CN117852103B - Trusted data tracing method and system based on blockchain trust root concept - Google Patents

Trusted data tracing method and system based on blockchain trust root concept Download PDF

Info

Publication number
CN117852103B
CN117852103B CN202410260251.7A CN202410260251A CN117852103B CN 117852103 B CN117852103 B CN 117852103B CN 202410260251 A CN202410260251 A CN 202410260251A CN 117852103 B CN117852103 B CN 117852103B
Authority
CN
China
Prior art keywords
tracing
hash value
data
node
monitoring body
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410260251.7A
Other languages
Chinese (zh)
Other versions
CN117852103A (en
Inventor
邵国林
卢一
陈兴蜀
曾雪梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University
Nanchang University
Original Assignee
Sichuan University
Nanchang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University, Nanchang University filed Critical Sichuan University
Priority to CN202410260251.7A priority Critical patent/CN117852103B/en
Publication of CN117852103A publication Critical patent/CN117852103A/en
Application granted granted Critical
Publication of CN117852103B publication Critical patent/CN117852103B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a trusted data tracing method and a system based on a blockchain trust root idea, which improve the query efficiency of the traced data by storing the traced data in a tracing server, overcome the key performance bottleneck problem of low data query efficiency commonly faced by a blockchain system, and eliminate the situation that a hash value and the traced data are partially tampered by verifying whether a data link is complete or not, and eliminate the situation that the hash value and the traced data are all tampered by the blockchain trust root so as to ensure that the hash value and the traced data are not tampered, thereby ensuring the credibility of tracing information; compared with the traditional blockchain scheme, the invention realizes the credibility identification of the complete tracing chain by only inquiring the blockchain information of the root node by introducing the trust root idea, and improves the tracing efficiency of the blockchain.

Description

Trusted data tracing method and system based on blockchain trust root concept
Technical Field
The invention relates to the technical field of data security, in particular to a trusted data tracing method and system based on a blockchain root of trust idea.
Background
Data security problems become the security problems of the current foundation, and data tracing technology is a key technology for realizing data security. The block chain technology is a key technology for solving the problem of data credibility in the problem of data tracing, is a decentralised distributed storage technology, can record and verify data, and ensures the safety and reliability of the data. Blockchains ensure the feasibility of data, typically with its distributed storage and non-tamperability: the blockchain is composed of a plurality of blocks, and each block contains information such as hash value, time stamp, transaction record and the like of the previous block. Each block is verified by a mechanism such as a computational power certificate or a rights certificate, and cannot be changed after being added into a block chain. Currently, the blockchain technology is widely applied to the fields of supply chain management, internet of things, digital identity authentication, intellectual property protection and the like. In these application scenarios, the characteristics of blockchain include traceability, decentralization, security, etc., and bring about tremendous innovation and innovation in these fields. Although the decentralization scheme, represented by blockchain technology, can ensure that the data is not tamperable, it also presents a problem of computational and storage costs: the key performance bottleneck problem of low data query efficiency commonly faced by blockchain systems results in extremely low access efficiency to the on-chain data. The traditional data tracing has the following defects: the traditional data tracing cannot ensure the credibility of tracing information, and the data can be tampered in different node flows, so that the data cannot be truly and effectively realized.
Disclosure of Invention
The invention aims to improve and innovate defects and problems existing in the background technology, and provides a trusted data tracing method and a trusted data tracing system based on a blockchain trust root idea.
According to a first aspect of the invention, a trusted data tracing method based on a blockchain root of trust idea is provided, which specifically comprises the following steps:
Calculating the hash value H i of the current monitoring body node according to the traceable data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
encrypting the hash value of the current monitoring body node to generate a corresponding digital signature S i, and reporting the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i and the hash value H i-1 of the last monitoring body node to a tracing server for storage;
reporting the digital signature S i and the traceability data D i to a traceability block chain for storage;
The method comprises the steps of taking a tracing data flow terminal node as a trust root, extracting tracing data D n stored on a tracing server corresponding to the trust root and a hash value H n-1 of a last monitoring body node, generating a hash value H n of a corresponding terminal node, and judging whether the hash value H n of the terminal node stored on the tracing server corresponding to the trust root corresponds to the generated hash value H n of the terminal node or not so as to verify whether a trust root hash dependency relationship is established or not;
if so, sequentially verifying hash dependency relations of all nodes of the traceable data flow from back to front, and constructing a traceable link of the traceable data flow;
Judging whether the traceability link is complete;
If yes, a hash value H n corresponding to a digital signature S n corresponding to the trust root on the traceable block chain is obtained;
Verifying whether a hash value H n generated on a tracing server corresponding to the trust root is identical to a hash value H n generated on a tracing blockchain corresponding to the trust root; to confirm whether the tracing data on the tracing server is tampered.
Further, the obtaining the hash value H n corresponding to the digital signature S n corresponding to the root of trust on the traceable blockchain specifically includes:
Extracting tracing data D n on a tracing server corresponding to the trust root;
Searching whether the corresponding tracing data D n exists in the tracing block chain corresponding to the trust root through the tracing data D n;
If yes, returning the digital signature S n stored in the traceable block chain corresponding to the trust root, and decrypting the digital signature to generate a hash value H n corresponding to the traceable block chain;
If not, the trace data is proved to be tampered in the circulation process.
The further scheme is that the reporting the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i and the hash value H i-1 of the last monitoring body node to the tracing server side for storage specifically includes:
the tracing server receives a digital signature S i reported by a monitoring body, a hash value H i of a current monitoring body node, tracing data D i and a hash value H i-1 of a last monitoring body node;
Decrypting the digital signature to generate a hash value H i, and judging whether the generated hash value H i is the same as a hash value H i reported by a monitoring body;
If so, the tracing server stores the reported digital signature S i, the hash value H i of the current monitoring node, the tracing data D i, and the hash value H i-1 of the last monitoring node.
Further, the calculating the hash value H i of the current monitoring body node according to the traceable data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node specifically includes:
Creating an initial hash value H 0 so that the first monitoring body node generates a first hash value H 1 according to the initial hash value H 0 and the traceable data D 1 extracted by the first monitoring body node; and then each monitoring body node calculates the hash value H i of the current monitoring body node according to the extracted tracing data D i and the received hash value H i-1 of the last monitoring body node.
Generating a public key and a private key through a digital signature security authentication mode, and encrypting a hash value H i of a current monitoring body node through the private key to generate a corresponding digital signature S i; and decrypting the digital signature through the public key to generate a corresponding hash value.
The further scheme is that the step of sequentially verifying hash dependency relations of all nodes of the traceable data stream from back to front to construct a traceable link of the traceable data stream specifically comprises the following steps:
And sequentially from the back to the front according to the hash value of the last node and the tracing data stored on the tracing server corresponding to each node from the terminal node to calculate the hash value corresponding to each node, and judging whether the calculated hash value is the same as the hash value corresponding to each node stored on the tracing server until the first node is verified.
According to a second aspect of the present invention, there is provided a trusted data tracing system based on a blockchain root of trust concept, specifically including:
The calculation module is used for calculating the hash value H i of the current monitoring body node according to the traceability data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
the first reporting module is configured to encrypt the hash value of the current monitoring body node to generate a corresponding digital signature S i, and report the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i, and the hash value H i-1 of the last monitoring body node to the tracing server for storage;
the second reporting module is used for reporting the digital signature S i and the traceability data D i to the traceability block chain storage;
The first verification module is configured to extract, with the trace-source data flow terminating node as a root of trust, the trace-source data D n stored on the trace-source server corresponding to the root of trust and the hash value H n-1 of the last monitoring body node, and generate a hash value H n of the corresponding terminating node, and determine whether the hash value H n of the terminal node stored on the trace-source server corresponding to the root of trust corresponds to the generated hash value H n of the terminating node, so as to verify whether the hash dependency relationship of the root of trust is established.
The construction module is used for verifying the hash dependency relationship of each node of the trace-source data stream from back to front in sequence when the hash value H n of the terminal node stored on the trace-source server corresponds to the generated hash value H n of the terminal node, and constructing a trace-source link of the trace-source data stream;
the judging module is used for judging whether the traceability link is complete;
the acquisition module is used for acquiring a hash value H n corresponding to a digital signature S n corresponding to a trust root on the traceable block chain when the traceable link is complete;
The second verification module is used for verifying whether the hash value H n generated on the tracing server corresponding to the trust root is identical to the hash value H n generated on the tracing blockchain corresponding to the trust root so as to confirm whether the tracing data on the tracing server is tampered.
Further, the acquiring module specifically includes:
the first searching unit is used for extracting the tracing data D n on the tracing server corresponding to the trust root;
The second searching unit is used for searching whether the corresponding tracing data D n exists in the tracing block chain corresponding to the trust root through the tracing data D n;
The generation unit is used for returning the digital signature S n stored in the traceable block chain corresponding to the trust root when the traceable block chain has the corresponding traceable data, and decrypting the digital signature to generate a hash value H n corresponding to the traceable block chain;
The first proving unit is used for proving that the tracing data is tampered in the circulation process when no corresponding tracing data exists in the tracing block chain.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a trusted data tracing method and system based on a blockchain root of trust idea. The hash value H i of the current monitoring body node refers to the information of the tracing data D i and the hash value H i-1 of the last monitoring body node at the same time when the hash is generated, if the tracing data D i or the tracing data D i-1 are tampered, the hash chain type dependency relationship is not established, and therefore a foundation is laid for the integrity self-verification of the whole tracing link information. The invention eliminates the situation that the hash value and the tracing data are partially tampered by verifying whether the data link is complete or not; the hash value and the trace data are all tampered through the block chain trust root, so that the trace data on the trace server side are ensured to be credible. Specifically, based on the data blood relationship of hash chain dependency, the self-verification of the integrity of the tracing data tracing information of each node in the tracing server can be realized by taking the data transfer terminal node as a trust root through the hash chain dependency relationship. When the integrity of the whole traceability link < N 1, N2, N3, …, Nn-1, Nn > is verified, the data on the blockchain system is not required to be inquired, so that the inquiry efficiency of the traceability data is improved, and the key performance bottleneck problem of low data inquiry efficiency commonly faced by the blockchain system is overcome; furthermore, the integrity of the root of trust is critical since the hash dependencies are verified sequentially from back to front. The scheme ensures the integrity and the non-tamper property of the trust root through the blockchain technology, namely, the tracing information of the tracing server side is compared with the tracing information stored in the blockchain to confirm the trust of the trust root data. Based on the scheme, each time of tracing data verification only needs to inquire the blockchain data corresponding to the trust root once, and the blockchain data corresponding to each data flow node does not need to be inquired, so that the tracing efficiency can be remarkably improved. Compared with the traditional blockchain scheme, the invention realizes the credibility identification of the complete tracing chain by only inquiring the blockchain information of the root node by introducing the trust root idea, and improves the tracing efficiency of the blockchain.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a trusted data tracing method based on a blockchain root of trust concept according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of information interaction provided by a first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a trusted data tracing system based on a blockchain root of trust concept according to a second embodiment of the present invention.
Detailed Description
In order that the objects, features and advantages of the invention will be readily understood, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
It will be understood that when an element is referred to as being "fixed to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Example 1
Referring to fig. 1 and 2, the invention provides a trusted data tracing method based on a blockchain root of trust idea, which specifically comprises the following steps:
step S1, calculating a hash value H i of a current monitoring body node according to the traceability data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
specifically, in the process of transferring the tracing data, the ith monitoring body node (client) receives the tracing data D i transferred by the transferring and the hash value H i-1 of the last monitoring body node, and calculates to obtain the hash value H i of the current monitoring body node; where Hash value H i=Hash(Hi-1,Di), hash () represents a Hash function. The trace data comprises information such as file ID, time stamp, hop count, node information and the like.
It should be noted that, if the i-th monitoring node is the first monitoring node, since there is no previous monitoring node, the hash value of the previous monitoring node is not received, at this time, an initial hash value H 0 is created, the client uses H 0 and extracts the trace data D 1, and then the hash value H 1=Hash(H0,Di of the first monitoring node is obtained by calculating the initial hash value H 0 and the trace data D1. Such as the trace data D 1 (File id=1, timestamp=2023-12-15, hop=1),
H0=b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9,H1=2728e470a4ca361ecf46ce8c3a597800096fd8a3829339a6793a9b3f637ac570=
Hash(H0,D1)。
If the i-th monitoring node is not the first monitoring node, since the hash value H i-1 of the last monitoring node can be received, the current monitoring node calculates the hash value H i=Hash(Hi-1,Di of the current monitoring node according to the extracted hash value H i-1 and the extracted trace data D i. For example, for the fourth monitoring body node, the trace data D 4 data (file_id=1, timestamp=2023-12-15, hop=3), the hash value of the last monitoring body node
H2=375d3579ce1af476e8d88f4404cd89bb3a5dbfffd1847910ff6e44640a6f5c9f,
Thus, the fourth monitor node
H4=8fec4f31fdbcc51a04df93da7dd4def4bba75106a44a802b2002cad28b339db8=
Hash(H2,D4)。
Step S2, encrypting the hash value of the current monitoring body node to generate a corresponding digital signature S i, and reporting the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i and the hash value H i-1 of the last monitoring body node to a tracing server for storage;
Specifically, the monitoring body generates a public key PubKey and a private key PriKey through secure authentication modes such as digital signature, firstly encrypts a hash value H i of a current monitoring body Node through the private key to generate a digital signature S i=En(PriKey,Hi), en () represents an asymmetric encryption function, and then reports the digital signature S i, the hash value H i of the current monitoring body Node, the tracing data D i, the hash value H i-1 of a last monitoring body Node and the PubKey to the tracing server for storage, as shown in fig. 2, pre represents the hash information of the last Node, cur represents the hash information of the current Node, 0 to 1 corresponding to Node-1 represents zero Node to the first Node, hop=1 represents the first hop; 1→2 corresponding to Node-2 represents the first Node to the second Node, hop=2 represents the second hop.
Illustrating: node-1 (first monitor Node) reports to the source server, first generates PriKey =d20b..586 e, pubkey=f47c..4f01, then generates digital signature by private key encryption S 1=63c0...fbb=En(PriKey,H1), and finally reports S 1、H1、D1、H0 and PubKey to the source server for storage. (the data of the private key and digital signature are expressed using ellipses for too long).
It should be noted that, the tracing server receives S i、Hi、Di、Hi-1 and PubKey reported by the monitor, verifies and decrypts the digital signature S i by using PubKey (public key) to obtain H i=De(PubKey, Si), de () represents an asymmetric decryption function, if the hash value H i obtained by decryption is the same as the hash value H i reported by the monitor, it is 1, and then stores H i、Di and H i-1, thereby ensuring that the reported information is credible; if the data is 0, reporting the data error.
Illustrating: the first monitoring body node reports S 1、H1、D1、H0 and PubKey, the traceability server verifies that the reported digital signature is decrypted through a public key, if the hash value H 1 obtained through decryption is the same as the hash value reported by the first monitoring body node, the hash value is 1, H 1、D1 and H 0 are stored, and if the hash value is 0, data errors are reported.
Step S3, reporting the digital signature S i and the traceability data D i to a traceability block chain for storage;
Specifically, before the tracing data is reported to the tracing blockchain, the monitoring body generates a digital signature S i=En(PriKey,Hi through private key encryption, and reports S i and D i to the tracing blockchain.
Illustrating: node-1 reports the traceability block chain, firstly generates traceability data S 1=63c0...fbb=En(PriKey,H1 through private key encryption, and then reports S 1、D1 to the traceability block chain for storage.
S4, taking a tracing data flow terminal node as a trust root, extracting tracing data D n stored on a tracing server corresponding to the trust root and a hash value H n-1 of a last monitoring body node, generating a hash value H n of a corresponding terminal node, and judging whether the hash value H n of the terminal node stored on the tracing server corresponding to the trust root corresponds to the generated hash value H n of the terminal node or not so as to verify whether the trust root hash dependency relationship is established;
Exemplary, if the link of the traceable data of the intranet is leaked, the link is: 1- & gt 2- & gt 3- & gt 4; the fourth monitoring body node is a terminal node, namely the fourth monitoring body node is used as a trust root; if the data leakage occurs, the link of the traceable data of the intranet is: 1- & gt 2- & gt 4- & gt 5; the fifth monitoring body node is the end node, i.e. the fifth monitoring body node is the root of trust.
After the traceability data are reported to the traceability server and the traceability blockchain, the traceability data are stored in the traceability server, so that the query efficiency of the traceability data is improved, and the key performance bottleneck problem of low data query efficiency commonly faced by the blockchain system is solved; and the trace data stored on the trace server may be tampered. Therefore, in order to ensure the credibility of the tracing data on the tracing server, the invention firstly confirms that the data leakage occurs out of the link of the tracing data corresponding to the intranet, takes the tracing data flow terminal node as the trust root, and as the tracing server corresponding to each node in the data flow process keeps the hash value of the last node and the tracing data and the hash value of the current node, the invention can extract the tracing data D n stored on the tracing server corresponding to the trust root and the hash value H n-1 of the last monitoring body node and generate the hash value H n of the corresponding terminal node, and further judges whether the hash value H n of the terminal node stored on the tracing server corresponding to the trust root corresponds to the generated hash value H n of the terminal node so as to verify whether the hash dependency relationship of the trust root is established. If yes, executing step S5; if not, the trace data on the trace server is not credible.
Step S5, sequentially verifying hash dependency relations of all nodes of the traceable data stream from back to front, and constructing a traceable link of the traceable data stream;
Since the hash value of the last node, the tracing data of the current node and the hash value are reserved at the tracing server corresponding to each node in the data flow process, the same can be done by adopting the method of the step S4 to construct the chain-type dependency relationship of the hash values between the adjacent nodes from the back to the front according to the end node, the self-verification of the integrity of the tracing data can be carried out through the chain-type dependency relationship, and the credibility of the tracing data on the tracing server is ensured.
Specifically, after the tracing information of the leakage file is extracted, the hash value H n-2 on the tracing server corresponding to the previous node can be known through the hash value H n-1 of the previous node of the final node, so that the whole process of the leakage file from the first monitoring body node to the final node can be sequentially constructed, and the key node of data leakage is extracted and used as evidence obtaining basis. Let the entire trace-source link be denoted < N 1, N2, N3, …, Nn-1, Nn >.
S6, judging whether the traceability link is complete or not;
Specifically, when the integrity of the whole traceability link < N 1, N2, N3, …, Nn-1, Nn > is verified, the hash dependency relationship is verified sequentially from back to front. Firstly, verifying the integrity of node information of a tracing server terminal node N n, if the Hash (D n&Hn-1) of the tracing server terminal is the same as H n, indicating that the terminal node N n is not tampered, then finding the next node N n-1 according to H n-1, and verifying by the same method until the first monitoring body node can be verified. If the chain type dependency relationship of hash values among adjacent nodes is constructed from back to front according to the terminal node, the first monitoring body node can be traced, and the tracing link is complete; if not, the tracing link is not complete, the hash value and the tracing data part on the tracing link are tampered, and the tracing data on the tracing server side is not trusted.
It should be noted that the traceable link is complete, there are two cases: 1. tamper of the traceable data does not occur; 2. the hash value and the trace data on the trace source link are all tampered, and trace data on the trace source server side is not feasible. Therefore, it is necessary to further verify whether the hash value and the trace data on the trace link are all tampered with.
Step S7, a hash value H n corresponding to a digital signature S n corresponding to a trust root on a traceable block chain is obtained;
when the traceability link is complete, step S7 is executed, and specifically, step S7 includes the following steps:
step S71, extracting the tracing data D n on the tracing server corresponding to the trust root;
Step S72, searching whether the corresponding tracing data D n exists in the tracing block chain corresponding to the trust root through the tracing data D n; when the corresponding tracing data exists in the tracing block chain, executing step S73; when there is no corresponding tracing data in the tracing blockchain, step S74 is executed;
Step S73, returning a digital signature S n stored in the traceable block chain corresponding to the trust root, and decrypting the digital signature through the public key PubKey to generate a hash value H n corresponding to the traceable block chain;
In step S74, it is proved that the trace source data D n is tampered during the trace source server-side forwarding, that is, the hash value and trace source data on the trace source link are tampered completely.
Step S8, verifying whether a hash value H n generated on a tracing server corresponding to the trust root is identical to a hash value H n generated on a tracing blockchain corresponding to the trust root; whether the tracing data on the tracing server is tampered or not is confirmed;
Specifically, according to the tracing data D n corresponding to the terminal node on the tracing server and the hash value H n-1 corresponding to one node on the terminal node, a hash value H n corresponding to the tracing server is obtained through calculation;
If the hash value H n on the tracing server is the same as the hash value H n generated by the tracing blockchain, proving that the tracing data is not tampered in the circulation process; if the hash value H n on the tracing server is different from the hash value H n extracted by the tracing blockchain, the tracing data on the tracing link are proved to be tampered, and the tracing data on the tracing server are not credible.
In summary, the invention provides a trusted data tracing method and system based on a blockchain root of trust concept. The hash value H i of the current monitoring body node refers to the information of the tracing data D i and the hash value H i-1 of the last monitoring body node at the same time when the hash is generated, if the tracing data D i or the tracing data D i-1 are tampered, the hash chain type dependency relationship is not established, and therefore a foundation is laid for the integrity self-verification of the whole tracing link information. The invention eliminates the situation that the hash value and the tracing data are partially tampered by verifying whether the data link is complete or not; the hash value and the trace data are all tampered through the block chain trust root, so that the trace data on the trace server side are ensured to be credible. Specifically, based on the data blood relationship of hash chain dependency, the self-verification of the integrity of the tracing data tracing information of each node in the tracing server can be realized by taking the data transfer terminal node as a trust root through the hash chain dependency relationship. When the integrity of the whole traceability link < N 1, N2, N3, …, Nn-1, Nn > is verified, the data on the blockchain system is not required to be inquired, so that the inquiry efficiency of the traceability data is improved, and the key performance bottleneck problem of low data inquiry efficiency commonly faced by the blockchain system is overcome; furthermore, the integrity of the root of trust is critical since the hash dependencies are verified sequentially from back to front. The scheme ensures the integrity and the non-tamper property of the trust root through the blockchain technology, namely, the tracing information of the tracing server side is compared with the tracing information stored in the blockchain to confirm the trust of the trust root data. Based on the scheme, each time of tracing data verification only needs to inquire the blockchain data corresponding to the trust root once, and the blockchain data corresponding to each data flow node does not need to be inquired, so that the tracing efficiency can be remarkably improved. The invention ensures the authenticity of the data on the data link by utilizing the distributed property and the non-falsifiability of the block chain, and the credibility of the traceable data is ensured by credibly reporting and uploading the traceable data through the chain-type dependency relationship of the hash values among the adjacent nodes and the digital signature, thereby effectively improving the fault tolerance and the attack resistance of the traceable system.
Example 2
Referring to fig. 3, the invention provides a trusted data tracing system based on a blockchain root of trust concept, which specifically comprises:
The calculation module is used for calculating the hash value H i of the current monitoring body node according to the traceability data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
the first reporting module is configured to encrypt the hash value of the current monitoring body node to generate a corresponding digital signature S i, and report the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i, and the hash value H i-1 of the last monitoring body node to the tracing server for storage;
the second reporting module is used for reporting the digital signature S i and the traceability data D i to the traceability block chain storage;
The first verification module is configured to extract, with the trace-source data flow terminating node as a root of trust, the trace-source data D n stored on the trace-source server corresponding to the root of trust and the hash value H n-1 of the last monitoring body node, and generate a hash value H n of the corresponding terminating node, and determine whether the hash value H n of the terminal node stored on the trace-source server corresponding to the root of trust corresponds to the generated hash value H n of the terminating node, so as to verify whether the hash dependency relationship of the root of trust is established.
The construction module is used for verifying the hash dependency relationship of each node of the trace-source data stream from back to front in sequence when the hash value H n of the terminal node stored on the trace-source server corresponds to the generated hash value H n of the terminal node, and constructing a trace-source link of the trace-source data stream;
the judging module is used for judging whether the traceability link is complete;
the acquisition module is used for acquiring a hash value H n corresponding to a digital signature S n corresponding to a trust root on the traceable block chain when the traceable link is complete;
The second verification module is used for verifying whether the hash value H n generated on the tracing server corresponding to the trust root is identical to the hash value H n generated on the tracing blockchain corresponding to the trust root so as to confirm whether the tracing data on the tracing server is tampered.
Optionally, the acquiring module specifically includes:
the first searching unit is used for extracting the tracing data D n on the tracing server corresponding to the trust root;
The second searching unit is used for searching whether the corresponding tracing data D n exists in the tracing block chain corresponding to the trust root through the tracing data D n;
The generation unit is used for returning the digital signature S n stored in the traceable block chain corresponding to the trust root when the traceable block chain has the corresponding traceable data, and decrypting the digital signature to generate a hash value H n corresponding to the traceable block chain;
The first proving unit is used for proving that the tracing data is tampered in the circulation process when no corresponding tracing data exists in the tracing block chain.
Optionally, the first reporting module is further specifically configured to:
the tracing server receives a digital signature S i reported by a monitoring body, a hash value H i of a current monitoring body node, tracing data D i and a hash value H i-1 of a last monitoring body node;
Decrypting the digital signature to generate a hash value H i, and judging whether the generated hash value H i is the same as a hash value H i reported by a monitoring body;
If so, the tracing server stores the reported digital signature S i, the hash value H i of the current monitoring node, the tracing data D i, and the hash value H i-1 of the last monitoring node.
Optionally, the computing module is specifically configured to:
Creating an initial hash value H 0 so that the first monitoring body node generates a first hash value H 1 according to the initial hash value H 0 and the traceable data D 1 extracted by the first monitoring body node; and then each monitoring body node calculates the hash value H i of the current monitoring body node according to the extracted tracing data D i and the received hash value H i-1 of the last monitoring body node.
Optionally, a public key and a private key are generated through a digital signature security authentication mode, and the hash value H i of the current monitoring body node is encrypted through the private key to generate a corresponding digital signature S i; and decrypting the digital signature through the public key to generate a corresponding hash value.
Optionally, the construction module is specifically configured to:
And sequentially from the back to the front according to the hash value of the last node and the tracing data stored on the tracing server corresponding to each node from the terminal node to calculate the hash value corresponding to each node, and judging whether the calculated hash value is the same as the hash value corresponding to each node stored on the tracing server until the first node is verified.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", "axial", "radial", "circumferential", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the description of the present specification, reference to the terms "one embodiment," "some embodiments," "illustrative embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples.
It will be apparent that the described embodiments are only some, but not all, embodiments of the application. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application for the embodiment. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly understand that the embodiments described herein may be combined with other embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.

Claims (5)

1. The trusted data tracing method based on the blockchain trust root idea is characterized by comprising the following steps of:
Calculating the hash value H i of the current monitoring body node according to the traceable data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
Encrypting the hash value of the current monitoring body node to generate a corresponding digital signature S i, and reporting the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i and the hash value H i-1 of the last monitoring body node to a tracing server for storage, wherein the method comprises the following steps: the tracing server receives the digital signature S i reported by the monitoring body, the hash value H i of the current monitoring body node, tracing data D i and the hash value H i-1 of the last monitoring body node, decrypts the digital signature to generate a hash value H i, judges whether the generated hash value H i is identical to the hash value H i reported by the monitoring body, and if so, the tracing server stores the reported digital signature S i, the hash value H i of the current monitoring body node, tracing data D i and the hash value H i-1 of the last monitoring body node;
reporting the digital signature S i and the traceability data D i to a traceability block chain for storage;
The method comprises the steps of taking a tracing data flow terminal node as a trust root, extracting tracing data D n stored on a tracing server corresponding to the trust root and a hash value H n-1 of a last monitoring body node, generating a hash value H n of a corresponding terminal node, and judging whether the hash value H n of the terminal node stored on the tracing server corresponding to the trust root corresponds to the generated hash value H n of the terminal node or not so as to verify whether a trust root hash dependency relationship is established or not;
If yes, sequentially verifying hash dependency relations of all nodes of the traceable data flow from back to front, and constructing a traceable link of the traceable data flow, wherein the method comprises the following steps: sequentially from the back to the front according to the hash value of the last node and the tracing data stored on the tracing server corresponding to each node from the terminal node to calculate the hash value corresponding to each node, and judging whether the calculated hash value is the same as the hash value corresponding to each node stored on the tracing server until the first node is verified;
Judging whether the traceability link is complete;
If yes, obtaining a hash value H n corresponding to a digital signature S n corresponding to a trust root on the traceable blockchain, wherein the method comprises the following steps: extracting tracing data D n on a tracing server corresponding to the trust root, searching whether the tracing data D n exists in a tracing blockchain corresponding to the trust root through tracing data D n, if so, returning a digital signature S n stored in the tracing blockchain corresponding to the trust root, decrypting the digital signature to generate a hash value H n corresponding to the tracing blockchain, and if not, proving that the tracing data is tampered in the circulation;
Verifying whether a hash value H n generated on a tracing server corresponding to the trust root is identical to a hash value H n generated on a tracing blockchain corresponding to the trust root; to confirm whether the tracing data on the tracing server is tampered.
2. The trusted data tracing method based on blockchain root of trust concept as in claim 1, wherein the trusted data tracing method is characterized by: the calculating the hash value H i of the current monitoring body node according to the traceable data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node specifically includes:
Creating an initial hash value H 0 so that the first monitoring body node generates a first hash value H 1 according to the initial hash value H 0 and the traceable data D 1 extracted by the first monitoring body node; and then each monitoring body node calculates the hash value H i of the current monitoring body node according to the extracted tracing data D i and the received hash value H i-1 of the last monitoring body node.
3. The trusted data tracing method based on blockchain root of trust concept as in claim 1, wherein the trusted data tracing method is characterized by:
Generating a public key and a private key through a digital signature security authentication mode, and encrypting a hash value H i of a current monitoring body node through the private key to generate a corresponding digital signature S i; and decrypting the digital signature through the public key to generate a corresponding hash value.
4. The trusted data tracing system based on the blockchain trust root idea is characterized by comprising the following specific components:
The calculation module is used for calculating the hash value H i of the current monitoring body node according to the traceability data D i extracted by each monitoring body node and the received hash value H i-1 of the last monitoring body node;
The first reporting module is configured to encrypt the hash value of the current monitoring body node to generate a corresponding digital signature S i, and report the digital signature S i, the hash value H i of the current monitoring body node, the tracing data D i, and the hash value H i-1 of the last monitoring body node to the tracing server for storage, where the first reporting module includes: the tracing server receives the digital signature S i reported by the monitoring body, the hash value H i of the current monitoring body node, tracing data D i and the hash value H i-1 of the last monitoring body node, decrypts the digital signature to generate a hash value H i, judges whether the generated hash value H i is identical to the hash value H i reported by the monitoring body, and if so, the tracing server stores the reported digital signature S i, the hash value H i of the current monitoring body node, tracing data D i and the hash value H i-1 of the last monitoring body node;
the second reporting module is used for reporting the digital signature S i and the traceability data D i to the traceability block chain storage;
The first verification module is used for taking a tracing data flow terminal node as a trust root, extracting tracing data D n stored on a tracing server corresponding to the trust root and a hash value H n-1 of a last monitoring body node and generating a hash value H n of a corresponding terminal node, and judging whether the hash value H n of the terminal node stored on the tracing server corresponding to the trust root corresponds to the generated hash value H n of the terminal node or not so as to verify whether the hash dependency relationship of the trust root is established or not;
The construction module is configured to, when the hash value H n of the terminal node stored on the root of trust corresponding to the tracing server corresponds to the generated hash value H n of the terminal node, sequentially verify hash dependency relationships of each node of the tracing data stream from back to front, and construct a tracing link of the tracing data stream, where the construction module includes: sequentially from the back to the front according to the hash value of the last node and the tracing data stored on the tracing server corresponding to each node from the terminal node to calculate the hash value corresponding to each node, and judging whether the calculated hash value is the same as the hash value corresponding to each node stored on the tracing server until the first node is verified;
the judging module is used for judging whether the traceability link is complete;
The obtaining module is configured to obtain, when the traceability link is complete, a hash value H n corresponding to a digital signature S n corresponding to a trust root on the traceability blockchain, where the hash value H n includes: extracting tracing data D n on a tracing server corresponding to the trust root, searching whether the tracing data D n exists in a tracing blockchain corresponding to the trust root through tracing data D n, if so, returning a digital signature S n stored in the tracing blockchain corresponding to the trust root, decrypting the digital signature to generate a hash value H n corresponding to the tracing blockchain, and if not, proving that the tracing data is tampered in the circulation;
The second verification module is used for verifying whether the hash value H n generated on the tracing server corresponding to the trust root is identical to the hash value H n generated on the tracing blockchain corresponding to the trust root so as to confirm whether the tracing data on the tracing server is tampered.
5. The trusted data tracing system based on blockchain root of trust concept of claim 4, wherein: the acquisition module specifically comprises:
the first searching unit is used for extracting the tracing data D n on the tracing server corresponding to the trust root;
The second searching unit is used for searching whether the corresponding tracing data D n exists in the tracing block chain corresponding to the trust root through the tracing data D n;
The generation unit is used for returning the digital signature S n stored in the traceable block chain corresponding to the trust root when the traceable block chain has the corresponding traceable data, and decrypting the digital signature to generate a hash value H n corresponding to the traceable block chain;
The first proving unit is used for proving that the tracing data is tampered in the circulation process when no corresponding tracing data exists in the tracing block chain.
CN202410260251.7A 2024-03-07 2024-03-07 Trusted data tracing method and system based on blockchain trust root concept Active CN117852103B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410260251.7A CN117852103B (en) 2024-03-07 2024-03-07 Trusted data tracing method and system based on blockchain trust root concept

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410260251.7A CN117852103B (en) 2024-03-07 2024-03-07 Trusted data tracing method and system based on blockchain trust root concept

Publications (2)

Publication Number Publication Date
CN117852103A CN117852103A (en) 2024-04-09
CN117852103B true CN117852103B (en) 2024-05-14

Family

ID=90540506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410260251.7A Active CN117852103B (en) 2024-03-07 2024-03-07 Trusted data tracing method and system based on blockchain trust root concept

Country Status (1)

Country Link
CN (1) CN117852103B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108804928A (en) * 2018-07-09 2018-11-13 武汉工商学院 The secure and trusted block chain and management method of data in a kind of traceability system
KR101934444B1 (en) * 2018-04-04 2019-01-02 대한민국 A Managing Method Of The Integrity Data of Documents Or Securities
CN109377244A (en) * 2018-10-24 2019-02-22 武汉珞樱联创信息科技有限公司 A kind of quick traceability system of food and method based on multichain interconnection block chain network
CN110163628A (en) * 2019-04-04 2019-08-23 上海能链众合科技有限公司 A kind of agricultural product traceability system based on block chain
CN111325564A (en) * 2020-03-17 2020-06-23 河南佼荣网络科技有限公司 Method and system for tracing supply chain by using block chain
CN111355570A (en) * 2020-02-24 2020-06-30 北京瑞友科技股份有限公司 Trusted application network data tracing method and auditing method for software complex network
CN111667279A (en) * 2020-05-10 2020-09-15 武汉理工大学 Product source tracing method and system based on double block chains
CN114389824A (en) * 2022-03-24 2022-04-22 湖南天河国云科技有限公司 Verification updating method and device of trusted computing trust chain based on block chain
CN114499895A (en) * 2022-04-06 2022-05-13 国网浙江省电力有限公司电力科学研究院 Data trusted processing method and system fusing trusted computing and block chain
DE202023102181U1 (en) * 2023-04-25 2023-05-04 Shyam Bihari Goyal Blockchain-based anti-counterfeiting and traceability system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101934444B1 (en) * 2018-04-04 2019-01-02 대한민국 A Managing Method Of The Integrity Data of Documents Or Securities
CN108804928A (en) * 2018-07-09 2018-11-13 武汉工商学院 The secure and trusted block chain and management method of data in a kind of traceability system
CN109377244A (en) * 2018-10-24 2019-02-22 武汉珞樱联创信息科技有限公司 A kind of quick traceability system of food and method based on multichain interconnection block chain network
CN110163628A (en) * 2019-04-04 2019-08-23 上海能链众合科技有限公司 A kind of agricultural product traceability system based on block chain
CN111355570A (en) * 2020-02-24 2020-06-30 北京瑞友科技股份有限公司 Trusted application network data tracing method and auditing method for software complex network
CN111325564A (en) * 2020-03-17 2020-06-23 河南佼荣网络科技有限公司 Method and system for tracing supply chain by using block chain
CN111667279A (en) * 2020-05-10 2020-09-15 武汉理工大学 Product source tracing method and system based on double block chains
CN114389824A (en) * 2022-03-24 2022-04-22 湖南天河国云科技有限公司 Verification updating method and device of trusted computing trust chain based on block chain
CN114499895A (en) * 2022-04-06 2022-05-13 国网浙江省电力有限公司电力科学研究院 Data trusted processing method and system fusing trusted computing and block chain
DE202023102181U1 (en) * 2023-04-25 2023-05-04 Shyam Bihari Goyal Blockchain-based anti-counterfeiting and traceability system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Research on Deep Forgery Data Identification and Traceability Technology Based on Blockchain;Ke Yang.etc;IEEE;20221231;全文 *
基于区块链技术的农产品供应链数据管理系统设计;杨晨雪;孙志国;;农业大数据学报;20200626(第02期);全文 *
基于区块链的农产品安全可信溯源应用研究;高阳阳;吕相文;袁柳;李勐;;计算机应用与软件;20200712(第07期);全文 *

Also Published As

Publication number Publication date
CN117852103A (en) 2024-04-09

Similar Documents

Publication Publication Date Title
US10868668B1 (en) Parallel assurance of blockchain signatures
Bera et al. Designing blockchain-based access control protocol in IoT-enabled smart-grid system
Zhang et al. Blockchain-based decentralized and secure keyless signature scheme for smart grid
CN109409122B (en) File storage method, electronic device and storage medium
Yang et al. Blockchain-based publicly verifiable data deletion scheme for cloud storage
Dwivedi et al. Blockchain-based secured IPFS-enable event storage technique with authentication protocol in VANET
Chattaraj et al. Block-CLAP: Blockchain-assisted certificateless key agreement protocol for internet of vehicles in smart transportation
CN107070644B (en) Decentralized public key management method and management system based on trust network
Banerjee et al. Private blockchain-envisioned multi-authority CP-ABE-based user access control scheme in IIoT
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
Liu et al. MBPA: A medibchain-based privacy-preserving mutual authentication in TMIS for mobile medical cloud architecture
CN103595525A (en) Desynchronization resistant lightweight RFID bidirectional authentication protocol
CN109491965A (en) The storage method and its network and electronic equipment of purchase sale of electricity contract
CN111147245A (en) Algorithm for encrypting by using national password in block chain
Tomar et al. Blockchain-assisted authenticated key agreement scheme for IoT-based healthcare system
Hahn et al. Trustworthy delegation toward securing mobile healthcare cyber-physical systems
Wu et al. Blockchain-based anonymous data sharing with accountability for Internet of Things
Dwivedi et al. Design of secured blockchain based decentralized authentication protocol for sensor networks with auditing and accountability
CN117118600A (en) Block chain agent re-encryption method and system based on lattice password improvement
CN117852103B (en) Trusted data tracing method and system based on blockchain trust root concept
Yu et al. Blockchain-based distributed identity cryptography key management
CN117094825A (en) Cross-chain trusted land transaction system and method based on blockchain
Gan et al. A performance comparison of post-quantum algorithms in blockchain
Xu et al. ChainKeeper: A cross‐chain scheme for governing the chain by chain
Gao et al. Trusted Cloud Service System Based on Block Chain Technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant