CN111327564B

Movatterモバイル変換

Info

Publication number: CN111327564B
Application number: CN201811526390.0A
Authority: CN
Inventors: 张盼; 王申; 赵林; 何丽; 黄洁华
Original assignee: Aisino Corp
Current assignee: Aisino Corp
Priority date: 2018-12-13
Filing date: 2018-12-13
Publication date: 2022-03-08
Anticipated expiration: 2038-12-13
Also published as: CN111327564A

Abstract

The application discloses an admission method and a device for a alliance chain, wherein the method comprises the following steps: receiving a joining request sent by an organization to be joined, wherein the joining request comprises identity information and an IP address of the organization to be joined, sending the joining request to each trusted third party in a alliance chain, receiving verification information fed back by each trusted third party based on the joining request, judging whether the identity information and the IP address are legal based on the verification information, if so, judging whether the organization to be joined is allowed to join the alliance chain based on a common identification mechanism among organizations in the alliance chain, and if so, joining the organization to be joined to the alliance chain. The technical problem that the security of a alliance chain is low in the existing access method is solved.

Description

Access method and device for alliance chain

Technical Field

The present application relates to the field of block chain technologies, and in particular, to an admission method and an admission device for a federation chain.

Background

With the rapid development of block chain technology, block chains are widely applied to various industries, such as the fields of finance, securities, logistics and the like, and can be divided into public chains, private chains and alliance chains according to different block chains of participants, wherein the public chains can be used and maintained by anyone, information is completely disclosed, the private chains are managed and limited by a centralized manager, only a few people inside can use the private chains, the information is not disclosed, the alliance chains are one block chain maintained by a plurality of organizations, and the organizations or members with access rights can access the information in the alliance chains.

The alliance chain is widely concerned due to the fact that the alliance chain is used and has limited access with authority, related information can be protected, and the alliance chain is applied to the fields of supply chain, banking, tax, logistics and the like. At present, an admission mechanism of a federation chain is mainly dominated by one party, and an organization or a member can be admitted to join the federation chain after one party confirms, namely, the organization can join the federation chain after a trusted third party confirms or the organization in the federation verifies, and the trusted third party or the organization of the federation chain can be attacked maliciously to correct the verification result, so that the maliciousness organization joins the federation chain, and the security of the federation chain is low.

Disclosure of Invention

The application provides an admission method and an admission device for a alliance chain, which are used for solving the technical problem of low security of the alliance chain in the existing admission method.

In a first aspect, the present application provides an admission method for a federation chain, where the method includes: the method comprises the steps that a server receives a joining request sent by an organization to be joined, wherein the joining request comprises identity information and an IP address of the organization to be joined, the joining request is sent to each trustable third party in a alliance chain, verification information fed back by each trustable third party based on the joining request is received, whether the identity information and the IP address are legal is judged based on the verification information, if yes, whether the organization to be joined is allowed to join the alliance chain is judged based on a common identification mechanism among the organizations in the alliance chain, and if yes, the organization to be joined is joined to the alliance chain.

In the scheme provided by the embodiment of the application, whether the identity information and the IP address of the organization to be joined are legal is judged based on the verification information fed back by each trusted third party in the alliance chain, and if the identity information and the IP address of the organization to be joined are legal, whether the organization to be joined is allowed to join the alliance chain is judged based on a common identification mechanism among organizations in the alliance chain. Therefore, whether the organization to be joined can be joined into the alliance chain is determined through the verification of a trusted third party and multiple parties of organizations in the alliance chain, the joining of malicious organizations is avoided, and the safety of the alliance chain is improved.

Optionally, the identity information includes a name of the organization to be joined, a type of the organization to be joined, and a uniform resource locator URL of an application certificate of the organization to be joined.

Optionally, determining whether the identity information and the IP address are legal based on the verification information includes:

judging whether the verification information fed back by each trusted third party comprises preset legal information or not, wherein the preset legal information comprises information that the name of the organization to be joined exists, information that the type of the organization to be joined is matched with the type of the alliance chain, information that the URL of the application certificate of the organization to be joined is valid and information that the IP address of the organization to be joined is legal;

and if so, the identity information and the IP address are legal.

In the scheme provided by the embodiment of the application, whether the preset legal information is contained or not is determined by verifying the verification information fed back by each trusted third party in the alliance chain, and further the legality of the identity information and the IP address to be added into the organization is determined, so that the legality of the identity information and the IP address to be added into the organization is determined by combining the verification information fed back by a plurality of trusted third parties, and the accuracy of the verification result is improved.

Optionally, the consensus mechanism comprises:

determining the number of the organizations of the alliance chain which agree to the organization to be joined based on a voting algorithm, and if the number exceeds a preset threshold value, allowing the organization to be joined to join the alliance chain; or

And if the preset organization in the alliance chain agrees to join the organization to be joined, allowing the organization to be joined to join the alliance chain, wherein the preset organization at least comprises one organization in the alliance chain.

Optionally, joining the to-be-joined organization to the federation chain includes:

receiving a digital certificate and a secret key generated by the trusted third party for the organization to be joined, and feeding back the digital certificate and the secret key to the organization to be joined in a storage form of an encryption card or a U shield;

adding the organization to join to a list of organization members of the federation chain.

In the scheme provided by the embodiment of the application, after the organization to be joined is allowed to join the alliance chain, the server generates the digital certificate and the secret key for the organization to be joined, and the digital certificate and the secret key are stored in the encryption card or the U shield, so that the information leakage of the digital certificate and the secret key is avoided, and the transaction security of the alliance chain is improved.

In a second aspect, the present application provides an admission apparatus for a federation chain, the apparatus comprising:

the system comprises a receiving module, a joining module and a sending module, wherein the receiving module is used for receiving a joining request sent by an organization to be joined, and the joining request comprises identity information and an IP address of the organization to be joined;

the sending module is used for sending the joining request to each trusted third party in a alliance chain and receiving verification information fed back by each trusted third party based on the joining request;

the judging module is used for judging whether the identity information and the IP address are legal or not based on the verification information;

the judging module is further configured to judge whether to allow the organization to be joined to join the federation chain based on a consensus mechanism among the organizations in the federation chain if the identity information and the IP address are legal;

and the processing module is used for adding the organization to be added into the alliance chain if the organization to be added is allowed to be added into the alliance chain.

Optionally, the determining module is specifically configured to:

and if the preset legal information is included, the identity information and the IP address are legal.

Optionally, the consensus mechanism comprises:

Optionally, the processing module is specifically configured to:

In a third aspect, the present application provides a server, including:

a memory for storing instructions for execution by at least one processor;

a processor for executing instructions stored in a memory to perform the method of the first aspect.

In a fourth aspect, the present application provides a computer readable storage medium having stored thereon computer instructions which, when run on a computer, cause the computer to perform the method of the first aspect.

Drawings

Fig. 1 is a schematic structural diagram of an alliance chain network system according to an embodiment of the present disclosure;

fig. 2 is a flowchart of an admission method of a federation chain according to an embodiment of the present application;

fig. 3 is a flowchart of a method for verifying identity information and an IP address according to an embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of an admission apparatus of a federation chain according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

In the solutions provided in the embodiments of the present application, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In order to better understand the technical solutions, the technical solutions of the present application are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.

Fig. 1 is a schematic structural diagram of a federation chain network system, where the federation chain network system includes amonitoring platform 101, aclient 102, a trustedthird party 103, and anode 104, where themonitoring platform 101 is used to manage organization of federation chains, monitoring of network states, and data auditing, theclient 102 includes an administrator client 105 and a common user client 106, and is used to perform data interaction with themonitoring platform 101 or thenode 104, the trustedthird party 103 is used to verify identity information of an organization joining a federation chain, and thenode 104 is used to monitor node states or perform node work deployment and maintenance. It should be understood that theadministration platform 101 may include a plurality of servers, and may also include one server, without limitation.

Example one

The admission method of a federation chain provided in the embodiment of the present application is described in further detail below with reference to the accompanying drawings in the specification, and a specific implementation manner of the method may include the following steps (a method flow is shown in fig. 2):

step 201, a server receives a joining request sent by an organization to be joined, wherein the joining request includes identity information and an IP address of the organization to be joined.

The identity information includes the name of the organization to be added, the type of the organization to be added, and a Uniform Resource Locator (URL) address of the organization application certificate to be added.

After the server acquires the joining request sent by the organization to be joined, read-write permission and administrator permission are also pre-allocated to the organization to be joined, and permission can be specifically allocated to the organization to be joined in the following way:

in the method 1, a right item is allocated to the to-be-added organization based on the to-be-added organization credit level, for example, if the to-be-added organization credit level is excellent, the to-be-added organization is allowed to have read-write permission and administrator permission; if the credit level of the organization to be added is good, allowing the organization to be added to have read-write permission; and if the credit rating of the organization to be added is poor, allowing the organization to be added to have a read permission.

In the mode 2, the mapping relationship between the organization type and the authority is pre-stored in the server database, for example, the financial organization has read-write authority and administrator authority, the logistics organization has read-write authority, the service organization has read authority, and after the server acquires the type of the organization to be joined, the server allocates the authority for the organization to be joined based on the preset mapping relationship between the organization type and the authority.

Step 202, the server sends the join request to each trusted third party in the federation chain, and receives verification information fed back by each trusted third party based on the join request.

The server sends the received join request to be joined to the organization to each trusted third party in the federation chain, where the federation chain may include multiple trusted third parties, the trusted third parties may be Certificate Authorities (CAs), the multiple trusted third parties may correspond to one server, and each trusted third party may also correspond to one server.

When a plurality of trusted third parties in the alliance chain receive a joining request to be joined into an organization, identity information and an IP address in the joining request are verified. As shown in fig. 3, the specific process is as follows:

step 301, each trusted third party in the federation chain determines whether a name to join the organization exists.

And the server of the trusted third party searches the name of the organization to be joined through the Internet, and if the name of the organization to be joined cannot be searched, the name of the organization to be joined does not exist.

Step 302, determine whether the type of the organization to be added matches the type of the preset federation chain.

The type of the alliance chain is stored in a server corresponding to a trusted third party, the server corresponding to the trusted third party determines whether the type of the organization to be joined is the same as the type of the preset alliance chain or not based on the received type of the organization to be joined, and if the type of the organization to be joined is the same as the type of the preset alliance chain, the type of the organization to be joined is matched with the type of the preset alliance chain.

For example, the type of the preset alliance chain is a financial alliance chain, the type of the organization to be joined received by the server of the trusted third party is a financial organization, and the organization to be joined is matched with the type of the preset alliance chain.

Step 303, determine whether the URL address of the application certificate to be added to the organization is valid.

And the server corresponding to the trusted third party skips based on the URL address of the application certificate to be added into the organization, and judges whether the server can skip to the page corresponding to the URL address of the application certificate, if not, the URL address of the application certificate to be added into the organization is an invalid address.

Step 203, the server judges whether the identity information and the IP address are legal or not based on the verification information.

The server judges whether the verification information fed back by each trusted third party comprises preset legal information or not, wherein the preset legal information comprises information that the name of the organization to be joined exists, information that the type of the organization to be joined is matched with the type of the alliance chain, information that the URL of the application certificate of the organization to be joined is valid and information that the IP address of the organization to be joined is legal;

Specifically, the verification information includes at least one of information that a name of the organization to be joined exists, information that the type of the organization to be joined matches the type of the federation chain, information that a URL of an application certificate of the organization to be joined is valid, and information that an IP address of the organization to be joined is legal. After receiving the verification information fed back by the multiple trusted third parties in the alliance chain, the server verifies the content of the verification information fed back by each trusted third party respectively, judges whether the received multiple verification information includes preset legal information, and determines that the identity information and the IP address of the organization to be joined are legal if the multiple verification information includes the preset legal information.

And 204, if the identity information and the IP address are legal, the server judges whether to allow the organization to be added to the alliance chain or not based on a consensus mechanism among organizations in the alliance chain.

The consensus mechanism comprises:

Specifically, after verifying that the identity information and the IP address of the organization to be joined are legal, the organization in the federation chain needs to determine whether to allow the organization to be joined to join the federation chain through a consensus mechanism. Organizations in a federation chain may determine whether to allow a joining organization to join the federation chain by:

in the method 1, each organization in the federation chain votes based on a voting algorithm (such as a mole voting algorithm) to determine whether the organization to be added is allowed to be added into the federation chain, and sends a voting result to the server, and the server determines whether the number of the organizations allowed to be added into the federation chain exceeds a preset threshold value based on the voting result, for example, the preset threshold value includes half of the number of the organizations already added into the federation chain, and if the number of the organizations allowed to be added into the federation chain exceeds the preset threshold value, the organization to be added is determined to be added into the federation chain.

And 2, optionally selecting at least one organization in the alliance chain as a preset organization, receiving a voting result of whether each organization in the alliance chain agrees to join the organization to join the alliance chain by the server, determining whether the preset organization allows the organization to be joined to join the alliance chain based on the voting result, and if so, determining that the organization to be joined is joined to the alliance chain.

Step 205, if the to-be-joined organization is allowed to join in the federation chain, the server joins the to-be-joined organization in the federation chain.

The server receives the digital certificate and the secret key generated by the trusted third party for the organization to be joined, and feeds back the digital certificate and the secret key to the organization to be joined in a storage form of an encryption card or a U shield;

Specifically, after the organization to be joined is allowed to join the alliance chain, a trusted third party generates a digital certificate and a secret key for the organization to be joined, the digital certificate and the secret key are sent to a server, the server stores the digital certificate in an encryption card or a U shield, the stored form is fed back to the organization to be joined, information of the organization to be joined is pushed to a client, and the client adds the organization to be joined to an organization member list of the alliance chain based on the information of the organization to be joined.

Example two

The present application provides an admission apparatus of a federation chain, as shown in fig. 4, the apparatus includes:

areceiving module 401, configured to receive a join request sent by a to-be-joined organization, where the join request includes identity information and an IP address of the to-be-joined organization;

a sendingmodule 402, configured to send the join request to each trusted third party in a federation chain, and receive verification information fed back by each trusted third party based on the join request;

a determiningmodule 403, configured to determine whether the identity information and the IP address are legal based on the verification information;

the determiningmodule 403 is further configured to determine, if the identity information and the IP address are legal, whether to allow the to-be-joined organization to join the federation chain based on a consensus mechanism between the organizations in the federation chain;

aprocessing module 404, configured to join the to-be-joined organization to the federation chain if the to-be-joined organization is allowed to join the federation chain.

Optionally, the determiningmodule 403 is specifically configured to:

Optionally, the consensus mechanism comprises:

Optionally, theprocessing module 404 is specifically configured to:

EXAMPLE III

The present application provides a server, as shown in fig. 5, including:

amemory 501 for storing instructions for execution by at least one processor;

theprocessor 502 is configured to execute instructions stored in the memory to perform the method of the first embodiment.

Example four

The present application provides a computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of embodiment one.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. An admission method for a federation chain, comprising

Receiving a joining request sent by an organization to be joined, wherein the joining request comprises identity information and an IP address of the organization to be joined;

sending the join request to each trusted third party in a alliance chain, and receiving verification information fed back by each trusted third party based on the join request;

judging whether the identity information and the IP address are legal or not based on the verification information;

if the organization is legal, judging whether the organization to be added is allowed to be added into the alliance chain or not based on a consensus mechanism among the organizations in the alliance chain;

and if so, adding the organization to be added into the alliance chain.

2. The method of claim 1, wherein the identity information comprises a name of the organization to join, a type of the organization to join, and a Uniform Resource Locator (URL) of an application certificate of the organization to join.

3. The method of claim 2, wherein determining whether the identity information and the IP address are legitimate based on the authentication information comprises:

and if the identity information and the IP address are included, the identity information and the IP address are legal.

4. The method of claim 3, wherein the consensus mechanism comprises:

5. The method of any of claims 1-4, wherein joining the organization to be joined to the federation chain comprises:

6. An admission arrangement for a federation chain, comprising

7. The apparatus of claim 6, wherein the identity information comprises a name of the organization to join, a type of the organization to join, and a Uniform Resource Locator (URL) of an application certificate of the organization to join.

8. The apparatus of claim 7, wherein the determining module is specifically configured to:

9. A server, comprising:

a memory for storing instructions for execution by at least one processor;

a processor for executing instructions stored in the memory to perform the method of any one of claims 1-5.

10. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-5.