KR102501004B1 - Method and apparatus for managing data based on blockchain - Google Patents

Abstract

This disclosure relates to a blockchain-based data management method and device. One embodiment of the present disclosure comprises the steps of: generating a first block for a user's original data; applying an original data timestamp issued by a time-stamping authority (TSA) to the original data, thereby generating a second block related to the original data timestamp; generating a third block related to a third party's signature for at least one of the first block and the second block; and sequentially recording the first to third blocks in a ledger of original blockchain. Data processes can be managed separately within one blockchain.

Description

Blockchain-based data management method and device {METHOD AND APPARATUS FOR MANAGING DATA BASED ON BLOCKCHAIN}

The present disclosure provides a blockchain-based data management method and apparatus.

Blockchain is a technology that shares the same ledger with all nodes to transparently operate transaction details and prevent hacking and tampering. This blockchain has a structure in which blocks containing transactions are connected in a chain form.

However, since the contents recorded in the blockchain are chained in a linear order regardless of the type of data, there is a problem that one process for data cannot be managed for each data.

In addition, when blockchain migration is required, one process for the data cannot be migrated separately, or efficiency is very low because information about the process must be found by referring to all block hashes of the blockchain.

The foregoing background art is technical information that the inventor possessed for derivation of the present invention or acquired during the derivation process of the present invention, and cannot necessarily be said to be known art disclosed to the general public prior to filing the present invention.

An object of the present disclosure is to provide a blockchain-based data management method and apparatus. The problems to be solved by the present disclosure are not limited to the above-mentioned problems, and other problems and advantages of the present disclosure that are not mentioned can be understood by the following description and more clearly understood by the embodiments of the present disclosure. It will be. In addition, it will be appreciated that the problems and advantages to be solved by the present disclosure can be realized by the means and combinations indicated in the claims.

A first aspect of the present disclosure includes generating a first block for original data of a user; applying an original data timestamp issued by a time-stamping authority (TSA) to the original data to generate a second block related to the original data timestamp; generating a third block relating to a third party's signature for at least one of the first block and the second block; and sequentially recording the first to third blocks in the ledger of the original block chain.

A second aspect of the present disclosure is a memory in which at least one program is stored; and a processor that operates by executing the at least one program, wherein the processor generates a first block for original data of the user, and generates original data issued by a time-stamping authority (TSA) on the original data. apply a timestamp to generate a second block with respect to the original data timestamp, generate a third block with respect to a third party's signature for at least one of the first block and the second block, and generate a third block with respect to the first block; It is possible to provide a blockchain-based data management device that sequentially records the first to third blocks in the ledger of the original blockchain.

A third aspect of the present disclosure may provide a computer-readable recording medium on which a program for executing the method of the first aspect is recorded on a computer.

In addition to this, another method for implementing the present invention, another device, and a computer-readable recording medium recording a program for executing the method may be further provided.

Other aspects, features and advantages other than those described above will become apparent from the following drawings, claims and detailed description of the invention.

According to the above-described problem solving means of the present disclosure, the process for data can be managed separately in one block chain, and the authentication process for data can be proven separately from the time sequence in the block chain.

In addition, according to the problem solving means of the present disclosure, a data management method for easy blockchain migration can be presented.

1 is a conceptual diagram showing a schematic configuration of an IPFS-based file distribution storage system according to an embodiment.
2 is a block diagram showing the configuration of a node according to an embodiment.
3 is a conceptual diagram illustrating a block and a block chain according to an embodiment.
4 is a flowchart illustrating a method for managing blockchain-based data according to an embodiment.
5 is a diagram for explaining a process of implementing a virtual block chain according to an embodiment.
6 is a block diagram showing the configuration of an original block chain according to an embodiment.
7 is a flowchart for explaining a blockchain migration process according to an embodiment.
8 is a block diagram of a block chain-based data management device according to an embodiment.

Advantages and features of the present invention, and methods of achieving them, will become clear with reference to the detailed description of the embodiments taken in conjunction with the accompanying drawings. However, it should be understood that the present invention is not limited to the examples presented below, but may be implemented in various different forms, and includes all conversions, equivalents, and substitutes included in the spirit and scope of the present invention. do. The embodiments presented below are provided to complete the disclosure of the present invention and to fully inform those skilled in the art of the scope of the invention to which the present invention belongs. In describing the present invention, if it is determined that a detailed description of related known technologies may obscure the gist of the present invention, the detailed description will be omitted.

Terms used in this application are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this application, terms such as "include" or "have" are intended to designate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, but one or more other features It should be understood that the presence or addition of numbers, steps, operations, components, parts, or combinations thereof is not precluded.

Some embodiments of the present disclosure may be represented as functional block structures and various processing steps. Some or all of these functional blocks may be implemented as a varying number of hardware and/or software components that perform specific functions. For example, functional blocks of the present disclosure may be implemented by one or more microprocessors or circuit configurations for a predetermined function. Also, for example, the functional blocks of this disclosure may be implemented in various programming or scripting languages. Functional blocks may be implemented as an algorithm running on one or more processors. In addition, the present disclosure may employ prior art for electronic environment setting, signal processing, and/or data processing. Terms such as "mechanism", "element", "means" and "component" may be used broadly and are not limited to mechanical and physical components.

In addition, connecting lines or connecting members between components shown in the drawings are only examples of functional connections and/or physical or circuit connections. In an actual device, connections between components may be represented by various functional connections, physical connections, or circuit connections that can be replaced or added.

Hereinafter, the present disclosure will be described in detail with reference to the accompanying drawings.

1 is a conceptual diagram showing a schematic configuration of an IPFS-based file distribution storage system according to an embodiment.

Referring to FIG. 1 , an IPFS-based file distribution storage system 100 may include a main server 110, an IPFS network 120, a sharer device 130, and a requestor device 140. In addition, the IPFS network 120 may include IPFS nodes 121, 122, 123, and 124.

The main server 110 controls and manages the IPFS network 120, and at this time, the main server 110 can be said to perform the role of a peer leader. Therefore, among the IPFS nodes 121, 122, 123, and 124, the main server 110 may serve as a peer leader. Alternatively, it is also possible to provide a separate main server 110 to perform a management role for the IPFS nodes 121, 122, 123, and 124.

That is, the main server 110 can be a subject that performs file encryption, partition processing, and distributed storage to the IPFS nodes 121, 122, 123, and 124, and constitutes the IPFS network 120 and serves as a peer leader. If it can be performed, there is no separate restriction.

In addition, the main server 110 monitors the IPFS nodes 121, 122, 123, and 124 through active monitoring to determine the operational status and passive monitoring to monitor data upload/download status. ) and distributed storage of data through it, and control and monitoring of data upload and download.

In addition, although not shown in FIG. 1, the main server 110 distributes and communicates an application loaded with a unique code for each user in the user terminal 130, and verifies and confirms documents and restores results and processed history. It may further include an application server (not shown) that manages and processes re-authentication in preparation for change or loss of a user terminal.

The IPFS nodes 121, 122, 123, and 124 store and process data fragments from which files are divided in the IPFS network 120, as well as transaction information that may include download or upload details of the file. It performs the function of storing a copy of the included block and the blockchain on which the block is stacked. Blocks and blockchains are described in detail in FIG. 3 .

The IPFS nodes 121, 122, 123, and 124 may refer to all computing equipment capable of receiving a Contents Identification (CID) as an input and restoring original data of the Contents ID. In addition, the IPFS nodes 121, 122, 123, and 124 may communicate with each other through various communication means such as a central server, a relay server, a P2P network, and a blockchain network.

In this case, the content ID is a unique name of original file data. Similar to the hash value of data, even if the two data have different file names such as “ABC.txt” and “DEF.txt”, if the contents of the data are the same, they will have the same content ID. The content ID has a very small size compared to the original file and can be generated based on the calculation result of a cryptographic hash function.

Meanwhile, the main server 110 that supplies content IDs to the IPFS nodes 121, 122, 123, and 124 communicates with the IPFS nodes 121, 122, 123, and 124 to supply content ID information and prevent fraudulent use. It can be equipped with an authentication means to prevent it. When the main server 110 communicates with the IPFS nodes 121, 122, 123, and 124, the communication means itself does not need to be a secure channel.

Authentication means include a network method of restricting IP addresses, a user authentication method through encryption technology, user authentication through a blockchain network 120, or a method to prevent unauthorized users from arbitrarily inputting content IDs into the IPFS network 120. All methods can be included. At this time, fraudulent use can be fundamentally prevented through an authentication procedure or fraudulent use can be prevented from increasing beyond a certain rate through proof of work.

The content ID supplied by the main server 110 may be the content ID of the original file or the content ID of the result obtained by encrypting the original file according to requirements. In this case, separate metadata for sharing encryption standards may be shared. Metadata may include only information that has no security vulnerability even if the original source is exposed. For example, there are types of encryption algorithms, padding methods, and initial vector values.

The sharer device 130 and the requestor device 140 may be IPFS nodes 121, 122, 123, and 124 themselves, or may be IPFS nodes 121, 122, 123, and 124 that already exist through a relay server. It may be a terminal in use. Here, the sharer terminal 130 and the requester terminal 140 refer to terminals that upload and download files, and may include terminals capable of transmitting and receiving various document data via a communication network according to key manipulation. For example, the sharer terminal 130 and the requester terminal 140 may include a tablet terminal, a laptop, a personal computer (PC), a smartphone, and a personal portable information terminal (PDA). It may be any one of a digital assistant) and a wireless terminal.

The IPFS nodes 121, 122, 123, and 124 can complete verification of the possibility of forgery of the original file without the help of the main server 110 by using the cryptographic hash function of the content ID, and the original file of the content ID is IPFS. Even if it is stored in any device of the network 120, it can be searched for and retrieved through an automated procedure.

2 is a block diagram showing the configuration of nodes of a blockchain network according to an embodiment.

Referring to FIG. 2 , a node 200 may include a communication unit 210 , a processing unit 220 and a storage unit 230 . In addition, the node 200 may be the same as or perform the same function as the IPFS nodes 121 , 122 , 123 , and 124 of FIG. 1 .

The communication unit 210 may provide an interface for transmitting and receiving data to and from the inside or outside of the block chain.

A distributed ledger may be stored in the storage unit 230 . For example, blocks, smart contracts, accounts, transactions, etc. may be stored.

In addition, the processing unit 220 may process contents of transactions stored in blocks of a block chain, which is a distributed ledger, stored in the storage unit 230 . The configuration of the processing unit 220 may vary depending on the function of the corresponding node. For example, the function of the node includes an integrated management function, a block generation function, a block verification function, and the like. Specifically, the processing unit 220 of the integrated management node may perform functions such as overall pool management, P2P management, and block synchronization management, and the processing unit 220 of the block generation node may perform block generation, The processing unit 220 of the block verification node may perform block verification and consensus.

The IPFS node 200 according to the present invention may correspond to a node that performs functions other than the above functions as well as the above function or combination of functions.

3 is a conceptual diagram illustrating a block and a block chain according to an embodiment.

Referring to FIG. 3, a blockchain 300 is a kind of distributed database of one or more blocks 310, 320, and 330 sequentially connected. The blockchain 300 is used to store and manage the addition, deletion, and update (transaction) of user information in the blockchain system, and each node participating in the network of the blockchain system blocks (310, 320, 330 ) can be created and connected to the blockchain 300. Although a limited number of blocks 310, 320, and 330 are shown in FIG. 3, the number of blocks that can be included in a blockchain is not limited thereto.

Each block 310, 320, 330 included in the blockchain 300 has a unique hash value 311, 321, 331, and the block header 312, 322, 332 and the block body 313, 323, 333).

Blockchain 300 may include one or more connected blocks 310 , 320 , and 330 . The block headers 312 , 322 , and 332 may include a hash value of a previous block to indicate a connection relationship between the respective blocks 310 , 320 , and 330 . The hash value of the previous block included in the block headers 312, 322, and 332 is a hash value for the previous block and is the same as the current hash included in the previous block.

For example, the block header 322 of the block N 320 may include the hash value 311 of the block N-1 310 to indicate a connection relationship with the block N-1 310, which is the previous block. can Similarly, the block header 332 of the block N+1 330 may include the hash value 321 of the block N 320 to indicate a connection relationship with the block N 320 as a previous block. The connection relationship in the block headers 312, 322, and 332 expressed in this way can be used in the validation process of the block chain 300.

The blocks 310 , 320 , and 330 are chained by the hash value of the previous block in each block header 312 , 322 , and 332 . Nodes participating in the distributed network verify the validity of the block based on the hash value of the previous block included in the blocks 310, 320, and 330, so that a single malicious node can forge or tamper with the contents of an already created block. action is impossible

The block bodies 313, 323, and 333 may include data stored and managed in the blocks 310, 320, and 330, that is, transaction lists (not shown). The transaction list (not shown) is a list of blockchain-based transactions. A transaction list (not shown) may be expressed in a tree form.

On the other hand, when transactions stored in the block chain 300 individually have cryptographic hashes, the individual transactions may be a unit of 'block' referred to in the present invention. In other words, even if the block chain 300 itself does not provide a hash function, if the hash is correctly generated during the index creation process, the individual transactions may also become blocks 310, 320, and 330.

The blocks 310, 320, and 330 may include other information other than the information included in the block headers 312, 322, and 332 and the block bodies 313, 323, and 333.

Hereinafter, operations according to various embodiments may be understood to be performed by a processor included in a blockchain-based data management method or a blockchain-based data management apparatus.

4 is a flowchart illustrating a method for managing blockchain-based data according to an embodiment.

A blockchain-based data management device (hereinafter, referred to as a 'device') may receive original data from a user and provide a service for managing the original data based on a blockchain. In one embodiment, the original data may correspond to a research note written by a researcher, and the device generates a transaction related to the content of the research note, authentication by an administrator, the time of writing the research note, and the time of authentication by the administrator, etc. can be stored on the network. Through this, it is possible to save and manage the information of the author and manager of the research note and the approval process of the manager.

In one embodiment, original data may be directly recorded on a blockchain network, or may be recorded on an IPFS-based system using an indirect distributed storage method through IPFS.

Referring to FIG. 4 , in step 410, the device may generate a first block for the user's original data.

In one embodiment, the first block may include a transaction list related to the original data, such as information about a user who created the original data, the existence of the original data, and a creation time of the original data.

Meanwhile, the creation time of the original data may correspond to a time claimed by the user to be the time when the original data is created, regardless of a timestamp of a certification authority, which will be described later. Therefore, in this case, the original data creation time indicated by the user may not have legal effect.

In one embodiment, the device may determine whether to encrypt the content ID of the original data. Since the data recorded on the blockchain can be viewed by anyone, the device can decide whether to encrypt the content ID of the original data for security.

When the device encrypts the content ID of the original data, the first block may contain a symmetric-key algorithm and/or an initial vector used to encrypt the content ID of the original data. A symmetric key algorithm is a type of encryption algorithm that uses the same encryption key for both encryption and decryption. An initial vector is a virtual block, and can be used to convert a ciphertext block by XOR (exclusive OR) between the result of encrypting the initial vector and the block to be encrypted.

If the device does not encrypt the content ID of the original data, the first block may contain a hash of the original data and/or a hash algorithm of the original data.

In step 420, the device may apply an original data timestamp issued by a Time Stamping Authority (TSA) to the received original data to generate a second block with respect to the original data timestamp.

TSA is an organization that issues timestamps, that is, an organization that provides a time stamp authentication service. The TSA service consists of a process in which the time stamp authentication agency certifies the creation and modification time of original data. Because TSA performs timestamping, even the owner of the original data cannot be changed, so the original data existed at the time TSA issued a timestamp for the original data or created a block about the timestamp issued by TSA, and thereafter You can prove that it hasn't changed.

In one embodiment, the device transmits the hash of the user's original data to TSA to request timestamp issuance, and receives a timestamp token from TSA and injects it into the original data, thereby applying a timestamp to the original data. there is. Additionally, the device may generate a second block for the original data timestamp issued by the TSA.

On the other hand, even if there is one TSA timestamp for the Nth block, it is proved that the 1st to (N-1)th blocks were also created before the timestamp, so in the present invention, the timestamp of the second block is Block 1 may also be guaranteed to have been created at the same time as the time when the second block was created or earlier.

In step 430, the device may generate a third block with a third party's signature for at least one of the first block and the second block.

In one embodiment, the third party may mean a third party different from the user who created the original data. For example, if the original data is a research notebook, the third party may be a research institute to which the user who wrote the research notebook belongs or a manager of the research institute.

In one embodiment, the signature may correspond to a content ID for an image file of an analog signature. Alternatively, the signature may include a digital signature using a private key and public key encryption.

In one embodiment, the third block includes information about the third party that signed, information about the original data timestamp issued by the user and TSA who created the original data subject to signature, and the time of signing by the third party. It can contain a list of transactions related to the signature. At this time, like the creation time of the original data, the third party's signature time may correspond to the time the third party claims to have signed and may not have legal effect.

In step 440, the device may sequentially record the first to third blocks in the ledger of the original block chain.

In one embodiment, the original blockchain network may correspond to the blockchain 300 of FIG. 3, and the first to third blocks may correspond to one or more blocks 310, 320, and 330 of FIG. there is.

In one embodiment, the original blockchain network may be linked to the IPFS-based file distribution storage system 100 of FIG. 1 . For example, the device records the first to third blocks in the ledger of the original blockchain network, and the original data is distributed to the IPFS-based file distribution storage system 100 or IPFS nodes 121, 122, 123, and 124 can be saved

5 is a diagram for explaining a process of implementing a virtual block chain according to an embodiment.

In general, the contents recorded on the blockchain are 'blockchain wallet', which is information signed with a public key, etc., and has nothing to do with an individual's electronic signature. In addition, RSA-based certificates issued as public certificates are not compatible with elliptic curve cryptosystem-based certificates used in blockchain.

In addition, according to universal blockchain technology that has a linear sequence regardless of data type, the user's original data is created, a timestamp issued by TSA is applied to it, and a third party's signature on the original data and/or timestamp authentication chain cannot be implemented for each original data.

Therefore, with reference to FIG. 5, a method for solving the above technical problem by implementing a virtual block chain inside a block chain will be described in detail.

Referring to FIG. 5 , the original blockchain 500 may include blocks N-2 to N+3 (510 to 560). Since blocks N-2 to N+3 (510 to 560) store generated transactions in order, they are connected in a chain in a linear order. Although six blocks are shown for convenience of description, the number is not limited thereto.

In one embodiment, the device may sequentially record the first to third blocks in the original block chain 500 . Accordingly, each block may correspond to one of blocks N−1 to N+3 (510 to 560).

In the present invention, 'sequentially' recording of blocks does not mean recording in consecutive blocks. For example, referring to FIG. 5, the first block 510 was recorded in the original blockchain 500 before the second block 530, but the first block 510 and the second block 530 are not adjacent to each other. can confirm that it is not.

In one embodiment, the second block may include the location of the first block. Also, the third block may include locations of the first and/or second blocks. For example, the device may create a block including location information of a block to be connected as a virtual chain.

Through this, apart from the connection relationship between block N-2 to block N+3 (510 to 560) of the original block chain 500, each block created by the device may have a separate connection relationship as a virtual chain.

6 is a block diagram showing the configuration of an original block chain according to an embodiment.

Referring to FIG. 6, a block N-1 610, a block N 620, and a block N+1 630 are consecutively connected blocks, and the block N-1 610 and the block N+1 630 are It is a block connected by virtual chain 613.

In one embodiment, each block 610 or 630 connected by the virtual chain 613 may include essential information 611 or 631 and/or index information 612 or 632.

Essential information (611, 631) is information about the content stored in the block. For example, essential information included in the first block may be information about original data created by a user.

The index information 612 and 632 is information referred to for connecting the virtual chain 613. In one embodiment, when connecting the first block and the second block with a virtual chain, index information included in the second block may be information about the location of the first block. Alternatively, when information on the location of the first block is included in the index information included in the second block, it may be defined that the first block and the second block are connected through a virtual chain. For example, assuming that the block N−1 610 is the first block and the block N+1 630 is the second block, the index information 632 of the second block 630 is the first block 610 It may include information about the position of or N-1, which is the block number of the first block 610.

On the other hand, the index information (612, 632) must ensure that the aforementioned essential information (611, 631) is not changed. For example, a hash value using a cryptographic hash function separate from the block chain for the entire essential information (611, 631), a hash value of data including the entire essential information (611, 631) (e.g., the required information is Block hash of the included block), genesis block hash, block height value, and other methods of proving the integrity of essential information (611, 631). The user may have index information of one or more of the above methods at the same time in order to improve search performance for each system. At this time, the index information for the previous block must be included in the essential information of the next block. On the other hand, if index information is not included, it can be replaced with a copy of the original data. This will be described later in detail with reference to FIG. 7 .

Even if one process for data is recorded in several blocks, each block is connected and managed through a virtual chain, which has the effect of facilitating data management and migration to other blockchains.

Returning to FIG. 5 again, the configuration of the first to fourth blocks 510, 530, 540, and 560 will be described in detail based on the above description.

In one embodiment, the first block 510 may include first essential information. In addition, the first essential information is at least one of a user certificate capable of proving the identity of the user who created the original data, a content ID of the original data, a content ID of the original data displayed by the user, and a signature for the content ID and creation time of the original data. may contain one.

In one embodiment, the user certificate may mean a user's public key, and the content ID of the original data and the signature for the creation time of the original data may use the user certificate as it is.

That is, the first block 510 may include all information indicating that the user wrote the original data.

In one embodiment, the second block 530 may include second essential information. In addition, the second essential information may include at least one of a content ID for all of the first essential information and information about an original data timestamp for the first essential information.

The content ID of the entire first essential information refers to a content ID corresponding to the entirety of the first essential information as one piece of data, apart from the content ID of the original data. The timestamp corresponds to the one issued by TSA for time point authentication for the first essential information. In this case, the timestamp may follow the RFC 3161 standard.

In one embodiment, the second block 530 may include second index information. Also, the second index information may include a location of a block in which the first essential information is recorded or a location of a transaction. For example, the second index information may include a location of the first block 510 in which the first essential information is recorded or a detailed location of a transaction in the first block 510 in which the first essential information is recorded. Accordingly, the first block 510 and the second block 530 may be connected to the virtual chain through the second index information.

That is, the second block 530 may include all information related to TSA point-in-time authentication of original data and connection with the first block 510 .

In one embodiment, the third block 540 may include third essential information. Also, the third essential information may include at least one of a third party certificate capable of proving the identity of the third party, a third party authentication body, and a signature for the authentication body. The authentication body of the third party may include a content ID for all of the first essential information, a content ID for all of the second essential information, and the third party's authentication time point indicated by the third party.

In one embodiment, the third party certificate may refer to a third party's public key, and the third party certificate may be used as it is for the signature of the third party's authentication body.

In one embodiment, the third block 540 may include third index information. Also, the third index information may include a location of a block in which the second essential information is recorded or a location of a transaction. Accordingly, the second block 530 and the third block 540 may be connected to the virtual chain through the third index information.

In another embodiment, the third index information may further include a location of a block in which the first essential information is recorded or a location of a transaction. Accordingly, the first block 510 and the third block 540 may be connected to the virtual chain through the third index information.

That is, the third block 540 may include all information about the third party's authentication of the original data and the original data timestamp, and the connection with the second block 530 .

In one embodiment, the device may apply the TSA-issued administrator signature timestamp to the third block 540 to generate the fourth block 560 for the administrator signature timestamp. By generating the fourth block, the TSA can once again authenticate whether the third party has performed the role of authenticating the original data and the original data timestamp at the appropriate time. Thereafter, the device may record the fourth block 560 in the ledger of the original block chain 500 .

In one embodiment, the fourth block 560 may include fourth essential information. Also, the fourth essential information may include at least one of a content ID for all of the third essential information and information about a manager signature timestamp for all of the third essential information.

In one embodiment, the fourth block 560 may include fourth index information. Also, the fourth index information may include a location of a block or a location of a transaction in which the third essential information is recorded. Accordingly, the fourth block 560 may be connected to the virtual chain through the third block 540 and the fourth index information.

In another embodiment, the fourth index information may further include a location of each block or a location of each transaction in which the first and/or second essential information is recorded. Accordingly, the fourth block 560 may be connected to the first block 510 and/or the second block 540 through the fourth index information as a virtual chain.

That is, the fourth block 560 may include all information related to TSA's point-in-time authentication of the third party's authentication and connection with the third block 540 .

On the other hand, proof of the time order of the above-mentioned first to fourth blocks can be performed not only by the block chain but also by a timestamp separately issued from the TSA, and the order of blocks can be reconstructed and verified through the timestamp.

7 is a flowchart for explaining a blockchain migration process according to an embodiment.

In one embodiment, the device may migrate an original blockchain to another blockchain. For example, another blockchain may be a new blockchain following a hard fork. Alternatively, the other blockchain may be a new blockchain having a completely different domain from the original blockchain. The migration process will be described in detail below.

Referring to FIG. 7 , in step 710, the device may extract the locations of the first to fourth blocks in the original blockchain based on the fourth block.

In one embodiment, the device may extract the location of the third block from the fourth index information included in the fourth block, and extract the location of the second block from the third index information included in the third block, , the location of the first block can be extracted from the second index information included in the second block. In another embodiment, when the positions of the first to third blocks are all recorded in the fourth index information, the device may extract all positions of the first to third blocks from the fourth index information.

In one embodiment, the device may acquire all of the first to fourth essential information from the first to fourth blocks. In addition, the device can obtain all information including content ID, certificate, creation or certification time, signature, etc. from the first to fourth essential information.

In step 720, the device may verify the integrity of the first to fourth blocks.

In one embodiment, the device may verify the integrity of the first to fourth blocks by verifying the validity of the hash values and electronic signatures recorded in the first to fourth blocks.

The blockchain network itself is almost impossible to falsify, but by verifying the integrity of the original blockchain during the migration process, reliability problems that may arise during migration can be resolved.

In step 730, the device may sequentially store the information included in the first to fourth blocks in blocks of other blockchains.

Hereinafter, blocks of other blockchains to which the first to fourth blocks of the original blockchain are to be migrated are defined as first to fourth migration blocks, respectively.

In one embodiment, the device may store the first essential information as essential information in the first migration block. Also, the device may store the second essential information in the second migration block as essential information, and store the location of the first migration block in the second migration block as index information. Also, the device may store the third essential information in the third migration block as essential information, and store the location of the second migration block in the third migration block as index information. Similarly, the device may store the fourth essential information as essential information in the fourth migration block, and store the position of the third migration block as index information in the fourth migration block.

In another embodiment, the index information of the third migration block may further include the location of the first migration block, and the index information of the fourth migration block may further include the location of the first and/or second migration block. there is.

In one embodiment, the device determines the hash of at least one of the first to fourth blocks of the original block chain in which the data to be referenced is stored, the genesis block hash, the block height, and the uniqueness of each transaction. At least one of the IDs may be stored as index information of the first migration block.

Alternatively, in another embodiment, the device may necessarily include the hash of at least one of the first to fourth blocks of the original block chain in which the reference data is stored as index information of the first migration block, the genesis block hash, At least one of a block height and a unique ID of an individual transaction may be selectively included as index information of the first migration block. This is because the hash of each block in the original blockchain is essential for proof of existence, and the genesis block hash, block height, and unique ID of each transaction are optional to speed up the search.

A genesis block is a block created when a blockchain network is initially started, and refers to a block with a block height of 0. Also called block 0.

Block height means the total number of blocks created from the genesis block. The block height of a particular block is defined as the number of blocks that exist before it in the blockchain. Unlike the genesis block, every block has a block height because it contains the hash of the previous block.

The unique ID of each transaction may be information specifying where (what number) a transaction to be referred to in the first to fourth blocks is located in the corresponding block.

Even if you need to migrate to a new blockchain again after migrating from the original blockchain to another blockchain, you can refer to the first to fourth blocks of the original blockchain.

Therefore, according to an embodiment, if a block related to the original data (eg, a first migration block in another block chain) includes the first index information, it means that the block chain including the corresponding block is a migrated block chain. can

Through the above blockchain migration process, even if the data in the current original blockchain is transferred to another blockchain, we propose a migration technique that can reconstruct the sequence of events and prove existence based on TSA information at the time each block is created. There are effects that can be done. In addition, since the index information in the present invention is not a simple number, but a cryptographic hash that guarantees the integrity of the previous block, there is an effect of implementing a virtual block chain through this.

8 is a block diagram of a blockchain-based data management device.

Referring to FIG. 8 , an apparatus 800 may include a communication unit 810 , a processor 820 and a DB 830 . In the device 800 of FIG. 8 , only components related to the embodiment are shown. Accordingly, those skilled in the art can understand that other general-purpose components may be further included in addition to the components shown in FIG. 8 .

The communication unit 810 may include one or more components that enable wired/wireless communication with an external server or external device. For example, the communication unit 810 may include at least one of a short-range communication unit (not shown), a mobile communication unit (not shown), and a broadcast reception unit (not shown). In one embodiment, the communication unit 810 may receive original data from a user.

The DB 830 is hardware for storing various data processed in the device 800, and may store programs for processing and controlling the processor 820.

The DB 830 includes random access memory (RAM) such as dynamic random access memory (DRAM) and static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), and CD-ROM. ROM, Blu-ray or other optical disk storage, hard disk drive (HDD), solid state drive (SSD), or flash memory.

The processor 820 controls the overall operation of the device 800. For example, the processor 820 may generally control an input unit (not shown), a display (not shown), a communication unit 810, and the DB 830 by executing programs stored in the DB 830. The processor 820 may control the operation of the device 800 by executing programs stored in the DB 830 .

The processor 820 may control at least some of the operations of the blockchain-based data management device described above with reference to FIGS. 1 to 7 .

The processor 820 may include application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), controllers, and microcontrollers. It may be implemented using at least one of micro-controllers, microprocessors, and electrical units for performing other functions.

In one embodiment, device 800 may be a server. A server may be implemented as a computer device or a plurality of computer devices that communicate over a network to provide commands, codes, files, content, services, and the like. The server may receive data required to manage data based on the blockchain and manage the data received from the user based on the received data.

Meanwhile, embodiments according to the present invention may be implemented in the form of a computer program that can be executed on a computer through various components, and such a computer program may be recorded on a computer-readable medium. At this time, the medium is a magnetic medium such as a hard disk, a floppy disk and a magnetic tape, an optical recording medium such as a CD-ROM and a DVD, a magneto-optical medium such as a floptical disk, and a ROM hardware devices specially configured to store and execute program instructions, such as RAM, flash memory, and the like.

Meanwhile, the computer program may be specially designed and configured for the present invention, or may be known and usable to those skilled in the art of computer software. An example of a computer program may include not only machine language code generated by a compiler but also high-level language code that can be executed by a computer using an interpreter or the like.

According to one embodiment, the method according to various embodiments of the present disclosure may be included and provided in a computer program product. Computer program products may be traded between sellers and buyers as commodities. A computer program product is distributed in the form of a device-readable storage medium (eg compact disc read only memory (CD-ROM)), or through an application store (eg Play Store™) or between two user devices. It can be distributed (eg downloaded or uploaded) directly or online. In the case of online distribution, at least part of the computer program product may be temporarily stored or temporarily created in a device-readable storage medium such as a manufacturer's server, an application store server, or a relay server's memory.

The steps constituting the method according to the present invention may be performed in any suitable order unless an order is explicitly stated or stated to the contrary. The present invention is not necessarily limited according to the order of description of the steps. The use of all examples or exemplary terms (eg, etc.) in the present invention is simply to explain the present invention in detail, and the scope of the present invention is limited due to the examples or exemplary terms unless limited by the claims. it is not going to be In addition, those skilled in the art can appreciate that various modifications, combinations and changes can be made according to design conditions and factors within the scope of the appended claims or equivalents thereof.

Therefore, the spirit of the present invention should not be limited to the above-described embodiments and should not be determined, and all scopes equivalent to or equivalently changed from the claims as well as the claims described below are within the scope of the spirit of the present invention. will be said to belong to

Claims (13)

generating a first block of user's original data;
applying an original data timestamp issued by a time-stamping authority (TSA) to the original data to generate a second block related to the original data timestamp;
generating a third block relating to a third party's signature for at least one of the first block and the second block;
generating a fourth block related to the administrator signature timestamp by applying the administrator signature timestamp issued by the TSA to the third block;
sequentially recording the first to fourth blocks in the ledger of the original block chain; and
Including; migrating the original block chain to another block chain,
The migration step is
extracting the positions of the first to fourth blocks in the original block chain based on the fourth block;
verifying the integrity of the first to fourth blocks; and
Sequentially storing the information included in the first to fourth blocks in blocks of the other blockchain;
The first block,
At least one of a user certificate capable of proving the identity of the user, a content ID of the original data, a creation time of the original data indicated by the user, and a signature for the content ID of the original data and the creation time of the original data Including the included first essential information,
The method,
Further comprising: determining whether to encrypt the content ID of the original data;
The first essential information is,
When the content ID of the original data is encrypted, at least one of a symmetric-key algorithm and an initial vector used to encrypt the content ID of the original data is further included, and the content ID of the original data is encrypted. If not, further comprising at least one of a hash of the original data and a hash algorithm of the original data,
The second to fourth blocks,
Each includes second to fourth essential information and second to fourth index information,
The step of storing in a block of another block chain,
storing the first essential information as essential information in a first migration block constituting the other block chain;
storing the second essential information as essential information in a second migration block constituting the other block chain, and storing the location of the first migration block in the second migration block as index information;
storing the third essential information as essential information in a third migration block constituting the other block chain, and storing the location of the second migration block in the third migration block as index information;
storing the fourth essential information as essential information in a fourth migration block constituting the other block chain, and storing the location of the third migration block in the fourth migration block as index information; and
The hash of at least one of the first to fourth blocks is essentially stored as index information in the first migration block, and the genesis block hash, block height, and Selectively storing at least one of the unique IDs of individual transactions as index information in the first migration block;
Blockchain-based data management method. delete delete According to claim 1,
The original data timestamp,
By proving that the original data existed at a specific point in time after the creation of the original data indicated by the user,
At the specific point in time,
Characterized in that the time when the TSA issues the original data timestamp or the time when the second block is generated,
Blockchain-based data management method. According to claim 1,
The second block,
Including the second essential information including at least one of a content ID for the first essential information and information about the original data timestamp,
Blockchain-based data management method. According to claim 1,
The second block,
The second index information including the location of the transaction in which the first essential information is recorded,
Blockchain-based data management method. According to claim 1,
The third block,
The third essential information including at least one of a third party certificate capable of proving the identity of the third party, an authentication body of the third party, and a signature of the authentication body,
The authentication body of the third party,
A content ID for the first essential information, a content ID for the second essential information, and an authentication time point of the third party indicated by the third party.
Blockchain-based data management method. According to claim 1,
The third block,
The third index information including the location of the transaction in which the second essential information is recorded,
Blockchain-based data management method. delete According to claim 1,
The fourth block,
Including the fourth essential information including at least one of a content ID for the third essential information and information about the manager signature timestamp,
Blockchain-based data management method. According to claim 1,
The fourth block,
The fourth index information including the location of the transaction in which the third essential information is recorded,
Blockchain-based data management method. a memory in which at least one program is stored; and
A processor operating by executing the at least one program; including,
the processor,
Create a first block for the user's original data;
Applying an original data timestamp issued by a Time-Stamping Authority (TSA) to the original data to generate a second block related to the original data timestamp;
generating a third block relating to a third party's signature for at least one of the first block and the second block;
Applying the administrator signature timestamp issued by the TSA to the third block to generate a fourth block related to the administrator signature timestamp;
The first to fourth blocks are sequentially recorded in the ledger of the original blockchain,
Migrate the original blockchain to another blockchain,
The migration is
Based on the fourth block, the positions of the first to fourth blocks are extracted from the original block chain;
verifying the integrity of the first to fourth blocks;
Further comprising sequentially storing the information included in the first to fourth blocks in blocks of the other blockchain,
The first block,
At least one of a user certificate capable of proving the identity of the user, a content ID of the original data, a creation time of the original data indicated by the user, and a signature for the content ID of the original data and the creation time of the original data contains the first essential information included;
the processor,
Determine whether to encrypt the content ID of the original data,
The first essential information is,
When the content ID of the original data is encrypted, at least one of a symmetric-key algorithm and an initial vector used to encrypt the content ID of the original data is further included, and the content ID of the original data is encrypted. If not, further comprising at least one of a hash of the original data and a hash algorithm of the original data,
The second to fourth blocks,
Each includes second to fourth essential information and second to fourth index information,
Storing in blocks of other blockchains,
Store the first essential information as essential information in the first migration block constituting the other blockchain,
The second essential information is stored as essential information in a second migration block constituting the other blockchain, and the location of the first migration block is stored in the second migration block as index information;
The third essential information is stored as essential information in a third migration block constituting the other block chain, and the location of the second migration block is stored in the third migration block as index information;
storing the fourth essential information as essential information in a fourth migration block constituting the other block chain, and storing the location of the third migration block in the fourth migration block as index information; and
The hash of at least one of the first to fourth blocks is essentially stored as index information in the first migration block, and the genesis block hash, block height, and Further comprising selectively storing at least one of the unique IDs of individual transactions as index information in the first migration block.
Blockchain-based data management device. A computer-readable recording medium recording a program for executing the method of claim 1 on a computer.

Images