WO2020252753A1 - Blockchain node device, authentication method and device thereof, and storage medium - Google Patents

Blockchain node device, authentication method and device thereof, and storage medium Download PDF

Info

Publication number
WO2020252753A1
WO2020252753A1 PCT/CN2019/092143 CN2019092143W WO2020252753A1 WO 2020252753 A1 WO2020252753 A1 WO 2020252753A1 CN 2019092143 W CN2019092143 W CN 2019092143W WO 2020252753 A1 WO2020252753 A1 WO 2020252753A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
node device
authentication information
blockchain
blockchain node
Prior art date
Application number
PCT/CN2019/092143
Other languages
French (fr)
Chinese (zh)
Inventor
周茂青
Original Assignee
深圳市网心科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市网心科技有限公司 filed Critical 深圳市网心科技有限公司
Priority to CN201980004507.5A priority Critical patent/CN112544057B/en
Priority to PCT/CN2019/092143 priority patent/WO2020252753A1/en
Publication of WO2020252753A1 publication Critical patent/WO2020252753A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of blockchain technology, in particular to a blockchain node device, a blockchain node device authentication method, device and storage medium.
  • Blockchain technology has become more and more popular with companies in the fields of finance, insurance, etc. due to its decentralization and non-tamperable information, especially the use of blockchain technology to achieve transaction events involving multiple parties (for example, transfers) Events such as transactions, payment transactions, etc.) have increasingly become the focus of attention.
  • the current authentication methods of blockchain node devices are usually implemented based on public key encryption systems.
  • the basic process is to generate a public-private key pair or Public Key Infrastructure (PKI) certificate (including a public key) and a private key for each blockchain node device.
  • the private key is stored on the blockchain node device.
  • the key or PKI certificate is disclosed to the authentication system and other blockchain node devices. When accessing the blockchain network, it becomes a trusted node by verifying the signature of the private key of the blockchain node device.
  • PKI Public Key Infrastructure
  • the disadvantage of this current authentication method is that the private key is not bound to the device, so the security is relatively low.
  • the private key stored on the disk of the networked machine may be stolen by hackers, and the disk hardware may be damaged. The key is lost, the user may copy the private key to other machines and the authentication system cannot identify whether the machine has been replaced, etc.
  • the first aspect of the present invention provides a blockchain node device installed with a blockchain program, and the blockchain node device further includes: a hardware token chip and a hardware token driver;
  • the blockchain program is used to call the hardware token driver when the blockchain node device triggers node authentication
  • the hardware token driver is used to, when called, call the read interface in the hardware token chip to read the first authentication information obtained by the hardware token chip operation;
  • the hardware token chip is used to obtain the first authentication information by calculation and return it to the hardware token driver;
  • the blockchain program is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information
  • the authentication request of the information is sent to the authentication server of the blockchain network.
  • the hardware token driver is located at the kernel layer of the operating system; the hardware token chip is installed on the motherboard and connected to the bus of the motherboard.
  • the hardware token chip calculates the first authentication information when it is called by the hardware token driver; or, the hardware token chip periodically automatically calculates the first authentication information. information.
  • the second aspect of the present invention provides a blockchain node device authentication method, the method is applied to a blockchain node device with a built-in hardware token chip, and the method includes:
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • the reading interface in the hardware token chip is called by the hardware token driver to read the first authentication information obtained by the hardware token chip operation.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • said generating second authentication information including said first authentication information includes:
  • the method further includes:
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • the blockchain node device triggers node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the method further includes:
  • a third aspect of the present invention provides a blockchain node device authentication device, the device runs in a blockchain node device with a built-in hardware token chip, and the device includes:
  • An arithmetic module configured to obtain first authentication information obtained by the hardware token chip operation when the blockchain node device triggers node authentication
  • a generating module configured to generate second authentication information including the first authentication information
  • a sending module configured to send an authentication request carrying the second authentication information to an authentication server in the blockchain network
  • the receiving module is configured to receive the authentication result returned by the authentication server after verifying the authentication request.
  • a fourth aspect of the present invention provides a blockchain node device, the blockchain node device includes a processor and a memory, and the memory stores a block that can run on the processor A download program for chain node device authentication, which implements the blockchain node device authentication method when the download program for blockchain node device authentication is executed by the processor.
  • the fifth aspect of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores a download program for blockchain node device authentication, and the download program for the blockchain node device authentication
  • the program can be executed by one or more processors to implement the blockchain node device authentication method.
  • the blockchain node device, the authentication method, device and storage medium of the blockchain node device of the present invention embed or integrate a hardware token chip in the blockchain node device to realize the token and
  • the binding of blockchain node devices is due to the dynamic nature of the hardware token chip (the authentication information generated each time is different), randomness (the authentication information generated each time is random and unpredictable), once
  • the advantages of security the generated authentication information can only be used once and cannot be reused), anti-theft, non-duplication, etc., so as to ensure the security of the authentication information and will not be stolen, lost or transferred; in addition, hardware tokens
  • the chip provides a reading interface for authentication information.
  • the generated authentication information can be read by the blockchain program.
  • the blockchain node device When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the blockchain network
  • the node authentication process is automated, without manual intervention; when the node is authenticated, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thus from the overall
  • the above improves the security of the blockchain network and ensures that the blockchain node devices connected to the blockchain network are standardized and trusted hardware.
  • Figure 1 is a schematic structural diagram of a preferred embodiment of a blockchain node device provided by the present invention.
  • FIG. 2 is a schematic diagram of the environment of a preferred embodiment of the blockchain node device authentication blockchain network provided by the present invention.
  • Fig. 3 is a flowchart of a preferred embodiment of a method for authenticating a blockchain node device provided by the present invention.
  • FIG. 4 is a schematic diagram of signaling interaction of a preferred embodiment of a blockchain node device to authenticate a blockchain network provided by the present invention.
  • Fig. 5 is a functional module diagram of a preferred embodiment of the device for authenticating blockchain node equipment provided by the present invention.
  • Fig. 6 is a schematic structural diagram of a preferred embodiment of another blockchain node device provided by the present invention.
  • FIG. 1 and FIG. 2 are schematic structural diagrams of a preferred embodiment of the blockchain node device disclosed in the present invention.
  • the blockchain node device 100 Before the blockchain node device 100 requests access to the blockchain network 200, it needs to pass the legality verification of the blockchain network 200.
  • the blockchain network 200 verifies that the blockchain node device 100 is legal, the blockchain node device 100 is successfully connected to the blockchain network 200; when the blockchain network 200 verifies The blockchain node device 100 is illegal, and it refuses to access the blockchain node device 100 in the blockchain network 200.
  • the blockchain node device 100 refers to a device that has installed a blockchain program 10 and a hardware token driver 12, integrated or embedded a hardware token chip 14, and can participate in blockchain consensus and accounting. computer.
  • the blockchain program 10 belongs to the application layer
  • the hardware token driver 12 belongs to the operating system kernel layer
  • the hardware token chip 14 belongs to the hardware layer. .
  • the blockchain program 10 is a software program that runs at the application layer, responsible for the consensus and accounting logic of the blockchain node device 100, and calls the blockchain node device 100 when the node authentication is triggered.
  • the hardware token driver 12 reads the first authentication information calculated by the hardware token chip 14.
  • the hardware token driver 12 is a driver module located at the kernel layer of the operating system, and provides an application programming interface (Application Programming Interface, API) for the blockchain program 10 at the application layer.
  • API Application Programming Interface
  • the hardware token chip 14 is integrated or embedded on the main board of the blockchain node device 100, and has a bus with the main board, for example, an Inter-Integrated Circuit (I2C) bus, a serial peripheral interface (Serial Peripheral Interface, SPI) bus or other suitable computer bus connection.
  • the hardware token chip 14 is pre-stored with a token.
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain the first authentication information.
  • the generated first authentication information can be recognized and read by the hardware token driver 12, but the first authentication information cannot be written or modified. If the hardware token chip 14 is forcibly removed, the first authentication information is lost and the function becomes invalid. Even if it is installed on another computer, the first authentication information can no longer be read.
  • the hardware token chip 14 may include, but is not limited to: a password generation chip, an algorithm coprocessor, a data memory, a bus pin, and a corresponding signal processor (for example, if it is connected to an I2C bus) , You need pins and signal processors that comply with the I2C bus protocol).
  • the password generation chip runs a special password algorithm to generate the current password according to the current time or the number of times of use; the algorithm coprocessor is used to perform the algorithm calculation of the authentication algorithm; the data memory is used to store the security key and data; the bus pins and corresponding signal processing
  • the device is used to connect with the bus of the computer motherboard and is responsible for data exchange with the kernel driver.
  • the blockchain program 10 is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information that carries the second authentication information.
  • the authentication request of the authentication information is sent to the authentication server of the blockchain network 200.
  • the blockchain program 10 is further configured to encode the second authentication information according to a preset format after generating the second authentication information, and send the encoded data
  • the authentication request of the second authentication information is sent to the authentication server of the blockchain network 200.
  • an authentication server 20 and several blockchain node devices 22 may exist in the blockchain network 200.
  • the several blockchain node devices 22 are connected to each other through peer to peer (P2P) to form a blockchain network 200.
  • P2P peer to peer
  • the authentication server 20 is responsible for receiving the authentication request sent by the blockchain node device 100 and verifying the legality of the authentication request. If the authentication server 20 verifies that the authentication request is legal, confirm that the blockchain node device 100 is a trusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device is successfully authenticated .
  • the authentication server 20 verifies that the authentication request is illegal, confirm that the blockchain node device 100 is an untrusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device has failed authentication .
  • the authentication server 20 may be built in the blockchain network 200, or may be an integrated third-party authentication service.
  • the hardware token chip 14 is integrated or embedded in the blockchain node device 100, so that the hardware token chip 14 can be bound to the blockchain node device 100, ensuring The security of the token; in addition, the authentication information in the hardware token chip can be read by the application, so there is no need for manual intervention in the subsequent authentication process, and it will not be stolen, lost or transferred.
  • the blockchain network 200 authenticates the blockchain node device 100 based on the hardware token chip 14 to ensure that the blockchain node devices for access or consensus are standardized and trusted hardware.
  • FIG. 3 is a flowchart of a preferred embodiment of the blockchain node device authentication method provided by the present invention.
  • the blockchain node device authentication method is applied to the blockchain node device. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
  • the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
  • the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip.
  • the parameters are not the same.
  • the read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
  • the blockchain node device may trigger node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node.
  • the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
  • KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology
  • tokens based on challenge/response And tokens based on dynamic passwords.
  • the reading interface of the hardware token chip can be called by the hardware token driver
  • the calling time of is used as the time when the blockchain node device triggers node authentication.
  • the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number
  • the cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver.
  • the cryptographic operation is a prior art, and the present invention will not be elaborated here.
  • the random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
  • the authentication server of the blockchain network When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
  • S32 Generate second authentication information including the first authentication information.
  • the blockchain program after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information.
  • the second authentication information is then sent to the authentication server of the blockchain network.
  • said generating second authentication information including said first authentication information includes:
  • the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
  • the target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
  • IP Internet Protocol
  • MAC media access control
  • the method further includes:
  • the second authentication information is encoded according to a preset format.
  • the blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption.
  • the second authentication information can be transmitted to the blockchain network.
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network is: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • S33 Send an authentication request carrying the second authentication information to an authentication server in the blockchain network.
  • the blockchain node device After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
  • the blockchain network After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
  • S34 Receive an authentication result returned after the authentication server verifies the authentication request.
  • the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return an authentication result that the blockchain node device has failed authentication to the blockchain node device.
  • the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password
  • PKI Public Key Infrastructure
  • the specific verification method belongs to the prior art, and will not be repeated here.
  • the method further includes:
  • the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
  • the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
  • the blockchain node device authentication method of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network.
  • the node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection
  • the blockchain node devices in the blockchain network are all standardized and trusted hardware.
  • FIG. 4 is a schematic diagram of signaling interaction in a preferred embodiment of the blockchain node device authenticating a blockchain network.
  • S42 The hardware token driver calls the read interface of the hardware token chip.
  • the hardware token chip calculates to obtain first authentication information and returns the first authentication information to the hardware token driver.
  • the hardware token driver reads the first authentication information and returns it to the blockchain program.
  • the blockchain program reads the first authentication information and generates second authentication information including the first authentication information.
  • the blockchain program encodes the second authentication information according to a preset format, and at the same time sends an authentication request carrying the encoded second authentication information to an authentication server in the blockchain network.
  • S47 The authentication server performs legality verification on the authentication request to obtain an authentication result.
  • FIG. 5 is a functional module diagram of a preferred embodiment of a blockchain node device authentication device disclosed in the present invention.
  • the blockchain node device authentication device runs in the blockchain node device.
  • the device for authenticating blockchain node equipment may include a plurality of functional modules composed of program code segments.
  • the program code of each program segment in the blockchain node device authentication device can be stored in a memory and executed by at least one processor to execute part or part of the blockchain node device authentication method described in FIG. 3 All steps.
  • the blockchain node equipment authentication device 50 can be divided into multiple functional modules according to the functions it performs.
  • the functional modules may include: an arithmetic module 501, a generating module 502, an encoding module 503, a sending module 504, a receiving module 505, and an access module 506.
  • the module referred to in the present invention refers to a series of computer program segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory. In some embodiments, the functions of each module will be detailed in subsequent embodiments.
  • the calculation module 501 is configured to obtain first authentication information obtained by calculation of the hardware token chip when the blockchain node device triggers node authentication.
  • a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
  • the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
  • the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip.
  • the parameters are not the same.
  • the read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
  • the blockchain node device may trigger node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node.
  • the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
  • the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
  • KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology
  • tokens based on challenge/response And tokens based on dynamic passwords.
  • the reading interface of the hardware token chip can be called by the hardware token driver
  • the calling time of is used as the time when the blockchain node device triggers node authentication.
  • the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number
  • the cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver.
  • the cryptographic operation is a prior art, and the present invention will not be elaborated here.
  • the random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
  • the authentication server of the blockchain network When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
  • the generating module 502 is configured to generate second authentication information including the first authentication information.
  • the blockchain program after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information.
  • the second authentication information is then sent to the authentication server of the blockchain network.
  • the generating module 502 generating the second authentication information including the first authentication information includes:
  • the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
  • the target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
  • IP Internet Protocol
  • MAC media access control
  • the encoding module 503 is configured to encode the second authentication information according to a preset format.
  • the blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption.
  • the second authentication information can be transmitted to the blockchain network.
  • the sending module 504 is configured to send the authentication request carrying the second authentication information to the authentication server in the blockchain network; or send the authentication request carrying the encoded second authentication information to the authentication in the blockchain network server.
  • the blockchain node device After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
  • the blockchain network After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
  • the receiving module 505 is configured to receive the authentication result returned after the authentication server verifies the authentication request.
  • the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return to the blockchain node device an authentication result that the blockchain node device has failed authentication.
  • the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password
  • PKI Public Key Infrastructure
  • the specific verification method belongs to the prior art, and will not be repeated here.
  • the apparatus further includes:
  • the access module 506 is used to access the blockchain network.
  • the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
  • the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
  • the blockchain node device authentication device of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network.
  • the node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection
  • the blockchain node devices in the blockchain network are all standardized and trusted hardware.
  • FIG. 6 is another schematic diagram of the structure of the blockchain node device in the preferred embodiment of the method for implementing the blockchain node device authentication of the present invention.
  • the blockchain node device 6 includes a memory 61, at least one processor 62, a computer program 63 stored in the memory 61 and running on the at least one processor 62, and at least one communication bus 64.
  • FIG. 6 is only an example of the blockchain node device 6 and does not constitute a limitation on the blockchain node device 6, and may include more or more A few components, or a combination of some components, or different components, for example, the blockchain node device 6 may also include input and output devices, network access devices, and the like.
  • the blockchain node device 6 also includes, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, Smart phones, personal digital assistants (PDAs), game consoles, Internet Protocol Television (IPTV), smart wearable devices, etc.
  • the network where the blockchain node device 6 is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
  • the at least one processor 62 may be a central processing unit (Central Processing Unit, CPU), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application specific integrated circuits (ASICs). ), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the processor 62 can be a microprocessor or the processor 62 can also be any conventional processor, etc.
  • the processor 62 is the control center of the blockchain node device 6 and connects the entire Various parts of the blockchain node device 6.
  • the memory 61 may be used to store the computer program 66 and/or modules/units.
  • the processor 62 runs or executes the computer programs and/or modules/units stored in the memory 61 and calls the computer programs and/or modules/units stored in the memory 61.
  • the data in 61 realizes various functions of the blockchain node device 6.
  • the memory 61 may mainly include a program storage area and a data storage area, where the program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.); the storage data area may The data (such as audio data, phone book, etc.) created according to the use of the blockchain node device 6 is stored.
  • the memory 61 may include a high-speed random access memory, and may also include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), and a Secure Digital (SD) Card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), and a Secure Digital (SD) Card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
  • the processor 62 implements the following steps when executing the foregoing instructions:
  • the processor 62 obtaining the first authentication information obtained by the operation of the hardware token chip includes:
  • a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
  • generating, by the processor 62, second authentication information including the first authentication information includes:
  • the processor 62 further implements the following steps when executing the above instructions:
  • the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  • the blockchain node device triggers node authentication through one or more of the following combinations:
  • the blockchain node device When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  • the processor 62 further implements the following steps when executing the above instructions:
  • the integrated module/unit of the blockchain node device 6 is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the present invention implements all or part of the processes in the above-mentioned embodiment methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium. When executed by the processor, the steps of the foregoing method embodiments can be implemented.
  • the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
  • the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signal telecommunications signal
  • software distribution media etc.
  • the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction.
  • the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
  • modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional modules in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided by the present invention is a blockchain node device, comprising: a hardware token chip, used for computing to obtain first authentication information; a blockchain program, used for calling a hardware token driving program when the blockchain node device triggers node authentication; the hardware token driving program, used for calling a read interface in the hardware token chip to read the first authentication information when called; and the blockchain program, also used for generating second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driving program, and for sending an authentication request bearing the second authentication information to an authentication server of a blockchain network. Further provided by the present invention are a blockchain node device authentication method and device, and a storage medium. By embedding or integrating the hardware token chip into the blockchain node device, the present invention achieves binding of the token and the blockchain node device, improves the security of the authentication information, and is capable of automatically authenticating the blockchain node device.

Description

区块链节点设备及其认证方法、装置、存储介质Block chain node equipment and its authentication method, device and storage medium 技术领域Technical field
本发明涉及区块链技术领域,尤其涉及一种区块链节点设备、区块链节点设备认证方法、装置及存储介质。The present invention relates to the field of blockchain technology, in particular to a blockchain node device, a blockchain node device authentication method, device and storage medium.
背景技术Background technique
区块链技术因其具备的去中心化、信息不可篡改性等特点,越来越受到金融、保险等领域的公司的青睐,尤其是运用区块链技术实现多方参与的交易事件(例如,转账交易、支付交易等事件)越来越成为人们关注的焦点。Blockchain technology has become more and more popular with companies in the fields of finance, insurance, etc. due to its decentralization and non-tamperable information, especially the use of blockchain technology to achieve transaction events involving multiple parties (for example, transfers) Events such as transactions, payment transactions, etc.) have increasingly become the focus of attention.
当前的区块链节点设备的认证方式通常都是基于公钥加密体系来实现的。基本流程是为每个区块链节点设备生成公私钥对或公钥基础设施(Public Key Infrastructure,PKI)证书(内含公钥)和私钥,私钥保存在区块链节点设备上,公钥或PKI证书公开给认证系统及其它区块链节点设备。接入区块链网络时,通过验证区块链节点设备的私钥的签名从而变成信任节点。The current authentication methods of blockchain node devices are usually implemented based on public key encryption systems. The basic process is to generate a public-private key pair or Public Key Infrastructure (PKI) certificate (including a public key) and a private key for each blockchain node device. The private key is stored on the blockchain node device. The key or PKI certificate is disclosed to the authentication system and other blockchain node devices. When accessing the blockchain network, it becomes a trusted node by verifying the signature of the private key of the blockchain node device.
然而,当前的这种认证方式的缺点在于私钥和设备不是绑定的,因而安全性比较低,比如:私钥保存在联网机器的磁盘上可能会被黑客盗取、磁盘硬件损坏可能导致私钥丢失、用户可能将私钥复制到其它机器上而认证系统无法识别出机器是否被更换等等。However, the disadvantage of this current authentication method is that the private key is not bound to the device, so the security is relatively low. For example, the private key stored on the disk of the networked machine may be stolen by hackers, and the disk hardware may be damaged. The key is lost, the user may copy the private key to other machines and the authentication system cannot identify whether the machine has been replaced, etc.
因此,有必要提出一种新的区块链节点设备认证方案,以提高密钥的安全性,从而提高区块链网络的安全性。Therefore, it is necessary to propose a new blockchain node equipment authentication scheme to improve the security of the key, thereby improving the security of the blockchain network.
发明内容Summary of the invention
鉴于以上内容,有必要提供一种区块链节点设备及其认证方法、装置、存储介质,通过将硬件令牌芯片嵌入或集成在区块链节点设备之中,实现了令牌与区块链节点设备的绑定,提高了认证信息的安全性,且能够自动化的进行区块链节点设备的认证。In view of the above, it is necessary to provide a blockchain node device and its authentication method, device, and storage medium. By embedding or integrating the hardware token chip in the blockchain node device, the token and the blockchain are realized. The binding of node devices improves the security of authentication information, and can automatically authenticate blockchain node devices.
为实现上述目的,本发明的第一方面提供一种区块链节点设备,安装有区块链程序,所述区块链节点设备还包括:硬件令牌芯片和硬件令牌驱动程序;To achieve the above objective, the first aspect of the present invention provides a blockchain node device installed with a blockchain program, and the blockchain node device further includes: a hardware token chip and a hardware token driver;
所述区块链程序,用于当所述区块链节点设备触发节点认证时,调用所述硬件令牌驱动程序;The blockchain program is used to call the hardware token driver when the blockchain node device triggers node authentication;
所述硬件令牌驱动程序,用于在被调用时,调用所述硬件令牌芯片中的读 取接口,读取所述硬件令牌芯片运算得到的第一认证信息;The hardware token driver is used to, when called, call the read interface in the hardware token chip to read the first authentication information obtained by the hardware token chip operation;
所述硬件令牌芯片,用于运算得到第一认证信息并返回至所述硬件令牌驱动程序;The hardware token chip is used to obtain the first authentication information by calculation and return it to the hardware token driver;
所述区块链程序,还用于在读取所述硬件令牌驱动程序返回的第一认证信息后生成包含所述第一认证信息的第二认证信息,并发送携带有所述第二认证信息的认证请求至所述区块链网络的认证服务器。The blockchain program is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information The authentication request of the information is sent to the authentication server of the blockchain network.
在一个可选的实施例中,所述硬件令牌驱动程序位于操作系统内核层;所述硬件令牌芯片安装在主板上,与所述主板的总线相连接。In an optional embodiment, the hardware token driver is located at the kernel layer of the operating system; the hardware token chip is installed on the motherboard and connected to the bus of the motherboard.
在一个可选的实施例中,所述硬件令牌芯片在被所述硬件令牌驱动程序调用时运算得到第一认证信息;或者,所述硬件令牌芯片周期性的自动运算得到第一认证信息。In an optional embodiment, the hardware token chip calculates the first authentication information when it is called by the hardware token driver; or, the hardware token chip periodically automatically calculates the first authentication information. information.
为实现上述目的,本发明的第二方面提供一种区块链节点设备认证方法,所述方法应用于内置了硬件令牌芯片的区块链节点设备中,所述方法包括:To achieve the above objective, the second aspect of the present invention provides a blockchain node device authentication method, the method is applied to a blockchain node device with a built-in hardware token chip, and the method includes:
当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息;When the blockchain node device triggers node authentication, acquiring the first authentication information obtained by the hardware token chip operation;
生成包含有所述第一认证信息的第二认证信息;Generating second authentication information including the first authentication information;
发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;Sending an authentication request carrying the second authentication information to an authentication server in the blockchain network;
接收所述认证服务器对所述认证请求进行验证后返回的认证结果。Receiving the authentication result returned after the authentication server verifies the authentication request.
在一个可选的实施例中,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:In an optional embodiment, the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
通过硬件令牌驱动程序调用所述硬件令牌芯片中的读取接口,以读取硬件令牌芯片运算得到的第一认证信息。The reading interface in the hardware token chip is called by the hardware token driver to read the first authentication information obtained by the hardware token chip operation.
在一个可选的实施例中,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:In an optional embodiment, the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
获取所述区块链节点设备触发节点认证的时间;Acquiring the time when the blockchain node device triggers node authentication;
采用预先存储的密码算法对所述时间及随机数进行运算得到数据结果,作为所述第一认证信息。A pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
在一个可选的实施例中,所述生成包含有所述第一认证信息的第二认证信息包括:In an optional embodiment, said generating second authentication information including said first authentication information includes:
获取预先存储的目标字段,其中,所述目标字段包括通信协议;Acquiring a pre-stored target field, where the target field includes a communication protocol;
根据消息标准规定的结构对所述目标字段及所述第一认证信息进行封装生成所述第二认证信息。Encapsulating the target field and the first authentication information according to the structure specified by the message standard to generate the second authentication information.
在一个可选的实施例中,在所述生成包含有所述第一认证信息的第二认证 信息之后,所述方法还包括:In an optional embodiment, after said generating the second authentication information containing the first authentication information, the method further includes:
按照预设格式对所述第二认证信息进行编码;Encoding the second authentication information according to a preset format;
所述发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器包括:发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。The sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
在一个可选的实施例中,所述区块链节点设备通过以下一种或多种组合的方式触发节点认证:In an optional embodiment, the blockchain node device triggers node authentication through one or more of the following combinations:
当检测到所述区块链节点设备启动时,确定所述区块链节点设备触发节点认证;When the startup of the blockchain node device is detected, determining that the blockchain node device triggers node authentication;
当检测到所述区块链节点设备请求区块链交易时,确定所述区块链节点设备触发节点认证。When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
在一个可选的实施例中,所述方法还包括:In an optional embodiment, the method further includes:
若所述认证结果为所述区块链节点设备认证成功时,接入所述区块链网络。If the authentication result is that the blockchain node device is successfully authenticated, access the blockchain network.
为实现上述目的,本发明的第三方面提供一种区块链节点设备认证装置,所述装置运行于内置了硬件令牌芯片的区块链节点设备中,所述装置包括:To achieve the above objective, a third aspect of the present invention provides a blockchain node device authentication device, the device runs in a blockchain node device with a built-in hardware token chip, and the device includes:
运算模块,用于当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息;An arithmetic module, configured to obtain first authentication information obtained by the hardware token chip operation when the blockchain node device triggers node authentication;
生成模块,用于生成包含有所述第一认证信息的第二认证信息;A generating module, configured to generate second authentication information including the first authentication information;
发送模块,用于发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;A sending module, configured to send an authentication request carrying the second authentication information to an authentication server in the blockchain network;
接收模块,用于接收所述认证服务器对所述认证请求进行验证后返回的认证结果。The receiving module is configured to receive the authentication result returned by the authentication server after verifying the authentication request.
为实现上述目的,本发明的第四方面提供一种区块链节点设备,所述区块链节点设备包括处理器和存储器,所述存储器上存储有可在所述处理器上运行的区块链节点设备认证的下载程序,所述区块链节点设备认证的下载程序被所述处理器执行时实现所述的区块链节点设备认证方法。In order to achieve the above objective, a fourth aspect of the present invention provides a blockchain node device, the blockchain node device includes a processor and a memory, and the memory stores a block that can run on the processor A download program for chain node device authentication, which implements the blockchain node device authentication method when the download program for blockchain node device authentication is executed by the processor.
为实现上述目的,本发明的第五方面提供一种计算机可读存储介质,所述计算机可读存储介质上存储有区块链节点设备认证的下载程序,所述区块链节点设备认证的下载程序可被一个或者多个处理器执行,以实现所述的区块链节点设备认证方法。In order to achieve the foregoing objective, the fifth aspect of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores a download program for blockchain node device authentication, and the download program for the blockchain node device authentication The program can be executed by one or more processors to implement the blockchain node device authentication method.
由以上技术方案可知,本发明所述的区块链节点设备、区块链节点设备认证方法、装置及存储介质,在区块链节点设备中嵌入或集成硬件令牌芯片,实现了令牌与区块链节点设备的绑定,由于硬件令牌芯片具有动态性(每次生成 的认证信息都是不同的)、随机性(每次生成的认证信息都是随机的、不可预测的)、一次性(生成的认证信息只能被使用一次、不能重复使用)、抗窃取性、不可复制性等优点,从而确保了认证信息的安全性,不会被窃取、丢失或转移;此外,硬件令牌芯片提供了认证信息的读取接口,所生成的认证信息能够被区块链程序读取,当所述区块链节点设备触发节点认证时,能够自动的生成认证请求发送至区块链网络中的认证服务器,节点认证过程自动化,无需人工干预;当节点认证通过后,区块链节点设备才能获得资格与其它区块链网络中的其他区块链节点设备建立连接,参与共识,从而从整体上提高了区块链网络的安全性,保证了接入于区块链网络中的区块链节点设备均为标准化的可信硬件。It can be seen from the above technical solutions that the blockchain node device, the authentication method, device and storage medium of the blockchain node device of the present invention embed or integrate a hardware token chip in the blockchain node device to realize the token and The binding of blockchain node devices is due to the dynamic nature of the hardware token chip (the authentication information generated each time is different), randomness (the authentication information generated each time is random and unpredictable), once The advantages of security (the generated authentication information can only be used once and cannot be reused), anti-theft, non-duplication, etc., so as to ensure the security of the authentication information and will not be stolen, lost or transferred; in addition, hardware tokens The chip provides a reading interface for authentication information. The generated authentication information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the blockchain network The node authentication process is automated, without manual intervention; when the node is authenticated, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thus from the overall The above improves the security of the blockchain network and ensures that the blockchain node devices connected to the blockchain network are standardized and trusted hardware.
附图说明Description of the drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on the provided drawings without creative work.
图1是本发明提供的区块链节点设备的较佳实施例的结构示意图。Figure 1 is a schematic structural diagram of a preferred embodiment of a blockchain node device provided by the present invention.
图2是本发明提供的区块链节点设备认证区块链网络的较佳实施例的环境示意图。FIG. 2 is a schematic diagram of the environment of a preferred embodiment of the blockchain node device authentication blockchain network provided by the present invention.
图3是本发明提供的区块链节点设备认证方法的较佳实施例的流程图。Fig. 3 is a flowchart of a preferred embodiment of a method for authenticating a blockchain node device provided by the present invention.
图4是本发明提供的区块链节点设备认证区块链网络的较佳实施例的信令交互示意图。FIG. 4 is a schematic diagram of signaling interaction of a preferred embodiment of a blockchain node device to authenticate a blockchain network provided by the present invention.
图5是本发明提供的区块链节点设备认证装置的较佳实施例的功能模块图。Fig. 5 is a functional module diagram of a preferred embodiment of the device for authenticating blockchain node equipment provided by the present invention.
图6是本发明提供的另一区块链节点设备的较佳实施例的结构示意图。Fig. 6 is a schematic structural diagram of a preferred embodiment of another blockchain node device provided by the present invention.
具体实施方式Detailed ways
为了能够更清楚地理解本发明的上述目的、特征和优点,下面结合附图和具体实施例对本发明进行详细描述。需要说明的是,在不冲突的情况下,本发明的实施例及实施例中的特征可以相互组合。In order to be able to understand the above objectives, features and advantages of the present invention more clearly, the present invention will be described in detail below with reference to the drawings and specific embodiments. It should be noted that the embodiments of the present invention and the features in the embodiments can be combined with each other if there is no conflict.
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
除非另有定义,本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。本文中在本发明的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在于限制本发明。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the technical field of the present invention. The terms used in the description of the present invention herein are only for the purpose of describing specific embodiments, and are not intended to limit the present invention.
为使本发明的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本发明作进一步详细的说明。In order to make the above-mentioned objects, features and advantages of the present invention more obvious and easy to understand, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.
实施例一Example one
请同时参见图1和图2,是本发明揭露的区块链节点设备的较佳实施例的结构示意图。Please refer to FIG. 1 and FIG. 2 at the same time, which are schematic structural diagrams of a preferred embodiment of the blockchain node device disclosed in the present invention.
区块链节点设备100在请求接入于区块链网络200之前,需要通过所述区块链网络200的合法性验证。当所述区块链网络200验证所述区块链节点设备100合法,将所述区块链节点设备100成功接入于所述区块链网络200中;当所述区块链网络200验证所述区块链节点设备100非法,拒接接入所述区块链节点设备100于所述区块链网络200中。Before the blockchain node device 100 requests access to the blockchain network 200, it needs to pass the legality verification of the blockchain network 200. When the blockchain network 200 verifies that the blockchain node device 100 is legal, the blockchain node device 100 is successfully connected to the blockchain network 200; when the blockchain network 200 verifies The blockchain node device 100 is illegal, and it refuses to access the blockchain node device 100 in the blockchain network 200.
本实施例中,所述区块链节点设备100是指安装了区块链程序10和硬件令牌驱动程序12、集成或者嵌入了硬件令牌芯片14、可参与区块链共识和记账的计算机。在所述区块链节点设备100的分层架构中,所述区块链程序10属于应用层,所述硬件令牌驱动程序12属于操作系统内核层,所述硬件令牌芯片14属于硬件层。In this embodiment, the blockchain node device 100 refers to a device that has installed a blockchain program 10 and a hardware token driver 12, integrated or embedded a hardware token chip 14, and can participate in blockchain consensus and accounting. computer. In the layered architecture of the blockchain node device 100, the blockchain program 10 belongs to the application layer, the hardware token driver 12 belongs to the operating system kernel layer, and the hardware token chip 14 belongs to the hardware layer. .
其中,所述区块链程序10是在应用层运行的软件程序,负责所述区块链节点设备100的共识与记账逻辑,在所述区块链节点设备100触发节点认证时调用所述硬件令牌驱动程序12以读取所述硬件令牌芯片14运算得到的第一认证信息。Wherein, the blockchain program 10 is a software program that runs at the application layer, responsible for the consensus and accounting logic of the blockchain node device 100, and calls the blockchain node device 100 when the node authentication is triggered. The hardware token driver 12 reads the first authentication information calculated by the hardware token chip 14.
其中,所述硬件令牌驱动程序12是位于操作系统内核层的驱动模块,为应用层的区块链程序10提供了应用程序编程接口(Application Programming Interface,API)。当被所述区块链程序10调用时,负责调用所述硬件令牌芯片14中的读取接口并读取硬件令牌芯片14运算得到的第一认证信息,同时向所述区块链程序10返回第一认证信息。The hardware token driver 12 is a driver module located at the kernel layer of the operating system, and provides an application programming interface (Application Programming Interface, API) for the blockchain program 10 at the application layer. When called by the blockchain program 10, it is responsible for calling the reading interface in the hardware token chip 14 and reading the first authentication information calculated by the hardware token chip 14, and at the same time, send it to the blockchain program 10 Return the first authentication information.
其中,所述硬件令牌芯片14集成或嵌入在所述区块链节点设备100的主板上,与主板的总线,例如,内置集成电路(Inter-Integrated Circuit,I2C)总线、串行外设接口(Serial Peripheral Interface,SPI)总线或其它合适的计算机总线相连接。所述硬件令牌芯片14中预先存储有令牌,当被所述硬件令牌驱动程序调用时,采用预先存储的密码算法对时间及随机数进行运算得到第一认证信息。所生成的第一认证信息可被所述硬件令牌驱动程序12识别并读取,但所述第一 认证信息不能被写入或修改。若所述硬件令牌芯片14被强行拆下,则所述第一认证信息丢失、功能失效。即使被安装到其它计算机上,其所述第一认证信息也无法再被读取。Wherein, the hardware token chip 14 is integrated or embedded on the main board of the blockchain node device 100, and has a bus with the main board, for example, an Inter-Integrated Circuit (I2C) bus, a serial peripheral interface (Serial Peripheral Interface, SPI) bus or other suitable computer bus connection. The hardware token chip 14 is pre-stored with a token. When called by the hardware token driver, a pre-stored cryptographic algorithm is used to calculate the time and random number to obtain the first authentication information. The generated first authentication information can be recognized and read by the hardware token driver 12, but the first authentication information cannot be written or modified. If the hardware token chip 14 is forcibly removed, the first authentication information is lost and the function becomes invalid. Even if it is installed on another computer, the first authentication information can no longer be read.
在一些实施例中,所述硬件令牌芯片14可以包括,但不限于:密码生成芯片、算法协处理器、数据存储器、总线管脚及对应的信号处理器(例如若要接到I2C总线上,则需要符合I2C总线协议的管脚及信号处理器)。密码生成芯片运行专门的密码算法,根据当前时间或使用次数生成当前密码;算法协处理器用于进行认证算法的算法运算;数据存储器用于保存安全密钥和数据;总线管脚及对应的信号处理器用于与计算机主板的总线相连接,负责与内核驱动程序进行数据交换。In some embodiments, the hardware token chip 14 may include, but is not limited to: a password generation chip, an algorithm coprocessor, a data memory, a bus pin, and a corresponding signal processor (for example, if it is connected to an I2C bus) , You need pins and signal processors that comply with the I2C bus protocol). The password generation chip runs a special password algorithm to generate the current password according to the current time or the number of times of use; the algorithm coprocessor is used to perform the algorithm calculation of the authentication algorithm; the data memory is used to store the security key and data; the bus pins and corresponding signal processing The device is used to connect with the bus of the computer motherboard and is responsible for data exchange with the kernel driver.
所述区块链程序10,还用于在读取所述硬件令牌驱动程序返回的第一认证信息后生成包含所述第一认证信息的第二认证信息,并发送携带有所述第二认证信息的认证请求至所述区块链网络200的认证服务器。The blockchain program 10 is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information that carries the second authentication information. The authentication request of the authentication information is sent to the authentication server of the blockchain network 200.
在一个可选的实施例中,所述区块链程序10,还用于在生成所述第二认证信息之后,按照预设格式对所述第二认证信息进行编码,发送携带有编码后的第二认证信息的认证请求至所述区块链网络200的认证服务器。In an optional embodiment, the blockchain program 10 is further configured to encode the second authentication information according to a preset format after generating the second authentication information, and send the encoded data The authentication request of the second authentication information is sent to the authentication server of the blockchain network 200.
如图2所示,所述区块链网络200中可以存在认证服务器20和若干个区块链节点设备22。所述若干个区块链节点设备22通过点对点(peer to peer,P2P)互相连接而构成区块链网络200。所述认证服务器20负责接收所述区块链节点设备100发送过来的认证请求并对所述认证请求进行合法性验证。若所述认证服务器20验证所述认证请求合法时,则确认所述区块链节点设备100为可信节点,并向所述区块链节点设备100返回区块链节点设备认证成功的认证结果。若所述认证服务器20验证所述认证请求非法时,则确认所述区块链节点设备100为不可信节点,并向所述区块链节点设备100返回区块链节点设备认证失败的认证结果。其中,所述认证服务器20可以是区块链网络200内置的,也可以是集成的第三方的认证服务。As shown in FIG. 2, an authentication server 20 and several blockchain node devices 22 may exist in the blockchain network 200. The several blockchain node devices 22 are connected to each other through peer to peer (P2P) to form a blockchain network 200. The authentication server 20 is responsible for receiving the authentication request sent by the blockchain node device 100 and verifying the legality of the authentication request. If the authentication server 20 verifies that the authentication request is legal, confirm that the blockchain node device 100 is a trusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device is successfully authenticated . If the authentication server 20 verifies that the authentication request is illegal, confirm that the blockchain node device 100 is an untrusted node, and return to the blockchain node device 100 an authentication result indicating that the blockchain node device has failed authentication . Wherein, the authentication server 20 may be built in the blockchain network 200, or may be an integrated third-party authentication service.
本实施例中,将所述硬件令牌芯片14集成或者嵌入在所述区块链节点设备100中,使得所述硬件令牌芯片14能够与所述区块链节点设备100绑定,确保了令牌的安全性;此外,所述硬件令牌芯片中的认证信息能够被应用程序读取,因而在后续的认证过程中无需人工干预,并且不会被窃取、丢失或转移。所述区块链网络200通过对基于所述硬件令牌芯片14的区块链节点设备100的认证,能确保接入或共识的区块链节点设备都是标准化的可信硬件。In this embodiment, the hardware token chip 14 is integrated or embedded in the blockchain node device 100, so that the hardware token chip 14 can be bound to the blockchain node device 100, ensuring The security of the token; in addition, the authentication information in the hardware token chip can be read by the application, so there is no need for manual intervention in the subsequent authentication process, and it will not be stolen, lost or transferred. The blockchain network 200 authenticates the blockchain node device 100 based on the hardware token chip 14 to ensure that the blockchain node devices for access or consensus are standardized and trusted hardware.
实施例二Example two
请参阅图3所示,为本发明提供的区块链节点设备认证方法的较佳实施例的流程图。Please refer to FIG. 3, which is a flowchart of a preferred embodiment of the blockchain node device authentication method provided by the present invention.
所述区块链节点设备认证方法应用于区块链节点设备中,根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。The blockchain node device authentication method is applied to the blockchain node device. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted.
S31,当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息。S31: When the blockchain node device triggers node authentication, obtain first authentication information obtained by the operation of the hardware token chip.
本发明实施例中,所述区块链节点设备中安装了区块链程序、硬件令牌驱动程序以及集成或嵌入了硬件令牌芯片。In the embodiment of the present invention, a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
在所述区块链节点设备触发节点认证时,由所述区块链程序调用所述硬件令牌驱动程序的读取接口,所述硬件令牌驱动程序调用所述硬件令牌芯片的读取接口,所述硬件令牌芯片检测到调用信号时生成第一认证信息;此后所述硬件令牌驱动程序读取所述硬件令牌芯片运算得到的第一认证信息后返回所述第一认证信息至所述区块链程序,所述区块链程序读取所述第一认证信息。When the blockchain node device triggers node authentication, the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
应当理解的是,所述区块链程序调用所述硬件令牌驱动程序的读取接口的读取参数,与所述硬件令牌驱动程序调用所述硬件令牌芯片的读取接口的读取参数,是不相同的。所述硬件令牌驱动程序的读取接口是为了封装信息给区块链程序的,而所述硬件令牌芯片的读取接口是为了封装信息给所述硬件令牌驱动程序的。It should be understood that the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip. The parameters are not the same. The read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
在一个可选的实施例中,所述区块链节点设备可以通过以下一种或多种组合的方式触发节点认证:In an optional embodiment, the blockchain node device may trigger node authentication through one or more of the following combinations:
当检测到所述区块链节点设备启动时,确定所述区块链节点设备触发节点认证;When the startup of the blockchain node device is detected, determining that the blockchain node device triggers node authentication;
当检测到所述区块链节点设备请求区块链交易时,确定所述区块链节点设备触发节点认证。When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
在该可选的实施例中,通常,在所述区块链节点设备启动连接区块链网络时,区块链网络需要对所述区块链节点设备进行身份认证,以确定所述区块链节点设备是否是可信的节点。或者,所述区块链节点设备需要进行区块链交易时,将交易信息放入数据包中并向区块链网络进行广播,由区块链网络对所述区块链节点设备进行身份认证,以确定所述区块链节点设备是否是可信的节点。In this optional embodiment, generally, when the blockchain node device starts to connect to the blockchain network, the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node. Or, when the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
在一个可选的实施例中,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:In an optional embodiment, the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
获取所述区块链节点设备触发节点认证的时间;Acquiring the time when the blockchain node device triggers node authentication;
采用预先存储的密码算法对所述时间及随机数进行运算得到数据结果,作为所述第一认证信息。A pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
在该可选的实施例中,所述硬件令牌芯片中预先存储有令牌,例如:基于公钥基础设施(Public Key Infrastructure,PKI)技术的KEY的令牌、基于质询/响应的令牌及基于动态口令的令牌。In this optional embodiment, tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
由于区块链节点设备触发节点认证与硬件令牌驱动程序调用硬件令牌芯片的时间间隔几乎可以忽略不计,因而可以将所述硬件令牌芯片的读取接口被所述硬件令牌驱动程序调用的调用时间作为所述区块链节点设备触发节点认证的时间。当所述硬件令牌芯片的读取接口被所述硬件令牌驱动程序调用时,所述硬件令牌芯片获取硬件令牌驱动程序的调用时间,采用密码算法对调用时间及产生的随机数进行密码运算,将计算出来的数据结果作为第一认证信息返回给所述硬件令牌驱动程序。所述密码运算为现有技术,本发明在此不再详细阐述。Since the time interval between the node authentication triggered by the blockchain node device and the hardware token driver calling the hardware token chip is almost negligible, the reading interface of the hardware token chip can be called by the hardware token driver The calling time of is used as the time when the blockchain node device triggers node authentication. When the read interface of the hardware token chip is called by the hardware token driver, the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number The cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver. The cryptographic operation is a prior art, and the present invention will not be elaborated here.
所述随机数是所述硬件令牌芯片使用专门算法生成的一个不可预测的数字。由于在第一认证信息中加入了时间、随机数等不确定因素,第一认证信息则只能被使用一次,使得攻击者无法通过窃取口令或重放攻击来获取第一认证信息,因而通过硬件令牌芯片运算得到的第一认证信息安全性较高。The random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
所述区块链网络的认证服务器在接收到认证请求时,产生一个随机数,采用相同的密码算法进行密码运算,通过比对所产生的随机数与接收到的认证请求中的随机数是否相同,来确定所述认证请求是否有效。若所述认证服务器比对所产生的随机数与接收到的认证请求中的随机数相同,确定所述认证请求有效。若所述认证服务器比对所产生的随机数与接收到的认证请求中的随机数不相同,确定所述认证请求无效。When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
S32,生成包含有所述第一认证信息的第二认证信息。S32: Generate second authentication information including the first authentication information.
本发明实施例中,区块链程序读取到第一认证信息后,并不是直接将第一认证信息发送给区块链网络的认证服务器进行验证,而是根据第一认证信息生成满足要求的第二认证信息再发送给区块链网络的认证服务器。In the embodiment of the present invention, after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information. The second authentication information is then sent to the authentication server of the blockchain network.
在一个可选的实施例中,所述生成包含有所述第一认证信息的第二认证信息包括:In an optional embodiment, said generating second authentication information including said first authentication information includes:
获取预先存储的目标字段,其中,所述目标字段包括通信协议;Acquiring a pre-stored target field, where the target field includes a communication protocol;
根据消息标准规定的结构对所述目标字段及所述第一认证信息进行封装生成所述第二认证信息。Encapsulating the target field and the first authentication information according to the structure specified by the message standard to generate the second authentication information.
在该可选的实施例中,所述区块链程序读取预先存储的目标字段并结合第一认证信息生成第二认证信息。In this optional embodiment, the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
所述目标字段可以包括但不限于:消息版本号、认证目的、计算机设备标识、计算机的网际协议(Internet Protocol Address,IP)地址、计算机的媒体访问控制(Media Access Control Address,MAC)地址及通信协议等。The target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
在一个可选的实施例中,在所述生成包含有所述第一认证信息的第二认证信息之后,所述方法还包括:In an optional embodiment, after the generating the second authentication information including the first authentication information, the method further includes:
按照预设格式对所述第二认证信息进行编码。The second authentication information is encoded according to a preset format.
所述区块链节点设备根据信息在区块链网络中传输的格式对所生成的第二认证信息进行编码,例如,压缩或者加密等。使得第二认证信息能够传输到区块链网络中。则所述发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器为:发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。The blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption. The second authentication information can be transmitted to the blockchain network. Then the sending the authentication request carrying the second authentication information to the authentication server in the blockchain network is: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
S33,发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器。S33: Send an authentication request carrying the second authentication information to an authentication server in the blockchain network.
所述区块链节点设备对第二认证信息进行编码后,发送认证请求至区块链网络,其中,所述认证请求中携带有编码后的第二认证信息。After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
所述区块链网络接收到认证请求后,将所述认证请求转发给认证服务器进行验证,以确定所述区块链节点设备为可信节点。After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
S34,接收所述认证服务器对所述认证请求进行验证后返回的认证结果。S34: Receive an authentication result returned after the authentication server verifies the authentication request.
若所述认证服务器验证所述认证请求合法时,则确认所述区块链节点设备为可信节点,并向所述区块链节点设备返回区块链节点设备认证成功的认证结果。若所述认证服务器验证所述认证请求非法时,则确认所述区块链节点设备为不可信节点,并向所述区块链节点设备返回区块链节点设备认证失败的认证结果。If the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return an authentication result that the blockchain node device has failed authentication to the blockchain node device.
其中,所述认证服务器对所述认证请求进行验证取决于令牌算法,比如基于公钥基础设施(Public Key Infrastructure,PKI)技术的KEY的令牌、基于质询/响应的令牌及基于动态口令的令牌等等,具体验证方法属于现有技术,在此不再赘述。Wherein, the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password The specific verification method belongs to the prior art, and will not be repeated here.
在一个可选的实施例,若所述认证结果为所述区块链节点设备认证成功时,所述方法还包括:In an optional embodiment, if the authentication result is that the blockchain node device is successfully authenticated, the method further includes:
接入所述区块链网络。Access to the blockchain network.
在该可选的实施方式中,当所述区块链节点设备需要接入于区块链网络时,区块链网络需要对认证请求进行验证,如果所述认证成功表明所述区块链节点设备认证成功,所述区块链节点设备可以向所述区块链网络发送携带有所述认 证结果的接入请求,所述区块链网络接收到所述接入请求之后,响应所述接入请求,对所述认证结果进行验证。在验证通过时,所述区块链网络允许所述区块链节点设备接入所述区块链网络,所述区块链节点设备在接收到所述区块链网络的允许响应时,接入所述区块链网络。In this optional implementation, when the blockchain node device needs to be connected to the blockchain network, the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
在一个可选的实施例中,在验证不通过时,所述区块链网络禁止所述区块链节点设备接入所述区块链网络,所述区块链节点设备在接收到所述区块链网络的禁止响应时,可以再次发送认证请求至所述区块链网络中的认证服务器。In an optional embodiment, when the verification fails, the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
综上,本发明所述的区块链节点设备认证方法,在区块链节点设备中嵌入或集成硬件令牌芯片,实现了令牌与区块链节点设备的绑定,由于硬件令牌芯片具有动态性(每次生成的认证信息都是不同的)、随机性(每次生成的认证信息都是随机的、不可预测的)、一次性(生成的认证信息只能被使用一次、不能重复使用)、抗窃取性、不可复制性等优点,从而确保了认证信息的安全性,不会被窃取、丢失或转移;此外,硬件令牌芯片提供了认证信息的读取接口,所生成的认证信息能够被区块链程序读取,当所述区块链节点设备触发节点认证时,能够自动的生成认证请求发送至区块链网络中的认证服务器,节点认证过程自动化,无需人工干预;当节点认证通过后,区块链节点设备才能获得资格与其它区块链网络中的其他区块链节点设备建立连接,参与共识,从而从整体上提高了区块链网络的安全性,保证了接入于区块链网络中的区块链节点设备均为标准化的可信硬件。In summary, the blockchain node device authentication method of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network. The node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection The blockchain node devices in the blockchain network are all standardized and trusted hardware.
为便于进一步阐述本发明中所述的区块链节点设备认证方法,请参阅图4所示,为区块链节点设备认证区块链网络的较佳实施例的信令交互示意图。In order to further explain the authentication method of the blockchain node device in the present invention, please refer to FIG. 4, which is a schematic diagram of signaling interaction in a preferred embodiment of the blockchain node device authenticating a blockchain network.
S41,当所述区块链节点设备触发节点认证时,所述区块链程序调用所述硬件令牌驱动程序的读取接口。S41: When the blockchain node device triggers node authentication, the blockchain program calls the read interface of the hardware token driver.
S42,所述硬件令牌驱动程序调用所述硬件令牌芯片的读取接口。S42: The hardware token driver calls the read interface of the hardware token chip.
S43,所述硬件令牌芯片运算得到第一认证信息并返回所述第一认证信息至所述硬件令牌驱动程序。S43: The hardware token chip calculates to obtain first authentication information and returns the first authentication information to the hardware token driver.
S44,所述硬件令牌驱动程序读取到所述第一认证信息返回至所述区块链程序。S44, the hardware token driver reads the first authentication information and returns it to the blockchain program.
S45,所述区块链程序读取到所述第一认证信息并生成包含有所述第一认证信息的第二认证信息。S45: The blockchain program reads the first authentication information and generates second authentication information including the first authentication information.
S46,所述区块链程序根据预设格式对所述第二认证信息进行编码,同时发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。S46: The blockchain program encodes the second authentication information according to a preset format, and at the same time sends an authentication request carrying the encoded second authentication information to an authentication server in the blockchain network.
S47,所述认证服务器对所述认证请求进行合法性验证得到认证结果。S47: The authentication server performs legality verification on the authentication request to obtain an authentication result.
S48,所述认证服务器返回所述认证结果至所述区块链程序。S48: The authentication server returns the authentication result to the blockchain program.
以上所述,仅是本发明的具体实施方式,但本发明的保护范围并不局限于此,对于本领域的普通技术人员来说,在不脱离本发明创造构思的前提下,还可以做出改进,但这些均属于本发明的保护范围。The above are only specific embodiments of the present invention, but the scope of protection of the present invention is not limited to this. For those of ordinary skill in the art, without departing from the inventive concept of the present invention, they can also make Improvements, but these all belong to the protection scope of the present invention.
实施例三Example three
请参见图5,图5是本发明揭露的一种区块链节点设备认证装置的较佳实施例的功能模块图。Please refer to FIG. 5, which is a functional module diagram of a preferred embodiment of a blockchain node device authentication device disclosed in the present invention.
在一些实施例中,所述区块链节点设备认证装置运行于区块链节点设备中。所述区块链节点设备认证装置可以包括多个由程序代码段所组成的功能模块。所述区块链节点设备认证装置中的各个程序段的程序代码可以存储于存储器中,并由至少一个处理器所执行,以执行图3所描述的区块链节点设备认证方法中的部分或全部步骤。In some embodiments, the blockchain node device authentication device runs in the blockchain node device. The device for authenticating blockchain node equipment may include a plurality of functional modules composed of program code segments. The program code of each program segment in the blockchain node device authentication device can be stored in a memory and executed by at least one processor to execute part or part of the blockchain node device authentication method described in FIG. 3 All steps.
本实施例中,所述区块链节点设备认证装置50根据其所执行的功能,可以被划分为多个功能模块。所述功能模块可以包括:运算模块501、生成模块502、编码模块503、发送模块504、接收模块505及接入模块506。本发明所称的模块是指一种能够被至少一个处理器所执行并且能够完成固定功能的一系列计算机程序段,其存储在存储器中。在一些实施例中,关于各模块的功能将在后续的实施例中详述。In this embodiment, the blockchain node equipment authentication device 50 can be divided into multiple functional modules according to the functions it performs. The functional modules may include: an arithmetic module 501, a generating module 502, an encoding module 503, a sending module 504, a receiving module 505, and an access module 506. The module referred to in the present invention refers to a series of computer program segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory. In some embodiments, the functions of each module will be detailed in subsequent embodiments.
运算模块501,用于当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息。The calculation module 501 is configured to obtain first authentication information obtained by calculation of the hardware token chip when the blockchain node device triggers node authentication.
本发明实施例中,所述区块链节点设备中安装了区块链程序、硬件令牌驱动程序以及集成或嵌入了硬件令牌芯片。In the embodiment of the present invention, a blockchain program, a hardware token driver, and a hardware token chip are integrated or embedded in the blockchain node device.
在所述区块链节点设备触发节点认证时,由所述区块链程序调用所述硬件令牌驱动程序的读取接口,所述硬件令牌驱动程序调用所述硬件令牌芯片的读取接口,所述硬件令牌芯片检测到调用信号时生成第一认证信息;此后所述硬件令牌驱动程序读取所述硬件令牌芯片运算得到的第一认证信息后返回所述第一认证信息至所述区块链程序,所述区块链程序读取所述第一认证信息。When the blockchain node device triggers node authentication, the blockchain program calls the read interface of the hardware token driver, and the hardware token driver calls the read of the hardware token chip Interface, the hardware token chip generates first authentication information when the call signal is detected; after that, the hardware token driver reads the first authentication information calculated by the hardware token chip and returns the first authentication information To the blockchain program, the blockchain program reads the first authentication information.
应当理解的是,所述区块链程序调用所述硬件令牌驱动程序的读取接口的读取参数,与所述硬件令牌驱动程序调用所述硬件令牌芯片的读取接口的读取参数,是不相同的。所述硬件令牌驱动程序的读取接口是为了封装信息给区块链程序的,而所述硬件令牌芯片的读取接口是为了封装信息给所述硬件令牌驱动程序的。It should be understood that the block chain program calls the read parameters of the read interface of the hardware token driver, and the hardware token driver calls the read interface of the hardware token chip. The parameters are not the same. The read interface of the hardware token driver is used to encapsulate information to the blockchain program, and the read interface of the hardware token chip is used to encapsulate information to the hardware token driver.
在一个可选的实施例中,所述区块链节点设备可以通过以下一种或多种组合的方式触发节点认证:In an optional embodiment, the blockchain node device may trigger node authentication through one or more of the following combinations:
当检测到所述区块链节点设备启动时,确定所述区块链节点设备触发节点认证;When the startup of the blockchain node device is detected, determining that the blockchain node device triggers node authentication;
当检测到所述区块链节点设备请求区块链交易时,确定所述区块链节点设备触发节点认证。When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
在该可选的实施例中,通常,在所述区块链节点设备启动连接区块链网络时,区块链网络需要对所述区块链节点设备进行身份认证,以确定所述区块链节点设备是否是可信的节点。或者,所述区块链节点设备需要进行区块链交易时,将交易信息放入数据包中并向区块链网络进行广播,由区块链网络对所述区块链节点设备进行身份认证,以确定所述区块链节点设备是否是可信的节点。In this optional embodiment, generally, when the blockchain node device starts to connect to the blockchain network, the blockchain network needs to perform identity authentication on the blockchain node device to determine the block Whether the chain node device is a trusted node. Or, when the block chain node device needs to perform a block chain transaction, the transaction information is put into a data packet and broadcast to the block chain network, and the block chain network performs identity authentication on the block chain node device To determine whether the blockchain node device is a trusted node.
在一个可选的实施例中,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:In an optional embodiment, the obtaining the first authentication information obtained by the operation of the hardware token chip includes:
获取所述区块链节点设备触发节点认证的时间;Acquiring the time when the blockchain node device triggers node authentication;
采用预先存储的密码算法对所述时间及随机数进行运算得到数据结果,作为所述第一认证信息。A pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
在该可选的实施例中,所述硬件令牌芯片中预先存储有令牌,例如:基于公钥基础设施(Public Key Infrastructure,PKI)技术的KEY的令牌、基于质询/响应的令牌及基于动态口令的令牌。In this optional embodiment, tokens are pre-stored in the hardware token chip, for example: KEY tokens based on public key infrastructure (Public Key Infrastructure, PKI) technology, tokens based on challenge/response And tokens based on dynamic passwords.
由于区块链节点设备触发节点认证与硬件令牌驱动程序调用硬件令牌芯片的时间间隔几乎可以忽略不计,因而可以将所述硬件令牌芯片的读取接口被所述硬件令牌驱动程序调用的调用时间作为所述区块链节点设备触发节点认证的时间。当所述硬件令牌芯片的读取接口被所述硬件令牌驱动程序调用时,所述硬件令牌芯片获取硬件令牌驱动程序的调用时间,采用密码算法对调用时间及产生的随机数进行密码运算,将计算出来的数据结果作为第一认证信息返回给所述硬件令牌驱动程序。所述密码运算为现有技术,本发明在此不再详细阐述。Since the time interval between the node authentication triggered by the blockchain node device and the hardware token driver calling the hardware token chip is almost negligible, the reading interface of the hardware token chip can be called by the hardware token driver The calling time of is used as the time when the blockchain node device triggers node authentication. When the read interface of the hardware token chip is called by the hardware token driver, the hardware token chip obtains the calling time of the hardware token driver, and uses a cryptographic algorithm to perform the calling time and the generated random number The cryptographic operation returns the calculated data result as the first authentication information to the hardware token driver. The cryptographic operation is a prior art, and the present invention will not be elaborated here.
所述随机数是所述硬件令牌芯片使用专门算法生成的一个不可预测的数字。由于在第一认证信息中加入了时间、随机数等不确定因素,第一认证信息则只能被使用一次,使得攻击者无法通过窃取口令或重放攻击来获取第一认证信息,因而通过硬件令牌芯片运算得到的第一认证信息安全性较高。The random number is an unpredictable number generated by the hardware token chip using a special algorithm. Because uncertain factors such as time and random numbers are added to the first authentication information, the first authentication information can only be used once, so that the attacker cannot obtain the first authentication information by stealing passwords or replaying attacks. The first authentication information obtained by the token chip operation has higher security.
所述区块链网络的认证服务器在接收到认证请求时,产生一个随机数,采用相同的密码算法进行密码运算,通过比对所产生的随机数与接收到的认证请求中的随机数是否相同,来确定所述认证请求是否有效。若所述认证服务器比 对所产生的随机数与接收到的认证请求中的随机数相同,确定所述认证请求有效。若所述认证服务器比对所产生的随机数与接收到的认证请求中的随机数不相同,确定所述认证请求无效。When the authentication server of the blockchain network receives an authentication request, it generates a random number, uses the same cryptographic algorithm for cryptographic operations, and compares whether the generated random number is the same as the random number in the received authentication request To determine whether the authentication request is valid. If the random number generated by the authentication server is the same as the random number in the received authentication request, it is determined that the authentication request is valid. If the random number generated by the authentication server comparison is different from the random number in the received authentication request, it is determined that the authentication request is invalid.
生成模块502,用于生成包含有所述第一认证信息的第二认证信息。The generating module 502 is configured to generate second authentication information including the first authentication information.
本发明实施例中,区块链程序读取到第一认证信息后,并不是直接将第一认证信息发送给区块链网络的认证服务器进行验证,而是根据第一认证信息生成满足要求的第二认证信息再发送给区块链网络的认证服务器。In the embodiment of the present invention, after the blockchain program reads the first authentication information, it does not directly send the first authentication information to the authentication server of the blockchain network for verification, but generates the information that meets the requirements based on the first authentication information. The second authentication information is then sent to the authentication server of the blockchain network.
在一个可选的实施例中,所述生成模块502生成包含有所述第一认证信息的第二认证信息包括:In an optional embodiment, the generating module 502 generating the second authentication information including the first authentication information includes:
获取预先存储的目标字段,其中,所述目标字段包括通信协议;Acquiring a pre-stored target field, where the target field includes a communication protocol;
根据消息标准规定的结构对所述目标字段及所述第一认证信息进行封装生成所述第二认证信息。Encapsulating the target field and the first authentication information according to the structure specified by the message standard to generate the second authentication information.
在该可选的实施例中,所述区块链程序读取预先存储的目标字段并结合第一认证信息生成第二认证信息。In this optional embodiment, the blockchain program reads the pre-stored target field and combines the first authentication information to generate the second authentication information.
所述目标字段可以包括但不限于:消息版本号、认证目的、计算机设备标识、计算机的网际协议(Internet Protocol Address,IP)地址、计算机的媒体访问控制(Media Access Control Address,MAC)地址及通信协议等。The target field may include, but is not limited to: message version number, authentication purpose, computer equipment identification, computer’s Internet Protocol (IP) address, computer’s media access control (Media Access Control Address, MAC) address and communication Agreement etc.
编码模块503,用于根据预设格式对所述第二认证信息进行编码。The encoding module 503 is configured to encode the second authentication information according to a preset format.
所述区块链节点设备根据信息在区块链网络中传输的格式对所生成的第二认证信息进行编码,例如,压缩或者加密等。使得第二认证信息能够传输到区块链网络中。The blockchain node device encodes the generated second authentication information according to the format in which the information is transmitted in the blockchain network, for example, compression or encryption. The second authentication information can be transmitted to the blockchain network.
发送模块504,用于发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;或者发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。The sending module 504 is configured to send the authentication request carrying the second authentication information to the authentication server in the blockchain network; or send the authentication request carrying the encoded second authentication information to the authentication in the blockchain network server.
所述区块链节点设备对第二认证信息进行编码后,发送认证请求至区块链网络,其中,所述认证请求中携带有编码后的第二认证信息。After the blockchain node device encodes the second authentication information, it sends an authentication request to the blockchain network, where the authentication request carries the encoded second authentication information.
所述区块链网络接收到认证请求后,将所述认证请求转发给认证服务器进行验证,以确定所述区块链节点设备为可信节点。After receiving the authentication request, the blockchain network forwards the authentication request to the authentication server for verification, so as to determine that the blockchain node device is a trusted node.
接收模块505,用于接收所述认证服务器对所述认证请求进行验证后返回的认证结果。The receiving module 505 is configured to receive the authentication result returned after the authentication server verifies the authentication request.
若所述认证服务器验证所述认证请求合法时,则确认所述区块链节点设备为可信节点,并向所述区块链节点设备返回区块链节点设备认证成功的认证结果。若所述认证服务器验证所述认证请求非法时,则确认所述区块链节点设备 为不可信节点,并向所述区块链节点设备返回区块链节点设备认证失败的认证结果。If the authentication server verifies that the authentication request is legal, it confirms that the blockchain node device is a trusted node, and returns an authentication result that the blockchain node device is successfully authenticated to the blockchain node device. If the authentication server verifies that the authentication request is illegal, confirm that the blockchain node device is an untrusted node, and return to the blockchain node device an authentication result that the blockchain node device has failed authentication.
其中,所述认证服务器对所述认证请求进行验证取决于令牌算法,比如基于公钥基础设施(Public Key Infrastructure,PKI)技术的KEY的令牌、基于质询/响应的令牌及基于动态口令的令牌等等,具体验证方法属于现有技术,在此不再赘述。Wherein, the authentication server verifying the authentication request depends on the token algorithm, such as KEY token based on Public Key Infrastructure (PKI) technology, token based on challenge/response, and based on dynamic password The specific verification method belongs to the prior art, and will not be repeated here.
在一个可选的实施例,若所述认证结果为所述区块链节点设备认证成功时,所述装置还包括:In an optional embodiment, if the authentication result is that the blockchain node device is successfully authenticated, the apparatus further includes:
接入模块506,用于接入所述区块链网络。The access module 506 is used to access the blockchain network.
在该可选的实施方式中,当所述区块链节点设备需要接入于区块链网络时,区块链网络需要对认证请求进行验证,如果所述认证成功表明所述区块链节点设备认证成功,所述区块链节点设备可以向所述区块链网络发送携带有所述认证结果的接入请求,所述区块链网络接收到所述接入请求之后,响应所述接入请求,对所述认证结果进行验证。在验证通过时,所述区块链网络允许所述区块链节点设备接入所述区块链网络,所述区块链节点设备在接收到所述区块链网络的允许响应时,接入所述区块链网络。In this optional implementation, when the blockchain node device needs to be connected to the blockchain network, the blockchain network needs to verify the authentication request. If the authentication succeeds, it indicates that the blockchain node If the device is successfully authenticated, the blockchain node device may send an access request carrying the authentication result to the blockchain network. After receiving the access request, the blockchain network responds to the access request. Enter a request to verify the authentication result. When the verification is passed, the blockchain network allows the blockchain node device to access the blockchain network, and when the blockchain node device receives the permission response from the blockchain network, connects Enter the blockchain network.
在一个可选的实施例中,在验证不通过时,所述区块链网络禁止所述区块链节点设备接入所述区块链网络,所述区块链节点设备在接收到所述区块链网络的禁止响应时,可以再次发送认证请求至所述区块链网络中的认证服务器。In an optional embodiment, when the verification fails, the blockchain network prohibits the blockchain node device from accessing the blockchain network, and the blockchain node device receives the When the block chain network responds to the prohibition, the authentication request can be sent again to the authentication server in the block chain network.
综上,本发明所述的区块链节点设备认证装置,在区块链节点设备中嵌入或集成硬件令牌芯片,实现了令牌与区块链节点设备的绑定,由于硬件令牌芯片具有动态性(每次生成的认证信息都是不同的)、随机性(每次生成的认证信息都是随机的、不可预测的)、一次性(生成的认证信息只能被使用一次、不能重复使用)、抗窃取性、不可复制性等优点,从而确保了认证信息的安全性,不会被窃取、丢失或转移;此外,硬件令牌芯片提供了认证信息的读取接口,所生成的认证信息能够被区块链程序读取,当所述区块链节点设备触发节点认证时,能够自动的生成认证请求发送至区块链网络中的认证服务器,节点认证过程自动化,无需人工干预;当节点认证通过后,区块链节点设备才能获得资格与其它区块链网络中的其他区块链节点设备建立连接,参与共识,从而从整体上提高了区块链网络的安全性,保证了接入于区块链网络中的区块链节点设备均为标准化的可信硬件。In summary, the blockchain node device authentication device of the present invention embeds or integrates a hardware token chip in the blockchain node device to realize the binding of the token and the blockchain node device, because the hardware token chip Dynamic (the authentication information generated each time is different), random (the authentication information generated each time is random and unpredictable), one-time (the generated authentication information can only be used once and cannot be repeated) Use), anti-theft, non-duplication and other advantages, so as to ensure the security of the authentication information, will not be stolen, lost or transferred; in addition, the hardware token chip provides a reading interface for the authentication information, the generated authentication The information can be read by the blockchain program. When the blockchain node device triggers node authentication, it can automatically generate an authentication request and send it to the authentication server in the blockchain network. The node authentication process is automated without manual intervention; After the node authentication is passed, the blockchain node device can be qualified to establish connections with other blockchain node devices in other blockchain networks and participate in consensus, thereby improving the security of the blockchain network as a whole and ensuring the connection The blockchain node devices in the blockchain network are all standardized and trusted hardware.
以上所述,仅是本发明的具体实施方式,但本发明的保护范围并不局限于此,对于本领域的普通技术人员来说,在不脱离本发明创造构思的前提下,还 可以做出改进,但这些均属于本发明的保护范围。The above are only specific embodiments of the present invention, but the scope of protection of the present invention is not limited to this. For those of ordinary skill in the art, without departing from the inventive concept of the present invention, they can also make Improvements, but these all belong to the protection scope of the present invention.
实施例四Example four
如图6所示,图6是本发明实现区块链节点设备认证方法的较佳实施例的区块链节点设备的另一结构示意图。所述区块链节点设备6包括存储器61、至少一个处理器62、存储在所述存储器61中并可在所述至少一个处理器62上运行的计算机程序63及至少一条通讯总线64。As shown in FIG. 6, FIG. 6 is another schematic diagram of the structure of the blockchain node device in the preferred embodiment of the method for implementing the blockchain node device authentication of the present invention. The blockchain node device 6 includes a memory 61, at least one processor 62, a computer program 63 stored in the memory 61 and running on the at least one processor 62, and at least one communication bus 64.
本领域技术人员可以理解,图6所示的示意图仅仅是所述区块链节点设备6的示例,并不构成对所述区块链节点设备6的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述区块链节点设备6还可以包括输入输出设备、网络接入设备等。Those skilled in the art can understand that the schematic diagram shown in FIG. 6 is only an example of the blockchain node device 6 and does not constitute a limitation on the blockchain node device 6, and may include more or more A few components, or a combination of some components, or different components, for example, the blockchain node device 6 may also include input and output devices, network access devices, and the like.
所述区块链节点设备6还包括但不限于任何一种可与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、个人数字助理(Personal Digital Assistant,PDA)、游戏机、交互式网络电视(Internet Protocol Television,IPTV)、智能式穿戴式设备等。所述区块链节点设备6所处的网络包括但不限于互联网、广域网、城域网、局域网、虚拟专用网络(Virtual Private Network,VPN)等。The blockchain node device 6 also includes, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, Smart phones, personal digital assistants (PDAs), game consoles, Internet Protocol Television (IPTV), smart wearable devices, etc. The network where the blockchain node device 6 is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
所述至少一个处理器62可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。该处理器62可以是微处理器或者该处理器62也可以是任何常规的处理器等,所述处理器62是所述区块链节点设备6的控制中心,利用各种接口和线路连接整个区块链节点设备6的各个部分。The at least one processor 62 may be a central processing unit (Central Processing Unit, CPU), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application specific integrated circuits (ASICs). ), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The processor 62 can be a microprocessor or the processor 62 can also be any conventional processor, etc. The processor 62 is the control center of the blockchain node device 6 and connects the entire Various parts of the blockchain node device 6.
所述存储器61可用于存储所述计算机程序66和/或模块/单元,所述处理器62通过运行或执行存储在所述存储器61内的计算机程序和/或模块/单元,以及调用存储在存储器61内的数据,实现所述区块链节点设备6的各种功能。所述存储器61可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据区块链节点设备6的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器61可以包括高速随机存取存储器,还可以包括非易失性存储器,例如硬盘、内存、插接式硬盘,智能存储卡(Smart Media  Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)、至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 61 may be used to store the computer program 66 and/or modules/units. The processor 62 runs or executes the computer programs and/or modules/units stored in the memory 61 and calls the computer programs and/or modules/units stored in the memory 61. The data in 61 realizes various functions of the blockchain node device 6. The memory 61 may mainly include a program storage area and a data storage area, where the program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.); the storage data area may The data (such as audio data, phone book, etc.) created according to the use of the blockchain node device 6 is stored. In addition, the memory 61 may include a high-speed random access memory, and may also include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), and a Secure Digital (SD) Card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
优选的,所述处理器62执行上述指令时实现如下步骤:Preferably, the processor 62 implements the following steps when executing the foregoing instructions:
当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息;When the blockchain node device triggers node authentication, acquiring the first authentication information obtained by the hardware token chip operation;
生成包含有所述第一认证信息的第二认证信息;Generating second authentication information including the first authentication information;
发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;Sending an authentication request carrying the second authentication information to an authentication server in the blockchain network;
接收所述认证服务器对所述认证请求进行验证后返回的认证结果。Receiving the authentication result returned after the authentication server verifies the authentication request.
进一步的,所述处理器62获取所述硬件令牌芯片运算得到的第一认证信息包括:Further, the processor 62 obtaining the first authentication information obtained by the operation of the hardware token chip includes:
获取所述区块链节点设备触发节点认证的时间;Acquiring the time when the blockchain node device triggers node authentication;
采用预先存储的密码算法对所述时间及随机数进行运算得到数据结果,作为所述第一认证信息。A pre-stored cryptographic algorithm is used to calculate the time and random number to obtain a data result as the first authentication information.
进一步的,所述处理器62生成包含有所述第一认证信息的第二认证信息包括:Further, generating, by the processor 62, second authentication information including the first authentication information includes:
获取预先存储的目标字段,其中,所述目标字段包括通信协议;Acquiring a pre-stored target field, where the target field includes a communication protocol;
根据消息标准规定的结构对所述目标字段及所述第一认证信息进行封装生成所述第二认证信息。Encapsulating the target field and the first authentication information according to the structure specified by the message standard to generate the second authentication information.
进一步的,所述生成包含有所述第一认证信息的第二认证信息之后,所述处理器62执行上述指令时还实现如下步骤:Further, after the second authentication information including the first authentication information is generated, the processor 62 further implements the following steps when executing the above instructions:
按照预设格式对所述第二认证信息进行编码;Encoding the second authentication information according to a preset format;
所述发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器包括:发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。The sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
进一步的,所述区块链节点设备通过以下一种或多种组合的方式触发节点认证:Further, the blockchain node device triggers node authentication through one or more of the following combinations:
当检测到所述区块链节点设备启动时,确定所述区块链节点设备触发节点认证;When the startup of the blockchain node device is detected, determining that the blockchain node device triggers node authentication;
当检测到所述区块链节点设备请求区块链交易时,确定所述区块链节点设备触发节点认证。When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
进一步的,若所述认证结果为所述区块链节点设备认证成功时,所述处理器62执行上述指令时还实现如下步骤:Further, if the authentication result is that the blockchain node device is successfully authenticated, the processor 62 further implements the following steps when executing the above instructions:
接入所述区块链网络。Access to the blockchain network.
所述处理器62对上述指令的具体实现方法可参考图3对应实施例中相关步骤的描述,在此不赘述。For the specific implementation method of the processor 62 on the foregoing instructions, reference may be made to the description of the relevant steps in the embodiment corresponding to FIG. 3, which is not repeated here.
所述区块链节点设备6集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。If the integrated module/unit of the blockchain node device 6 is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the present invention implements all or part of the processes in the above-mentioned embodiment methods, and can also be completed by instructing relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When executed by the processor, the steps of the foregoing method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc. It should be noted that the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
在本发明所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。In the several embodiments provided by the present invention, it should be understood that the disclosed system, device, and method can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the modules is only a logical function division, and there may be other division methods in actual implementation.
所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能模块的形式实现。In addition, the functional modules in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional modules.
对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的具体形式实现本发明。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本发明的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化涵括在本发明内。不应将权 利要求中的任何附关联图标记视为限制所涉及的权利要求。此外,显然“包括”一词不排除其他单元或步骤,单数不排除复数。系统权利要求中陈述的多个单元或装置也可以由一个单元或装置通过软件或者硬件来实现。第二等词语用来表示名称,而并不表示任何特定的顺序。For those skilled in the art, it is obvious that the present invention is not limited to the details of the foregoing exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or basic characteristics of the present invention. Therefore, from any point of view, the embodiments should be regarded as exemplary and non-limiting. The scope of the present invention is defined by the appended claims rather than the above description, and therefore it is intended to fall within the claims. All changes within the meaning and scope of equivalent elements of are included in the present invention. Any associated diagram marks in the claims shall not be regarded as limiting the claims involved. In addition, it is obvious that the word "including" does not exclude other units or steps, and the singular does not exclude the plural. Multiple units or devices stated in the system claims can also be implemented by one unit or device through software or hardware. The second class words are used to indicate names, and do not indicate any specific order.
最后应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或等同替换,而不脱离本发明技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the present invention can be Modifications or equivalent replacements are made without departing from the spirit and scope of the technical solution of the present invention.

Claims (13)

  1. 一种区块链节点设备,安装有区块链程序,其特征在于,所述区块链节点设备还包括:硬件令牌芯片和硬件令牌驱动程序;A block chain node device installed with a block chain program, wherein the block chain node device further includes: a hardware token chip and a hardware token driver;
    所述区块链程序,用于当所述区块链节点设备触发节点认证时,调用所述硬件令牌驱动程序;The blockchain program is used to call the hardware token driver when the blockchain node device triggers node authentication;
    所述硬件令牌驱动程序,用于在被调用时,调用所述硬件令牌芯片中的读取接口,读取所述硬件令牌芯片运算得到的第一认证信息;The hardware token driver is configured to, when called, call the read interface in the hardware token chip to read the first authentication information obtained by the operation of the hardware token chip;
    所述硬件令牌芯片,用于运算得到第一认证信息并返回至所述硬件令牌驱动程序;The hardware token chip is used to obtain the first authentication information by calculation and return it to the hardware token driver;
    所述区块链程序,还用于在读取所述硬件令牌驱动程序返回的第一认证信息后生成包含所述第一认证信息的第二认证信息,并发送携带有所述第二认证信息的认证请求至所述区块链网络的认证服务器。The blockchain program is also used to generate second authentication information containing the first authentication information after reading the first authentication information returned by the hardware token driver, and send the second authentication information The authentication request of the information is sent to the authentication server of the blockchain network.
  2. 如权利要求1所述的区块链节点设备,其特征在于,The blockchain node device according to claim 1, wherein:
    所述硬件令牌驱动程序位于操作系统内核层;The hardware token driver is located at the kernel layer of the operating system;
    所述硬件令牌芯片安装在主板上,与所述主板的总线相连接。The hardware token chip is installed on the motherboard and connected to the bus of the motherboard.
  3. 如权利要求1或2所述的区块链节点设备,其特征在于,所述硬件令牌芯片在被所述硬件令牌驱动程序调用时运算得到第一认证信息;或者,所述硬件令牌芯片周期性的自动运算得到第一认证信息。The blockchain node device of claim 1 or 2, wherein the hardware token chip calculates the first authentication information when called by the hardware token driver; or, the hardware token The chip periodically automatically calculates the first authentication information.
  4. 一种区块链节点设备认证方法,其特征在于,所述方法应用于内置了硬件令牌芯片的区块链节点设备中,所述方法包括:A blockchain node device authentication method, characterized in that the method is applied to a blockchain node device with a built-in hardware token chip, and the method includes:
    当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息;When the blockchain node device triggers node authentication, acquiring the first authentication information obtained by the hardware token chip operation;
    生成包含有所述第一认证信息的第二认证信息;Generating second authentication information including the first authentication information;
    发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;Sending an authentication request carrying the second authentication information to an authentication server in the blockchain network;
    接收所述认证服务器对所述认证请求进行验证后返回的认证结果。Receiving the authentication result returned after the authentication server verifies the authentication request.
  5. 根据权利要求4所述的方法,其特征在于,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:The method according to claim 4, wherein the obtaining the first authentication information obtained by the operation of the hardware token chip comprises:
    通过硬件令牌驱动程序调用所述硬件令牌芯片中的读取接口,以读取硬件令牌芯片运算得到的第一认证信息。The reading interface in the hardware token chip is called by the hardware token driver to read the first authentication information obtained by the hardware token chip operation.
  6. 根据权利要求4所述的方法,其特征在于,所述获取所述硬件令牌芯片运算得到的第一认证信息包括:The method according to claim 4, wherein the obtaining the first authentication information obtained by the operation of the hardware token chip comprises:
    获取所述区块链节点设备触发节点认证的时间;Acquiring the time when the blockchain node device triggers node authentication;
    采用预先存储的密码算法对所述时间及随机数进行运算得到数据结果,作 为所述第一认证信息。A pre-stored cryptographic algorithm is used to calculate the time and a random number to obtain a data result as the first authentication information.
  7. 根据权利要求6所述的方法,其特征在于,所述生成包含有所述第一认证信息的第二认证信息包括:The method according to claim 6, wherein said generating second authentication information including said first authentication information comprises:
    获取预先存储的目标字段,其中,所述目标字段包括通信协议;Acquiring a pre-stored target field, where the target field includes a communication protocol;
    根据消息标准规定的结构对所述目标字段及所述第一认证信息进行封装生成所述第二认证信息。Encapsulating the target field and the first authentication information according to the structure specified by the message standard to generate the second authentication information.
  8. 根据权利要求7所述的方法,其特征在于,在所述生成包含有所述第一认证信息的第二认证信息之后,所述方法还包括:8. The method according to claim 7, wherein after said generating the second authentication information containing the first authentication information, the method further comprises:
    按照预设格式对所述第二认证信息进行编码;Encoding the second authentication information according to a preset format;
    所述发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器包括:发送携带有编码后的第二认证信息的认证请求至区块链网络中的认证服务器。The sending the authentication request carrying the second authentication information to the authentication server in the blockchain network includes: sending the authentication request carrying the encoded second authentication information to the authentication server in the blockchain network.
  9. 根据权利要求4至8中任意一项所述的方法,其特征在于,所述区块链节点设备通过以下一种或多种组合的方式触发节点认证:The method according to any one of claims 4 to 8, wherein the blockchain node device triggers node authentication through one or more of the following combinations:
    当检测到所述区块链节点设备启动时,确定所述区块链节点设备触发节点认证;When the startup of the blockchain node device is detected, determining that the blockchain node device triggers node authentication;
    当检测到所述区块链节点设备请求区块链交易时,确定所述区块链节点设备触发节点认证。When it is detected that the blockchain node device requests a blockchain transaction, it is determined that the blockchain node device triggers node authentication.
  10. 根据权利要求4至8中任意一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 4 to 8, wherein the method further comprises:
    若所述认证结果为所述区块链节点设备认证成功时,接入所述区块链网络。If the authentication result is that the blockchain node device is successfully authenticated, access the blockchain network.
  11. 一种区块链节点设备认证装置,其特征在于,所述装置运行于内置了硬件令牌芯片的区块链节点设备中,所述装置包括:A blockchain node device authentication device, characterized in that the device runs in a blockchain node device with a built-in hardware token chip, and the device includes:
    运算模块,用于当所述区块链节点设备触发节点认证时,获取所述硬件令牌芯片运算得到的第一认证信息;An arithmetic module, configured to obtain first authentication information obtained by the hardware token chip operation when the blockchain node device triggers node authentication;
    生成模块,用于生成包含有所述第一认证信息的第二认证信息;A generating module, configured to generate second authentication information including the first authentication information;
    发送模块,用于发送携带有所述第二认证信息的认证请求至区块链网络中的认证服务器;A sending module, configured to send an authentication request carrying the second authentication information to an authentication server in the blockchain network;
    接收模块,用于接收所述认证服务器对所述认证请求进行验证后返回的认证结果。The receiving module is configured to receive the authentication result returned by the authentication server after verifying the authentication request.
  12. 一种区块链节点设备,其特征在于,所述区块链节点设备包括处理器和存储器,所述存储器上存储有可在所述处理器上运行的区块链节点设备认证的下载程序,所述区块链节点设备认证的下载程序被所述处理器执行时实现如权 利要求4至10中任意一项所述的区块链节点设备认证方法。A blockchain node device, characterized in that the blockchain node device includes a processor and a memory, and a download program for blockchain node device authentication that can be run on the processor is stored in the memory, When the download program for blockchain node device authentication is executed by the processor, the blockchain node device authentication method according to any one of claims 4 to 10 is realized.
  13. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有区块链节点设备认证的下载程序,所述区块链节点设备认证的下载程序可被一个或者多个处理器执行,以实现如权利要求4至10中任意一项所述的区块链节点设备认证方法。A computer-readable storage medium, characterized in that a download program for blockchain node device authentication is stored on the computer-readable storage medium, and the download program for blockchain node device authentication can be processed by one or more The device executes to implement the blockchain node device authentication method according to any one of claims 4 to 10.
PCT/CN2019/092143 2019-06-20 2019-06-20 Blockchain node device, authentication method and device thereof, and storage medium WO2020252753A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980004507.5A CN112544057B (en) 2019-06-20 2019-06-20 Block chain node equipment, authentication method and device thereof and storage medium
PCT/CN2019/092143 WO2020252753A1 (en) 2019-06-20 2019-06-20 Blockchain node device, authentication method and device thereof, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/092143 WO2020252753A1 (en) 2019-06-20 2019-06-20 Blockchain node device, authentication method and device thereof, and storage medium

Publications (1)

Publication Number Publication Date
WO2020252753A1 true WO2020252753A1 (en) 2020-12-24

Family

ID=74037615

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/092143 WO2020252753A1 (en) 2019-06-20 2019-06-20 Blockchain node device, authentication method and device thereof, and storage medium

Country Status (2)

Country Link
CN (1) CN112544057B (en)
WO (1) WO2020252753A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116800507A (en) * 2023-06-30 2023-09-22 深圳市联瑞电子有限公司 Identification method and system of intelligent network card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674284A (en) * 2008-09-08 2010-03-17 联想(北京)有限公司 Authentication method and system, user side server and authentication server
CN107682331A (en) * 2017-09-28 2018-02-09 复旦大学 Internet of Things identity identifying method based on block chain
WO2018152410A1 (en) * 2017-02-16 2018-08-23 Eingot Llc Records access and management
CN109903041A (en) * 2018-11-30 2019-06-18 阿里巴巴集团控股有限公司 The method and system of block cochain for the transaction of block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9292712B2 (en) * 2012-09-28 2016-03-22 St-Ericsson Sa Method and apparatus for maintaining secure time
CN105847000A (en) * 2016-05-27 2016-08-10 深圳市雪球科技有限公司 Token generation method and communication system based on same
CN105897764B (en) * 2016-06-15 2019-08-30 中电长城网际系统应用有限公司 A kind of safety certifying method, apparatus and system
CN111247547A (en) * 2017-05-26 2020-06-05 区块链控股有限公司 Script-based blockchain interaction
CN108183889A (en) * 2017-12-15 2018-06-19 深圳市文鼎创数据科技有限公司 Identity identifying method and identification authentication system
CN108737418B (en) * 2018-05-22 2020-09-15 飞天诚信科技股份有限公司 Identity authentication method and system based on block chain
CN109829013A (en) * 2018-12-27 2019-05-31 上海点融信息科技有限责任公司 For running the method for intelligent contract in block chain network, storage medium, calculating equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674284A (en) * 2008-09-08 2010-03-17 联想(北京)有限公司 Authentication method and system, user side server and authentication server
WO2018152410A1 (en) * 2017-02-16 2018-08-23 Eingot Llc Records access and management
CN107682331A (en) * 2017-09-28 2018-02-09 复旦大学 Internet of Things identity identifying method based on block chain
CN109903041A (en) * 2018-11-30 2019-06-18 阿里巴巴集团控股有限公司 The method and system of block cochain for the transaction of block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116800507A (en) * 2023-06-30 2023-09-22 深圳市联瑞电子有限公司 Identification method and system of intelligent network card

Also Published As

Publication number Publication date
CN112544057A (en) 2021-03-23
CN112544057B (en) 2023-07-18

Similar Documents

Publication Publication Date Title
CN108898389B (en) Content verification method and device based on block chain and electronic equipment
CN111429254B (en) Business data processing method and device and readable storage medium
TWI701573B (en) Data storage method and device based on blockchain, and electronic equipment
CN108777684B (en) Identity authentication method, system and computer readable storage medium
WO2022095244A1 (en) Cross-chain transaction method, system and apparatus, device, and storage medium
CN110177124B (en) Identity authentication method based on block chain and related equipment
US20160080157A1 (en) Network authentication method for secure electronic transactions
KR20190118561A (en) Digital Certificate Management Methods, Devices, and Systems
WO2021169107A1 (en) Internet identity protection method and apparatus, electronic device, and storage medium
CN110915183A (en) Block chain authentication via hard/soft token validation
TW202018557A (en) Data evidence saving method and device based on blockchain and electronic equipment
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
TW201931275A (en) Methods for access control of contract data in a distributed system with distributed consensus and contract generator and validation server thereof
KR20190114434A (en) Method for oauth service through blockchain, and terminal and server using the same
CN108335105B (en) Data processing method and related equipment
TWI776404B (en) Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium
KR20190114432A (en) Method for oauth service through blockchain, and terminal and server using the same
US20230071022A1 (en) Zero-knowledge proof-based certificate service method using blockchain network, certification support server using same, and user terminal using same
WO2019178763A1 (en) Certificate importing method and terminal
CN111431840A (en) Security processing method and device
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
WO2020252753A1 (en) Blockchain node device, authentication method and device thereof, and storage medium
JP6581611B2 (en) Authentication key sharing system and authentication key sharing method
CN113114610B (en) Stream taking method, device and equipment
CN116170144B (en) Smart power grid anonymous authentication method, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19934000

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19934000

Country of ref document: EP

Kind code of ref document: A1