WO2019072293A2 - Data isolation in a blockchain network - Google Patents

Data isolation in a blockchain network Download PDF

Info

Publication number
WO2019072293A2
WO2019072293A2 PCT/CN2018/120805 CN2018120805W WO2019072293A2 WO 2019072293 A2 WO2019072293 A2 WO 2019072293A2 CN 2018120805 W CN2018120805 W CN 2018120805W WO 2019072293 A2 WO2019072293 A2 WO 2019072293A2
Authority
WO
WIPO (PCT)
Prior art keywords
merkle tree
blockchain
node
light
identity
Prior art date
Application number
PCT/CN2018/120805
Other languages
French (fr)
Other versions
WO2019072293A3 (en
Inventor
Wenbin Zhang
Chao SHEN
Original Assignee
Alibaba Group Holding Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to BR112019015423A priority Critical patent/BR112019015423A8/en
Priority to EP18867254.7A priority patent/EP3560143B1/en
Application filed by Alibaba Group Holding Limited filed Critical Alibaba Group Holding Limited
Priority to CN201880003678.1A priority patent/CN109863521A/en
Priority to PCT/CN2018/120805 priority patent/WO2019072293A2/en
Priority to JP2019540591A priority patent/JP6816297B2/en
Priority to MX2019008898A priority patent/MX2019008898A/en
Priority to KR1020197022194A priority patent/KR102258440B1/en
Priority to RU2019123413A priority patent/RU2745518C9/en
Priority to AU2018348333A priority patent/AU2018348333A1/en
Priority to SG11201906846YA priority patent/SG11201906846YA/en
Priority to CA3051762A priority patent/CA3051762A1/en
Publication of WO2019072293A2 publication Critical patent/WO2019072293A2/en
Priority to US16/421,329 priority patent/US11003646B2/en
Priority to ZA2019/04928A priority patent/ZA201904928B/en
Priority to PH12019501735A priority patent/PH12019501735A1/en
Priority to TW108128021A priority patent/TWI706352B/en
Publication of WO2019072293A3 publication Critical patent/WO2019072293A3/en
Priority to US17/233,004 priority patent/US20210232558A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1824Distributed file systems implemented using Network-attached Storage [NAS] architecture
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1834Distributed file systems implemented based on peer-to-peer networks, e.g. gnutella
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • DLSs Distributed ledger systems
  • DLSs can also be referred to as consensus networks, and/or blockchain networks
  • DLSs enable participating entities to securely, and immutably store data.
  • DLSs are commonly referred to as blockchain networks without referencing any particular use case (e.g., crypto-currencies) .
  • Example types of blockchain networks can include public blockchain networks, private blockchain networks, and consortium blockchain networks.
  • a public blockchain network is open for all entities to use the DLS, and participate in the consensus process.
  • a private blockchain network is provided for particular entity, which centrally controls read and write permissions.
  • a consortium blockchain network is provided for a selected group of entities, which control the consensus process, and includes an access control layer.
  • Blockchain networks may include different types of nodes.
  • Fully-participating nodes (hereinafter referred to as “blockchain nodes” ) participate in the consensus process for the blockchain network by attempting to construct and validate new blocks of transactions to add to the blockchain.
  • Light-weight nodes do not participate in the consensus process for the blockchain network, and may not fully synchronize their own internal representation of the blockchain. For example, a light-weight node may synchronize only the block header information rather than all of the transaction data in a particular block in the blockchain.
  • nodes may only have permission to read certain transactions from the blockchain, such as, for example, transactions in which an identity associated with the light-weight node participated.
  • the light-weight node may query a blockchain node for a particular block, and may be returned a representation of the block (e.g., a Merkle tree) with the transactions to which it does not have access removed.
  • a Merkle tree constructed in this manner may be inconsistent with the full Merkle tree representing the transactions in the block, which can lead to errors at the light-weight node due to the node not possessing an accurate representation of the block.
  • Implementations of the present specification include computer-implemented methods for enforcing data isolation in a blockchain network while still providing all nodes in the blockchain network with a consistent representation of blocks in the blockchain. More particularly, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
  • actions include receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree containing a plurality of transactions associated with the particular block; identifying, by the blockchain node, permissions associated with the identity of the light-weight node; generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree.
  • Other implementations include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.
  • generating the isolated Merkle tree based on the original Merkle tree included in the particular block may include: modifying the original Merkle tree to produce the isolated Merkle tree, including removing all transactions that are determined not to be accessible by the light-weight node from the original Merkle tree; and removing branches of the original Merkle tree from which all transactions have been removed leaving only the root hash of each of the braches intact.
  • a transaction is determined not to be accessible by the light-weight node if the permissions indicate that the light-weight node does not have read access to the transaction.
  • each of the plurality of transactions includes one or more identities associated with one or more participants in the transaction.
  • the identity is associated with an identity class
  • the permissions are associated with the identity class
  • the blockchain node is configured to enforce permissions associated with the identity class on identities associated with the identity class.
  • the identity class is a regulator class, and wherein the permissions associated with the regulator class indicate that all transactions in the blockchain network are accessible to identities associated with the regulator class.
  • the identity class is a common class, and wherein the permissions associated with the common class indicate that only transactions in the blockchain network in which the identity is a participant are accessible to the identity.
  • the isolated Merkle tree is consistent with the original Merkle tree only if it is sufficient to enable the light-weight node to verify the transactions in the isolated Merkle tree based on the hashes in the isolated Merkle tree.
  • the present specification also provides one or more non-transitory computer-readable storage media coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
  • the present specification further provides a system for implementing the methods provided herein.
  • the system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
  • FIG. 1 depicts an example environment that can be used to execute implementations of the present specification.
  • FIG. 2 depicts an example conceptual architecture in accordance with implementations of the present specification.
  • FIG. 3A depicts an example Merkle tree for a block in a blockchain in accordance with implementations of the present specification.
  • FIG. 3B depicts the example Merkle tree of FIG. 3A with branches including isolated transactions in accordance with implementations of the present specification.
  • FIG. 3C depicts an example isolated Merkle tree produced based on the Merkle tree in FIGS. 3A in accordance with implementations of the present specification.
  • FIG. 4 depicts an example process that can be executed in accordance with implementations of the present specification.
  • Implementations of the present specification include computer-implemented methods for enforcing data isolation in a blockchain network while still providing all nodes in the blockchain network with a consistent representation of blocks in the blockchain. More particularly, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
  • actions include receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree containing a plurality of transactions associated with the particular block; identifying, by the blockchain node, permissions associated with the identity of the light-weight node; generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree.
  • distributed ledger systems which can also be referred to as consensus networks (e.g., made up of peer-to-peer nodes) , and blockchain networks, enable participating entities to securely, and immutably conduct transactions, and store data.
  • consensus networks e.g., made up of peer-to-peer nodes
  • blockchain networks enable participating entities to securely, and immutably conduct transactions, and store data.
  • blockchain is generally associated with various cryptocurrency networks, blockchain is used herein to generally refer to a DLS without reference to any particular use case.
  • a blockchain network can be provided as a public blockchain network, a private blockchain network, or a consortium blockchain network.
  • the consensus process is controlled by nodes of the consensus network.
  • nodes of the consensus network For example, hundreds, thousands, even millions of entities can cooperate a public blockchain network, each of which operates at least one node in the public blockchain network. Accordingly, the public blockchain network can be considered a public network with respect to the participating entities.
  • a majority of entities (nodes) must sign every block in order for the block to be valid, and added to the blockchain (distributed ledger) of the blockchain network.
  • Examples of public blockchain networks include various cryptocurrency networks, which are peer-to-peer payment networks.
  • Cryptocurrency networks can leverage a distributed ledger, referred to as a blockchain.
  • the term blockchain is used to generally refer to distributed ledgers without particular reference to any particular cryptocurrency network.
  • a public blockchain network supports public transactions.
  • a public transaction is shared with all of the nodes within the public blockchain network, and are stored in a global blockchain.
  • a global blockchain is a blockchain that is replicated across all nodes. That is, all nodes are in perfect state consensus with respect to the global blockchain.
  • a consensus protocol is implemented within the public blockchain network.
  • An example consensus protocol includes, without limitation, proof-of-work (POW) implemented in cryptocurrency networks.
  • a private blockchain network is provided for a particular entity, which centrally controls read and write permissions.
  • the entity controls, which nodes are able to participate in the blockchain network.
  • private blockchain networks are generally referred to as permissioned networks that place restrictions on who is allowed to participate in the network, and on their level of participation (e.g., only in certain transactions) .
  • Various types of access control mechanisms can be used (e.g., existing participants vote on adding new entities, a regulatory authority can control admission) .
  • a consortium blockchain network is private among the participating entities.
  • the consensus process is controlled by an authorized set of nodes, one or more nodes being operated by a respective entity (e.g., a financial institution, insurance company) .
  • a consortium of ten (10) entities e.g., financial institutions, insurance companies
  • the consortium blockchain network can be considered a private network with respect to the participating entities.
  • each entity (node) must sign every block in order for the block to be valid, and added to the blockchain.
  • at least a sub-set of entities (nodes) e.g., at least 7 entities
  • Implementations of the present specification are described in further detail herein with reference to a private blockchain network, in which particular data may be isolated from certain participating entities based on a configuration of the blockchain network. It is contemplated, however, that implementations of the present specification can be realized in any appropriate type of blockchain network.
  • implementations of the present specification are described in further detail herein in view of the above context. More particularly, and as introduced above, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
  • a light-weight node can request a particular block from a blockchain node participating in the network.
  • the blockchain node can determine that the light-weight node does not have permission to read certain transactions in the block.
  • the blockchain node can remove these transactions from a copy of the full Merkle tree representing the requested block, but can leave only the root hashes for any branches of tree that contain only removed transactions. Doing so can effectively isolate the light-weight node from the transaction data it is not authorized to read, and can also allow the light-weight node to be presented with a representation of the block that is consistent with the full Merkle tree for the block. This can allow the light-weight node to verify the integrity of the block (by examining the hashes in the Merkle tree) even without having access to the transaction data from which it is isolated.
  • FIG. 1 depicts an example environment 100 that can be used to execute implementations of the present specification.
  • the example environment 100 enables entities to participate in a private blockchain network 102.
  • the example environment 100 includes computing devices 106, 108, and a network 110.
  • the network 110 includes a local area network (LAN) , wide area network (WAN) , the Internet, or a combination thereof, and connects web sites, user devices (e.g., computing devices) , and back-end systems.
  • the network 110 can be accessed over a wired and/or a wireless communications link.
  • the computing systems 106, 108 can each include any appropriate computing system that enables participation as a node in the private blockchain network 102.
  • Example computing devices include, without limitation, a server, a desktop computer, a laptop computer, a tablet computing device, and a smartphone.
  • the computing systems 106, 108 hosts one or more computer-implemented services for interacting with the private blockchain network 102.
  • the computing system 106 can host computer-implemented services of a first entity (e.g., user A) , such as transaction management system that the first entity uses to manage its transactions with one or more other entities (e.g., other users) .
  • a first entity e.g., user A
  • transaction management system that the first entity uses to manage its transactions with one or more other entities (e.g., other users) .
  • the computing system 108 can host computer-implemented services of a second entity (e.g., user B) , such as transaction management system that the second entity uses to manage its transactions with one or more other entities (e.g., other users) .
  • a second entity e.g., user B
  • transaction management system that the second entity uses to manage its transactions with one or more other entities (e.g., other users) .
  • the private blockchain network 102 is represented as a peer-to-peer network of nodes, and the computing systems 106, 108 provide nodes of the first entity, and second entity respectively, which participate in the private blockchain network 102.
  • FIG. 2 depicts an example conceptual architecture 200 in accordance with implementations of the present specification.
  • the example conceptual architecture 200 includes an entity layer 202, a hosted services layer 204, and a blockchain network layer 206.
  • the entity layer 202 includes three entities, Entity_1 (E1) , Entity_2 (E2) , and Entity_3 (E3) , each entity having a respective transaction management system 208.
  • the hosted services layer 204 includes interfaces 210 for each transaction management system 210.
  • a respective transaction management system 208 communicates with a respective interface 210 over a network (e.g., the network 110 of FIG. 1) using a protocol (e.g., hypertext transfer protocol secure (HTTPS) ) .
  • HTTPS hypertext transfer protocol secure
  • each interface 210 provides communication connection between a respective transaction management system 208, and the blockchain network layer 206. More particularly, the interface 210 communicate with a blockchain network 212 of the blockchain network layer 206.
  • communication between an interface 210, and the blockchain network layer 206 is conducted using remote procedure calls (RPCs) .
  • the interfaces 210 “host” blockchain network nodes for the respective transaction management systems 208.
  • the interfaces 210 provide the application programming interface (API) for access to blockchain network 212.
  • API application programming interface
  • the blockchain network 212 is provided as a peer-to-peer network including a plurality of nodes 214 that immutably record information in a blockchain 216.
  • a single blockchain 216 is schematically depicted, multiple copies of the blockchain 216 are provided, and are maintained across the blockchain network 212.
  • each node 214 stores a copy of the blockchain.
  • the blockchain 216 stores information associated with transactions that are performed between two or more entities participating in the private blockchain network.
  • FIG. 3A depicts an example Merkle tree 300 for a block 310 in a blockchain in accordance with implementations of the present specification.
  • the Merkle tree 300 includes a block header which includes a hash value for all the data in the block, as well as a hash of the previous block in the block chain and a nonce value.
  • the block header also includes a root hash which is a concatenation of the two hashes directly below it in the Merkle tree (325a, b) .
  • the leaf nodes of the Merkle tree 300 include transactions 305 a-d representing transactions recorded in this particular block 310 of the block chain.
  • the Merkle tree 300 also includes hashes 315a-d. Each of these hashes 315a-d is a hash value generated based on the transaction data for transaction 305a-d, respectively.
  • the hash 315a may be generated by providing the data in transaction 305a as input to an SHA 256 hashing algorithm to produce the hash value 315a.
  • any hash function with guaranteed uniqueness can be used to produce the hashes 315a-d.
  • the Merkle tree 300 also includes hashes 325a ( “Hash01” ) and 325b ( “Hash23” ) .
  • the hashes 325a-b are produced by concatenating the two hashes directly below in the Merkle tree.
  • hash 325a ( “Hash01” ) is produced by concatenating hashes 315a ( “Hash0” ) and 315b ( “Hash1” ) .
  • the root hash in the block header is constructed by concatenating hash 325a and hash 325b.
  • Transactions 305a-c shown shaded in grey in FIG. 3A, represent transactions that an entity (e.g., a light-weight node) requesting the block 310 does not have permission to access.
  • FIG. 3B depicts an example Merkle tree 350 in which the branches 335a, b of the Merkle tree 300, which include only transactions from which the requesting entity is to be isolated, are indicated by the dashed line boxes surrounding the branches.
  • FIG. 3C depicts an example isolated Merkle tree 390 produced based on the Merkle tree in FIG. 3A in accordance with implementations of the present specification. As shown, the branches 335a and 335b identified in the prior FIG. 3B have been removed in the isolated Merkle tree 390.
  • an isolated Merkle tree like example 390 can be produced by applying a software algorithm to a full Merkle tree, such as the one shown in FIG. 3A.
  • a blockchain node receives a request from a light-weight node to read a certain block. The blockchain node scans the transactions in the requested block, and determines whether the light-weight node has permission to read each transaction based on an identity attribute included in the request and permissions associated with the identity.
  • the blockchain node scans sequentially through the transactions in the block, which by definition are stored in the leaf nodes of the Merkle tree. For each transaction, if the light-weight node has permission to read the transaction, the blockchain node moves to the next transaction. If the blockchain node finds a transaction Tx_i that the light-weight node does not have permission to read, the blockchain node continues to scan subsequent transactions until it again finds a transaction Tx_j the light-weight node has permission to read. The blockchain node then removes the group of transactions from Tx_i to Tx_ (j-1) , all of which the light-weight does not have permission to read. In addition, the blockchain node removes any branch from the Merkle tree that now includes no transactions, and leaves only the root hash of that particular branch. As shown in FIGS. 3B and 3C, this branch removal process is applied to branches 335a and 335b.
  • This scanning and processing of transactions is continued until the last transaction in the Merkle tree is processed, and a Merkle tree including transactions that the light-weight node has permission to read is obtained. This isolated Merkle tree is returned to the light-weight node.
  • FIG. 4 depicts an example process 400 that can be executed in accordance with implementations of the present specification.
  • the example process 400 may be performed using one or more computer-executable programs executed using one or more computing devices.
  • a blockchain node receives a request to read a particular block of the blockchain from a light-weight node of the blockchain network.
  • the request includes an identity of the light-weight node, and the particular block which includes an original Merkle tree containing a plurality of transactions associated with the particular block.
  • each of the plurality of transactions includes one or more identities associated with one or more participants in the transaction. From 402, the method 400 continues to 404.
  • the blockchain node identifies permissions associated with the identity of the light-weight node.
  • the identity is associated with an identity class
  • the permissions are associated with the identity class
  • the blockchain node is configured to enforce permissions associated with the identity class on identities associated with the identity class.
  • the identity class is a regulator class, and wherein the permissions associated with the regulator class indicate that all transactions in the blockchain network are accessible to identities associated with the regulator class.
  • the identity class is a common class, and wherein the permissions associated with the common class indicate that only transactions in the blockchain network in which the identity is a participant are accessible to the identity. From 404, the method 400 continues to 406.
  • the blockchain node generates an isolated Merkle tree based on the original Merkle tree included in the particular block.
  • the isolated Merkle tree includes only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions.
  • a transaction is determined not to be accessible by the light-weight node if the permissions indicate that the light-weight node does not have read access to the transaction.
  • the isolated Merkle tree is consistent with the original Merkle tree.
  • the isolated Merkle tree is consistent with the original Merkle tree only if it is sufficient to enable the light-weight node to verify the transactions in the isolated Merkle tree based on the hashes in the isolated Merkle tree.
  • generating the isolated Merkle tree includes modifying the original Merkle tree to produce the isolated Merkle tree, including removing all transactions that are determined not to be accessible by the light-weight node from the original Merkle tree, and removing branches of the original Merkle tree from which all transactions have been removed leaving the root hash of each of the braches intact. From 406, the method 400 continues to 408.
  • the blockchain node sends a response to the light-weight node including the isolated Merkle tree. From 408, the method 400 stops.
  • Implementations of the subject matter and the actions and operations described in this specification can be implemented in digital electronic circuitry, in tangibly-embodied computer software or firmware, in computer hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Implementations of the subject matter described in this specification can be implemented as one or more computer programs, e.g., one or more modules of computer program instructions, encoded on a computer program carrier, for execution by, or to control the operation of, data processing apparatus.
  • the carrier may be a tangible non-transitory computer storage medium.
  • the carrier may be an artificially-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal that is generated to encode information for transmission to suitable receiver apparatus for execution by a data processing apparatus.
  • the computer storage medium can be or be part of a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them.
  • a computer storage medium is not a propagated signal.
  • data processing apparatus encompasses all kinds of apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers.
  • Data processing apparatus can include special-purpose logic circuitry, e.g., an FPGA (field programmable gate array) , an ASIC (application-specific integrated circuit) , or a GPU (graphics processing unit) .
  • the apparatus can also include, in addition to hardware, code that creates an execution environment for computer programs, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
  • a computer program which may also be referred to or described as a program, software, a software application, an app, a module, a software module, an engine, a script, or code, can be written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages; and it can be deployed in any form, including as a stand-alone program or as a module, component, engine, subroutine, or other unit suitable for executing in a computing environment, which environment may include one or more computers interconnected by a data communication network in one or more locations.
  • a computer program may, but need not, correspond to a file in a file system.
  • a computer program can be stored in a portion of a file that holds other programs or data, e.g., one or more scripts stored in a markup language document, in a single file dedicated to the program in question, or in multiple coordinated files, e.g., files that store one or more modules, sub-programs, or portions of code.
  • the processes and logic flows described in this specification can be performed by one or more computers executing one or more computer programs to perform operations by operating on input data and generating output.
  • the processes and logic flows can also be performed by special-purpose logic circuitry, e.g., an FPGA, an ASIC, or a GPU, or by a combination of special-purpose logic circuitry and one or more programmed computers.
  • Computers suitable for the execution of a computer program can be based on general or special-purpose microprocessors or both, or any other kind of central processing unit.
  • a central processing unit will receive instructions and data from a read-only memory or a random access memory or both.
  • Elements of a computer can include a central processing unit for executing instructions and one or more memory devices for storing instructions and data.
  • the central processing unit and the memory can be supplemented by, or incorporated in, special-purpose logic circuitry.
  • a computer will be coupled to at least one non-transitory computer-readable storage medium (also referred to as a computer-readable memory) .
  • the storage medium coupled to the computer can be an internal component of the computer (e.g., an integrated hard drive) or an external component (e.g., universal serial bus (USB) hard drive or a storage system accessed over a network) .
  • Examples of storage media can include, for example, magnetic, magneto-optical, or optical disks, solid state drives, network storage resources such as cloud storage systems, or other types of storage media.
  • a computer need not have such devices.
  • a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA) , a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device, e.g., a universal serial bus (USB) flash drive, to name just a few.
  • PDA personal digital assistant
  • GPS Global Positioning System
  • USB universal serial bus
  • implementations of the subject matter described in this specification can be implemented on, or configured to communicate with, a computer having a display device, e.g., a LCD (liquid crystal display) monitor, for displaying information to the user, and an input device by which the user can provide input to the computer, e.g., a keyboard and a pointing device, e.g., a mouse, a trackball or touchpad.
  • a display device e.g., a LCD (liquid crystal display) monitor
  • an input device by which the user can provide input to the computer e.g., a keyboard and a pointing device, e.g., a mouse, a trackball or touchpad.
  • Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
  • a computer can interact with a user by sending documents to and receiving documents from a device that is used by the user; for example, by sending web pages to a web browser on a user’s device in response to requests received from the web browser, or by interacting with an app running on a user device, e.g., a smartphone or electronic tablet.
  • a computer can interact with a user by sending text messages or other forms of message to a personal device, e.g., a smartphone that is running a messaging application, and receiving responsive messages from the user in return.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Implementations of the present specification include receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree associated with the particular block; identifying, by the blockchain node, permissions associated with the identity of the light-weight node; generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree.

Description

DATA ISOLATION IN A BLOCKCHAIN NETWORK BACKGROUND
Distributed ledger systems (DLSs) , which can also be referred to as consensus networks, and/or blockchain networks, enable participating entities to securely, and immutably store data. DLSs are commonly referred to as blockchain networks without referencing any particular use case (e.g., crypto-currencies) . Example types of blockchain networks can include public blockchain networks, private blockchain networks, and consortium blockchain networks. A public blockchain network is open for all entities to use the DLS, and participate in the consensus process. A private blockchain network is provided for particular entity, which centrally controls read and write permissions. A consortium blockchain network is provided for a selected group of entities, which control the consensus process, and includes an access control layer.
Blockchain networks may include different types of nodes. Fully-participating nodes (hereinafter referred to as “blockchain nodes” ) participate in the consensus process for the blockchain network by attempting to construct and validate new blocks of transactions to add to the blockchain. Light-weight nodes do not participate in the consensus process for the blockchain network, and may not fully synchronize their own internal representation of the blockchain. For example, a light-weight node may synchronize only the block header information rather than all of the transaction data in a particular block in the blockchain.
In private or consortium blockchain networks, nodes (such as the light-weight nodes) may only have permission to read certain transactions from the blockchain, such as, for example, transactions in which an identity associated with the light-weight node participated. In such a case, the light-weight node may query a blockchain node for a particular block, and may be returned a representation of the block (e.g., a Merkle tree) with the transactions to which it does not have access removed. A Merkle tree constructed in this manner may be inconsistent with the full Merkle tree representing the transactions in the block, which can lead to errors at the light-weight node due to the node not possessing an accurate representation of the block.
SUMMARY
Implementations of the present specification include computer-implemented methods for enforcing data isolation in a blockchain network while still providing all nodes in the blockchain network with a consistent representation of blocks in the blockchain. More particularly, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
In some implementations, actions include receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree containing a plurality of transactions associated with the particular block; identifying, by the blockchain node, permissions associated with the identity of the light-weight node; generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree. Other implementations include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.
These and other implementations may each optionally include one or more of the following features.
In some implementations, generating the isolated Merkle tree based on the original Merkle tree included in the particular block may include: modifying the original Merkle tree to produce the isolated Merkle tree, including removing all transactions that are determined not to be accessible by the light-weight node from the original Merkle tree; and removing branches of the original Merkle tree from which all transactions have been removed leaving only the root hash of each of the braches intact.
In some implementations, a transaction is determined not to be accessible by the light-weight node if the permissions indicate that the light-weight node does not have read access to the transaction.
In some cases, each of the plurality of transactions includes one or more identities associated with one or more participants in the transaction.
In some implementations, the identity is associated with an identity class, the permissions are associated with the identity class, and the blockchain node is configured to enforce permissions associated with the identity class on identities associated with the identity class.
In some cases, the identity class is a regulator class, and wherein the permissions associated with the regulator class indicate that all transactions in the blockchain network are accessible to identities associated with the regulator class.
In some implementation, the identity class is a common class, and wherein the permissions associated with the common class indicate that only transactions in the blockchain network in which the identity is a participant are accessible to the identity.
In some cases, the isolated Merkle tree is consistent with the original Merkle tree only if it is sufficient to enable the light-weight node to verify the transactions in the isolated Merkle tree based on the hashes in the isolated Merkle tree.
The present specification also provides one or more non-transitory computer-readable storage media coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
The present specification further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
It is appreciated that methods in accordance with the present specification may include any combination of the aspects and features described herein. That is,  methods in accordance with the present specification are not limited to the combinations of aspects and features specifically described herein, but also include any combination of the aspects and features provided.
The details of one or more implementations of the present specification are set forth in the accompanying drawings and the description below. Other features and advantages of the present specification will be apparent from the description and drawings, and from the claims.
DESCRIPTION OF DRAWINGS
FIG. 1 depicts an example environment that can be used to execute implementations of the present specification.
FIG. 2 depicts an example conceptual architecture in accordance with implementations of the present specification.
FIG. 3A depicts an example Merkle tree for a block in a blockchain in accordance with implementations of the present specification.
FIG. 3B depicts the example Merkle tree of FIG. 3A with branches including isolated transactions in accordance with implementations of the present specification.
FIG. 3C depicts an example isolated Merkle tree produced based on the Merkle tree in FIGS. 3A in accordance with implementations of the present specification.
FIG. 4 depicts an example process that can be executed in accordance with implementations of the present specification.
Like reference symbols in the various drawings indicate like elements.
DETAILED DESCRIPTION
Implementations of the present specification include computer-implemented methods for enforcing data isolation in a blockchain network while still providing all nodes in the blockchain network with a consistent representation of blocks in the blockchain. More particularly, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
In some implementations, actions include receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree containing a plurality of transactions associated with the particular block; identifying, by the blockchain node, permissions associated with the identity of the light-weight node; generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree..
To provide further context for implementations of the present specification, and as introduced above, distributed ledger systems (DLSs) , which can also be referred to as consensus networks (e.g., made up of peer-to-peer nodes) , and blockchain networks, enable participating entities to securely, and immutably conduct transactions, and store data. Although the term blockchain is generally associated with various cryptocurrency networks, blockchain is used herein to generally refer to a DLS without reference to any particular use case. As introduced above, a blockchain network can be provided as a public blockchain network, a private blockchain network, or a consortium blockchain network.
In a public blockchain network, the consensus process is controlled by nodes of the consensus network. For example, hundreds, thousands, even millions of entities can cooperate a public blockchain network, each of which operates at least one node in the public blockchain network. Accordingly, the public blockchain network can be considered a public network with respect to the participating entities. In some examples, a majority of entities (nodes) must sign every block in order for the block to be valid, and added to the blockchain (distributed ledger) of the blockchain network. Examples of public blockchain networks include various cryptocurrency networks, which are peer-to-peer payment networks. Cryptocurrency networks can leverage a distributed ledger, referred to as a blockchain. As noted above, the term blockchain, however, is used to  generally refer to distributed ledgers without particular reference to any particular cryptocurrency network.
In general, a public blockchain network supports public transactions. A public transaction is shared with all of the nodes within the public blockchain network, and are stored in a global blockchain. A global blockchain is a blockchain that is replicated across all nodes. That is, all nodes are in perfect state consensus with respect to the global blockchain. To achieve consensus (e.g., agreement to the addition of a block to a blockchain) , a consensus protocol is implemented within the public blockchain network. An example consensus protocol includes, without limitation, proof-of-work (POW) implemented in cryptocurrency networks.
In general, a private blockchain network is provided for a particular entity, which centrally controls read and write permissions. The entity controls, which nodes are able to participate in the blockchain network. Consequently, private blockchain networks are generally referred to as permissioned networks that place restrictions on who is allowed to participate in the network, and on their level of participation (e.g., only in certain transactions) . Various types of access control mechanisms can be used (e.g., existing participants vote on adding new entities, a regulatory authority can control admission) .
In general, a consortium blockchain network is private among the participating entities. In a consortium blockchain network, the consensus process is controlled by an authorized set of nodes, one or more nodes being operated by a respective entity (e.g., a financial institution, insurance company) . For example, a consortium of ten (10) entities (e.g., financial institutions, insurance companies) can operate a consortium blockchain network, each of which operates at least one node in the consortium blockchain network. Accordingly, the consortium blockchain network can be considered a private network with respect to the participating entities. In some examples, each entity (node) must sign every block in order for the block to be valid, and added to the blockchain. In some examples, at least a sub-set of entities (nodes) (e.g., at least 7 entities) must sign every block in order for the block to be valid, and added to the blockchain.
Implementations of the present specification are described in further detail herein with reference to a private blockchain network, in which particular data may be isolated from certain participating entities based on a configuration of the blockchain network. It is contemplated, however, that implementations of the present specification can be realized in any appropriate type of blockchain network.
Implementations of the present specification are described in further detail herein in view of the above context. More particularly, and as introduced above, implementations of the present specification are directed to producing a Merkle tree that does not include data from which the requesting node is isolated, but that is still consistent with a full Merkle tree representing the requested block.
In some implementations, a light-weight node can request a particular block from a blockchain node participating in the network. The blockchain node can determine that the light-weight node does not have permission to read certain transactions in the block. The blockchain node can remove these transactions from a copy of the full Merkle tree representing the requested block, but can leave only the root hashes for any branches of tree that contain only removed transactions. Doing so can effectively isolate the light-weight node from the transaction data it is not authorized to read, and can also allow the light-weight node to be presented with a representation of the block that is consistent with the full Merkle tree for the block. This can allow the light-weight node to verify the integrity of the block (by examining the hashes in the Merkle tree) even without having access to the transaction data from which it is isolated.
FIG. 1 depicts an example environment 100 that can be used to execute implementations of the present specification. In some examples, the example environment 100 enables entities to participate in a private blockchain network 102. The example environment 100 includes  computing devices  106, 108, and a network 110. In some examples, the network 110 includes a local area network (LAN) , wide area network (WAN) , the Internet, or a combination thereof, and connects web sites, user devices (e.g., computing devices) , and back-end systems. In some examples, the network 110 can be accessed over a wired and/or a wireless communications link.
In the depicted example, the  computing systems  106, 108 can each include any appropriate computing system that enables participation as a node in the private  blockchain network 102. Example computing devices include, without limitation, a server, a desktop computer, a laptop computer, a tablet computing device, and a smartphone. In some examples, the  computing systems  106, 108 hosts one or more computer-implemented services for interacting with the private blockchain network 102. For example, the computing system 106 can host computer-implemented services of a first entity (e.g., user A) , such as transaction management system that the first entity uses to manage its transactions with one or more other entities (e.g., other users) . The computing system 108 can host computer-implemented services of a second entity (e.g., user B) , such as transaction management system that the second entity uses to manage its transactions with one or more other entities (e.g., other users) . In the example of FIG. 1, the private blockchain network 102 is represented as a peer-to-peer network of nodes, and the  computing systems  106, 108 provide nodes of the first entity, and second entity respectively, which participate in the private blockchain network 102.
FIG. 2 depicts an example conceptual architecture 200 in accordance with implementations of the present specification. The example conceptual architecture 200 includes an entity layer 202, a hosted services layer 204, and a blockchain network layer 206. In the depicted example, the entity layer 202 includes three entities, Entity_1 (E1) , Entity_2 (E2) , and Entity_3 (E3) , each entity having a respective transaction management system 208.
In the depicted example, the hosted services layer 204 includes interfaces 210 for each transaction management system 210. In some examples, a respective transaction management system 208 communicates with a respective interface 210 over a network (e.g., the network 110 of FIG. 1) using a protocol (e.g., hypertext transfer protocol secure (HTTPS) ) . In some examples, each interface 210 provides communication connection between a respective transaction management system 208, and the blockchain network layer 206. More particularly, the interface 210 communicate with a blockchain network 212 of the blockchain network layer 206. In some examples, communication between an interface 210, and the blockchain network layer 206 is conducted using remote procedure calls (RPCs) . In some examples, the interfaces 210 “host” blockchain network nodes for the respective transaction management systems 208. For example, the interfaces 210  provide the application programming interface (API) for access to blockchain network 212.
As described herein, the blockchain network 212 is provided as a peer-to-peer network including a plurality of nodes 214 that immutably record information in a blockchain 216. Although a single blockchain 216 is schematically depicted, multiple copies of the blockchain 216 are provided, and are maintained across the blockchain network 212. For example, each node 214 stores a copy of the blockchain. In some implementations, the blockchain 216 stores information associated with transactions that are performed between two or more entities participating in the private blockchain network.
FIG. 3A depicts an example Merkle tree 300 for a block 310 in a blockchain in accordance with implementations of the present specification. As shown, the Merkle tree 300 includes a block header which includes a hash value for all the data in the block, as well as a hash of the previous block in the block chain and a nonce value. The block header also includes a root hash which is a concatenation of the two hashes directly below it in the Merkle tree (325a, b) .
The leaf nodes of the Merkle tree 300 include transactions 305 a-d representing transactions recorded in this particular block 310 of the block chain. The Merkle tree 300 also includes hashes 315a-d. Each of these hashes 315a-d is a hash value generated based on the transaction data for transaction 305a-d, respectively. For example, the hash 315a may be generated by providing the data in transaction 305a as input to an SHA 256 hashing algorithm to produce the hash value 315a. In some implementations, any hash function with guaranteed uniqueness can be used to produce the hashes 315a-d.
The Merkle tree 300 also includes hashes 325a ( “Hash01” ) and 325b ( “Hash23” ) . The hashes 325a-b are produced by concatenating the two hashes directly below in the Merkle tree. For example, hash 325a ( “Hash01” ) is produced by concatenating hashes 315a ( “Hash0” ) and 315b ( “Hash1” ) . Similarly, as described above, the root hash in the block header is constructed by concatenating hash 325a and hash 325b.
Transactions 305a-c, shown shaded in grey in FIG. 3A, represent transactions that an entity (e.g., a light-weight node) requesting the block 310 does not have  permission to access. FIG. 3B depicts an example Merkle tree 350 in which the branches 335a, b of the Merkle tree 300, which include only transactions from which the requesting entity is to be isolated, are indicated by the dashed line boxes surrounding the branches.
FIG. 3C depicts an example isolated Merkle tree 390 produced based on the Merkle tree in FIG. 3A in accordance with implementations of the present specification. As shown, the branches 335a and 335b identified in the prior FIG. 3B have been removed in the isolated Merkle tree 390.
In some implementations, an isolated Merkle tree like example 390 can be produced by applying a software algorithm to a full Merkle tree, such as the one shown in FIG. 3A. In one example algorithm, a blockchain node receives a request from a light-weight node to read a certain block. The blockchain node scans the transactions in the requested block, and determines whether the light-weight node has permission to read each transaction based on an identity attribute included in the request and permissions associated with the identity.
In the example algorithm, the blockchain node scans sequentially through the transactions in the block, which by definition are stored in the leaf nodes of the Merkle tree. For each transaction, if the light-weight node has permission to read the transaction, the blockchain node moves to the next transaction. If the blockchain node finds a transaction Tx_i that the light-weight node does not have permission to read, the blockchain node continues to scan subsequent transactions until it again finds a transaction Tx_j the light-weight node has permission to read. The blockchain node then removes the group of transactions from Tx_i to Tx_ (j-1) , all of which the light-weight does not have permission to read. In addition, the blockchain node removes any branch from the Merkle tree that now includes no transactions, and leaves only the root hash of that particular branch. As shown in FIGS. 3B and 3C, this branch removal process is applied to branches 335a and 335b.
This scanning and processing of transactions is continued until the last transaction in the Merkle tree is processed, and a Merkle tree including transactions that the light-weight node has permission to read is obtained. This isolated Merkle tree is returned to the light-weight node.
FIG. 4 depicts an example process 400 that can be executed in accordance with implementations of the present specification. In some implementations, the example process 400 may be performed using one or more computer-executable programs executed using one or more computing devices.
At 402, a blockchain node receives a request to read a particular block of the blockchain from a light-weight node of the blockchain network. The request includes an identity of the light-weight node, and the particular block which includes an original Merkle tree containing a plurality of transactions associated with the particular block. In some cases, each of the plurality of transactions includes one or more identities associated with one or more participants in the transaction. From 402, the method 400 continues to 404.
At 404, the blockchain node identifies permissions associated with the identity of the light-weight node. In some cases, the identity is associated with an identity class, the permissions are associated with the identity class, and the blockchain node is configured to enforce permissions associated with the identity class on identities associated with the identity class. In some implementations, the identity class is a regulator class, and wherein the permissions associated with the regulator class indicate that all transactions in the blockchain network are accessible to identities associated with the regulator class. In some cases, the identity class is a common class, and wherein the permissions associated with the common class indicate that only transactions in the blockchain network in which the identity is a participant are accessible to the identity. From 404, the method 400 continues to 406.
At 406, the blockchain node generates an isolated Merkle tree based on the original Merkle tree included in the particular block. The isolated Merkle tree includes only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions. In some implementations, a transaction is determined not to be accessible by the light-weight node if the permissions indicate that the light-weight node does not have read access to the transaction. The isolated Merkle tree is consistent with the original Merkle tree. In some implementations, the isolated Merkle tree is consistent with the original Merkle tree only if it is sufficient to enable the light-weight node to verify the transactions in the isolated Merkle tree based  on the hashes in the isolated Merkle tree. In some cases, generating the isolated Merkle tree includes modifying the original Merkle tree to produce the isolated Merkle tree, including removing all transactions that are determined not to be accessible by the light-weight node from the original Merkle tree, and removing branches of the original Merkle tree from which all transactions have been removed leaving the root hash of each of the braches intact. From 406, the method 400 continues to 408.
At 408, the blockchain node sends a response to the light-weight node including the isolated Merkle tree. From 408, the method 400 stops.
Implementations of the subject matter and the actions and operations described in this specification can be implemented in digital electronic circuitry, in tangibly-embodied computer software or firmware, in computer hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Implementations of the subject matter described in this specification can be implemented as one or more computer programs, e.g., one or more modules of computer program instructions, encoded on a computer program carrier, for execution by, or to control the operation of, data processing apparatus. The carrier may be a tangible non-transitory computer storage medium. Alternatively, or in addition, the carrier may be an artificially-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal that is generated to encode information for transmission to suitable receiver apparatus for execution by a data processing apparatus. The computer storage medium can be or be part of a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them. A computer storage medium is not a propagated signal.
The term “data processing apparatus” encompasses all kinds of apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. Data processing apparatus can include special-purpose logic circuitry, e.g., an FPGA (field programmable gate array) , an ASIC (application-specific integrated circuit) , or a GPU (graphics processing unit) . The apparatus can also include, in addition to hardware, code that creates an execution environment for computer programs, e.g., code that constitutes processor  firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
A computer program, which may also be referred to or described as a program, software, a software application, an app, a module, a software module, an engine, a script, or code, can be written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages; and it can be deployed in any form, including as a stand-alone program or as a module, component, engine, subroutine, or other unit suitable for executing in a computing environment, which environment may include one or more computers interconnected by a data communication network in one or more locations.
A computer program may, but need not, correspond to a file in a file system. A computer program can be stored in a portion of a file that holds other programs or data, e.g., one or more scripts stored in a markup language document, in a single file dedicated to the program in question, or in multiple coordinated files, e.g., files that store one or more modules, sub-programs, or portions of code.
The processes and logic flows described in this specification can be performed by one or more computers executing one or more computer programs to perform operations by operating on input data and generating output. The processes and logic flows can also be performed by special-purpose logic circuitry, e.g., an FPGA, an ASIC, or a GPU, or by a combination of special-purpose logic circuitry and one or more programmed computers.
Computers suitable for the execution of a computer program can be based on general or special-purpose microprocessors or both, or any other kind of central processing unit. Generally, a central processing unit will receive instructions and data from a read-only memory or a random access memory or both. Elements of a computer can include a central processing unit for executing instructions and one or more memory devices for storing instructions and data. The central processing unit and the memory can be supplemented by, or incorporated in, special-purpose logic circuitry.
Generally, a computer will be coupled to at least one non-transitory computer-readable storage medium (also referred to as a computer-readable memory) . The storage medium coupled to the computer can be an internal component of the computer (e.g., an  integrated hard drive) or an external component (e.g., universal serial bus (USB) hard drive or a storage system accessed over a network) . Examples of storage media can include, for example, magnetic, magneto-optical, or optical disks, solid state drives, network storage resources such as cloud storage systems, or other types of storage media. However, a computer need not have such devices. Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA) , a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device, e.g., a universal serial bus (USB) flash drive, to name just a few.
To provide for interaction with a user, implementations of the subject matter described in this specification can be implemented on, or configured to communicate with, a computer having a display device, e.g., a LCD (liquid crystal display) monitor, for displaying information to the user, and an input device by which the user can provide input to the computer, e.g., a keyboard and a pointing device, e.g., a mouse, a trackball or touchpad. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input. In addition, a computer can interact with a user by sending documents to and receiving documents from a device that is used by the user; for example, by sending web pages to a web browser on a user’s device in response to requests received from the web browser, or by interacting with an app running on a user device, e.g., a smartphone or electronic tablet. Also, a computer can interact with a user by sending text messages or other forms of message to a personal device, e.g., a smartphone that is running a messaging application, and receiving responsive messages from the user in return.
This specification uses the term “configured to” in connection with systems, apparatus, and computer program components. For a system of one or more computers to be configured to perform particular operations or actions means that the system has installed on it software, firmware, hardware, or a combination of them that in operation cause the system to perform the operations or actions. For one or more computer programs to be configured to perform particular operations or actions means that the one  or more programs include instructions that, when executed by data processing apparatus, cause the apparatus to perform the operations or actions. For special-purpose logic circuitry to be configured to perform particular operations or actions means that the circuitry has electronic logic that performs the operations or actions.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of what is being claimed, which is defined by the claims themselves, but rather as descriptions of features that may be specific to particular implementations. Certain features that are described in this specification in the context of separate implementations can also be realized in combination in a single implementation. Conversely, various features that are described in the context of a single implementations can also be realized in multiple implementations separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially be claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claim may be directed to a subcombination or variation of a subcombination.
Similarly, while operations are depicted in the drawings and recited in the claims in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the implementations described above should not be understood as requiring such separation in all implementations, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Particular implementations of the subject matter have been described. Other implementations are within the scope of the following claims. For example, the actions recited in the claims can be performed in a different order and still achieve desirable results. As one example, the processes depicted in the accompanying figures do not  necessarily require the particular order shown, or sequential order, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous.

Claims (10)

  1. A computer-implemented method for protecting sensitive data stored on a blockchain maintained by a blockchain network, the method comprising:
    receiving, by a blockchain node in the blockchain network, a request to read a particular block of the blockchain, wherein the request is received from a light-weight node of the blockchain network and includes an identity of the light-weight node, and wherein the particular block includes an original Merkle tree containing a plurality of transactions associated with the particular block;
    identifying, by the blockchain node, permissions associated with the identity of the light-weight node;
    generating, by the blockchain node, an isolated Merkle tree based on the original Merkle tree included in the particular block, the isolated Merkle tree including only transactions from the original Merkle tree that are determined to be accessible by the light-weight node based on the identified permissions, wherein the isolated Merkle tree is consistent with the original Merkle tree; and
    sending, by the blockchain node, a response to the light-weight node including the isolated Merkle tree.
  2. The computer-implemented method of claim 1, wherein generating the isolated Merkle tree based on the original Merkle tree included in the particular block includes:
    modifying the original Merkle tree to produce the isolated Merkle tree, including:
    removing all transactions that are determined to not be accessible by the light-weight node from the original Merkle tree; and
    removing branches of the original Merkle tree from which all transactions have been removed leaving only the root hash of each of the branches intact.
  3. The computer-implemented method of claim 2, wherein a transaction is determined to not to be accessible by the light-weight node if the permissions indicate that the light-weight node does not have read access to the transaction.
  4. The computer-implemented method of claim 1, wherein each of the plurality of transactions includes one or more identities associated with one or more participants in the transaction.
  5. The computer-implemented method of claim 4, wherein the identity is associated with an identity class, the permissions are associated with the identity class, and the blockchain node is configured to enforce permissions associated with the identity class on identities associated with the identity class.
  6. The computer-implemented method of claim 5, wherein the identity class is a regulator class, and wherein the permissions associated with the regulator class indicate that all transactions in the blockchain network are accessible to identities associated with the regulator class.
  7. The computer-implemented method of claim 5, wherein the identity class is a common class, and wherein the permissions associated with the common class indicate that only transactions in the blockchain network in which the identity is a participant are accessible to the identity.
  8. The computer-implemented method of claim 1, wherein the isolated Merkle tree is consistent with the original Merkle tree only if it is sufficient to enable the light-weight node to verify integrity of the block based on the isolated Merkle tree.
  9. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with the method of one or more of claims 1-8.
  10. A system, comprising:
    a computing device; and
    a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations in accordance with the method of one or more of claims 1-8.
PCT/CN2018/120805 2018-12-13 2018-12-13 Data isolation in a blockchain network WO2019072293A2 (en)

Priority Applications (16)

Application Number Priority Date Filing Date Title
KR1020197022194A KR102258440B1 (en) 2018-12-13 2018-12-13 Data Isolation in Blockchain Networks
RU2019123413A RU2745518C9 (en) 2018-12-13 2018-12-13 Data isolation in the blockchain network
CN201880003678.1A CN109863521A (en) 2018-12-13 2018-12-13 Data isolation in block chain network
PCT/CN2018/120805 WO2019072293A2 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network
JP2019540591A JP6816297B2 (en) 2018-12-13 2018-12-13 Data separation in blockchain network
MX2019008898A MX2019008898A (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network.
EP18867254.7A EP3560143B1 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network
BR112019015423A BR112019015423A8 (en) 2018-12-13 2018-12-13 COMPUTER-IMPLEMENTED METHOD TO PROTECT SENSITIVE DATA STORED IN A TRUST PROTOCOL MAINTAINED BY A TRUST PROTOCOL NETWORK, A NON-TRANSITORY STORAGE MEDIA, READABLE BY COMPUTER AND SYSTEM
AU2018348333A AU2018348333A1 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network
CA3051762A CA3051762A1 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network
SG11201906846YA SG11201906846YA (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network
US16/421,329 US11003646B2 (en) 2018-12-13 2019-05-23 Data isolation in a blockchain network
ZA2019/04928A ZA201904928B (en) 2018-12-13 2019-07-26 Data isolation in a blockchain network
PH12019501735A PH12019501735A1 (en) 2018-12-13 2019-07-26 Data isolation in a blockchain network
TW108128021A TWI706352B (en) 2018-12-13 2019-08-07 Computer-implemented method, non-transitory computer-readable storage medium and system for protecting sensitive data stored on blockchain maintained by blockchain network
US17/233,004 US20210232558A1 (en) 2018-12-13 2021-04-16 Data isolation in a blockchain network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/120805 WO2019072293A2 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/421,329 Continuation US11003646B2 (en) 2018-12-13 2019-05-23 Data isolation in a blockchain network

Publications (2)

Publication Number Publication Date
WO2019072293A2 true WO2019072293A2 (en) 2019-04-18
WO2019072293A3 WO2019072293A3 (en) 2019-10-10

Family

ID=66100120

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/120805 WO2019072293A2 (en) 2018-12-13 2018-12-13 Data isolation in a blockchain network

Country Status (15)

Country Link
US (2) US11003646B2 (en)
EP (1) EP3560143B1 (en)
JP (1) JP6816297B2 (en)
KR (1) KR102258440B1 (en)
CN (1) CN109863521A (en)
AU (1) AU2018348333A1 (en)
BR (1) BR112019015423A8 (en)
CA (1) CA3051762A1 (en)
MX (1) MX2019008898A (en)
PH (1) PH12019501735A1 (en)
RU (1) RU2745518C9 (en)
SG (1) SG11201906846YA (en)
TW (1) TWI706352B (en)
WO (1) WO2019072293A2 (en)
ZA (1) ZA201904928B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111034151A (en) * 2019-04-30 2020-04-17 阿里巴巴集团控股有限公司 Method and apparatus for managing access to accounts in a blockchain system
WO2020220413A1 (en) * 2019-04-29 2020-11-05 山东工商学院 Zero knowledge proving method and system for personal information, and storage medium
EP3769233A4 (en) * 2019-12-05 2021-02-17 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
CN112565435A (en) * 2020-12-10 2021-03-26 广东投盟科技有限公司 Business processing method and system based on transaction chain and computer readable storage medium
CN112799839A (en) * 2021-01-28 2021-05-14 百果园技术(新加坡)有限公司 Request processing method and device, computer readable storage medium and electronic equipment
US11108555B2 (en) 2019-12-05 2021-08-31 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109829822B (en) * 2019-01-28 2020-10-23 杭州复杂美科技有限公司 Transaction replacing method, transaction queuing method, device and storage medium
CN110998556B (en) * 2019-03-21 2023-09-15 创新先进技术有限公司 Data isolation in a blockchain network
CN110365768B (en) * 2019-07-15 2021-07-06 腾讯科技(深圳)有限公司 Data synchronization method, device, medium and electronic equipment of distributed system
US11520904B2 (en) * 2019-08-27 2022-12-06 Accenture Global Solutions Limited AI-based blockchain hybrid consensus
CN111125593B (en) * 2019-11-14 2024-01-26 深圳源中瑞科技有限公司 Family tree information processing method, equipment and storage medium based on block chain
CN111242617B (en) * 2020-01-02 2022-05-10 支付宝(杭州)信息技术有限公司 Method and apparatus for performing transaction correctness verification
JP7381881B2 (en) * 2020-02-21 2023-11-16 富士通株式会社 Management program, management device and management method
CN111343177B (en) * 2020-02-25 2022-11-29 百度在线网络技术(北京)有限公司 Method, device, equipment and medium for supervising lightweight node
US10887104B1 (en) 2020-04-01 2021-01-05 Onu Technology Inc. Methods and systems for cryptographically secured decentralized testing
US11409907B2 (en) 2020-04-01 2022-08-09 Onu Technology Inc. Methods and systems for cryptographically secured decentralized testing
WO2023140828A1 (en) * 2022-01-18 2023-07-27 Hewlett-Packard Development Company, L.P. Method and apparatus for controlling access to data stored on a blockchain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733855A (en) 2017-08-31 2018-02-23 中国科学院信息工程研究所 A kind of block catenary system and application process that can support publicly-owned chain, alliance's chain and privately owned chain simultaneously
US20180349621A1 (en) 2017-06-01 2018-12-06 Schvey, Inc. d/b/a/ Axoni Distributed privately subspaced blockchain data structures with secure access restriction management

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005017809A2 (en) * 2003-08-15 2005-02-24 Docomo Communications Laboratories Usa, Inc. Method and apparatus for authentication of data streams with adaptively controlled losses
US9530010B2 (en) * 2013-11-07 2016-12-27 Fujitsu Limited Energy usage data management
CN104750784B (en) * 2015-03-06 2018-03-02 西安交通大学 A kind of space querying integrity verification method based on Merkle tree constructions
US10089489B2 (en) * 2015-06-02 2018-10-02 ALTR Solutions, Inc. Transparent client application to arbitrate data storage between mutable and immutable data repositories
US10269012B2 (en) * 2015-11-06 2019-04-23 Swfl, Inc. Systems and methods for secure and private communications
WO2017145009A1 (en) * 2016-02-23 2017-08-31 nChain Holdings Limited A method and system for securing computer software using a distributed hash table and a blockchain
CN106559211B (en) * 2016-11-22 2019-12-13 中国电子科技集团公司第三十研究所 Privacy protection intelligent contract method in block chain
CN106796688B (en) * 2016-12-26 2020-12-18 深圳前海达闼云端智能科技有限公司 Permission control method, device and system of block chain and node equipment
US10715331B2 (en) * 2016-12-28 2020-07-14 MasterCard International Incorported Method and system for providing validated, auditable, and immutable inputs to a smart contract
CN111917864B (en) * 2017-02-22 2023-08-22 创新先进技术有限公司 Service verification method and device
CN106899412A (en) * 2017-03-30 2017-06-27 北京链银博科技有限责任公司 A kind of block chain method for secret protection, apparatus and system
US10783272B2 (en) * 2017-12-08 2020-09-22 Nec Corporation Method and system of preserving privacy for usage of lightweight blockchain clients
CN108664803B (en) * 2018-04-04 2022-03-22 中国电子科技集团公司第三十研究所 Password-based document content fine-grained access control system
RU181439U1 (en) * 2018-04-06 2018-07-13 Оксана Валерьевна Кириченко Decentralized technology platform for storing and exchanging transaction data in a distributed computing network
WO2019207503A1 (en) * 2018-04-27 2019-10-31 nChain Holdings Limited Partitioning a blockchain network
CN108961052B (en) 2018-06-25 2022-02-22 百度在线网络技术(北京)有限公司 Verification method, storage method, device, equipment and medium of block chain data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180349621A1 (en) 2017-06-01 2018-12-06 Schvey, Inc. d/b/a/ Axoni Distributed privately subspaced blockchain data structures with secure access restriction management
CN107733855A (en) 2017-08-31 2018-02-23 中国科学院信息工程研究所 A kind of block catenary system and application process that can support publicly-owned chain, alliance's chain and privately owned chain simultaneously

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3560143A4

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020220413A1 (en) * 2019-04-29 2020-11-05 山东工商学院 Zero knowledge proving method and system for personal information, and storage medium
US11157897B2 (en) 2019-04-30 2021-10-26 Advanced New Technologies Co., Ltd. Methods and devices for managing access to account in blockchain system
EP3635941A4 (en) * 2019-04-30 2020-04-29 Alibaba Group Holding Limited Methods and devices for managing access to account in blockchain system
CN114710329B (en) * 2019-04-30 2024-03-01 创新先进技术有限公司 Method and apparatus for managing access to accounts in a blockchain system
CN114710329A (en) * 2019-04-30 2022-07-05 创新先进技术有限公司 Method and apparatus for managing access to accounts in a blockchain system
CN111034151A (en) * 2019-04-30 2020-04-17 阿里巴巴集团控股有限公司 Method and apparatus for managing access to accounts in a blockchain system
CN111034151B (en) * 2019-04-30 2022-01-28 创新先进技术有限公司 Method and apparatus for managing access to accounts in a blockchain system
AU2019379711B2 (en) * 2019-12-05 2022-04-07 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
US11108555B2 (en) 2019-12-05 2021-08-31 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
AU2019379711A1 (en) * 2019-12-05 2021-06-24 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
US11251969B2 (en) 2019-12-05 2022-02-15 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
EP3769233A4 (en) * 2019-12-05 2021-02-17 Alipay (Hangzhou) Information Technology Co., Ltd. Performing map iterations in a blockchain-based system
CN112565435B (en) * 2020-12-10 2021-08-17 广东投盟科技有限公司 Business processing method and system based on transaction chain and computer readable storage medium
CN112565435A (en) * 2020-12-10 2021-03-26 广东投盟科技有限公司 Business processing method and system based on transaction chain and computer readable storage medium
CN112799839A (en) * 2021-01-28 2021-05-14 百果园技术(新加坡)有限公司 Request processing method and device, computer readable storage medium and electronic equipment
CN112799839B (en) * 2021-01-28 2024-03-15 百果园技术(新加坡)有限公司 Request processing method, request processing device, computer readable storage medium and electronic equipment

Also Published As

Publication number Publication date
EP3560143A4 (en) 2020-03-11
MX2019008898A (en) 2019-09-10
CN109863521A (en) 2019-06-07
RU2019123413A (en) 2021-01-26
US20190278758A1 (en) 2019-09-12
JP6816297B2 (en) 2021-01-20
CA3051762A1 (en) 2019-04-18
KR102258440B1 (en) 2021-06-02
WO2019072293A3 (en) 2019-10-10
BR112019015423A8 (en) 2023-03-28
SG11201906846YA (en) 2019-08-27
ZA201904928B (en) 2021-06-30
AU2018348333A1 (en) 2020-07-02
EP3560143A2 (en) 2019-10-30
US11003646B2 (en) 2021-05-11
KR20200074909A (en) 2020-06-25
US20210232558A1 (en) 2021-07-29
PH12019501735A1 (en) 2020-03-09
JP2020516103A (en) 2020-05-28
EP3560143B1 (en) 2021-09-15
BR112019015423A2 (en) 2020-03-31
TWI706352B (en) 2020-10-01
RU2745518C2 (en) 2021-03-25
RU2019123413A3 (en) 2021-01-26
RU2745518C9 (en) 2021-05-26
TW202022744A (en) 2020-06-16

Similar Documents

Publication Publication Date Title
US11003646B2 (en) Data isolation in a blockchain network
US10628605B2 (en) Data isolation in a blockchain network
US10678597B2 (en) Event-driven blockchain workflow processing
US11265322B2 (en) Data isolation in blockchain networks
WO2019120328A2 (en) Processing and storing blockchain data under a trusted execution environment
CA3052348A1 (en) Parallel execution of transactions in a blockchain network
WO2020098820A2 (en) Performing map iterations in a blockchain-based system
US11251969B2 (en) Performing map iterations in a blockchain-based system
CN111033489B (en) Method and apparatus for data traversal

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 3051762

Country of ref document: CA

Ref document number: 2019540591

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2018867254

Country of ref document: EP

Effective date: 20190726

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112019015423

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112019015423

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20190726

ENP Entry into the national phase

Ref document number: 2018348333

Country of ref document: AU

Date of ref document: 20181213

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE