scheme based on quad Merkle tree and blockchain | |
| CN116436708A (en) | Trusted data sharing method and system based on blockchain technology | |
| Said et al. | A multi-factor authentication-based framework for identity management in cloud applications | |
| Chen et al. | Privacy-preserving anomaly detection of encrypted smart contract for blockchain-based data trading | |
| CN113285934A (en) | Server cipher machine client IP detection method and device based on digital signature | |
| Wang et al. | RCDS: a right-confirmable data-sharing model based on symbol mapping coding and blockchain | |
| Oberoi et al. | Advanced cryptographic technologies in blockchain | |
| Sahu et al. | BlockVote: Harnessing Blockchain for Transparent E-Voting | |
| TWI774204B (en) | Storage virtualization architecture with hybrid blockchain and the method thereof | |
| Al-karkhi et al. | A Secure Private Key Recovery Based on DNA Bio-Cryptography for Blockchain | |
| Cao et al. | BE-AC: reliable blockchain-based anti-counterfeiting traceability solution for pharmaceutical industry | |
| Chew et al. | Log Preservation in Custody Dual Blockchain With Energy Regime and Obfuscation Shuffle | |
| Zhao et al. | Research on Security Management of Combat Data Based on Blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220408 |