[go: up one dir, main page]

WO2020177508A1 - Construction de chaîne de blocs, et procédé et appareil de division de groupe - Google Patents

Construction de chaîne de blocs, et procédé et appareil de division de groupe Download PDF

Info

Publication number
WO2020177508A1
WO2020177508A1 PCT/CN2020/074750 CN2020074750W WO2020177508A1 WO 2020177508 A1 WO2020177508 A1 WO 2020177508A1 CN 2020074750 W CN2020074750 W CN 2020074750W WO 2020177508 A1 WO2020177508 A1 WO 2020177508A1
Authority
WO
WIPO (PCT)
Prior art keywords
organization
node
group
certificate
configuration file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2020/074750
Other languages
English (en)
Chinese (zh)
Inventor
李昊轩
王�章
李辉忠
张开翔
范瑞彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Publication of WO2020177508A1 publication Critical patent/WO2020177508A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present invention relates to the technical field of financial technology (Fintech), and in particular to a method and device for building and dividing a block chain.
  • Blockchain technology is a brand-new distributed infrastructure and computing method in the field of financial technology.
  • the blockchain can be divided into public chains, private chains and consortium chains.
  • the nodes of the public chain are a block chain structure that anyone can participate in and anyone can access;
  • the private chain is a block chain structure that is only open to individual individuals (such as companies, schools); alliances
  • the chain is currently a very widely used and very common blockchain structure.
  • the blockchain is maintained by certain organizations, is open to certain individuals, and supervisory nodes (such as bank supervisory agencies, securities supervisory agencies, central banks, etc.) can be introduced to make the block chain unchangeable At the same time meet the corresponding regulatory requirements.
  • the consortium chain when the consortium chain is initialized, it is impossible to meet the demands of equal status among multiple institutions of the consortium chain.
  • all parties need to negotiate the node information contained in the genesis block.
  • the current practice is for one of the institutions to generate its own node information, start the blockchain, and then join the nodes of other institutions.
  • the institution At this time, the institution generates certificates and private keys for the other institutions that have joined and then sends them to other institutions; or
  • the third-party organization directly generates node information in all organizations and sends the installation package to each organization.
  • the organization that generates the node installation package will have all the information of other nodes, and the security of the node's private key is low, which does not meet the peer and security requirements of all organizations in the alliance chain.
  • This application provides a block chain construction and group division method and device to solve the problem of unequal and low security among various institutions in the alliance chain.
  • An embodiment of the present invention provides a block chain construction and group division method, including:
  • the first organization generates the first certificate of the node in the first organization;
  • the first organization is any organization in the alliance chain, and the node in the first organization is any node in the nodes to which the first organization belongs;
  • the first organization broadcasts the first certificate to a second organization, and receives a second certificate of a node in the second organization, where the second organization is an organization other than the first organization in the alliance chain;
  • the first organization verifies the second certificate, and after the verification is passed, generates a configuration file of the alliance chain according to the first certificate and the second certificate;
  • the first organization sends the first certificate, the first private key of the node within the first organization, and the configuration file to the node within the first organization, so as to activate the node within the first organization.
  • the first private key of the node within the first organization, and the configuration file to the node within the first organization include:
  • the node in the first organization uses the first private key to verify the first certificate, and the node in the first organization starts after the verification is passed;
  • the node in the first organization After the node in the first organization is started, it further includes:
  • the node in the first organization After determining that the number of received second heartbeat requests is greater than a first threshold, the node in the first organization generates the genesis block of the alliance chain.
  • the method further includes:
  • the first organization determines a third certificate from the first certificate and N second certificates, the third certificate is a certificate corresponding to a third node belonging to the group, and the first organization includes Node within the first organization of the group;
  • the first organization generates the group configuration file of the group according to the third certificate and the group configuration item;
  • the node in the first organization belonging to the group restarts according to the group configuration file, so that the node in the first organization has a group attribute.
  • the method further includes:
  • the group genesis block of the group is generated.
  • the first organization generating the configuration file of the alliance chain according to the first certificate and the second certificate includes:
  • the first organization analyzes the public key information and the certificate fingerprint contained in the first certificate and the second certificate to generate the configuration file, the configuration file containing the network connection addresses of N second nodes;
  • the node in the first organization sending a first heartbeat request to N second nodes according to the configuration file includes:
  • the node in the first organization sends the first heartbeat request to the N second nodes according to the network connection addresses of the N second nodes.
  • the embodiment of the present invention also provides a method for dividing a block chain into groups, including:
  • the first organization determines a third certificate from all the certificates in the alliance chain, where the third certificate is a certificate corresponding to the third node belonging to the group; the first organization is that the alliance chain contains the certificates belonging to the group Any institution of the node within the first institution;
  • the first organization generates the group configuration file of the group according to the group configuration item and the third certificate;
  • the first organization sends the group configuration file to the node in the first organization that belongs to the group, so that the node in the first organization that belongs to the group is based on the group configuration file Restart, so that the nodes in the first organization have group attributes.
  • the method further includes:
  • the group genesis block of the group is generated.
  • the first organization generating the group configuration file of the group according to the third certificate and the group configuration item includes:
  • the first organization analyzes the public key information and the certificate fingerprint contained in the third certificate, and generates the group configuration file according to the group configuration item, and the group configuration file contains the group configuration file.
  • the sending of a third heartbeat request by the node in the first organization belonging to the group to a third node other than the node in the first organization according to the group configuration file includes:
  • the node in the first organization belonging to the group sends the first organization node to a third node other than the node in the first organization according to the group serial number and the network connection address of the third node.
  • Three heartbeat requests are possible.
  • the embodiment of the present invention also provides a block chain construction device, including:
  • a generating unit configured to generate a first certificate of a node in the first organization; the node in the first organization is any node in the node to which the first organization belongs, and the first organization is any organization in the alliance chain ;
  • the organization transceiving unit is used to broadcast the first certificate to a second organization and receive the second certificate of the node in the second organization, where the second organization is an organization other than the first organization in the alliance chain ;
  • a configuration unit configured to verify the second certificate, and after the verification is passed, generate a configuration file of the alliance chain according to the first certificate and the second certificate;
  • the institution transceiver unit is further configured to send the first certificate, the first private key of the node in the first institution, and the configuration file to the node in the first institution, so that the first institution The internal node starts.
  • it further includes:
  • the activation unit is configured to verify the first certificate by using the first private key, and activate it after the verification is passed;
  • a node transceiver unit configured to send a first heartbeat request to the node in the second organization according to the configuration file, and receive a second heartbeat request from the node in the second organization;
  • the consensus unit is used for generating the genesis block of the alliance chain after determining that the number of the received second heartbeat requests is greater than the first threshold.
  • the method further includes a determining unit configured to determine a third certificate from the first certificate and the N second certificates, where the third certificate is a certificate corresponding to a third node belonging to the group ,
  • the first organization includes nodes within the first organization that belong to the group;
  • the configuration unit is further configured to generate a group configuration item according to the third certificate, and the group configuration item is used to indicate node information of the third node;
  • the configuration unit is further configured to generate a group configuration file of the group according to the third certificate and the group configuration item;
  • the institution transceiver unit is further configured to send the group configuration file to the node in the first institution belonging to the group;
  • the activation unit is further configured to restart according to the group configuration file, so that the nodes in the first organization have group attributes.
  • the node transceiver unit is further configured to send a third heartbeat request to a third node other than the node in the first organization according to the group configuration file, and receive the first Four-heartbeat request;
  • the consensus unit is further configured to generate a group genesis block of the group after determining that the number of received fourth heartbeat requests is greater than a second threshold.
  • the embodiment of the present invention also provides a block chain group division device, including:
  • the determining unit is configured to determine a third certificate from all certificates in the consortium chain, where the third certificate is a certificate corresponding to a third node belonging to the group; the first organization to which the determining unit belongs is included in the consortium chain Any organization belonging to the node within the first organization of the group;
  • a generating unit configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;
  • the generating unit is further configured to generate a group configuration file of the group according to the group configuration item and the third certificate;
  • the organization transceiving unit is configured to send the group configuration file to the node in the first organization belonging to the group, so that the node in the first organization belonging to the group is configured according to the group
  • the file is restarted, so that the nodes in the first organization have group attributes.
  • it further includes:
  • a node transceiver unit configured to send a third heartbeat request to a third node other than the node in the first organization according to the group configuration file, and receive a fourth heartbeat request;
  • the consensus unit is configured to generate the group genesis block of the group after determining that the number of received fourth heartbeat requests is greater than a second threshold.
  • the embodiment of the present invention also provides an electronic device, including:
  • At least one processor and,
  • a memory communicatively connected with the at least one processor; wherein,
  • the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute the method described above.
  • the embodiment of the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium storing computer instructions, and the computer instructions are used to make the computer execute the method described above.
  • the first organization generates the first certificate of the node in the first organization, and the first organization broadcasts the generated first certificate to the second organization, and receives the second certificate of the node in the second organization.
  • An organization is any organization in the alliance chain
  • the node in the first organization is any node in the node to which the first organization belongs
  • the second organization is an organization in the alliance chain other than the first organization.
  • the first organization verifies the received second certificate, and after the verification is passed, generates the configuration file of the consortium chain based on the first certificate and the second certificate, and combines the first certificate, the first private key of the node in the first organization and the configuration
  • the file is sent to the node in the first organization to activate the node in the first organization.
  • the private key of the node is generated and maintained by the institution itself, which ensures that the private key of the node within the institution does not exit the intranet of the institution, and ensures the security of the node between the institutions.
  • the organizations of the alliance chain each generate the certificate and private key of the corresponding node, instead of one organization generating the certificates and private keys of the other organizations, ensuring the peer relationship between organizations.
  • Figure 1 is a schematic structural diagram of a possible system architecture provided by an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for constructing a blockchain according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for constructing a consortium chain according to a specific embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a method for grouping a consortium chain according to a second embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a device for constructing a blockchain according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a block chain group division device provided by an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.
  • a blockchain is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the hash value of the previous block. In this way, a chain is formed.
  • There are two core concepts of the blockchain one is cryptography and the other is decentralization. Based on these two concepts, the historical information on the blockchain cannot be tampered with.
  • the alliance chain generating all the node information within a single organization for a single organization cannot meet the needs of decentralized thinking.
  • the embodiment of the present invention provides a method for constructing a blockchain.
  • the institution is the subject that has passed the consortium chain committee and has the institution certificate agency.crt and the institution private key agency.key.
  • Organizations can generate nodes within the organization.
  • the organization can issue the node certificate node.crt of its own node and generate the node private key node.key.
  • a certificate is a digital certificate. It is a string of numbers that mark the identity information of all parties in the Internet communication. It provides a way to verify the identity of the communication entity on the Internet.
  • a digital certificate is not a digital ID, but an identity certification authority covers the digital identity.
  • CA Certificate Authority
  • nodes participate in network formation and data exchange.
  • a node refers to a participant with a unique identity.
  • the node has a complete copy of the ledger and has the ability to participate in the blockchain peer-to-peer network consensus and ledger maintenance.
  • the nodes in the organization are nodes running in the alliance chain, which belong to the corresponding organization, and the nodes may be in one or more groups.
  • the node has the node certificate node.crt and the node private key node.key. Nodes in the organization will connect to other nodes in the group and maintain the group. Data isolation between groups, each group runs its own consensus algorithm independently, and different groups can use different consensus algorithms.
  • the embodiment of the present invention supports a multi-group architecture, shares a network between groups, and realizes network message isolation between accounts through a network access module. All organizations negotiate to complete the root certificate of the alliance chain, and all organizations have the node certificate node.crt and the node private key node.key of the nodes in their respective organizations. Inter-organizations have equal status, and nodes within an organization only communicate with other nodes in the group they belong to. Nodes between institutions can negotiate certificates with each other and create new groups. An organization can correspond to one intra-organization node or multiple intra-organization nodes; the intra-organization nodes corresponding to the same institution can belong to the same group or different groups.
  • the embodiment of the present invention provides a method for constructing a blockchain. As shown in FIG. 2, the method for constructing a blockchain provided by the embodiment of the present invention includes the following steps:
  • Step 201 The first organization generates a first certificate of the node in the first organization; the first organization is any organization in the alliance chain, and the node in the first organization is any node in the nodes to which the first organization belongs.
  • Step 202 The first organization broadcasts the first certificate to the second organization, and receives the second certificate of the node in the second organization.
  • the second organization is an organization other than the first organization in the alliance chain.
  • Step 203 The first organization verifies the second certificate, and after passing the verification, generates a configuration file of the alliance chain according to the first certificate and the second certificate.
  • Step 204 The first organization sends the first certificate, the first private key of the node in the first organization, and the configuration file to the node in the first organization, so as to start the node in the first organization.
  • the first organization generates the first certificate of the node in the first organization, and the first organization broadcasts the generated first certificate to the second organization, and receives the second certificate of the node in the second organization.
  • An organization is any organization in the alliance chain
  • the node in the first organization is any node in the node to which the first organization belongs
  • the second organization is an organization in the alliance chain other than the first organization.
  • the first organization verifies the received second certificate, and after the verification is passed, generates the configuration file of the consortium chain based on the first certificate and the second certificate, and combines the first certificate, the first private key of the node in the first organization and the configuration
  • the file is sent to the node in the first organization to activate the node in the first organization.
  • the private key of the node is generated and maintained by the institution itself, which ensures that the private key of the node within the institution does not exit the intranet of the institution, and ensures the security of the node between the institutions.
  • the organizations of the alliance chain each generate the certificate and private key of the corresponding node, instead of one organization generating the certificates and private keys of the other organizations, ensuring the peer relationship between organizations.
  • each organization generates node certificates for its own corresponding intra-organization nodes, and multiple organizations use a peer-to-peer negotiation method to broadcast node certificates and perform certificate verification.
  • the organization can generate the configuration file when the alliance chain node is started based on the certificates of all nodes, and the node private key is stored locally in the organization and not sent to other organizations, so that the node private key will not be leaked and the security of the private key is guaranteed. Since the generated configuration file does not contain the node's private key, even if the generated configuration file is leaked, the organization cannot use these configuration files.
  • the node certificate can be actively sent by the first organization to the other organizations in the alliance chain, that is, the second organization, or it can be obtained from the first organization by the second organization. After each organization receives the node certificate broadcast by other organizations, it verifies the issuer, user, validity period, key usage, and public key contained in the certificate to determine whether the node certificate is legal. If the node certificates are all valid, the node certificate negotiation succeeds, and the subsequent process continues; if there is an illegal node certificate, the node certificate negotiation fails.
  • each organization in the alliance chain After the node certificate negotiation is successful, each organization in the alliance chain generates the configuration file of the node within the corresponding organization, and sends the configuration file of each node within the organization, together with the certificate and private key of the node within the organization, to the node within the organization , So that the nodes in the organization are activated.
  • the method further includes:
  • the node in the first organization uses the first private key to verify the first certificate, and the node in the first organization starts after the verification is passed;
  • the node in the first organization After the node in the first organization is started, it further includes:
  • the node in the first organization After determining that the number of received second heartbeat requests is greater than a first threshold, the node in the first organization generates the genesis block of the alliance chain.
  • each organization configures the node's private key to the installation package of the node in the corresponding organization to start the node.
  • two configuration methods are supported, namely the keycenter type private key encryption method and the method of directly loading the private key to the node folder.
  • the first heartbeat request is sent to the remaining nodes in the alliance chain, that is, the node in the second organization. Only when the nodes in the first organization have collected a sufficient number of heartbeat requests from other nodes will they reach consensus, that is, jointly create a blockchain. In this way, the success rate of blockchain creation is guaranteed.
  • the consensus algorithm is that each node in the blockchain peer-to-peer network confirms a batch of transactions through an algorithm, and ensures that all nodes have a consistent confirmation result for this batch of data. This algorithm is the consensus algorithm of the blockchain.
  • n the number of nodes in the organization is n, and operations such as certificate negotiation and node deployment have been completed.
  • each node in the alliance chain After each node in the alliance chain is started, it connects with the rest of the nodes in the alliance chain according to the configuration file of the alliance chain.
  • Different consensus methods have different first thresholds. For example, in the PBFT (Practical Byzantine Fault Tolerance) method, the nodes in the organization must collect more than 2n/3 (rounded up) heartbeat requests before they can generate the genesis block of the alliance chain to further complete the consensus.
  • PBFT Practical Byzantine Fault Tolerance
  • RAFT distributed consensus algorithm
  • the first organization generating the configuration file of the alliance chain according to the first certificate and the second certificate includes:
  • the first organization analyzes the public key information and the certificate fingerprint contained in the first certificate and the second certificate to generate the configuration file, and the configuration file contains the network connection addresses of N second nodes.
  • the node in the first organization sending a first heartbeat request to the N second nodes according to the configuration file includes:
  • the node in the first organization sends the first heartbeat request to the N second nodes according to the network connection addresses of the N second nodes.
  • the first organization generates a configuration file based on all the node certificates in the alliance chain. Specifically, it analyzes the public key information and certificate fingerprint contained in the certificate to generate the serial number of the alliance chain. When the subsequent node generates the genesis block, the serial number information is put into the genesis block. At the same time, the first organization generates configuration files such as group capacity and network connection addresses required for blockchain startup. In this way, when the node in the first organization needs to send the first heartbeat request, it can send the first heartbeat request to the second node according to the network connection address of each second node.
  • Each group contains multiple nodes.
  • the nodes belonging to the same organization can belong to different groups or belong to the same group.
  • the method further includes:
  • the first organization determines a third certificate from the first certificate and the N second certificates, where the third certificate is a certificate corresponding to a third node belonging to the group, and the first organization includes The node in the first organization of the group;
  • the first organization generates the group configuration file of the group according to the third certificate and the group configuration item;
  • the node in the first organization belonging to the group restarts according to the group configuration file, so that the node in the first organization has a group attribute.
  • the groups are divided. Since each organization has obtained all the node certificates in the alliance chain, there is no need to perform the process of obtaining node certificates and verification again, because the first organization contains the nodes belonging to the group For nodes within the first organization, the first organization can directly determine the third certificate corresponding to the third node belonging to the group from all node certificates. Generate group configuration items according to the third certificate.
  • the group configuration item can include data such as the certificate of each node in the group, the IP of the node, and the port number, and can indicate which nodes are the third nodes in the group.
  • the first organization analyzes the public key information and certificate fingerprint contained in the certificate according to the group configuration items and the node certificate in the group, and generates the group serial number when the group is started.
  • the subsequent node When the subsequent node generates the group creation block, it will put the group serial number information into the group creation block.
  • the first organization generates configuration files such as the group capacity required when dividing the group and the network connection addresses of nodes in the group.
  • each organization After each organization generates the group configuration file, it sends the group configuration file to the nodes within the organization that belong to the group, and after importing the group configuration file into the node installation package, restart the node. In this way, the nodes in the organization belonging to the group will have group attributes after restarting according to the group configuration file.
  • the method further includes:
  • the group genesis block of the group is generated.
  • the nodes in the first organization will only proceed to consensus when they have collected a sufficient number of heartbeat requests from other nodes in the group, that is, create the group genesis block. In this way, the success rate of group division is guaranteed.
  • the node also has a detection function. Specifically, when the node is started, the corresponding node certificate will be generated, and the node configuration items include information such as the node IP, port number, and group to which the node belongs to ensure that the generated node is available.
  • the embodiment of the present invention is also designed with a monitoring function.
  • You can configure the corresponding monitoring service, such as the default configuration to report the monitoring results to the user's WeChat.
  • an organization can initiate an RPC (Remote Procedure Call) request to a node in the organization to obtain relevant parameters during the operation of the node in the organization. Perform monitoring and report the monitoring results to the service configured by the user.
  • the monitoring service is configured by default, supports reporting to WeChat, personal URLs, supports dedicated service settings, and can be reported to corporate WeChat.
  • the embodiment of the present invention also provides a group division method of the alliance chain, which is used to perform peer group division in the alliance chain initialized by any method.
  • the group division method of the alliance chain in the embodiment of the present invention includes the following steps:
  • the first organization determines a third certificate from all the certificates in the alliance chain, where the third certificate is a certificate corresponding to the third node belonging to the group; the first organization is that the alliance chain contains the certificates belonging to the group Any organization of the node within the first organization.
  • the first organization generates a group configuration item according to the third certificate, and the group configuration item is used to indicate node information of the third node.
  • the first organization generates a group configuration file of the group according to the group configuration item and the third certificate.
  • the first organization sends the group configuration file to the node in the first organization that belongs to the group.
  • the node in the first organization belonging to the group restarts according to the group configuration file, so that the node in the first organization has a group attribute.
  • the node in the first organization that belongs to the group sends a third heartbeat request to a third node other than the node in the first organization according to the group configuration file, and receives a fourth heartbeat request.
  • the group genesis block of the group is generated.
  • the organization of each node belonging to the group generates a group configuration file based on all the certificates in the group and configures it to the corresponding node Install the package to maintain the equivalence of group division.
  • the first organization generating the group configuration file of the group according to the third certificate and the group configuration item includes:
  • the first organization analyzes the public key information and the certificate fingerprint contained in the third certificate, and generates the group configuration file according to the group configuration item, and the group configuration file contains the group configuration file.
  • the sending, by the node in the first organization belonging to the group, a third heartbeat request to a third node other than the node in the first organization according to the group configuration file includes:
  • the node in the first organization belonging to the group sends the first organization node to a third node other than the node in the first organization according to the group serial number and the network connection address of the third node.
  • Three heartbeat requests are possible.
  • the first organization analyzes the public key information and certificate fingerprint contained in the third certificate to generate the group serial number.
  • the node of the subsequent group When the node of the subsequent group generates the group creation block, it will put the group serial number information Enter the group genesis block.
  • the first organization generates group configuration files such as the group capacity required for blockchain startup and the network connection addresses of nodes in the group. In this way, when a node in the first organization needs to send a heartbeat request to other nodes in the group, it can send a heartbeat request to other nodes in the group according to the group network connection address of the node.
  • Embodiment 1 is the initialization process of the alliance chain.
  • the specific scenario is that the alliance chain includes nodes 11, 12, ... and 19 in total. Nodes belong to 4 organizations from Organization 1 to Organization 4. Among them, node 11 and node 15 are nodes within the organization of organization 1, node 11 belongs to the first group, and node 15 belongs to the second group. Steps of the specific embodiment As shown in Figure 3, it includes:
  • Step 301 Organization 1 generates node certificate 110 of node 11 and node certificate 150 of node 15.
  • Step 302 Organization 1 broadcasts node certificate 110 and node certificate 150, that is, sends node certificates of node 11 and node 15 to organization 2, organization 3, and organization 4, and receives node certificates sent by organization 2, organization 3, and organization 4. .
  • Step 303 Institution 1 verifies the received node certificate. If the verification is passed, step 304 is executed, otherwise, step 311 is executed.
  • Step 304 Institution 1 generates a configuration file of the alliance chain according to the node certificate 110 to the node certificate 190.
  • Step 305 The organization 1 sends the configuration file to the node 11 and the node 15, and sends the node certificate 110 and the corresponding private key to the node 11, and sends the node certificate 150 and the corresponding private key to the node 15.
  • Step 306 The node 11 uses the received private key to verify the node certificate 110, if the verification is passed, step 307 is executed, otherwise, step 311 is executed.
  • Step 307 Node 11 starts.
  • Step 308 The node 11 sends the first heartbeat request to the node 12 to the node 19 according to the configuration file, and receives the second heartbeat request.
  • Step 309 The node 11 judges the number of received second heartbeat requests, and if it is greater than the threshold value 5, then executes step 310; otherwise, executes step 309.
  • Step 310 The node 11 conducts a consensus.
  • Step 311 The initialization of the alliance chain fails.
  • the second embodiment is the group division process of the alliance chain, and the scenario in the first embodiment is still used.
  • the steps of the specific embodiment are shown in Figure 4, including:
  • Step 401 Institution 1 determines from node certificate 110 to node certificate 190, node 11 to node 14 are the first group, and node 15 to node 19 are the second group.
  • Step 402 Institution 1 generates a group configuration item of the first group according to the node certificate 110 to the node certificate 140, and further generates a group configuration file of the first group.
  • Step 403 Organization 1 sends the group configuration file of the first group to node 11.
  • Step 404 The node 11 uses the private key to verify the group configuration file. If the verification is passed, step 405 is executed, otherwise, step 401 is executed.
  • Step 405 The node 11 restarts according to the group configuration file of the first group.
  • Step 406 Node 11 sends a third heartbeat request to node 12, node 13, and node 14, and receives a fourth heartbeat request.
  • Step 407 The node 11 determines whether the number of fourth heartbeat requests is greater than 2, if yes, execute step 408, otherwise, execute step 407.
  • Step 408 Node 11 conducts a consensus.
  • the embodiment of the present invention also provides a block chain construction device, as shown in FIG. 5, including:
  • the generating unit 501 is configured to generate a first certificate of a node in a first organization; the node in the first organization is any node in the node to which the first organization belongs, and the first organization is any node in the alliance chain mechanism;
  • the organization transceiving unit 502 is configured to broadcast the first certificate to a second organization and receive a second certificate of a node in the second organization.
  • the second organization is an organization other than the first organization in the alliance chain mechanism;
  • the configuration unit 503 is configured to verify the second certificate, and after the verification passes, generate a configuration file of the alliance chain according to the first certificate and the second certificate;
  • the institution transceiver unit 502 is further configured to send the first certificate, the first private key of the node in the first institution, and the configuration file to the node in the first institution, so that the first The node within the organization is activated.
  • the activation unit 504 is configured to verify the first certificate by using the first private key, and activate it after passing the verification;
  • the node transceiver unit 505 is configured to send a first heartbeat request to the node in the second organization according to the configuration file, and receive a second heartbeat request from the node in the second organization;
  • the consensus unit 506 is configured to generate the genesis block of the alliance chain after determining that the number of received second heartbeat requests is greater than a first threshold.
  • a determining unit 507 configured to determine a third certificate from the first certificate and the N second certificates, where the third certificate is a certificate corresponding to a third node belonging to the group, and the first certificate
  • An organization includes nodes in the first organization that belong to the group;
  • the configuration unit 503 is further configured to generate a group configuration item according to the third certificate, and the group configuration item is used to indicate node information of the third node;
  • the configuration unit 503 is further configured to generate a group configuration file of the group according to the third certificate and the group configuration item;
  • the institution transceiver unit 502 is further configured to send the group configuration file to the node in the first institution belonging to the group;
  • the starting unit 504 is further configured to restart according to the group configuration file, so that the nodes in the first organization have group attributes.
  • the node transceiver unit 505 is further configured to send a third heartbeat request to a third node other than the node in the first organization according to the group configuration file, and receive a fourth heartbeat request;
  • the consensus unit 506 is further configured to generate a group genesis block of the group after determining that the number of received fourth heartbeat requests is greater than a second threshold.
  • the embodiment of the present invention also provides a block chain group division device, as shown in FIG. 6, including:
  • the determining unit 601 is configured to determine a third certificate from all certificates in the consortium chain, where the third certificate is a certificate corresponding to a third node belonging to the group; the first organization to which the determining unit belongs is in the consortium chain Contains any organization belonging to the node within the first organization of the group;
  • a generating unit 602 configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;
  • the generating unit 602 is further configured to generate a group configuration file of the group according to the group configuration item and the third certificate;
  • the organization transceiving unit 603 is configured to send the group configuration file to the node in the first organization belonging to the group, so that the node in the first organization belonging to the group is based on the group
  • the configuration file is restarted, so that the nodes in the first organization have group attributes.
  • the node transceiver unit 604 is configured to send a third heartbeat request to a third node other than the node in the first organization according to the group configuration file, and receive a fourth heartbeat request;
  • the consensus unit 605 is configured to generate a group genesis block of the group after determining that the number of received fourth heartbeat requests is greater than a second threshold.
  • the present invention also provides an electronic device, as shown in FIG. 7, including:
  • It includes a processor 701, a memory 702, a transceiver 703, and a bus interface 704, wherein the processor 701, the memory 702 and the transceiver 703 are connected through the bus interface 704;
  • the processor 701 is configured to read a program in the memory 702 and execute the following methods:
  • the first organization generates the first certificate of the node in the first organization;
  • the first organization is any organization in the alliance chain, and the node in the first organization is any node in the nodes to which the first organization belongs;
  • the first organization broadcasts the first certificate to a second organization, and receives a second certificate of a node in the second organization, where the second organization is an organization other than the first organization in the alliance chain;
  • the first institution verifies the second certificate, and after the verification is passed, generates a configuration file of the alliance chain according to the first certificate and the second certificate;
  • the first organization sends the first certificate, the first private key of the node within the first organization, and the configuration file to the node within the first organization, so as to activate the node within the first organization.
  • the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to make the computer execute FIGS. 2 to 4 Any of the methods described in.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention se rapportent au domaine technique de la technologie financière, et concernent une construction de chaîne de blocs ainsi qu'un procédé et un appareil de division de groupe, permettant de résoudre les problèmes de non-équivalence et de faible sécurité des mécanismes dans une chaîne d'alliance. Le procédé comprend : un premier mécanisme qui génère un premier certificat d'un nœud dans le premier mécanisme, le premier mécanisme étant un mécanisme quelconque dans une chaîne d'alliance, et le nœud dans le premier mécanisme étant n'importe quel nœud parmi des nœuds auxquels le premier mécanisme appartient ; le premier mécanisme qui émet le premier certificat à un second mécanisme, et qui reçoit un second certificat d'un nœud dans le second mécanisme, le second mécanisme étant un mécanisme, autre que le premier mécanisme, dans la chaîne d'alliance ; le premier mécanisme qui vérifie le second certificat, et génère un fichier de configuration de la chaîne d'alliance selon le premier et le second certificat après vérification réussie ; et le premier mécanisme qui envoie le premier certificat, une première clé privée du nœud dans le premier mécanisme, et le fichier de configuration au nœud dans le premier mécanisme, de telle sorte que le nœud dans le premier mécanisme est démarré.
PCT/CN2020/074750 2019-03-05 2020-02-11 Construction de chaîne de blocs, et procédé et appareil de division de groupe Ceased WO2020177508A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910165256.0A CN110035059B (zh) 2019-03-05 2019-03-05 一种区块链的构建方法与装置
CN201910165256.0 2019-03-05

Publications (1)

Publication Number Publication Date
WO2020177508A1 true WO2020177508A1 (fr) 2020-09-10

Family

ID=67235767

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/074750 Ceased WO2020177508A1 (fr) 2019-03-05 2020-02-11 Construction de chaîne de blocs, et procédé et appareil de division de groupe

Country Status (2)

Country Link
CN (2) CN113098907B (fr)
WO (1) WO2020177508A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112435024A (zh) * 2020-11-17 2021-03-02 浙江大学 基于群签名和ca多方认证的联盟链跨链隐私保护方法
CN112564895A (zh) * 2020-11-26 2021-03-26 中国船舶工业系统工程研究院 基于区块链的无人艇集群可信组网方法、系统及存储介质
CN112583858A (zh) * 2021-01-05 2021-03-30 广州华资软件技术有限公司 一种基于区块链pbft算法的统一身份鉴权方法
CN114465714A (zh) * 2021-12-23 2022-05-10 杭州溪塔科技有限公司 联盟链中的节点配置方法及系统
CN119449259A (zh) * 2023-07-28 2025-02-14 中国科学院计算技术研究所 区块链系统交易处理方法、装置

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098907B (zh) * 2019-03-05 2023-07-11 深圳前海微众银行股份有限公司 一种区块链的群组划分方法与装置
CN112884562B (zh) * 2019-11-30 2024-03-19 腾讯科技(深圳)有限公司 基于区块链的抵押处理方法、装置及可读存储介质
CN111586102B (zh) * 2020-04-07 2021-05-18 浙商银行股份有限公司 一种基于bft共识的联盟链组网方法
CN112200575B (zh) * 2020-05-28 2022-05-31 支付宝(杭州)信息技术有限公司 在联盟链网络中创建节点组、基于节点组的交易方法
CN112491847B (zh) * 2020-07-08 2022-02-22 支付宝(杭州)信息技术有限公司 区块链一体机及其自动建链方法、装置
CN111541552B (zh) 2020-07-08 2021-06-22 支付宝(杭州)信息技术有限公司 区块链一体机及其节点自动加入方法、装置
CN111541724B (zh) 2020-07-08 2021-06-29 支付宝(杭州)信息技术有限公司 区块链一体机及其节点自动加入方法、装置
CN112419060B (zh) * 2020-11-20 2024-03-22 上海树图区块链研究院 资产托管系统、资产管理方法、节点及介质
CN114745189B (zh) * 2022-04-20 2023-10-13 中国工商银行股份有限公司 一种用于集群通信的方法及其相关装置
CN116346602B (zh) * 2023-03-20 2025-10-17 成都质数斯达克科技有限公司 基于区块链的机构入网方法、装置、设备及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017127564A1 (fr) * 2016-01-19 2017-07-27 Priv8Pay, Inc. Authentification de nœud de réseau
CN108683630A (zh) * 2018-04-03 2018-10-19 阿里巴巴集团控股有限公司 跨区块链的认证方法及装置、电子设备
CN109040279A (zh) * 2018-08-21 2018-12-18 北京京东金融科技控股有限公司 区块链网络组网方法、装置、设备及可读存储介质
CN109167771A (zh) * 2018-08-21 2019-01-08 北京京东金融科技控股有限公司 基于联盟链的鉴权方法、装置、设备及可读存储介质
CN109242467A (zh) * 2018-09-17 2019-01-18 金蝶软件(中国)有限公司 基于区块链的组网方法、装置、计算机设备和存储介质
CN110035059A (zh) * 2019-03-05 2019-07-19 深圳前海微众银行股份有限公司 一种区块链的构建及群组划分方法与装置

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101484904A (zh) * 2006-07-07 2009-07-15 桑迪士克股份有限公司 使用多用途控制结构的内容控制系统和方法
JP6648555B2 (ja) * 2016-02-29 2020-02-14 富士ゼロックス株式会社 情報処理装置及びプログラム
US10856122B2 (en) * 2016-05-31 2020-12-01 Intel Corporation System, apparatus and method for scalable internet of things (IoT) device on-boarding with quarantine capabilities
WO2018112805A1 (fr) * 2016-12-21 2018-06-28 深圳前海达闼云端智能科技有限公司 Procédé et dispositif de stockage de chaîne de blocs, et dispositif nœud
CN107171806B (zh) * 2017-05-18 2020-04-10 北京航空航天大学 基于区块链的移动终端网络密钥协商方法
CN108052530B (zh) * 2017-11-10 2020-12-11 杭州云象网络技术有限公司 一种基于联盟链的去中心化ca构建方法及其系统
US10162968B1 (en) * 2017-11-30 2018-12-25 Mocana Corporation System and method for securely updating a registered device using a development system and a release management system operated by an update provider and an update publisher
CN108011885B (zh) * 2017-12-07 2020-12-15 北京科技大学 一种基于群组密码体制的电子邮件加密方法与系统
CN108256864B (zh) * 2018-02-13 2019-06-07 中链科技有限公司 一种区块链之间的跨链联盟的建立及通信方法、系统
CN108416589A (zh) * 2018-03-08 2018-08-17 深圳前海微众银行股份有限公司 区块链节点的连接方法、系统及计算机可读存储介质
CN108881290B (zh) * 2018-07-17 2021-04-23 深圳前海微众银行股份有限公司 基于区块链的数字证书使用方法、系统及存储介质
CN109104311B (zh) * 2018-08-06 2021-08-31 腾讯科技(深圳)有限公司 基于区块链的设备管理方法、装置、介质及电子设备
CN109189962B (zh) * 2018-08-17 2021-12-21 福建南威软件有限公司 一种基于区块链的证照服务实现系统
CN109067553B (zh) * 2018-10-17 2021-06-25 杭州趣链科技有限公司 一种基于智能合约的区块链分布式证书的管理方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017127564A1 (fr) * 2016-01-19 2017-07-27 Priv8Pay, Inc. Authentification de nœud de réseau
CN108683630A (zh) * 2018-04-03 2018-10-19 阿里巴巴集团控股有限公司 跨区块链的认证方法及装置、电子设备
CN109040279A (zh) * 2018-08-21 2018-12-18 北京京东金融科技控股有限公司 区块链网络组网方法、装置、设备及可读存储介质
CN109167771A (zh) * 2018-08-21 2019-01-08 北京京东金融科技控股有限公司 基于联盟链的鉴权方法、装置、设备及可读存储介质
CN109242467A (zh) * 2018-09-17 2019-01-18 金蝶软件(中国)有限公司 基于区块链的组网方法、装置、计算机设备和存储介质
CN110035059A (zh) * 2019-03-05 2019-07-19 深圳前海微众银行股份有限公司 一种区块链的构建及群组划分方法与装置

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112435024A (zh) * 2020-11-17 2021-03-02 浙江大学 基于群签名和ca多方认证的联盟链跨链隐私保护方法
CN112435024B (zh) * 2020-11-17 2022-06-10 浙江大学 基于群签名和ca多方认证的联盟链跨链隐私保护方法
CN112564895A (zh) * 2020-11-26 2021-03-26 中国船舶工业系统工程研究院 基于区块链的无人艇集群可信组网方法、系统及存储介质
CN112564895B (zh) * 2020-11-26 2022-10-21 中国船舶工业系统工程研究院 基于区块链的无人艇集群可信组网方法、系统及存储介质
CN112583858A (zh) * 2021-01-05 2021-03-30 广州华资软件技术有限公司 一种基于区块链pbft算法的统一身份鉴权方法
CN112583858B (zh) * 2021-01-05 2023-04-18 广州华资软件技术有限公司 一种基于区块链pbft算法的统一身份鉴权方法
CN114465714A (zh) * 2021-12-23 2022-05-10 杭州溪塔科技有限公司 联盟链中的节点配置方法及系统
CN114465714B (zh) * 2021-12-23 2023-06-20 杭州溪塔科技有限公司 联盟链中的节点配置方法及系统
CN119449259A (zh) * 2023-07-28 2025-02-14 中国科学院计算技术研究所 区块链系统交易处理方法、装置

Also Published As

Publication number Publication date
CN110035059A (zh) 2019-07-19
CN110035059B (zh) 2021-09-28
CN113098907B (zh) 2023-07-11
CN113098907A (zh) 2021-07-09

Similar Documents

Publication Publication Date Title
WO2020177508A1 (fr) Construction de chaîne de blocs, et procédé et appareil de division de groupe
CN111092726B (zh) 生成共享合约密钥的方法及装置
JP6830552B2 (ja) アンチリプレー攻撃認証プロトコル
US11533164B2 (en) System and method for blockchain-based cross-entity authentication
US10917246B2 (en) System and method for blockchain-based cross-entity authentication
CN111090876B (zh) 调用合约的方法及装置
CN110110555B (zh) 一种区块链中的投票方法及装置
JP7289298B2 (ja) 低エントロピーパスワードを用いてブロックチェーントランザクションを許可するためのコンピュータ実装されたシステム及び方法
CN115001706B (zh) 基于安全区块链的共识
US20210203509A1 (en) Data processing method and apparatus in blockchain network, storage medium, and computer device
CN112311735B (zh) 可信认证方法,网络设备、系统及存储介质
JP2023051935A (ja) ブロックチェーン・ネットワークに関する方法
CN110572262A (zh) 区块链联盟链构建方法、装置及系统
CN109741068B (zh) 网银跨行签约方法、装置及系统
US20180308091A1 (en) Fairness preserving byzantine agreements
CN110999204A (zh) 区块链实施的事件锁加密的方法和系统
CN110223064B (zh) 一种基于区块链的不可否认安全数据传输方法
CN114240433A (zh) 基于区块链的数据处理方法及系统
CN114143021B (zh) 一种基于区块链的新闻信息信用积分系统
CN108876669A (zh) 应用于多平台教育资源共享的课程公证系统及方法
CN115378681A (zh) 一种基于区块链的跨域身份认证方法及系统和设备
CN114239043B (zh) 一种基于区块链技术构建的共享加密存储系统
CN118473631B (zh) 一种基于区块链的身份认证快速共识方法和系统
CN114448639A (zh) 具有唯一性和密钥安全的去中心化身份系统及实现方法
CN112926983A (zh) 一种基于区块链的存证交易加密系统及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20766890

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21/01/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20766890

Country of ref document: EP

Kind code of ref document: A1