Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present application and their descriptions herein are for the purpose of explaining the present application, but are not to be construed as limiting the application.
Fig. 1 is a schematic diagram of a service information collaboration system according to an embodiment of the present application. As shown in fig. 1, the system includes a blockchain service layer and a blockchain layer.
The block chain business layer mainly comprises a block chain management module and a block chain business module. The block chain management module mainly provides functions of block chain character information maintenance, block chain character information inquiry and the like. The block chain service module provides functions of data storage, checking, history inquiry and the like.
The blockchain layer includes blockchain interface services (Blockchain information interconnection platform, BIIP), blockchain intelligence contracts, and blockchain network nodes.
The BIIP is a middleware of block chain interaction, and aims to conveniently realize the butt joint and integration of a traditional financial service system and a block chain bottom layer, and a front-end service system calls the BIIP system through different transaction codes.
A blockchain smart contract is a piece of program running on the blockchain that implements specific transaction functions, the code and state of the smart contract are public, and on-chain users can audit the code functions. The intelligent contract language in the alliance chain is Turing-complete and can interact with the data outside the chain. Once deployed on the chain, the smart contract runs all the way and is not tamperable. The smart contracts may be written according to different business scenarios.
The blockchain network node is a base blockchain network built based on Hyperledger Fabric 1.2.
Based on the above architecture, the embodiment of the present application provides a business data collaboration method based on a blockchain, where the method is applied to a business system in a federation chain that receives a user query request, as shown in fig. 2, and the method includes steps 201 to 206 as follows:
Step 201, receiving a query request submitted by a user, and extracting stored query information associated with the query request.
The block chain adopts the characteristics of decentralization, non-tamper property and the like of the block chain, and ensures the joint participation of all nodes. The blockchain has the characteristics of decentralization, time sequence data, programmability, safety and reliability. The strong computing power formed by consensus algorithms such as workload certification of each node of the distributed system is used for resisting external attack, so that the non-falsification of the block chain data is ensured, and the safety and reliability of the data are ensured. The blockchain comprises a public chain, a private chain and a alliance chain, wherein the alliance chain is arranged between the public chain and the private chain and is jointly initiated by a plurality of institutions, and the blockchain has the characteristic of partial decentralization. The embodiment of the application utilizes a coalition chain, and the constructed coalition chain is shown in figure 3.
The process of building a federation chain occurs prior to receiving a query request submitted by a user. When the alliance chain is built, the business system accesses the alliance chain as a node in the alliance chain; the method comprises the steps of achieving an mutual recognition protocol with other nodes in a alliance chain, wherein the mutual recognition protocol comprises common recognition data, shared data and automatic backup data; a certificate authority, CA, certificate issued by a chain of federations is received, as well as a pair of public and private keys.
When the user logs in the service system, the identity information of the user is verified to ensure the legality of the user identity, wherein the identity information comprises account passwords, faces and the like.
Step 202, making a shared data form.
The shared data form comprises a query request and query information.
And 203, signing the shared data form by using the stored private key, diffusing the shared data form into the alliance chain, so that the node receiving the shared data form can verify the signature of the shared data form by using the public key, and adding the query information which is stored by the node and is associated with the query request into the shared data form.
Step 204, after all the service systems in the alliance chain add the query information into the shared data form, participating in the consensus authentication of the query information in the shared data form.
If the business system acquires the accounting right through competition, the business system serves as a master node of the consensus authentication.
Specifically, the process of performing consensus authentication by the master node includes: acquiring a shared data form added with query information through all service systems; judging whether query information added to a shared data form by all service systems is repeated or not, and whether record of the same information is inconsistent or not; if there is duplication, deleting the duplicated information; if the record of the same information is inconsistent, the information recorded in the latest time is determined as correct information according to the time of recording the same information in each service system, other information is error information, and the error information is deleted. If the master node is the last service system which adds the query information into the shared data form in all service systems, the master node can directly acquire the shared data form which is added with the query information through all service systems from the master node; if the master node is not the last service system in all the service systems to add the query information to the shared data form, the master node needs to acquire the shared data form completed by adding the query information from the service system to which the query information is added last.
The process of performing consensus authentication by nodes that are not master nodes includes the cooperation of the master nodes to complete the judgment of correct information and error information.
The consensus authentication is a process of checking query information added by all service systems in a shared data form, and in the process, consensus is achieved on different records of the same information of different service systems, so that the correctness of the query information recorded in the shared data form is ensured. For example, for the same information "working years", the working years of the users are recorded in the a business system as 5 years, the recording time as 2019, 8 months and 10 days, the working years of the users are recorded in the B business system as 3 years, the recording time as 2017, 7 and 6 days, and the recording of the a business system is newer than the recording time of the B business system, after the consensus authentication, the working years of the users are determined to be 5 years, and the recording of the users "working years of 3 years" in the shared data form is deleted. In addition, in the process of the consensus authentication, whether the query information added to the shared data form by the service system is duplicated or not is checked, and if the duplication exists, the duplicated information is deleted. For example, if a plurality of records of 5 years of user operation are added to the shared data form, one record of 5 years of user operation is retained, and the other records are deleted.
In the usual case, the federation chain employs a practical bayer fault tolerance algorithm (Practical Byzantine Fault Tolerance, PBFT) for consensus authentication.
The failed node is called a Bayesian node, and the normal node is a non-Bayesian node. The conclusion that the consensus satisfies 3f+1< = n is reached.
F is the number of failed nodes. Suppose the F node is both a failed node and a rogue node. Then only one more than failed node is required to reach consensus, i.e., f+1+F < = N, F (maximum number of fault tolerant nodes) = N-1/2. It is assumed that the failed node and the offending node are not one. If F fault nodes and F disqualified nodes are found, the fault nodes are removed by the cluster, F fault nodes are left, and the number of the fault nodes is one more than that of the fault nodes, namely F+1+F < = N. F=n-1/3.
The basic algorithm flow is as follows:
the client sends a request to the master node;
the master node broadcasts a request to other slave nodes, and the nodes execute a three-phase consensus flow of the pbft algorithm.
After the node processes the three-stage flow, the node returns a message to the client.
After receiving the same message from f+1 nodes, the client represents that the consensus has been completed.
The three-stage flow of the algorithm core is a Pre-preparation stage, a preparation stage and a commit stage. pre-preparation, receiving or rejecting information broadcast by the master node. After the preparation slave node agrees, the preparation information is sent to other nodes, and the nodes send the preparation information simultaneously, so that the preparation information of different nodes exceeding 2F is received, and the preparation stage is finished. Commit phase: broadcasting the commit message to other nodes, the process may be performed by n nodes, so that the commit message sent by other nodes may be received, when 2f+1 commit messages are received, representing that most nodes enter a commit phase, consensus is reached at this phase, and the nodes will execute the request and write data.
Step 205, when the consensus authentication is completed, a complete data form after the consensus authentication is obtained.
Specifically, when a complete data form subjected to consensus authentication is obtained, the service system judges whether the service system is a master node for the consensus authentication or not; if the self is the master node for the consensus authentication, the complete data form is acquired from the self. If the node is not the master node for the consensus authentication, the complete data form is obtained from the master node for the consensus authentication.
In the embodiment of the application, if the service system is the master node for carrying out the consensus authentication, the service system packages the complete data form subjected to the consensus authentication into blocks and broadcasts the blocks to other nodes in the alliance chain so as to enable the other nodes to synchronously store the complete data form, thereby realizing information sharing among different service departments and ensuring the consistency of the stored information of different service systems. And the other nodes realize the storage of the complete data form by adopting a hash uplink mode for the complete data form.
And 206, feeding back query information in the complete data form to the user.
The query information fed back to the user comprises the related information which the user wants to acquire in all the service systems in the alliance chain, the user does not need to log in each service system one by one to acquire the required information, the user time is saved, the multiparty communication cost is reduced, and the business efficiency is greatly improved.
An information interaction scene of the user and the alliance chain in the application is shown in fig. 4. Referring to fig. 4, a service system A, B, C has access to a federation chain as one of the nodes, and a user submits a query request to the service systems in the federation chain (which service system is not shown in the figure to which the user submits the query request) and receives query information fed back by the service systems, and information flows are transferred between the service systems and the user. The business system counts each data inquiry in the alliance chain, and ensures the traceability of information in the alliance chain.
In the embodiment of the application, the service system is accessed to the alliance chain, and the point-to-point information sharing among a plurality of service departments can be realized by means of the decentralization and the descension of the blockchain, and the sharing flow of cross-platform service information is promoted by realizing one-time sharing, multiple times of use and hastening. Meanwhile, the block chain adopts the decentralization and distributed architecture, so that the problem of a central node is avoided, the risk of the whole network is reduced, in addition, the block chain adopts a private key signature, public key verification and a non-encryption algorithm, a hacker is difficult to crack, and the trust risk of the system is reduced. And the transaction records of the blockchain are transparent and open in the whole network, so that the problem of information asymmetry is solved, and the auditing and supervision are facilitated. In addition, the blockchain technology has good expansibility, information acquisition, updating and exchange are all carried out in one chain, other departments participate in the multi-department information collaboration of cross departments, cross levels and cross platforms conveniently only by adding interfaces.
The embodiment of the application also provides a service data collaboration method based on the block chain, which is applied to other service systems except the service system receiving the user query request in the alliance chain, as shown in fig. 5, and comprises the steps 501 to 505:
step 501, receiving a shared data form that is diffused by a business system that has added query information to the shared data form.
Wherein the shared data form includes a query request and query information.
The shared data forms are sequentially transmitted among all nodes (i.e. service systems) of the alliance chain, after the service system receiving the user query request completes making the shared data forms, the shared data forms are diffused to the next node, the node receiving the shared data forms adds the query information stored by the node corresponding to the query request into the shared data forms, and the new shared data forms continue to be diffused to the next node until all the nodes determine that the query information stored by the node is added into the shared data forms. If the current node determines that the query information corresponding to the query request is not stored, the query information is not added to the shared data form, and the query result which is not queried for the related query information at this time is added to the shared data form. Thus, the business system that has added the query information to the shared data form may be the business system that receives the user query request, or may be other business systems.
The process of building a federation chain occurs prior to receiving a shared data form that is diffused by a business system that has added query information to the shared data form. When the alliance chain is built, each service system accesses the alliance chain as a node in the alliance chain; the method comprises the steps of achieving an mutual recognition protocol with other nodes in a alliance chain, wherein the mutual recognition protocol comprises common recognition data, shared data and automatic backup data; a CA certificate issued by a federation chain is received, along with a pair of public and private keys.
Step 502, verifying the signature of the shared data form by using the stored public key.
Step 503, if the verification is passed, adding the query information stored by the user and associated with the query request into the shared data form.
The business system adds all the query information which is queried by the business system and is associated with the query request into the shared data form.
Step 504, after all the service systems in the alliance chain add the query information into the shared data form, participating in the consensus authentication of the query information in the shared data form.
Participating in consensus authentication of query information in a shared data form, comprising: and judging whether the node is a master node of consensus authentication. If yes, acquiring a shared data form added with query information through all service systems; judging whether query information added to a shared data form by all service systems is repeated or not, and whether record of the same information is inconsistent or not; if there is duplication, deleting the duplicated information; if the record of the same information is inconsistent, the information recorded in the latest time is determined as correct information according to the time of recording the same information in each service system, other information is error information, and the error information is deleted. If not, the cooperative master node completes the judgment of the correct information and the error information.
It should be noted that the primary node qualification is obtained by all nodes in the federation chain through competition. The node competing for the accounting right is a master node for the consensus authentication, and is initiated by the master node, and other nodes participate in the consensus authentication process.
The consensus authentication process ensures that repeated information and error information do not exist in the complete data form, and ensures the correctness of the node storage information.
And 505, after the consensus authentication is completed, acquiring a complete data form subjected to the consensus authentication.
The master node of the consensus authentication has a complete data form, so if the master node is the master node of the consensus authentication, the complete data form is stored; if the node is not the master node for the consensus authentication, the complete data form is obtained from the master node for the consensus authentication. And the master node of the consensus authentication is packaged into blocks and broadcasts to other nodes in the alliance chain, and the other nodes acquire the broadcasted complete data form. Thus, data sharing among the nodes is realized.
In the embodiment of the application, the service system is accessed to the alliance chain, and the point-to-point information sharing among a plurality of service departments can be realized by means of the decentralization and the descension of the blockchain, and the sharing flow of cross-platform service information is promoted by realizing one-time sharing, multiple times of use and hastening. Meanwhile, the block chain adopts the decentralization and distributed architecture, so that the problem of a central node is avoided, the risk of the whole network is reduced, in addition, the block chain adopts a private key signature, public key verification and a non-encryption algorithm, a hacker is difficult to crack, and the trust risk of the system is reduced. And the transaction records of the blockchain are transparent and open in the whole network, so that the problem of information asymmetry is solved, and the auditing and supervision are facilitated. In addition, the blockchain technology has good expansibility, information acquisition, updating and exchange are all carried out in one chain, other departments participate in the multi-department information collaboration of cross departments, cross levels and cross platforms conveniently only by adding interfaces.
The embodiment of the application also provides a service data collaboration method based on the block chain, wherein the service system receiving the user query request is called a first service system, and other service systems in the alliance chain are called a second service system. As shown in fig. 6, the method includes steps 601 to 611:
step 601, the first service system and the second service system together construct a alliance chain and achieve an consensus protocol.
Step 602, a first service system receives a query request submitted by a user.
And 603, the first service system extracts the stored query information associated with the query request, creates a shared data form, and signs the shared data form by using the stored private key.
The shared data form comprises a query request and query information.
Step 604, the first business system diffuses the shared data form into the federation chain.
Step 605, the second business system receives a shared data form that is diffused by the business system that has added query information to the shared data form.
Step 606, the second business system verifies the signature of the shared data form using the stored public key.
Step 607, if the verification is passed, the second service system adds the query information associated with the query request stored by itself to the shared data form.
Step 608, after all the service systems in the alliance chain add the query information into the shared data form, all the service systems participate in the consensus authentication of the query information in the shared data form.
Step 609, all service systems judge whether the service systems are master nodes for consensus authentication or not; if yes, acquiring a shared data form added with query information through all service systems; judging whether query information added to a shared data form by all service systems is repeated or not, and whether record of the same information is inconsistent or not; if there is duplication, deleting the duplicated information; if the record of the same information is inconsistent, determining the information recorded in the latest time as correct information according to the time of recording the same information by each service system, and deleting the error information when other information is error information; if not, the cooperative master node completes the judgment of the correct information and the error information.
And 610, after the consensus authentication is completed, all the service systems acquire a complete data form subjected to the consensus authentication, wherein the complete data form is broadcast to other nodes by a master node of the consensus authentication.
In the embodiment of the application, the service system is accessed to the alliance chain, and the point-to-point information sharing among a plurality of service departments can be realized by means of the decentralization and the descension of the blockchain, and the sharing flow of cross-platform service information is promoted by realizing one-time sharing, multiple times of use and hastening. Meanwhile, the block chain adopts the decentralization and distributed architecture, so that the problem of a central node is avoided, the risk of the whole network is reduced, in addition, the block chain adopts a private key signature, public key verification and a non-encryption algorithm, a hacker is difficult to crack, and the trust risk of the system is reduced. And the transaction records of the blockchain are transparent and open in the whole network, so that the problem of information asymmetry is solved, and the auditing and supervision are facilitated. In addition, the blockchain technology has good expansibility, information acquisition, updating and exchange are all carried out in one chain, other departments participate in the multi-department information collaboration of cross departments, cross levels and cross platforms conveniently only by adding interfaces.
The embodiment of the application also provides a service system, as shown in fig. 7, the service system 700 includes a first communication module 701, a form making module 702 and a first consensus authentication module 703.
The first communication module 701 is configured to receive a query request submitted by a user, and extract stored query information associated with the query request.
The form creation module 702 is configured to create a shared data form, where the shared data form includes a query request and query information.
The first communication module 701 is further configured to utilize the stored private key to sign the shared data form made by the form making module 702, diffuse the shared data form into the federation chain, so that the node that receives the shared data form verifies the signature of the shared data form by using the public key, and add the query information associated with the query request stored by itself into the shared data form.
The first consensus authentication module 703 is configured to participate in consensus authentication of the query information in the shared data form after all the service systems in the federation chain add the query information to the shared data form.
The first communication module 701 is further configured to obtain a complete data form after the first consensus authentication module 703 determines that the consensus authentication is completed.
The first communication module 701 is further configured to feed back query information in the complete data form to the user.
In one implementation of the embodiment of the present application, the service system 701 further includes a first federation link construction module 704, where the first federation link construction module 704 is configured to:
When constructing the alliance chain, accessing the alliance chain as a node in the alliance chain;
the method comprises the steps of achieving an mutual recognition protocol with other nodes in a alliance chain, wherein the mutual recognition protocol comprises common recognition data, shared data and automatic backup data;
a certificate authority, CA, certificate issued by a chain of federations is received, as well as a pair of public and private keys.
In one implementation of the embodiment of the present application, the first consensus authentication module 703 is configured to:
judging whether the node is a master node for consensus authentication or not;
if yes, acquiring a shared data form added with query information through all service systems; judging whether query information added to a shared data form by all service systems is repeated or not, and whether record of the same information is inconsistent or not; if there is duplication, deleting the duplicated information; if the record of the same information is inconsistent, determining the information recorded in the latest time as correct information according to the time of recording the same information by each service system, and deleting the error information when other information is error information;
if not, the cooperative master node completes the judgment of the correct information and the error information.
In one implementation of the embodiment of the present application, the first communication module 701 is configured to:
judging whether the node is a master node for consensus authentication or not;
if the self is the master node for consensus authentication, acquiring a complete data form from the self;
if the node is not the master node for the consensus authentication, the complete data form is obtained from the master node for the consensus authentication.
In one implementation manner of the embodiment of the present application, when the service system is a master node performing consensus authentication, the first communication module 701 is configured to:
and packaging the complete data form subjected to the consensus authentication into blocks, and broadcasting to other nodes in the alliance chain so as to enable the other nodes to synchronously store the complete data form.
In the embodiment of the application, the service system is accessed to the alliance chain, and the point-to-point information sharing among a plurality of service departments can be realized by means of the decentralization and the descension of the blockchain, and the sharing flow of cross-platform service information is promoted by realizing one-time sharing, multiple times of use and hastening. Meanwhile, the block chain adopts the decentralization and distributed architecture, so that the problem of a central node is avoided, the risk of the whole network is reduced, in addition, the block chain adopts a private key signature, public key verification and a non-encryption algorithm, a hacker is difficult to crack, and the trust risk of the system is reduced. And the transaction records of the blockchain are transparent and open in the whole network, so that the problem of information asymmetry is solved, and the auditing and supervision are facilitated. In addition, the blockchain technology has good expansibility, information acquisition, updating and exchange are all carried out in one chain, other departments participate in the multi-department information collaboration of cross departments, cross levels and cross platforms conveniently only by adding interfaces.
The embodiment of the application also provides a service system, as shown in fig. 8, the service system 800 includes a second communication module 801, a signature verification module 802, an information adding module 803 and a second consensus authentication module 804.
The second communication module 801 is configured to receive a shared data form diffused by a service system that has added query information to the shared data form, where the shared data form includes a query request and the query information.
A signature verification module 802, configured to verify the signature of the shared data form received by the second communication module 801 by using the stored public key.
An information adding module 803, configured to add the query information associated with the query request stored by the signature verification module 802 to the shared data form when the signature verification module determines that the signature verification passes.
The second consensus authentication module 804 is configured to participate in the consensus authentication of the query information in the shared data form after all the service systems in the federation chain add the query information to the shared data form.
The second communication module 801 is further configured to obtain a complete data form after the second consensus module 804 determines that the consensus authentication is completed.
In one implementation of the embodiment of the present application, the service system 800 further includes a second federation link construction module 805, where the second federation link construction module 805 is configured to:
When constructing the alliance chain, accessing the alliance chain as a node in the alliance chain;
the method comprises the steps of achieving an mutual recognition protocol with other nodes in a alliance chain, wherein the mutual recognition protocol comprises common recognition data, shared data and automatic backup data;
a CA certificate issued by a federation chain is received, along with a pair of public and private keys.
In one implementation of the embodiment of the present application, the second consensus authentication module 804 is configured to:
judging whether the node is a master node of consensus authentication or not;
if yes, acquiring a shared data form added with query information through all service systems; judging whether query information added to a shared data form by all service systems is repeated or not, and whether record of the same information is inconsistent or not; if there is duplication, deleting the duplicated information; if the record of the same information is inconsistent, determining the information recorded in the latest time as correct information according to the time of recording the same information by each service system, and deleting the error information when other information is error information;
if not, the cooperative master node completes the judgment of the correct information and the error information.
In one implementation of the embodiment of the present application, the second communication module 801 is further configured to:
If the node is the master node of the consensus authentication, storing the complete data form, packaging the complete data form subjected to the consensus authentication into blocks, and broadcasting to other nodes in the alliance chain so as to enable the other nodes to synchronously store the complete data form;
if the node is not the master node for the consensus authentication, the complete data form is obtained from the master node for the consensus authentication.
In the embodiment of the application, the service system is accessed to the alliance chain, and the point-to-point information sharing among a plurality of service departments can be realized by means of the decentralization and the descension of the blockchain, and the sharing flow of cross-platform service information is promoted by realizing one-time sharing, multiple times of use and hastening. Meanwhile, the block chain adopts the decentralization and distributed architecture, so that the problem of a central node is avoided, the risk of the whole network is reduced, in addition, the block chain adopts a private key signature, public key verification and a non-encryption algorithm, a hacker is difficult to crack, and the trust risk of the system is reduced. And the transaction records of the blockchain are transparent and open in the whole network, so that the problem of information asymmetry is solved, and the auditing and supervision are facilitated. In addition, the blockchain technology has good expansibility, information acquisition, updating and exchange are all carried out in one chain, other departments participate in the multi-department information collaboration of cross departments, cross levels and cross platforms conveniently only by adding interfaces.
The present application also provides a federation chain that includes business system 700 and business system 800.
The embodiment of the application also provides a computer device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor implements any one of the methods of step 201 to step 206, step 501 to step 505 and/or step 601 to step 610 when executing the computer program.
Embodiments of the present application also provide a computer-readable storage medium storing a computer program for executing any one of the methods of steps 201 to 206, 501 to 505, and/or 601 to 610.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.