TW202023238A - Trusted node determining method and apparatus based on block chain network - Google Patents

Trusted node determining method and apparatus based on block chain network Download PDF

Info

Publication number
TW202023238A
TW202023238A TW108130001A TW108130001A TW202023238A TW 202023238 A TW202023238 A TW 202023238A TW 108130001 A TW108130001 A TW 108130001A TW 108130001 A TW108130001 A TW 108130001A TW 202023238 A TW202023238 A TW 202023238A
Authority
TW
Taiwan
Prior art keywords
program
information
node
access device
contract object
Prior art date
Application number
TW108130001A
Other languages
Chinese (zh)
Inventor
王葉松
Original Assignee
香港商阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商阿里巴巴集團服務有限公司 filed Critical 香港商阿里巴巴集團服務有限公司
Publication of TW202023238A publication Critical patent/TW202023238A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Abstract

Embodiments of the present application provide a trusted node determining method and apparatus based on a block chain network. The method comprises: when a device accesses the block chain network, a first program on a node of the block chain network obtains token information of the access device, the token information comprising security information of the access device; the first program calls a first contract object, and the first contract object generates security assessment information for the access device according to the token information; a node corresponding to the first program determines, according to the security assessment information, whether the access device is a trusted node. In embodiments of the present application, the security information of an internet of things device is taken as a selection condition of the trusted node of the networked block chain network, so that the overall security of a consensus mechanism can be maintained or even improved without losing the high performance of a weakly centralized consensus algorithm.

Description

基於區塊鏈網路的可信節點確定方法和裝置Method and device for determining trusted node based on blockchain network

本發明涉及通信技術領域,特別是涉及一種基於區塊鏈網路的可信節點確定方法和一種基於區塊鏈網路的可信節點確定裝置。The present invention relates to the field of communication technology, in particular to a method for determining a trusted node based on a blockchain network and a device for determining a trusted node based on a blockchain network.

隨著物聯網IoT的發展,傳統中心化的物聯網後端服務(例如,設備管理平臺DMP、連接管理平臺CMP,資料聚合與分析服務)等在可見的將來很難處理大量的全球物聯設備的接入管理和資料處理,未來物聯網的拓撲結構也會從目前的點-邊-雲端發展到雲端-邊-點+P2P的分散式網路。 如何在這種規模和複雜度的物聯網中建立可信的連接,資料交互,去中間化服務是一個現實的挑戰。區塊鏈在去中心化,P2P對等網路,資料不可篡改等方面給出了一個可能解決物聯網相關問題的技術選項。 在目前市場上可見的區塊鏈相關實現中,公有區塊鏈(Bitcoin,Ethereum)因其使用了高功耗,長確認延時的共識演算法,並不適合要求高併發,低延時的未來物聯網環境。With the development of IoT, traditional centralized IoT back-end services (for example, device management platform DMP, connection management platform CMP, data aggregation and analysis services), etc. will be difficult to handle a large number of global IoT devices in the foreseeable future Access management and data processing, the topology of the future Internet of Things will also develop from the current point-side-cloud to a cloud-side-point+P2P distributed network. How to establish credible connections, data interaction, and de-intermediation services in the Internet of Things of this scale and complexity is a realistic challenge. Blockchain provides a technical option that may solve problems related to the Internet of Things in terms of decentralization, P2P peer-to-peer network, and non-tampering of data. Among the blockchain-related implementations currently visible in the market, public blockchains (Bitcoin, Ethereum) are not suitable for the future Internet of Things that requires high concurrency and low latency due to the use of high power consumption and long confirmation delay consensus algorithms. surroundings.

鑒於上述問題,提出了本發明實施例以便提供一種克服上述問題或者至少部分地解決上述問題的一種基於區塊鏈網路的可信節點確定方法和相應的一種基於區塊鏈網路的可信節點確定裝置。 為了解決上述問題,本發明實施例公開了一種基於區塊鏈網路的可信節點確定方法,其中,所述區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取所述第一合約對象的第一程式,所述方法包括: 當有設備接入所述區塊鏈網路時,所述區塊鏈網路一節點上的第一程式獲取接入設備的通證資訊,所述通證資訊包含所述接入設備的安全資訊; 所述第一程式調用所述第一合約對象,由所述第一合約對象根據所述通證資訊,產生針對所述接入設備的安全評估資訊; 所述第一程式對應的節點,根據所述安全評估資訊判斷所述接入設備是否為可信節點。 優選的,還包括: 若所述接入設備為可信節點,所述第一程式對應的節點將所述接入設備加入預設的可信節點池。 優選的,所述區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取所述第二合約對象的第二程式; 在所述第一程式獲取接入設備的通證資訊之前,所述方法還包括: 所述區塊鏈網路一節點上的第二程式接收設備的通證資訊和標識資訊; 所述第一程式獲取接入設備的通證資訊的步驟包括: 所述第一程式獲取所述接入設備的標識資訊; 所述第一程式產生通證資訊獲取請求,並向所述第二程式發送所述通證資訊獲取請求,所述通證資訊獲取請求包括所述接入設備的標識資訊; 所述第一程式接收所述第二程式發送的通證資訊,所述通證資訊由所述第二程式依據所述標識資訊查找得到。 優選的,還包括: 所述第二程式調用所述第二合約對象,由所述第二合約對象將所述設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。 優選的,還包括: 當所述第二程式接收到所述第一程式發送的通證資訊獲取請求時,所述第二程式調用所述第二合約對象,由所述第二合約對象從所述預設分散式檔案系統,提取與所述標識資訊對應的通證資訊。 優選的,所述第一程式獲取所述接入設備的標識資訊的步驟包括: 所述第一程式接收所述區塊鏈網路的一可信節點發送的所述接入設備的標識資訊。 優選的,所述第一程式為第一去中心化程式DApp,所述第二程式為第二DApp。 本發明實施例還公開了一種基於區塊鏈網路的可信節點確定裝置,其中,所述區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取所述第一合約對象的第一程式,所述裝置包括: 第一程式,以及所述第一程式所在的節點; 所述第一程式包括: 通證資訊獲取模組,用於在有設備接入所述區塊鏈網路時,獲取接入設備的通證資訊,所述通證資訊包含所述接入設備的安全資訊; 第一調用模組,用於調用所述第一合約對象,所述第一合約對象用於根據所述通證資訊,產生針對所述接入設備的安全評估資訊; 所述第一程式所在的節點包括: 可信節點判斷模組,用於根據所述安全評估資訊判斷所述接入設備是否為可信節點。 優選的,所述第一程式所在的節點還包括: 可信節點池加入模組,用於若所述接入設備為可信節點,則將所述接入設備加入預設的可信節點池。 優選的,所述區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取所述第二合約對象的第二程式;所述裝置還包括: 第二程式,在所述區塊鏈網路一節點上,包括:資訊接收模組,用於接收設備的通證資訊和標識資訊; 所述第一程式的通證資訊獲取模組包括: 標識獲取子模組,用於獲取所述接入設備的標識資訊; 請求子模組,用於產生通證資訊獲取請求,並向所述第二程式發送所述通證資訊獲取請求,所述通證資訊獲取請求包括所述接入設備的標識資訊; 通證資訊接收子模組,用於接收所述第二程式發送的通證資訊,所述通證資訊由所述第二程式依據所述標識資訊查找得到。 優選的,所述第二程式還包括: 第二調用模組,用於調用所述第二合約對象,由所述第二合約對象將所述設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。 優選的,所述第二程式還包括: 第三調用模組,用於當接收到所述第一程式發送的通證資訊獲取請求時,調用所述第二合約對象,由所述第二合約對象從所述預設分散式檔案系統,提取與所述標識資訊對應的通證資訊。 優選的,所述標識獲取子模組包括: 標識接收單元,用於接收所述區塊鏈網路的一可信節點發送的所述接入設備的標識資訊。 優選的,所述第一程式為第一去中心化程式DApp,所述第二程式為第二DApp。 本發明實施例還公開了一種裝置,包括: 一個或多個處理器;和 其上儲存有指令的一個或多個機器可讀媒體,當由所述一個或多個處理器執行時,使得所述裝置執行如上所述的一個或多個的方法。 本發明實施例還公開了一個或多個機器可讀媒體,其上儲存有指令,當由一個或多個處理器執行時,使得所述處理器執行如上所述的一個或多個的方法。 本發明實施例包括以下優點: 本發明實施例中,可以將物聯網設備的安全資訊加密添加到通證資訊中,藉由在區塊鏈網路中傳輸通證資訊,使得部署在區塊鏈網路的節點的智能合約和程式可以基於通證資訊中的安全資訊來評估物聯網設備的安全性。在物聯網的多源異構硬體場景下,不同類型的物聯網設備的安全資訊都是不同的,本發明實施例可以對不同類型的物聯網設備產生相應的安全評估資訊,適用於物聯網的多源異構硬體場景下對物聯網設備的進行安全性評估。在物聯網環境下,人介入的因素在減少,物聯網設備自動化介入網路是主要應用場景。本發明實施例中,將物聯網設備本身的安全資訊作為聯網的區塊鏈網路可信節點選取條件,可以在不損失弱中心化共識演算法高性能的前提下,可以保持甚至提高共識機制整體的安全性。In view of the above problems, the embodiments of the present invention are proposed to provide a method for determining a trusted node based on a blockchain network and a corresponding method for determining a trusted node based on a blockchain network that overcomes the above problems or at least partially solves the above problems. Node determination device. In order to solve the above problem, the embodiment of the present invention discloses a method for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or deploys There is a first program for accessing the first contract object, and the method includes: When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the pass information of the access device, and the pass information includes the security of the access device News; The first program calls the first contract object, and the first contract object generates security assessment information for the access device according to the token information; The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information. Preferably, it also includes: If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool. Preferably, at least one node of the blockchain network is deployed with a second contract object, and/or is deployed with a second program for accessing the second contract object; Before the first program obtains the pass information of the access device, the method further includes: The second program on a node of the blockchain network receives the pass information and identification information of the device; The step of obtaining the pass information of the access device by the first program includes: Obtaining the identification information of the access device by the first program; The first program generates a pass information acquisition request, and sends the pass information acquisition request to the second program, and the pass information acquisition request includes the identification information of the access device; The first program receives the token information sent by the second program, and the token information is found by the second program according to the identification information. Preferably, it also includes: The second program calls the second contract object, and the second contract object stores the pass information and identification information of the device in a preset distributed file system. Preferably, it also includes: When the second program receives the token information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object obtains the token from the default distributed file The system extracts the pass information corresponding to the identification information. Preferably, the step of obtaining the identification information of the access device by the first program includes: The first program receives the identification information of the access device sent by a trusted node of the blockchain network. Preferably, the first program is a first decentralized program DApp, and the second program is a second DApp. The embodiment of the present invention also discloses a device for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or is deployed for access The first program of the first contract object, the device includes: The first program, and the node where the first program is located; The first program includes: The pass information acquisition module is used to obtain pass information of the access device when a device accesses the blockchain network, the pass information includes the security information of the access device; The first calling module is used to call the first contract object, and the first contract object is used to generate security assessment information for the access device based on the token information; The node where the first program is located includes: The trusted node determination module is used to determine whether the access device is a trusted node according to the security assessment information. Preferably, the node where the first program is located further includes: The trusted node pool adding module is configured to add the access device to the preset trusted node pool if the access device is a trusted node. Preferably, a second contract object is deployed on at least one node of the blockchain network, and/or a second program for accessing the second contract object is deployed; the device further includes: The second program, on a node of the blockchain network, includes: an information receiving module for receiving token information and identification information of the device; The pass information acquisition module of the first program includes: An identification acquisition sub-module for acquiring identification information of the access device; The request sub-module is used to generate a pass information obtaining request and send the pass information obtaining request to the second program, the pass information obtaining request including the identification information of the access device; The pass information receiving sub-module is used to receive pass information sent by the second program, and the pass information is searched by the second program according to the identification information. Preferably, the second program further includes: The second calling module is used for calling the second contract object, and the second contract object stores the token information and identification information of the device in a preset distributed file system. Preferably, the second program further includes: The third call module is used to call the second contract object when the pass information acquisition request sent by the first program is received, and the second contract object from the preset distributed file system, Extract the token information corresponding to the identification information. Preferably, the identification acquisition sub-module includes: The identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network. Preferably, the first program is a first decentralized program DApp, and the second program is a second DApp. The embodiment of the present invention also discloses a device, including: One or more processors; and One or more machine-readable media on which instructions are stored, when executed by the one or more processors, cause the device to perform one or more of the methods described above. The embodiment of the present invention also discloses one or more machine-readable media, on which instructions are stored, which when executed by one or more processors, cause the processors to execute one or more of the methods described above. The embodiments of the present invention include the following advantages: In the embodiment of the present invention, the security information of the Internet of Things device can be encrypted and added to the pass information. By transmitting the pass information in the blockchain network, the smart contracts and smart contracts deployed on the nodes of the blockchain network The program can evaluate the security of IoT devices based on the security information in the pass information. In the multi-source heterogeneous hardware scenario of the Internet of Things, the security information of different types of Internet of Things devices are different. The embodiment of the present invention can generate corresponding security assessment information for different types of Internet of Things devices, and is suitable for the Internet of Things. The security assessment of IoT devices under the multi-source heterogeneous hardware scenario. In the Internet of Things environment, the factors of human intervention are decreasing, and the automatic intervention of Internet of Things equipment into the network is the main application scenario. In the embodiment of the present invention, the security information of the Internet of Things device itself is used as the selection condition of the trusted node of the networked blockchain network, which can maintain or even improve the consensus mechanism without losing the high performance of the weakly centralized consensus algorithm Overall security.

為使本發明的上述目的、特徵和優點能夠更加明顯易懂,下面結合圖式和具體實施方式對本發明作進一步詳細的說明。 參照圖1,示出了本發明的一種基於區塊鏈網路的可信節點確定方法實施例一的步驟流程圖,其中,所述區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取所述第一合約對象的第一程式,所述方法具體可以包括如下步驟: 步驟101,當有設備接入所述區塊鏈網路時,所述區塊鏈網路一節點上的第一程式獲取接入設備的通證資訊,所述通證資訊包含所述接入設備的安全資訊; 區塊鏈網路是去中心化的,這意味著沒有伺服器,客戶端也不需要依賴伺服器來獲取或處理資料。在區塊鏈網路中,有的是節點。節點既是一個客戶端,也是一個伺服器。區塊鏈網路是P2P(Peer-to-Peer,點對點)網路,區塊鏈網路中的每個節點可以直接連接到其他節點,它的拓撲是扁平的。 在實際中,在物聯網設備的生產階段,可以由生產商將設備安全認證的相關密鑰及設備唯一的標識資訊(例如,DID(Distributed ID,分散式標識))燒錄進設備的安全儲存區域中。生產商還可以將分散式帳本節點SDK (Software Development Kit,軟體開發工具包)嵌入在設備韌體中安裝。分散式帳本節點SDK可以提供設備與區塊鏈網路連接的能力,同時也可以提供在設備端收集設備安全認證(Attestation)的資料並上報區塊鏈的服務。 當物聯網設備接入區塊鏈網路時,物聯網設備的可以發現區塊鏈網路中其他節點,並與其他節點建立鏈接。接入到區塊鏈網路的物聯網設備就是區塊鏈網路的一個節點。 在本發明實施例中,構成區塊鏈網路的節點可以是部署在雲端服務供應商的BaaS(Blockchain as a Service,區塊鏈即伺服)平臺上,也可以部署在邊緣計算伺服器,或部署在物聯網中富演算力的邊緣設備上。 在本發明實施例中,物聯網設備中相關的安全模組(Secure Component),使用燒錄進設備的密鑰,自產生相關安全認證通證,將通證返回設備商。例如,產生實體認證符記EAT(Entity Attestation Token)作為通證。當然,除了採用EAT作為通證,還可以採用其他方式產生通證,本發明實施例在此不做限定。 相關的安全模組可以包括SE(Secure Element,安全模組)、TEE(Trusted Execution Environment,可信執行環境)、軟體安全沙盒、SIM(Subscriber Identity Module,客戶身份識別卡)、Secure MCU(Secure Microcontroller Unit,安全微控制單元)、TPM(Trusted Platform Module,安全晶片)等。 在本發明實施例中,通證資訊包含了物聯網設備的安全資訊,安全資訊是可以從物理世界的角度衡量物聯網設備是否安全的資訊。例如,設備是否有安全模組;設備的核心韌體是否由可信方安全更新,設備是否安全引導(Secure Bootup),設備中運行的關鍵App/SDK是否由可信方簽名並部署,設備中部署的區塊鏈SDK是否運行在安全模組中等。在實際中,安全資訊可以根據物聯網設備的具體業務要求來設定,本發明實施例在此不做限定。 在本發明實施例中,第一合約對象是用於根據通證資訊產生針對設備的安全評估資訊的智能合約。第一程式用於獲取通證資訊,並調用第一合約對象。 第一程式可以部署在多個節點上,每一個節點上的第一程式都可以單獨執行獲取通證資訊,並單獨調用第一合約對象。但第一合約對象產生針對接入設備的安全評估資訊的操作,需要依賴區塊鏈網路的共識機制。 在本發明實施例中,合約對象是指智能合約,智能合約是一種可部署在區塊鏈網路節點的虛擬機中的應用程式,智能合約一般部署在區塊鏈網路中若干個節點中。 在本發明實施例中,第一程式可以是第一去中心化程式。 去中心化程式DApp(Decentralized Application)是一種分散式應用程式,可以部署在區塊鏈網路的一個或多個節點上,DApp是用於存取智能合約的客戶端應用程式(例如前端應用程式),主要負責實現對智能合約的調用,並實現一些業務層的邏輯。需要說明的是,DApp與智能合約可以部署不必一定要部署在同一節點上。DApp的執行與區塊鏈網路的共識機制無關,但DApp調用的智能合約的執行結果,需要依賴區塊鏈網路的共識機制。 步驟102,所述第一程式調用所述第一合約對象,由所述第一合約對象根據所述通證資訊,產生針對所述接入設備的安全評估資訊。 在本發明實施例中,當物聯網設備接入區塊鏈網路時,由運行在區塊鏈網路某一節點上的第一程式獲取該物聯網設備的通證資訊並調用第一合約對象,第一合約對象可以根據通證資訊中的安全資訊產生針對該設備的安全評估資訊。 例如,若安全資訊為:接入設備無任何安全模組,設備中部署的區塊鏈App/SDK沒有可信方簽名,部署的智能合約運行虛擬機映像(Image)沒有可信方的簽名等。可以認為該接入設備是低安全級別設備,則第一合約對象產生的安全評估資訊可以是表示安全級別低的資訊。 又例如,若安全資訊為:接入設備有多個安全模組,設備中部署的區塊鏈App/SDK有可信方簽名,部署的智能合約運行虛擬機映像(Image)有可信方的簽名等。可以認為該接入設備是高安全級別設備,則第一合約對象產生的安全評估資訊可以是表示安全級別高的資訊。 當然,採用安全級別來作為安全評估資訊僅僅是示例,在實際中可以產生其他形式的安全評估消息,本發明實施例在此不做限定。 步驟103,所述第一程式對應的節點,根據所述安全評估資訊判斷所述接入設備是否為可信節點。 可信節點是可以用於運行共識演算法的節點。在區塊鏈網路的交易中,每當有節點提交交易時,都需要一定的節點來運行共識演算法。 在本發明實施例中,可以根據接入設備的安全評估資訊來判斷接入是否能作為可信節點。 例如,若安全評估資訊是接入設備的安全級別高,則運行第一程式的節點可以將判斷該接入設備為可信節點。若安全評估資訊是接入設備的安全級別低,則運行第一程式的節點可以判斷將該接入設備不是可信節點。 上述根據安全評估消息判斷接入設備是否為可信節點的方式僅僅是示例,在實際中,還可以選用其他方式根據安全評估消息來判斷接入設備是否為可信節點。 本發明實施例中,可以將物聯網設備的安全資訊加密添加到通證資訊中,藉由在區塊鏈網路中傳輸通證資訊,使得部署在區塊鏈網路的節點的智能合約和程式可以基於通證資訊中的安全資訊來評估物聯網設備的安全性。在物聯網的多源異構硬體場景下,不同類型的物聯網設備的安全資訊都是不同的,本發明實施例可以對不同類型的物聯網設備產生相應的安全評估資訊,適用於物聯網的多源異構硬體場景下對物聯網設備的進行安全性評估。在物聯網環境下,人介入的因素在減少,物聯網設備自動化介入網路是主要應用場景。本發明實施例中,將物聯網設備本身的安全資訊作為聯網的區塊鏈網路可信節點選取條件,可以在不損失弱中心化共識演算法高性能的前提下,可以保持甚至提高共識機制整體的安全性。例如,如果一個區塊鏈網路有1千萬個節點,為了提高共識機制效能,需要從中隨機選取100個節點作為挖礦節點,由於這100個挖礦節點是隨機選取,而挖礦節點數從1千萬降至100,共識的安全性被降低。如果這100個挖礦節點是從1萬個高安全級別的節點中選取,則安全性可以得到保障。 參照圖2,示出了本發明的一種基於區塊鏈網路的可信節點確定方法實施例二的步驟流程圖,其中,所述區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取所述第一合約對象的第一程;所述區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取所述第二合約對象的第二程式;也就說,第一合約對象和第一程式可以部署在同一個節點,也可以部署在不同的節點;第二合約對象和第二程式可以部署在同一個節點,也可以部署在不同的節點;第一合約對象和第二合約對象可以部署在同一個節點,也可以部署在不同的節點;第一程式和第二程式可以部署在同一個節點,也可以部署在不同的節點; 所述方法具體可以包括如下步驟: 步驟201,所述區塊鏈網路一節點上的第二程式接收設備的通證資訊和標識資訊; 在實際中,物聯網設備的生產商可以在一個節點存取第二程式,並向第二程式發送物聯網設備的標識資訊和通證資訊。其中,物聯網設備的標識資訊唯一對應一個物聯網設備。 在本發明實施例中,第二合約對象用於管理物聯網設備的通證資訊和標識資訊;第二合約對象可以將通證資訊和標識資訊一一對應的儲存到資料庫,或者,從資料庫提取通證資訊和標識資訊。 第二程式用於接收其他節點發送的通證資訊和標識資訊,然後調用第二合約對象,由第二合約對象儲存/提取通證資訊和標識資訊。 在本發明實施例中,第二程式可以為第二去中心化程式。 在本發明實施例中,所述的方法還可以包括:所述第二程式調用所述第二合約對象,由所述第二合約對象將所述設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。 分散式檔案系統(例如,IPFS(InterPlanetary File System,星際檔案系統))並不是區塊鏈網路的一部分,分散式檔案系統提供了在區塊鏈網路的分散式帳本系統以外的鏈下資料儲存服務。 步驟202,當有設備接入所述區塊鏈網路時,所述區塊鏈網路一節點上的第一程式獲取所述接入設備的標識資訊; 在本發明實施例中,第一程式可以為第一去中心化程式。 在本發明實施例中,所述步驟202可以包括:所述第一程式接收所述區塊鏈網路的一可信節點發送的所述接入設備的標識資訊。 具體的,當有物聯網設備接入區塊鏈網路時,區塊鏈網路的節點相互之間會廣播該接入設備的標識資訊,因此全網中的節點都可以獲取到該接入設備的標識資訊。在本發明實施例中,接入設備的標識資訊會被儲存到區塊鏈網路的分散式帳本系統中,利用分散式帳本系統不可篡改的特性,防止標識資訊被篡改。 物聯網設備接入區塊鏈網路後,區塊鏈網路的某一已知的可信節點(Trusted Peer),可以向運行在某一節點的第一程式發送該接入設備的標識資訊,以請求第一程式對接入設備進行安全性評估處理。 步驟203,所述第一程式產生通證資訊獲取請求,並向所述第二DApp發送所述通證資訊獲取請求;所述通證資訊獲取請求包括所述接入設備的標識資訊; 當第一程式獲取到接入設備的標識資訊後,可以產生通證資訊獲取請求,並將該通證資訊獲取請求發送給第二程式。 在本發明實施例中,所述的方法還可以:當所述第二程式接收到所述第一程式發送的通證資訊獲取請求時,所述第二程式調用所述第二合約對象,由所述第二合約對象從所述預設分散式檔案系統,提取與所述標識資訊對應的通證資訊。 具體的,第二程式在接收到通證資訊獲取請求後調用第二合約對象,第二合約對象根據標識資訊從分散式檔案系統,提取與標識資訊對應的通證資訊。 步驟204,所述第一程式接收所述第二程式發送的通證資訊;所述通證資訊包含所述接入設備的安全資訊; 步驟205,所述第一程式調用所述第一合約對象,由所述第一合約對象根據所述通證資訊,產生針對所述接入設備的安全評估資訊。 本發明實施例中,可以基於物聯網設備的安全資訊來評估物聯網設備,在物聯網的多源異構硬體場景下,不同類型的物聯網設備的安全資訊都是不同的,因此本發明實施例可以對不同類型的物聯網設備產生相應的安全評估資訊,適用於物聯網的多源異構硬體場景下對物聯網設備的安全性進行評估。 步驟206,所述第一程式對應的節點,根據所述安全評估資訊判斷所述接入設備是否為可信節點; 當第一合約對象產生接入設備的安全評估資訊後,運行第一程式的節點可以根據安全評估資訊,判斷是否將該接入設備加入可信節點池。 步驟207,若所述接入設備為可信節點,所述第一程式對應的節點將所述接入設備加入預設的可信節點池。 在本發明實施例中,當節點向區塊鏈網路提交一個交易記錄時,區塊鏈網路可以從可信節點池中選擇可信節點來執行共識演算法。 參照圖3所示為本發明實施例中由可信節點執行共識演算法的示意圖。其中,無論是可信節點發起的交易,還是普通節點發起的交易,都只能從可信節點池中選擇可信節點作為挖礦節點。 在物聯網環境下,人介入的因素在減少,物聯網設備自動化介入網路是主要應用場景。本發明實施例中,將物聯網設備本身的安全資訊作為聯網的區塊鏈網路可信節點選取條件,可以在不損失弱中心化共識演算法高性能的前提下,可以保持甚至提高共識機制整體的安全性。 為了使本領域技術人員能夠更好地理解本發明實施例,下面藉由一個例子對本發明實施例加以說明: 參照圖4所示為將設備的標識資訊和通證資訊上傳到區塊鏈網路的示意圖。上傳過程具體可以包括: 1、物聯網設備的設備商可以對物聯網設備A配置標識資訊、密鑰和分散式帳本節點SDK; 2、物聯網設備A的相關安全模組可以採用密鑰自相關產生通證資訊;通證資訊包括物聯網設備A的安全資訊; 3、物聯網設備A可以將通證資訊發送給設備商節點; 4、區塊鏈網路中的一部分節點部署有第二合約對象和第二DApp,設備商節點可以將物聯網設備A的標識資訊和通證資訊發送到運行在某個節點的第二DApp; 5、第二DApp可以調用第二合約對象,將物聯網設備A的標識資訊和通證資訊儲存到分散式檔案系統。 參照圖5所示為對接入區塊鏈網路的設備進行處理的示意圖。處理過程具體可以包括: 1、物聯網設備A接入區塊鏈網路並提供標識資訊; 2、區塊鏈網路中的一部分節點部署有第一合約對象和第一DApp,區塊鏈網路的節點之間廣播物聯網設備A的標識資訊,並由可信節點存取第一DApp; 3、第一DApp根據物聯網設備A的標識資訊向第二DApp請求獲取相應的通證資訊; 4、第二DApp調用第二合約對象,由第二合約對象從分散式檔案系統提取相應的通證資訊; 5、第二DApp獲取到從分散式檔案系統提取出的通證資訊; 6、第二DApp將通證資訊發送給第一DApp; 7、第一DApp調用第一合約對象,由第一合約對象根據通證資訊產生安全評估資訊; 8、運行第一DApp的可信節點,根據安全評估資訊判斷物聯網設備A是否為可信節點,若是則將物聯網設備A添加到可信節點池。 參照圖6所示為區塊鏈網路的交易處理的示意圖。交易過程具體可以包括: 1、物聯網設備B向區塊鏈網路提交一個交易記錄; 2、區塊鏈網路從可信節點池中選擇挖礦節點; 3、物聯網設備A可以被選擇作為挖礦節點; 4、物聯網設備A執行共識演算法,產生新區塊; 5、物聯網設備A向區塊鏈網路全網廣播新區塊; 6、交易確定。 需要說明的是,對於方法實施例,為了簡單描述,故將其都表述為一系列的動作組合,但是本領域技術人員應該知悉,本發明實施例並不受所描述的動作順序的限制,因為依據本發明實施例,某些步驟可以採用其他順序或者同時進行。其次,本領域技術人員也應該知悉,說明書中所描述的實施例均屬於優選實施例,所涉及的動作並不一定是本發明實施例所必須的。 參照圖7,示出了本發明的一種基於區塊鏈網路的可信節點確定裝置實施例的結構方塊圖,其中,所述區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取所述第一合約對象的第一程式,所述裝置具體可以包括如下模組: 第一程式70,以及所述第一程式所在的節點71; 所述第一程式70包括: 通證資訊獲取模組701,用於在有設備接入所述區塊鏈網路時,獲取接入設備的通證資訊,所述通證資訊包含所述接入設備的安全資訊; 第一調用模組702,用於調用所述第一合約對象,所述第一合約對象用於根據所述通證資訊,產生針對所述接入設備的安全評估資訊; 所述第一程式所在的節點71可以包括: 可信節點判斷模組711,用於根據所述安全評估資訊判斷所述接入設備是否為可信節點。 在本發明實施例中,所述第一程式所在的節點71還可以包括: 可信節點池加入模組,用於若所述接入設備為可信節點,則將所述接入設備加入預設的可信節點池。 在本發明實施例中,所述區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取所述第二合約對象的第二程式;所述裝置還可以包括: 第二程式,在所述區塊鏈網路一節點上,包括:資訊接收模組,用於接收設備的通證資訊和標識資訊; 所述第一程式70的通證資訊獲取模組701可以包括: 標識獲取子模組,用於獲取所述接入設備的標識資訊; 請求子模組,用於產生通證資訊獲取請求,並向所述第二程式發送所述通證資訊獲取請求;所述通證資訊獲取請求包括所述接入設備的標識資訊; 通證資訊接收子模組,用於接收所述第二程式發送的通證資訊;所述通證資訊由所述第二程式依據所述標識資訊查找得到。 在本發明實施例中,所述第二程式還可以包括: 第二調用模組,用於調用所述第二合約對象,由所述第二合約對象將所述設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。 在本發明實施例中,所述第二程式還可以包括: 第三調用模組,用於當接收到所述第一程式發送的通證資訊獲取請求時,調用所述第二合約對象,由所述第二合約對象從所述預設分散式檔案系統,提取與所述標識資訊對應的通證資訊。 在本發明實施例中,所述標識獲取子模組可以包括: 標識接收單元,用於接收所述區塊鏈網路的一可信節點發送的所述接入設備的標識資訊。 在本發明實施例中,所述第一程式為第一去中心化程式DApp,所述第二程式為第二DApp。 對於裝置實施例而言,由於其與方法實施例基本相似,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。 本發明實施例還提供了一種裝置,包括: 一個或多個處理器;和 其上儲存有指令的一個或多個機器可讀媒體,當由所述一個或多個處理器執行時,使得所述裝置執行本發明實施例所述的方法。 本發明實施例還提供了一個或多個機器可讀媒體,其上儲存有指令,當由一個或多個處理器執行時,使得所述處理器執行本發明實施例所述的方法。 本說明書中的各個實施例均採用遞進的方式描述,每個實施例重點說明的都是與其他實施例的不同之處,各個實施例之間相同相似的部分互相參見即可。 本領域內的技術人員應明白,本發明實施例的實施例可提供為方法、裝置、或電腦程式產品。因此,本發明實施例可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本發明實施例可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟儲存器、CD-ROM、光學儲存器等)上實施的電腦程式產品的形式。 本發明實施例是參照根據本發明實施例的方法、終端設備(系統)、和電腦程式產品的流程圖和/或方塊圖來描述的。應理解可由電腦程式指令實現流程圖和/或方塊圖中的每一流程和/或方塊、以及流程圖和/或方塊圖中的流程和/或方塊的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式化資料處理終端設備的處理器以產生一個機器,使得藉由電腦或其他可程式化資料處理終端設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的裝置。 這些電腦程式指令也可儲存在能引導電腦或其他可程式化資料處理終端設備以特定方式工作的電腦可讀儲存器中,使得儲存在該電腦可讀儲存器中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能。 這些電腦程式指令也可裝載到電腦或其他可程式化資料處理終端設備上,使得在電腦或其他可程式化終端設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式化終端設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的步驟。 儘管已描述了本發明實施例的優選實施例,但本領域內的技術人員一旦得知了基本創造性概念,則可對這些實施例做出另外的變更和修改。所以,所附申請專利範圍意欲解釋為包括優選實施例以及落入本發明實施例範圍的所有變更和修改。 最後,還需要說明的是,在本文中,諸如第一和第二等之類的關係術語僅僅用來將一個實體或者操作與另一個實體或操作區分開來,而不一定要求或者暗示這些實體或操作之間存在任何這種實際的關係或者順序。而且,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、物品或者終端設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、物品或者終端設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、物品或者終端設備中還存在另外的相同要素。 以上對本發明所提供的一種基於區塊鏈網路的可信節點確定方法和一種基於區塊鏈網路的可信節點確定裝置,進行了詳細介紹,本文中應用了具體個例對本發明的原理及實施方式進行了闡述,以上實施例的說明只是用於幫助理解本發明的方法及其核心思想;同時,對於本領域的一般技術人員,依據本發明的思想,在具體實施方式及應用範圍上均會有改變之處,綜上所述,本說明書內容不應理解為對本發明的限制。In order to make the above objectives, features and advantages of the present invention more obvious and understandable, the present invention will be further described in detail below in conjunction with the drawings and specific embodiments. 1, there is shown a step flow chart of Embodiment 1 of a method for determining a trusted node based on a blockchain network of the present invention, wherein at least one node of the blockchain network is deployed with a first contract object , And/or, a first program for accessing the first contract object is deployed, and the method may specifically include the following steps: Step 101: When a device accesses the blockchain network, a first program on a node of the blockchain network obtains the pass information of the access device, and the pass information includes the access Equipment safety information; The blockchain network is decentralized, which means there is no server, and the client does not need to rely on the server to obtain or process data. In the blockchain network, some are nodes. The node is both a client and a server. The blockchain network is a P2P (Peer-to-Peer) network. Each node in the blockchain network can be directly connected to other nodes, and its topology is flat. In practice, in the production stage of IoT devices, the manufacturer can burn the relevant keys for device security certification and the unique identification information of the device (for example, DID (Distributed ID)) into the secure storage of the device Area. Manufacturers can also embed the distributed ledger node SDK (Software Development Kit, software development kit) in the device firmware for installation. The distributed ledger node SDK can provide the ability to connect devices to the blockchain network, and it can also provide services for collecting device security certification (Attestation) data on the device side and reporting to the blockchain. When the IoT device accesses the blockchain network, the IoT device can discover other nodes in the blockchain network and establish links with other nodes. The IoT device connected to the blockchain network is a node of the blockchain network. In the embodiment of the present invention, the nodes constituting the blockchain network can be deployed on the BaaS (Blockchain as a Service) platform of the cloud service provider, or can be deployed on the edge computing server, or Deployed on edge devices with rich computing power in the Internet of Things. In the embodiment of the present invention, the related security module (Secure Component) in the Internet of Things device uses the key burned into the device to self-generate the relevant security certification pass and return the pass to the equipment vendor. For example, the entity authentication token EAT (Entity Attestation Token) is generated as a pass. Of course, in addition to using EAT as the token, other methods can also be used to generate the token, which is not limited in the embodiment of the present invention. Related security modules can include SE (Secure Element), TEE (Trusted Execution Environment, Trusted Execution Environment), software security sandbox, SIM (Subscriber Identity Module, customer identification card), Secure MCU (Secure Microcontroller Unit, secure micro-control unit), TPM (Trusted Platform Module, secure chip), etc. In the embodiment of the present invention, the pass information includes the security information of the IoT device, and the security information is information that can measure whether the IoT device is secure from the perspective of the physical world. For example, whether the device has a security module; whether the core firmware of the device is safely updated by a trusted party, whether the device is securely booted (Secure Bootup), whether the key App/SDK running in the device is signed and deployed by a trusted party, Whether the deployed blockchain SDK is running in a security module, etc. In practice, the security information can be set according to the specific business requirements of the IoT device, which is not limited in the embodiment of the present invention. In the embodiment of the present invention, the first contract object is a smart contract for generating security assessment information for the device based on the pass information. The first program is used to obtain token information and call the first contract object. The first program can be deployed on multiple nodes, and the first program on each node can be executed separately to obtain token information and call the first contract object separately. However, the operation of the first contract object to generate security assessment information for the access device needs to rely on the consensus mechanism of the blockchain network. In the embodiment of the present invention, the contract object refers to a smart contract. A smart contract is an application that can be deployed in a virtual machine of a blockchain network node. Smart contracts are generally deployed in several nodes in the blockchain network. . In the embodiment of the present invention, the first program may be the first decentralized program. DApp (Decentralized Application) is a decentralized application that can be deployed on one or more nodes of the blockchain network. DApp is a client application (such as a front-end application) used to access smart contracts. ), which is mainly responsible for implementing calls to smart contracts and implementing some business layer logic. It should be noted that DApp and smart contract can be deployed without having to be deployed on the same node. The execution of DApp has nothing to do with the consensus mechanism of the blockchain network, but the execution result of the smart contract called by the DApp needs to rely on the consensus mechanism of the blockchain network. Step 102: The first program calls the first contract object, and the first contract object generates security assessment information for the access device based on the token information. In the embodiment of the present invention, when an IoT device accesses the blockchain network, the first program running on a node of the blockchain network obtains the token information of the IoT device and calls the first contract Object, the first contract object can generate security assessment information for the device based on the security information in the pass information. For example, if the security information is: the access device does not have any security module, the blockchain App/SDK deployed in the device does not have a trusted party signature, and the deployed smart contract running virtual machine image (Image) does not have a trusted party signature, etc. . It can be considered that the access device is a device with a low security level, and the security assessment information generated by the first contract object can be information indicating a low security level. For another example, if the security information is: the access device has multiple security modules, the blockchain App/SDK deployed in the device is signed by a trusted party, and the deployed smart contract runs the virtual machine image (Image) that has a trusted party Signature etc. It can be considered that the access device is a high security level device, and the security assessment information generated by the first contract object can be information indicating a high security level. Of course, the use of the security level as the security assessment information is only an example, and other forms of security assessment messages may be generated in practice, which is not limited in the embodiment of the present invention. Step 103: The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information. Trusted nodes are nodes that can be used to run consensus algorithms. In blockchain network transactions, whenever a node submits a transaction, a certain node is required to run the consensus algorithm. In the embodiment of the present invention, it is possible to determine whether the access can be regarded as a trusted node according to the security assessment information of the access device. For example, if the security assessment information is that the security level of the access device is high, the node running the first program can determine that the access device is a trusted node. If the security assessment information is that the security level of the access device is low, the node running the first program can determine that the access device is not a trusted node. The foregoing method of judging whether the access device is a trusted node based on the security assessment message is only an example. In practice, other methods can also be used to determine whether the access device is a trusted node based on the security assessment message. In the embodiment of the present invention, the security information of the Internet of Things device can be encrypted and added to the pass information. By transmitting the pass information in the blockchain network, the smart contracts and smart contracts deployed on the nodes of the blockchain network The program can evaluate the security of IoT devices based on the security information in the pass information. In the multi-source heterogeneous hardware scenario of the Internet of Things, the security information of different types of Internet of Things devices are different. The embodiment of the present invention can generate corresponding security assessment information for different types of Internet of Things devices, and is suitable for the Internet of Things. The security assessment of IoT devices under the multi-source heterogeneous hardware scenario. In the Internet of Things environment, the factors of human intervention are decreasing, and the automatic intervention of Internet of Things equipment into the network is the main application scenario. In the embodiment of the present invention, the security information of the Internet of Things device itself is used as the selection condition of the trusted node of the networked blockchain network, which can maintain or even improve the consensus mechanism without losing the high performance of the weakly centralized consensus algorithm Overall security. For example, if a blockchain network has 10 million nodes, in order to improve the performance of the consensus mechanism, 100 nodes need to be randomly selected as mining nodes. Since these 100 mining nodes are randomly selected, the number of mining nodes From 10 million to 100, the security of consensus is reduced. If these 100 mining nodes are selected from 10,000 high-security nodes, security can be guaranteed. 2, there is shown a step flow chart of Embodiment 2 of a method for determining a trusted node based on a blockchain network of the present invention, wherein at least one node of the blockchain network is deployed with a first contract object , And/or, a first pass for accessing the first contract object is deployed; at least one node of the blockchain network is deployed with a second contract object, and/or, is deployed for accessing the The second program of the second contract object; in other words, the first contract object and the first program can be deployed on the same node or on different nodes; the second contract object and the second program can be deployed on the same node , It can also be deployed on different nodes; the first contract object and the second contract object can be deployed on the same node or on different nodes; the first program and the second program can be deployed on the same node, or they can be deployed At different nodes; The method may specifically include the following steps: Step 201, a second program on a node of the blockchain network receives the pass information and identification information of the device; In practice, the manufacturer of the IoT device can access the second program at a node and send the identification information and pass information of the IoT device to the second program. Among them, the identification information of the IoT device uniquely corresponds to one IoT device. In the embodiment of the present invention, the second contract object is used to manage the pass information and identification information of the Internet of Things equipment; the second contract object can store the pass information and the identification information in the database in a one-to-one correspondence, or from the data The library extracts token information and identification information. The second program is used to receive the pass information and identification information sent by other nodes, and then call the second contract object, and the second contract object stores/extracts the pass information and identification information. In the embodiment of the present invention, the second program may be a second decentralized program. In the embodiment of the present invention, the method may further include: the second program calls the second contract object, and the second contract object stores the token information and identification information of the device in the preset Set up a distributed file system. Distributed file system (for example, IPFS (InterPlanetary File System, Interstellar File System)) is not part of the blockchain network. The distributed file system provides off-chain data storage services outside the distributed ledger system of the blockchain network. Step 202: When a device accesses the blockchain network, a first program on a node of the blockchain network obtains identification information of the access device; In the embodiment of the present invention, the first program may be the first decentralized program. In the embodiment of the present invention, the step 202 may include: the first program receives the identification information of the access device sent by a trusted node of the blockchain network. Specifically, when an IoT device accesses the blockchain network, the nodes of the blockchain network will broadcast the identification information of the access device to each other, so all nodes in the entire network can obtain the access Identification information of the device. In the embodiment of the present invention, the identification information of the access device is stored in the distributed ledger system of the blockchain network, and the non-tamperable feature of the distributed ledger system is used to prevent the identification information from being tampered with. After the IoT device is connected to the blockchain network, a known trusted peer of the blockchain network can send the identification information of the connected device to the first program running on a certain node , To request the first program to perform security assessment processing on the access device. Step 203: The first program generates a pass information acquisition request, and sends the pass information acquisition request to the second DApp; the pass information acquisition request includes identification information of the access device; After the first program obtains the identification information of the access device, it can generate a pass information acquisition request, and send the pass information acquisition request to the second program. In the embodiment of the present invention, the method may also: when the second program receives the pass information acquisition request sent by the first program, the second program calls the second contract object, and The second contract object extracts the pass information corresponding to the identification information from the preset distributed file system. Specifically, the second program calls the second contract object after receiving the pass information acquisition request, and the second contract object extracts pass information corresponding to the sign information from the distributed file system according to the sign information. Step 204, the first program receives the pass information sent by the second program; the pass information includes the security information of the access device; Step 205: The first program calls the first contract object, and the first contract object generates security assessment information for the access device based on the token information. In the embodiment of the present invention, the IoT devices can be evaluated based on the security information of the IoT devices. In the multi-source heterogeneous hardware scenario of the IoT, the security information of different types of IoT devices are different. Therefore, the present invention The embodiment can generate corresponding security assessment information for different types of IoT devices, and is suitable for evaluating the security of IoT devices in a multi-source heterogeneous hardware scenario of the IoT. Step 206: The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information; After the first contract object generates the security assessment information of the access device, the node running the first program can determine whether to add the access device to the trusted node pool based on the security assessment information. Step 207: If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool. In the embodiment of the present invention, when a node submits a transaction record to the blockchain network, the blockchain network can select a trusted node from the trusted node pool to execute the consensus algorithm. 3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of the present invention. Among them, whether it is a transaction initiated by a trusted node or a transaction initiated by an ordinary node, only a trusted node can be selected as a mining node from the trusted node pool. In the Internet of Things environment, the factors of human intervention are decreasing, and the automatic intervention of Internet of Things equipment into the network is the main application scenario. In the embodiment of the present invention, the security information of the Internet of Things device itself is used as the selection condition of the trusted node of the networked blockchain network, which can maintain or even improve the consensus mechanism without losing the high performance of the weakly centralized consensus algorithm Overall security. In order to enable those skilled in the art to better understand the embodiments of the present invention, the following uses an example to illustrate the embodiments of the present invention: Refer to Figure 4 for a schematic diagram of uploading device identification information and pass information to the blockchain network. The upload process can specifically include: 1. Equipment vendors of IoT devices can configure identification information, keys, and distributed ledger node SDK for IoT device A; 2. The relevant security module of IoT device A can use the key to generate pass information; pass information includes security information of IoT device A; 3. IoT device A can send the pass information to the device vendor node; 4. Part of the nodes in the blockchain network are deployed with the second contract object and the second DApp, and the equipment vendor node can send the identification information and pass information of the IoT device A to the second DApp running at a certain node; 5. The second DApp can call the second contract object to store the identification information and pass information of the IoT device A in the distributed file system. Refer to FIG. 5 for a schematic diagram of processing devices connected to the blockchain network. The processing process can specifically include: 1. IoT device A connects to the blockchain network and provides identification information; 2. Part of the nodes in the blockchain network are deployed with the first contract object and the first DApp. The nodes of the blockchain network broadcast the identification information of the Internet of Things device A, and the trusted node accesses the first DApp ; 3. The first DApp requests the second DApp to obtain corresponding token information according to the identification information of the Internet of Things device A; 4. The second DApp calls the second contract object, and the second contract object extracts the corresponding token information from the distributed file system; 5. The second DApp obtains the pass information extracted from the distributed file system; 6. The second DApp sends the pass information to the first DApp; 7. The first DApp calls the first contract object, and the first contract object generates security assessment information based on the token information; 8. The trusted node running the first DApp judges whether the Internet of Things device A is a trusted node based on the security assessment information, and if so, the Internet of Things device A is added to the trusted node pool. Refer to Figure 6 for a schematic diagram of the transaction processing of the blockchain network. The transaction process can specifically include: 1. IoT device B submits a transaction record to the blockchain network; 2. The blockchain network selects mining nodes from the trusted node pool; 3. IoT device A can be selected as a mining node; 4. IoT device A executes the consensus algorithm and generates new blocks; 5. IoT device A broadcasts new blocks to the entire blockchain network; 6. The transaction is confirmed. It should be noted that for the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that the embodiments of the present invention are not limited by the described sequence of actions, because According to the embodiments of the present invention, certain steps may be performed in other order or simultaneously. Secondly, those skilled in the art should also be aware that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention. Referring to FIG. 7, there is shown a structural block diagram of an embodiment of an apparatus for determining a trusted node based on a blockchain network of the present invention, wherein at least one node of the blockchain network is deployed with a first contract object, And/or, a first program for accessing the first contract object is deployed, and the device may specifically include the following modules: The first program 70, and the node 71 where the first program is located; The first program 70 includes: The pass information acquisition module 701 is used to obtain pass information of the access device when a device accesses the blockchain network, the pass information includes the security information of the access device; The first calling module 702 is used to call the first contract object, and the first contract object is used to generate security assessment information for the access device according to the token information; The node 71 where the first program is located may include: The trusted node determination module 711 is used to determine whether the access device is a trusted node according to the security assessment information. In the embodiment of the present invention, the node 71 where the first program is located may further include: The trusted node pool adding module is configured to add the access device to the preset trusted node pool if the access device is a trusted node. In the embodiment of the present invention, at least one node of the blockchain network is deployed with a second contract object, and/or is deployed with a second program for accessing the second contract object; the device may also include: The second program, on a node of the blockchain network, includes: an information receiving module for receiving token information and identification information of the device; The pass information acquisition module 701 of the first program 70 may include: An identification acquisition sub-module for acquiring identification information of the access device; The request sub-module is used to generate a pass information obtaining request, and send the pass information obtaining request to the second program; the pass information obtaining request includes the identification information of the access device; The pass information receiving sub-module is used to receive pass information sent by the second program; the pass information is retrieved by the second program according to the identification information. In the embodiment of the present invention, the second program may further include: The second calling module is used for calling the second contract object, and the second contract object stores the token information and identification information of the device in a preset distributed file system. In the embodiment of the present invention, the second program may further include: The third call module is used to call the second contract object when the pass information acquisition request sent by the first program is received, and the second contract object from the preset distributed file system, Extract the token information corresponding to the identification information. In the embodiment of the present invention, the identification acquisition submodule may include: The identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network. In the embodiment of the present invention, the first program is a first decentralized program DApp, and the second program is a second DApp. As for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. The embodiment of the present invention also provides a device, including: One or more processors; and One or more machine-readable media on which instructions are stored, when executed by the one or more processors, cause the device to execute the method described in the embodiment of the present invention. The embodiment of the present invention also provides one or more machine-readable media on which instructions are stored, which when executed by one or more processors, cause the processors to execute the method described in the embodiments of the present invention. The embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments can be referred to each other. Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, devices, or computer program products. Therefore, the embodiments of the present invention may adopt the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of the present invention may adopt computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. form. The embodiments of the present invention are described with reference to the flowcharts and/or block diagrams of the methods, terminal devices (systems), and computer program products according to the embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processors of general-purpose computers, dedicated computers, embedded processors or other programmable data processing terminal equipment to generate a machine, so that the processor of the computer or other programmable data processing terminal equipment The executed instructions generate means for implementing the functions specified in one or more processes in the flowchart and/or one block or more in the block diagram. These computer program instructions can also be stored in a computer-readable storage that can guide a computer or other programmable data processing terminal equipment to work in a specific manner, so that the instructions stored in the computer-readable storage can be generated including the manufacturing of the instruction device The instruction device realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram. These computer program instructions can also be loaded on a computer or other programmable data processing terminal equipment, so that a series of operation steps are executed on the computer or other programmable terminal equipment to generate computer-implemented processing, so that the computer or other programmable terminal equipment The instructions executed on the modified terminal device provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram. Although the preferred embodiments of the embodiments of the present invention have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the scope of the attached patent application is intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the embodiments of the present invention. Finally, it should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities Or there is any such actual relationship or sequence between operations. Moreover, the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, article, or terminal device that includes a series of elements includes not only those elements, but also those that are not explicitly listed The other elements listed may also include elements inherent to such processes, methods, articles, or terminal equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other same elements in the process, method, article or terminal device that includes the element. The above provides a detailed introduction to a method for determining a trusted node based on a blockchain network and a device for determining a trusted node based on a blockchain network provided by the present invention. In this article, specific examples are applied to the principles of the present invention. The description of the above embodiments is only used to help understand the method and core idea of the present invention; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, in the specific implementation and scope of application There will be changes. In summary, the content of this specification should not be construed as limiting the present invention.

101~103:步驟 201~207:步驟 70:第一程式 701:通證資訊獲取模組 702:第一調用模組 71:第一程式所在的節點 711:可信節點判斷模組101~103: steps 201~207: Steps 70: The first program 701: Pass Information Acquisition Module 702: The first call module 71: The node where the first program is located 711: Trusted Node Judgment Module

圖1是本發明的一種基於區塊鏈網路的可信節點確定方法實施例一的步驟流程圖; 圖2是本發明的一種基於區塊鏈網路的可信節點確定方法實施例二的步驟流程圖; 圖3是本發明實施例中由可信節點執行共識演算法的示意圖; 圖4是為將設備的標識資訊和通證資訊上傳到區塊鏈網路的示意圖; 圖5是為對接入區塊鏈網路的設備進行處理的示意圖; 圖6是為區塊鏈網路的交易處理的示意圖; 圖7是本發明的一種基於區塊鏈網路的可信節點確定裝置實施例的結構方塊圖。Figure 1 is a flowchart of the first embodiment of a method for determining a trusted node based on a blockchain network in the present invention; Figure 2 is a flowchart of the second embodiment of a method for determining a trusted node based on a blockchain network of the present invention; 3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of the present invention; Figure 4 is a schematic diagram of uploading device identification information and pass information to the blockchain network; Figure 5 is a schematic diagram for processing devices connected to the blockchain network; Figure 6 is a schematic diagram of transaction processing for a blockchain network; FIG. 7 is a structural block diagram of an embodiment of a device for determining a trusted node based on a blockchain network of the present invention.

Claims (16)

一種基於區塊鏈網路的可信節點確定方法,其特徵在於,該區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取該第一合約對象的第一程式,該方法包括: 當有設備接入該區塊鏈網路時,該區塊鏈網路一節點上的第一程式獲取接入設備的通證資訊,該通證資訊包含該接入設備的安全資訊; 該第一程式調用該第一合約對象,由該第一合約對象根據該通證資訊,產生針對該接入設備的安全評估資訊; 該第一程式對應的節點,根據該安全評估資訊判斷該接入設備是否為可信節點。A method for determining a trusted node based on a blockchain network, characterized in that at least one node of the blockchain network is deployed with a first contract object, and/or a method for accessing the first contract object is deployed The first program, the method includes: When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the pass information of the access device, and the pass information includes the security information of the access device; The first program calls the first contract object, and the first contract object generates security assessment information for the access device based on the token information; The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information. 根據請求項1所述的方法,其中,還包括: 若該接入設備為可信節點,該第一程式對應的節點將該接入設備加入預設的可信節點池。The method according to claim 1, which further includes: If the access device is a trusted node, the node corresponding to the first program adds the access device to the preset trusted node pool. 根據請求項1或2所述的方法,其中,該區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取該第二合約對象的第二程式; 在該第一程式獲取接入設備的通證資訊之前,該方法還包括: 該區塊鏈網路一節點上的第二程式接收設備的通證資訊和標識資訊; 該第一程式獲取接入設備的通證資訊的步驟包括: 該第一程式獲取該接入設備的標識資訊; 該第一程式產生通證資訊獲取請求,並向該第二程式發送該通證資訊獲取請求,該通證資訊獲取請求包括該接入設備的標識資訊; 該第一程式接收該第二程式發送的通證資訊,該通證資訊由該第二程式依據該標識資訊查找得到。The method according to claim 1 or 2, wherein at least one node of the blockchain network is deployed with a second contract object, and/or is deployed with a second program for accessing the second contract object; Before the first program obtains the pass information of the access device, the method further includes: The second program on a node of the blockchain network receives the pass information and identification information of the device; The steps of the first program to obtain the pass information of the access device include: The first program obtains the identification information of the access device; The first program generates a pass information acquisition request, and sends the pass information acquisition request to the second program, and the pass information acquisition request includes the identification information of the access device; The first program receives the token information sent by the second program, and the token information is retrieved by the second program based on the identification information. 根據請求項3所述的方法,其中,還包括: 該第二程式調用該第二合約對象,由該第二合約對象將該設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。The method according to claim 3, which further includes: The second program calls the second contract object, and the second contract object stores the pass information and identification information of the device in the default distributed file system. 根據請求項4所述的方法,其中,還包括: 當該第二程式接收到該第一程式發送的通證資訊獲取請求時,該第二程式調用該第二合約對象,由該第二合約對象從該預設分散式檔案系統,提取與該標識資訊對應的通證資訊。The method according to claim 4, which further includes: When the second program receives the token information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object extracts the token from the default distributed file system Information corresponding to the pass information. 根據請求項3所述的方法,其中,該第一程式獲取該接入設備的標識資訊的步驟包括: 該第一程式接收該區塊鏈網路的一可信節點發送的該接入設備的標識資訊。The method according to claim 3, wherein the step of obtaining the identification information of the access device by the first program includes: The first program receives the identification information of the access device sent by a trusted node of the blockchain network. 根據請求項3所述的方法,其中,該第一程式為第一去中心化程式DApp,該第二程式為第二DApp。The method according to claim 3, wherein the first program is a first decentralized program DApp, and the second program is a second DApp. 一種基於區塊鏈網路的可信節點確定裝置,其特徵在於,該區塊鏈網路的至少一個節點部署有第一合約對象,和/或,部署有用於存取該第一合約對象的第一程式,該裝置包括: 第一程式,以及該第一程式所在的節點; 該第一程式包括: 通證資訊獲取模組,用於在有設備接入該區塊鏈網路時,獲取接入設備的通證資訊,該通證資訊包含該接入設備的安全資訊; 第一調用模組,用於調用該第一合約對象,該第一合約對象用於根據該通證資訊,產生針對該接入設備的安全評估資訊; 該第一程式所在的節點包括: 可信節點判斷模組,用於根據該安全評估資訊判斷該接入設備是否為可信節點。A device for determining a trusted node based on a blockchain network is characterized in that at least one node of the blockchain network is deployed with a first contract object, and/or a device for accessing the first contract object is deployed The first program, the device includes: The first program, and the node where the first program is located; The first program includes: The pass information acquisition module is used to obtain pass information of the access device when a device is connected to the blockchain network. The pass information includes the security information of the access device; The first calling module is used to call the first contract object, and the first contract object is used to generate security assessment information for the access device based on the token information; The nodes where the first program is located include: The trusted node determination module is used to determine whether the access device is a trusted node based on the security assessment information. 根據請求項8所述的裝置,其中,該第一程式所在的節點還包括: 可信節點池加入模組,用於若該接入設備為可信節點,則將該接入設備加入預設的可信節點池。The device according to claim 8, wherein the node where the first program is located further includes: The trusted node pool adding module is used for adding the access device to the preset trusted node pool if the access device is a trusted node. 根據請求項8或9所述的裝置,其中,該區塊鏈網路的至少一個節點部署有第二合約對象,和/或,部署有用於存取該第二合約對象的第二程式;該裝置還包括: 第二程式,在該區塊鏈網路一節點上,包括:資訊接收模組,用於接收設備的通證資訊和標識資訊; 該第一程式的通證資訊獲取模組包括: 標識獲取子模組,用於獲取該接入設備的標識資訊; 請求子模組,用於產生通證資訊獲取請求,並向該第二程式發送該通證資訊獲取請求,該通證資訊獲取請求包括該接入設備的標識資訊; 通證資訊接收子模組,用於接收該第二程式發送的通證資訊,該通證資訊由該第二程式依據該標識資訊查找得到。The device according to claim 8 or 9, wherein at least one node of the blockchain network is deployed with a second contract object, and/or is deployed with a second program for accessing the second contract object; the The device also includes: The second program, on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device; The pass information acquisition module of the first program includes: The identification acquisition sub-module is used to acquire identification information of the access device; The request sub-module is used to generate a pass information obtaining request, and send the pass information obtaining request to the second program, the pass information obtaining request including the identification information of the access device; The pass information receiving sub-module is used to receive pass information sent by the second program, and the pass information is retrieved by the second program based on the identification information. 根據請求項10所述的裝置,其中,該第二程式還包括: 第二調用模組,用於調用該第二合約對象,由該第二合約對象將該設備的通證資訊和標識資訊,儲存至預設分散式檔案系統。The device according to claim 10, wherein the second program further includes: The second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device in the default distributed file system. 根據請求項11所述的裝置,其中,該第二程式還包括: 第三調用模組,用於當接收到該第一程式發送的通證資訊獲取請求時,調用該第二合約對象,由該第二合約對象從該預設分散式檔案系統,提取與該標識資訊對應的通證資訊。The device according to claim 11, wherein the second program further includes: The third call module is used to call the second contract object when the pass information acquisition request sent by the first program is received, and the second contract object extracts the identifier from the default distributed file system Information corresponding to the pass information. 根據請求項10所述的裝置,其中,該標識獲取子模組包括: 標識接收單元,用於接收該區塊鏈網路的一可信節點發送的該接入設備的標識資訊。The device according to claim 10, wherein the identification acquisition sub-module includes: The identification receiving unit is used for receiving identification information of the access device sent by a trusted node of the blockchain network. 根據請求項10所述的裝置,其中,該第一程式為第一去中心化程式DApp,該第二程式為第二DApp。The device according to claim 10, wherein the first program is a first decentralized program DApp, and the second program is a second DApp. 一種裝置,其特徵在於,包括: 一個或多個處理器;和 其上儲存有指令的一個或多個機器可讀媒體,當由該一個或多個處理器執行時,使得該裝置執行如請求項1-7所述的一個或多個的方法。A device, characterized in that it comprises: One or more processors; and One or more machine-readable media on which instructions are stored, when executed by the one or more processors, cause the device to perform one or more of the methods described in claim 1-7. 一個或多個機器可讀媒體,其上儲存有指令,當由一個或多個處理器執行時,使得該處理器執行如請求項1-7所述的一個或多個的方法。One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform one or more of the methods described in claim items 1-7.
TW108130001A 2018-12-05 2019-08-22 Trusted node determining method and apparatus based on block chain network TW202023238A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811481860.6A CN111277553B (en) 2018-12-05 2018-12-05 Credible node determination method and device based on block chain network
CN201811481860.6 2018-12-05

Publications (1)

Publication Number Publication Date
TW202023238A true TW202023238A (en) 2020-06-16

Family

ID=70974484

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108130001A TW202023238A (en) 2018-12-05 2019-08-22 Trusted node determining method and apparatus based on block chain network

Country Status (3)

Country Link
CN (1) CN111277553B (en)
TW (1) TW202023238A (en)
WO (1) WO2020114385A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541553B (en) * 2020-07-08 2021-08-24 支付宝(杭州)信息技术有限公司 Trusted starting method and device of block chain all-in-one machine
CN112491812B (en) 2020-07-08 2022-03-01 支付宝(杭州)信息技术有限公司 Hash updating method and device of block chain all-in-one machine
TWI827867B (en) * 2020-07-28 2024-01-01 林修德 Blockchain-based file storage device and file access authorization system and method thereof
CN111859457A (en) * 2020-07-31 2020-10-30 联想(北京)有限公司 Intelligent contract setting method and system
CN112153067B (en) * 2020-09-28 2022-08-12 周口师范学院 Edge computing safety system based on block chain
US11575499B2 (en) 2020-12-02 2023-02-07 International Business Machines Corporation Self auditing blockchain
US11374755B1 (en) * 2020-12-08 2022-06-28 International Business Machines Corporation Entangled token structure for blockchain networks
CN112469044B (en) * 2020-12-17 2023-07-11 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN112929361B (en) * 2021-02-03 2023-06-02 中国联合网络通信集团有限公司 Device authentication method, access node and computer readable storage medium
CN113076315A (en) * 2021-04-01 2021-07-06 洪璐 Intelligent home data chaining method and system of Internet of things on block chain
CN113407990A (en) * 2021-05-26 2021-09-17 杭州安恒信息技术股份有限公司 Data circulation processing method, device, system, electronic device and storage medium
CN115018284B (en) * 2022-05-24 2023-06-09 中国气象局气象探测中心 Meteorological observation data quality assessment method
CN115190127A (en) * 2022-07-08 2022-10-14 中国联合网络通信集团有限公司 Evidence storing method, device and system for computing power service

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548342B (en) * 2015-09-22 2023-07-04 创新先进技术有限公司 Trusted device determining method and device
US10122695B2 (en) * 2015-10-28 2018-11-06 Cisco Technology, Inc. Remote crowd attestation in a network
CN106656915A (en) * 2015-10-30 2017-05-10 深圳市中电智慧信息安全技术有限公司 Cloud security server based on trusted computing
US11829998B2 (en) * 2016-06-07 2023-11-28 Cornell University Authenticated data feed for blockchains
CN107734502B (en) * 2017-09-07 2020-02-21 京信通信系统(中国)有限公司 Micro base station communication management method, system and equipment based on block chain
CN107819848A (en) * 2017-11-08 2018-03-20 济南浪潮高新科技投资发展有限公司 A kind of internet of things equipment autonomy interconnected method based on block chain
CN108566653B (en) * 2018-07-02 2021-07-13 中国联合网络通信集团有限公司 Operation management method of base station equipment and base station equipment

Also Published As

Publication number Publication date
CN111277553B (en) 2022-05-24
CN111277553A (en) 2020-06-12
WO2020114385A1 (en) 2020-06-11

Similar Documents

Publication Publication Date Title
TW202023238A (en) Trusted node determining method and apparatus based on block chain network
WO2020258912A1 (en) Blockchain consensus method, device and system
US10073916B2 (en) Method and system for facilitating terminal identifiers
TWI679550B (en) Account login method and device
WO2018112940A1 (en) Service execution method and device for blockchain node, and node device
TWI727467B (en) Trustworthiness verification method, system, device and equipment of alliance chain
US11336451B2 (en) Cross-blockchain resource transmission
CN108769230B (en) Transaction data storage method, device, server and storage medium
WO2019184164A1 (en) Method for automatically deploying kubernetes worker node, device, terminal apparatus, and readable storage medium
WO2016101635A1 (en) Method, apparatus and device for synchronizing login status, and computer storage medium
CN104506487B (en) The credible execution method of privacy policy under cloud environment
TWI528301B (en) Processing method and device
KR101937188B1 (en) Method for managing information using merkle tree based on blockchain, server and terminal using the same
WO2015154455A1 (en) Method, device, nms, oss, and ems for alarm processing
WO2018233051A1 (en) Data release method and device, and server and storage medium
CN109542862B (en) Method, device and system for controlling mounting of file system
CN109120614B (en) Service processing method and device based on distributed system
CN110597918A (en) Account management method and device and computer readable storage medium
JP2008059567A (en) Method for mapping iscsi target name to storage resource based on initiator hardware class identifier
US8838764B1 (en) Hosted network management
CN110990790B (en) Data processing method and equipment
CN111092958B (en) Node access method, device, system and storage medium
US20220046028A1 (en) Method and system for determining a state of an account in a network device running a light client protocol of a distributed ledger technology network
WO2020093609A1 (en) Block generation method, apparatus and device for blockchain, and non-volatile readable storage medium
WO2018121164A1 (en) Method, device, and system for creating service numbers