CN114157430B - A blockchain-based ship track monitoring system - Google Patents

Abstract

The invention discloses a ship track monitoring system based on a block chain, which comprises a main communication node A₀ And n replica communication nodes; the master communication node A₀ And n duplicate communication nodes form a blockchain; the block chain stores AIS information; the copy communication node acquires AIS information from the block chain to finish trace back inquiry; the invention relates to a ship track monitoring system based on a blockchain technology, which mainly solves the problem of accurate backtracking of a ship track supervision mechanism on the whole process of a ship track, effectively prevents data loss caused by ship track data tampering and node abnormality, ensures the safety and confidentiality of data by using a strong collision state-secret algorithm, reduces the load of all nodes by using a node marginalized calculation and summarization mode, reduces resource waste, and can prevent hacking.

Description

Translated fromChinese

一种基于区块链的船舶轨迹监测系统A blockchain-based ship track monitoring system

技术领域technical field

本发明涉及数据加密安全通信领域，具体是一种基于区块链的船舶轨迹监测系统。The invention relates to the field of data encryption secure communication, in particular to a blockchain-based ship track monitoring system.

背景技术Background technique

内河航运是我国水上交通运输的重要渠道，它具有便捷、快速和运输量大的特点，我国依靠得天独厚的地理环境优势，从19世纪30年代至今，全国内河航道通航里程达12.77万公里，通航货运量也逐年增加，据统计2020年仅单月货运量已高达70659万吨，因此，航道的安全与畅通成为了水上交通运输的重要保障。目前，内河航道基本实现了数字化、智能化和网络化。虽然数字化航道建设带来了一定的成效，但由于航道环境复杂恶劣，比如：水深流急、洲滩演变频繁、河床演变剧烈、通信信号不稳定、信号盲区多等，船舶通行指挥系统容易遭受黑客入侵，以上因素导致接收的AIS数据缺失或被篡改、轨迹回溯不连续、事故取证难等问题。当控制河段内出现海损事故，如：谎报船位导致上下水船舶同时进槽相撞，肇事船舶撞毁航标逃逸导致后船偏航、搁浅或相撞，船舶损坏岸基设备逃逸等，如果该辖区内的信号台无法准确连续地回溯船舶AIS位置信息，航道监管部门因数据证据不充分而无法定位肇事船舶，导致航道监管部门查证困难、权威受到挑衅，国家经济蒙受损失。Inland waterway shipping is an important channel for water transportation in my country. It has the characteristics of convenience, speed and large transportation volume. my country relies on its unique geographical advantages. The volume is also increasing year by year. According to statistics, the cargo volume in a single month in 2020 has reached 706.59 million tons. Therefore, the safety and smoothness of the waterway has become an important guarantee for water transportation. At present, inland waterways have basically realized digitization, intelligence and networking. Although the construction of digital waterways has brought certain results, due to the complex and harsh environment of the waterway, such as: deep water and rapid currents, frequent evolution of continental beaches, severe riverbed evolution, unstable communication signals, and many signal blind spots, the ship traffic command system is vulnerable to hackers Intrusion, the above factors lead to problems such as missing or tampered AIS data received, discontinuous trajectory traceback, and difficulty in obtaining evidence of accidents. When there are average damage accidents in the controlled river section, such as: falsely reporting the position of the ship and causing the upper and lower ships to enter the trough and collide at the same time, the ship causing the accident collides with the navigation mark and escapes, causing the following ship to yaw, run aground or collide, and the ship damages the shore-based equipment and escapes, etc., if the The signal station in the jurisdiction cannot accurately and continuously trace back the AIS position information of the ship, and the waterway supervision department cannot locate the ship involved in the accident due to insufficient data evidence, which makes the verification of the waterway supervision department difficult, the authority is challenged, and the national economy suffers losses.

目前，内河航道控制河段船舶轨迹回溯方案仅解决了AIS数据如何在单一节点上的存储问题，不具备轨迹数据防篡改和灾备能力。At present, the ship trajectory backtracking scheme for the inland waterway control section only solves the problem of how to store AIS data on a single node, and does not have the anti-tampering and disaster recovery capabilities of trajectory data.

发明内容Contents of the invention

本发明的目的是提供一种基于区块链的船舶轨迹监测系统，包括主通信节点A₀和n个副本通信节点。The object of the present invention is to provide a blockchain-based ship trajectory monitoring system, including a master communication node_A0 and n copy communication nodes.

所述主通信节点A₀和n个副本通信节点组成区块链。The master communication node_A0 and n copy communication nodes form a block chain.

所述区块链存储AIS信息。The blockchain stores AIS information.

所述副本通信节点从区块链中获取AIS信息，完成轨迹回溯查询。The copy communication node obtains the AIS information from the block chain, and completes the trajectory backtracking query.

所述区块链存储AIS信息的步骤包括：The steps of storing AIS information in the block chain include:

I)任意副本通信节点A接收船舶发送的加密AIS信息R_accA，并对加密AIS信息R_accA进行解析，得到AIS信息R_accaA＝Y(R_accA)。Y表示解析协议。A∈{A₁,A₂···A_n}。{A₁,A₂···A_n}为副本通信节点。I) Any replica communication node A receives the encrypted AIS information R_accA sent by the ship, and analyzes the encrypted AIS information R_accA to obtain the AIS information R_acca =Y(R_accA ). Y indicates the resolution protocol. A∈{A₁ ,A₂ ···A_n }. {A₁ ,A₂ ···A_n } is the replica communication node.

II)所述副本通信节点A对接收到的AIS信息R_accaA进行加密，生成数字摘要信息M，并由数字摘要M生成数字签名(r,s)。所述副本通信节点A在区块链中广播数据R_accaA、数字签名(r,s)、副本通信节点A的公钥P_A。II) The replica communication node A encrypts the received AIS information R_accaA , generates digital digest information M, and generates a digital signature (r, s) from the digital digest M. The replica communication node A broadcasts the data R_accaA , digital signature (r, s), and the public key_PA of the replica communication node A in the block chain.

III)任意副本通信节点B接收到副本通信节点A广播的信息，记为信息M′、数字签名(r′，s′)、副本通信节点A的公钥P_A。B∈{A₁,A₂···A_n}，且B≠A。III) Any copy communication node B receives the information broadcast by copy communication node A, which is recorded as information M', digital signature (r', s'), and public key PA of copy communication node_A. B∈{A₁ ,A₂ ···A_n }, and B≠A.

IV)副本通信节点B对信息M′进行验证，若验证通过，则进入步骤V)，否则，拒绝接收副本通信节点A广播的信息。IV) The replica communication node B verifies the information M', if the verification is passed, it goes to step V), otherwise, it refuses to receive the information broadcast by the replica communication node A.

V)所述副本通信节点B对信息M′进行解密和冗余处理，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。V) The replica communication node B performs decryption and redundancy processing on the information M' to obtain the information R'_M ={R'_x1 , R'_x2 ···R'_xk }.

VI)所述副本通信节点B对信息R′_M中的每个元素进行Hash运算，得到若干j级Hash块。其中，元素R′_xi对应的j级Hash块Node0_i＝Hash(R′_xi),i＝1,2···k。j初始值为1。VI) The replica communication node B performs Hash operation on each element in the information_R'M to obtain several j-level Hash blocks. Wherein, the j-level Hash block Node0_i =Hash(R′_xi ) corresponding to the element R′_xi , i=1,2···k. The initial value of j is 1.

VII)所述副本通信节点B将相邻两个j级Hash块串联，并对相邻两个j级Hash块进行Hash运算，得到j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i+Node0_i+1)，i＝1,3,5···k-1。若k为为奇数，则末端j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i)。VII) said copy communication node B connects two adjacent j-level Hash blocks in series, and performs Hash operation on adjacent two j-level Hash blocks, and obtains j+1 level Hash block Node1_(i+1)/2 =Hash (Node0_i +Node0_i+1 ), i=1, 3, 5···k-1. If k is an odd number, then the terminal j+1 level Hash block Node1_(i+1)/2 =Hash(Node0_i ).

VIII)令j＝j+1，并返回步骤VII)，直至生成Hash值Merkle Root，记为MT_r。VIII) Set j=j+1, and return to step VII), until the Hash value Merkle Root is generated, denoted as MT_r .

所述副本通信节点从区块链中获取AIS信息的步骤包括：The step of obtaining the AIS information from the block chain by the copy communication node includes:

1)副本通信节点A_x向主节点A₀发送请求指令REQUEST。所述请求指令REQUEST携带的信息包括请求操作o、时间戳ts、副本通信节点A_x的标识Client_id、副本通信节点A_x的信息msg、副本通信节点A_x的公钥P_Clientx、数字签名Sig_Clientx，x∈{1,2···n}。1) The duplicate communication node A_x sends a request instruction REQUEST to the master node A₀ . The information carried by the request instruction REQUEST includes request operation o, time stamp ts, identifier Client_id of replica communication node A_x , information msg of replica communication node A_x , public key P_Clientx of replica communication node A_x , digital signature Sig_Clientx , x ∈ {1,2···n}.

2)主节点A₀接收到请求指令REQUEST后，利用公钥P_Clientx校验请求指令REQUEST中的数字签名Sig_Clientx，若验证通过，则主节点A₀为副本通信节点A_x的请求指令分配编号id∈[h,H]，并在区块链中广播PRE-PREPARE请求。所述PRE-PREPARE请求携带的信息包括视图编号viewNum、副本通信节点A_x的消息摘要d_msg、副本通信节点A_x的消息msg、主节点A₀公钥P_A0、主节点A₀数字签名Sig_A0、编号id。2) After the master node_A0 receives the request command REQUEST, it uses the public key P_Clientx to verify the digital signature Sig_Clientx in the request command REQUEST. If the verification is passed, the master node_A0 assigns a serial number to the request command of the replica communication node A_x id ∈ [h, H], and broadcast a PRE-PREPARE request in the blockchain. The information carried in the PRE-PREPARE request includes the view number viewNum, the message digest d_msg of the copy communication node A_x , the message msg of the copy communication node A_x , the public key P_A0 of the master node A₀ , and the digital signature Sig of the master node A_0A0 , number id.

3)副本通信节点A_y接收到主节点A₀发送的PRE-PREPARE请求后，对PRE-PREPARE请求进行验证，若验证通过，则在区块链中广播PREPARE请求，否则，拒绝PRE-PREPARE请求。所述PREPARE请求携带的信息包括视图编号viewNum、消息摘要d_pre＝d_msg、当前副本通信节点编号y->num、编号id、副本通信节点A_y公钥P_Ay、副本通信节点A_y数字签名Sig_Ay3) After the replica communication node A_y receives the PRE-PREPARE request sent by the master node A₀ , it verifies the PRE-PREPARE request, if the verification is passed, it broadcasts the PREPARE request in the blockchain, otherwise, rejects the PRE-PREPARE request . The information carried in the PREPARE request includes view number viewNum, message digest d_pre = d_msg , current copy communication node number y->num, number id, copy communication node A_y public key P_Ay , copy communication node A_y digital signature Sig_Ay

4)所述主节点A₀和副本通信节点接收到PREPARE请求后，对PREPARE请求进行验证，若验证通过，则将验证通过的反馈信息I发送至副本通信节点A_y。4) After receiving the PREPARE request, the master node A₀ and the copy communication node verify the PREPARE request, and if the verification is passed, send the feedback information I of passing the verification to the copy communication node A_y .

5)若副本通信节点A_y接收到2f+1个验证通过的反馈信息I，则在区块链中广播COMMIT请求。f为系统中失效节点最大个数。COMMIT请求携带的信息包括视图编号viewNum、消息摘要d_com＝d_pre＝d_msg、当前副本通信节点编号y->num、副本通信节点A_y数字签名Sig_Ay。5) If the replica communication node A_y receives 2f+1 pieces of feedback information I that pass the verification, it broadcasts a COMMIT request in the blockchain. f is the maximum number of failed nodes in the system. The information carried in the COMMIT request includes view number viewNum, message digest d_com =d_pre =d_msg , current copy communication node number y->num, copy communication node A_y digital signature Sig_Ay .

6)主节点A₀和副本通信节点接收到COMMIT请求后，对COMMIT请求进行验证，若验证通过，则将验证通过的反馈信息II发送至副本通信节点A_y。6) After receiving the COMMIT request, the master node A₀ and the copy communication node verify the COMMIT request, and if the verification is passed, send the verification passed feedback information II to the copy communication node A_y .

7)若副本通信节点A_y接收到2f+1个验证通过的反馈信息II，则运行请求操作o，并向副本通信节点A_x反馈REPLY信息。所述REPLY信息携带的信息包括视图编号viewNum、时间戳ts、副本通信节点A_x的标识Client_id、请求操作结果r。7) If the copy communication node A_y receives 2f+1 pieces of feedback information II that pass the verification, it will execute the request operation o, and feed back REPLY information to the copy communication node A_x . The information carried in the REPLY information includes a view number viewNum, a time stamp ts, an identifier Client_id of the replica communication node_Ax , and a request operation result r.

8)副本通信节点A_x判断接收到的REPLY信息数量是否大于等于f+1，若是，则进入步骤9)，否则重新向主节点A₀发送请求指令，并返回步骤2)。8) Replica communication node A_x judges whether the number of received REPLY messages is greater than or equal to f+1, if so, then enters step 9), otherwise resends the request command to master node A₀ , and returns to step 2).

9)主节点A₀将区块上传至区块链。所述区块包括区块头和区块体。所述区块头携带的信息包括区块版本号V_ID、当前区块哈希值MT_r、时间戳、前一个区块的哈希值、主节点的数字签名SIG_AviewNum。所述区块体携带的信息包括历史间隔时间t_AIS的AIS数据。9) Master node A₀ uploads the block to the blockchain. The block includes a block header and a block body. The information carried by the block header includes block version number V_ID, current block hash value MT_r , timestamp, previous block hash value, and digital signature SIG_AviewNum of the master node. The information carried by the block body includes AIS data at a historical interval t_AIS .

10)查询方向主节点A₀发送查询请求INQUIRE。所述查询请求INQUIRE携带的信息包括请求操作O、时间戳ts、查询方的用户名username、查询方的密码password、查询条件condition_W、查询方公钥Key_PW。10) The query direction master node A₀ sends an query request INQUIRE. The information carried by the query request INQUIRE includes request operation O, time stamp ts, username username of the query party, password password of the query party, query condition_W , and public key Key_PW of the query party.

11)主节点A₀利用私钥Key_SW对查询请求INQUIRE进行解密。解密后，主节点A₀根据查询条件condition_W对区块数据遍历查询，得到查询结果RES_inqdata，并将查询结果RES_inqdata发送至查询方。所述查询结果RES_inqdata携带的信息包括时间戳、AIS数据、查询方公钥Key_PW。11) The master node A₀ uses the private key Key_SW to decrypt the query request INQUIRE. After decryption, the master node A₀ traverses and inquires the block data according to the query condition_W , obtains the query result RES_inqdata , and sends the query result RES_inqdata to the inquiring party. The information carried by the query result RES_inqdata includes timestamp, AIS data, and public key Key_PW of the querying party.

12)查询方接收查询结果RES_inqdata，并根据查询方公钥Key_PW对查询结果RES_inqdata进行解密，得到查询的AIS数据。查询方将AIS映射至电子航道图完成轨迹回溯查询。12) The inquiring party receives the query result RES_inqdata , and decrypts the query result RES_inqdata according to the inquiring party's public key Key_PW to obtain the inquired AIS data. The inquiring party maps the AIS to the electronic waterway chart to complete the trajectory backtracking query.

进一步，n个副本通信节点分为轻量化节点和全节点。Further, the n copy communication nodes are divided into lightweight nodes and full nodes.

所述轻量化节点包括控制河段岸基信号台。所述轻量化节点存储区块头数据。The lightweight nodes include bank-based signal stations for controlling river sections. The lightweight nodes store block header data.

所述全节点包括航道监管部门节点。所述全节点存储区块数据。The full nodes include the waterway supervision department nodes. The full nodes store block data.

进一步，所述AIS信息包括船舶MMSI号、AIS发送时间、船舶名称、船舶类型、航向、船舶位置、对地船速、对地航速、航艏向、航道状态、转向率。Further, the AIS information includes ship MMSI number, AIS sending time, ship name, ship type, heading, ship position, ship speed over ground, speed over ground, heading, channel status, and turning rate.

进一步，所述副本通信节点、查询方均存储有海事数字证书认证中心CA颁发的数字证书。Further, both the replica communication node and the inquiring party store digital certificates issued by the maritime digital certificate authentication center CA.

进一步，对接收到的AIS信息R_A进行加密的步骤包括：Further, the step of encrypting the received AIS information R_A includes:

1)计算数据e＝SM3(M″)。其中，参数M″＝Z||M。M是需要被签名的消息，且{M∈M₁,M₂···M_k}。参数Z＝SM3(ENTL||ID||a||b||x_G||y_G||x_A||y_A)。ENTL为ID的比特长度。ID为用户身份标识。(x_G,y_G)为加密曲线基点坐标，(x_A,y_A)为用户的公钥。1) Calculate data e=SM3(M"). Wherein, parameter M"=Z||M. M is the message to be signed, and {M∈M₁ ,M₂ ···M_k }. Parameter Z=SM3(ENTL||ID||a||b||_xG ||_yG ||_xA ||_yA ). ENTL is the bit length of the ID. ID is the user identification. (x_G , y_G ) is the base point coordinates of the encryption curve, and (x_A , y_A ) is the user's public key.

2)产生随机数q∈[1,N-1]。N为G的阶。G为加密曲线基点。2) Generate a random number q∈[1,N-1]. N is the order of G. G is the base point of encryption curve.

3)计算加密曲线点G₁(x₁,y₁)＝[q]G。3) Calculate encryption curve point G₁ (x₁ ,y₁ )=[q]G.

3)计算参数r＝(e+x₁)mod N，若r＝0或r+q＝N，则返回步骤2)，否则，进入步骤4)。3) Calculation parameter r=(e+x₁ ) mod N, if r=0 or r+q=N, then return to step 2), otherwise, go to step 4).

4)计算参数s＝((1+d_A)^-1·(q-r·d_A))mod N，若s＝0，则返回步骤2)，否则进入步骤5)。d_A∈[1,N-2]是节点私钥。公钥P_A＝[d_A]G＝(x_A,y_A)。4) Calculation parameter s=((1+d_A )⁻¹ ·(qr·d_A )) mod N, if s=0, return to step 2), otherwise enter step 5). d_A ∈ [1,N-2] is the node private key. Public key P_A =[d_A ]G=(x_A , y_A ).

5)将解析后的数据R_A、数字签名(r,s)、公钥P以P2P方式广播给网络中其他节点。5) Broadcast the parsed data R_A , digital signature (r, s), and public key P to other nodes in the network in a P2P manner.

进一步，根据副本通信节点A的公钥对信息M′进行验证的步骤包括：Further, the step of verifying the information M' according to the public key of the replica communication node A includes:

1)检验参数r′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤2)。1) Check whether the parameter r′∈[1,N-1] is true, if not, the verification fails, if true, go to step 2).

2)检验初始s′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤3)。2) Check whether the initial s′∈[1,N-1] is true, if not, the verification fails, if true, go to step 3).

3)计算数据e′＝SM3(M″′)。M″′＝Z||M′。3) Calculate data e'=SM3(M"'). M"'=Z||M'.

4)计算参数u＝(r′+s′)mod N，若u＝0，则验证不通过，否则，进入步骤5)。4) Calculation parameter u=(r'+s') mod N, if u=0, the verification fails, otherwise, go to step 5).

5)计算加密曲线点(x₁,y₁)＝[s]G+[u]P_A。5) Calculate encryption curve point (x₁ , y₁ )=[s]G+[u]_PA .

6)计算参数R＝(e′+x′₁)mod N，并检验R＝r′是否成立，若成立则验证通过，否则验证不通过。6) Calculate the parameter R=(e′+x′₁ ) mod N, and check whether R=r′ is established, if it is established, the verification is passed, otherwise the verification is not passed.

进一步，对信息M′进行冗余处理的步骤包括：Further, the step of performing redundant processing on the information M' includes:

1)记节点本地内存池中的数据为R_L。1) Record the data in the local memory pool of the node as_RL .

2)对信息M′中的第i条数据M′_x→i与数据R_L进行比较，如果数据R_L包含数据M′_x→i，就舍弃数据M′_x→i，否则，将数据M′_x→i写入数据R_L中。i初始值为1。2) Compare the i-th piece of data M′_x→i in the information M′ with the data_RL , if the data_RL contains the data M′_x→i , discard the data M′_x→i , otherwise, save the data M '_x→i is written into the data_RL . The initial value of i is 1.

3)令i＝i+1，并重复步骤2)，直至信息M′中所有数据均比较完毕，得到R_M＝{R_x1,R_x1···R_xk}。3) Set i=i+1, and repeat step 2) until all the data in the information M′ are compared, and R_M ={R_x1 , R_x1 ···R_xk } is obtained.

4)对数据R_M中的元素进行拆解，得到时间戳数组TSArr＝{ts₁,ts₂···ts_k}。根据时间戳对数据R_M进行重新排序，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。4) Disassemble the elements in the data R_M to obtain the time stamp array TSArr={ts₁ , ts₂ ···ts_k }. The data R_M is reordered according to the time stamp, and the information R′_M ={R′_x1 , R′_x2 ···R′_xk } is obtained.

进一步，对PRE-PREPARE请求进行验证的步骤包括：Further, the steps of verifying the PRE-PREPARE request include:

1)利用公钥P_A0校验数字签名Sig_A0是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Use the public key P_A0 to verify whether the digital signature Sig_A0 is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PRE-PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current copy communication node has received a PRE-PREPARE request with the same view number viewNum and number id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_msg是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out digest operation on the information msg, and judge whether the result of the digest operation is consistent with the digest d_msg , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

进一步，对PREPARE请求进行验证的步骤包括：Further, the steps of verifying the PREPARE request include:

1)验证PREPARE携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by PREPARE is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current replica communication node has received a PREPARE request with the same view number viewNum and ID, if yes, the verification fails, otherwise, go to step 3).

3)判断摘要d_pre与当前已收到PRE-PPREPARE请求中的摘要d_msg是否相同，若不同，则验证不通过，若相同，则进入步骤4)。3) Judging whether the digest d_pre is the same as the digest d_msg in the currently received PRE-PPREPARE request, if not, the verification fails, and if they are the same, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

进一步，对COMMIT请求进行验证的步骤包括：Further, the steps of verifying the COMMIT request include:

1)验证COMMIT携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by COMMIT is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的COMMIT请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current replica communication node has received a COMMIT request with the same view number viewNum and id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_com是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out a digest operation on the message msg, and judge whether the result of the digest operation is consistent with the digest d_com , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

进一步，所述查询方经过了注册，注册步骤包括：Further, the inquiring party has been registered, and the registration steps include:

1)记需查询船舶轨迹的查询方为W。查询方W在前端生成密钥(P_W,S_W)，查询方W向主节点A₀发送注册请求REGISTER。注册请求REGISTER携带的信息包括注册操作、时间戳ts、查询方用户名username、查询方密码password、查询方身份信息ID_CARD、查询方公钥P_W、查询方数字签名Sig_W。1) Note that the query party that needs to query the ship's trajectory is W. The inquiring party W generates a key (P_W , S_W ) at the front end, and the inquiring party W sends a registration request REGISTER to the master node A₀ . The information carried by the registration request REGISTER includes registration operation, time stamp ts, inquiring party username username, inquiring party password password, inquiring party identity information ID_CARD, inquiring party public key P_W , inquiring party digital signature Sig_W .

2)主节点A₀执行查询方注册操作，为查询方具备查询权限的权限码Permission_ID和授权的查询方密钥对(Key_PW,Key_SW)。2) The master node A₀ executes the registration operation of the inquiring party, and the inquiring party has the permission code Permission_ID of the inquiring authority and the authorized key pair (Key_PW , Key_SW ) of the inquiring party.

本发明的技术效果是毋庸置疑的,本发明通过区块链技术，解决了船舶轨迹数据因单一节点故障或损坏导致数据无法查证的问题，解决AIS因信号不稳定、信号台电脑或服务器系统故障、磁盘损坏等多种因素带来的数据缺失问题，降低数据被篡改的风险，保证AIS轨迹数据回溯的连续性、准确性、安全性，增强数据容灾备份能力。降低了AIS数据被篡改的风险，增强了AIS数据存储的安全性和轨迹回溯的可信性，本系统兼备数据存储节点强认证、数据防篡改、抗攻击等优势。The technical effect of the present invention is unquestionable. The present invention solves the problem that the ship trajectory data cannot be verified due to a single node failure or damage through blockchain technology, and solves the problem of AIS signal instability, signal station computer or server system failure. Data loss problems caused by various factors such as disk damage, etc., reduce the risk of data tampering, ensure the continuity, accuracy, and security of AIS track data backtracking, and enhance data disaster recovery and backup capabilities. It reduces the risk of AIS data being tampered with, and enhances the security of AIS data storage and the credibility of trajectory backtracking. This system has the advantages of strong authentication of data storage nodes, data tamper-proof, and anti-attack.

本发明针对船舶上传的AIS数据进行处理时主要通过轻量化节点进行冗余校验和计算，主节点只针对轻量化节点计算结束后的广播数据进行排序、Hash计算、区块生成，本发明将主节点部分计算边缘化，不仅降低了主节点负担，也加快了区块的生成速度；When the present invention processes the AIS data uploaded by ships, it mainly performs redundancy check and calculation through lightweight nodes, and the master node only performs sorting, Hash calculation, and block generation for the broadcast data after the calculation of lightweight nodes. Partial calculation of the master node is marginalized, which not only reduces the burden on the master node, but also speeds up the generation of blocks;

本发明在认证过程中采用第三方CA机构颁发证书进行数字认证，使用了公钥、私钥、数字签名，完全保证了数据的安全性、准确性；In the authentication process, the present invention uses a third-party CA organization to issue a certificate for digital authentication, using public keys, private keys, and digital signatures, which fully guarantees the security and accuracy of data;

本发明采用了包含非对称加密算法SM2、摘要算法SM3等的国密算法，可实现系统核心单元自主可控，核心算法不依赖于国外，不仅有更高的安全性，还降低了重要信息泄露的风险。The present invention adopts the national secret algorithm including the asymmetric encryption algorithm SM2, the abstract algorithm SM3, etc., which can realize the independent controllability of the core unit of the system, and the core algorithm does not depend on foreign countries, which not only has higher security, but also reduces the leakage of important information risks of.

在区块生成过程中，本发明未使用浪费资源严重的工作量证明机制，而是采用节点选举方法实现全网节点的共识计算，降低了资源的浪费和损耗。In the block generation process, the present invention does not use the workload proof mechanism that wastes resources seriously, but uses the node election method to realize the consensus calculation of the nodes in the whole network, which reduces the waste and loss of resources.

本发明采用排序算法时间复杂度仅为n*logn，运算高效快速。The time complexity of the sorting algorithm adopted by the invention is only n*logn, and the operation is efficient and fast.

本发明是一种基于区块链技术的船舶轨迹监测系统，主要解决航道监管机构对船舶运行轨迹全过程的准确回溯问题，有效防止船舶轨迹数据篡改以及节点异常带来的数据缺失，文中所使用的强碰撞性国密算法保证了数据的安全性和保密性，使用节点边缘化计算汇总的方式降低全节点负荷，减少资源浪费，能够防止黑客攻击。The present invention is a ship trajectory monitoring system based on block chain technology, which mainly solves the problem of accurate backtracking of the entire process of the ship's trajectory by the waterway regulatory agency, and effectively prevents data tampering of the ship trajectory and data loss caused by abnormal nodes. The strong collision national secret algorithm guarantees the security and confidentiality of data, and uses the node edge calculation method to reduce the load of the whole node, reduce the waste of resources, and prevent hacker attacks.

附图说明Description of drawings

图1为基于区块链的船舶轨迹监测系统结构图；Figure 1 is a block chain-based ship track monitoring system structure diagram;

图2为区块数据结构图；Figure 2 is a block data structure diagram;

图3为基于区块链的船舶轨迹回溯流程图；Figure 3 is a block chain-based flow chart of ship trajectory backtracking;

图4为根据AIS数据时间戳重排列数据的流程图；Fig. 4 is the flowchart of rearranging data according to AIS data time stamp;

图5为节点共识计算流程图；Figure 5 is a flow chart of node consensus calculation;

图6为节点视图变更流程图；Fig. 6 is a flow chart of node view change;

图7为数据船舶轨迹数据查询流程图。Fig. 7 is a flow chart of querying data ship track data.

具体实施方式Detailed ways

下面结合实施例对本发明作进一步说明，但不应该理解为本发明上述主题范围仅限于下述实施例。在不脱离本发明上述技术思想的情况下，根据本领域普通技术知识和惯用手段，做出各种替换和变更，均应包括在本发明的保护范围内。The present invention will be further described below in conjunction with the examples, but it should not be understood that the scope of the subject of the present invention is limited to the following examples. Without departing from the above-mentioned technical ideas of the present invention, various replacements and changes made according to common technical knowledge and conventional means in this field shall be included in the protection scope of the present invention.

实施例1：Example 1:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，包括主通信节点A₀和n个副本通信节点。Referring to Fig. 1 to Fig. 7, a blockchain-based ship track monitoring system includes a master communication node A₀ and n copy communication nodes.

所述主通信节点A₀和n个副本通信节点组成区块链。The master communication node_A0 and n copy communication nodes form a block chain.

所述区块链存储AIS信息。The blockchain stores AIS information.

所述副本通信节点从区块链中获取AIS信息，完成轨迹回溯查询。The copy communication node obtains the AIS information from the block chain, and completes the trajectory backtracking query.

所述区块链存储AIS信息的步骤包括：The steps of storing AIS information in the block chain include:

I)任意副本通信节点A接收船舶发送的加密AIS信息R_accA，并对加密AIS信息R_accA进行解析，得到AIS信息R_accaA＝Y(R_accaA)。Y表示解析协议。A∈{A₁,A₂···A_n}。{A₁,A₂···A_n}为副本通信节点。I) Any replica communication node A receives the encrypted AIS information R_accA sent by the ship, and analyzes the encrypted AIS information R_accA to obtain the AIS information R_acca = Y(R_accaA ). Y indicates the resolution protocol. A∈{A₁ ,A₂ ···A_n }. {A₁ ,A₂ ···A_n } is the replica communication node.

II)所述副本通信节点A对接收到的AIS信息R_accaA进行加密，生成数字摘要信息M，并通过摘要M生成数字签名(r,s)。所述副本通信节点A在区块链中广播数据R_accaA、数字签名(r,s)、副本通信节点A的公钥P_A。II) The replica communication node A encrypts the received AIS information R_accaA , generates digital abstract information M, and generates a digital signature (r, s) through the abstract M. The replica communication node A broadcasts the data R_accaA , digital signature (r, s), and the public key_PA of the replica communication node A in the block chain.

III)任意副本通信节点B接收到副本通信节点A广播的信息，记为信息M′、数字签名(r′，s′)、副本通信节点A的公钥P_A。B∈{A₁,A₂···A_n}，且B≠A。III) Any copy communication node B receives the information broadcast by copy communication node A, which is recorded as information M', digital signature (r', s'), and public key PA of copy communication node_A. B∈{A₁ ,A₂ ···A_n }, and B≠A.

IV)副本通信节点B对信息M′进行验证，若验证通过，则进入步骤V)，否则，拒绝接收副本通信节点A广播的信息。IV) The replica communication node B verifies the information M', if the verification is passed, it goes to step V), otherwise, it refuses to receive the information broadcast by the replica communication node A.

V)所述副本通信节点B对信息M′进行解密和冗余处理，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。V) The replica communication node B performs decryption and redundancy processing on the information M' to obtain the information R'_M ={R'_x1 , R'_x2 ···R'_xk }.

VI)所述副本通信节点B对信息R′_M中的每个元素进行Hash运算，得到若干j级Hash块。其中，元素R′_xi对应的j级Hash块Node0_i＝Hash(R′_xi),i＝1,2···k。j初始值为1。VI) The replica communication node B performs Hash operation on each element in the information_R'M to obtain several j-level Hash blocks. Wherein, the j-level Hash block Node0_i =Hash(R′_xi ) corresponding to the element R′_xi , i=1,2···k. The initial value of j is 1.

VII)所述副本通信节点B将相邻两个j级Hash块串联，并对相邻两个j级Hash块进行Hash运算，得到j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i+Node0_i+1)，i＝1,3,5···k-1。若k为为奇数，则末端j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i)。VII) said copy communication node B connects two adjacent j-level Hash blocks in series, and performs Hash operation on adjacent two j-level Hash blocks, and obtains j+1 level Hash block Node1_(i+1)/2 =Hash (Node0_i +Node0_i+1 ), i=1, 3, 5···k-1. If k is an odd number, then the terminal j+1 level Hash block Node1_(i+1)/2 =Hash(Node0_i ).

VIII)令j＝j+1，并返回步骤VII)，直至生成Hash值Merkle Root，记为MT_r。VIII) Set j=j+1, and return to step VII), until the Hash value Merkle Root is generated, denoted as MT_r .

所述副本通信节点从区块链中获取AIS信息的步骤包括：The step of obtaining the AIS information from the block chain by the copy communication node includes:

1)副本通信节点A_x向主节点A₀发送请求指令RERUEST。所述请求指令REQUEST携带的信息包括请求操作o、时间戳ts、副本通信节点A_x的标识Client_id、副本通信节点A_x的信息msg、副本通信节点A_x的公钥P_Clientx、数字签名Sig_Clientx，x∈{1,2···n}。1) The replica communication node A_x sends a request instruction RERUEST to the master node A₀ . The information carried by the request instruction REQUEST includes request operation o, time stamp ts, identifier Client_id of replica communication node A_x , information msg of replica communication node A_x , public key P_Clientx of replica communication node A_x , digital signature Sig_Clientx , x ∈ {1,2···n}.

2)主节点A₀接收到请求指令REQUEST后，利用公钥P_Clientx校验请求指令REQUEST中的数字签名Sig_Clientx，若验证通过，则主节点A₀为副本通信节点A_x的请求指令分配编号id∈[h,H]，并在区块链中广播PRE-PREPARE请求。所述PRE-PREPARE请求携带的信息包括视图编号viewNum、副本通信节点A_x的消息摘要d_msg、副本通信节点A_x的消息msg、主节点A₀公钥P_A0、主节点A₀数字签名Sig_A0、编号id。2) After the master node_A0 receives the request command REQUEST, it uses the public key P_Clientx to verify the digital signature Sig_Clientx in the request command REQUEST. If the verification is passed, the master node_A0 assigns a serial number to the request command of the replica communication node A_x id ∈ [h, H], and broadcast a PRE-PREPARE request in the blockchain. The information carried in the PRE-PREPARE request includes the view number viewNum, the message digest d_msg of the copy communication node A_x , the message msg of the copy communication node A_x , the public key P_A0 of the master node A₀ , and the digital signature Sig of the master node A_0A0 , number id.

3)副本通信节点A_y接收到主节点A₀发送的PRE-PREPARE请求后，对PRE-PREPARE请求进行验证，若验证通过，则在区块链中广播PREPARE请求，否则，拒绝PRE-PREPARE请求。所述PREPARE请求携带的信息包括视图编号viewNum、消息摘要d_pre＝d_msg、当前副本通信节点编号y->num、编号id、副本通信节点A_y公钥P_Ay、副本通信节点A_y数字签名Sig_Ay3) After the replica communication node A_y receives the PRE-PREPARE request sent by the master node A₀ , it verifies the PRE-PREPARE request, if the verification is passed, it broadcasts the PREPARE request in the blockchain, otherwise, rejects the PRE-PREPARE request . The information carried in the PREPARE request includes view number viewNum, message digest d_pre = d_msg , current copy communication node number y->num, number id, copy communication node A_y public key P_Ay , copy communication node A_y digital signature Sig_Ay

4)所述主节点A₀和副本通信节点接收到PREPARE请求后，对PREPARE请求进行验证，若验证通过，则将验证通过的反馈信息I发送至副本通信节点A_y。4) After receiving the PREPARE request, the master node A₀ and the copy communication node verify the PREPARE request, and if the verification is passed, send the feedback information I of passing the verification to the copy communication node A_y .

5)若副本通信节点A_y接收到2f+1个验证通过的反馈信息I，则在区块链中广播COMMIT请求。f为系统中失效节点最大个数。COMMIT请求携带的信息包括视图编号viewNum、消息摘要d_com＝d_pre＝d_msg、当前副本通信节点编号y->num、副本通信节点A_y数字签名Sig_Ay。5) If the replica communication node A_y receives 2f+1 pieces of feedback information I that pass the verification, it broadcasts a COMMIT request in the blockchain. f is the maximum number of failed nodes in the system. The information carried in the COMMIT request includes view number viewNum, message digest d_com =d_pre =d_msg , current copy communication node number y->num, copy communication node A_y digital signature Sig_Ay .

6)主节点A₀和副本通信节点接收到COMMIT请求后，对COMMIT请求进行验证，若验证通过，则将验证通过的反馈信息II发送至副本通信节点A_y。6) After receiving the COMMIT request, the master node A₀ and the copy communication node verify the COMMIT request, and if the verification is passed, send the verification passed feedback information II to the copy communication node A_y .

7)若副本通信节点A_y接收到2f+1个验证通过的反馈信息II，则运行请求操作o，并向副本通信节点A_x反馈REPLY信息。所述REPLY信息携带的信息包括视图编号viewNum、时间戳ts、副本通信节点A_x的标识Client_id、请求操作结果r。7) If the copy communication node A_y receives 2f+1 pieces of feedback information II that pass the verification, it will execute the request operation o, and feed back REPLY information to the copy communication node A_x . The information carried in the REPLY information includes a view number viewNum, a time stamp ts, an identifier Client_id of the replica communication node_Ax , and a request operation result r.

8)副本通信节点A_x判断接收到的REPLY信息数量是否大于等于f+1，若是，则进入步骤9)，否则重新向主节点A₀发送请求指令，并返回步骤2)。8) Replica communication node A_x judges whether the number of received REPLY messages is greater than or equal to f+1, if so, then enters step 9), otherwise resends the request command to master node A₀ , and returns to step 2).

9)主节点A₀将区块上传至区块链。所述区块包括区块头和区块体。所述区块头携带的信息包括区块版本号V_ID、当前区块哈希值MT_r、时间戳、前一个区块的哈希值、主节点的数字签名SIG_AviewNum。所述区块体携带的信息包括历史间隔时间t_AIS的AIS数据。9) Master node A₀ uploads the block to the blockchain. The block includes a block header and a block body. The information carried by the block header includes block version number V_ID, current block hash value MT_r , timestamp, previous block hash value, and digital signature SIG_AviewNum of the master node. The information carried by the block body includes AIS data at a historical interval t_AIS .

10)查询方向主节点A₀发送查询请求INQUIRE。所述查询请求INQUIRE携带的信息包括请求操作O、时间戳ts、查询方的用户名username、查询方的密码password、查询条件condition_W、查询方公钥Key_PW。10) The query direction master node A₀ sends an query request INQUIRE. The information carried by the query request INQUIRE includes request operation O, time stamp ts, username username of the query party, password password of the query party, query condition_W , and public key Key_PW of the query party.

11)主节点A₀利用私钥Key_SW对查询请求INQUIRE进行解密。解密后，主节点A₀根据查询条件condition_W对区块数据遍历查询，得到查询结果RES_inqdata，并将查询结果RES_inqdata发送至查询方。所述查询结果RES_inqdata携带的信息包括时间戳、AIS数据、查询方公钥Key_PW。11) The master node A₀ uses the private key Key_SW to decrypt the query request INQUIRE. After decryption, the master node A₀ traverses and inquires the block data according to the query condition_W , obtains the query result RES_inqdata , and sends the query result RES_inqdata to the inquiring party. The information carried by the query result RES_inqdata includes timestamp, AIS data, and public key Key_PW of the querying party.

12)查询方接收查询结果RES_inqdata，并根据查询方公钥Key_PW对查询结果RES_inqdata进行解密，得到查询的AIS数据。查询方将AIS映射至电子航道图完成轨迹回溯查询。12) The inquiring party receives the query result RES_inqdata , and decrypts the query result RES_inqdata according to the inquiring party's public key Key_PW to obtain the inquired AIS data. The inquiring party maps the AIS to the electronic waterway chart to complete the trajectory backtracking query.

n个副本通信节点分为轻量化节点和全节点。The n copy communication nodes are divided into lightweight nodes and full nodes.

所述轻量化节点包括控制河段岸基信号台。所述轻量化节点存储区块头数据。The lightweight nodes include bank-based signal stations for controlling river sections. The lightweight nodes store block header data.

所述全节点包括航道监管部门节点。所述全节点存储区块数据。The full nodes include the waterway supervision department nodes. The full nodes store block data.

所述AIS信息包括船舶MMSI号、AIS发送时间、船舶名称、船舶类型、航向、船舶位置、对地船速、对地航速、航艏向、航道状态、转向率。The AIS information includes ship MMSI number, AIS sending time, ship name, ship type, heading, ship position, ship speed over ground, speed over ground, heading, channel status, and turning rate.

所述副本通信节点、查询方均存储有海事数字证书认证中心CA颁发的数字证书。Both the replica communication node and the inquiring party store digital certificates issued by the maritime digital certificate authentication center CA.

对接收到的AIS信息R_A进行加密的步骤包括：The steps of encrypting the received AIS information R_A include:

1)计算数据e＝SM3(N″)。其中，参数M″＝Z||M。M是需要被签名的消息，且{M∈M₁,M₂···M_k}。参数Z＝SM3(ENTL||ID||a||b||x_G||y_G||x_A||y_A)。ENTL为ID的比特长度。ID为用户身份标识。(x_G,y_G)为加密曲线基点坐标，(x_A,y_A)为用户的公钥。1) Calculate data e=SM3(N"). Wherein, parameter M"=Z||M. M is the message to be signed, and {M∈M₁ ,M₂ ···M_k }. Parameter Z=SM3(ENTL||ID||a||b||_xG ||_yG ||_xA ||_yA ). ENTL is the bit length of the ID. ID is the user identification. (x_G , y_G ) is the base point coordinates of the encryption curve, and (x_A , y_A ) is the user's public key.

2)产生随机数q∈[1,N-1]。N为G的阶。G为加密曲线基点。2) Generate a random number q∈[1,N-1]. N is the order of G. G is the base point of encryption curve.

3)计算加密曲线点G₁(x₁,y₁)＝[q]G。3) Calculate encryption curve point G₁ (x₁ ,y₁ )=[q]G.

3)计算参数r＝(e+x₁)mod N，若r＝0或r+q＝N，则返回步骤2)，否则，进入步骤4)。3) Calculation parameter r=(e+x₁ ) mod N, if r=0 or r+q=N, then return to step 2), otherwise, go to step 4).

4)计算参数s＝((1+d_A)^-1·(q-r·d_A))mod N，若s＝0，则返回步骤2)，否则进入步骤5)。d_A∈[1,N-2]是节点私钥。公钥P_A＝[d_A]G＝(x_A,y_A)。4) Calculation parameter s=((1+d_A )⁻¹ ·(qr·d_A )) mod N, if s=0, return to step 2), otherwise enter step 5). d_A ∈ [1,N-2] is the node private key. Public key P_A =[d_A ]G=(x_A , y_A ).

5)将解析后的数据R_A、数字签名(r,s)、公钥P以P2P方式广播给网络中其他节点。5) Broadcast the parsed data R_A , digital signature (r, s), and public key P to other nodes in the network in a P2P manner.

根据副本通信节点A的公钥对信息M′进行验证的步骤包括：The steps of verifying the information M′ according to the public key of the replica communication node A include:

1)检验参数r′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤2)。1) Check whether the parameter r′∈[1,N-1] is true, if not, the verification fails, if true, go to step 2).

2)检验初始s′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤3)。2) Check whether the initial s′∈[1,N-1] is true, if not, the verification fails, if true, go to step 3).

3)计算数据e′＝SM3(M″′)。M″′＝Z||M′。3) Calculate data e'=SM3(M"'). M"'=Z||M'.

4)计算参数u＝(r′+s′)mod N，若u＝0，则验证不通过，否则，进入步骤5)。4) Calculation parameter u=(r'+s') mod N, if u=0, the verification fails, otherwise, go to step 5).

5)计算加密曲线点(x₁,y₁)＝[s]G+[u]P_A。5) Calculate encryption curve point (x₁ , y₁ )=[s]G+[u]_PA .

6)计算参数R＝(e′+x′₁)mod N，并检验R＝r′是否成立，若成立则验证通过，否则验证不通过。6) Calculate the parameter R=(e′+x′₁ ) mod N, and check whether R=r′ is established, if it is established, the verification is passed, otherwise the verification is not passed.

对信息M′进行冗余处理的步骤包括：The steps of performing redundant processing on information M′ include:

1)记节点本地内存池中的数据为R_L。1) Record the data in the local memory pool of the node as_RL .

2)对信息M′中的第i条数据M′_x→i与数据R_L进行比较，如果数据R_L包含数据M′_x→i，就舍弃数据M′_x→i，否则，将数据M′_x→i写入数据R_L中。i初始值为1。2) Compare the i-th piece of data M′_x→i in the information M′ with the data_RL , if the data_RL contains the data M′_x→i , discard the data M′_x→i , otherwise, save the data M '_x→i is written into the data_RL . The initial value of i is 1.

3)令i＝i+1，并重复步骤2)，直至信息M′中所有数据均比较完毕，得到R_M＝{R_x1,R_x1···R_xk}。3) Set i=i+1, and repeat step 2) until all the data in the information M′ are compared, and R_M ={R_x1 , R_x1 ···R_xk } is obtained.

4)对数据R_M中的元素进行拆解，得到时间戳数组TSArr＝{ts₁,ts₂···ts_k}。根据时间戳对数据R_M进行重新排序，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。4) Disassemble the elements in the data R_M to obtain the time stamp array TSArr={ts₁ , ts₂ ···ts_k }. The data R_M is reordered according to the time stamp, and the information R′_M ={R′_x1 , R′_x2 ···R′_xk } is obtained.

对PRE-PREPARE请求进行验证的步骤包括：The steps to authenticate a PRE-PREPARE request include:

1)利用公钥P_A0校验数字签名Sig_A0是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Use the public key P_A0 to verify whether the digital signature Sig_A0 is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PRE-PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current copy communication node has received a PRE-PREPARE request with the same view number viewNum and number id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_msg是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out digest operation on the information msg, and judge whether the result of the digest operation is consistent with the digest d_msg , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

对PREPARE请求进行验证的步骤包括：The steps to authenticate a PREPARE request include:

1)验证PREPARE携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by PREPARE is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current replica communication node has received a PREPARE request with the same view number viewNum and ID, if yes, the verification fails, otherwise, go to step 3).

3)判断摘要d_pre与当前已收到PRE-PPREPARE请求中的摘要d_msg是否相同，若不同，则验证不通过，若相同，则进入步骤4)。3) Judging whether the digest d_pre is the same as the digest d_msg in the currently received PRE-PPREPARE request, if not, the verification fails, and if they are the same, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

对COMMIT请求进行验证的步骤包括：The steps to verify the COMMIT request include:

1)验证COMMIT携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by COMMIT is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的COMMIT请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current replica communication node has received a COMMIT request with the same view number viewNum and id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_com是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out a digest operation on the message msg, and judge whether the result of the digest operation is consistent with the digest d_com , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

所述查询方经过了注册，注册步骤包括：The inquiring party has been registered, and the registration steps include:

1)记需查询船舶轨迹的查询方为W。查询方W在前端生成密钥(P_W,S_W)，查询方W向主节点A₀发送注册请求REGISTER。注册请求REGISTER携带的信息包括注册操作、时间戳ts、查询方用户名username、查询方密码password、查询方身份信息ID_CARD、查询方公钥P_W、查询方数字签名Sig_W。1) Note that the query party that needs to query the ship's trajectory is W. The inquiring party W generates a key (P_W , S_W ) at the front end, and the inquiring party W sends a registration request REGISTER to the master node A₀ . The information carried by the registration request REGISTER includes registration operation, time stamp ts, inquiring party username username, inquiring party password password, inquiring party identity information ID_CARD, inquiring party public key P_W , inquiring party digital signature Sig_W .

2)主节点A₀执行查询方注册操作，为查询方具备查询权限的权限码Permission_ID和授权的查询方密钥对(Key_PW,Key_SW)。2) The master node A₀ executes the registration operation of the inquiring party, and the inquiring party has the permission code Permission_ID of the inquiring authority and the authorized key pair (Key_PW , Key_SW ) of the inquiring party.

实施例2：Example 2:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，包括主通信节点A₀和n个副本通信节点。Referring to Fig. 1 to Fig. 7, a blockchain-based ship track monitoring system includes a master communication node A₀ and n copy communication nodes.

所述主通信节点A₀和n个副本通信节点组成区块链。The master communication node_A0 and n copy communication nodes form a block chain.

所述区块链存储AIS信息。The blockchain stores AIS information.

所述副本通信节点从区块链中获取AIS信息，完成轨迹回溯查询。The copy communication node obtains the AIS information from the block chain, and completes the trajectory backtracking query.

所述区块链存储AIS信息的步骤包括：The steps of storing AIS information in the block chain include:

I)任意副本通信节点A接收船舶发送的加密AIS信息R_accA，并对加密AIS信息R_accA进行解析，得到AIS信息R_accaA＝Y(R_accaA)。Y表示解析协议。A∈{A₁,A₂···A_n}。{A₁,A₂···A_n}为副本通信节点。I) Any replica communication node A receives the encrypted AIS information R_accA sent by the ship, and analyzes the encrypted AIS information R_accA to obtain the AIS information R_acca = Y(R_accaA ). Y indicates the resolution protocol. A∈{A₁ ,A₂ ···A_n }. {A₁ ,A₂ ···A_n } is the replica communication node.

II)所述副本通信节点A对接收到的AIS信息R_accaA进行加密，生成数字摘要信息M，并通过摘要M生成数字签名(r,s)。所述副本通信节点A在区块链中广播数据R_accaA、数字签名(r,s)、副本通信节点A的公钥P_A。II) The replica communication node A encrypts the received AIS information R_accaA , generates digital abstract information M, and generates a digital signature (r, s) through the abstract M. The replica communication node A broadcasts the data R_accaA , digital signature (r, s), and the public key_PA of the replica communication node A in the block chain.

III)任意副本通信节点B接收到副本通信节点A广播的信息，记为信息M′、数字签名(r′，s′)、副本通信节点A的公钥P_A。B∈{A₁,A₂···A_n}，且B≠A。III) Any copy communication node B receives the information broadcast by copy communication node A, which is recorded as information M', digital signature (r', s'), and public key PA of copy communication node_A. B∈{A₁ ,A₂ ···A_n }, and B≠A.

IV)副本通信节点B对信息M′进行验证，若验证通过，则进入步骤V)，否则，拒绝接收副本通信节点A广播的信息。IV) The replica communication node B verifies the information M', if the verification is passed, it goes to step V), otherwise, it refuses to receive the information broadcast by the replica communication node A.

V)所述副本通信节点B对信息M′进行解密和冗余处理，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。V) The replica communication node B performs decryption and redundancy processing on the information M' to obtain the information R'_M ={R'_x1 , R'_x2 ···R'_xk }.

VI)所述副本通信节点B对信息R′_M中的每个元素进行Hash运算，得到若干j级Hash块。其中，元素R′_xi对应的j级Hash块Node0_i＝Hash(R′_xi),i＝1,2···k。j初始值为1。VI) The replica communication node B performs Hash operation on each element in the information_R'M to obtain several j-level Hash blocks. Wherein, the j-level Hash block Node0_i =Hash(R′_xi ) corresponding to the element R′_xi , i=1,2···k. The initial value of j is 1.

VII)所述副本通信节点B将相邻两个j级Hash块串联，并对相邻两个j级Hash块进行Hash运算，得到j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i+Node0_i+1)，i＝1,3,5···k-1。若k为为奇数，则末端j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i)。VII) said copy communication node B connects two adjacent j-level Hash blocks in series, and performs Hash operation on adjacent two j-level Hash blocks, and obtains j+1 level Hash block Node1_(i+1)/2 =Hash (Node0_i +Node0_i+1 ), i=1, 3, 5···k-1. If k is an odd number, then the terminal j+1 level Hash block Node1_(i+1)/2 =Hash(Node0_i ).

VIII)令j＝j+1，并返回步骤VII)，直至生成Hash值Merkle Root，记为MT_r。VIII) Set j=j+1, and return to step VII), until the Hash value Merkle Root is generated, denoted as MT_r .

所述副本通信节点从区块链中获取AIS信息的步骤包括：The step of obtaining the AIS information from the block chain by the copy communication node includes:

1)副本通信节点A_x向主节点A₀发送请求指令REQUEST。所述请求指令REQUEST携带的信息包括请求操作o、时间戳ts、副本通信节点A_x的标识Client_id、副本通信节点A_x的信息msg、副本通信节点A_x的公钥P_Clientx、数字签名Sig_Clientx，x∈{1,2···n}。1) The duplicate communication node A_x sends a request instruction REQUEST to the master node A₀ . The information carried by the request instruction REQUEST includes request operation o, time stamp ts, identifier Client_id of replica communication node A_x , information msg of replica communication node A_x , public key P_Clientx of replica communication node A_x , digital signature Sig_Clientx , x ∈ {1,2···n}.

2)主节点A₀接收到请求指令REQUEST后，利用公钥P_Clientx校验请求指令REQUEST中的数字签名Sig_Clientx，若验证通过，则主节点A₀为副本通信节点A_x的请求指令分配编号id∈[h,H]，并在区块链中广播PRE-PREPARE请求。所述PRE-PREPARE请求携带的信息包括视图编号viewNum、副本通信节点A_x的消息摘要d_msg、副本通信节点A_x的消息msg、主节点A₀公钥P_A0、主节点A₀数字签名Sig_A0、编号id。2) After the master node_A0 receives the request command REQUEST, it uses the public key P_Clientx to verify the digital signature Sig_Clientx in the request command REQUEST. If the verification is passed, the master node_A0 assigns a serial number to the request command of the replica communication node A_x id ∈ [h, H], and broadcast a PRE-PREPARE request in the blockchain. The information carried in the PRE-PREPARE request includes the view number viewNum, the message digest d_msg of the copy communication node A_x , the message msg of the copy communication node A_x , the public key P_A0 of the master node A₀ , and the digital signature Sig of the master node A_0A0 , number id.

3)副本通信节点A_y接收到主节点A₀发送的PRE-PREPARE请求后，对PRE-PREPARE请求进行验证，若验证通过，则在区块链中广播PREPARE请求，否则，拒绝PRE-PREPARE请求。所述PREPARE请求携带的信息包括视图编号viewNum、消息摘要d_pre＝d_msg、当前副本通信节点编号y->num、编号id、副本通信节点A_y公钥P_Ay、副本通信节点A_y数字签名Sig_Ay3) After the replica communication node A_y receives the PRE-PREPARE request sent by the master node A₀ , it verifies the PRE-PREPARE request, if the verification is passed, it broadcasts the PREPARE request in the blockchain, otherwise, rejects the PRE-PREPARE request . The information carried in the PREPARE request includes view number viewNum, message digest d_pre = d_msg , current copy communication node number y->num, number id, copy communication node A_y public key P_Ay , copy communication node A_y digital signature Sig_Ay

4)所述主节点A₀和副本通信节点接收到PREPARE请求后，对PREPARE请求进行验证，若验证通过，则将验证通过的反馈信息I发送至副本通信节点A_y。4) After receiving the PREPARE request, the master node A₀ and the copy communication node verify the PREPARE request, and if the verification is passed, send the feedback information I of passing the verification to the copy communication node A_y .

5)若副本通信节点A_y接收到2f+1个验证通过的反馈信息I，则在区块链中广播COMMIT请求。f为系统中失效节点最大个数。COMMIT请求携带的信息包括视图编号viewNum、消息摘要d_com＝d_pre＝d_msg、当前副本通信节点编号y->num、副本通信节点A_y数字签名Sig_Ay。5) If the replica communication node A_y receives 2f+1 pieces of feedback information I that pass the verification, it broadcasts a COMMIT request in the blockchain. f is the maximum number of failed nodes in the system. The information carried in the COMMIT request includes view number viewNum, message digest d_com =d_pre =d_msg , current copy communication node number y->num, copy communication node A_y digital signature Sig_Ay .

6)主节点A₀和副本通信节点接收到COMMIT请求后，对COMMIT请求进行验证，若验证通过，则将验证通过的反馈信息II发送至副本通信节点A_y。6) After receiving the COMMIT request, the master node A₀ and the copy communication node verify the COMMIT request, and if the verification is passed, send the verification passed feedback information II to the copy communication node A_y .

7)若副本通信节点A_y接收到2f+1个验证通过的反馈信息II，则运行请求操作o，并向副本通信节点A_x反馈REPLY信息。所述REPLY信息携带的信息包括视图编号viewNum、时间戳ts、副本通信节点A_x的标识Client_id、请求操作结果r。7) If the copy communication node A_y receives 2f+1 pieces of feedback information II that pass the verification, it will execute the request operation o, and feed back REPLY information to the copy communication node A_x . The information carried in the REPLY information includes a view number viewNum, a time stamp ts, an identifier Client_id of the replica communication node_Ax , and a request operation result r.

8)副本通信节点A_x判断接收到的REPLY信息数量是否大于等于f+1，若是，则进入步骤9)，否则重新向主节点A₀发送请求指令，并返回步骤2)。8) Replica communication node A_x judges whether the number of received REPLY messages is greater than or equal to f+1, if so, then enters step 9), otherwise resends the request command to master node A₀ , and returns to step 2).

9)主节点A₀将区块上传至区块链。所述区块包括区块头和区块体。所述区块头携带的信息包括区块版本号V_ID、当前区块哈希值MT_r、时间戳、前一个区块的哈希值、主节点的数字签名SIG_AviewNum。所述区块体携带的信息包括历史间隔时间t_AIS的AIS数据。9) Master node A₀ uploads the block to the blockchain. The block includes a block header and a block body. The information carried by the block header includes block version number V_ID, current block hash value MT_r , timestamp, previous block hash value, and digital signature SIG_AviewNum of the master node. The information carried by the block body includes AIS data at a historical interval t_AIS .

10)查询方向主节点A₀发送查询请求INQUIRE。所述查询请求INQUIRE携带的信息包括请求操作O、时间戳ts、查询方的用户名username、查询方的密码password、查询条件condition_W、查询方公钥Key_PW。10) The query direction master node A₀ sends an query request INQUIRE. The information carried by the query request INQUIRE includes request operation O, time stamp ts, username username of the query party, password password of the query party, query condition_W , and public key Key_PW of the query party.

11)主节点A₀利用私钥Key_SW对查询请求INQUIRE进行解密。解密后，主节点A₀根据查询条件condition_W对区块数据遍历查询，得到查询结果RES_inqdata，并将查询结果RES_inqdata发送至查询方。所述查询结果RES_inqdata携带的信息包括时间戳、AIS数据、查询方公钥Key_PW。11) The master node A₀ uses the private key Key_SW to decrypt the query request INQUIRE. After decryption, the master node A₀ traverses and inquires the block data according to the query condition_W , obtains the query result RES_inqdata , and sends the query result RES_inqdata to the inquiring party. The information carried by the query result RES_inqdata includes timestamp, AIS data, and public key Key_PW of the querying party.

12)查询方接收查询结果RES_inqdata，并根据查询方公钥Key_PW对查询结果RES_inqdata进行解密，得到查询的AIS数据。查询方将AIS映射至电子航道图完成轨迹回溯查询。12) The inquiring party receives the query result RES_inqdata , and decrypts the query result RES_inqdata according to the inquiring party's public key Key_PW to obtain the inquired AIS data. The inquiring party maps the AIS to the electronic waterway chart to complete the trajectory backtracking query.

实施例3：Example 3:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，n个副本通信节点分为轻量化节点和全节点。Referring to Fig. 1 to Fig. 7, a blockchain-based ship track monitoring system, the main content is shown in Embodiment 2, wherein the n copy communication nodes are divided into lightweight nodes and full nodes.

所述轻量化节点包括控制河段岸基信号台。所述轻量化节点存储区块头数据。The lightweight nodes include bank-based signal stations for controlling river sections. The lightweight nodes store block header data.

所述全节点包括航道监管部门节点。所述全节点存储区块数据。The full nodes include the waterway supervision department nodes. The full nodes store block data.

实施例4：Example 4:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，所述AIS信息包括船舶MMSI号、AIS发送时间、船舶名称、船舶类型、航向、船舶位置、对地船速、对地航速、航艏向、航道状态、转向率。Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the AIS information includes the ship MMSI number, AIS sending time, ship name, ship type, course, ship Position, ship speed over ground, speed over ground, heading, channel status, turning rate.

实施例5：Example 5:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，所述副本通信节点、查询方均存储有海事数字证书认证中心CA颁发的数字证书。Referring to Fig. 1 to Fig. 7, a blockchain-based ship track monitoring system, the main content is shown in embodiment 2, wherein, the copy communication node and the inquiring party both store digital certificates issued by the maritime digital certificate certification center CA.

实施例6：Embodiment 6:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，对接收到的AIS信息R_A进行加密的步骤包括：Referring to Fig. 1 to Fig. 7, a kind of ship track monitoring system based on block chain, see embodiment 2 for main content, wherein, the step of encrypting the received AIS information R_A comprises:

1)计算数据e＝SM3(M″)。其中，参数M″＝Z||M。M是需要被签名的消息，且{M∈M₁,M₂···M_k}。参数Z＝SM3(ENTL||ID||a||b||x_G||y_G||x_A||y_A)。ENTL为ID的比特长度。ID为用户身份标识。(x_G,y_G)为加密曲线基点坐标，(x_A,y_A)为用户的公钥。1) Calculate data e=SM3(M"). Wherein, parameter M"=Z||M. M is the message to be signed, and {M∈M₁ ,M₂ ···M_k }. Parameter Z=SM3(ENTL||ID||a||b||_xG ||_yG ||_xA ||_yA ). ENTL is the bit length of the ID. ID is the user identification. (x_G , y_G ) is the base point coordinates of the encryption curve, and (x_A , y_A ) is the user's public key.

2)产生随机数q∈[1,N-1]。N为G的阶。G为加密曲线基点。2) Generate a random number q∈[1,N-1]. N is the order of G. G is the base point of encryption curve.

3)计算加密曲线点G₁(x₁,y₁)＝[q]G。3) Calculate encryption curve point G₁ (x₁ ,y₁ )=[q]G.

3)计算参数r＝(e+x₁)mod N，若r＝0或r+q＝N，则返回步骤2)，否则，进入步骤4)。3) Calculation parameter r=(e+x₁ ) mod N, if r=0 or r+q=N, then return to step 2), otherwise, go to step 4).

4)计算参数s＝((1+d_A)^-1·(q-r·d_A))mod N，若s＝0，则返回步骤2)，否则进入步骤5)。d_A∈[1,N-2]是节点私钥。公钥P_A＝[d_A]G＝(x_A,y_A)。4) Calculation parameter s=((1+d_A )⁻¹ ·(qr·d_A )) mod N, if s=0, return to step 2), otherwise enter step 5). d_A ∈ [1,N-2] is the node private key. Public key P_A =[d_A ]G=(x_A , y_A ).

5)将解析后的数据R_A、数字签名(r,s)、公钥P以P2P方式广播给网络中其他节点。5) Broadcast the parsed data R_A , digital signature (r, s), and public key P to other nodes in the network in a P2P manner.

实施例7：Embodiment 7:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，根据副本通信节点A的公钥对信息M′进行验证的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of verifying the information M' according to the public key of the replica communication node A include:

1)检验参数r′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤2)。1) Check whether the parameter r′∈[1,N-1] is true, if not, the verification fails, if true, go to step 2).

2)检验初始s′∈[1,N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤3)。2) Check whether the initial s′∈[1,N-1] is true, if not, the verification fails, if true, go to step 3).

3)计算数据e′＝SM3(M″′)。M″′＝Z||M′。3) Calculate data e'=SM3(M"'). M"'=Z||M'.

4)计算参数u＝(r′+s′)mod N，若u＝0，则验证不通过，否则，进入步骤5)。4) Calculation parameter u=(r'+s') mod N, if u=0, the verification fails, otherwise, go to step 5).

5)计算加密曲线点(x₁,y₁)＝[s]G+[u]P_A。5) Calculate encryption curve point (x₁ , y₁ )=[s]G+[u]_PA .

6)计算参数R＝(e′+x′₁)mod N，并检验R＝r′是否成立，若成立则验证通过，否则验证不通过。6) Calculate the parameter R=(e′+x′₁ ) mod N, and check whether R=r′ is established, if it is established, the verification is passed, otherwise the verification is not passed.

实施例8：Embodiment 8:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，对信息M′进行冗余处理的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of redundant processing of information M' include:

1)记节点本地内存池中的数据为R_L。1) Record the data in the local memory pool of the node as_RL .

2)对信息M′中的第i条数据M′_x→i与数据R_L进行比较，如果数据R_L包含数据M′_x→i，就舍弃数据M′_x→i，否则，将数据M′_x→i写入数据R_L中。i初始值为1。2) Compare the i-th piece of data M′_x→i in the information M′ with the data_RL , if the data_RL contains the data M′_x→i , discard the data M′_x→i , otherwise, save the data M '_x→i is written into the data_RL . The initial value of i is 1.

3)令i＝i+1，并重复步骤2)，直至信息M′中所有数据均比较完毕，得到R_M＝{R_x1,R_x1···R_xk}。3) Set i=i+1, and repeat step 2) until all the data in the information M′ are compared, and R_M ={R_x1 , R_x1 ···R_xk } is obtained.

4)对数据R_M中的元素进行拆解，得到时间戳数组TSArr＝{ts₁,ts₂···ts_k}。根据时间戳对数据R_M进行重新排序，得到信息R′_M＝{R′_x1,R′_x2···R′_xk}。4) Disassemble the elements in the data R_M to obtain the time stamp array TSArr={ts₁ , ts₂ ···ts_k }. The data R_M is reordered according to the time stamp, and the information R′_M ={R′_x1 , R′_x2 ···R′_xk } is obtained.

实施例9：Embodiment 9:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，对PRE-PREPARE请求进行验证的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of verifying the PRE-PREPARE request include:

1)利用公钥P_A0校验数字签名Sig_A0是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Use the public key P_A0 to verify whether the digital signature Sig_A0 is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PRE-PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current copy communication node has received a PRE-PREPARE request with the same view number viewNum and number id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_msg是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out digest operation on the information msg, and judge whether the result of the digest operation is consistent with the digest d_msg , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

实施例10：Example 10:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，对PREPARE请求进行验证的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of verifying the PREPARE request include:

1)验证PREPARE携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by PREPARE is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PREPARE请求，若是，则验证不通过，否则，进入步骤3)。2) Determine whether the current replica communication node has received the PREPARE request with the same view number viewNum and ID, if yes, the verification fails, otherwise, go to step 3).

3)判断摘要d_pre与当前已收到PRE-PPREPARE请求中的摘要d_msg是否相同，若不同，则验证不通过，若相同，则进入步骤4)。3) Judging whether the digest d_pre is the same as the digest d_msg in the currently received PRE-PPREPARE request, if not, the verification fails, and if they are the same, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

实施例11：Example 11:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，对COMMIT请求进行验证的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of verifying the COMMIT request include:

1)验证COMMIT携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过。1) Verify whether the digital signature carried by COMMIT is correct, if it is correct, go to step 2), if not, the verification fails.

2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的COMMIT请求，若是，则验证不通过，否则，进入步骤3)。2) Judging whether the current copy communication node has received the COMMIT request with the same view number viewNum and number id, if yes, the verification fails, otherwise, go to step 3).

3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_com是否一致，若不一致，则验证不通过，若一致，则进入步骤4)。3) Carry out a digest operation on the message msg, and judge whether the result of the digest operation is consistent with the digest d_com , if not, the verification fails, and if they are consistent, go to step 4).

4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.

实施例12：Example 12:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，所述查询方经过了注册，注册步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the querying party has been registered, and the registration steps include:

1)记需查询船舶轨迹的查询方为W。查询方W在前端生成密钥(P_W,S_W)，查询方W向主节点A₀发送注册请求REGISTER。注册请求REGISTER携带的信息包括注册操作、时间戳ts、查询方用户名username、查询方密码password、查询方身份信息ID_CARD、查询方公钥P_W、查询方数字签名Sig_W。1) Note that the query party that needs to query the ship's trajectory is W. The inquiring party W generates a key (P_W , S_W ) at the front end, and the inquiring party W sends a registration request REGISTER to the master node A₀ . The information carried by the registration request REGISTER includes registration operation, time stamp ts, inquiring party username username, inquiring party password password, inquiring party identity information ID_CARD, inquiring party public key P_W , inquiring party digital signature Sig_W .

2)主节点A₀执行查询方注册操作，为查询方具备查询权限的权限码Permission_ID和授权的查询方密钥对(Key_PW,Key_SW)。2) The master node A₀ executes the registration operation of the inquiring party, and the inquiring party has the permission code Permission_ID of the inquiring authority and the authorized key pair (Key_PW , Key_SW ) of the inquiring party.

实施例13：Example 13:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，数字证书是通过节点数字证书注册与认证获得的。节点数字证书注册与认证的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the digital certificate is obtained through the registration and authentication of the node digital certificate. The steps of node digital certificate registration and authentication include:

1)公钥认证与证书分发1) Public key authentication and certificate distribution

如图1所示信号台、航道局、海事局、船舶管理调度中心等通信节点A₀,A₁···A_n，通过EIGamal算法生成自己的公私钥对{P_A0，S_A0}，{P_A1，S_A1}···{P_An，S_An}，通信节点分别将公钥P_A0～P_An发送至海事数字证书认证中心CA，CA中心具有自己的一对公私钥{P_CA，S_CA}，数字证书认证中心对接收到的公钥并用根CA进行Hash运算，得到Hash(P_A0),Hash(P_A1)···Hash(P_An)，数字证书认证中心通过自己的私钥S_CA对Hash(P_A0),Hash(P_A1)···Hash(P_An)进行加密，得到HHash(P_A0,S_CA),HHash(P_A1,S_CA)···HHash(P_An,S_CA)，CA中心对HHash运算后的密钥附上信息(可能包括版本、序列号、签名算法类型、签发者信息、有效期、被签发人、CA数字签名及其它信息)，形成可颁发的数字证书C₀,C₁···C_n，发放给各个通信节点，至此所有经CA中心认证的公钥均合法，后续步骤的进行均赖于公钥的合法性且不在赘述；As shown in Figure 1, the communication nodes A₀ , A₁ ···A_n such as the signal station, the navigation bureau, the maritime bureau, and the ship management and dispatching center generate their own public-private key pair {P_A0 , S_A0 } through the EIGamal algorithm, { P_A1 , S_A1 }···{P_An , S_An }, the communication nodes respectively send the public keys P_A0 ～P_An to the maritime digital certificate certification center CA, and the CA center has its own pair of public and private keys {P_CA , S_CA }, the digital certificate certification center performs Hash operation on the received public key with the root CA, and obtains Hash(P_A0 ), Hash(P_A1 )···Hash(P_An ), the digital certificate certification center passes its own private key The key S_CA encrypts Hash(P_A0 ), Hash(P_A1 )···Hash(P_An ), and obtains HHash(P_A0 ,S_CA ),HHash(P_A1 ,S_CA )···HHash(P_An , S_CA ), the CA center attaches information to the key after the HHash operation (may include version, serial number, signature algorithm type, issuer information, validity period, issuer, CA digital signature and other information), forming a The issued digital certificates C₀ , C₁ ···C_n are issued to each communication node. So far, all the public keys certified by the CA center are legal, and the subsequent steps depend on the legality of the public key and will not be repeated;

2)节点证书验证2) Node certificate verification

当节点A₁向节点A₂发送消息时，A₂需要对A₁的数字证书进行验证，此时，将A₁证书中的A₂使用根CA的公钥P_CA解密证书，如果解密成功A₂将得到A₁的公钥，否则失败，当A₂成功拥有A₁的公钥后才能验证A₁的数字签名，该步骤为数字签名验证做支撑，其他除A₁,A₂节点以外的通信节点均依据此方法进行数字签名验证。When node A₁ sends a message to node A₂ , A₂ needs to verify the digital certificate of A_1. At this time, A₂ in the certificate of A₁ uses the public key P_CA of the root CA to decrypt the certificate. If the decryption is successful, A₂ will get the public key of A₁ , otherwise it will fail. Only when A₂ successfully owns the public key of A₁ can it verify the digital signature of A_1. This step supports the digital signature verification. Other nodes except A₁ and A₂ All communication nodes carry out digital signature verification according to this method.

实施例14：Example 14:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，根据时间戳对数据R_M进行重新排序的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein the steps of reordering the data R_M according to the timestamp include:

1)将时间戳数组TSArr分为下标中间索引int mid＝(start+end)/2，左侧起始索引int start1＝start，左侧结束索引int end1＝mid，右侧起始索引int start2＝mid+1，右侧结束索引int end2＝end；1) Divide the timestamp array TSArr into subscript middle index int mid=(start+end)/2, left start index int start1=start, left end index int end1=mid, right start index int start2 = mid+1, right end index int end2 = end;

2)记临时数组为nt Tmp，临时数组的索引i＝0；2) record the temporary array as nt Tmp, the index i=0 of the temporary array;

3)判断start1≤end1且start2≤end2是否成立，若是，则进入步骤4)，否则，循环；3) Determine whether start1≤end1 and start2≤end2 are established, if so, enter step 4), otherwise, loop;

4)判断TSArr[start1]≤TSArr[start2]是否成立，若是，则令Tmp[i]＝TSArr[start1]；i++；start1++，并进入步骤5)，否则，令Tmp[i]＝TSArr[start2]；i++；start2++，并返回步骤3)；4) judge whether TSArr[start1]≤TSArr[start2] is established, if so, then make Tmp[i]=TSArr[start1]; i++; start1++, and enter step 5), otherwise, make Tmp[i]=TSArr[start2 ]; i++; start2++, and return to step 3);

5)判断start1≤mid是否成立，若是，则令Tmp[i]＝TSArr[start1]；i++；start1++，并进入步骤6)，否则，循环；5) judge whether start1≤mid is established, if so, then make Tmp[i]=TSArr[start1]; i++; start1++, and enter step 6), otherwise, loop;

判断start2≤end是否成立，若是，则令Tmp[i]＝TSArr[start2]；i++；start2++，并进入步骤6)，否则，循环；Determine whether start2≤end is established, if so, then make Tmp[i]=TSArr[start2]; i++; start2++, and enter step 6), otherwise, loop;

6)令i＝0；6) Let i=0;

7)判断i<Tmp.length是否成立，若是，则令TSArr[start+i]＝Tmp[i]，i++；7) Determine whether i<Tmp.length is established, if so, make TSArr[start+i]=Tmp[i], i++;

8)最后将Tmp数组的元素拷贝到TSArr。该次计算时间复杂度o(n·logn)，最后将每条R_M数据根据TSArr顺序进行排序得到最终排序结果R′_M＝{R′_x1,R′_x2···R′_xk}，具体流程如图4所示。8) Finally, copy the elements of the Tmp array to TSArr. The time complexity of this calculation is o(n·logn), and finally each R_M data is sorted according to the order of TSArr to obtain the final sorting result R′_M ={R′_x1 ,R′_x2 ···R′_xk }, specifically The process is shown in Figure 4.

实施例15：Example 15:

参见图1至图7，一种基于区块链的船舶轨迹监测系统，主要内容见实施例2，其中，当节点存在异常时，主节点异常处理与主节点变更的步骤包括：Referring to Figures 1 to 7, a blockchain-based ship trajectory monitoring system, the main content is shown in Embodiment 2, wherein, when there is an abnormality in the node, the steps of master node exception handling and master node change include:

如图6所示，副本节点A_y发送节点检查消息<CHECKPOiNT,id_L,d_msg,y->num,P_Ay,Sig_Ay>给其他节点，id_L是当前节点所保留的最后一个视图请求编号，d_msg是对当前状态的一个摘要，将CHECKPOINT消息记录到log中。如果副本节点A_y收到了2f+1个验证过的CHECKPOINT消息，则清除先前日志中的消息，并以id_L作为当前一个stable checkpoint。如果主节点异常或被攻击，导致它给不同的请求编上相同的序号，或者不分配序号，或者使序号不连续，备份节点应校验序号的合法性。如果主节点掉线或不广播客户端的请求，客户端设置超时机制，向所有副本节点广播请求消息。副本节点检测出主节点作恶或者下线，发起VChange协议。协议定义如下：As shown in Figure 6, the replica node A_y sends a node check message <CHECKPOiNT,id_L ,d_msg ,y->num,P_Ay ,Sig_Ay > to other nodes, and id_L is the last view request reserved by the current node number, d_msg is a summary of the current state, and records the CHECKPOINT message to the log. If replica node A_y receives 2f+1 verified CHECKPOINT messages, clear the messages in the previous log, and use id_L as the current stable checkpoint. If the master node is abnormal or attacked, causing it to assign the same serial number to different requests, or not assign serial numbers, or make the serial numbers discontinuous, the backup node should verify the legitimacy of the serial numbers. If the master node goes offline or does not broadcast the client's request, the client sets a timeout mechanism and broadcasts the request message to all replica nodes. The replica node detects that the master node is malicious or offline, and initiates the VChange protocol. The protocol is defined as follows:

副本节点向其他节点广播<VIEW-CHANGE,viewNum+1,id_L,C,P_L,i>消息；id_L是最新的stable checkpoint的编号，C是2f+1验证过的CheckPoint消息集合，P_L是当前副本节点未完成的请求的PRE-PREPARE和PREPARE消息集合。The replica node broadcasts <VIEW-CHANGE, viewNum+1, id_L , C, P_L , i> message to other nodes; id_L is the number of the latest stable checkpoint, C is the set of CheckPoint messages verified by 2f+1, P_L is the set of PRE-PREPARE and PREPARE messages of the outstanding requests of the current replica node.

当主节点p＝(viewNum+1)mod|RA|收到2f个有效的VIEW-CHANGE消息后，向其他节点广播<NEW-VIEW,viewNum+1>消息。V是有效的VIEW-CHANGE消息集合，O是主节点重新发起的未经完成的PRE-PREPARE消息集合。When the master node p=(viewNum+1)mod|RA| receives 2f valid VIEW-CHANGE messages, it broadcasts <NEW-VIEW, viewNum+1> messages to other nodes. V is a set of valid VIEW-CHANGE messages, and O is a set of incomplete PRE-PREPARE messages re-initiated by the master node.

PRE-PREPARE消息集合的选取规则：1.选取V中最小的stable checkpoint编号minMsgNum，选取V中prepare消息的最大编号maxMsgNum；2.在minMsgNum和maxMsgNum之间，如果存在PL消息集合，则创建<<PRE-PREPARE,viewNum+1,id_L,d>,msg>消息。否则创建一个空的PRE-PREPARE消息，即：<<PRE-PREPARE,viewNum+1,id,d(null)>,msg(null)>,其中msg(null)空消息，d(null)空消息摘要。副本节点收到主节点的NEW-VIEW消息，验证有效性，有效进入viewNum+1状态，并且开始O中的PRE-PREPARE消息处理流程。Selection rules for PRE-PREPARE message sets: 1. Select the smallest stable checkpoint number minMsgNum in V, and select the maximum number maxMsgNum of prepare messages in V; 2. Between minMsgNum and maxMsgNum, if there is a PL message set, create << PRE-PREPARE, viewNum+1, id_L , d>, msg> message. Otherwise create an empty PRE-PREPARE message, namely: <<PRE-PREPARE, viewNum+1, id, d(null)>, msg(null)>, where msg(null) is an empty message, d(null) is an empty message Summary. The replica node receives the NEW-VIEW message from the master node, verifies the validity, effectively enters the viewNum+1 state, and starts the PRE-PREPARE message processing flow in O.

实施例16：Example 16:

参见图1至图7，一种基于区块链的船舶轨迹监测系统的使用方法，步骤包括：Referring to Figures 1 to 7, a method for using a blockchain-based ship trajectory monitoring system, the steps include:

1)节点数字证书注册与认证1) Node digital certificate registration and authentication

1.1)公钥认证与证书分发1.1) Public key authentication and certificate distribution

如图1所示信号台、航道局、海事局、船舶管理调度中心等通信节点A₀,A₁···A_n，通过EIGamal算法生成自己的公私钥对{P_A0，S_A0}，{P_A1，S_A1}···{P_An，S_An}，通信节点分别将公钥P_A0～P_An发送至海事数字证书认证中心CA，CA中心具有自己的一对公私钥{P_CA，S_CA}，数字证书认证中心对接收到的公钥并用根CA进行Hash运算，得到Hash(P_A0),Hash(P_A1)···Hash(P_An)，数字证书认证中心通过自己的私钥S_CA对Hash(P_A0),Hash(P_A1)···Hash(P_An)进行加密，得到HHash(P_A0,S_CA),HHash(P_A1,S_CA)···HHash(P_An,S_CA)，CA中心对HHash运算后的密钥附上信息(可能包括版本、序列号、签名算法类型、签发者信息、有效期、被签发人、CA数字签名及其它信息)，形成可颁发的数字证书C₀,C₁···C_n，发放给各个通信节点，至此所有经CA中心认证的公钥均合法，后续步骤的进行均赖于公钥的合法性且不在赘述；As shown in Figure 1, the communication nodes A₀ , A₁ ···A_n such as the signal station, the navigation bureau, the maritime bureau, and the ship management and dispatching center generate their own public-private key pair {P_A0 , S_A0 } through the EIGamal algorithm, { P_A1 , S_A1 }···{P_An , S_An }, the communication nodes respectively send the public keys P_A0 ～P_An to the maritime digital certificate certification center CA, and the CA center has its own pair of public and private keys {P_CA , S_CA }, the digital certificate certification center conducts Hash operation on the received public key and uses the root CA to obtain Hash(P_A0 ), Hash(P_A1 )···Hash(P_An ), the digital certificate certification center passes its own private key The key S_CA encrypts Hash(P_A0 ), Hash(P_A1 )···Hash(P_An ), and obtains HHash(P_A0 ,S_CA ),HHash(P_A1 ,S_CA )···HHash(P_An , S_CA ), the CA center attaches information to the key after the HHash operation (may include version, serial number, signature algorithm type, issuer information, validity period, issuer, CA digital signature and other information), forming a The issued digital certificates C₀ , C₁ ···C_n are issued to each communication node. So far, all the public keys certified by the CA center are legal, and the subsequent steps depend on the legality of the public key and will not be repeated;

1.2)节点证书验证1.2) Node certificate verification

当节点A₁向节点A₂发送消息时，A₂需要对A₁的数字证书进行验证，此时，将A₁证书中的A₂使用根CA的公钥P_CA解密证书，如果解密成功A₂将得到A₁的公钥，否则失败，当A₂成功拥有A₁的公钥后才能验证A₁的数字签名，该步骤为数字签名验证做支撑，其他除A₁,A₂节点以外的通信节点均依据此方法进行数字签名验证。When node A₁ sends a message to node A₂ , A₂ needs to verify the digital certificate of A_1. At this time, A₂ in the certificate of A₁ uses the public key P_CA of the root CA to decrypt the certificate. If the decryption is successful, A₂ will get the public key of A₁ , otherwise it will fail. Only when A₂ successfully owns the public key of A₁ can it verify the digital signature of A_1. This step supports the digital signature verification. Other nodes except A₁ and A₂ All communication nodes carry out digital signature verification according to this method.

2)节点数据校验与打包至区块2) Node data verification and packing into blocks

2.1)初始区块创建，本发明所提区块链中，创世区块Block#0由权威机构海事局建立，区块内容包括：当前区块版本编号V_ID、历史t₀＝30s时间段t₀＝t_Curtime-t_Latime(其中，t_Curtime：当前时刻，t_Latime：与当前时刻相差t₀的时刻)内AIS数据、根哈希值、时间戳，初始化海事局的视图编号viewNum＝0，定义海事局通信节点为主节点A_viewNum，viewNum＝0，即主节点为A₀，定义其余节点为副本节点，副本节点个数为n，A₀节点将创世区块Block#0通过网络广播至全网通信节点，所有节点进行确认，确认结束后主节点将区块添加到区块链并广播至其他副本节点；2.1) Initial block creation. In the block chain proposed by the present invention, the creation block Block#0 is established by the authority Maritime Safety Administration. The block content includes: current block version number V_ID, history t₀ =30s time period t₀ =t_Curtime -t_Latime (wherein, t_Curtime : the current moment, t_Latime : the moment of_t0 difference from the current moment), AIS data, root hash value, timestamp, initialize the view number viewNum=0 of the Maritime Safety Administration, Define the communication node of the Maritime Safety Administration as the master node A_viewNum , viewNum=0, that is, the master node is A₀ , define the rest of the nodes as replica nodes, the number of replica nodes is n, and the node A₀ broadcasts the creation block Block#0 through the network To the communication nodes of the whole network, all nodes will confirm. After the confirmation, the master node will add the block to the blockchain and broadcast it to other copy nodes;

2.2)数据转换，控制河段内船舶发送加密的AIS信息，数据包括：船舶MMSI号、AIS发送时间、船舶名称、船舶类型、航向、船舶位置、对地船速、对地航速、航艏向、航道状态、转向率等加密数据。记行驶于控制河段的船舶数量为z，所有AIS上传的数据信息集合记为R_send，控制河段岸边设有k个信号台，AIS解析协议为Y，信号台通行信号指挥系统采集的AIS数据记为R_acc＝{R_acc1,R_acc2···R_acck}，将R_acc使用HASHSET集合处理后得到R_acc→set，全节点任意30秒内能采集到控制河段所有通行船舶的AIS数据，即R_acc→set＝R_send，当前控制河段槽内船舶AIS数据t时刻被解析后的数据集合为R_acca＝{R_acca1＝Y(R_acc1),R_acca2＝Y(R_acc2)···R_accak＝Y(R_acck)}。2.2) Data conversion, control ships in the river section to send encrypted AIS information, the data includes: ship MMSI number, AIS sending time, ship name, ship type, course, ship position, ship speed over ground, speed over ground, heading , channel status, turning rate and other encrypted data. Denote the number of ships traveling on the controlled river section as z, the collection of all AIS uploaded data information is recorded as R_send , there are k signal stations on the bank of the controlled river section, the AIS analysis protocol is Y, and the data collected by the signal station traffic signal command system The AIS data is recorded as R_acc ＝{R_acc1 ,R_acc2 ···R_acc }, R_acc is processed by HASHSET to get R_acc→set , and the full node can collect the information of all passing ships in the control river section within any 30 seconds AIS data, that is, R_acc→set =R_send , the data set after analysis of the AIS data of ships in the current control channel at time t is R_acca ={R_acca1 =Y(R_acc1 ),R_acca2 =Y(R_acca2 )...R_accak =Y(R_acck )}.

2.3)数据加密与广播，R_A为节点A在t时刻采集的AIS数据，且A∈{A₁,A₂···A_n}，R_A∈R_acca。数据集{R_acca1,R_acca2···R_accak}经国密算法SM3计算生成运算生成数字摘要{M₁,M₂···M_k}，设G是椭圆曲线上的基点(x_G,y_G)，M是需要被签名的消息，且{M∈M₁,M₂···M_k}，d_A是节点私钥，P是节点A的公钥，a，b为常数，N为G的阶，ID为用户身份标识，长度为16字节，ENTL为由两个字节标识的ID的比特长度，(x_G,y_G)为加密曲线基点，(x_A,y_A)为用户的公钥，节点A的密钥对包括其私钥d_A(由随机数生成器生成，d_A∈[1,N-2]和公钥P_A＝[d_A]G＝(x_A,y_A)，Z＝SM3(ENTL||ID||a||b||x_G||y_G||x_A||y_A)；(1)置M′＝Z||M；(2)计算e＝SM3(M′)，将e的数据类型转化为整数；(3)用随机数发生器产生随机数q∈[1,N-1]；(4)计算椭圆曲线点G₁(x₁,y₁)＝[q]G；(5)计算r＝(e+x₁)mod N，若r＝0或r+q＝N则返回(3)；(6)计算s＝((1+d_A)^-1·(q-r·d_A))mod N，若s＝0则返回第(3)步；(7)将(r,s)转化为字节串，消息M的签名为(r,s)。节点将解析后的数据R_A(R_A∈R_acca)、数字签名(r,s)、公钥P以P2P方式广播给网络中其他节点。2.3) Data encryption and broadcasting, R_A is the AIS data collected by node A at time t, and A∈{A₁ ,A₂ ···A_n }, R_A ∈R_acca . The data set {R_acca1 ,R_acca2 ···R_accak } is calculated and generated by the national secret algorithm SM3 to generate a digital summary {M₁ ,M₂ ···M_k }, let G be the base point on the elliptic curve (x_G , y_G ), M is the message to be signed, and {M∈M₁ ,M₂ ···M_k }, d_A is the private key of the node, P is the public key of the node A, a, b are constants, N is the order of G, ID is the user identity, the length is 16 bytes, ENTL is the bit length of the ID identified by two bytes, (x_G , y_G ) is the base point of the encryption curve, (x_A , y_A ) is the user’s public key, node A’s key pair includes its private key d_A (generated by a random number generator, d_A ∈ [1,N-2] and public key P_A =[d_A ]G=(x_A ,y_A ), Z=SM3(ENTL||ID||a||b||x_G ||y_G ||x_A ||y_A ); (1) set M'=Z||M; (2) Calculate e=SM3(M′), and convert the data type of e into an integer; (3) Use a random number generator to generate a random number q∈[1,N-1]; (4) Calculate the elliptic curve point G₁ (x₁ ,y₁ )=[q]G; (5) Calculate r=(e+x₁ )mod N, if r=0 or r+q=N, return to (3); (6) Calculate s =((1+d_A )^-1 ·(qr·d_A ))mod N, if s=0, return to step (3); (7) convert (r, s) into byte string, message M The signature of is (r, s). The node broadcasts the parsed data R_A (_RA ∈ R_acca ), digital signature (r, s), and public key P to other nodes in the network in a P2P manner.

2.4)数据解密与验证，除A节点以外的其他节点在收到A节点广播的数据后将开始进行签名验证，设B节点收到消息为M′，收到的签名为(r′，s′)，B∈{A₁,A₂···A_n}，B≠A，P_A为A节点的公钥，(1)检验r′∈[1,N-1]是否成立，若不成立则验证不通过；(2)检验s′∈[1,N-1]，是否成立，若不成立则验证不通过；(3)置M′＝Z||M；(4)计算e′＝SM3(M′)，将e′的数据类型转化为整数；(5)将r′，s′的数据类型转化为整数，计算u＝(r′+s′)mod N，若u＝0，则验证不通过；(6)计算椭圆曲线点(x₁,y₁)＝[s]G+[u]P_A；(7)将x₁的数据类型转化为整数，计算R＝(e′+x′₁)mod N，检验R＝r′是否成立，若成立则验证通过，否则验证不通过。2.4) Data decryption and verification. Nodes other than node A will start signature verification after receiving the data broadcast by node A. Let node B receive the message as M′, and the received signature as (r′, s′ ), B∈{A₁ ,A₂ ···A_n }, B≠A, P_A is the public key of node A, (1) check whether r′∈[1,N-1] is established, if not, then The verification fails; (2) Check whether s′∈[1,N-1] is established, if not, the verification fails; (3) Set M′=Z||M; (4) Calculate e′=SM3( M'), convert the data type of e' into an integer; (5) convert the data type of r', s' into an integer, calculate u=(r'+s') mod N, if u=0, verify Fail; (6) Calculate the elliptic curve point (x₁ , y₁ )=[s]G+[u]_PA ; (7) Convert the data type of x₁ into an integer, and calculate R=(e′+x′₁ ) mod N, check whether R=r' is established, if established, the verification is passed, otherwise the verification is not passed.

2.5)数据校验与区块体末端节点数据生成2.5) Data verification and block body end node data generation

虽然AIS信号是广播信号，但信号台节点接收AIS数据时会受到地理环境因素影响，距离相近的信号台节点从控制河段内接收的船舶AIS数据可能会存在数据冗余，因此节点在每次收到其他节点广播的数据时需要进行数据冗余处理。节点通过步骤4的验证后，收到的数据为M′，且M′＝M，数据长度为Len，计算如下：Although the AIS signal is a broadcast signal, the signal station nodes will be affected by geographical environment factors when receiving AIS data, and there may be data redundancy in the AIS data received by the signal station nodes from the control river section. Data redundancy processing is required when receiving data broadcast by other nodes. After the node passes the verification of step 4, the received data is M', and M'=M, the data length is Len, and the calculation is as follows:

(1)设节点本地内存池中的数据为R_L，取出节点本地内存池中的第一条数据记为M′_x→1与R_L全量数据进行比较，如果R_L包含M′_x→1就舍弃该消息，否则将数据追加至R_L末端，依次根据(1)步骤循环Cnt＝Len-1次结束，最终得到结果集合为R_M＝{R_x1,R_x1···R_xk}的数据。(1) Let the data in the local memory pool of the node be_RL , take out the first piece of data in the local memory pool of the node and record it as M′_x→1 and compare it with the full data of_RL , if_RL contains M′_x→1 Just discard the message, otherwise add the data to the end of_RL , follow the step (1) in order to cycle Cnt=Len-1 times to end, and finally get the result set of R_M ={R_x1 ,R_x1 ···R_xk } data.

(2)根据(1)计算的结果，将R_M中的每个元素进行拆解，得到时间戳数组TSArr＝{ts₁,ts₂···ts_k}，将时间戳数组TSArr索引分为下标中间索引int mid＝(start+end)/2，左侧起始索引int start1＝start，左侧结束索引int end1＝mid，右侧起始索引intstart2＝mid+1，右侧结束索引int end2＝end，临时数组int Tmp及其索引i＝0，计算flg＝(start1≤end1&&start2≤end2)为TRUE/FALSE，为TRUE继续判断flg1＝(TSArr[start1]≤TSArr[start2])，否则循环，当flg1为TRUE，执行{Tmp[i]＝TSArr[start1]；i++；start1++；}，否则执行{Tmp[i]＝TSArr[start2]；i++；start2++；}，循环结束后继续判断flg3＝{start1≤mid}，flg3为TRUE就执行{Tmp[i]＝TSArr[start1]；i++；start1++；}，判断flg4＝(start2≤end)，flg4为TRUE执行{Tmp[i]＝TSArr[start2]；i++；start2++；}，最后将Tmp数组的元素拷贝到TSArr。该次计算时间复杂度o(n·logn)，最后将每条R_M数据根据TSArr顺序进行排序得到最终排序结果R′_M＝{R′_x1,R′_x2···R′_xk}，具体流程如图4所示。(2) According to the calculation result of (1), each element in_RM is disassembled to obtain the time stamp array TSArr={ts₁ ,ts₂ ···ts_k }, and the index of the time stamp array TSArr is divided into Subscript middle index int mid=(start+end)/2, left start index int start1=start, left end index int end1=mid, right start index intstart2=mid+1, right end index int end2=end, temporary array int Tmp and its index i=0, calculate flg=(start1≤end1&&start2≤end2) is TRUE/FALSE, if TRUE continue to judge flg1=(TSArr[start1]≤TSArr[start2]), otherwise loop , when flg1 is TRUE, execute {Tmp[i]=TSArr[start1]; i++; start1++;}, otherwise execute {Tmp[i]=TSArr[start2]; i++; start2++;}, continue to judge flg3= after the loop ends {start1≤mid}, flg3 is TRUE and just execute {Tmp[i]=TSArr[start1]; i++; start1++;}, judge flg4=(start2≤end), flg4 is TRUE and execute {Tmp[i]=TSArr[start2] ]; i++; start2++; }, and finally copy the elements of the Tmp array to TSArr. The time complexity of this calculation is o(n·logn), and finally each R_M data is sorted according to the order of TSArr to obtain the final sorting result R′_M ={R′_x1 ,R′_x2 ···R′_xk }, specifically The process is shown in Figure 4.

3)区块广播与共识3) Block broadcast and consensus

3.1)记t₁＝3min，取步骤2.5中时间间隔为t₁的AIS数据进行计算，计算过程为：s1：对数据块做基于国密SM3算法的Hash运算，Node0_i＝Hash(R′_xi),i＝1,2···k；s2：相邻两个Hash块串联，然后再做Hash运算，Node1_(i+1)/2＝Hash(Node0_i+Node0_i+1)，i＝1,3,5···k-1；若k为奇数，则末端树节点采用Node1_(i+1)/2＝Hash(Node0_i)运算；s5：重复s2，直到生成最终的Merkle Root，记为：MT_r，计算流程如图2所示。3.1) Note t₁ =3min, take the AIS data whose time interval is t₁ in step 2.5 for calculation, the calculation process is: s1: do the Hash operation based on the national secret SM3 algorithm for the data block, Node0_i =Hash(R′_xi ), i=1,2···k; s2: two adjacent Hash blocks are connected in series, and then perform Hash operation, Node1_(i+1)/2 = Hash(Node0_i +Node0_i+1 ), i= 1,3,5···k-1; if k is an odd number, the terminal tree node uses Node1_(i+1)/2 = Hash(Node0_i ) operation; s5: Repeat s2 until the final Merkle Root is generated, Denoted as: MT_r , the calculation process is shown in Figure 2.

3.2)如图5所示，客户端Client_x，x∈{1,2···n}，Client_x向主节点A₀发送请求<<REQUEST,o,ts,Client_id>,msg,P_Clientx,Sig_Clientx>，其中，o是请求的操作，ts是时间戳，Client_id为客户端标识，msg代表客户端信息，P_Clientx为节点Client_x公钥，Sig_Clientx为节点Client_x对<REQUEST,o,ts,Client_id>的数字签名，当主节点服务被激活，主节点接收到请求后使用P_Clientx校验Sig_Clientx，校验失败舍弃此请求，否则主节点分配一个编号id，此id用于排序客户端的请求。然后由主节点广播一条<<PRE-PREPARE,viewNum,id,d_msg>,msg,P_A0,Sig_A0>消息给通信网络内其他副本节点。viewNum：视图编号，d_msg为客户端消息摘要，msg为消息内容，P_A0为节点A₀公钥，将<PRE-PREPARE,viewNum,id,d_msg>进行主节点签名得到Sig_A0，id是要在某一个范围区间内的[h,H]。3.2) As shown in Figure 5, the client Client_x , x∈{1,2···n}, Client_x sends a request <<REQUEST,o,ts,Client_id>,msg,P to the master node A_0Clientx , Sig_Clientx >, where o is the requested operation, ts is the timestamp, Client_id is the client ID, msg is the client information, P_Clientx is the public key of node Client_x , Sig_Clientx is the pair of node Client_x <REQUEST,o, ts, Client_id> digital signature, when the master node service is activated, the master node uses P_Clientx to verify Sig_Clientx after receiving the request, and discards the request if the verification fails, otherwise the master node assigns a number id, which is used to sort the client ask. Then the master node broadcasts a <<PRE-PREPARE, viewNum, id, d_msg >, msg, P_A0 , Sig_A0 > message to other replica nodes in the communication network. viewNum: view number, d_msg is the client message digest, msg is the message content, P_A0 is the public key of node_A0 , and <PRE-PREPARE, viewNum, id, d_msg > is signed by the master node to get Sig_A0 , and the id is [h, H] to be within a certain range.

3.3)副本节点A_y(y∈{1,2,3···n}，y≠x)收到主节点的PRE-PREPARE消息，需要进行以下校验：a.使用P_A0校验主节点PRE-PREPARE的Sig_A0消息签名是否正确；b.当前副本节点是否已经收到了一条在同一viewNum下并且编号也是id，但是签名不同的PRE-PREPARE信息；c.比较msg进行摘要计算后的结果与d_msg是否一致；d.id是否满足h≤id≤H；若校验失败舍弃此请求，否则副本节点A_y向其他节点以及主节点发送一条<PREPARE,viewNum,id,d_pre,y->num,P_Ay,Sig_Ay>消息，摘要d_pre＝d_msg，viewNum、id均与上述PRE-PREPARE消息内容相同，y->num是当前副本节点编号，P_Ay为A_y的公钥，利用<PREPARE,viewNum,id,d_pre,y->num>对副本节点A_y签名得到Sig_Ay。同时，记录PRE-PREPARE和PREPARE消息到log日志保存，用于步骤3.6过程中恢复未完成的请求操作。3.3) Replica node A_y (y∈{1,2,3···n}, y≠x) receives the PRE-PREPARE message from the master node, and needs to perform the following checks: a. Use P_A0 to verify the master node Whether the signature of the Sig_A0 message of PRE-PREPARE is correct; b. Whether the current replica node has received a PRE-PREPARE message under the same viewNum and number is also id, but with a different signature; c. Compare the result of digest calculation with msg and Whether d_msg is consistent; whether d.id satisfies h≤id≤H; if the verification fails, the request is discarded, otherwise the replica node A_y sends a <PREPARE, viewNum, id, d_pre , y-> to other nodes and the master node num, P_Ay , Sig_Ay > message, abstract d_pre = d_msg , viewNum, id are the same as the above PRE-PREPARE message content, y->num is the current copy node number, P_Ay is the public key of A_y , use <PREPARE, viewNum, id, d_pre , y->num> Sign the replica node A_y to get Sig_Ay . At the same time, record the PRE-PREPARE and PREPARE messages to the log log and save it, which is used to restore the unfinished request operation in the process of step 3.6.

3.4)主节点和副本节点收到PREPARE消息，需要进行以下校验：a.副本节点A_y的PREPARE消息签名是否正确。b.当前副本节点是否已经收到了同一视图viewNum下的id。c.id是否在区间[h,H]内。d.d_pre与当前已收到PRE-PPREPARE中的d_msg是否相同，校验失败舍弃此请求，否则通过。如果副本节点A_y收到了2f+1个验证通过的PREPARE消息，f为系统中失效节点最大个数，则向其他节点包括主节点发送一条<COMMIT,viewNum,id,d_com,y->num,P_Ay,Sig_Ay>消息，viewNum，id，d_com,y->num与上述PREPARE消息内容相同，此时d_com＝d_pre＝d_msg。利用<COMMIT,viewNum,id,d_com,y->num>对副本节点A_y签名得到Sig_Ay。记录COMMIT消息到log中，用于步骤3.6过程中恢复未完成的请求操作。同时，记录其他副本节点发送的PREPARE消息到log中。3.4) After receiving the PREPARE message, the master node and the copy node need to perform the following checks: a. Whether the signature of the PREPARE message of the copy node A_y is correct. b. Whether the current replica node has received the id under the same view viewNum. Whether c.id is in the interval [h, H]. Whether the dd_pre is the same as the d_msg in the currently received PRE-PPREPARE, if the verification fails, the request is discarded, otherwise it is passed. If the replica node A_y receives 2f+1 PREPARE messages that pass the verification, and f is the maximum number of failed nodes in the system, then send a <COMMIT,viewNum,id,d_com ,y->num to other nodes including the master node , P_Ay , Sig_Ay > message, viewNum, id, d_com , y->num are the same as the content of the above PREPARE message, at this time d_com =d_pre =d_msg . Use <COMMIT, viewNum, id, d_com , y->num> to sign the replica node A_y to get Sig_Ay . Record the COMMIT message to the log, which is used to recover the unfinished request operation in the process of step 3.6. At the same time, record the PREPARE messages sent by other replica nodes to the log.

3.5)主节点和副本节点收到COMMIT消息，需要进行以下校验：a.副本节点COMMIT消息签名是否正确。b.当前副本节点是否已经收到了同一视图viewNum下的id。c.d_com与msg摘要计算结果是否一致。d.id是否在区间[h,H]内，校验失败舍弃此消息，否则通过。如果副本节点A_y收到了2f+1个验证通过的COMMIT消息，说明当前网络中的大部分节点已经达成共识，运行客户端的请求操作o，并返回<REPLY,viewNum,ts,Client_id,y->num,r>给客户端，r：是请求操作结果，客户端如果收到f+1个相同的REPLY消息，说明客户端发起的请求已经达成全网共识，否则客户端需要判断是否重新发送请求给主节点。记录其他副本节点发送的COMMIT消息到log中。3.5) After receiving the COMMIT message, the master node and the replica node need to perform the following verification: a. Whether the signature of the COMMIT message of the replica node is correct. b. Whether the current replica node has received the id under the same view viewNum. Whether the calculation results of cd_com and msg digest are consistent. Whether d.id is in the interval [h, H], if the verification fails, discard this message, otherwise pass. If the replica node A_y receives 2f+1 COMMIT messages that pass the verification, it means that most nodes in the current network have reached a consensus, run the client's request operation o, and return <REPLY, viewNum, ts, Client_id, y-> num, r> to the client, r: the result of the request operation, if the client receives f+1 identical REPLY messages, it means that the request initiated by the client has reached the consensus of the entire network, otherwise the client needs to judge whether to resend the request to the master node. Record COMMIT messages sent by other replica nodes to the log.

3.6)主节点异常处理与主节点变更。如图6所示，副本节点A_y发送节点检查消息<CHECKPOINT,id_L,d_msg,y->num,P_Ay,Sig_Ay>给其他节点，id_L是当前节点所保留的最后一个视图请求编号，d_msg是对当前状态的一个摘要，将CHECKPOINT消息记录到log中。如果副本节点A_y收到了2f+1个验证过的CHECKPOINT消息，则清除先前日志中的消息，并以id_L作为当前一个stable checkpoint。如果主节点异常或被攻击，导致它给不同的请求编上相同的序号，或者不分配序号，或者使序号不连续，备份节点应校验序号的合法性。如果主节点掉线或不广播客户端的请求，客户端设置超时机制，向所有副本节点广播请求消息。副本节点检测出主节点作恶或者下线，发起VChange协议。协议定义如下：3.6) Master node exception handling and master node change. As shown in Figure 6, replica node A_y sends a node check message <CHECKPOINT,id_L ,d_msg ,y->num,P_Ay ,Sig_Ay > to other nodes, and id_L is the last view request reserved by the current node number, d_msg is a summary of the current state, and records the CHECKPOINT message to the log. If replica node A_y receives 2f+1 verified CHECKPOINT messages, clear the messages in the previous log, and use id_L as the current stable checkpoint. If the master node is abnormal or attacked, causing it to assign the same serial number to different requests, or not assign serial numbers, or make the serial numbers discontinuous, the backup node should verify the legitimacy of the serial numbers. If the master node goes offline or does not broadcast the client's request, the client sets a timeout mechanism and broadcasts the request message to all replica nodes. The replica node detects that the master node is malicious or offline, and initiates the VChange protocol. The protocol is defined as follows:

副本节点向其他节点广播<VIEW-CHANGE,viewNum+1,id_L,C,P_L,i>消息；id_L是最新的stable checkpoint的编号，C是2f+1验证过的CheckPoint消息集合，P_L是当前副本节点未完成的请求的PRE-PREPARE和PREPARE消息集合。The replica node broadcasts <VIEW-CHANGE, viewNum+1, id_L , C, P_L , i> message to other nodes; id_L is the number of the latest stable checkpoint, C is the set of CheckPoint messages verified by 2f+1, P_L is the set of PRE-PREPARE and PREPARE messages of the outstanding requests of the current replica node.

当主节点p＝(viewNum+1)mod|RA|收到2f个有效的VIEW-CHANGE消息后，向其他节点广播<NEW-VIEW,viewNum+1>消息。V是有效的VIEW-CHANGE消息集合，O是主节点重新发起的未经完成的PRE-PREPARE消息集合。When the master node p=(viewNum+1)mod|RA| receives 2f valid VIEW-CHANGE messages, it broadcasts <NEW-VIEW, viewNum+1> messages to other nodes. V is a set of valid VIEW-CHANGE messages, and O is a set of incomplete PRE-PREPARE messages re-initiated by the master node.

PRE-PREPARE消息集合的选取规则：1.选取V中最小的stable checkpoint编号minMsgNum，选取V中prepare消息的最大编号maxMsgNum；2.在minMsgNum和maxMsgNum之间，如果存在PL消息集合，则创建<<PRE-PREPARE,viewNum+1,id_L,d>,msg>消息。否则创建一个空的PRE-PREPARE消息，即：<<PRE-PREPARE,viewNum+1,id,d(null)>,msg(null)>,其中msg(null)空消息，d(null)空消息摘要。副本节点收到主节点的NEW-VIEW消息，验证有效性，有效进入viewNum+1状态，并且开始O中的PRE-PREPARE消息处理流程。Selection rules for PRE-PREPARE message sets: 1. Select the smallest stable checkpoint number minMsgNum in V, and select the maximum number maxMsgNum of prepare messages in V; 2. Between minMsgNum and maxMsgNum, if there is a PL message set, create << PRE-PREPARE, viewNum+1, id_L , d>, msg> message. Otherwise create an empty PRE-PREPARE message, namely: <<PRE-PREPARE, viewNum+1, id, d(null)>, msg(null)>, where msg(null) is an empty message, d(null) is an empty message Summary. The replica node receives the NEW-VIEW message from the master node, verifies the validity, effectively enters the viewNum+1 state, and starts the PRE-PREPARE message processing flow in O.

4)区块上链与存储4) Block chaining and storage

所有节点完成共识后，主节点将区块上传至区块链，上传内容包括区块头：区块版本号V_ID、当前区块哈希值MT_r、时间戳、前一个区块的哈希值、主节点的数字签名SIG_AviewNum；区块体：历史间隔时间t_AIS＝3min的AIS数据。主节点将数据广播至全网，全节点存储整个区块链，轻量化节点存储区块头。After all nodes complete the consensus, the master node uploads the block to the blockchain. The uploaded content includes block header: block version number V_ID, current block hash value MT_r , timestamp, previous block hash value, Digital signature SIG_AviewNum of master node; block body: AIS data with historical interval t_AIS =3min. The master node broadcasts the data to the entire network, the full node stores the entire blockchain, and the lightweight node stores the block header.

5)轨迹回溯查询5) Trajectory backtracking query

5.1)查询方注册，假设需查询船舶轨迹的查询方为W，W已获得CA中心的证书，W在前端生成密钥(P_W,S_W)，W通过主节点授权的注册接口向主节点提交用户注册申请，注册请求内容包括<<REGISTER,o,ts,username,password,ID_CARD,TEL_PHONE>,P_W,Sig_W>，其中REGISTER为注册请求标识，o是注册操作，ts是时间戳，username是查询方用户名，password是查询方密码，ID_CARD是查询方身份证信息，TEL_PHONE是查询方电话号码，P_W是W的公钥信息，Sig_W是W对消息的签名，主节点验签成功，执行查询方注册，并为其分配仅具备查询权限的权限码Permission_ID和已授权给的查询方密钥对(Key_PW,Key_SW)；5.1) The inquiring party registers, assuming that the inquiring party who needs to inquire about the track of the ship is W, W has obtained the certificate of the CA center, W generates a key (P_W , S_W ) at the front end, and W submits to the master node through the registration interface authorized by the master node Submit a user registration application. The content of the registration request includes <<REGISTER,o,ts,username,password,ID_CARD,TEL_PHONE>,P_W ,Sig_W >, where REGISTER is the registration request identifier, o is the registration operation, and ts is the time stamp. username is the user name of the inquiring party, password is the inquiring party's password, ID_CARD is the ID card information of the inquiring party, TEL_PHONE is the phone number of the inquiring party, P_W is the public key information of W, Sig_W is W's signature on the message, and the master node verifies the signature If successful, execute the registration of the inquiring party, and assign the permission code Permission_ID with only inquiring authority and the key pair (Key_PW , Key_SW ) authorized to the inquiring party;

5.2)查询请求，如图7所示，查询方W通过注册后，W主动提交查询请求，请求内容包括<<INQUIRE,o,ts,username,password,Permission_ID,condition_W>,P_W,Sig_W,Key_PW>，其中INQUIRE为查询请求，o是查询操作，ts是时间戳，username是查询方的用户名，password为查询方的密码，condition_W为查询条件，Key_PW查询节点公钥，请求前使用Key_PW加密请求数据。主节点接收到请求后通过私钥Key_SW解密，如果解密数据符合规范且合法，主节点执行查询操作；5.2) Query request, as shown in Figure 7, after the inquiring party W registers, W actively submits a query request, and the content of the request includes <<INQUIRE, o, ts, username, password, Permission_ID , condition_W >, P_W , Sig_W ,Key_PW >, where INQUIRE is the query request, o is the query operation, ts is the timestamp, username is the user name of the queryer, password is the password of the queryer, condition_W is the query condition, and Key_PW is the public key of the query node. Use the Key_PW to encrypt the request data before requesting. After receiving the request, the master node decrypts it with the private key Key_SW . If the decrypted data conforms to the specification and is legal, the master node executes the query operation;

5.3)查询结果，主节点根据condition_W对区块数据通过智能合约遍历查询，成功查询到后返回查询结果的JSON数据RES_inqdata，其内容包含时间戳、船舶名称/MMSI号、船舶轨迹List列表、Key_PW等，并主节点将该数据使用Key_SW进行加密返回给查询方，查询方使用Key_PW解密获取查询的AIS数据，并将AIS映射至电子航道图完成轨迹回溯查询。5.3) Query results, the master node traverses and queries the block data through the smart contract according to the condition_W , and returns the JSON data RES_inqdata of the query result after successful query, and its content includes timestamp, ship name/MMSI number, ship trajectory List, Key_PW, etc., and the master node uses Key_SW to encrypt the data and returns it to the inquiring party. The inquiring party uses Key_PW to decrypt and obtain the queried AIS data, and maps the AIS to the electronic waterway map to complete the trajectory backtracking query.

Claims (11)

Translated fromChinese

1.一种基于区块链的船舶轨迹监测系统，其特征在于：包括主通信节点A₀和n个副本通信节点；1. A block chain-based ship track monitoring system, characterized in that: comprise master communication node_A0 and n replica communication nodes;所述主通信节点A₀和n个副本通信节点组成区块链；The master communication node_A0 and n copy communication nodes form a block chain;所述区块链存储AIS信息；The blockchain stores AIS information;所述副本通信节点从区块链中获取AIS信息，完成轨迹回溯查询；The copy communication node obtains the AIS information from the block chain, and completes the trajectory backtracking query;所述区块链存储AIS信息的步骤包括：The steps of storing AIS information in the block chain include:I)任意副本通信节点A接收船舶发送的加密AIS信息R_accA，并对加密AIS信息R_accA进行解析，得到AIS信息R_accaA＝Y(R_accA)；Y表示解析协议；A∈{A₁，A₂…A_n}；{A₁，A₂…A_n}为副本通信节点；I) Any copy communication node A receives the encrypted AIS information R_accA sent by the ship, and analyzes the encrypted AIS information R_accA to obtain the AIS information R_acca = Y(R_accA ); Y represents the analysis protocol; A∈{A₁ , A₂ ...A_n }; {A₁ , A₂ ...A_n } is a replica communication node;II)所述副本通信节点A对接收到的AIS信息R_accaA进行加密，生成数字摘要信息M，并通过摘要M生成数字签名(r，s)；所述副本通信节点A在区块链中广播数据R_accaA、数字签名(r，s)、副本通信节点A的公钥P_A；II) The copy communication node A encrypts the received AIS information R_accaA , generates a digital summary information M, and generates a digital signature (r, s) through the summary M; the copy communication node A broadcasts in the block chain Data R_accaA , digital signature (r, s), public key_PA of replica communication node A;III)任意副本通信节点B接收到副本通信节点A广播的信息，记为信息M′、数字签名(r′，s′)、副本通信节点A的公钥P_A；B∈{A₁，A₂…A_n}，且B≠A；III) Any copy communication node B receives the information broadcast by copy communication node A, which is recorded as information M', digital signature (r', s'), public key PA of copy communication node_A ; B∈{A₁ , A₂ ...A_n }, and B≠A;IV)副本通信节点B对信息M′进行验证，若验证通过，则进入步骤V，否则，拒绝接收副本通信节点A广播的信息；IV) The replica communication node B verifies the information M', if the verification is passed, then enter step V, otherwise, refuse to receive the information broadcast by the replica communication node A;V)所述副本通信节点B对信息M′进行解密和冗余处理，得到信息R′_M＝{R′_x1，R′_x2…R′_xk}；V) The replica communication node B decrypts and redundantly processes the information M' to obtain information R'_M ={R'_x1 , R'_x2 ... R'_xk };VI)所述副本通信节点B对信息R′_M中的每个元素进行Hash运算，得到若干j级Hash块；其中，元素R′_xi对应的j级Hash块Node0_i＝Hash(R′_xi)，i＝1，2…k；j初始值为1；VI) The duplicate_{communication} node B performs a Hash operation on each element in the information R'_M to obtain several j-level Hash blocks; wherein, the j-level Hash block Node0_i =Hash(R'_xi ) corresponding to the element R'xi , i=1, 2...k; the initial value of j is 1;VII)所述副本通信节点B将相邻两个j级Hash块串联，并对相邻两个j级Hash块进行Hash运算，得到j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i+Node0_i+1)，i＝1，3，5…k-1；若k为奇数，则末端j+1级Hash块Node1_(i+1)/2＝Hash(Node0_i)；VII) said copy communication node B connects two adjacent j-level Hash blocks in series, and performs Hash operation on adjacent two j-level Hash blocks, and obtains j+1 level Hash block Node1_(i+1)/2 =Hash (Node0_i +Node0_i+1 ), i=1,3,5...k-1; If k is an odd number, then the terminal j+1 level Hash block Node1_(i+1)/2 =Hash(Node0_i );VIII)令j＝j+1，并返回步骤VII)，直至生成Hash值Merkle Root，记为MT_r；VIII) make j=j+1, and return to step VII), until the Hash value Merkle Root is generated, denoted as MT_r ;所述副本通信节点从区块链中获取AIS信息的步骤包括：The step of obtaining the AIS information from the block chain by the copy communication node includes:1)副本通信节点A_x向主节点A₀发送请求指令REQUEST；所述请求指令REQUEST携带的信息包括请求操作o、时间戳ts、副本通信节点A_x的标识Client_id、副本通信节点A_x的信息msg、副本通信节点A_x的公钥P_Clientx、数字签名Sig_Clientx，x∈{1，2…n}；1) The copy communication node A_x sends a request command REQUEST to the master node A₀ ; the information carried by the request command REQUEST includes the request operation o, the timestamp ts, the identification Client_id of the copy communication node A_x , and the information of the copy communication node A_x msg, public key P_Clientx of replica communication node A_x , digital signature Sig_Clientx , x∈{1, 2...n};2)主节点A₀接收到请求指令REQUEST后，利用公钥P_Clientx校验请求指令REQUEST中的数字签名Sig_Clientx，若验证通过，则主节点A₀为副本通信节点A_x的请求指令分配编号id∈[h，H]，并在区块链中广播PRE-PREPARE请求；所述PRE-PREPARE请求携带的信息包括视图编号viewNum、副本通信节点A_x的消息摘要d_msg、副本通信节点A_x的消息msg、主节点A₀公钥P_A0、主节点A₀数字签名Sig_A0、编号id；2) After the master node_A0 receives the request command REQUEST, it uses the public key P_Clientx to verify the digital signature Sig_Clientx in the request command REQUEST. If the verification is passed, the master node_A0 assigns a serial number to the request command of the replica communication node A_x id∈[h, H], and broadcast a PRE-PREPARE request in the blockchain; the information carried by the PRE-PREPARE request includes the view number viewNum, the message digest d_msg of the copy communication node A_x , the copy communication node A_x message msg, master node A₀ public key P_A0 , master node A₀ digital signature Sig_A0 , number id;3)副本通信节点A_y接收到主节点A₀发送的PRE-PREPARE请求后，对PRE-PREPARE请求进行验证，若验证通过，则在区块链中广播PREPARE请求，否则，拒绝PRE-PREPARE请求；所述PREPARE请求携带的信息包括视图编号viewNum、消息摘要d_pre＝d_msg、当前副本通信节点编号y-＞num、编号id、副本通信节点A_y公钥P_Ay、副本通信节点A_y数字签名Sig_Ay；3) After the replica communication node A_y receives the PRE-PREPARE request sent by the master node A₀ , it verifies the PRE-PREPARE request, if the verification is passed, it broadcasts the PREPARE request in the blockchain, otherwise, rejects the PRE-PREPARE request ; The information carried by the PREPARE request includes view number viewNum, message digest d_pre = d_msg , current copy communication node number y->num, number id, copy communication node A_y public key P_Ay , copy communication node A_y number Signature Sig_Ay ;4)所述主节点A₀和副本通信节点接收到PREPARE请求后，对PREPARE请求进行验证，若验证通过，则将验证通过的反馈信息I发送至副本通信节点A_y；4) After the master node_A0 and the replica communication node receive the PREPARE request, they verify the PREPARE request, and if the verification is passed, send the verified feedback information I to the replica communication node_Ay ;5)若副本通信节点A_y接收到2f+1个验证通过的反馈信息I，则在区块链中广播COMMIT请求；f为系统中失效节点最大个数；COMMIT请求携带的信息包括视图编号viewNum、消息摘要d_com＝d_pre＝d_msg、当前副本通信节点编号y-＞num、副本通信节点A_y数字签名Sig_Ay；5) If the replica communication node A_y receives 2f+1 pieces of feedback information I that pass the verification, it broadcasts a COMMIT request in the blockchain; f is the maximum number of failed nodes in the system; the information carried by the COMMIT request includes the view number viewNum , message digest d_com =d_pre =d_msg , current copy communication node number y->num, copy communication node A_y digital signature Sig_Ay ;6)主节点A₀和副本通信节点接收到COMMIT请求后，对COMMIT请求进行验证，若验证通过，则将验证通过的反馈信息II发送至副本通信节点A_y；6) After the master node_A0 and the replica communication node receive the COMMIT request, they verify the COMMIT request, and if the verification is passed, send the verified feedback information II to the replica communication node_Ay ;7)若副本通信节点A_y接收到2f+1个验证通过的反馈信息II，则运行请求操作o，并向副本通信节点A_x反馈REPLY信息；所述REPLY信息携带的信息包括视图编号viewNum、时间戳ts、副本通信节点A_x的标识Client_id、请求操作结果r；7) If the copy communication node A_y receives 2f+1 pieces of feedback information II that pass the verification, then run the request operation o, and feed back REPLY information to the copy communication node A_x ; the information carried by the REPLY information includes the view number viewNum, Timestamp ts, identity Client_id of copy communication node A_x , request operation result r;8)副本通信节点A_x判断接收到的REPLY信息数量是否大于等于f+1，若是，则进入步骤9)，否则重新向主节点A₀发送请求指令，并返回步骤2)；8) Copy communication node A_x judges whether the received REPLY information quantity is greater than or equal to f+1, if so, then enter step 9), otherwise send request command to master node_A0 again, and return to step 2);9)主节点A₀将区块上传至区块链；所述区块包括区块头和区块体；所述区块头携带的信息包括区块版本号V_ID、当前区块哈希值MT_r、时间戳、前一个区块的哈希值、主节点的数字签名SIG_AviewNum；所述区块体携带的信息包括历史间隔时间t_AIS的AIS数据；9) The master node A₀ uploads the block to the block chain; the block includes a block header and a block body; the information carried by the block header includes the block version number V_ID, the current block hash value MT_r , Timestamp, the hash value of the previous block, the digital signature SIG_AviewNum of the master node; the information carried by the block body includes the AIS data of the historical interval time t_AIS ;10)查询方向主节点A₀发送查询请求INQUIRE；所述查询请求INQUIRE携带的信息包括请求操作O、时间戳ts、查询方的用户名username、查询方的密码password、查询条件condition_W、查询方公钥Key_PW；10) The query direction master node_A0 sends a query request INQUIRE; the information carried by the query request INQUIRE includes request operation O, time stamp ts, user name username of the query party, password password of the query party, query condition_W , query party public key Key_PW ;11)主节点A₀利用私钥Key_SW对查询请求INQUIRE进行解密；解密后，主节点A₀根据查询条件condition_W对区块数据遍历查询，得到查询结果RES_inqdata，并将查询结果RES_inqdata发送至查询方；所述查询结果RES_inqdata携带的信息包括时间戳、AIS数据、查询方公钥Key_PW；11) The master node A₀ uses the private key Key_SW to decrypt the query request INQUIRE; after decryption, the master node A₀ traverses the block data according to the query condition_W , obtains the query result RES_inqdata , and sends the query result RES_inqdata To the querying party; the information carried by the query result RES_inqdata includes timestamp, AIS data, public key Key_PW of the querying party;12)查询方接收查询结果RES_inqdata，并根据查询方公钥Key_PW对查询结果RES_inqdata进行解密，得到查询的AIS数据；查询方将AIS映射至电子航道图完成轨迹回溯查询。12) The inquiring party receives the query result RES_inqdata , and decrypts the query result RES_inqdata according to the inquiring party's public key Key_PW , and obtains the inquired AIS data; the inquiring party maps the AIS to the electronic waterway map to complete the trajectory backtracking query.2.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于：n个副本通信节点分为轻量化节点和全节点；2. a kind of ship track monitoring system based on block chain according to claim 1, is characterized in that: n replica communication nodes are divided into lightweight nodes and full nodes;所述轻量化节点包括控制河段岸基信号台；所述轻量化节点存储区块头数据；The lightweight node includes a bank-based signal station for controlling river sections; the lightweight node stores block header data;所述全节点包括航道监管部门节点；所述全节点存储区块数据。The full node includes a waterway supervision department node; the full node stores block data.3.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于：所述AIS信息包括船舶MMSI号、AIS发送时间、船舶名称、船舶类型、航向、船舶位置、对地船速、对地航速、航艏向、航道状态、转向率。3. A block chain-based ship track monitoring system according to claim 1, characterized in that: said AIS information includes ship MMSI number, AIS sending time, ship name, ship type, course, ship position, Vessel speed over ground, speed over ground, heading, channel status, turning rate.4.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于：所述副本通信节点、查询方均存储有海事数字证书认证中心CA颁发的数字证书。4. A block chain-based ship track monitoring system according to claim 1, characterized in that: the copy communication node and the querying party all store a digital certificate issued by a maritime digital certificate certification center CA.5.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，对接收到的AIS信息R_A进行加密的步骤包括：5. a kind of ship track monitoring system based on block chain according to claim 1, is characterized in that, the step of encrypting the AIS information R_A that receives comprises:1)计算数据e＝SM3(M″)；其中，参数M″＝Z||M；M是需要被签名的消息，且{M∈M₁，M₂…M_k}；参数Z＝SM3(ENTL||ID||a||b||x_G||y_G||x_A||y_A)；ENTL为ID的比特长度；ID为用户身份标识；(x_G，y_G)为加密曲线基点坐标，(x_A，y_A)为用户的公钥；1) Calculation data e=SM3(M″); where, parameter M″=Z||M; M is the message to be signed, and {M∈M₁ , M₂ ...M_k }; parameter Z=SM3( ENTL||ID||a||b||x_G ||y_G ||x_A ||y_A ); ENTL is the bit length of ID; ID is the user identity; (x_G , y_G ) is encryption Curve base point coordinates, (x_A , y_A ) is the user's public key;2)产生随机数q∈[1，N-1]；N为G的阶；G为加密曲线基点；2) Generate a random number q∈[1, N-1]; N is the order of G; G is the base point of the encryption curve;3)计算加密曲线点G₁(x₁，y₁)＝[q]G；3) Calculate encryption curve point G₁ (x₁ , y₁ )=[q]G;3)计算参数r＝(e+x₁)mod N，若r＝0或r+q＝N，则返回步骤2)，否则，进入步骤4)；3) Calculation parameter r=(e+x₁ ) mod N, if r=0 or r+q=N, return to step 2), otherwise, enter step 4);4)计算参数s＝((1+d_A)^-1·(q-r·d_A))mod N，若s＝0，则返回步骤2)，否则进入步骤5)；d_A∈[1，N-2]是节点私钥；公钥P_A＝[d_A]G＝(x_A，y_A)；4) Calculation parameter s=((1+d_A )^-1 ·(qr·d_A ))mod N, if s=0, return to step 2), otherwise enter step 5); d_A ∈ [1, N -2] is the node private key; public key P_A =[d_A ]G=(x_A , y_A );5)将解析后的数据R_A、数字签名(r，s)、公钥P以P2P方式广播给网络中其他节点。5) Broadcast the parsed data R_A , digital signature (r, s), and public key P to other nodes in the network in a P2P manner.6.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，根据副本通信节点A的公钥对信息M′进行验证的步骤包括：6. A kind of ship track monitoring system based on block chain according to claim 1, is characterized in that, according to the public key of copy communication node A, the step of verifying information M ' comprises:1)检验参数r′∈[1，N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤2)；1) Check whether the parameter r'∈[1, N-1] is established, if not established, the verification fails, if established, then enter step 2);2)检验初始s′∈[1，N-1]是否成立，若不成立则验证不通过，若成立，则进入步骤3)；2) Check whether the initial s′∈[1, N-1] is established, if not established, the verification fails, if established, then enter step 3);3)计算数据e′＝SM3(M″′)；M″′＝Z||M′；3) Calculation data e'=SM3(M"'); M"'=Z||M';4)计算参数u＝(r′+s′)mod N，若u＝0，则验证不通过，否则，进入步骤5)；4) Calculation parameter u=(r'+s') mod N, if u=0, then verification fails, otherwise, enter step 5);5)计算加密曲线点(x₁，y₁)＝[s]G+[u]P_A；5) Calculate encryption curve point (x₁ , y₁ )=[s]G+[u]_PA ;6)计算参数R＝(e′+x′₁)mod N，并检验R＝r′是否成立，若成立则验证通过，否则验证不通过。6) Calculate the parameter R=(e′+x′₁ ) mod N, and check whether R=r′ is established, if it is established, the verification is passed, otherwise the verification is not passed.7.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于：对信息M′进行冗余处理的步骤包括：7. A block chain-based ship trajectory monitoring system according to claim 1, characterized in that: the step of redundantly processing information M' comprises:1)记节点本地内存池中的数据为R_L；1) Record the data in the local memory pool of the node as_RL ;2)对信息M′中的第i条数据M′_x→i与数据R_L进行比较，如果数据R_L包含数据M′_x→i，就舍弃数据M′_x→i，否则，将数据M′_x→i写入数据R_L中；i初始值为1；2) Compare the i-th piece of data M′_x→i in the information M′ with the data_RL , if the data_RL contains the data M′_x→i , discard the data M′_x→i , otherwise, save the data M ′_x→i is written into the data_RL ; the initial value of i is 1;3)令i＝i+1，并重复步骤2)，直至信息M′中所有数据均比较完毕，得到R_M＝{R_x1，R_x1…R_xk}；3) Set i=i+1, and repeat step 2), until all the data in the information M' are compared, and R_M ={R_x1 , R_x1 ... R_xk };4)对数据R_M中的元素进行拆解，得到时间戳数组TSArr＝{ts₁，ts₂…ts_k}；根据时间戳对数据R_M进行重新排序，得到信息R′_M＝{R′_x1，R′_x2…R′_xk}。4) Disassemble the elements in the data R_M to obtain the time stamp array TSArr={ts₁ , ts₂ ... ts_k }; reorder the data R_M according to the time stamps to obtain the information R′_M ={R′_x1 , R′_x2 ... R′_xk }.8.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，对PRE-PREPARE请求进行验证的步骤包括：8. A block chain-based ship track monitoring system according to claim 1, wherein the step of verifying the PRE-PREPARE request comprises:1)利用公钥P_A0校验数字签名Sig_A0是否正确，若正确，则进入步骤2)，若不正确，验证不通过；1) Use the public key P_A0 to verify whether the digital signature Sig_A0 is correct, if it is correct, then enter step 2), if it is not correct, the verification fails;2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PRE-PREPARE请求，若是，则验证不通过，否则，进入步骤3)；2) Judging whether the current copy communication node has received the PRE-PREPARE request with the same view number viewNum and number id, if so, the verification fails, otherwise, enter step 3);3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_msg是否一致，若不一致，则验证不通过，若一致，则进入步骤4)；3) Carry out a summary operation on the information msg, and judge whether the summary operation result is consistent with the summary d_msg , if not, the verification fails, if they are consistent, then enter step 4);4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.9.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，对PREPARE请求进行验证的步骤包括：9. A block chain-based ship track monitoring system according to claim 1, wherein the step of verifying the PREPARE request comprises:1)验证PREPARE携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过；1) Verify whether the digital signature carried by PREPARE is correct, if it is correct, go to step 2), if not, the verification fails;2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的PREPARE请求，若是，则验证不通过，否则，进入步骤3)；2) Judging whether the current copy communication node has received the PREPARE request with the same view number viewNum and number id, if so, the verification fails, otherwise, enter step 3);3)判断摘要d_pre与当前已收到PRE-PPREPARE请求中的摘要d_msg是否相同，若不同，则验证不通过，若相同，则进入步骤4)；3) Judging whether the summary d_pre is the same as the summary d_msg in the currently received PRE-PPREPARE request, if they are different, the verification fails, if they are the same, go to step 4);4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.10.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，对COMMIT请求进行验证的步骤包括：10. A kind of ship track monitoring system based on block chain according to claim 1, is characterized in that, the step of verifying COMMIT request comprises:1)验证COMMIT携带的数字签名是否正确，若正确，则进入步骤2)，若不正确，验证不通过；1) Verify whether the digital signature carried by COMMIT is correct, if it is correct, go to step 2), if not, the verification fails;2)判断当前副本通信节点是否已经收到视图编号viewNum、编号id相同的COMMIT请求，若是，则验证不通过，否则，进入步骤3)；2) Determine whether the current copy communication node has received the COMMIT request with the same view number viewNum and number id, if so, the verification fails, otherwise, enter step 3);3)对信息msg进行摘要运算，并判断摘要运算结果与摘要d_com是否一致，若不一致，则验证不通过，若一致，则进入步骤4)；3) Carry out a digest operation on the information msg, and judge whether the result of the digest operation is consistent with the digest d_com , if not, then the verification fails, and if they are consistent, then enter step 4);4)判断h≤id≤H是否成立，若成立，则验证通过，否则，验证不通过。4) Judging whether h≤id≤H is true, if true, the verification is passed, otherwise, the verification is not passed.11.根据权利要求1所述的一种基于区块链的船舶轨迹监测系统，其特征在于，所述查询方经过了注册，注册步骤包括：11. A block chain-based ship trajectory monitoring system according to claim 1, wherein the query party has been registered, and the registration step includes:1)记需查询船舶轨迹的查询方为W；查询方W在前端生成密钥(P_W，S_W)，查询方W向主节点A₀发送注册请求REGISTER；注册请求REGISTER携带的信息包括注册操作、时间戳ts、查询方用户名username、查询方密码password、查询方身份信息ID_CARD、查询方公钥P_W、查询方数字签名Sig_W；1) Note that the inquiring party who needs to inquire about the track of the ship is W; the inquiring party W generates a key (P_W , S_W ) at the front end, and the inquiring party W sends a registration request REGISTER to the master node A₀ ; the information carried by the registration request REGISTER includes the registration Operation, timestamp ts, inquiring party username username, inquiring party password password, inquiring party identity information ID_CARD, inquiring party public key P_W , inquiring party digital signature Sig_W ;2)主节点A₀执行查询方注册操作，为查询方具备查询权限的权限码Permission_ID和授权的查询方密钥对(Key_PW，Key_SW)。2) The master node A₀ performs the registration operation of the inquiring party, and the inquiring party has the permission code Permission_ID of the inquiring authority and the authorized key pair (Key_PW , Key_SW ) of the inquiring party.