WO2019119278A1 - 获取可信节点的方法、装置、存储介质及区块链节点 - Google Patents
获取可信节点的方法、装置、存储介质及区块链节点 Download PDFInfo
- Publication number
- WO2019119278A1 WO2019119278A1 PCT/CN2017/117281 CN2017117281W WO2019119278A1 WO 2019119278 A1 WO2019119278 A1 WO 2019119278A1 CN 2017117281 W CN2017117281 W CN 2017117281W WO 2019119278 A1 WO2019119278 A1 WO 2019119278A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- node
- trusted
- trusted node
- information
- default
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Definitions
- the present disclosure relates to the field of information technology, and in particular, to a method, an apparatus, a storage medium, and a blockchain node for acquiring a trusted node.
- the new node does not authenticate the nodes on the blockchain when preparing to access the blockchain.
- the new node cannot know if the nodes on the blockchain are trusted.
- this requires the new node to authenticate the nodes on the blockchain to ensure that these nodes are trusted.
- the existing identity authentication method usually requires each party to find a trusted third-party CA to issue a digital identity certificate to each other. The two parties authenticate each other's identity by transmitting their respective digital identity certificates. This centralized approach to obtaining trusted nodes has the problem of weakening the decentralization of the blockchain.
- the main purpose of the present disclosure is to provide a method, an apparatus, a storage medium, and a blockchain node for acquiring a trusted node, which are used to solve the problem that the existing trusted node is weakened by the participation of a third party institution.
- a first aspect of the present disclosure provides a method for acquiring a trusted node, which is applied to a new node to be accessed by a blockchain network, where the method includes:
- the target trusted node is a default trusted node preset by the administrator in the blockchain network to the blockchain network, or is the new node a node in the list of trusted nodes;
- the target trusted node Receiving a query response sent by the target trusted node, where the query response includes signature information of the target trusted node and peer node information of the target trusted node, where the peer node information includes the block Node information in the chain network that establishes a P2P connection with the target trusted node;
- a second aspect of the present disclosure provides a method for acquiring a trusted node, which is applied to a new node to be accessed by a blockchain network, where the method includes:
- a third aspect of the present disclosure provides a method for obtaining a trusted node, which is applied to a trusted node in a blockchain network, where the method includes:
- the query request includes signature information of the new node, where the trusted node is an administrator preset in the blockchain network a default trusted node in the blockchain network, or a node in the list of trusted nodes of the new node;
- a fourth aspect of the present disclosure provides a method for acquiring a trusted node, which is applied to a default trusted node of a blockchain network, where the default trusted node is an administrator preset in the blockchain network to the zone A trusted node in a blockchain network, the method comprising:
- the peer node information includes node information in the blockchain network that establishes a P2P connection with the default trusted node.
- a fifth aspect of the present disclosure provides an apparatus for acquiring a trusted node, which is applied to a new node to be accessed by a blockchain network, where the apparatus includes:
- a query requesting module configured to send a query request to the target trusted node, where the target trusted node is a default trusted node preset by the administrator in the blockchain network to the blockchain network, or a node in the list of trusted nodes of the new node;
- a query response receiving module configured to receive a query response sent by the target trusted node, where the query response includes signature information of the target trusted node and peer node information of the target trusted node, the peer
- the node information includes node information in the blockchain network that establishes a P2P connection with the target trusted node;
- the first signature authentication module is configured to perform signature verification on the signature information of the target trusted node, and add the peer node information to the trusted node list of the new node after the signature authentication is passed.
- a sixth aspect of the present disclosure provides an apparatus for acquiring a trusted node, which is applied to a new node to be accessed by a blockchain network, where the apparatus includes:
- a first connection requesting module configured to send a P2P connection request to the default trusted node, where the default trusted node is trusted by an administrator in the blockchain network to be preset in the blockchain network node;
- a first connection response receiving module configured to receive a P2P connection response sent by the default trusted node, where the P2P connection response includes peer node information of the default trusted node, where the peer node information includes the area Node information in the blockchain network establishing a P2P connection with the default trusted node;
- An identity authentication module configured to perform identity authentication on the default trusted node according to the P2P connection response, and add the default trusted node and the peer node information to the new node after the identity authentication is passed A list of trusted nodes.
- a seventh aspect of the present disclosure provides an apparatus for acquiring a trusted node, which is applied to a trusted node in a blockchain network, where the apparatus includes:
- a query request receiving module configured to receive a query request sent by a new node in the blockchain network, where the query request includes signature information of the new node, and the trusted node is the blockchain An administrator in the network presets to a default trusted node in the blockchain network, or a node in the trusted node list of the new node;
- a query response module configured to perform signature verification on the signature information of the new node, and send a query response to the new node after the signature authentication is passed, where the query request includes information of a peer node of the trusted node, where The peer node information includes node information in the blockchain network that establishes a P2P connection with the trusted node.
- An eighth aspect of the present disclosure provides an apparatus for acquiring a trusted node, which is applied to a default trusted node in a blockchain network, where the default trusted node is an administrator preset in the blockchain network A trusted node in a blockchain network, the device comprising:
- a second connection request receiving module configured to receive a P2P connection request sent by a new node to be accessed by the blockchain network
- a second connection response module configured to perform identity authentication on the new node according to the P2P connection request, and send a P2P connection response to the new node after the identity authentication is passed, where the P2P connection response includes the default
- the peer node information of the node the peer node information including node information of the blockchain network establishing a P2P connection with the default trusted node.
- a ninth aspect of the present disclosure provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium comprising one or more programs, the one or more programs for performing the first aspect Methods.
- a tenth aspect of the present disclosure provides a block chain node, which is applied to a new node of a blockchain network to be accessed, including:
- One or more processors for executing a program in the non-transitory computer readable storage medium.
- An eleventh aspect of the present disclosure provides a non-transitory computer readable storage medium
- the non-transitory computer readable storage medium includes one or more programs for performing the method of the second aspect.
- a twelfth aspect of the present disclosure provides a block chain node, which is applied to a new node of a blockchain network to be accessed, including:
- One or more processors for executing a program in the non-transitory computer readable storage medium.
- a thirteenth aspect of the present disclosure provides a non-transitory computer readable storage medium
- the non-transitory computer readable storage medium includes one or more programs for performing the method of the third aspect.
- a fourteenth aspect of the present disclosure provides a blockchain node, which is applied to a trusted node in a blockchain network, including:
- One or more processors for executing a program in the non-transitory computer readable storage medium.
- a fifteenth aspect of the present disclosure provides a non-transitory computer readable storage medium
- the non-transitory computer readable storage medium includes one or more programs for performing the method of the fourth aspect.
- a sixteenth aspect of the present disclosure provides a block chain node, which is applied to a default trusted node of a blockchain network, and includes:
- One or more processors for executing a program in the non-transitory computer readable storage medium.
- the default trusted node in the blockchain network or the node in the trusted node list is authenticated, and the peer nodes of the trusted nodes are obtained after the authentication is passed as the trustedness of the new node.
- Nodes without the need for centralized third-party organizations, can avoid the decentralization of the blockchain. At the same time, the high complexity of digital certificate issuance can be avoided.
- FIG. 1 is a schematic diagram showing an implementation environment according to an exemplary embodiment of the present disclosure
- FIG. 2 is a flowchart of a method for acquiring a trusted node, where the method is applied to a new node of a blockchain network to be accessed, according to an exemplary embodiment
- FIG. 3 is a flowchart of a method for acquiring a trusted node, where the method is applied to a trusted node in a blockchain network, according to an exemplary embodiment
- FIG. 4 is a schematic diagram of signaling interaction of a method for acquiring a trusted node, according to an exemplary embodiment of the present disclosure
- FIG. 5 is a schematic diagram of signaling interaction of a method for acquiring a trusted node, according to another exemplary embodiment of the present disclosure
- FIG. 6 is a schematic diagram of signaling interaction of a method for acquiring a trusted node, according to another exemplary embodiment of the present disclosure.
- FIG. 7 is a block diagram of an apparatus for acquiring a trusted node, where the apparatus is applied to a new node of a blockchain network to be accessed, according to an exemplary embodiment of the present disclosure
- FIG. 8 is a block diagram of an apparatus for acquiring a trusted node, where the apparatus is applied to a new node of a blockchain network to be accessed, according to another exemplary embodiment of the present disclosure
- FIG. 9 is a block diagram of an apparatus for acquiring a trusted node, where the apparatus is applied to a trusted node in a blockchain network, according to an exemplary embodiment of the present disclosure
- FIG. 10 is a block diagram of an apparatus for acquiring a trusted node, where the apparatus is applied to a default trusted node in a blockchain network, according to another exemplary embodiment of the present disclosure.
- a blockchain is a decentralized distributed database system in which all nodes in a blockchain network participate in maintenance. It is composed of a series of data blocks generated by cryptography, and each block is a blockchain. One block. According to the order of the generation time, the blocks are linked together in an orderly manner to form a data chain, which is aptly called a blockchain.
- the blockchain is generated and validated by its special blocks and transactions, with unchangeable, unforgeable and fully traceable security features.
- Blockchain node The blockchain network is based on a P2P (Peer to Peer) network.
- P2P Peer to Peer
- Each P2P network node participating in transaction and block storage, verification, and forwarding is a node in a blockchain network.
- the user identity in the blockchain is represented by a public key, and the public key and the private key appear in pairs, wherein the private key is mastered by the user and not posted to the above-mentioned blockchain network, and the public key passes through the specific The hash and encoding become the "address", the "address” represents the user, and the public key and "address” can be freely published in the blockchain network. It is worth mentioning that there is no one-to-one correspondence between user identity and blockchain nodes. Users can use their own private key on any blockchain node.
- Blockchain data write The blockchain node writes data to the blockchain by issuing a "transaction" to the blockchain network.
- the transaction contains the signature of the user using his or her private key to prove the identity of the user.
- the transaction is recorded by the “miner” (block chain node that implements the blockchain consensus competition mechanism) into the generated new block, and then released to the blockchain network, and verified and passed by other blockchain nodes, the transaction data is Is written to the blockchain.
- FIG. 1 is a schematic diagram of an implementation environment, according to an exemplary embodiment of the present disclosure.
- the implementation environment may include a blockchain network 10 composed of a number of nodes and a new node 20 to be accessed by the blockchain network 10.
- the default trusted node 11, the participating node 12, the first administrator 13, and the second administrator 14 are nodes in the blockchain network 10, respectively.
- the default trusted node 11 is a trusted node preset to the blockchain network 10
- the participating node 22 may include a peer node of the default trusted node 11 (ie, the P2P is established in the blockchain network 10 with the default trusted node 11).
- the connected node) and the child peer node ie the peer node of the peer node).
- the first administrator 13 can deploy the default trusted node 11 and the participating node 12; the second administrator 14 can correspond to a certain organization participating in the blockchain network 10, which can be new to the access blockchain network 10.
- the node performs control, for example, to write account information, license information, and the like of the new node 20 that is allowed to access the blockchain network 10 into the blockchain.
- the implementation environment shown in FIG. 1 is only used to illustrate the method provided by the embodiments of the present disclosure, and does not constitute a limitation on the embodiments of the disclosure.
- the first administrator 13 may deploy one or more default trusted nodes 11 and multiple participating nodes 12 in the blockchain network 10, which is not limited in this disclosure.
- a method for acquiring a trusted node is shown in an exemplary embodiment of the present disclosure, and the method may be applied to a new node in a blockchain network to be accessed.
- the new node 20 shown in FIG. The method includes:
- step S201 a query request is sent to the target trusted node, where the target trusted node is preset by the administrator in the blockchain network to the default trusted node in the blockchain network or the trusted node list of the new node. Node.
- step S202 the query response sent by the target trusted node is received, and the query response includes signature information of the target trusted node and peer node information of the target trusted node.
- the peer node information includes node information in the blockchain network that establishes a P2P connection with the target trusted node.
- step S203 the signature information of the target trusted node is signature-authenticated, and after the signature authentication is passed, the peer node information is added to the trusted node list of the new node.
- the target trusted node may be a default trusted node preset by the administrator in the blockchain network to the blockchain network, for example, the first administrator 13 preset shown in FIG.
- the connection response returned by the default trusted node received by the new node includes the signature information of the default trusted node and the peer node information of the default trusted node (ie, the P2P connection is established in the blockchain network with the default trusted node). Node information).
- the signature information of the default trusted node is used to verify whether the default trusted node is legal.
- the new node may be preset with the public key of the default trusted node, so that the new node can sign and authenticate the signature information according to the preset public key.
- the peer node of the default trusted node can be considered as the trusted node of the new node, so the peer node information of the default trusted node can be added to the list of trusted nodes.
- the peer node information of the default trusted node includes at least information such as an IP address and a public key of the peer node of the default trusted node, so that each trusted node is recorded in the trusted node list of the new node.
- Information such as IP address and public key.
- the new node can ensure that the default trusted node passes the identity authentication and then uses the peer node of the default trusted node as its own trusted node.
- the trusted node to which it is trusted is trustworthy.
- the new node can also select any trusted node from its list of trusted nodes for mutual authentication and subsequent communication. For example, the new node may select a trusted node that is closer to itself according to the IP address of each trusted node in the trusted node list for mutual authentication and subsequent communication.
- the new node may send a service request to any trusted node in its trusted node list, and receive a service response returned by the trusted node, where the service response includes signature information of the trusted node and service data. Then, the new node performs signature verification on the signature information of the trusted node according to the public key of the trusted node. If the signature authentication passes, it indicates that the trusted node is legal, and thus the service data returned by the trusted node can be accepted.
- the new node may select any trusted node in its trusted node list as the target trusted node, and obtain the trusted request by sending a service request requesting the trusted node's peer node information to the target trusted node.
- the peer node of the node acts as a source of more trusted nodes.
- the new node performs encrypted communication with the target trusted node.
- the new node may generate an encryption key, encrypt the encryption key through the public key of the target trusted node, and send it to the target trusted node, and decrypt the private key of the target trusted node to obtain the encryption key, and receive the encryption key.
- the signature information returned by the target trusted node and the service data encrypted by the target trusted node by using the encryption key, and signature verification of the signature information of the target trusted node according to the public key of the target trusted node, after the signature authentication is passed The generated encryption key decrypts the encrypted service data.
- the method for obtaining a trusted node provided by the embodiment of the present disclosure is based on the default trusted node in the blockchain network, and the method for obtaining the trusted node provided by the embodiment of the present disclosure is compared with the prior art.
- the two-way authentication is performed and the trusted node is obtained through the default trusted node after the authentication is passed. Since the entire process does not require the participation of a centralized third-party organization, the decentralization advantage of the blockchain can be avoided. At the same time, the complexity of digital certificate issuance can be avoided.
- new nodes may include, but are not limited to, various terminals, blockchain light nodes, and blockchain full nodes, and the like. If the new node is a blockchain light node or a blockchain full node, the blockchain data needs to be synchronized, so a P2P connection needs to be established with the target trusted node.
- the new node may synchronize the blockchain data by using the default trusted node, that is, the new node sends a P2P connection request to the default trusted node before sending the query request to the default trusted node, and the default may be received.
- the P2P connection response sent by the information node including the signature information of the default trusted node, and the signature information of the default trusted node is signed and authenticated according to the preset public key of the trusted node. If the signature authentication is passed, the default is indicated.
- the trusted node is legal, so a P2P connection can be established with the default trusted node.
- the new node After establishing a P2P connection with the default trusted node, the new node can send a query request to the default trusted node to obtain the peer node information of the default trusted node. At the same time, the new node can also request synchronization block data from the default trusted node through the P2P connection.
- the new node can also synchronize the block data through other trusted nodes, that is, select the trusted node from the list of trusted nodes for mutual authentication, and select after the authentication is passed.
- the trusted node initiates a P2P connection request, and can also respond to the selected trusted node's P2P connection request, and synchronizes the blockchain data operation through the P2P connection with the selected trusted node.
- the new node may also request to obtain the peer node information of the default trusted node while receiving the P2P connection request to the default trusted node, and receive the default trusted
- the P2P connection response sent by the node including the peer node information of the default trusted node, and authenticating the default trusted node according to the P2P connection response, and adding the default trusted node and the peer node information to the new after the identity authentication is passed The node's list of trusted nodes.
- the public key of the default trusted node is preset in the new node, and the peer node information returned by the default trusted node includes the public key of each peer node, so each new trusted node list is recorded in the trusted node list.
- the new node cannot verify the permissions of the non-default trusted node and synchronize the data from the non-default trusted node before synchronizing the relevant blockchain data.
- the above problem can be solved by using the peer node (and the child peer node) of the default trusted node as the trusted node and the two-way authentication scheme: the trusted node can be used as a node that has passed the authority verification.
- the new node can also flexibly maintain its trusted nodes according to the specific requirements of the blockchain network, such as limiting the number of trusted nodes and the timeliness of non-default trusted nodes as trusted nodes.
- the embodiment of the present disclosure further provides another method for obtaining a trusted node, and the method can be applied to a trusted node in a blockchain network. As shown in FIG. 3, the method includes:
- step S301 a query request sent by a new node in the blockchain network to be accessed is received, and the query request includes signature information of the new node.
- the trusted node may be a default trusted node in the blockchain network preset by the administrator in the blockchain network (such as the first administrator 13 shown in FIG. 1), or a trusted node of the new node.
- the nodes in the list may be a default trusted node in the blockchain network preset by the administrator in the blockchain network (such as the first administrator 13 shown in FIG. 1), or a trusted node of the new node. The nodes in the list.
- step S302 the signature information of the new node is signature-authenticated, and after the signature authentication is passed, the query response is sent to the new node, and the query response includes the peer node information of the trusted node.
- an administrator in the blockchain network may add identity information of the new node (including the new node's public key or account address, etc.) to the blockchain.
- the trusted node may obtain the identity information of the new node from the blockchain and perform signature verification on the signature information according to the identity information of the new node. If the signature authentication is passed, it indicates that the new node is legal, and thus its signature information and peer node information can be sent to the new node.
- the peer node information includes node information in the blockchain network that establishes a P2P connection with the trusted node.
- new nodes may include, but are not limited to, various terminals, blockchain light nodes, and blockchain full nodes, and the like. If the new node is a blockchain light node or a blockchain full node, it also needs to send a P2P connection request to the trusted node, and establish a P2P connection with the trusted node to synchronize the blockchain data of the trusted node.
- the new node may send a P2P connection request to the default trusted node, where the P2P connection request includes signature information of the new node.
- the default trusted node may query the public key of the new node from the blockchain to perform signature verification on the signature information of the new node according to the public key of the new node. If the signature authentication is passed, the new trusted node indicates that the new The node is legal and therefore sends a P2P connection response to the new node.
- the default trusted node may also carry its peer node information in the P2P connection response after confirming that the new node is authenticated by the signature.
- the peer node information of the default trusted node includes at least an IP address, a public key, and the like of a peer node of the default trusted node.
- the default trusted node may also authenticate whether the new node has an access permission in the blockchain after receiving the P2P connection request sent by the new node and before authenticating the new node.
- an administrator in the blockchain network such as the second administrator 14 shown in FIG. 1 will write identity information (such as the new node's public key, account address, etc.) of the new node that is allowed to access the blockchain.
- the license information corresponding to the identity information is configured in the blockchain.
- the P2P connection request sent by the new node further includes the identity information of the new node (such as the account address of the new node), and the default trusted node may query the account belonging to the new node stored in the blockchain according to the received identity information of the new node. All the information below may further determine whether the license information corresponding to the identity information is stored in all the information under the account, and if the license information corresponding to the identity information is stored in all the information under the account, the The new node account has an access license on the blockchain.
- the trusted node performs identity authentication on the new node in the access blockchain network, and sends the peer node information of the trusted node to the new node after confirming that the new node is legal, thereby ensuring that the blockchain network is legally received.
- New node
- FIG. 4 is a schematic diagram of signaling interaction of a method for acquiring a trusted node, where the new node is a blockchain light node or a blockchain full node, according to an exemplary embodiment of the present disclosure. As shown in FIG. 4, the method includes:
- step S401 the first administrator deploys a default trusted node in the blockchain network.
- step S402 the first administrator deploys the participating nodes in the blockchain network.
- the first administrator may be the first administrator 13 as shown in FIG.
- the participating nodes include peer nodes and child peer nodes that can participate in default trusted nodes in the blockchain network.
- step S403 the new node creates its own account and presets the public key of the default trusted node.
- the account information of the new node includes the public key, the private key, and the account address of the new node.
- step S404 the new node sends its identity information to the second administrator.
- the identity information of the new node may include a public key of the new node, an account address, and the like.
- the second administrator can be, for example, the second administrator 14 as shown in FIG.
- step S405 the second administrator writes the identity information of the new node into the blockchain and configures the corresponding license information.
- step S406 the new node sends a P2P connection request to the default trusted node.
- step S407 the default trusted node checks whether the new node has an access permission and authenticates the new node.
- the new node passes the identity authentication, it indicates that the new node is legal.
- step S408 the default trusted node sends a P2P connection response to the new node after confirming that the new node has the access permission and is legal.
- step S409 the new node authenticates the default trusted node and establishes a P2P connection with the default trusted node after the identity authentication is passed.
- step S410 the new node sends a block data synchronization request to the default trusted node.
- step S411 the default trusted node returns a data synchronization response to the new node, wherein the data synchronization response includes the block data in the blockchain.
- step S412 the new node sends a query request to the default trusted node.
- step S413 the default trusted node returns its peer node information to the new node.
- the peer node information may include an IP address, a public key, and the like of a peer node of the default trusted node.
- step S414 the new node adds the peer node information of the default trusted node to the trusted node list of the new node.
- step S415 the new node selects any trusted node in the trusted node list for mutual authentication and communication.
- FIG. 5 is a schematic diagram of signaling interaction of a method for acquiring a trusted node, where the new node is a terminal, according to another exemplary embodiment of the present disclosure. As shown in FIG. 5, the method includes:
- step S501 the first administrator deploys a default trusted node in the blockchain network.
- step S502 the first administrator deploys the participating nodes in the blockchain network.
- the first administrator may be the first administrator 13 as shown in FIG.
- the participating nodes include peer nodes and child peer nodes of the default trusted node.
- step S503 the new node creates its own account and presets the public key of the default trusted node.
- the account information of the new node includes the public key, the private key, and the account address of the new node.
- step S504 the new node sends its identity information to the second administrator.
- the identity information of the new node may include a public key or an account address of the new node.
- step S505 the second administrator writes the identity information of the new node into the blockchain and configures the corresponding license information.
- the second administrator can be, for example, the second administrator 14 as shown in FIG.
- step S506 the new node sends a query request to the default trusted node.
- the query request may include signature information of the new node.
- step S507 the default trusted node checks whether the new node has an access permission and authenticates the new node.
- the new node passes the identity authentication, it indicates that the new node is legal.
- step S508 the default trusted node sends a query response to the new node after confirming that the new node has the access permission and passes the identity authentication, and the query response includes the peer node information of the default trusted node.
- step S509 the new node authenticates the default trusted node, and adds the peer node information of the default trusted node to the trusted node list of the new node after the identity authentication is passed.
- step S510 the new node will select any trusted node in the trusted node list for mutual authentication and communication.
- the two-way authentication between the new node and the default trusted node, the process of synchronizing the block data of the new node, and the list of the new node and its trusted node are included.
- the process of performing the two-way authentication and communication by a trusted node may refer to the implementation environment provided in FIG. 1 and the description of the method for obtaining a trusted node provided in FIG. 2 and FIG. 3 , and details are not described herein again.
- each node establishes a peer node list information after establishing a P2P connection.
- Each peer node information contains information such as ID, name, Enode, IP, Port, and support protocol.
- the Enode is an encoded URL that is used by other nodes to actively add peers to the node.
- the ID information is an identifier of a node, and is also an encryption key for P2P-related communication with this node. In essence, this ID is the derived data of the node identity public key. In general, the account corresponding to this ID public key is only used to identify the node, which is automatically generated by the node program, and does not participate in the business logic on the chain.
- the TID information is derived from the public key that identifies the service identity account of the node, and the P2P is transmitted to each node together with the discovery. Thereafter, each node's service access can use the TID to recover the public key for mutual authentication and subsequent related encrypted communication, such as ECIES.
- a method of accessing a blockchain network is illustrated in accordance with an exemplary embodiment of the present disclosure, wherein the new node is a terminal and the default trusted node is A boot node (Bootnode) preset in the license chain, as shown in FIG. 6, the method includes:
- step S601 the first administrator deploys a trusted boot node in the blockchain network.
- step S602 the first administrator deploys the participating nodes in the blockchain network.
- the participating nodes may include peer nodes and child peer nodes of the initiating node in the blockchain network.
- step S603 the terminal creates its own account and presets the public key of the initiating node.
- the terminal account includes the public key Cpub of the terminal, the private key Cpri, and the account address.
- step S604 the terminal transmits its identity information to the second administrator in the blockchain network.
- the identity information of the terminal may include the public key Cpub and the account address of the terminal.
- step S605 the second administrator writes the identity information of the terminal into the blockchain and configures the corresponding rights information.
- step S606 the terminal sends a P2P connection request to the initiating node, where the P2P connection request includes the first random challenge code.
- step S607 the initiating node sends a P2P connection response to the terminal, and the P2P connection response includes a second random challenge code.
- step S608 the terminal signs the second random challenge code using its private key to obtain the first signature information.
- step S609 the terminal generates an encryption key and encrypts the encryption key using the public key of the initiating node to obtain the first encrypted information.
- step S610 the terminal sends a first authentication challenge to the initiating node, where the first authentication challenge includes the identity information of the terminal, the first signature information, and the first encrypted information.
- the identity information of the terminal may be the public key Cpub or the account address of the terminal.
- the public key AB_Pub of the initiating node is pre-stored in the terminal, and the terminal can sign the second random challenge code Sranno according to the private key Cpri to obtain the first signature information CsignData, and generate the generated according to the public key AB_Pub of the initiating node.
- the encryption key Symkey performs encryption to obtain the first encrypted information Esymkey, and sends the identity information (Cpub or account address), the first signature information CsignData, and the first encrypted information Esymkey to the startup when the first authentication challenge is initiated to the initiating node. node.
- the terminal initiates a query request to the initiating node to query the peer node to obtain the peer node information of the initiating node.
- step S611 the initiating node checks the validity of the terminal according to the identity information of the terminal and performs signature authentication on the first signature information.
- the license chain has already realized the authority management of the blockchain nodes, so the legality check here is the permission check of the nodes in the license chain.
- the initiating node may query the blockchain according to the identity information of the terminal, obtain the public key of the terminal, and perform signature verification on the first signature information according to the public key of the terminal. If the terminal is determined to be the terminal represented by the identity information, step S611 is performed; otherwise, the process ends.
- step S612 when it is confirmed that the terminal is legal and the first signature information is authenticated, the initiating node decrypts the first encrypted information according to its private key to obtain an encryption key.
- step S613 the initiating node encrypts the peer node information according to the encryption key to obtain the second encrypted information, and signs the first random challenge code according to the private key to obtain the second signature information.
- step S614 the initiating node transmits a first authentication challenge response including the second encryption information and the second signature information to the terminal.
- the initiating node can decrypt the first encrypted information Esymkey according to its private key AB_Pri, thereby obtaining the encryption key Symkey.
- the initiating node may encrypt the peer node information by using the encryption key Symkey to obtain the second encrypted information.
- the initiating node signs the first random challenge code Cranno according to its private key AB_Pri, obtains the second signature information SsignData, and transmits the second signature information SsignData and the second encrypted information to the terminal.
- step 615 the terminal performs signature verification on the second signature information, decrypts the second encrypted information after the signature authentication is passed, obtains the peer node information of the initiating node, and adds the peer node information to the trusted node list of the terminal.
- the terminal can perform signature verification on the second signature information SsignData according to the pre-stored public key AB_Pub of the startup node. If the signature authentication passes, it indicates that the startup node is legal, and thus the peer node of the startup node can also be regarded as a trusted node. Therefore, after the signature authentication is passed, the initiating node may decrypt the second encrypted information according to the encryption key Symkey, obtain the peer node information of the initiating node, and add the peer node information to its trusted node list to start the node. The peer node acts as its own trusted node.
- the peer node information includes a public key of a peer node that starts the node.
- step S616 the terminal selects any trusted node in the trusted node list to perform a service request, and the service request includes a third random challenge code.
- step S617 the trusted node sends a service response to the terminal, where the service response includes the public key of the trusted node and the fourth random challenge code.
- step S618 the terminal verifies whether the startup node is in the trusted node list according to the public key of the trusted node.
- the public key of each trusted node is stored in the trusted node list of the terminal. After receiving the service response of the trusted node, the trusted node list can be queried to store the trusted node carried in the service response.
- the public key Spub if the trusted node's public key Spub is stored in the trusted node list, indicates that the trusted node is in the trusted node list.
- step S619 when it is confirmed that the trusted node is in the trusted node list, the terminal uses the private key to sign the fourth random challenge code to obtain the third signature information.
- step S620 the terminal encrypts the encryption key according to the public key of the trusted node to obtain the third encrypted information.
- step S621 the terminal initiates a second authentication challenge to the trusted node, where the second authentication challenge includes the identity information of the terminal, the third signature information, and the third encrypted information.
- the identity information of the terminal may be the public key Cpub or the account address of the terminal.
- step S622 the trusted node checks the validity of the terminal and performs signature authentication on the third signature information according to the identity information of the terminal.
- step S623 when it is confirmed that the terminal is legal and the third signature information is authenticated, the trusted node decrypts the third encrypted information according to its private key to obtain an encryption key.
- step S624 the trusted node encrypts the service data according to the encryption key, and signs the third random challenge code according to the private key to obtain the fourth signature information.
- step S625 the trusted node sends a second authentication challenge response including the encrypted service data and the fourth signature information to the terminal.
- step S626 the terminal performs signature authentication on the fourth signature information, and decrypts the service data after the signature authentication is passed.
- process of performing the two-way authentication and the encrypted communication between the terminal and the trusted node may refer to the two-way authentication and the encrypted communication process between the foregoing terminal and the initiating node, and details are not described herein again.
- the terminal can locally maintain the information and validity period of the trusted node, and the encryption key of the subsequent encrypted communication is generated by the terminal and transmitted to the other party in the two-way authentication process, thereby reducing the number of interactions.
- the encryption key is used. It can also be adjusted to be negotiated, such as ECIES.
- FIG. 7 is a block diagram of an apparatus 700 for acquiring a trusted node, where the apparatus 700 is applied to a new node to be accessed by a blockchain network, where the new node may be a terminal, a zone, according to an exemplary embodiment of the present disclosure.
- the block-chain light node and the block-chain-wide node are used to implement the method for obtaining a trusted node as shown in FIG. 2 provided in the foregoing method embodiment.
- the device 700 includes:
- the query requesting module 701 is configured to send a query request to the target trusted node, where the target trusted node is a default trusted node preset by the administrator in the blockchain network to the blockchain network, or Is a node in the list of trusted nodes of the new node;
- the query response receiving module 702 is configured to receive a query response sent by the target trusted node, where the query response includes signature information of the target trusted node and peer node information of the target trusted node, where the pair The node information includes node information of the blockchain network that establishes a P2P connection with the target trusted node;
- the first signature authentication module 703 is configured to perform signature verification on the signature information of the target trusted node, and add the peer node information to the trusted node list of the new node after the signature authentication is passed.
- the target trusted node is the default trusted node
- the new node is preset with a public key of the default trusted node
- the apparatus 700 further includes:
- the first connection requesting module 704 is configured to send a P2P connection request to the default trusted node.
- the first connection response receiving module 705 is configured to receive a P2P connection response sent by the default trusted node, where the P2P connection response includes signature information of the default trusted node.
- the second signature authentication module 706 is configured to perform signature verification on the signature information of the default trusted node according to the public key of the default trusted node, and establish a P2P with the default trusted node after the signature authentication is passed. connection.
- the device 700 further includes:
- the first authentication and communication module 707 is configured to select a trusted node from the trusted node list of the new node for two-way authentication and two-way encrypted communication.
- the public key of each trusted node is recorded in the trusted node list of the new node, and the first authentication and communication module 707 includes:
- the first service requesting sub-module 771 is configured to send a service request to any trusted node in the trusted node list in the new node;
- the first service response receiving sub-module 772 is configured to receive a service response sent by the any trusted node, where the service response includes signature information and service data of the any trusted node;
- the first signature verification sub-module 773 is configured to perform signature verification on the signature information of the any trusted node according to the public key of the trusted node, and decrypt the acquired service data after the signature authentication is passed.
- an embodiment of the present disclosure further provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium including one or more programs, the one or more programs for executing the above It is applied to implement the method for acquiring a trusted node as shown in FIG. 2 provided in the foregoing method embodiment.
- an embodiment of the present disclosure further provides a blockchain node, which is applied to a new node of a blockchain network to be accessed, including the above non-transitory computer readable storage medium; and one or more processors, for Executing the program in the non-transitory computer readable storage medium.
- FIG. 8 is a block diagram of an apparatus 800 for acquiring a trusted node, which is applied to a new node of a blockchain network to be accessed, where the new node may be a terminal, according to another exemplary embodiment of the present disclosure.
- the block 800 light node and the block chain are all nodes, and the device 800 is configured to implement the method for obtaining a trusted node as shown in FIG. 2 provided in the foregoing method embodiment.
- the device 800 includes:
- a first connection requesting module 801 configured to send a P2P connection request to the default trusted node, where the default trusted node is preset by an administrator in the blockchain network to the blockchain network Letter node
- the first connection response receiving module 802 is configured to receive a P2P connection response sent by the default trusted node, where the P2P connection response includes peer node information of the default trusted node, where the peer node information includes the Node information in the blockchain network establishing a P2P connection with the default trusted node;
- the identity authentication module 803 is configured to perform identity authentication on the default trusted node according to the P2P connection response, and add the default trusted node and the peer node information to the new node after the identity authentication is passed. A list of trusted nodes.
- the device 800 further includes:
- the second authentication and communication module 804 is configured to select a trusted node from the trusted node list of the new node for two-way authentication and two-way encrypted communication.
- the public key of each trusted node is recorded in the trusted node list of the new node, and the second authentication and communication module 804 includes:
- a second service requesting sub-module 841 configured to send a service request to any trusted node in the trusted node list in the new node;
- the second service response receiving submodule 842 is configured to receive a service response sent by the any trusted node, where the service response includes signature information and service data of any one of the trusted nodes;
- the second signature verification sub-module 843 is configured to perform signature verification on the signature information of the any trusted node according to the public key of the trusted node, and decrypt the acquired service data after the signature authentication is passed.
- an embodiment of the present disclosure further provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium including one or more programs, the one or more programs for executing the above It is applied to implement the method for acquiring a trusted node as shown in FIG. 2 provided in the foregoing method embodiment.
- an embodiment of the present disclosure further provides a blockchain node, which is applied to a new node of a blockchain network to be accessed, including the above non-transitory computer readable storage medium; and one or more processors, for Executing the program in the non-transitory computer readable storage medium.
- FIG. 9 is a block diagram of an apparatus 900 for acquiring a trusted node, the apparatus 900 is applied to a trusted node in a blockchain network, and the apparatus 900 is configured to implement the foregoing method implementation, according to an exemplary embodiment of the present disclosure.
- the method for obtaining a trusted node as shown in FIG. 3 is provided in the example.
- the device 900 includes:
- the query request receiving module 901 is configured to receive a query request that is sent by a new node in the blockchain network, where the query request includes signature information of the new node, and the trusted node is the block An administrator in the chain network presets to a default trusted node in the blockchain network, or a node in the trusted node list of the new node;
- the query response module 902 is configured to perform signature verification on the signature information of the new node, and send a query response to the new node after the signature authentication is passed, where the query request includes the peer node information of the trusted node.
- the peer node information includes node information in the blockchain network that establishes a P2P connection with the trusted node.
- the trusted node is the default trusted node
- the device 900 further includes:
- a first connection request receiving module 903 configured to receive a P2P connection request sent by the new node, where the connection request includes signature information of the new node;
- the first connection response module 904 is configured to perform signature verification on the signature information of the new node, and send a P2P connection response to the new node after the signature authentication is passed.
- an embodiment of the present disclosure further provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium including one or more programs, the one or more programs for executing the above It is applied to implement the method for acquiring a trusted node as shown in FIG. 3 provided in the foregoing method embodiment.
- embodiments of the present disclosure further provide a blockchain node, which is applied to a trusted node in a blockchain network, including the above non-transitory computer readable storage medium; and one or more processors for executing The program in the non-transitory computer readable storage medium.
- FIG. 10 is a block diagram of an apparatus 1000 for acquiring a trusted node, which is applied to a default trusted node in a blockchain network, which is a default trusted node, according to another exemplary embodiment of the present disclosure.
- the administrator in the blockchain network is preset to the trusted node in the blockchain network, and the device 1000 is configured to implement the method for acquiring the trusted node as shown in FIG. 3 provided in the foregoing method embodiment.
- the apparatus 1000 includes:
- a second connection request receiving module 1001 configured to receive a P2P connection request sent by a new node to be accessed by the blockchain network
- the second connection response module 1002 is configured to perform identity authentication on the new node according to the P2P connection request, and send a P2P connection response to the new node after the identity authentication is passed, where the P2P connection response includes the default Peer node information of the trusted node, the peer node information includes node information of the blockchain network establishing a P2P connection with the default trusted node.
- an embodiment of the present disclosure further provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium including one or more programs, the one or more programs for executing the above It is applied to implement the method for acquiring a trusted node as shown in FIG. 3 provided in the foregoing method embodiment.
- embodiments of the present disclosure further provide a blockchain node, a default trusted node applied to a blockchain network, including the non-transitory computer readable storage medium; and one or more processors for executing The program in the non-transitory computer readable storage medium.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Computer And Data Communications (AREA)
Abstract
一种获取可信节点的方法、装置、存储介质及区块链节点,用以解决现有获取可信节点的方式由于第三方机构参与导致的削弱区块链非中心化优势的技术问题。所述方法应用于待接入区块链网络的新节点,包括:向目标可信节点发送查询请求,目标可信节点是区块链网络中的管理员预置到区块链网络中的默认可信节点,或者是新节点的可信节点列表中的节点;接收目标可信节点发送的查询响应,查询响应包括目标可信节点的签名信息和目标可信节点的对等节点信息,对等节点信息包括区块链网络中与目标可信节点建立P2P连接的节点信息;对目标可信节点的签名信息进行签名认证,并在签名认证通过后,将对等节点信息添加到新节点的可信节点列表。
Description
本公开涉及信息技术领域,尤其涉及一种获取可信节点的方法、装置、存储介质及区块链节点。
区块链作为一种通过去中心化和去信任化的方式集体维护一个可靠数据库的技术方案,新节点在准备访问区块链时,不会去对该区块链上的节点进行认证,因而新节点无法获知区块链上的节点是否是可信任的。然而,在一些特定的使用场景中,为了实现节点间的安全互访,这就需要新节点对区块链上的节点进行认证以确保这些节点是可信任的。而现有的身份认证方式,通常需要双方各自找一个可信任的第三方CA机构为各自颁发一张数字身份证书,双方通过互传各自的数字身份证书来认证对方身份。这种中心化的获取可信节点的方式,存在削弱区块链非中心化的优势的问题。
发明内容
本公开的主要目的是提供一种获取可信节点的方法、装置、存储介质及区块链节点,用以解决现有获取可信节点的方式由于第三方机构参与导致的削弱区块链非中心化优势的技术问题。
为了实现上述目的,本公开第一方面提供一种获取可信节点的方法,应用于待接入区块链网络的新节点,所述方法包括:
向目标可信节点发送查询请求,所述目标可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
接收所述目标可信节点发送的查询响应,所述查询响应包括所述目标可信节点的签名信息和所述目标可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述目标可信节点建立P2P连接的节点信息;
对所述目标可信节点的签名信息进行签名认证,并在签名认证通过后,将所述对等节点信息添加到所述新节点的可信节点列表。
本公开第二方面提供一种获取可信节点的方法,应用于待接入区块链网络的新节点,所述方法包括:
向所述默认可信节点发送P2P连接请求,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点;
接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息;
根据所述P2P连接响应对所述默认可信节点进行身份认证,并在身份认证通过后,将所述默认可信节点以及所述对等节点信息加入所述新节点的可信节点列表。
本公开第三方面提供一种获取可信节点的方法,应用于区块链网络中的可信节点,所述方法包括:
接收待接入所述区块链网络中的新节点发送的查询请求,所述查询请求包括所述新节点的签名信息,所述可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送查询响应,所述查询响应包括所述可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述可信节点建立P2P连接的节点信息。
本公开第四方面提供一种获取可信节点的方法,应用于区块链网络的默认可信节点,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点,所述方法包括:
接收待接入所述区块链网络的新节点发送的P2P连接请求;
根据所述P2P连接请求对所述新节点进行身份认证,并在身份认证通过后,向所述新节点发送P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息。
本公开第五方面提供一种获取可信节点的装置,应用于待接入区块链网络的新节点,所述装置包括:
查询请求模块,用于向目标可信节点发送查询请求,所述目标可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
查询响应接收模块,用于接收所述目标可信节点发送的查询响应,所述查询响应包括所述目标可信节点的签名信息和所述目标可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述目标可信节点建立P2P连接的节点信息;
第一签名认证模块,用于对所述目标可信节点的签名信息进行签名认证,并在签名认证通过后将所述对等节点信息添加到所述新节点的可信节点列表。
本公开第六方面提供一种获取可信节点的装置,应用于待接入区块链网络的新节点,所述装置包括:
第一连接请求模块,用于向所述默认可信节点发送P2P连接请求,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点;
第一连接响应接收模块,用于接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息;
身份认证模块,用于根据所述P2P连接响应对所述默认可信节点进行身份认证,并在身份认证通过后,将所述默认可信节点以及所述对等节点信息加入所述新节点的可信节点列表。
本公开第七方面提供一种获取可信节点的装置,应用于区块链网络中的可信节点,所述装置包括:
查询请求接收模块,用于接收待接入所述区块链网络中的新节点发送的查询请求,所述查询请求包括所述新节点的签名信息,所述可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
查询响应模块,用于对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送查询响应,所述查询请求包括所述可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述可信节点建立P2P连接的节点信息。
本公开第八方面提供一种获取可信节点的装置,应用于区块链网络中的默认可信节点,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点,所述装置包括:
第二连接请求接收模块,用于接收待接入所述区块链网络的新节点发送的P2P连接请求;
第二连接响应模块,用于根据所述P2P连接请求对所述新节点进行身份认证,并在身份认证通过后,向所述新节点发送P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息。
本公开第九方面提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第一方面所述的方法。
本公开第十方面提供一种区块链节点,应用于待接入区块链网络的新节点,包括:
第九方面所述的非临时性计算机可读存储介质;以及
一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
本公开第十一方面提供一种非临时性计算机可读存储介质,
所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第二方面所述的方法。
本公开第十二方面提供一种区块链节点,应用于待接入区块链网络的新节点,包括:
第十一方面所述的非临时性计算机可读存储介质;以及
一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
本公开第十三方面提供一种非临时性计算机可读存储介质
,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第三方面所述的方法。
本公开第十四方面提供一种区块链节点,应用于区块链网络中的可信节点,包括:
第十三方面所述的非临时性计算机可读存储介质;以及
一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
本公开第十五方面提供一种非临时性计算机可读存储介质,
所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行第四方面所述的方法。
本公开第十六方面提供一种区块链节点,应用于区块链网络的默认可信节点,包括:
十五方面所述的非临时性计算机可读存储介质;以及
一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
采用上述技术方案,通过对区块链网络中的默认可信节点或者可信节点列表中的节点进行认证,并在认证通过后获取这些可信任的节点的对等节点以作为新节点的可信节点,无需中心化的第三方机构参与,可以避免区块链非中心化优势被削弱。同时,可以避免数字证书颁发所带来的高度复杂。
本公开的其他特征和优点将在随后的具体实施方式部分予以详细说明。
图1是根据本公开一示例性实施例示出的实施环境示意图;
图2是根据一示例性实施例示出的一种获取可信节点的方法的流程图,其中,该方法应用于待接入区块链网络的新节点;
图3是根据一示例性实施例示出的一种获取可信节点的方法的流程图,其中,该方法应用于区块链网络中的可信节点;
图4是根据本公开的一示例性实施例示出的一种获取可信节点的方法的信令交互示意图;
图5是根据本公开的另一示例性实施例示出的一种获取可信节点的方法的信令交互示意图;
图6是根据本公开的另一示例性实施例示出的一种获取可信节点的方法的信令交互示意图;
图7是根据本公开一示例性实施例示出的一种获取可信节点的装置的框图,其中,该装置应用于待接入区块链网络的新节点;
图8是根据本公开另一示例性实施例示出的一种获取可信节点的装置的框图,其中,该装置应用于待接入区块链网络的新节点;
图9是根据本公开一示例性实施例示出的一种获取可信节点的装置的框图,其中,该装置应用于区块链网络中的可信节点;
图10是根据本公开另一示例性实施例示出的一种获取可信节点的装置的框图,其中,该装置应用于区块链网络中的默认可信节点。
具体实施方式
为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。
为了使本领域技术人员更容易理解本公开实施例提供的技术方案,下面首先对涉及到的相关技术进行简单介绍。
区块链是由区块链网络中所有节点共同参与维护的去中心化分布式数据库系统,它是由一系列基于密码学方法产生的数据块组成,每个数据块即为区块链中的一个区块。根据产生时间的先后顺序,区块被有序地链接在一起,形成一个数据链条,被形象地称为区块链。区块链由其特别的区块和交易产生、验证协议,具有不可更改,不可伪造、完全可追溯的安全特性。
区块链技术中涉及到的相关概念说明:
区块链节点:区块链网络基于P2P(Peer to Peer,对等网络)网络,每个参与交易和区块存储、验证、转发的P2P网络节点都是一个区块链网络中的节点。
用户身份:区块链中的用户身份使用公钥表示,并且公钥和私钥是成对出现的,其中,私钥由用户掌握而不发布到上述的区块链网络中,公钥通过特定的哈希和编码后成为“地址”,“地址”代表了用户,并且公钥和“地址”可随意发布在区块链网络中。值得一提的是,用户身份和区块链节点不存在一一对应关系,用户可以在任意一个区块链节点上使用自己的私钥。
区块链数据写入:区块链节点通过向区块链网络发布“交易”(Transaction)实现向区块链写入数据。交易中包含用户使用自己私钥对交易的签名,以证明用户的身份。交易被“矿工”(执行区块链共识竞争机制的区块链节点)记录入产生的新区块,然后发布到区块链网络,并被其他区块链节点验证通过和接受后,交易数据即被写入区块链。
图1是根据本公开一示例性实施例示出的实施环境示意图。如图1所示,该实施环境可以包括:由若干节点组成的区块链网络10和待接入该区块链网络10的新节点20。其中,默认可信节点11、参与节点12、第一管理员13和第二管理员14分别为区块链网络10中的节点。默认可信节点11是预置到区块链网络10中的可信节点,参与节点22可以包括默认可信节点11的对等节点(即区块链网络10中与默认可信节点11建立P2P连接的节点)以及子对等节点(即对等节点的对等节点)。第一管理员13可以对默认可信节点11和参与节点12进行部署;第二管理员14可对应与参与区块链网络10的某个机构,其可对接入区块链网络10的新节点进行控制,例如将允许接入区块链网络10的新节点20的账户信息和许可信息等写入区块链中。
可以理解的是,图1所示的实施环境仅用于示意本公开实施例提供的方法,并不构成对本公开实施例的限制。例如,第一管理员13可在区块链网络10中部署一个或多个默认可信节点11以及多个参与节点12,本公开对此不做限定。
如图2所示,基于图1所示的实施环境,本公开一示例性实施例示出的一种获取可信节点的方法,该方法可以应用于待接入区块链网络中的新节点,例如图1所示的新节点20。该方法包括:
在步骤S201中,向目标可信节点发送查询请求,目标可信节点是区块链网络中的管理员预置到区块链网络中的默认可信节点或者是新节点的可信节点列表中的节点。
在步骤S202中,接收目标可信节点发送的查询响应,查询响应包括目标可信节点的签名信息和目标可信节点的对等节点信息。
其中,对等节点信息包括区块链网络中与目标可信节点建立P2P连接的节点信息。
在步骤S203中,对目标可信节点的签名信息进行签名认证,并在签名认证通过后,将对等节点信息添加到新节点的可信节点列表。
在一种可能的实施方式中,目标可信节点可以是区块链网络中的管理员预置到区块链网络中的默认可信节点,例如图1所示的第一管理员13预置到区块链网络中的默认可信节点11。相应地,新节点接收到的默认可信节点返回的连接响应包括默认可信节点的签名信息和默认可信节点的对等节点信息(即区块链网络中与默认可信节点建立P2P连接的节点信息)。其中,默认可信节点的签名信息用于验证该默认可信节点是否合法。新节点中可以预置有默认可信节点的公钥,这样,新节点可以根据该预置的公钥对该签名信息进行签名认证,若签名认证通过,则表明该默认可信节点合法,则可将默认可信节点的对等节点视为新节点的可信节点,因而可将默认可信节点的对等节点信息加入到可信节点列表中。
其中,默认可信节点的对等节点信息至少包括该默认可信节点的对等节点的IP地址、公钥等信息,这样,新节点的可信节点列表中便记录了每一可信节点的IP地址和公钥等信息。
由于默认可信节点是预置到区块链网络中的可信节点,新节点在确认默认可信节点通过身份认证后将默认可信节点的对等节点作为自己的可信节点,可以保证获取到的可信节点是可信任的。
新节点还可以从其可信节点列表中选择任一可信节点进行双向认证以及后续的通信。例如,新节点可根据可信节点列表中各可信节点的IP地址选择距离自己较近的可信节点进行双向认证以及后续的通信。
具体地,新节点可向其可信节点列表中的任一可信节点发送业务请求,并接收该可信节点返回的业务响应,其中,业务响应包括该可信节点的签名信息以及业务数据。接着,新节点根据该可信节点的公钥对该可信节点的签名信息进行签名认证,若签名认证通过,则表明该可信节点合法,因而可接受该可信节点返回的业务数据。
例如,新节点可选择其可信节点列表中的任一可信节点作为目标可信节点,通过向该目标可信节点发送请求该可信节点的对等节点信息的业务请求,获取这些可信节点的对等节点作为更多的可信节点来源。
为了保证与目标可信节点之间安全通信,新节点与目标可信节点进行加密通信。例如,新节点可生成加密密钥,并通过目标可信节点的公钥对加密密钥加密后发送给目标可信节点,由目标可信节点的私钥解密后得到该加密密钥,并接收目标可信节点返回的签名信息以及目标可信节点利用加密密钥加密后的业务数据,且根据目标可信节点的公钥对目标可信节点的签名信息进行签名认证,在签名认证通过后根据生成的加密密钥对加密后的业务数据解密。
采用上述方法,与现有技术中需要依赖第三方可信机构与目标节点进行双向认证相比,本公开实施例提供的获取可信节点的方法,通过对区块链网络中的默认可信节点进行双向认证并在认证通过后通过默认可信节点获取可信节点,由于整个过程无需中心化的第三方机构参与,可以避免区块链非中心化优势被削弱。同时,可以避免数字证书颁发所带来的复杂度。
在本公开中,新节点可以包括但不限于各种终端、区块链轻节点和区块链全节点等等。若新节点为区块链轻节点或区块链全节点,则需要同步区块链数据,因此需要与目标可信节点建立P2P连接。
在一种可能的实施方式中,新节点可通过默认可信节点同步区块链数据,即,新节点在向默认可信节点发送查询请求之前向默认可信节点发送P2P连接请求,接收默认可信节点发送的包括默认可信节点的签名信息的P2P连接响应,并根据预置的默认可信节点的公钥对默认可信节点的签名信息进行签名认证,若签名认证通过,则表明该默认可信节点合法,因此可与该默认可信节点建立P2P连接。在与默认可信节点建立起P2P连接后,新节点便可向默认可信节点发送查询请求以获取默认可信节点的对等节点信息。与此同时,新节点还可通过P2P连接向默认可信节点请求同步区块数据。
为了提高同步效率,减轻默认可信节点的负担,新节点还可通过其他可信节点同步区块数据,即,从其可信节点列表中选择可信节点进行双向认证,在认证通过后向选中的可信节点发起P2P连接请求,也可以响应选中的可信节点的P2P连接请求,并通过与选中的可信节点之间的P2P连接进行同步区块链数据的操作。
在另一种可能的实施方式中,为了减少额外的请求步骤,新节点还可在向默认可信节点发送P2P连接请求的同时,请求获取默认可信节点的对等节点信息,接收默认可信节点发送的包括默认可信节点的对等节点信息的P2P连接响应,并根据P2P连接响应对默认可信节点进行身份认证,且在身份认证通过后将默认可信节点以及对等节点信息加入新节点的可信节点列表中。其中,新节点中预置有默认可信节点的公钥,默认可信节点返回的对等节点信息中包括各对等节点的公钥,因此新节点的可信节点列表中记录有每一可信节点的公钥。
值得说明的是,在基于许可权限的区块链网络中,新节点在没有同步完相关区块链数据之前,是无法验证非默认可信节点的权限以及从非默认可信节点同步数据。采用默认可信节点的对等节点(以及子对等节点)作为可信节点及双向认证的方案,则可解决上述问题:可信节点可作为一种已通过权限验证的节点。
此外,关于新节点还可以根据区块链网络的具体要求灵活地对其可信节点进行维护,比如限制可信节点的数目以及非默认可信节点作为可信节点的时效性等。
本公开实施例还提供另一种获取可信节点的方法,该方法可以应用于区块链网络中的可信节点,如图3所示,该方法包括:
在步骤S301中,接收待接入区块链网络中的新节点发送的查询请求,查询请求包括新节点的签名信息。
其中,可信节点可以是区块链网络中的管理员(如图1所示的第一管理员13)预置到区块链网络中的默认可信节点,或者是新节点的可信节点列表中的节点。
在步骤S302中,对新节点的签名信息进行签名认证,并在签名认证通过后向新节点发送查询响应,查询响应包括可信节点的对等节点信息。
在一种可能的实施方式中,区块链网络中的管理员可将新节点的身份信息(包括新节点的公钥或账户地址等)加入到区块链中。这样,可信节点在接收到新节点发送的包括其签名信息的查询请求时,可从区块链中获取到新节点的身份信息并根据该新节点的身份信息对其签名信息进行签名认证,若签名认证通过,则表明该新节点合法,因而可将其签名信息以及对等节点信息发送给该新节点。其中,对等节点信息包括区块链网络中与该可信节点建立P2P连接的节点信息。
在本公开的各实施例中,新节点可以包括但不限于各种终端、区块链轻节点和区块链全节点等等。若新节点为区块链轻节点或区块链全节点,还需向可信节点发送P2P连接请求,通过与可信节点建立P2P连接同步可信节点的区块链数据。
在一种可能的实施方式中,新节点可向默认可信节点发送P2P连接请求,其中,P2P连接请求包括新节点的签名信息。默认可信节点在接收到P2P连接请求时,可以从区块链中查询新节点的公钥根据该新节点的公钥对新节点的签名信息进行签名认证,若签名认证通过,则表明该新节点合法,因而向新节点发送P2P连接响应。
为了减少额外的请求步骤,默认可信节点在确认新节点通过签名认证后,还可在P2P连接响应中携带其对等节点信息。其中,默认可信节点的对等节点信息至少包括默认可信节点的对等节点的IP地址、公钥等。
此外,在其他实施方式中,默认可信节点在接收到新节点发送的P2P连接请求后以及在对新节点进行身份认证之前,还可认证该新节点在区块链中是否具有接入许可。例如,区块链网络中的管理员(如图1所示的第二管理员14)将允许接入区块链的新节点的身份信息(如新节点的公钥、账户地址等)写入区块链中并配置该身份信息对应的许可信息。新节点发送的P2P连接请求还包括新节点的身份信息(如该新节点的账户地址),默认可信节点可根据接收到的新节点的身份信息查询区块链中存储的属于该新节点账户下的所有信息,进一步可以确定该账户下的所有信息中是否存储与该身份信息对应的许可信息,若查询到该账户下的所有信息中存储有与该身份信息对应的许可信息,则表明该新节点账户在区块链上具有接入许可。
采用上述方法,可信节点对待接入区块链网络中的新节点进行身份认证,在确认该新节点合法后向新节点发送可信节点的对等节点信息,从而保证区块链网络接收合法的新节点。
为了使本公开实施例提供的技术方案更加易于理解,下面再结合本公开实施例各种可能的信令交互方式进行详细说明。
图4是根据本公开的一示例性实施例示出的一种获取可信节点的方法的信令交互示意图,其中,新节点是区块链轻节点或区块链全节点。如图4所示,该方法包括:
在步骤S401中,第一管理员部署区块链网络中的默认可信节点。
在步骤S402中,第一管理员部署区块链网络中的参与节点。
例如,第一管理员可以为如图1所示的第一管理员13。
其中,参与节点包括可参与到区块链网络中的默认可信节点的对等节点及子对等节点。
在步骤S403中,新节点创建自己的账户并预置默认可信节点的公钥。
其中,新节点的账户信息包括新节点的公钥、私钥以及账户地址。
在步骤S404中,新节点将其身份信息发送给第二管理员。
其中,新节点的身份信息可以包括新节点的公钥、账户地址等。
第二管理员可以例如为如图1所示的第二管理员14。
在步骤S405中,第二管理员将新节点的身份信息写入区块链中并配置相应的许可信息。
在步骤S406中,新节点向默认可信节点发送P2P连接请求。
在步骤S407中,默认可信节点检查该新节点是否具有接入许可以及对该新节点进行身份认证。
其中,若新节点通过身份认证,则表明该新节点合法。
在步骤S408中,默认可信节点在确认该新节点具有接入许可且合法后,向该新节点发送P2P连接响应。
在步骤S409中,新节点对默认可信节点进行身份认证并在身份认证通过后与默认可信节点建立P2P连接。
在步骤S410中,新节点向默认可信节点发送区块数据同步请求。
在步骤S411中,默认可信节点向新节点返回数据同步响应,其中,数据同步响应包括区块链中的区块数据。
在步骤S412中,新节点向默认可信节点发送查询请求。
在步骤S413中,默认可信节点向新节点返回其对等节点信息。
其中,对等节点信息可以包括默认可信节点的对等节点的IP地址、公钥等。
在步骤S414中,新节点将默认可信节点的对等节点信息加入新节点的可信节点列表。
在步骤S415中,新节点选择可信节点列表中的任一可信节点进行双向认证和通信。
图5是根据本公开的另一示例性实施例示出的一种获取可信节点的方法的信令交互示意图,其中,新节点是终端。如图5所示,该方法包括:
在步骤S501中,第一管理员部署区块链网络中的默认可信节点。
在步骤S502中,第一管理员部署区块链网络中的参与节点。
例如,第一管理员可以为如图1所示的第一管理员13。
其中,参与节点包括默认可信节点的对等节点及子对等节点。
在步骤S503中,新节点创建自己的账户并预置默认可信节点的公钥。
其中,新节点的账户信息包括新节点的公钥、私钥以及账户地址。
在步骤S504中,新节点将其身份信息发送给第二管理员。
其中,新节点的身份信息可以包括新节点的公钥或账户地址等。
在步骤S505中,第二管理员将新节点的身份信息写入区块链中并配置相应的许可信息。
第二管理员可以例如为如图1所示的第二管理员14。
在步骤S506中,新节点向默认可信节点发送查询请求。
其中,查询请求可以包括新节点的签名信息。
在步骤S507中,默认可信节点检查该新节点是否具有接入许可以及对新节点进行身份认证。
其中,若新节点通过身份认证,则表明该新节点合法。
在步骤S508中,默认可信节点在确认新节点具有接入许可且通过身份认证后向新节点发送查询响应,查询响应包括默认可信节点的对等节点信息。
在步骤S509中,新节点对默认可信节点进行身份认证,并在身份认证通过后将默认可信节点的对等节点信息加入新节点的可信节点列表。
在步骤S510中,新节点将选择可信节点列表中的任一可信节点进行双向认证和通信。
值得说明的是,在上述图4和图5所述的实施例中,新节点与默认可信节点之间的双向认证、新节点同步区块数据的过程以及新节点与其可信节点列表中任一可信节点进行双向认证和通信的过程可以参照图1提供的实施环境以及图2和图3提供的获取可信节点的方法的描述,此处不再赘述。
其次,对于上述方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本公开并不受所描述的动作顺序的限制。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本公开所必须的。
此外,在本公开的实施例中,以以太坊区块链为例,各个节点之间建立起P2P连接后会各自维护对等节点列表信息。每个对等节点信息包含的信息有:ID、名字、Enode、IP、Port及支持协议等信息。其中,Enode是一个编码的URL,用于其他节点对该节点主动对等添加。而ID信息是一个节点的标识,也是和这个节点进行P2P相关通信的加密密钥。实质上,这个ID是节点身份公钥的衍生数据。一般情况下,此ID公钥对应的账户只是用来标识节点,由节点程序自动生成,其并不参与链上的业务逻辑,所以可考虑以相同的衍生方式为节点信息添加一个TID信息。此TID信息由标识该节点业务身份账户的公钥衍生,P2P发现后一同传递给各节点。此后各节点业务访问可使用该TID恢复公钥,从而进行双向认证以及后续的相关加密通信,例如ECIES。
结合前述描述及综合安全设计的考量,基于许可链(Authchain),根据本公开的一示例性实施例示出了一种访问区块链网络的方法,其中,新节点为终端,默认可信节点为许可链中预置的启动节点(Bootnode),如图6所示,该方法包括:
在步骤S601中,第一管理员部署区块链网络中可信的启动节点。
在步骤S602中,第一管理员部署区块链网络中的参与节点。
其中,参与节点可以包括区块链网络中启动节点的对等节点及子对等节点。
在步骤S603中,终端创建自己的账户并预置启动节点的公钥。
其中,终端账户包括终端的公钥Cpub、私钥Cpri以及账户地址。
在步骤S604中,终端将其身份信息发送给区块链网络中的第二管理员。
其中,终端的身份信息可以包括终端的公钥Cpub和账户地址。
在步骤S605中,第二管理员将终端的身份信息写入区块链并配置相应的权限信息。
在步骤S606中,终端向启动节点发送P2P连接请求,P2P连接请求包括第一随机挑战码。
在步骤S607中,启动节点向终端发送P2P连接响应,P2P连接响应包括第二随机挑战码。
在步骤S608中,终端使用其私钥对第二随机挑战码进行签名,得到第一签名信息。
在步骤S609中,终端生成加密密钥并使用启动节点的公钥对加密密钥加密,得到第一加密信息。
在步骤S610中,终端向启动节点发送第一认证挑战,第一认证挑战包括终端的身份信息、第一签名信息和第一加密信息。
其中,终端的身份信息可以为终端的公钥Cpub或账户地址。
如上所述,终端中预存有启动节点的公钥AB_Pub,终端可根据其私钥Cpri对第二随机挑战码Sranno进行签名,得到第一签名信息CsignData,并根据启动节点的公钥AB_Pub对生成的加密密钥Symkey进行加密,得到第一加密信息Esymkey,且在向启动节点发起第一认证挑战时将其身份信息(Cpub或账户地址)、第一签名信息CsignData以及第一加密信息Esymkey发送给启动节点。与此同时,终端向启动节点发起指示查询对等节点的查询请求,以获取启动节点的对等节点信息。
在步骤S611中,启动节点根据终端的身份信息检查终端合法性以及对第一签名信息进行签名认证。
值得说明的是,许可链已经实现了对区块链节点的权限管理,故在此的合法性检查即为在许可链中对节点的权限检查。
在对第一签名信息进行认证时,启动节点可根据终端的身份信息查询区块链,获取终端的公钥,并根据终端的公钥对第一签名信息进行签名认证,若签名认证通过,则可确定终端为身份信息表示的终端,则执行步骤S611,否则,结束流程。
在步骤S612中,在确认终端合法且第一签名信息认证通过时,启动节点根据其私钥对第一加密信息进行解密,得到加密密钥。
在步骤S613中,启动节点根据加密密钥对其对等节点信息进行加密得到第二加密信息,并根据其私钥对第一随机挑战码进行签名得到第二签名信息。
在步骤S614中,启动节点将包括第二加密信息和第二签名信息的第一认证挑战响应发送给终端。
如上所述,启动节点可根据其私钥AB_Pri对第一加密信息Esymkey进行解密,从而得到加密密钥Symkey。为了保证通信安全,启动节点可利用加密密钥Symkey对其对等节点信息进行加密,得到第二加密信息。同时,为了表明其身份,启动节点根据其私钥AB_Pri对第一随机挑战码Cranno进行签名,得到第二签名信息SsignData,并将第二签名信息SsignData和第二加密信息发送给终端。
在步骤615中,终端对第二签名信息进行签名认证,在签名认证通过后解密第二加密信息得到启动节点的对等节点信息并将对等节点信息加入终端的可信节点列表。
终端可根据其预存的启动节点的公钥AB_Pub对第二签名信息SsignData进行签名认证,若签名认证通过,则表明该启动节点合法,因而可将启动节点的对等节点也视为可信节点。因此,在签名认证通过后,启动节点可根据加密密钥Symkey对第二加密信息进行解密,得到启动节点的对等节点信息,并将对等节点信息加入其可信节点列表,以将启动节点的对等节点作为自己的可信节点。其中,对等节点信息包括启动节点的对等节点的公钥。
在步骤S616中,终端选择可信节点列表中的任一可信节点进行业务请求,业务请求包括第三随机挑战码。
在步骤S617中,可信节点向终端发送业务响应,业务响应包括该可信节点的公钥和第四随机挑战码。
在步骤S618中,终端根据该可信节点的公钥验证该启动节点是否在可信节点列表中。
终端的可信节点列表中存储有各可信节点的公钥,因而在接收到某一可信节点的业务响应后,可查询可信节点列表中是否存储与业务响应中携带的该可信节点的公钥Spub,若可信节点列表中存储有该可信节点的公钥Spub,则表明该可信节点在可信节点列表中。
在步骤S619中,在确认该可信节点在可信节点列表中时,终端使用其私钥对第四随机挑战码进行签名,得到第三签名信息。
在步骤S620中,终端根据可信节点的公钥对加密密钥进行加密,得到第三加密信息。
在步骤S621中,终端向可信节点发起第二认证挑战,第二认证挑战包括终端的身份信息、第三签名信息和第三加密信息。
其中,终端的身份信息可以为终端的公钥Cpub或账户地址。
在步骤S622中,可信节点根据终端的身份信息检查终端合法性以及对第三签名信息进行签名认证。
在步骤S623中,在确认终端合法且第三签名信息认证通过时,可信节点根据其私钥对第三加密信息进行解密,得到加密密钥。
在步骤S624中,可信节点根据加密密钥对业务数据进行加密,并根据其私钥对第三随机挑战码进行签名得到第四签名信息。
在步骤S625中,可信节点将包括加密后的业务数据以及第四签名信息的第二认证挑战响应发送给终端。
在步骤S626中,终端对第四签名信息进行签名认证,在签名认证通过后解密得到业务数据。
值得说明的是,终端与可信节点之间进行双向认证和加密通信的过程可参考前述终端与启动节点之间的双向认证和加密通信过程,在此不再赘述。
其次,终端可以本地维护可信节点的信息及有效期,后续加密通信的加密密钥由终端产生,并在双向认证过程中传递给对方,以此减少交互次数,在其他实施方式中,加密密钥也可以调整为协商产生,如ECIES。
另外,对于上述方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本公开并不受所描述的动作顺序的限制。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本公开所必须的。
图7是根据本公开一示例性实施例示出的一种获取可信节点的装置700的框图,该装置700应用于待接入区块链网络的新节点,其中,新节点可以是终端、区块链轻节点和区块链全节点,所述装置700用于实施上述方法实施例中提供的如图2所示的获取可信节点的方法,如图7所示,该装置700包括:
查询请求模块701,用于向目标可信节点发送查询请求,所述目标可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
查询响应接收模块702,用于接收所述目标可信节点发送的查询响应,所述查询响应包括所述目标可信节点的签名信息和所述目标可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述目标可信节点建立P2P连接的节点信息;
第一签名认证模块703,用于对所述目标可信节点的签名信息进行签名认证,并在签名认证通过后将所述对等节点信息添加到所述新节点的可信节点列表。
可选地,所述目标可信节点为所述默认可信节点,所述新节点预置有所述默认可信节点的公钥,所述装置700还包括:
第一连接请求模块704,用于向所述默认可信节点发送P2P连接请求;
第一连接响应接收模块705,用于接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的签名信息;
第二签名认证模块706,用于根据所述默认可信节点的公钥对所述默认可信节点的签名信息进行签名认证,并在签名认证通过后,与所述默认可信节点建立起P2P连接。
可选地,所述装置700还包括:
第一认证及通信模块707,用于从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
可选地,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述第一认证及通信模块707包括:
第一业务请求子模块771,用于向所述新节点中的可信节点列表中的任一可信节点发送业务请求;
第一业务响应接收子模块772,用于接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;
第一签名验证子模块773,用于根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
本领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将装置的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。上述描述功能单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
相应地,本公开实施例还提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的如图2所示的获取可信节点的方法。
相应地,本公开实施例还提供一种区块链节点,应用于待接入区块链网络的新节点,包括上述非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
图8是根据本公开另一示例性实施例示出的一种获取可信节点的装置800的框图,该装置800应用于待接入区块链网络的新节点,其中,新节点可以是终端、区块链轻节点和区块链全节点,所述装置800用于实施上述方法实施例中提供的如图2所示的获取可信节点的方法,如图8所示,该装置800包括:
第一连接请求模块801,用于向所述默认可信节点发送P2P连接请求,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点;
第一连接响应接收模块802,用于接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息;
身份认证模块803,用于根据所述P2P连接响应对所述默认可信节点进行身份认证,并在身份认证通过后,将所述默认可信节点以及所述对等节点信息加入所述新节点的可信节点列表。
可选地,所述装置800还包括:
第二认证及通信模块804,用于从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
可选地,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述第二认证及通信模块804包括:
第二业务请求子模块841,用于向所述新节点中的可信节点列表中的任一可信节点发送业务请求;
第二业务响应接收子模块842,用于接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;
第二签名验证子模块843,用于根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
本领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将装置的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。上述描述功能单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
相应地,本公开实施例还提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的如图2所示的获取可信节点的方法。
相应地,本公开实施例还提供一种区块链节点,应用于待接入区块链网络的新节点,包括上述非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
图9是根据本公开一示例性实施例示出的一种获取可信节点的装置900的框图,该装置900应用于区块链网络中的可信节点,所述装置900用于实施上述方法实施例中提供的如图3所示的获取可信节点的方法,如图9所示,该装置900包括:
查询请求接收模块901,用于接收待接入所述区块链网络中的新节点发送的查询请求,所述查询请求包括所述新节点的签名信息,所述可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;
查询响应模块902,用于对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送查询响应,所述查询请求包括所述可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述可信节点建立P2P连接的节点信息。
可选地,所述可信节点为所述默认可信节点,所述装置900还包括:
第一连接请求接收模块903,用于接收所述新节点发送的P2P连接请求,所述连接请求包括所述新节点的签名信息;
第一连接响应模块904,用于对所述新节点的签名信息进行签名验证,并在签名认证通过后向所述新节点发送P2P连接响应。
本领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将装置的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。上述描述功能单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
相应地,本公开实施例还提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的如图3所示的获取可信节点的方法。
相应地,本公开实施例还提供一种区块链节点,应用于区块链网络中的可信节点,包括上述非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
图10是根据本公开另一示例性实施例示出的一种获取可信节点的装置1000的框图,该装置1000应用于区块链网络中的默认可信节点,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点,所述装置1000用于实施上述方法实施例中提供的如图3所示的获取可信节点的方法,如图10所示,该装置1000包括:
第二连接请求接收模块1001,用于接收待接入所述区块链网络的新节点发送的P2P连接请求;
第二连接响应模块1002,用于根据所述P2P连接请求对所述新节点进行身份认证,并在身份认证通过后,向所述新节点发送P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息。
本领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将装置的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。上述描述功能单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
相应地,本公开实施例还提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权上述应用于实施上述方法实施例中提供的如图3所示的获取可信节点的方法。
相应地,本公开实施例还提供一种区块链节点,应用于区块链网络的默认可信节点,包括上述非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
Claims (28)
- 一种获取可信节点的方法,其特征在于,应用于待接入区块链网络的新节点,所述方法包括:向目标可信节点发送查询请求,所述目标可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;接收所述目标可信节点发送的查询响应,所述查询响应包括所述目标可信节点的签名信息和所述目标可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述目标可信节点建立P2P连接的节点信息;对所述目标可信节点的签名信息进行签名认证,并在签名认证通过后,将所述对等节点信息添加到所述新节点的可信节点列表。
- 根据权利要求1所述的方法,其特征在于,所述目标可信节点为所述默认可信节点,所述新节点预置有所述默认可信节点的公钥,则在所述向目标可信节点发送查询请求之前,所述方法还包括:向所述默认可信节点发送P2P连接请求;接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的签名信息;根据所述默认可信节点的公钥对所述默认可信节点的签名信息进行签名认证,并在签名认证通过后,与所述默认可信节点建立起P2P连接。
- 根据权利要求1或2所述的方法,其特征在于,所述方法还包括:从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
- 根据权利要求3所述的方法,其特征在于,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信,包括:向所述新节点中的可信节点列表中的任一可信节点发送业务请求;接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
- 一种获取可信节点的方法,其特征在于,应用于待接入区块链网络的新节点,所述方法包括:向所述默认可信节点发送P2P连接请求,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点;接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息;根据所述P2P连接响应对所述默认可信节点进行身份认证,并在身份认证通过后,将所述默认可信节点以及所述对等节点信息加入所述新节点的可信节点列表。
- 根据权利要求5所述的方法,其特征在于,所述方法还包括:从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
- 根据权利要求6所述的方法,其特征在于,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信,包括:向所述新节点中的可信节点列表中的任一可信节点发送业务请求;接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
- 一种获取可信节点的方法,其特征在于,应用于区块链网络中的可信节点,所述方法包括:接收待接入所述区块链网络中的新节点发送的查询请求,所述查询请求包括所述新节点的签名信息,所述可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送查询响应,所述查询响应包括所述可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述可信节点建立P2P连接的节点信息。
- 根据权利要求8所述的方法,其特征在于,所述可信节点为所述默认可信节点,所述方法还包括:接收所述新节点发送的P2P连接请求,所述P2P连接请求包括所述新节点的签名信息;对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送P2P连接响应。
- 一种获取可信节点的方法,其特征在于,应用于区块链网络的默认可信节点,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点,所述方法包括:接收待接入所述区块链网络的新节点发送的P2P连接请求;根据所述P2P连接请求对所述新节点进行身份认证,并在身份认证通过后,向所述新节点发送P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息。
- 一种获取可信节点的装置,其特征在于,应用于待接入区块链网络的新节点,所述装置包括:查询请求模块,用于向目标可信节点发送查询请求,所述目标可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;查询响应接收模块,用于接收所述目标可信节点发送的查询响应,所述查询响应包括所述目标可信节点的签名信息和所述目标可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述目标可信节点建立P2P连接的节点信息;第一签名认证模块,用于对所述目标可信节点的签名信息进行签名认证,并在签名认证通过后将所述对等节点信息添加到所述新节点的可信节点列表。
- 根据权利要求11所述的装置,其特征在于,所述目标可信节点为所述默认可信节点,所述新节点预置有所述默认可信节点的公钥,所述装置还包括:第一连接请求模块,用于向所述默认可信节点发送P2P连接请求;第一连接响应接收模块,用于接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的签名信息;第二签名验证模块,用于根据所述默认可信节点的公钥对所述默认可信节点的签名信息进行签名认证,并在签名认证通过后,与所述默认可信节点建立起P2P连接。
- 根据权利要求11或12所述的装置,其特征在于,所述装置还包括:第一认证及通信模块,用于从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
- 根据权利要求13所述的装置,其特征在于,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述第一认证及通信模块包括:第一业务请求子模块,用于向所述新节点中的可信节点列表中的任一可信节点发送业务请求;第一业务响应接收子模块,用于接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;第一签名验证子模块,用于根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
- 一种获取可信节点的装置,其特征在于,应用于待接入区块链网络的新节点,所述装置包括:第一连接请求模块,用于向所述默认可信节点发送P2P连接请求,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点;第一连接响应接收模块,用于接收所述默认可信节点发送的P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息;身份认证模块,用于根据所述P2P连接响应对所述默认可信节点进行身份认证,并在身份认证通过后,将所述默认可信节点以及所述对等节点信息加入所述新节点的可信节点列表。
- 根据权利要求15所述的装置,其特征在于,所述装置还包括:第二认证及通信模块,用于从所述新节点的可信节点列表中选择可信节点进行双向认证和双向加密通信。
- 根据权利要求16所述的装置,其特征在于,所述新节点的可信节点列表中记录有每一可信节点的公钥,所述第二认证及通信模块包括:第二业务请求子模块,用于向所述新节点中的可信节点列表中的任一可信节点发送业务请求;第二业务响应接收子模块,用于接收所述任一可信节点发送的业务响应,所述业务响应包括所述任一可信节点的签名信息以及业务数据;第二签名验证子模块,用于根据所述任一可信节点的公钥对所述任一可信节点的签名信息进行签名认证,并在签名认证通过后,解密获取所述业务数据。
- 一种获取可信节点的装置,其特征在于,应用于区块链网络中的可信节点,所述装置包括:查询请求接收模块,用于接收待接入所述区块链网络中的新节点发送的查询请求,所述查询请求包括所述新节点的签名信息,所述可信节点是所述区块链网络中的管理员预置到所述区块链网络中的默认可信节点,或者是所述新节点的可信节点列表中的节点;查询响应模块,用于对所述新节点的签名信息进行签名认证,并在签名认证通过后向所述新节点发送查询响应,所述查询请求包括所述可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述可信节点建立P2P连接的节点信息。
- 根据权利要求18所述的装置,其特征在于,所述可信节点为所述默认可信节点,所述装置还包括:第一连接请求接收模块,用于接收所述新节点发送的P2P连接请求,所述P2P连接请求包括所述新节点的签名信息;第一连接响应模块,用于对所述新节点的签名信息进行签名验证,并在签名认证通过后向所述新节点发送P2P连接响应。
- 一种获取可信节点的装置,其特征在于,应用于区块链网络中的默认可信节点,所述默认可信节点是所述区块链网络中的管理员预置到所述区块链网络中的可信节点,所述装置包括:第二连接请求接收模块,用于接收待接入所述区块链网络的新节点发送的P2P连接请求;第二连接响应模块,用于根据所述P2P连接请求对所述新节点进行身份认证,并在身份认证通过后,向所述新节点发送P2P连接响应,所述P2P连接响应包括所述默认可信节点的对等节点信息,所述对等节点信息包括所述区块链网络中与所述默认可信节点建立P2P连接的节点信息。
- 一种非临时性计算机可读存储介质,其特征在于,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求1-4中任一项所述的方法。
- 一种区块链节点,应用于待接入区块链网络的新节点,其特征在于,包括:权利要求21所述的非临时性计算机可读存储介质;以及一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
- 一种非临时性计算机可读存储介质,其特征在于,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求5-7中任一项所述的方法。
- 一种区块链节点,应用于待接入区块链网络的新节点,其特征在于,包括:权利要求23所述的非临时性计算机可读存储介质;以及一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
- 一种非临时性计算机可读存储介质,其特征在于,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求8-9中任一项所述的方法。
- 一种区块链节点,应用于区块链网络中的可信节点,其特征在于,包括:权利要求25所述的非临时性计算机可读存储介质;以及一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
- 一种非临时性计算机可读存储介质,其特征在于,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求10所述的方法。
- 一种区块链节点,应用于区块链网络的默认可信节点,其特征在于,包括:权利要求27所述的非临时性计算机可读存储介质;以及一个或多个处理器,用于执行所述非临时性计算机可读存储介质中的程序。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201780002571.0A CN108124505B (zh) | 2017-12-19 | 2017-12-19 | 获取可信节点的方法、装置、存储介质及区块链节点 |
PCT/CN2017/117281 WO2019119278A1 (zh) | 2017-12-19 | 2017-12-19 | 获取可信节点的方法、装置、存储介质及区块链节点 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/117281 WO2019119278A1 (zh) | 2017-12-19 | 2017-12-19 | 获取可信节点的方法、装置、存储介质及区块链节点 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019119278A1 true WO2019119278A1 (zh) | 2019-06-27 |
Family
ID=62233588
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/117281 WO2019119278A1 (zh) | 2017-12-19 | 2017-12-19 | 获取可信节点的方法、装置、存储介质及区块链节点 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108124505B (zh) |
WO (1) | WO2019119278A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019227225A1 (en) * | 2018-05-30 | 2019-12-05 | Skrumble Technologies Inc. | Systems and methods for establishing communications via blockchain |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108810157A (zh) * | 2018-06-20 | 2018-11-13 | 泰链(厦门)科技有限公司 | 区块链网络连接方法、介质、装置及系统 |
CN108831001B (zh) * | 2018-06-25 | 2021-06-18 | 北京奇虎科技有限公司 | 基于区块链的节点随机选取方法、系统、节点、电子设备 |
CN109104415B (zh) * | 2018-07-21 | 2021-07-20 | 江苏飞搏软件股份有限公司 | 构建可信节点网络的系统及方法 |
CN109302307B (zh) * | 2018-08-16 | 2021-06-04 | 泰链(厦门)科技有限公司 | 网络主机、基于网络主机快速部署区块链节点的方法 |
CN108965469B (zh) * | 2018-08-16 | 2021-07-30 | 北京京东尚科信息技术有限公司 | 区块链网络成员动态管理方法、装置、设备及存储介质 |
CN109344628B (zh) * | 2018-08-23 | 2022-07-08 | 达闼机器人股份有限公司 | 区块链网络中可信节点的管理方法,节点及存储介质 |
CN109117674A (zh) * | 2018-09-25 | 2019-01-01 | 深圳市元征科技股份有限公司 | 一种客户端验证加密方法、系统、设备及计算机介质 |
CN109788045B (zh) * | 2018-12-28 | 2021-08-03 | 贵州蓝石科技有限公司 | 一种区块链中的节点 |
CN110086856B (zh) * | 2019-04-01 | 2022-02-01 | 达闼机器人有限公司 | 区块链节点的控制方法、装置、存储介质及电子设备 |
WO2020213125A1 (ja) * | 2019-04-18 | 2020-10-22 | 三菱電機株式会社 | 入退管理システム、入退管理システムの認証装置、入退管理システムの管理装置、入退管理システムの携帯端末、入退管理データのデータ構造、入退管理プログラム、および入退管理システムの構築方法 |
CN110381167B (zh) * | 2019-08-09 | 2022-02-08 | 中国工商银行股份有限公司 | 基于云的区块链节点主动发现系统及方法 |
CN110602150B (zh) * | 2019-10-16 | 2021-11-16 | 超越科技股份有限公司 | 一种sdn节点间可信认证方法 |
CN110752934B (zh) * | 2019-10-28 | 2022-09-06 | 江苏大周基业智能科技有限公司 | 拓扑结构下网络身份交互认证的方法 |
CN110855492B (zh) * | 2019-11-15 | 2021-12-14 | 腾讯科技(深圳)有限公司 | 一种数据处理方法、装置及存储介质 |
CN110855791B (zh) * | 2019-11-18 | 2021-07-27 | 腾讯科技(深圳)有限公司 | 一种区块链节点部署方法及相关设备 |
CN110941418B (zh) * | 2019-11-26 | 2022-04-01 | 杭州浮云网络科技有限公司 | 一种随机数生成的方法、装置、设备及可读存储介质 |
CN110971408A (zh) * | 2019-12-25 | 2020-04-07 | 上海沄界信息科技有限公司 | 基于区块链网络的tee节点认证方法及认证系统 |
CN111339197A (zh) * | 2020-02-26 | 2020-06-26 | 百度在线网络技术(北京)有限公司 | 区块链数据处理方法、装置、电子设备及介质 |
CN111431867B (zh) * | 2020-03-06 | 2022-04-08 | 杭州云象网络技术有限公司 | 一种基于区块链BaaS平台的节点接入方法 |
CN111383021B (zh) * | 2020-05-29 | 2020-09-15 | 腾讯科技(深圳)有限公司 | 基于区块链网络的节点管理方法、装置、设备及介质 |
CN112055077B (zh) * | 2020-09-02 | 2023-04-18 | 杭州复杂美科技有限公司 | 区块链接入方法、设备和存储介质 |
CN114866567B (zh) * | 2022-05-26 | 2023-06-02 | 成都质数斯达克科技有限公司 | 一种抗容灾的多层次区块链网络区块同步方法和装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789041A (zh) * | 2017-02-15 | 2017-05-31 | 江苏信源久安信息科技有限公司 | 一种去中心化证书可信区块链方法 |
CN107070644A (zh) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | 一种基于信任网络的去中心化公钥管理方法和管理系统 |
CN107438003A (zh) * | 2016-05-27 | 2017-12-05 | 索尼公司 | 电子设备、用于电子设备的方法和信息处理系统 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101741844B (zh) * | 2009-12-11 | 2012-06-20 | 北京工业大学 | 一种基于中心索引的p2p文件共享网络的对等节点发现方法 |
US8560633B2 (en) * | 2010-01-11 | 2013-10-15 | Tangome, Inc. | Communicating in a peer-to-peer computer environment |
CN107342980B (zh) * | 2017-06-05 | 2020-05-19 | 杭州云象网络技术有限公司 | 一种公有链节点工作量证明的可信验证方法及系统 |
-
2017
- 2017-12-19 WO PCT/CN2017/117281 patent/WO2019119278A1/zh active Application Filing
- 2017-12-19 CN CN201780002571.0A patent/CN108124505B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107438003A (zh) * | 2016-05-27 | 2017-12-05 | 索尼公司 | 电子设备、用于电子设备的方法和信息处理系统 |
CN107070644A (zh) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | 一种基于信任网络的去中心化公钥管理方法和管理系统 |
CN106789041A (zh) * | 2017-02-15 | 2017-05-31 | 江苏信源久安信息科技有限公司 | 一种去中心化证书可信区块链方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019227225A1 (en) * | 2018-05-30 | 2019-12-05 | Skrumble Technologies Inc. | Systems and methods for establishing communications via blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN108124505B (zh) | 2020-06-30 |
CN108124505A (zh) | 2018-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019119278A1 (zh) | 获取可信节点的方法、装置、存储介质及区块链节点 | |
CN108235806B (zh) | 安全访问区块链的方法、装置、系统、存储介质及电子设备 | |
WO2021036183A1 (zh) | 通过证书签发进行多方安全计算的方法及装置 | |
US11038682B2 (en) | Communication method, apparatus and system, electronic device, and computer readable storage medium | |
CN111416807B (zh) | 数据获取方法、装置及存储介质 | |
WO2021036186A1 (zh) | 通过证书签发提供高可用计算服务的方法及装置 | |
US10686595B2 (en) | Configuring connectivity association key and connectivity association name in a media access control security capable device | |
CN101605137B (zh) | 安全分布式文件系统 | |
JP2020521343A (ja) | ブロックチェーンネットワーク内で使用するためのフィールドプログラマブルゲートアレイベースの信頼できる実行環境 | |
WO2019041802A1 (zh) | 基于服务化架构的发现方法及装置 | |
WO2016107203A1 (zh) | 一种身份认证方法及装置 | |
CN106790261B (zh) | 分布式文件系统及用于其中节点间认证通信的方法 | |
US20140281502A1 (en) | Method and apparatus for embedding secret information in digital certificates | |
US11375369B2 (en) | Message authentication method and communication method of communication network system, and communication network system | |
WO2022100356A1 (zh) | 身份认证系统、方法、装置、设备及计算机可读存储介质 | |
US11038699B2 (en) | Method and apparatus for performing multi-party secure computing based-on issuing certificate | |
US20170126623A1 (en) | Protected Subnet Interconnect | |
JP2010520518A (ja) | 分散式の委任および検証のための方法、装置、およびシステム | |
WO2018202109A1 (zh) | 一种证书请求消息发送方法、接收方法和装置 | |
US20210167963A1 (en) | Decentralised Authentication | |
JP2017216596A (ja) | 通信システム、通信装置、通信方法、及びプログラム | |
US12088737B2 (en) | Method to establish an application level SSL certificate hierarchy between master node and capacity nodes based on hardware level certificate hierarchy | |
JP2020506627A (ja) | プログラマブル・ハードウェア・セキュリティ・モジュール及びプログラマブル・ハードウェア・セキュリティ・モジュールに用いられる方法 | |
WO2021031087A1 (zh) | 一种证书管理方法及装置 | |
EP2239881B1 (en) | Method for ensuring communication security in home network and apparatus for same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17935721 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17935721 Country of ref document: EP Kind code of ref document: A1 |