WO2020114385A1 - Trusted node determining method and apparatus based on block chain network - Google Patents

Trusted node determining method and apparatus based on block chain network Download PDF

Info

Publication number
WO2020114385A1
WO2020114385A1 PCT/CN2019/122641 CN2019122641W WO2020114385A1 WO 2020114385 A1 WO2020114385 A1 WO 2020114385A1 CN 2019122641 W CN2019122641 W CN 2019122641W WO 2020114385 A1 WO2020114385 A1 WO 2020114385A1
Authority
WO
WIPO (PCT)
Prior art keywords
program
information
node
access device
token information
Prior art date
Application number
PCT/CN2019/122641
Other languages
French (fr)
Chinese (zh)
Inventor
王叶松
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020114385A1 publication Critical patent/WO2020114385A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present application relates to the field of communication technology, in particular to a method for determining a trusted node based on a blockchain network and a device for determining a trusted node based on a blockchain network.
  • the blockchain provides a technical option that may solve the problems related to the Internet of Things in terms of decentralization, P2P peer-to-peer networks, and data tampering.
  • the public blockchain (Bitcoin, Ethereum) uses a high-power, long-confirmation delay consensus algorithm, which is not suitable for a future requiring high concurrency and low latency.
  • Internet of Things environment
  • the embodiments of the present application are proposed in order to provide a method for determining a trusted node based on a blockchain network that overcomes the above problems or at least partially solves the above problems and a corresponding The signaling node determines the device.
  • the embodiments of the present application disclose a method for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or the deployment is useful For accessing the first program of the first contract object, the method includes:
  • the first program on a node of the blockchain network obtains the token information of the access device, and the token information includes the security information of the access device;
  • the first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information;
  • the node corresponding to the first program determines whether the access device is a trusted node according to the security evaluation information.
  • it also includes:
  • the node corresponding to the first program adds the access device to a preset trusted node pool.
  • At least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed;
  • the method further includes:
  • the second program on a node of the blockchain network receives the token information and identification information of the device
  • the step of obtaining the token information of the access device by the first program includes:
  • the first program obtains identification information of the access device
  • the first program generates a token information acquisition request, and sends the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
  • the first program receives the token information sent by the second program, and the token information is found by the second program according to the identification information.
  • it also includes:
  • the second program calls the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
  • it also includes:
  • the second program When the second program receives the token information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object The system extracts the token information corresponding to the identification information.
  • the step of the first program acquiring the identification information of the access device includes:
  • the first program receives the identification information of the access device sent by a trusted node of the blockchain network.
  • the first program is a first decentralized program DApp
  • the second program is a second DApp.
  • An embodiment of the present invention also discloses a trusted node determination device based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or is deployed to access the The first program of the first contract object, the device includes:
  • the first procedure includes:
  • the token information obtaining module is used to obtain the token information of the access device when a device accesses the blockchain network, the token information includes the security information of the access device;
  • a first calling module configured to call the first contract object, and the first contract object is used to generate security assessment information for the access device according to the token information;
  • the node where the first program is located includes:
  • the trusted node judgment module is used to judge whether the access device is a trusted node according to the security assessment information.
  • the node where the first program is located further includes:
  • the trusted node pool joining module is used to add the access device to a preset trusted node pool if the access device is a trusted node.
  • At least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed; the device further includes:
  • the second program on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device;
  • the token information acquisition module of the first program includes:
  • An identification acquisition submodule used to acquire identification information of the access device
  • a request submodule configured to generate a token information acquisition request, and send the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
  • the token information receiving submodule is configured to receive the token information sent by the second program, and the token information is searched and obtained by the second program according to the identification information.
  • the second program further includes:
  • a second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
  • the second program further includes:
  • the third calling module is used to call the second contract object when receiving the token information acquisition request sent by the first program, and the second contract object is extracted from the preset distributed file system Token information corresponding to the identification information.
  • the identifier acquisition sub-module includes:
  • the identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network.
  • the first program is a first decentralized program DApp
  • the second program is a second DApp.
  • An embodiment of the present invention also discloses a device, including:
  • One or more processors are One or more processors.
  • One or more machine-readable media having instructions stored thereon, when executed by the one or more processors, cause the apparatus to perform one or more of the methods described above.
  • Embodiments of the present invention also disclose one or more machine-readable media on which instructions are stored, which when executed by one or more processors, cause the processors to perform one or more methods as described above.
  • the security information of the Internet of Things device can be encrypted and added to the token information.
  • the smart contracts and programs deployed on the nodes of the blockchain network can be based on Security information in the token information to evaluate the security of IoT devices.
  • the security information of different types of Internet of Things devices are different.
  • the embodiments of the present application can generate corresponding security assessment information for different types of Internet of Things devices, which is suitable for the Internet of Things.
  • using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety.
  • FIG. 1 is a flowchart of steps of Embodiment 1 of a method for determining a trusted node based on a blockchain network of the present application;
  • FIG. 2 is a flow chart of steps of Embodiment 2 of a method for determining a trusted node based on a blockchain network of the present application;
  • FIG. 3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of this application;
  • 4 is a schematic diagram for uploading the identification information and the token information of the device to the blockchain network
  • FIG. 5 is a schematic diagram for processing devices connected to the blockchain network
  • FIG. 6 is a schematic diagram of the transaction processing for the blockchain network
  • FIG. 7 is a structural block diagram of an embodiment of an apparatus for determining a trusted node based on a blockchain network of the present application.
  • FIG. 1 shows a step flowchart of Embodiment 1 of a method for determining a trusted node based on a blockchain network of the present application, wherein at least one node of the blockchain network is deployed with a first contract object, And/or, a first program for accessing the first contract object is deployed, and the method may specifically include the following steps:
  • Step 101 When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the token information of the access device, the token information includes the Security Information;
  • the blockchain network is decentralized, which means that there is no server, and the client does not need to rely on the server to obtain or process data.
  • a node is both a client and a server.
  • the blockchain network is a P2P (Peer-to-Peer, end-to-end) network.
  • P2P Peer-to-Peer, end-to-end
  • the manufacturer can burn the relevant keys for device security certification and the device's unique identification information (for example, DID (Distributed ID, distributed identification)) into the device's secure storage In the area.
  • the manufacturer can also embed the distributed ledger node SDK (Software Development Kit) in the device firmware and install it.
  • the distributed ledger node SDK can provide the ability for the device to connect with the blockchain network, as well as provide the service of collecting device safety certification (Attestation) data on the device side and reporting to the blockchain.
  • the IoT device When the IoT device accesses the blockchain network, the IoT device can discover other nodes in the blockchain network and establish links with other nodes.
  • the IoT device connected to the blockchain network is a node of the blockchain network.
  • the nodes constituting the blockchain network may be deployed on the cloud service provider’s BaaS (Blockchain as Service) platform, or on the edge computing server, or deployed on On the computing-rich edge devices in the Internet of Things.
  • BaaS Blockchain as Service
  • the relevant security module in the Internet of Things device uses the key burned into the device to self-generate the relevant security certification token and return the token to the device vendor.
  • the entity authentication token EAT Entity Attestation Token
  • EAT Entity Attestation Token
  • other methods can also be used to generate the token, and the embodiments of the present application are not limited herein.
  • Security modules can include SE (Secure Element), TEE (Trusted Execution Environment), software security sandbox, SIM (Subscriber Identity Module, customer identification card), Secure MCU (Secure Microcontroller Unit) , Security micro control unit), TPM (Trusted Platform Module, security chip), etc.
  • the token information includes security information of the Internet of Things device, and the security information is information that can measure whether the Internet of Things device is safe from the perspective of the physical world. For example, whether the device has a security module; whether the core firmware of the device is safely updated by a trusted party, whether the device is securely booted (Secure Boot Boot), whether the key App/SDK running in the device is signed and deployed by the trusted party, and the device is deployed in the device Whether the blockchain SDK is running in the security module, etc.
  • the security information can be set according to the specific business requirements of the Internet of Things device, and the embodiments of the present application are not limited herein.
  • the first contract object is a smart contract for generating security assessment information for the device based on the token information.
  • the first program is used to obtain token information and call the first contract object.
  • the first program can be deployed on multiple nodes, and the first program on each node can be separately executed to obtain the token information, and the first contract object is called separately.
  • the operation of the first contract object to generate security assessment information for the access device needs to rely on the consensus mechanism of the blockchain network.
  • the contract object refers to a smart contract.
  • a smart contract is an application program that can be deployed in a virtual machine of a blockchain network node.
  • the smart contract is generally deployed in several nodes in the blockchain network.
  • the first program may be a first decentralized program.
  • Decentralized application DApp (Decentralized Application) is a distributed application that can be deployed on one or more nodes of the blockchain network.
  • DApp is a client application (such as a front-end application) for accessing smart contracts , Is mainly responsible for implementing the call to the smart contract and implementing some business layer logic. It should be noted that DApps and smart contracts can be deployed without having to be deployed on the same node.
  • the execution of DApp has nothing to do with the consensus mechanism of the blockchain network, but the execution result of the smart contract invoked by the DApp depends on the consensus mechanism of the blockchain network.
  • Step 102 The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information.
  • the first program running on a node of the blockchain network obtains the token information of the IoT device and calls the first contract object
  • the first contract object may generate security evaluation information for the device according to the security information in the token information.
  • the security information is: the access device does not have any security modules
  • the blockchain App/SDK deployed in the device does not have a signature from a trusted party
  • the deployed smart contract runs a virtual machine image (Image) without a signature from the trusted party.
  • the access device is a device with a low security level
  • the security evaluation information generated by the first contract object may be information indicating that the security level is low.
  • the security information is: the access device has multiple security modules, the blockchain App/SDK deployed in the device has the signature of the trusted party, and the deployed smart contract running the virtual machine image (Image) has the signature of the trusted party Wait. It can be considered that the access device is a device with a high security level, and the security evaluation information generated by the first contract object may be information indicating that the security level is high.
  • Step 103 The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information.
  • Trusted nodes are nodes that can be used to run consensus algorithms. In transactions on the blockchain network, whenever a node submits a transaction, a certain node is required to run the consensus algorithm.
  • whether the access can be used as a trusted node can be determined according to the security evaluation information of the access device.
  • the node running the first program may determine that the access device is a trusted node. If the security assessment information is that the security level of the access device is low, the node running the first program may determine that the access device is not a trusted node.
  • the above method for determining whether the access device is a trusted node based on the security assessment message is only an example. In practice, other methods may also be used to determine whether the access device is a trusted node based on the security assessment message.
  • the security information of the Internet of Things device can be encrypted and added to the token information.
  • the smart contracts and programs deployed on the nodes of the blockchain network can be based on Security information in the token information to evaluate the security of IoT devices.
  • the security information of different types of Internet of Things devices are different.
  • the embodiments of the present application can generate corresponding security assessment information for different types of Internet of Things devices, which is suitable for the Internet of Things. Security assessment of IoT devices in a multi-source heterogeneous hardware scenario. In the IoT environment, the factors of human intervention are decreasing, and the IoT device automation intervention network is the main application scenario.
  • using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety. For example, if a blockchain network has 10 million nodes, in order to improve the effectiveness of the consensus mechanism, 100 nodes need to be randomly selected as mining nodes. Since these 100 mining nodes are randomly selected, the number of mining nodes is from From 10 million to 100, the security of consensus is reduced. If these 100 mining nodes are selected from 10,000 high-security nodes, the security can be guaranteed.
  • FIG. 2 it shows a flowchart of steps of Embodiment 2 of a method for determining a trusted node based on a blockchain network of the present application, wherein at least one node of the blockchain network is deployed with a first contract object, And/or, a first process for accessing the first contract object is deployed; at least one node of the blockchain network is deployed with a second contract object, and/or, is deployed for accessing the second contract object
  • the second program that is to say, the first contract object and the first program can be deployed on the same node or different nodes; the second contract object and the second program can be deployed on the same node or can be deployed At different nodes; the first contract object and the second contract object can be deployed on the same node or different nodes; the first program and the second program can be deployed on the same node or on different nodes ;
  • the method may specifically include the following steps:
  • Step 201 The second program on a node of the blockchain network receives the token information and identification information of the device;
  • the manufacturer of the IoT device can access the second program at one node and send the identification information and the token information of the IoT device to the second program.
  • the identification information of the IoT device uniquely corresponds to an IoT device.
  • the second contract object is used to manage the token information and identification information of the IoT device; the second contract object can store the token information and the identification information in a one-to-one correspondence to the database, or extract it from the database Token information and identification information.
  • the second program is used to receive the token information and identification information sent by other nodes, and then call the second contract object, and the second contract object stores/extracts the token information and identification information.
  • the second program may be a second decentralized program.
  • the method may further include: the second program calls the second contract object, and the second contract object stores the token information and identification information of the device to a pre- Set up a distributed file system.
  • the distributed file system (for example, IPFS (InterPlanetary File System)) is not part of the blockchain network.
  • IPFS InterPlanetary File System
  • the distributed file system provides off-chain data storage services outside the distributed ledger system of the blockchain network .
  • Step 202 when a device accesses the blockchain network, a first program on a node of the blockchain network obtains identification information of the access device;
  • the first program may be a first decentralized program.
  • the step 202 may include: the first program receives the identification information of the access device sent by a trusted node of the blockchain network.
  • the nodes of the blockchain network broadcast the identification information of the access device to each other, so all nodes in the entire network can obtain the access device's Identification information.
  • the identification information of the access device is stored in the distributed ledger system of the blockchain network, and the tamper-proof feature of the distributed ledger system is used to prevent the identification information from being tampered.
  • a known trusted node (TrustedPeer) of the blockchain network can send the identification information of the access device to the first program running on a node to Request the first program to perform security assessment processing on the access device.
  • Trusteer trusted node
  • Step 203 the first program generates a token information acquisition request, and sends the token information acquisition request to the second DApp;
  • the token information acquisition request includes identification information of the access device;
  • a token information acquisition request may be generated, and the token information acquisition request may be sent to the second program.
  • the method may further be: when the second program receives the request for obtaining token information sent by the first program, the second program calls the second contract object, by The second contract object extracts the token information corresponding to the identification information from the preset distributed file system.
  • the second program calls the second contract object after receiving the token information acquisition request, and the second contract object extracts the token information corresponding to the identification information from the distributed file system according to the identification information.
  • Step 204 The first program receives the token information sent by the second program; the token information includes security information of the access device;
  • Step 205 The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information.
  • the Internet of Things devices can be evaluated based on the security information of the Internet of Things devices.
  • the security information of different types of Internet of Things devices are different, so this application is implemented
  • different types of Internet of Things devices can generate corresponding security assessment information, which is suitable for evaluating the security of Internet of Things devices in a multi-source heterogeneous hardware scenario of the Internet of Things.
  • Step 206 The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information
  • the node running the first program can determine whether to add the access device to the trusted node pool based on the security evaluation information.
  • Step 207 If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool.
  • the blockchain network may select a trusted node from the trusted node pool to execute the consensus algorithm.
  • FIG. 3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of this application. Among them, no matter the transaction initiated by the trusted node or the transaction initiated by the ordinary node, the trusted node can only be selected as the mining node from the trusted node pool.
  • the factors of human intervention are decreasing, and the automatic intervention of the Internet of Things equipment in the network is the main application scenario.
  • using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety.
  • the upload process can specifically include:
  • the equipment vendor of the IoT device can configure the identification information, key and distributed ledger node SDK for the IoT device A;
  • the relevant security module of the Internet of Things device A can use key autocorrelation to generate token information; the token information includes the security information of the Internet of Things device A;
  • the Internet of Things device A can send the token information to the device vendor node;
  • Some nodes in the blockchain network are deployed with the second contract object and the second DApp.
  • the device vendor node can send the identification information and token information of the Internet of Things device A to the second DApp running on a certain node;
  • the second DApp can call the second contract object to store the identification information and the token information of the Internet of Things device A in the distributed file system.
  • the process can specifically include:
  • the Internet of Things device A accesses the blockchain network and provides identification information
  • Some nodes in the blockchain network are deployed with the first contract object and the first DApp.
  • the identification information of the IoT device A is broadcast between the nodes of the blockchain network, and trusted nodes access the first DApp;
  • the first DApp requests the second DApp to obtain corresponding token information according to the identification information of the Internet of Things device A;
  • the second DApp calls the second contract object, and the second contract object extracts the corresponding token information from the distributed file system;
  • the second DApp obtains the token information extracted from the distributed file system
  • the second DApp sends the token information to the first DApp
  • the first DApp calls the first contract object, and the first contract object generates security assessment information based on the token information;
  • the trusted node running the first DApp determine whether the IoT device A is a trusted node, and if so, add the IoT device A to the trusted node pool.
  • the transaction process can specifically include:
  • Internet of Things device B submits a transaction record to the blockchain network
  • the blockchain network selects mining nodes from the trusted node pool
  • the Internet of Things device A can be selected as a mining node
  • IoT device A executes the consensus algorithm to generate new blocks
  • IoT device A broadcasts new blocks to the entire blockchain network
  • FIG. 7 a structural block diagram of an embodiment of a device for determining a trusted node based on a blockchain network of the present application is shown, wherein at least one node of the blockchain network is deployed with a first contract object, and/or Or, a first program for accessing the first contract object is deployed, and the device may specifically include the following modules:
  • the first program 70 includes:
  • the token information obtaining module 701 is used to obtain the token information of the access device when a device accesses the blockchain network, the token information includes the security information of the access device;
  • the first calling module 702 is used to call the first contract object, and the first contract object is used to generate security evaluation information for the access device according to the token information;
  • the node 71 where the first program is located may include:
  • the trusted node judgment module 711 is used to judge whether the access device is a trusted node according to the security evaluation information.
  • the node 71 where the first program is located may further include:
  • the trusted node pool joining module is used to add the access device to a preset trusted node pool if the access device is a trusted node.
  • At least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed; the device may further include:
  • the second program on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device;
  • the token information acquisition module 701 of the first program 70 may include:
  • An identification acquisition submodule used to acquire identification information of the access device
  • a request submodule configured to generate a token information acquisition request and send the token information acquisition request to the second program; the token information acquisition request includes identification information of the access device;
  • the token information receiving sub-module is configured to receive the token information sent by the second program; the token information is searched and obtained by the second program according to the identification information.
  • the second program may further include:
  • a second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
  • the second program may further include:
  • the third calling module is used to call the second contract object when receiving the token information acquisition request sent by the first program, and the second contract object is extracted from the preset distributed file system Token information corresponding to the identification information.
  • the identifier acquisition submodule may include:
  • the identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network.
  • the first program is a first decentralized program DApp
  • the second program is a second DApp.
  • the description is relatively simple, and the relevant part can be referred to the description of the method embodiment.
  • An embodiment of the present application also provides an apparatus, including:
  • One or more processors are One or more processors.
  • One or more machine-readable media having instructions stored thereon, when executed by the one or more processors, causes the apparatus to execute the method described in the embodiments of the present application.
  • An embodiment of the present application further provides one or more machine-readable media on which instructions are stored, and when executed by one or more processors, causes the processor to execute the method described in the embodiments of the present application.
  • the embodiments of the embodiments of the present application may be provided as methods, devices, or computer program products. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of the present application may take the form of computer program products implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
  • computer usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • each flow and/or block in the flowchart and/or block diagram and a combination of the flow and/or block in the flowchart and/or block diagram may be implemented by computer program instructions.
  • These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing terminal device to produce a machine so that the instructions executed by the processor of the computer or other programmable data processing terminal device Means for generating the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.
  • These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing terminal device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, which The instruction device implements the functions specified in one block or multiple blocks in the flowchart one flow or multiple flows and/or block diagrams.
  • These computer program instructions can also be loaded on a computer or other programmable data processing terminal device, so that a series of operation steps are performed on the computer or other programmable terminal device to generate computer-implemented processing, so that the computer or other programmable terminal device
  • the instructions executed above provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Embodiments of the present application provide a trusted node determining method and apparatus based on a block chain network. The method comprises: when a device accesses the block chain network, a first program on a node of the block chain network obtains token information of the access device, the token information comprising security information of the access device; the first program calls a first contract object, and the first contract object generates security assessment information for the access device according to the token information; a node corresponding to the first program determines, according to the security assessment information, whether the access device is a trusted node. In embodiments of the present application, the security information of an internet of things device is taken as a selection condition of the trusted node of the networked block chain network, so that the overall security of a consensus mechanism can be maintained or even improved without losing the high performance of a weakly centralized consensus algorithm.

Description

一种基于区块链网络的可信节点确定方法和装置Method and device for determining trusted nodes based on blockchain network
本申请要求2018年12月05日递交的申请号为201811481860.6、发明名称为“一种基于区块链网络的可信节点确定方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of the Chinese patent application submitted on December 05, 2018 with the application number 201811481860.6 and the invention titled "A method and device for determining trusted nodes based on the blockchain network", the entire contents of which are incorporated by reference In this application.
技术领域Technical field
本申请涉及通信技术领域,特别是涉及一种基于区块链网络的可信节点确定方法和一种基于区块链网络的可信节点确定装置。The present application relates to the field of communication technology, in particular to a method for determining a trusted node based on a blockchain network and a device for determining a trusted node based on a blockchain network.
背景技术Background technique
随着物联网IoT的发展,传统中心化的物联网后端服务(例如,设备管理平台DMP、连接管理平台CMP,数据聚合与分析服务)等在可见的将来很难处理大量的全球物联设备的接入管理和数据处理,未来物联网的拓扑结构也会从目前的端-边-云发展到云-边-端+P2P的分布式网络。With the development of the Internet of Things IoT, traditional centralized IoT back-end services (for example, device management platform DMP, connection management platform CMP, data aggregation and analysis services), etc., will be difficult to handle a large number of global IoT devices in the foreseeable future With access management and data processing, the topology of the Internet of Things in the future will also evolve from the current end-edge-cloud to a cloud-edge-end + P2P distributed network.
如何在这种规模和复杂度的物联网中建立可信的连接,数据交互,去中间化服务是一个现实的挑战。区块链在去中心化,P2P对等网络,数据不可篡改等方面给出了一个可能解决物联网相关问题的技术选项。How to establish a trusted connection, data interaction, and de-intermediate service in the Internet of Things of this scale and complexity is a real challenge. The blockchain provides a technical option that may solve the problems related to the Internet of Things in terms of decentralization, P2P peer-to-peer networks, and data tampering.
在目前市场上可见的区块链相关实现中,公有区块链(Bitcoin,Ethereum)因其使用了高功耗,长确认延时的共识算法,并不适合要求高并发,低延时的未来物联网环境。Among the blockchain-related implementations currently visible on the market, the public blockchain (Bitcoin, Ethereum) uses a high-power, long-confirmation delay consensus algorithm, which is not suitable for a future requiring high concurrency and low latency. Internet of Things environment.
发明内容Summary of the invention
鉴于上述问题,提出了本申请实施例以便提供一种克服上述问题或者至少部分地解决上述问题的一种基于区块链网络的可信节点确定方法和相应的一种基于区块链网络的可信节点确定装置。In view of the above problems, the embodiments of the present application are proposed in order to provide a method for determining a trusted node based on a blockchain network that overcomes the above problems or at least partially solves the above problems and a corresponding The signaling node determines the device.
为了解决上述问题,本申请实施例公开了一种基于区块链网络的可信节点确定方法,其中,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程序,所述方法包括:In order to solve the above problems, the embodiments of the present application disclose a method for determining a trusted node based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or the deployment is useful For accessing the first program of the first contract object, the method includes:
当有设备接入所述区块链网络时,所述区块链网络一节点上的第一程序获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the token information of the access device, and the token information includes the security information of the access device;
所述第一程序调用所述第一合约对象,由所述第一合约对象根据所述通证信息,生成针对所述接入设备的安全评估信息;The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information;
所述第一程序对应的节点,根据所述安全评估信息判断所述接入设备是否为可信节点。The node corresponding to the first program determines whether the access device is a trusted node according to the security evaluation information.
优选的,还包括:Preferably, it also includes:
若所述接入设备为可信节点,所述第一程序对应的节点将所述接入设备加入预设的可信节点池。If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool.
优选的,所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;Preferably, at least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed;
在所述第一程序获取接入设备的通证信息之前,所述方法还包括:Before the first program obtains the token information of the access device, the method further includes:
所述区块链网络一节点上的第二程序接收设备的通证信息和标识信息;The second program on a node of the blockchain network receives the token information and identification information of the device;
所述第一程序获取接入设备的通证信息的步骤包括:The step of obtaining the token information of the access device by the first program includes:
所述第一程序获取所述接入设备的标识信息;The first program obtains identification information of the access device;
所述第一程序生成通证信息获取请求,并向所述第二程序发送所述通证信息获取请求,所述通证信息获取请求包括所述接入设备的标识信息;The first program generates a token information acquisition request, and sends the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
所述第一程序接收所述第二程序发送的通证信息,所述通证信息由所述第二程序依据所述标识信息查找得到。The first program receives the token information sent by the second program, and the token information is found by the second program according to the identification information.
优选的,还包括:Preferably, it also includes:
所述第二程序调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。The second program calls the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
优选的,还包括:Preferably, it also includes:
当所述第二程序接收到所述第一程序发送的通证信息获取请求时,所述第二程序调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。When the second program receives the token information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object The system extracts the token information corresponding to the identification information.
优选的,所述第一程序获取所述接入设备的标识信息的步骤包括:Preferably, the step of the first program acquiring the identification information of the access device includes:
所述第一程序接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。The first program receives the identification information of the access device sent by a trusted node of the blockchain network.
优选的,所述第一程序为第一去中心化程序DApp,所述第二程序为第二DApp。Preferably, the first program is a first decentralized program DApp, and the second program is a second DApp.
本发明实施例还公开了一种基于区块链网络的可信节点确定装置,其中,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象 的第一程序,所述装置包括:An embodiment of the present invention also discloses a trusted node determination device based on a blockchain network, wherein at least one node of the blockchain network is deployed with a first contract object, and/or is deployed to access the The first program of the first contract object, the device includes:
第一程序,以及所述第一程序所在的节点;The first program, and the node where the first program is located;
所述第一程序包括:The first procedure includes:
通证信息获取模块,用于在有设备接入所述区块链网络时,获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;The token information obtaining module is used to obtain the token information of the access device when a device accesses the blockchain network, the token information includes the security information of the access device;
第一调用模块,用于调用所述第一合约对象,所述第一合约对象用于根据所述通证信息,生成针对所述接入设备的安全评估信息;A first calling module, configured to call the first contract object, and the first contract object is used to generate security assessment information for the access device according to the token information;
所述第一程序所在的节点包括:The node where the first program is located includes:
可信节点判断模块,用于根据所述安全评估信息判断所述接入设备是否为可信节点。The trusted node judgment module is used to judge whether the access device is a trusted node according to the security assessment information.
优选的,所述第一程序所在的节点还包括:Preferably, the node where the first program is located further includes:
可信节点池加入模块,用于若所述接入设备为可信节点,则将所述接入设备加入预设的可信节点池。The trusted node pool joining module is used to add the access device to a preset trusted node pool if the access device is a trusted node.
优选的,所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;所述装置还包括:Preferably, at least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed; the device further includes:
第二程序,在所述区块链网络一节点上,包括:信息接收模块,用于接收设备的通证信息和标识信息;The second program, on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device;
所述第一程序的通证信息获取模块包括:The token information acquisition module of the first program includes:
标识获取子模块,用于获取所述接入设备的标识信息;An identification acquisition submodule, used to acquire identification information of the access device;
请求子模块,用于生成通证信息获取请求,并向所述第二程序发送所述通证信息获取请求,所述通证信息获取请求包括所述接入设备的标识信息;A request submodule, configured to generate a token information acquisition request, and send the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
通证信息接收子模块,用于接收所述第二程序发送的通证信息,所述通证信息由所述第二程序依据所述标识信息查找得到。The token information receiving submodule is configured to receive the token information sent by the second program, and the token information is searched and obtained by the second program according to the identification information.
优选的,所述第二程序还包括:Preferably, the second program further includes:
第二调用模块,用于调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。A second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
优选的,所述第二程序还包括:Preferably, the second program further includes:
第三调用模块,用于当接收到所述第一程序发送的通证信息获取请求时,调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。The third calling module is used to call the second contract object when receiving the token information acquisition request sent by the first program, and the second contract object is extracted from the preset distributed file system Token information corresponding to the identification information.
优选的,所述标识获取子模块包括:Preferably, the identifier acquisition sub-module includes:
标识接收单元,用于接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。The identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network.
优选的,所述第一程序为第一去中心化程序DApp,所述第二程序为第二DApp。Preferably, the first program is a first decentralized program DApp, and the second program is a second DApp.
本发明实施例还公开了一种装置,包括:An embodiment of the present invention also discloses a device, including:
一个或多个处理器;和One or more processors; and
其上存储有指令的一个或多个机器可读介质,当由所述一个或多个处理器执行时,使得所述装置执行如上所述的一个或多个的方法。One or more machine-readable media having instructions stored thereon, when executed by the one or more processors, cause the apparatus to perform one or more of the methods described above.
本发明实施例还公开了一个或多个机器可读介质,其上存储有指令,当由一个或多个处理器执行时,使得所述处理器执行如上所述的一个或多个的方法。Embodiments of the present invention also disclose one or more machine-readable media on which instructions are stored, which when executed by one or more processors, cause the processors to perform one or more methods as described above.
本申请实施例包括以下优点:The embodiments of the present application include the following advantages:
本申请实施例中,可以将物联网设备的安全信息加密添加到通证信息中,通过在区块链网络中传输通证信息,使得部署在区块链网络的节点的智能合约和程序可以基于通证信息中的安全信息来评估物联网设备的安全性。在物联网的多源异构硬件场景下,不同类型的物联网设备的安全信息都是不同的,本申请实施例可以对不同类型的物联网设备生成相应的安全评估信息,适用于物联网的多源异构硬件场景下对物联网设备的进行安全性评估。在物联网环境下,人介入的因素在减少,物联网设备自动化介入网络是主要应用场景。本申请实施例中,将物联网设备本身的安全信息作为联网的区块链网络可信节点选取条件,可以在不损失弱中心化共识算法高性能的前提下,可以保持甚至提高共识机制整体的安全性。In the embodiment of the present application, the security information of the Internet of Things device can be encrypted and added to the token information. By transmitting the token information in the blockchain network, the smart contracts and programs deployed on the nodes of the blockchain network can be based on Security information in the token information to evaluate the security of IoT devices. In the multi-source heterogeneous hardware scenario of the Internet of Things, the security information of different types of Internet of Things devices are different. The embodiments of the present application can generate corresponding security assessment information for different types of Internet of Things devices, which is suitable for the Internet of Things. Security assessment of IoT devices in a multi-source heterogeneous hardware scenario. In the Internet of Things environment, the factors of human intervention are decreasing, and the automatic intervention of the Internet of Things equipment in the network is the main application scenario. In the embodiment of the present application, using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety.
附图说明BRIEF DESCRIPTION
图1是本申请的一种基于区块链网络的可信节点确定方法实施例一的步骤流程图;FIG. 1 is a flowchart of steps of Embodiment 1 of a method for determining a trusted node based on a blockchain network of the present application;
图2是本申请的一种基于区块链网络的可信节点确定方法实施例二的步骤流程图;FIG. 2 is a flow chart of steps of Embodiment 2 of a method for determining a trusted node based on a blockchain network of the present application;
图3是本申请实施例中由可信节点执行共识算法的示意图;3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of this application;
图4是为将设备的标识信息和通证信息上传到区块链网络的示意图;4 is a schematic diagram for uploading the identification information and the token information of the device to the blockchain network;
图5是为对接入区块链网络的设备进行处理的示意图;FIG. 5 is a schematic diagram for processing devices connected to the blockchain network;
图6是为区块链网络的交易处理的示意图;6 is a schematic diagram of the transaction processing for the blockchain network;
图7是本申请的一种基于区块链网络的可信节点确定装置实施例的结构框图。7 is a structural block diagram of an embodiment of an apparatus for determining a trusted node based on a blockchain network of the present application.
具体实施方式detailed description
为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请作进一步详细的说明。In order to make the above objects, features and advantages of the present application more obvious and understandable, the present application will be described in further detail below with reference to the accompanying drawings and specific embodiments.
参照图1,示出了本申请的一种基于区块链网络的可信节点确定方法实施例一的步骤流程图,其中,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程序,所述方法具体可以包括如下步骤:Referring to FIG. 1, it shows a step flowchart of Embodiment 1 of a method for determining a trusted node based on a blockchain network of the present application, wherein at least one node of the blockchain network is deployed with a first contract object, And/or, a first program for accessing the first contract object is deployed, and the method may specifically include the following steps:
步骤101,当有设备接入所述区块链网络时,所述区块链网络一节点上的第一程序获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;Step 101: When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the token information of the access device, the token information includes the Security Information;
区块链网络是去中心化的,这意味着没有服务器,客户端也不需要依赖服务器来获取或处理数据。在区块链网络中,有的是节点。节点既是一个客户端,也是一个服务器。区块链网络是P2P(Peer-to-Peer,端到端)网络,区块链网络中的每个节点可以直接连接到其他节点,它的拓扑是扁平的。The blockchain network is decentralized, which means that there is no server, and the client does not need to rely on the server to obtain or process data. In the blockchain network, there are nodes. A node is both a client and a server. The blockchain network is a P2P (Peer-to-Peer, end-to-end) network. Each node in the blockchain network can be directly connected to other nodes, and its topology is flat.
在实际中,在物联网设备的生产阶段,可以由生产商将设备安全认证的相关密钥及设备唯一的标识信息(例如,DID(Distributed ID,分布式标识))烧录进设备的安全存储区域中。生产商还可以将分布式账本节点SDK(Software Development Kit,软件开发工具包)嵌入在设备固件中安装。布式账本节点SDK可以提供设备与区块链网络连接的能力,同时也可以提供在设备端收集设备安全认证(Attestation)的数据并上报区块链的服务。In practice, in the production stage of IoT devices, the manufacturer can burn the relevant keys for device security certification and the device's unique identification information (for example, DID (Distributed ID, distributed identification)) into the device's secure storage In the area. The manufacturer can also embed the distributed ledger node SDK (Software Development Kit) in the device firmware and install it. The distributed ledger node SDK can provide the ability for the device to connect with the blockchain network, as well as provide the service of collecting device safety certification (Attestation) data on the device side and reporting to the blockchain.
当物联网设备接入区块链网络时,物联网设备的可以发现区块链网络中其他节点,并与其他节点建立链接。接入到区块链网络的物联网设备就是区块链网络的一个节点。When the IoT device accesses the blockchain network, the IoT device can discover other nodes in the blockchain network and establish links with other nodes. The IoT device connected to the blockchain network is a node of the blockchain network.
在本申请实施例中,构成区块链网络的节点可以是部署在云服务供应商的BaaS(Blockchain as a Service,区块链即服务)平台上,也可以部署在边缘计算服务器,或部署在物联网中富算力的边缘设备上。In the embodiment of the present application, the nodes constituting the blockchain network may be deployed on the cloud service provider’s BaaS (Blockchain as Service) platform, or on the edge computing server, or deployed on On the computing-rich edge devices in the Internet of Things.
在本申请实施例中,物联网设备中相关的安全模块(Secure Component),使用烧录进设备的密钥,自生成相关安全认证通证,将通证返回设备商。例如,生成实体认证令牌EAT(Entity Attestation Token)作为通证。当然,除了采用EAT作为通证,还可以采用其他方式生成通证,本申请实施例在此不做限定。In the embodiment of the present application, the relevant security module (Secure Components) in the Internet of Things device uses the key burned into the device to self-generate the relevant security certification token and return the token to the device vendor. For example, the entity authentication token EAT (Entity Attestation Token) is generated as a token. Of course, in addition to using EAT as a token, other methods can also be used to generate the token, and the embodiments of the present application are not limited herein.
相关的安全模块可以包括SE(Secure Element,安全模块)、TEE(Trusted Execution Environment,可信执行环境)、软件安全沙盒、SIM(Subscriber Identity Module,客户身份识别卡)、Secure MCU(Secure Microcontroller Unit,安全微控制单元)、TPM(Trusted Platform Module,安全芯片)等。Related security modules can include SE (Secure Element), TEE (Trusted Execution Environment), software security sandbox, SIM (Subscriber Identity Module, customer identification card), Secure MCU (Secure Microcontroller Unit) , Security micro control unit), TPM (Trusted Platform Module, security chip), etc.
在本申请实施例中,通证信息包含了物联网设备的安全信息,安全信息是可以从物理世界的角度衡量物联网设备是否安全的信息。例如,设备是否有安全模块;设备的核心固件是否由可信方安全更新,设备是否安全引导(Secure Bootup),设备中运行的关键App/SDK是否由可信方签名并部署,设备中部署的区块链SDK是否运行在安全模块中等。在实际中,安全信息可以根据物联网设备的具体业务要求来设定,本申请实施例在此不做限定。In the embodiment of the present application, the token information includes security information of the Internet of Things device, and the security information is information that can measure whether the Internet of Things device is safe from the perspective of the physical world. For example, whether the device has a security module; whether the core firmware of the device is safely updated by a trusted party, whether the device is securely booted (Secure Boot Boot), whether the key App/SDK running in the device is signed and deployed by the trusted party, and the device is deployed in the device Whether the blockchain SDK is running in the security module, etc. In practice, the security information can be set according to the specific business requirements of the Internet of Things device, and the embodiments of the present application are not limited herein.
在本申请实施例中,第一合约对象是用于根据通证信息生成针对设备的安全评估信息的智能合约。第一程序用于获取通证信息,并调用第一合约对象。In the embodiment of the present application, the first contract object is a smart contract for generating security assessment information for the device based on the token information. The first program is used to obtain token information and call the first contract object.
第一程序可以部署在多个节点上,每一个节点上的第一程序都可以单独执行获取通证信息,并单独调用第一合约对象。但第一合约对象生成针对接入设备的安全评估信息的操作,需要依赖区块链网络的共识机制。The first program can be deployed on multiple nodes, and the first program on each node can be separately executed to obtain the token information, and the first contract object is called separately. However, the operation of the first contract object to generate security assessment information for the access device needs to rely on the consensus mechanism of the blockchain network.
在本申请实施例中,合约对象是指智能合约,智能合约是一种可部署在区块链网络节点的虚拟机中的应用程序,智能合约一般部署在区块链网络中若干个节点中。In the embodiment of the present application, the contract object refers to a smart contract. A smart contract is an application program that can be deployed in a virtual machine of a blockchain network node. The smart contract is generally deployed in several nodes in the blockchain network.
在本申请实施例中,第一程序可以是第一去中心化程序。In the embodiment of the present application, the first program may be a first decentralized program.
去中心化程序DApp(Decentralized Application)是一种分布式应用程序,可以部署在区块链网络的一个或多个节点上,DApp是用于访问智能合约的客户端应用程序(例如前端应用程序),主要负责实现对智能合约的调用,并实现一些业务层的逻辑。需要说明的是,DApp与智能合约可以部署不必一定要部署在同一节点上。DApp的执行与区块链网络的共识机制无关,但DApp调用的智能合约的执行结果,需要依赖区块链网络的共识机制。Decentralized application DApp (Decentralized Application) is a distributed application that can be deployed on one or more nodes of the blockchain network. DApp is a client application (such as a front-end application) for accessing smart contracts , Is mainly responsible for implementing the call to the smart contract and implementing some business layer logic. It should be noted that DApps and smart contracts can be deployed without having to be deployed on the same node. The execution of DApp has nothing to do with the consensus mechanism of the blockchain network, but the execution result of the smart contract invoked by the DApp depends on the consensus mechanism of the blockchain network.
步骤102,所述第一程序调用所述第一合约对象,由所述第一合约对象根据所述通证信息,生成针对所述接入设备的安全评估信息。Step 102: The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information.
在本申请实施例中,当物联网设备接入区块链网络时,由运行在区块链网络某一节点上的第一程序获取该物联网设备的通证信息并调用第一合约对象,第一合约对象可以根据通证信息中的安全信息生成针对该设备的安全评估信息。In the embodiment of the present application, when the IoT device accesses the blockchain network, the first program running on a node of the blockchain network obtains the token information of the IoT device and calls the first contract object, The first contract object may generate security evaluation information for the device according to the security information in the token information.
例如,若安全信息为:接入设备无任何安全模块,设备中部署的区块链App/SDK没有可信方签名,部署的智能合约运行虚拟机映像(Image)没有可信方的签名等。可以认为该接入设备是低安全级别设备,则第一合约对象生成的安全评估信息可以是表示安全级别低的信息。For example, if the security information is: the access device does not have any security modules, the blockchain App/SDK deployed in the device does not have a signature from a trusted party, and the deployed smart contract runs a virtual machine image (Image) without a signature from the trusted party. It can be considered that the access device is a device with a low security level, and the security evaluation information generated by the first contract object may be information indicating that the security level is low.
又例如,若安全信息为:接入设备有多个安全模块,设备中部署的区块链App/SDK有可信方签名,部署的智能合约运行虚拟机映像(Image)有可信方的签名等。可以认为该接入设备是高安全级别设备,则第一合约对象生成的安全评估信息可以是表示安全级别高的信息。For another example, if the security information is: the access device has multiple security modules, the blockchain App/SDK deployed in the device has the signature of the trusted party, and the deployed smart contract running the virtual machine image (Image) has the signature of the trusted party Wait. It can be considered that the access device is a device with a high security level, and the security evaluation information generated by the first contract object may be information indicating that the security level is high.
当然,采用安全级别来作为安全评估信息仅仅是示例,在实际中可以生成其他形式的安全评估消息,本申请实施例在此不做限定。Of course, using the security level as the security assessment information is only an example, and in practice, other forms of security assessment messages can be generated, which is not limited herein by the embodiments of the present application.
步骤103,所述第一程序对应的节点,根据所述安全评估信息判断所述接入设备是否为可信节点。Step 103: The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information.
可信节点是可以用于运行共识算法的节点。在区块链网络的交易中,每当有节点提交交易时,都需要一定的节点来运行共识算法。Trusted nodes are nodes that can be used to run consensus algorithms. In transactions on the blockchain network, whenever a node submits a transaction, a certain node is required to run the consensus algorithm.
在本申请实施例中,可以根据接入设备的安全评估信息来判断接入是否能作为可信节点。In the embodiment of the present application, whether the access can be used as a trusted node can be determined according to the security evaluation information of the access device.
例如,若安全评估信息是接入设备的安全级别高,则运行第一程序的节点可以将判断该接入设备为可信节点。若安全评估信息是接入设备的安全级别低,则运行第一程序的节点可以判断将该接入设备不是可信节点。For example, if the security assessment information is that the security level of the access device is high, the node running the first program may determine that the access device is a trusted node. If the security assessment information is that the security level of the access device is low, the node running the first program may determine that the access device is not a trusted node.
上述根据安全评估消息判断接入设备是否为可信节点的方式仅仅是示例,在实际中,还可以选用其他方式根据安全评估消息来判断接入设备是否为可信节点。The above method for determining whether the access device is a trusted node based on the security assessment message is only an example. In practice, other methods may also be used to determine whether the access device is a trusted node based on the security assessment message.
本申请实施例中,可以将物联网设备的安全信息加密添加到通证信息中,通过在区块链网络中传输通证信息,使得部署在区块链网络的节点的智能合约和程序可以基于通证信息中的安全信息来评估物联网设备的安全性。在物联网的多源异构硬件场景下,不同类型的物联网设备的安全信息都是不同的,本申请实施例可以对不同类型的物联网设备生成相应的安全评估信息,适用于物联网的多源异构硬件场景下对物联网设备的进行安全性评估。在物联网环境下,人介入的因素在减少,物联网设备自动化介入网络是主要应用场景。本申请实施例中,将物联网设备本身的安全信息作为联网的区块链网络可信节点选取条件,可以在不损失弱中心化共识算法高性能的前提下,可以保持甚至提高 共识机制整体的安全性。例如,如果一个区块链网络有1千万个节点,为了提高共识机制效能,需要从中随机选取100个节点作为挖矿节点,由于这100个挖矿节点是随机选取,而挖矿节点数从1千万降至100,共识的安全性被降低。如果这100个挖矿节点是从1万个高安全级别的节点中选取,则安全性可以得到保障。In the embodiment of the present application, the security information of the Internet of Things device can be encrypted and added to the token information. By transmitting the token information in the blockchain network, the smart contracts and programs deployed on the nodes of the blockchain network can be based on Security information in the token information to evaluate the security of IoT devices. In the multi-source heterogeneous hardware scenario of the Internet of Things, the security information of different types of Internet of Things devices are different. The embodiments of the present application can generate corresponding security assessment information for different types of Internet of Things devices, which is suitable for the Internet of Things. Security assessment of IoT devices in a multi-source heterogeneous hardware scenario. In the IoT environment, the factors of human intervention are decreasing, and the IoT device automation intervention network is the main application scenario. In the embodiment of the present application, using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety. For example, if a blockchain network has 10 million nodes, in order to improve the effectiveness of the consensus mechanism, 100 nodes need to be randomly selected as mining nodes. Since these 100 mining nodes are randomly selected, the number of mining nodes is from From 10 million to 100, the security of consensus is reduced. If these 100 mining nodes are selected from 10,000 high-security nodes, the security can be guaranteed.
参照图2,示出了本申请的一种基于区块链网络的可信节点确定方法实施例二的步骤流程图,其中,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程;所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;也就说,第一合约对象和第一程序可以部署在同一个节点,也可以部署在不同的节点;第二合约对象和第二程序可以部署在同一个节点,也可以部署在不同的节点;第一合约对象和第二合约对象可以部署在同一个节点,也可以部署在不同的节点;第一程序和第二程序可以部署在同一个节点,也可以部署在不同的节点;Referring to FIG. 2, it shows a flowchart of steps of Embodiment 2 of a method for determining a trusted node based on a blockchain network of the present application, wherein at least one node of the blockchain network is deployed with a first contract object, And/or, a first process for accessing the first contract object is deployed; at least one node of the blockchain network is deployed with a second contract object, and/or, is deployed for accessing the second contract object The second program; that is to say, the first contract object and the first program can be deployed on the same node or different nodes; the second contract object and the second program can be deployed on the same node or can be deployed At different nodes; the first contract object and the second contract object can be deployed on the same node or different nodes; the first program and the second program can be deployed on the same node or on different nodes ;
所述方法具体可以包括如下步骤:The method may specifically include the following steps:
步骤201,所述区块链网络一节点上的第二程序接收设备的通证信息和标识信息;Step 201: The second program on a node of the blockchain network receives the token information and identification information of the device;
在实际中,物联网设备的生产商可以在一个节点访问第二程序,并向第二程序发送物联网设备的标识信息和通证信息。其中,物联网设备的标识信息唯一对应一个物联网设备。In practice, the manufacturer of the IoT device can access the second program at one node and send the identification information and the token information of the IoT device to the second program. Among them, the identification information of the IoT device uniquely corresponds to an IoT device.
在本申请实施例中,第二合约对象用于管理物联网设备的通证信息和标识信息;第二合约对象可以将通证信息和标识信息一一对应的存储到数据库,或者,从数据库提取通证信息和标识信息。In the embodiment of the present application, the second contract object is used to manage the token information and identification information of the IoT device; the second contract object can store the token information and the identification information in a one-to-one correspondence to the database, or extract it from the database Token information and identification information.
第二程序用于接收其他节点发送的通证信息和标识信息,然后调用第二合约对象,由第二合约对象存储/提取通证信息和标识信息。The second program is used to receive the token information and identification information sent by other nodes, and then call the second contract object, and the second contract object stores/extracts the token information and identification information.
在本申请实施例中,第二程序可以为第二去中心化程序。In the embodiment of the present application, the second program may be a second decentralized program.
在本申请实施例中,所述的方法还可以包括:所述第二程序调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。In the embodiment of the present application, the method may further include: the second program calls the second contract object, and the second contract object stores the token information and identification information of the device to a pre- Set up a distributed file system.
分布式文件系统(例如,IPFS(InterPlanetary File System,星际文件系统))并不是区块链网络的一部分,分布式文件系统提供了在区块链网络的分布式账本系统以外 的链下数据存储服务。The distributed file system (for example, IPFS (InterPlanetary File System)) is not part of the blockchain network. The distributed file system provides off-chain data storage services outside the distributed ledger system of the blockchain network .
步骤202,当有设备接入所述区块链网络时,所述区块链网络一节点上的第一程序获取所述接入设备的标识信息; Step 202, when a device accesses the blockchain network, a first program on a node of the blockchain network obtains identification information of the access device;
在本申请实施例中,第一程序可以为第一去中心化程序。In the embodiment of the present application, the first program may be a first decentralized program.
在本申请实施例中,所述步骤202可以包括:所述第一程序接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。In the embodiment of the present application, the step 202 may include: the first program receives the identification information of the access device sent by a trusted node of the blockchain network.
具体的,当有物联网设备接入区块链网络时,区块链网络的节点相互之间会广播该接入设备的标识信息,因此全网中的节点都可以获取到该接入设备的标识信息。在本申请实施例中,接入设备的标识信息会被存储到区块链网络的分布式账本系统中,利用分布式账本系统不可篡改的特性,防止标识信息被篡改。Specifically, when an IoT device accesses the blockchain network, the nodes of the blockchain network broadcast the identification information of the access device to each other, so all nodes in the entire network can obtain the access device's Identification information. In the embodiment of the present application, the identification information of the access device is stored in the distributed ledger system of the blockchain network, and the tamper-proof feature of the distributed ledger system is used to prevent the identification information from being tampered.
物联网设备接入区块链网络后,区块链网络的某一已知的可信节点(Trusted Peer),可以向运行在某一节点的第一程序发送该接入设备的标识信息,以请求第一程序对接入设备进行安全性评估处理。After the IoT device accesses the blockchain network, a known trusted node (TrustedPeer) of the blockchain network can send the identification information of the access device to the first program running on a node to Request the first program to perform security assessment processing on the access device.
步骤203,所述第一程序生成通证信息获取请求,并向所述第二DApp发送所述通证信息获取请求;所述通证信息获取请求包括所述接入设备的标识信息; Step 203, the first program generates a token information acquisition request, and sends the token information acquisition request to the second DApp; the token information acquisition request includes identification information of the access device;
当第一程序获取到接入设备的标识信息后,可以生成通证信息获取请求,并将该通证信息获取请求发送给第二程序。After the first program obtains the identification information of the access device, a token information acquisition request may be generated, and the token information acquisition request may be sent to the second program.
在本申请实施例中,所述的方法还可以:当所述第二程序接收到所述第一程序发送的通证信息获取请求时,所述第二程序调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。In the embodiment of the present application, the method may further be: when the second program receives the request for obtaining token information sent by the first program, the second program calls the second contract object, by The second contract object extracts the token information corresponding to the identification information from the preset distributed file system.
具体的,第二程序在接收到通证信息获取请求后调用第二合约对象,第二合约对象根据标识信息从分布式文件系统,提取与标识信息对应的通证信息。Specifically, the second program calls the second contract object after receiving the token information acquisition request, and the second contract object extracts the token information corresponding to the identification information from the distributed file system according to the identification information.
步骤204,所述第一程序接收所述第二程序发送的通证信息;所述通证信息包含所述接入设备的安全信息;Step 204: The first program receives the token information sent by the second program; the token information includes security information of the access device;
步骤205,所述第一程序调用所述第一合约对象,由所述第一合约对象根据所述通证信息,生成针对所述接入设备的安全评估信息。Step 205: The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information.
本申请实施例中,可以基于物联网设备的安全信息来评估物联网设备,在物联网的多源异构硬件场景下,不同类型的物联网设备的安全信息都是不同的,因此本申请实施例可以对不同类型的物联网设备生成相应的安全评估信息,适用于物联网的多源异构硬 件场景下对物联网设备的安全性进行评估。In the embodiments of the present application, the Internet of Things devices can be evaluated based on the security information of the Internet of Things devices. In the multi-source heterogeneous hardware scenario of the Internet of Things, the security information of different types of Internet of Things devices are different, so this application is implemented For example, different types of Internet of Things devices can generate corresponding security assessment information, which is suitable for evaluating the security of Internet of Things devices in a multi-source heterogeneous hardware scenario of the Internet of Things.
步骤206,所述第一程序对应的节点,根据所述安全评估信息判断所述接入设备是否为可信节点;Step 206: The node corresponding to the first program determines whether the access device is a trusted node according to the security assessment information;
当第一合约对象生成接入设备的安全评估信息后,运行第一程序的节点可以根据安全评估信息,判断是否将该接入设备加入可信节点池。After the first contract object generates the security evaluation information of the access device, the node running the first program can determine whether to add the access device to the trusted node pool based on the security evaluation information.
步骤207,若所述接入设备为可信节点,所述第一程序对应的节点将所述接入设备加入预设的可信节点池。Step 207: If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool.
在本申请实施例中,当节点向区块链网络提交一个交易记录时,区块链网络可以从可信节点池中选择可信节点来执行共识算法。In the embodiment of the present application, when a node submits a transaction record to the blockchain network, the blockchain network may select a trusted node from the trusted node pool to execute the consensus algorithm.
参照图3所示为本申请实施例中由可信节点执行共识算法的示意图。其中,无论是可信节点发起的交易,还是普通节点发起的交易,都只能从可信节点池中选择可信节点作为挖矿节点。3 is a schematic diagram of a consensus algorithm executed by a trusted node in an embodiment of this application. Among them, no matter the transaction initiated by the trusted node or the transaction initiated by the ordinary node, the trusted node can only be selected as the mining node from the trusted node pool.
在物联网环境下,人介入的因素在减少,物联网设备自动化介入网络是主要应用场景。本申请实施例中,将物联网设备本身的安全信息作为联网的区块链网络可信节点选取条件,可以在不损失弱中心化共识算法高性能的前提下,可以保持甚至提高共识机制整体的安全性。In the Internet of Things environment, the factors of human intervention are decreasing, and the automatic intervention of the Internet of Things equipment in the network is the main application scenario. In the embodiment of the present application, using the security information of the Internet of Things device as the selection condition of the trusted node of the networked blockchain network can maintain or even improve the overall consensus mechanism without losing the high performance of the weak centralized consensus algorithm safety.
为了使本领域技术人员能够更好地理解本申请实施例,下面通过一个例子对本申请实施例加以说明:In order to enable those skilled in the art to better understand the embodiments of the present application, the following describes the embodiments of the present application through an example:
参照图4所示为将设备的标识信息和通证信息上传到区块链网络的示意图。上传过程具体可以包括:Refer to FIG. 4 for a schematic diagram of uploading device identification information and token information to the blockchain network. The upload process can specifically include:
1、物联网设备的设备商可以对物联网设备A配置标识信息、密钥和分布式账本节点SDK;1. The equipment vendor of the IoT device can configure the identification information, key and distributed ledger node SDK for the IoT device A;
2、物联网设备A的相关安全模块可以采用密钥自相关生成通证信息;通证信息包括物联网设备A的安全信息;2. The relevant security module of the Internet of Things device A can use key autocorrelation to generate token information; the token information includes the security information of the Internet of Things device A;
3、物联网设备A可以将通证信息发送给设备商节点;3. The Internet of Things device A can send the token information to the device vendor node;
4、区块链网络中的一部分节点部署有第二合约对象和第二DApp,设备商节点可以将物联网设备A的标识信息和通证信息发送到运行在某个节点的第二DApp;4. Some nodes in the blockchain network are deployed with the second contract object and the second DApp. The device vendor node can send the identification information and token information of the Internet of Things device A to the second DApp running on a certain node;
5、第二DApp可以调用第二合约对象,将物联网设备A的标识信息和通证信息存储 到分布式文件系统。5. The second DApp can call the second contract object to store the identification information and the token information of the Internet of Things device A in the distributed file system.
参照图5所示为对接入区块链网络的设备进行处理的示意图。处理过程具体可以包括:Refer to FIG. 5 for a schematic diagram of processing devices connected to the blockchain network. The process can specifically include:
1、物联网设备A接入区块链网络并提供标识信息;1. The Internet of Things device A accesses the blockchain network and provides identification information;
2、区块链网络中的一部分节点部署有第一合约对象和第一DApp,区块链网络的节点之间广播物联网设备A的标识信息,并由可信节点访问第一DApp;2. Some nodes in the blockchain network are deployed with the first contract object and the first DApp. The identification information of the IoT device A is broadcast between the nodes of the blockchain network, and trusted nodes access the first DApp;
3、第一DApp根据物联网设备A的标识信息向第二DApp请求获取相应的通证信息;3. The first DApp requests the second DApp to obtain corresponding token information according to the identification information of the Internet of Things device A;
4、第二DApp调用第二合约对象,由第二合约对象从分布式文件系统提取相应的通证信息;4. The second DApp calls the second contract object, and the second contract object extracts the corresponding token information from the distributed file system;
5、第二DApp获取到从分布式文件系统提取出的通证信息;5. The second DApp obtains the token information extracted from the distributed file system;
6、第二DApp将通证信息发送给第一DApp;6. The second DApp sends the token information to the first DApp;
7、第一DApp调用第一合约对象,由第一合约对象根据通证信息生成安全评估信息;7. The first DApp calls the first contract object, and the first contract object generates security assessment information based on the token information;
8、运行第一DApp的可信节点,根据安全评估信息判断物联网设备A是否为可信节点,若是则将物联网设备A添加到可信节点池。8. The trusted node running the first DApp, according to the security assessment information, determine whether the IoT device A is a trusted node, and if so, add the IoT device A to the trusted node pool.
参照图6所示为区块链网络的交易处理的示意图。交易过程具体可以包括:6 is a schematic diagram of the transaction processing of the blockchain network. The transaction process can specifically include:
1、物联网设备B向区块链网络提交一个交易记录;1. Internet of Things device B submits a transaction record to the blockchain network;
2、区块链网络从可信节点池中选择挖矿节点;2. The blockchain network selects mining nodes from the trusted node pool;
3、物联网设备A可以被选择作为挖矿节点;3. The Internet of Things device A can be selected as a mining node;
4、物联网设备A执行共识算法,生成新区块;4. IoT device A executes the consensus algorithm to generate new blocks;
5、物联网设备A向区块链网络全网广播新区块;5. IoT device A broadcasts new blocks to the entire blockchain network;
6、交易确定。6. The transaction is confirmed.
需要说明的是,对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请实施例并不受所描述的动作顺序的限制,因为依据本申请实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本申请实施例所必须的。It should be noted that, for simplicity of description, the method embodiments are expressed as a series of action combinations, but those skilled in the art should be aware that the embodiments of the present application are not limited by the described action sequence, because According to the embodiments of the present application, some steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the involved actions are not necessarily required by the embodiments of the present application.
参照图7,示出了本申请的一种基于区块链网络的可信节点确定装置实施例的结构框图,其中,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程序,所述装置具体可以包括如下模块:Referring to FIG. 7, a structural block diagram of an embodiment of a device for determining a trusted node based on a blockchain network of the present application is shown, wherein at least one node of the blockchain network is deployed with a first contract object, and/or Or, a first program for accessing the first contract object is deployed, and the device may specifically include the following modules:
第一程序70,以及所述第一程序所在的节点71;The first program 70, and the node 71 where the first program is located;
所述第一程序70包括:The first program 70 includes:
通证信息获取模块701,用于在有设备接入所述区块链网络时,获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;The token information obtaining module 701 is used to obtain the token information of the access device when a device accesses the blockchain network, the token information includes the security information of the access device;
第一调用模块702,用于调用所述第一合约对象,所述第一合约对象用于根据所述通证信息,生成针对所述接入设备的安全评估信息;The first calling module 702 is used to call the first contract object, and the first contract object is used to generate security evaluation information for the access device according to the token information;
所述第一程序所在的节点71可以包括:The node 71 where the first program is located may include:
可信节点判断模块711,用于根据所述安全评估信息判断所述接入设备是否为可信节点。The trusted node judgment module 711 is used to judge whether the access device is a trusted node according to the security evaluation information.
在本申请实施例中,所述第一程序所在的节点71还可以包括:In the embodiment of the present application, the node 71 where the first program is located may further include:
可信节点池加入模块,用于若所述接入设备为可信节点,则将所述接入设备加入预设的可信节点池。The trusted node pool joining module is used to add the access device to a preset trusted node pool if the access device is a trusted node.
在本申请实施例中,所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;所述装置还可以包括:In an embodiment of the present application, at least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed; the device may further include:
第二程序,在所述区块链网络一节点上,包括:信息接收模块,用于接收设备的通证信息和标识信息;The second program, on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device;
所述第一程序70的通证信息获取模块701可以包括:The token information acquisition module 701 of the first program 70 may include:
标识获取子模块,用于获取所述接入设备的标识信息;An identification acquisition submodule, used to acquire identification information of the access device;
请求子模块,用于生成通证信息获取请求,并向所述第二程序发送所述通证信息获取请求;所述通证信息获取请求包括所述接入设备的标识信息;A request submodule, configured to generate a token information acquisition request and send the token information acquisition request to the second program; the token information acquisition request includes identification information of the access device;
通证信息接收子模块,用于接收所述第二程序发送的通证信息;所述通证信息由所述第二程序依据所述标识信息查找得到。The token information receiving sub-module is configured to receive the token information sent by the second program; the token information is searched and obtained by the second program according to the identification information.
在本申请实施例中,所述第二程序还可以包括:In the embodiment of the present application, the second program may further include:
第二调用模块,用于调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。A second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
在本申请实施例中,所述第二程序还可以包括:In the embodiment of the present application, the second program may further include:
第三调用模块,用于当接收到所述第一程序发送的通证信息获取请求时,调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。The third calling module is used to call the second contract object when receiving the token information acquisition request sent by the first program, and the second contract object is extracted from the preset distributed file system Token information corresponding to the identification information.
在本申请实施例中,所述标识获取子模块可以包括:In the embodiment of the present application, the identifier acquisition submodule may include:
标识接收单元,用于接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。The identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network.
在本申请实施例中,所述第一程序为第一去中心化程序DApp,所述第二程序为第二DApp。In the embodiment of the present application, the first program is a first decentralized program DApp, and the second program is a second DApp.
对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。For the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment.
本申请实施例还提供了一种装置,包括:An embodiment of the present application also provides an apparatus, including:
一个或多个处理器;和One or more processors; and
其上存储有指令的一个或多个机器可读介质,当由所述一个或多个处理器执行时,使得所述装置执行本申请实施例所述的方法。One or more machine-readable media having instructions stored thereon, when executed by the one or more processors, causes the apparatus to execute the method described in the embodiments of the present application.
本申请实施例还提供了一个或多个机器可读介质,其上存储有指令,当由一个或多个处理器执行时,使得所述处理器执行本申请实施例所述的方法。An embodiment of the present application further provides one or more machine-readable media on which instructions are stored, and when executed by one or more processors, causes the processor to execute the method described in the embodiments of the present application.
本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。The embodiments in this specification are described in a progressive manner. Each embodiment focuses on the differences from other embodiments, and the same or similar parts between the embodiments may refer to each other.
本领域内的技术人员应明白,本申请实施例的实施例可提供为方法、装置、或计算机程序产品。因此,本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the embodiments of the present application may be provided as methods, devices, or computer program products. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of the present application may take the form of computer program products implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
本申请实施例是参照根据本申请实施例的方法、终端设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框 图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The embodiments of the present application are described with reference to flowcharts and/or block diagrams of the method, terminal device (system), and computer program product according to the embodiments of the present application. It should be understood that each flow and/or block in the flowchart and/or block diagram and a combination of the flow and/or block in the flowchart and/or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing terminal device to produce a machine so that the instructions executed by the processor of the computer or other programmable data processing terminal device Means for generating the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing terminal device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, which The instruction device implements the functions specified in one block or multiple blocks in the flowchart one flow or multiple flows and/or block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理终端设备上,使得在计算机或其他可编程终端设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing terminal device, so that a series of operation steps are performed on the computer or other programmable terminal device to generate computer-implemented processing, so that the computer or other programmable terminal device The instructions executed above provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.
尽管已描述了本申请实施例的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请实施例范围的所有变更和修改。Although the preferred embodiments of the embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic inventive concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the embodiments of the present application.
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的相同要素。Finally, it should also be noted that in this article, relational terms such as first and second are used only to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities Or there is any such actual relationship or order between operations. Moreover, the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, article or terminal device that includes a series of elements includes not only those elements, but also those that are not explicitly listed The other elements listed may also include elements inherent to such processes, methods, articles or terminal equipment. Without more restrictions, the element defined by the sentence "include one..." does not exclude that there are other identical elements in the process, method, article, or terminal device that includes the element.
以上对本申请所提供的一种基于区块链网络的可信节点确定方法和一种基于区块链网络的可信节点确定装置,进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范 围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The above provides a detailed description of a method for determining a trusted node based on a blockchain network and a device for determining a trusted node based on a blockchain network provided in this application. In this paper, specific examples are applied to the principles of this application The implementation examples are described. The descriptions of the above examples are only used to help understand the method and the core idea of the present application. At the same time, for those of ordinary skill in the art, according to the ideas of the present application, in the specific implementation manner and application scope All are subject to change. In summary, the content of this specification should not be construed as a limitation of this application.

Claims (16)

  1. 一种基于区块链网络的可信节点确定方法,其特征在于,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程序,所述方法包括:A method for determining trusted nodes based on a blockchain network, characterized in that at least one node of the blockchain network is deployed with a first contract object, and/or is deployed with a method for accessing the first contract object The first procedure, the method includes:
    当有设备接入所述区块链网络时,所述区块链网络一节点上的第一程序获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;When a device accesses the blockchain network, the first program on a node of the blockchain network obtains the token information of the access device, and the token information includes the security information of the access device;
    所述第一程序调用所述第一合约对象,由所述第一合约对象根据所述通证信息,生成针对所述接入设备的安全评估信息;The first program calls the first contract object, and the first contract object generates security evaluation information for the access device according to the token information;
    所述第一程序对应的节点,根据所述安全评估信息判断所述接入设备是否为可信节点。The node corresponding to the first program determines whether the access device is a trusted node according to the security evaluation information.
  2. 根据权利要求1所述的方法,其特征在于,还包括:The method according to claim 1, further comprising:
    若所述接入设备为可信节点,所述第一程序对应的节点将所述接入设备加入预设的可信节点池。If the access device is a trusted node, the node corresponding to the first program adds the access device to a preset trusted node pool.
  3. 根据权利要求1或2所述的方法,其特征在于,所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;The method according to claim 1 or 2, wherein at least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed ;
    在所述第一程序获取接入设备的通证信息之前,所述方法还包括:Before the first program obtains the token information of the access device, the method further includes:
    所述区块链网络一节点上的第二程序接收设备的通证信息和标识信息;The second program on a node of the blockchain network receives the token information and identification information of the device;
    所述第一程序获取接入设备的通证信息的步骤包括:The step of obtaining the token information of the access device by the first program includes:
    所述第一程序获取所述接入设备的标识信息;The first program obtains identification information of the access device;
    所述第一程序生成通证信息获取请求,并向所述第二程序发送所述通证信息获取请求,所述通证信息获取请求包括所述接入设备的标识信息;The first program generates a token information acquisition request, and sends the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
    所述第一程序接收所述第二程序发送的通证信息,所述通证信息由所述第二程序依据所述标识信息查找得到。The first program receives the token information sent by the second program, and the token information is found by the second program according to the identification information.
  4. 根据权利要求3所述的方法,其特征在于,还包括:The method according to claim 3, further comprising:
    所述第二程序调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。The second program calls the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
  5. 根据权利要求4所述的方法,其特征在于,还包括:The method according to claim 4, further comprising:
    当所述第二程序接收到所述第一程序发送的通证信息获取请求时,所述第二程序调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。When the second program receives the token information acquisition request sent by the first program, the second program calls the second contract object, and the second contract object The system extracts the token information corresponding to the identification information.
  6. 根据权利要求3所述的方法,其特征在于,所述第一程序获取所述接入设备的标识信息的步骤包括:The method according to claim 3, wherein the step of acquiring the identification information of the access device by the first program comprises:
    所述第一程序接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。The first program receives the identification information of the access device sent by a trusted node of the blockchain network.
  7. 根据权利要求3所述的方法,其特征在于,所述第一程序为第一去中心化程序DApp,所述第二程序为第二DApp。The method according to claim 3, wherein the first program is a first decentralized program DApp, and the second program is a second DApp.
  8. 一种基于区块链网络的可信节点确定装置,其特征在于,所述区块链网络的至少一个节点部署有第一合约对象,和/或,部署有用于访问所述第一合约对象的第一程序,所述装置包括:A trusted node determination device based on a blockchain network, characterized in that at least one node of the blockchain network is deployed with a first contract object, and/or is deployed with a method for accessing the first contract object The first procedure, the device includes:
    第一程序,以及所述第一程序所在的节点;The first program, and the node where the first program is located;
    所述第一程序包括:The first procedure includes:
    通证信息获取模块,用于在有设备接入所述区块链网络时,获取接入设备的通证信息,所述通证信息包含所述接入设备的安全信息;The token information obtaining module is used to obtain the token information of the access device when a device accesses the blockchain network, the token information includes the security information of the access device;
    第一调用模块,用于调用所述第一合约对象,所述第一合约对象用于根据所述通证信息,生成针对所述接入设备的安全评估信息;A first calling module, configured to call the first contract object, and the first contract object is used to generate security assessment information for the access device according to the token information;
    所述第一程序所在的节点包括:The node where the first program is located includes:
    可信节点判断模块,用于根据所述安全评估信息判断所述接入设备是否为可信节点。The trusted node judgment module is used to judge whether the access device is a trusted node according to the security assessment information.
  9. 根据权利要求8所述的装置,其特征在于,所述第一程序所在的节点还包括:The apparatus according to claim 8, wherein the node where the first program is located further comprises:
    可信节点池加入模块,用于若所述接入设备为可信节点,则将所述接入设备加入预设的可信节点池。The trusted node pool joining module is used to add the access device to a preset trusted node pool if the access device is a trusted node.
  10. 根据权利要求8或9所述的装置,其特征在于,所述区块链网络的至少一个节点部署有第二合约对象,和/或,部署有用于访问所述第二合约对象的第二程序;所述装置还包括:The device according to claim 8 or 9, wherein at least one node of the blockchain network is deployed with a second contract object, and/or a second program for accessing the second contract object is deployed ; The device also includes:
    第二程序,在所述区块链网络一节点上,包括:信息接收模块,用于接收设备的通证信息和标识信息;The second program, on a node of the blockchain network, includes: an information receiving module for receiving the token information and identification information of the device;
    所述第一程序的通证信息获取模块包括:The token information acquisition module of the first program includes:
    标识获取子模块,用于获取所述接入设备的标识信息;An identification acquisition submodule, used to acquire identification information of the access device;
    请求子模块,用于生成通证信息获取请求,并向所述第二程序发送所述通证信息获取请求,所述通证信息获取请求包括所述接入设备的标识信息;A request submodule, configured to generate a token information acquisition request, and send the token information acquisition request to the second program, where the token information acquisition request includes identification information of the access device;
    通证信息接收子模块,用于接收所述第二程序发送的通证信息,所述通证信息由所述第二程序依据所述标识信息查找得到。The token information receiving submodule is configured to receive the token information sent by the second program, and the token information is searched and obtained by the second program according to the identification information.
  11. 根据权利要求10所述的装置,其特征在于,所述第二程序还包括:The apparatus according to claim 10, wherein the second program further comprises:
    第二调用模块,用于调用所述第二合约对象,由所述第二合约对象将所述设备的通证信息和标识信息,存储至预设分布式文件系统。A second calling module is used to call the second contract object, and the second contract object stores the token information and identification information of the device to a preset distributed file system.
  12. 根据权利要求11所述的装置,其特征在于,所述第二程序还包括:The apparatus according to claim 11, wherein the second program further comprises:
    第三调用模块,用于当接收到所述第一程序发送的通证信息获取请求时,调用所述第二合约对象,由所述第二合约对象从所述预设分布式文件系统,提取与所述标识信息对应的通证信息。The third calling module is used to call the second contract object when receiving the token information acquisition request sent by the first program, and the second contract object is extracted from the preset distributed file system Token information corresponding to the identification information.
  13. 根据权利要求10所述的装置,其特征在于,所述标识获取子模块包括:The apparatus according to claim 10, wherein the identifier acquisition submodule includes:
    标识接收单元,用于接收所述区块链网络的一可信节点发送的所述接入设备的标识信息。The identification receiving unit is configured to receive identification information of the access device sent by a trusted node of the blockchain network.
  14. 根据权利要求10所述的装置,其特征在于,所述第一程序为第一去中心化程序DApp,所述第二程序为第二DApp。The apparatus according to claim 10, wherein the first program is a first decentralized program DApp, and the second program is a second DApp.
  15. 一种装置,其特征在于,包括:An apparatus is characterized by comprising:
    一个或多个处理器;和One or more processors; and
    其上存储有指令的一个或多个机器可读介质,当由所述一个或多个处理器执行时,使得所述装置执行如权利要求1-7所述的一个或多个的方法。One or more machine-readable media having instructions stored thereon, when executed by the one or more processors, causes the apparatus to perform one or more of the methods of claims 1-7.
  16. 一个或多个机器可读介质,其上存储有指令,当由一个或多个处理器执行时,使得所述处理器执行如权利要求1-7所述的一个或多个的方法。One or more machine-readable media having instructions stored thereon, when executed by one or more processors, causing the processors to perform one or more of the methods of claims 1-7.
PCT/CN2019/122641 2018-12-05 2019-12-03 Trusted node determining method and apparatus based on block chain network WO2020114385A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811481860.6A CN111277553B (en) 2018-12-05 2018-12-05 Credible node determination method and device based on block chain network
CN201811481860.6 2018-12-05

Publications (1)

Publication Number Publication Date
WO2020114385A1 true WO2020114385A1 (en) 2020-06-11

Family

ID=70974484

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/122641 WO2020114385A1 (en) 2018-12-05 2019-12-03 Trusted node determining method and apparatus based on block chain network

Country Status (3)

Country Link
CN (1) CN111277553B (en)
TW (1) TW202023238A (en)
WO (1) WO2020114385A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112469044A (en) * 2020-12-17 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN112929361A (en) * 2021-02-03 2021-06-08 中国联合网络通信集团有限公司 Device authentication method, access node and computer readable storage medium
CN113076315A (en) * 2021-04-01 2021-07-06 洪璐 Intelligent home data chaining method and system of Internet of things on block chain
US11374755B1 (en) * 2020-12-08 2022-06-28 International Business Machines Corporation Entangled token structure for blockchain networks
CN115018284A (en) * 2022-05-24 2022-09-06 中国气象局气象探测中心 Meteorological observation data quality evaluation method
CN115190127A (en) * 2022-07-08 2022-10-14 中国联合网络通信集团有限公司 Evidence storing method, device and system for computing power service

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541788B (en) 2020-07-08 2020-10-16 支付宝(杭州)信息技术有限公司 Hash updating method and device of block chain all-in-one machine
CN111541553B (en) * 2020-07-08 2021-08-24 支付宝(杭州)信息技术有限公司 Trusted starting method and device of block chain all-in-one machine
TWI827867B (en) * 2020-07-28 2024-01-01 林修德 Blockchain-based file storage device and file access authorization system and method thereof
CN111859457A (en) * 2020-07-31 2020-10-30 联想(北京)有限公司 Intelligent contract setting method and system
CN112153067B (en) * 2020-09-28 2022-08-12 周口师范学院 Edge computing safety system based on block chain
US11575499B2 (en) 2020-12-02 2023-02-07 International Business Machines Corporation Self auditing blockchain
CN113407990A (en) * 2021-05-26 2021-09-17 杭州安恒信息技术股份有限公司 Data circulation processing method, device, system, electronic device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170352027A1 (en) * 2016-06-07 2017-12-07 Cornell University Authenticated data feed for blockchains
CN107734502A (en) * 2017-09-07 2018-02-23 京信通信系统(中国)有限公司 Micro-base station communication management method, system and equipment based on block chain
CN107819848A (en) * 2017-11-08 2018-03-20 济南浪潮高新科技投资发展有限公司 A kind of internet of things equipment autonomy interconnected method based on block chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548342B (en) * 2015-09-22 2023-07-04 创新先进技术有限公司 Trusted device determining method and device
US10122695B2 (en) * 2015-10-28 2018-11-06 Cisco Technology, Inc. Remote crowd attestation in a network
CN106656915A (en) * 2015-10-30 2017-05-10 深圳市中电智慧信息安全技术有限公司 Cloud security server based on trusted computing
CN108566653B (en) * 2018-07-02 2021-07-13 中国联合网络通信集团有限公司 Operation management method of base station equipment and base station equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170352027A1 (en) * 2016-06-07 2017-12-07 Cornell University Authenticated data feed for blockchains
CN107734502A (en) * 2017-09-07 2018-02-23 京信通信系统(中国)有限公司 Micro-base station communication management method, system and equipment based on block chain
CN107819848A (en) * 2017-11-08 2018-03-20 济南浪潮高新科技投资发展有限公司 A kind of internet of things equipment autonomy interconnected method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MING-DA LIU ET AL: "Remote Attestation Model Based on Blockchain", COMPUTER SCIENCE, vol. 45, no. 2, 28 February 2018 (2018-02-28), pages 48 - 52, XP055713163, DOI: 10.11896/j.issn.1002-137X.2018.02.008 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11374755B1 (en) * 2020-12-08 2022-06-28 International Business Machines Corporation Entangled token structure for blockchain networks
CN112469044A (en) * 2020-12-17 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN112469044B (en) * 2020-12-17 2023-07-11 国网辽宁省电力有限公司信息通信分公司 Edge access control method and controller for heterogeneous terminal
CN112929361A (en) * 2021-02-03 2021-06-08 中国联合网络通信集团有限公司 Device authentication method, access node and computer readable storage medium
CN113076315A (en) * 2021-04-01 2021-07-06 洪璐 Intelligent home data chaining method and system of Internet of things on block chain
CN115018284A (en) * 2022-05-24 2022-09-06 中国气象局气象探测中心 Meteorological observation data quality evaluation method
CN115190127A (en) * 2022-07-08 2022-10-14 中国联合网络通信集团有限公司 Evidence storing method, device and system for computing power service

Also Published As

Publication number Publication date
CN111277553A (en) 2020-06-12
TW202023238A (en) 2020-06-16
CN111277553B (en) 2022-05-24

Similar Documents

Publication Publication Date Title
WO2020114385A1 (en) Trusted node determining method and apparatus based on block chain network
TWI703853B (en) User identity authentication method and device in network
JP6775086B2 (en) Blockchain monitoring and management
US11336451B2 (en) Cross-blockchain resource transmission
TW202101440A (en) Cross-blockchain resource transmission
WO2018112940A1 (en) Service execution method and device for blockchain node, and node device
CN109492380B (en) Equipment authentication method and device and block link point
TWI679550B (en) Account login method and device
CN108769230B (en) Transaction data storage method, device, server and storage medium
JP6435398B2 (en) Method and system for facilitating terminal identifiers
CN104506487B (en) The credible execution method of privacy policy under cloud environment
JP2019537330A5 (en)
JP2019531534A5 (en)
CN110597918B (en) Account management method, account management device and computer readable storage medium
WO2022166637A1 (en) Blockchain network-based method and apparatus for data processing, and computer device
KR102041720B1 (en) Implementing system of flexible blockchain framework and p2p network constructing method thereof, recording medium for performing the method
WO2021243666A1 (en) Information processing method and system, and device, medium, chip and program
US10659443B2 (en) Methods and apparatus for obtaining a scoped token
WO2021139467A1 (en) Federated learning method and system, and computer device and storage medium
US20080028034A1 (en) Method for mapping an iscsi target name to a storage resource based on an initiator hardware class identifier
KR20190130933A (en) Method and apparatus for constructing data based blockchain
US20220046028A1 (en) Method and system for determining a state of an account in a network device running a light client protocol of a distributed ledger technology network
US11418342B2 (en) System and methods for data exchange using a distributed ledger
CN110990790A (en) Data processing method and equipment
CN107888399A (en) A kind of platform services PaaS platform management method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19892948

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19892948

Country of ref document: EP

Kind code of ref document: A1