CN113098907B

Movatterモバイル変換

Info

Publication number: CN113098907B
Application number: CN202110505653.5A
Authority: CN
Inventors: 李昊轩; 王�章; 李辉忠; 张开翔; 范瑞彬
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2019-03-05
Filing date: 2019-03-05
Publication date: 2023-07-11
Anticipated expiration: 2039-03-05
Also published as: CN110035059A; CN110035059B; CN113098907A; WO2020177508A1

Abstract

The embodiment of the invention relates to the field of science and technology finance (Fintech), in particular to a group division method and device of a Blockchain (Blockchain), which are used for solving the problems of unequal mechanisms and low security in a alliance chain. The embodiment of the invention comprises the following steps: the first authority determining a third certificate from all certificates of the federation chain; the first institution generates a group configuration item from the third certificate; the first mechanism generates a group configuration file of the group according to the group configuration item and the third certificate; the first organization sends the group configuration file to the first organization nodes belonging to the group, so that the first organization nodes belonging to the group restart according to the group configuration file, and the first organization nodes have group attributes.

Description

Group division method and device for block chain

The application is a divisional application with the application number of 201910165256.0, the application date of 2019, 03 month and 05 days and the name of a group division method and device of a blockchain.

Technical Field

The present invention relates to the field of technical finance (Fintech), and more particularly, to a method and apparatus for partitioning a group of blockchains.

Background

The Block chain (blockchain) technology is a brand new distributed infrastructure and computing method in the technological financial neighborhood. In the blockchain technology, blockchains can be classified into public chains, private chains and alliance chains according to the differences of blockchain network access control rights. Wherein, the nodes of the public chain are a block chain structure which can be participated by any person and can be accessed by any person; private links are blockchain structures that are open only to individual individuals (e.g., companies, schools inside); the alliance chain is a block chain structure which is widely applied at present and is very common. In this structure, the blockchain is maintained by certain organizations, is open to certain individuals, and can introduce supervisory nodes, so that the blockchain can meet corresponding supervisory requirements while being non-tamperable.

Currently, the requirements of multiple inter-authority status peering of a federated chain cannot be met at the time of federated chain initialization. Specifically, the federation chain needs to negotiate node information contained in the creation block at initialization. The existing method is that one of the institutions generates own node information, starts a blockchain, joins nodes of other institutions, and at the moment, the institutions generate certificates and private keys for the joined other institutions and send the certificates and private keys to the other institutions; or the authoritative third-party mechanism directly generates node information in all the mechanisms and sends the installation package to each mechanism. In the method, the mechanism generating the node installation package can have all information of other nodes, the security of the private key of the node is low, and the peer-to-peer and security requirements of each mechanism in the alliance chain are not met.

Disclosure of Invention

The application provides a method and a device for constructing a block chain and dividing groups, which are used for solving the problems of unequal mechanisms and low safety in a alliance chain.

The method for constructing and dividing the block chain provided by the embodiment of the invention comprises the following steps:

the first organization generates a first certificate of a node in the first organization; the first organization is any organization in a alliance chain, and the nodes in the first organization are any node in the nodes to which the first organization belongs;

the first organization broadcasts the first certificate to a second organization and receives a second certificate of a node in the second organization, wherein the second organization is an organization except the first organization in the alliance chain;

the first organization verifies the second certificate, and generates a configuration file of a alliance chain according to the first certificate and the second certificate after the second certificate passes the verification;

the first organization sends the first certificate, the first private key of the first organization node and the configuration file to the first organization node so as to enable the first organization node to be started.

In an alternative embodiment, after the first authority sends the first certificate, the first private key of the node in the first authority, and the configuration file to the node in the first authority, the method further includes:

The first in-mechanism node verifies the first certificate by using the first private key, and after verification is passed, the first in-mechanism node is started;

after the first intra-mechanism node is started, the method further comprises the following steps:

the first in-mechanism node sends a first heartbeat request to the second in-mechanism node according to the configuration file, and receives a second heartbeat request of the second in-mechanism node;

and after the first intra-institution node determines that the number of the received second heartbeat requests is greater than a first threshold value, generating an originating block of the alliance chain.

In an optional embodiment, after the first intra-institution node determines that the number of the received second heartbeat requests is greater than a threshold, generating an originating block of the federation chain further includes:

the first organization determines a third certificate from the first certificate and the N second certificates, wherein the third certificate is a certificate corresponding to a third node belonging to a group, and the first organization comprises a first organization node belonging to the group;

the first mechanism generates a group configuration item according to the third certificate, wherein the group configuration item is used for indicating node information of the third node;

The first mechanism generates a group configuration file of the group according to the third certificate and the group configuration item;

the first organization sends the group configuration file to the first organization nodes belonging to the group;

and restarting the first intra-mechanism nodes belonging to the group according to the group configuration file so as to enable the first intra-mechanism nodes to have group attributes.

In an alternative embodiment, after the first in-mechanism node belonging to the group restarts according to the group configuration file, the method further includes:

the first intra-mechanism node belonging to the group sends a third heartbeat request to a third node except the first intra-mechanism node according to the group configuration file, and receives a fourth heartbeat request;

and after the nodes in the first mechanism belonging to the group determine that the number of the received fourth heartbeat requests is larger than a second threshold value, generating a group generation block of the group.

In an alternative embodiment, the first authority generates a configuration file of a federation chain according to the first certificate and the second certificate, including:

the first organization analyzes public key information and certificate fingerprints contained in the first certificate and the second certificate to generate the configuration file, wherein the configuration file contains network connection addresses of N second nodes;

The first intra-mechanism node sends a first heartbeat request to the N second nodes according to the configuration file, and the first heartbeat request comprises:

and the first intra-mechanism node sends the first heartbeat request to the N second nodes according to the network connection addresses of the N second nodes.

The embodiment of the invention also provides a group division method of the block chain, which comprises the following steps:

the first organization determines a third certificate from all certificates of the alliance chain, wherein the third certificate is a certificate corresponding to a third node belonging to the group; the first organization is any organization in the alliance chain which comprises nodes in the first organization belonging to the group;

the first mechanism generates a group configuration file of the group according to the group configuration item and the third certificate;

the first organization sends the group configuration file to the first organization nodes belonging to the group, so that the first organization nodes belonging to the group restart according to the group configuration file, and the first organization nodes have group attributes.

In an alternative embodiment, the first mechanism generates a group configuration file of the group according to the third certificate and the group configuration item, including:

the first organization analyzes public key information and certificate fingerprints contained in the third certificate, and generates a group configuration file according to the group configuration item, wherein the group configuration file contains a group serial number of the group and a network connection address of the third node;

the first intra-mechanism node belonging to the group sends a third heartbeat request to a third node except the first intra-mechanism node according to the group configuration file, and the method comprises the following steps:

And the first intra-mechanism node belonging to the group sends the third heartbeat request to a third node except the first intra-mechanism node according to the group serial number and the network connection address of the third node.

The embodiment of the invention also provides a device for constructing the block chain, which comprises the following steps:

a generation unit configured to generate a first certificate of a node in a first organization; the node in the first organization is any node in the nodes to which the first organization belongs, and the first organization is any organization in the alliance chain;

the mechanism receiving and transmitting unit is used for broadcasting the first certificate to a second mechanism and receiving a second certificate of a node in the second mechanism, wherein the second mechanism is a mechanism in the alliance chain except the first mechanism;

the configuration unit is used for verifying the second certificate and generating a configuration file of a alliance chain according to the first certificate and the second certificate after the second certificate passes the verification;

the mechanism receiving and transmitting unit is further configured to send the first certificate, the first private key of the first in-mechanism node, and the configuration file to the first in-mechanism node, so that the first in-mechanism node is started.

In an alternative embodiment, the method further comprises:

the starting unit is used for verifying the first certificate by using the first private key, and starting after the verification is passed;

the node receiving and transmitting unit is used for sending a first heartbeat request to the node in the second mechanism according to the configuration file and receiving a second heartbeat request of the node in the second mechanism;

and the consensus unit is used for generating an originating block of the alliance chain after determining that the number of the received second heartbeat requests is larger than a first threshold value.

In an optional embodiment, the method further includes a determining unit, configured to determine a third certificate from the first certificate and the N second certificates, where the third certificate is a certificate corresponding to a third node belonging to a group, and the first organization includes a first intra-organization node belonging to the group;

the configuration unit is further configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;

the configuration unit is further configured to generate a group configuration file of the group according to the third certificate and the group configuration item;

the mechanism receiving and transmitting unit is further configured to send the group configuration file to the first intra-mechanism node belonging to the group;

The starting unit is further configured to restart according to the group configuration file, so that the nodes in the first mechanism have group attributes.

In an optional embodiment, the node transceiver unit is further configured to send a third heartbeat request to a third node except for the node in the first mechanism according to the group configuration file, and receive a fourth heartbeat request;

and the consensus unit is further configured to generate a group generation block of the group after determining that the number of the received fourth heartbeat requests is greater than a second threshold.

The embodiment of the invention also provides a group dividing device of the block chain, which comprises the following steps:

a determining unit, configured to determine a third certificate from all certificates of the federation chain, where the third certificate is a certificate corresponding to a third node belonging to the group; the first organization to which the determining unit belongs is any organization in the alliance chain including nodes in the first organization belonging to the group;

a generation unit configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;

the generating unit is further configured to generate a group configuration file of the group according to the group configuration item and the third certificate;

And the mechanism receiving and transmitting unit is used for transmitting the group configuration file to the first in-mechanism nodes belonging to the group so that the first in-mechanism nodes belonging to the group restart according to the group configuration file, and the first in-mechanism nodes have group attributes.

In an alternative embodiment, the method further comprises:

the node receiving and transmitting unit is used for sending a third heartbeat request to a third node except the nodes in the first mechanism according to the group configuration file and receiving a fourth heartbeat request;

and the consensus unit is used for generating a group generation block of the group after determining that the number of the received fourth heartbeat requests is larger than a second threshold value.

The embodiment of the invention also provides electronic equipment, which comprises:

at least one processor; the method comprises the steps of,

a memory communicatively coupled to the at least one processor; wherein,,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.

Embodiments of the present invention also provide a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method as described above.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of a possible system architecture according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating a method for constructing a blockchain according to an embodiment of the present invention;

FIG. 3 is a flowchart of a method for constructing a federated chain according to a first embodiment of the present invention;

FIG. 4 is a flowchart of a method for partitioning a group of a federated chain according to a second embodiment of the present invention;

FIG. 5 is a schematic diagram of a block chain building apparatus according to an embodiment of the present invention;

FIG. 6 is a schematic diagram illustrating a block chain grouping apparatus according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

A blockchain is a chain of blocks that each record a hash value of a previous block in addition to the data of the block. The block chain has two core concepts, one is a cryptography technology, the other is a decentralization concept, and the history information on the block chain cannot be tampered based on the two concepts. However, in the federation chain, node information in all organizations is generated for a single organization, and the requirement of the decentralization idea cannot be met.

In order to solve the above problems, the embodiment of the invention provides a method for constructing a blockchain. One possible system architecture to which the method may be applied, as shown in FIG. 1, includes an organization and nodes.

The mechanism is a main body admitted by the alliance chain committee and is provided with a mechanism certificate authority and a mechanism private key authority. The organization may generate an in-organization node. The organization may issue a node certificate node. Crt for the node to which it belongs and generate a node private key. The certificate is a series of numbers for marking the identity information of each party in the communication of the Internet, and provides a way for verifying the identity of a communication entity on the Internet, wherein the digital certificate is not a digital identity card, but a seal or a stamp (or a signature added on the digital identity card) covered on the digital identity card by an identity authentication mechanism. It is issued by an authority-CA-authority, also known as a certificate authority (Certificate Authority) center, which people can use to identify the identity of each other on the internet.

In a blockchain peer-to-peer network, nodes participate in network construction and data exchange. A node refers to a participant with a unique identity that has a complete ledger copy with the ability to participate in blockchain peer-to-peer network consensus and ledger maintenance. In the embodiment of the invention, the nodes in the institutions are nodes running in the alliance chains, belong to corresponding institutions, and possibly are in one or more groups. The node has a node certificate node. Crt and a node private key node. The nodes in the organization are linked with other nodes of the group to which the nodes belong in the organization and maintain the group. Data isolation among groups, each group independently running a respective consensus algorithm, different groups may use different consensus algorithms.

The embodiment of the invention supports a multi-group architecture, the network is shared among groups, and the isolation of network messages among the account books is realized through a network access module. All organizations negotiate to finish the alliance chain root certificate, and all organizations have node certificate node. Crt and node private key node. Key of the nodes in the corresponding organizations respectively. Inter-chassis status peering, intra-chassis nodes only communicate with other nodes of the belonging group. The inter-agency nodes may negotiate credentials with each other and create a new group. One mechanism can correspond to one in-mechanism node, or can correspond to a plurality of in-mechanism nodes; the nodes in the same organization corresponding to the same organization can belong to the same group or can belong to different groups.

Based on the above architecture, the embodiment of the present invention provides a method for constructing a blockchain, as shown in fig. 2, where the method for constructing a blockchain provided by the embodiment of the present invention includes the following steps:

step 201, a first organization generates a first certificate of a node in the first organization; the first organization is any organization in the alliance chain, and the node in the first organization is any node in the nodes to which the first organization belongs.

Step 202, broadcasting the first certificate to a second organization by the first organization, and receiving a second certificate of a node in the second organization, wherein the second organization is an organization except the first organization in the alliance chain;

step 203, the first organization verifies the second certificate, and after the verification is passed, generates a configuration file of the alliance chain according to the first certificate and the second certificate.

Step 204, the first organization sends the first certificate, the first private key of the first organization node and the configuration file to the first organization node, so that the first organization node is started.

Specifically, in the federation chain of the embodiment of the invention, each organization generates node certificates for nodes in the corresponding organization, and a plurality of organizations broadcast the node certificates by adopting a peer-to-peer negotiation method and perform certificate verification. The organization can generate configuration files when the alliance chain node is started according to the certificates of all the nodes, and the node private key is stored locally in the organization and is not sent to other organizations, so that the node private key cannot be revealed, and the security of the private key is ensured. Since the generated configuration files do not contain node private keys, even if the generated configuration files are revealed, these configuration files cannot be used by non-local institutions.

The node certificate can be actively sent to other institutions in the alliance chain, namely the second institution, by the first institution; or may be obtained from the first mechanism by the second mechanism. After each organization receives the node certificates broadcast by other organizations, the information such as the issuer, the user, the validity period, the key usage, the public key contained in the certificates and the like of the certificates is verified, so that whether the node certificates are legal or not is judged. If the node certificates are legal, the node certificate negotiation is successful, and the subsequent flow is continuously executed; if there is an illegal certificate, node certificate negotiation fails.

After the node certificate negotiation is successful, each organization in the alliance chain generates a configuration file of the corresponding node in the organization, and sends the configuration file of the node in each organization, the certificate and the private key of the node in the organization to the node in the organization so as to enable the node in the organization to be started. After the first organization sends the first certificate, the first private key of the node in the first organization and the configuration file to the node in the first organization, the method further comprises:

In the specific implementation process, each mechanism configures the private key of the node to an installation package of the node in the corresponding mechanism, and the node is started. At present, two configuration modes are supported, namely a key type private key encryption mode and a mode of directly loading a private key into a node folder. After the first in-mechanism node receives the first certificate, the first private key and the configuration file sent by the mechanism, the first in-mechanism node verifies the first certificate by using the first private key, judges whether the first private key is matched with the first certificate, and after the verification is passed, the first in-mechanism node starts, otherwise, the initialization process of the alliance chain is ended. After the first intra-organization node is started, a first heartbeat request is sent to other nodes in the alliance chain, namely the second intra-organization node according to the received configuration file. Nodes within the first organization will only have a consensus, i.e., co-create a blockchain, of collecting heartbeat requests from a sufficient number of other nodes. In this way, the success rate of blockchain creation is guaranteed. The consensus algorithm is that each node in the blockchain peer-to-peer network confirms a batch of transactions through an algorithm and ensures that all nodes have consistent confirmation results on the batch of data.

For example, if the number of negotiated node certificates is n, i.e. the number of nodes in the organization is n, and the operations of certificate negotiation, node deployment, etc. have been completed. After each node in the alliance chain is started, the nodes are connected with other nodes in the alliance chain according to the configuration file of the alliance chain. The first thresholds in the different consensus methods are different. If the node in the organization can only generate the created blocks of the alliance chain after collecting the heartbeat requests with the number more than 2n/3 (rounding upwards) in the PBFT (Practical Byzantine Fault Tolerance) mode, the Bayesian fault-tolerant algorithm is applied, and the consensus is further completed. In the RAFT (a distributed consistency algorithm) mode, only after heartbeat requests with the number greater than n/2 (rounded up) are collected, the alliance chain groups can be identified together, and deployment is completed. To guarantee federation chain consensus efficiency, the number of node certificates n in PBFT is not recommended to exceed 40, and the number of node certificates n in raft is not recommended to exceed 100.

Further, the first organization generates a configuration file of a federation chain according to the first certificate and the second certificate, including:

the first organization analyzes public key information and certificate fingerprints contained in the first certificate and the second certificate to generate the configuration file, wherein the configuration file contains network connection addresses of N second nodes.

In the implementation process, the first organization generates a configuration file according to all node certificates in the alliance chain. Specifically, public key information and certificate fingerprints contained in a certificate are analyzed to generate serial numbers of a alliance chain, and when a subsequent node generates an originating block, the serial number information is placed into the originating block. Meanwhile, the first mechanism generates configuration files such as group capacity, network connection address and the like required by the start of the block chain. Thus, when the node in the first mechanism needs to send the first heartbeat request, the first heartbeat request can be sent to the second nodes according to the network connection address of each second node.

After the alliance chain is initialized, different groups are needed to be divided among the institutions according to different services. Each group contains a plurality of nodes, and the nodes belonging to the same organization can belong to different groups or belong to the same group.

After the first intra-institution node determines that the number of the received second heartbeat requests is greater than a threshold, generating an originating block of the alliance chain further includes:

Specifically, the group is divided after the alliance chain is initialized, and since all node certificates in the alliance chain are obtained by each organization, the processes of obtaining the node certificates and verifying do not need to be executed again, and since the first organization comprises the first intra-organization nodes belonging to the group, the first organization can directly determine the third certificate corresponding to the third node belonging to the group from all the node certificates. Generating a group configuration item according to the third certificate. The group configuration item may include data such as a certificate of each node in the group, an IP of the node, a port number, and the like, and may indicate which nodes are specifically the third node in the group. The first organization analyzes public key information and certificate fingerprints contained in the certificates according to the group configuration items and the node certificates in the group, and generates a group serial number when the group is started. When the subsequent node generates the group creation block, the group serial number information is put into the group creation block. Meanwhile, the first mechanism generates configuration files such as group capacity required in dividing the group and network connection addresses of nodes in the group. After each organization generates a group configuration file, the group configuration file is sent to the nodes in the organization belonging to the group, and after the group configuration file is imported into the node installation package, the nodes are restarted. Thus, the nodes in the organization belonging to the group have group attributes after restarting according to the group configuration file.

That is, nodes in the first organization only have a common knowledge of the heartbeat requests collected by a sufficient number of other nodes in the group, i.e., create a group creative block. In this way, the success rate of group division is ensured.

Further, in the embodiment of the invention, the node also has a detection function. Specifically, when the node is started, a corresponding node certificate is generated, and the node configuration item contains information such as node IP, port number, group to which the node belongs, and the like, so that the availability of the generated node is ensured.

Furthermore, the embodiment of the invention also designs a monitoring function. Corresponding monitoring services can be configured, such as reporting monitoring results to user WeChat by default configuration. According to the embodiment of the invention, the RPC (Remote Procedure Call ) request can be initiated to the nodes in the mechanism through the mechanism to obtain the related parameters when the nodes in the mechanism run, meanwhile, the nodes in the mechanism are monitored through analyzing log information when the nodes in the mechanism run, and the monitoring result is reported to the service configured by the user. For example, a monitoring service is configured by default, reporting to WeChat, personal website, dedicated service settings are supported, and reporting to enterprise WeChat, etc.

In addition, the embodiment of the invention also provides a group division method of the alliance chain, which is used for carrying out peer-to-peer group division in the alliance chain initialized in any mode. The group division method of the alliance chain in the embodiment of the invention comprises the following steps:

the first organization determines a third certificate from all certificates of the alliance chain, wherein the third certificate is a certificate corresponding to a third node belonging to the group; the first organization is any organization in the federation chain that includes nodes within the first organization that belong to the group.

The first mechanism generates a group configuration item according to the third certificate, wherein the group configuration item is used for indicating node information of the third node.

The first mechanism generates a group configuration file of the group according to the group configuration item and the third certificate.

The first organization sends the group profile to the first in-organization nodes belonging to the group.

And the first intra-mechanism node belonging to the group sends a third heartbeat request to a third node except the first intra-mechanism node according to the group configuration file, and receives a fourth heartbeat request.

In the embodiment of the invention, no matter how the alliance chain is initialized, for the group division of the nodes, each node belonging to the group belongs to an organization which generates a group configuration file according to all certificates in the group and configures the group configuration file to the corresponding node installation package, so that the peer-to-peer property of the group division is maintained. Meanwhile, the private key of the node does not need to be transmitted between institutions, so that the security of the private key is ensured.

Further, the first organization generates a group configuration file of the group according to the third certificate and the group configuration item, including:

In the implementation process, the first organization analyzes public key information and certificate fingerprints contained in the third certificate to generate a group serial number, and when the nodes of the subsequent group generate a group creation block, the group serial number information is put into the group creation block. Meanwhile, the first mechanism generates group configuration files such as group capacity required by the start of the blockchain and network connection addresses of nodes in the group. Thus, when the node in the first mechanism needs to send the heartbeat request to other nodes in the group, the heartbeat request can be sent to other nodes in the group according to the group network connection address of the node.

In order to understand the present invention more clearly, the following describes the above-mentioned process in detail with a specific embodiment, where a first embodiment is an initialization process of a federation chain, and a specific scenario is that the federation chain includes 9 nodes including node 11, node 12, … … node 19 and 4 entities including 1 to 4 entities, where node 11 and node 15 are intra-entity nodes of 1, node 11 belongs to a first group, node 15 belongs to a second group, and steps of the specific embodiment are shown in fig. 3, and include:

Step 301: organization 1 generates node credentials 110 for node 11 and node credentials 150 for node 15.

Step 302: the organization 1 broadcasts the node certificates 110 and 150, that is, transmits the node certificates of the nodes 11 and 15 to the organizations 2, 3, and 4, and receives the node certificates transmitted from the organizations 2, 3, and 4.

Step 303: the organization 1 verifies the received node certificate, if it passes the execution ofstep 304, otherwise it executesstep 311.

Step 304: the organization 1 generates a configuration file of the federation chain from the node certificates 110 to 190.

Step 305: the organization 1 sends the configuration file to the nodes 11 and 15, and the node certificate 110 and the corresponding private key to the node 11, and the node certificate 150 and the corresponding private key to the node 15.

Step 306: the node 11 verifies the node certificate 110 with the received private key, and if the verification is passed,step 307 is performed, otherwise step 311 is performed.

Step 307: node 11 starts.

Step 308: node 11 sends a first heartbeat request to nodes 12 through 19 and receives a second heartbeat request according to the configuration file.

Step 309: the node 11 determines the number of received second heartbeat requests, if it is greater than the threshold value 5, then step 310 is performed, otherwise step 309 is performed.

Step 310: the nodes 11 make consensus.

Step 311: the federation chain initialization fails.

The second embodiment is a group partitioning process of a federation chain, and still uses the scenario in the first embodiment, where the steps of the second embodiment are shown in fig. 4, and include:

step 401: organization 1 determines from node certificates 110 through 190 that nodes 11 through 14 are a first group and nodes 15 through 19 are a second group.

Step 402: the organization 1 generates a group configuration item of the first group according to the node certificates 110 to 140, and further generates a group configuration file of the first group.

Step 403: mechanism 1 sends the group profile of the first group to node 11.

Step 404: the node 11 verifies the group configuration file with the private key, if the verification is passed,step 405 is executed, otherwise step 401 is executed.

Step 405: the node 11 restarts according to the group profile of the first group.

Step 406: node 11 sends a third heartbeat request to node 12, node 13, and node 14, and receives a fourth heartbeat request.

Step 407: the node 11 determines that the number of fourth heartbeat requests is greater than 2, then step 408 is performed, otherwise step 407 is performed.

Step 408: the nodes 11 make consensus.

The embodiment of the invention also provides a device for constructing the blockchain, as shown in fig. 5, which comprises:

agenerating unit 501 configured to generate a first certificate of a node in a first organization; the node in the first organization is any node in the nodes to which the first organization belongs, and the first organization is any organization in the alliance chain;

anorganization transceiver unit 502, configured to broadcast the first certificate to a second organization, and receive a second certificate of a node in the second organization, where the second organization is an organization in the federation chain other than the first organization;

aconfiguration unit 503, configured to verify the second certificate, and generate a configuration file of a federation chain according to the first certificate and the second certificate after the second certificate passes the verification;

themechanism transceiver unit 502 is further configured to send the first certificate, the first private key of the first intra-mechanism node, and the configuration file to the first intra-mechanism node, so that the first intra-mechanism node is started.

Further, the method further comprises the following steps:

astarting unit 504, configured to verify the first certificate by using the first private key, and start after the verification is passed;

anode transceiver unit 505, configured to send a first heartbeat request to the second intra-mechanism node according to the configuration file, and receive a second heartbeat request of the second intra-mechanism node;

And aconsensus unit 506, configured to generate an originating block of the coalition chain after determining that the number of the received second heartbeat requests is greater than a first threshold.

Further, the method further includes a determiningunit 507, configured to determine a third certificate from the first certificate and the N second certificates, where the third certificate is a certificate corresponding to a third node belonging to a group, and the first organization includes a first intra-organization node belonging to the group;

theconfiguration unit 503 is further configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;

theconfiguration unit 503 is further configured to generate a group configuration file of the group according to the third certificate and the group configuration item;

themechanism transceiver 502 is further configured to send the group configuration file to the first in-mechanism node belonging to the group;

thestarting unit 504 is further configured to restart according to the group configuration file, so that the nodes in the first mechanism have a group attribute.

Further, thenode transceiver 505 is further configured to send a third heartbeat request to a third node except for the node in the first mechanism according to the group configuration file, and receive a fourth heartbeat request;

Theconsensus unit 506 is further configured to generate a group creation block of the group after determining that the number of the received fourth heartbeat requests is greater than a second threshold.

The embodiment of the invention also provides a group dividing device of the block chain, as shown in fig. 6, which comprises:

a determiningunit 601, configured to determine a third certificate from all certificates of the federation chain, where the third certificate is a certificate corresponding to a third node belonging to a group; the first organization to which the determining unit belongs is any organization in the alliance chain including nodes in the first organization belonging to the group;

agenerating unit 602, configured to generate a group configuration item according to the third certificate, where the group configuration item is used to indicate node information of the third node;

the generatingunit 602 is further configured to generate a group configuration file of the group according to the group configuration item and the third certificate;

and themechanism transceiver unit 603 is configured to send the group configuration file to the first in-mechanism node belonging to the group, so that the first in-mechanism node belonging to the group restarts according to the group configuration file, and the first in-mechanism node has a group attribute.

Further, the method further comprises the following steps:

anode transceiver 604, configured to send a third heartbeat request to a third node except for the nodes in the first mechanism according to the group configuration file, and receive a fourth heartbeat request;

theconsensus unit 605 is configured to generate a group generation block of the group after determining that the number of the received fourth heartbeat requests is greater than a second threshold.

Based on the same principle, the present invention also provides an electronic device, as shown in fig. 7, including:

comprises aprocessor 701, amemory 702, atransceiver 703 and abus interface 704, wherein theprocessor 701, thememory 702 and thetransceiver 703 are connected through thebus interface 704;

theprocessor 701 is configured to read the program in thememory 702, and execute the following method:

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.

It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims

1. A method of group partitioning of a blockchain, comprising:

2. The method of claim 1, wherein after the first in-house node belonging to the group reboots according to the group profile, further comprising:

3. The method of claim 2, wherein the first in-house node belonging to the group sends a third heartbeat request to a third node other than the first in-house node according to the group profile, comprising:

4. A group partitioning apparatus for a blockchain, comprising:

the generating unit is further configured to analyze public key information and a certificate fingerprint included in the third certificate, and generate, according to the group configuration item, the group configuration file, where the group configuration file includes a group serial number of the group and a network connection address of the third node;

5. The apparatus as recited in claim 4, further comprising:

6. The apparatus of claim 5, wherein the node transceiver unit is specifically configured to:

7. An electronic device, comprising:

at least one processor; the method comprises the steps of,

a memory communicatively coupled to the at least one processor; wherein,,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-3.

8. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1-3.