CN115484057A

Movatterモバイル変換

Info

Publication number: CN115484057A
Application number: CN202210939617.4A
Authority: CN
Inventors: 刘晓峰; 程永强; 陈泽华
Original assignee: Taiyuan University of Technology
Current assignee: Taiyuan University of Technology
Priority date: 2022-08-05
Filing date: 2022-08-05
Publication date: 2022-12-16

Abstract

The invention belongs to the technical field of score storage and management, and particularly relates to a score storage method and system based on an alliance chain technology. The method comprises the following steps: s1, building a alliance chain; s2, authorizing and authenticating the identity for each node through a digital identity authentication center; s3, creating a data index for the score information needing to be linked, and calculating a hash value of the score information by adopting a hash encryption algorithm; after carrying out digital signature on the hash values of the data index and the achievement information, packaging to generate new block data, and broadcasting to a first node and other second nodes in a alliance chain; s4, verifying the format and the signature of the new block; if the verification is passed, updating the block data in the local node; and S5, determining a data index corresponding to the score data to be inquired, calculating a hash value of score information under a corresponding chain, and acquiring the hash values corresponding to all nodes for comparison. The invention has certain decentralization characteristic and can realize the safe access of the scores.

Description

Translated fromChinese

一种基于联盟链的成绩存证方法及系统A method and system for achievement certificate storage based on alliance chain

技术领域technical field

本发明属于成绩存储与管理技术领域，尤其涉及一种基于联盟链技术的成绩存证方法及系统。The invention belongs to the technical field of score storage and management, and in particular relates to a score storage method and system based on alliance chain technology.

背景技术Background technique

目前学校中的成绩信息存储管理系统使用的是完全中心化的技术方案和数据库，存在以下风险和缺陷：At present, the grade information storage management system in the school uses a completely centralized technical solution and database, which has the following risks and defects:

1、被黑客篡改风险：中心化的成绩信息存储管理系统中，黑客针对学校的网络、系统、数据库等漏洞进行攻击，一旦攻破，会造成学生的原始成绩数据被盗取、删除和篡改。1. Risk of tampering by hackers: In the centralized grade information storage management system, hackers attack the school’s network, system, database and other vulnerabilities. Once breached, the original grade data of students will be stolen, deleted and tampered with.

2、权限集中，无法监管的风险：中心化的成绩信息存储管理系统中，由于上级教育机构和部门不直接保存学生的原始成绩数据，因此对各个学校的成绩是否经过篡改无法验证和监管。成绩的管理权限过度集中在学校，其他机构及角色没有充分参与，也没有公开、透明和有效地限制学校权限的机制。2. Centralized authority and the risk of being unable to supervise: In the centralized grade information storage management system, since the higher education institutions and departments do not directly save the original grade data of students, it is impossible to verify and supervise whether the grades of each school have been tampered with. The management authority of grades is excessively concentrated in the school, and other agencies and roles are not fully involved, and there is no open, transparent and effective mechanism to limit the authority of the school.

3、数据利用效率低：学生需要使用成绩单的时候，一般需要学校机构按照固定的流程和方式，出具官方的证明文件，盖公章流程繁琐，学生耗时费力，尤其是毕业生还得返回学校办理，一旦丢失，得重新办理，而无法直接利用线上的数据直接得到成绩证明。3. Low data utilization efficiency: When students need to use transcripts, they generally need school institutions to issue official certification documents in accordance with fixed procedures and methods. Once the application is lost, it has to be applied again, and it is impossible to directly use the online data to directly obtain the score certificate.

以上风险和缺陷极大地困扰着学校和教育部门，而区块链技术则有望消除上述风险。区块链(Blockchain)是一种去中心化的链式数据结构，并以密码学方式保证其数据不可篡改和不可伪造，单个甚至多个节点对数据的修改无法影响其他更多节点的数据。The above risks and defects have greatly troubled schools and the education sector, and blockchain technology is expected to eliminate the above risks. Blockchain (Blockchain) is a decentralized chained data structure, and cryptographically ensures that its data cannot be tampered with and cannot be forged. The modification of data by a single or even multiple nodes cannot affect the data of other nodes.

基于以上分析，需要发明一种安全可信的基于联盟链的成绩存证方法及系统。Based on the above analysis, it is necessary to invent a safe and credible alliance chain-based performance certificate storage method and system.

发明内容Contents of the invention

本发明克服现有技术存在的不足，所要解决的技术问题为：提供一种基于联盟链的成绩存证方法及系统，解决中心化成绩信息存储管理系统中的安全问题。The present invention overcomes the deficiencies in the prior art, and the technical problem to be solved is: to provide a method and system for storing certificates of achievements based on alliance chains, and to solve the security problem in the centralized achievement information storage management system.

为了解决上述技术问题，本发明采用的技术方案为：一种基于联盟链的成绩存证方法，包括以下步骤：In order to solve the above-mentioned technical problems, the technical solution adopted by the present invention is: a method for depositing certificates based on alliance chains, comprising the following steps:

S1、确定联盟链的底层参数、规则和联盟链节点，搭建联盟链；所述联盟链节点包括第一节点、数字身份认证中心和多个第二节点；所述第一节点和第二节点中均存储整个联盟链的区块数据，每个区块数据包括成绩信息的数据索引和成绩信息的哈希值；S1. Determine the underlying parameters, rules, and nodes of the alliance chain, and build the alliance chain; the nodes of the alliance chain include a first node, a digital identity authentication center, and a plurality of second nodes; among the first node and the second node Both store the block data of the entire alliance chain, and each block data includes the data index of the score information and the hash value of the score information;

S2、通过数字身份认证中心为各个节点进行身份的授权和认证；S2. Authorize and authenticate the identity of each node through the digital identity authentication center;

S3、第二节点对需要上链的成绩信息创建数据索引，并采用哈希加密算法计算其哈希值；将数据索引和成绩信息的哈希值进行数字签名之后打包生成新区块数据后，向联盟链中的所有节点进行广播；S3. The second node creates a data index for the score information that needs to be uploaded to the chain, and uses a hash encryption algorithm to calculate its hash value; digitally signs the data index and the hash value of the score information and packages it to generate new block data, and sends it to All nodes in the alliance chain broadcast;

S4、联盟链中的所有节点针对新区块的格式以及签名进行验证，若其中一个节点的验证不通过，则该节点丢弃该区块；若验证通过，则各个节点更新本地节点中的区块数据；S4. All nodes in the alliance chain verify the format and signature of the new block. If one of the nodes fails the verification, the node discards the block; if the verification passes, each node updates the block data in the local node ;

S5、当需要查询、验证或审计链下成绩数据时，确定该成绩数据对应的数据索引，按照数据索引获取所有节点上的数据索引对应的哈希值，同时，计算对应的链下的成绩信息的哈希值，并将所有的哈希值进行对比，如果全部相等，则证明验证通过，成绩正确无误，否则说明已被篡改。S5. When querying, verifying or auditing off-chain score data is required, determine the data index corresponding to the score data, obtain the hash values corresponding to the data indexes on all nodes according to the data index, and calculate the corresponding off-chain score information The hash value, and compare all the hash values, if they are all equal, it proves that the verification is passed and the result is correct, otherwise it means that it has been tampered with.

所述步骤S3中，第二节点对管理员进行身份认证后，再进行数据的索引的创建；In the step S3, after the second node authenticates the administrator, the data index is created;

所述步骤S4中，各个节点如果在短时间内收到多个节点的区块广播，按照预定规则配置多个节点的区块顺序。In the step S4, if each node receives block broadcasts from multiple nodes within a short period of time, configure the sequence of blocks of multiple nodes according to predetermined rules.

所述的一种基于联盟链的成绩存证方法，还包括以下步骤：The described method for depositing certificates of achievements based on the alliance chain also includes the following steps:

S6、当验证通过后，对应的第二节点生成包含学生的成绩信息的电子成绩单，并发送给查询用户。S6. After the verification is passed, the corresponding second node generates an electronic transcript containing the student's grade information, and sends it to the query user.

所述步骤S6中，当节点用户验证通过后，生成的电子成绩单还包括成绩信息的哈希值、对应的二维码以及对应的第二节点的数字签名。In the step S6, after the verification of the node user is passed, the generated electronic transcript also includes the hash value of the score information, the corresponding two-dimensional code and the corresponding digital signature of the second node.

S7、授权新节点作为联盟链的第三节点，所述第三节点用于存储第二节点上传的区块数据，还用于执行节点用户的查询操作，并在验证通过后生成对应的电子成绩单。S7. Authorize the new node as the third node of the consortium chain, the third node is used to store the block data uploaded by the second node, and is also used to perform the query operation of the node user, and generate the corresponding electronic score after the verification is passed one.

此外，本发明还提供了一种基于联盟链的成绩存证系统，用于实施所述的一种基于联盟链的成绩存证方法，包括：第一服务器和多个第二服务器；所述第一服务器用于作为第一节点加入联盟链，所述第二服务器用于作为第二节点加入联盟链。In addition, the present invention also provides a consortium chain-based achievement certificate storage system, which is used to implement the above-mentioned consortium chain-based achievement certificate storage method, including: a first server and a plurality of second servers; the first A server is used to join the consortium chain as a first node, and the second server is used to join the consortium chain as a second node.

所述第二服务器包括：The second server includes:

第二客户端管理模块：用于提供接口和界面；The second client management module: used to provide interfaces and interfaces;

成绩上链模块：用于根据第二客户端管理模块发送的需要上链的成绩信息创建数据索引，以及应用哈希加密算法计算上链信息的哈希值，然后将数据索引和哈希值进行数字签名打包生成新区块数据后，向第一服务器及其它第二服务器进行广播；Score on-chain module: used to create a data index based on the score information sent by the second client management module that needs to be on-chain, and apply a hash encryption algorithm to calculate the hash value of the on-chain information, and then compare the data index and hash value After the digital signature is packaged to generate new block data, it is broadcast to the first server and other second servers;

第二新区块更新模块：用于收到广播的新区块数据后，对新区块进行正确性验证，更新本节点区块链数据，使得更新后的区块链中包含所有的共识区块；The second new block update module: used to verify the correctness of the new block after receiving the broadcasted new block data, and update the blockchain data of the node so that the updated blockchain includes all consensus blocks;

成绩验证模块：用于接收第二客户端管理模块发送的验证请求，并获取验证请求中的待验证数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值，同时获取对应链下成绩并计算对应链下成绩信息的哈希值，将所有哈希值进行对比，若一致则发送验证通过信息至所述第一电子证照模块；Score verification module: used to receive the verification request sent by the second client management module, obtain the data index corresponding to the data to be verified in the verification request, obtain the hash value corresponding to the data index from all nodes on the alliance chain, and obtain Corresponding to the off-chain grades and calculating the hash value of the corresponding off-chain grade information, comparing all the hash values, and sending the verification pass information to the first electronic certificate module if they are consistent;

第一电子证照模块：用于根据成绩验证模块发送的验证通过信息，生成电子成绩单后发送给所述第二客户端管理模块。The first electronic certificate module: used to generate an electronic transcript according to the verification passing information sent by the score verification module and send it to the second client management module.

所述第二服务器还包括：The second server also includes:

第一成绩交互模块：所述第二服务器通过所述第一成绩交互模块将对应成绩通过非对称加密的形式发送至所述第一服务器或第三服务器，The first score interaction module: the second server sends the corresponding score to the first server or the third server in the form of asymmetric encryption through the first score interaction module,

所述第二服务器还通过所述第一成绩交互模块实现基于成绩信息的智能合约。The second server also implements a smart contract based on score information through the first score interaction module.

所述的一种基于联盟链的成绩存证系统，还包括第三服务器，所述第三服务器用于作为第三节点加入所述联盟链，包括：The described achievement certificate storage system based on the alliance chain also includes a third server, and the third server is used to join the alliance chain as a third node, including:

第三客户端管理模块：用于提供接口和界面；The third client management module: used to provide interfaces and interfaces;

第三新区块更新模块：用于收到广播的新区块数据后，对新区块进行正确性验证，更新本节点区块链数据，使得更新后的区块链中包含所有的共识区块；The third new block update module: used to verify the correctness of the new block after receiving the broadcasted new block data, and update the blockchain data of the node so that the updated blockchain includes all consensus blocks;

成绩查询模块：用于接收第三客户端管理模块发送的查询请求，并获取查询请求中待查询数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值，同时，向对应的数据上传节点获取对应链下成绩并重新计算对应链下成绩信息的哈希值，将所有的哈希值进行对比，若一致则获取第二服务器上存储的成绩信息并发送至所述第二电子证照模块；Achievement query module: used to receive the query request sent by the third client management module, and obtain the data index corresponding to the data to be queried in the query request, obtain the hash value corresponding to the data index from all nodes on the alliance chain, and at the same time, send The corresponding data upload node obtains the corresponding off-chain score and recalculates the hash value of the corresponding off-chain score information, compares all the hash values, and if they are consistent, obtains the score information stored on the second server and sends it to the first 2. Electronic certificate module;

第二电子证照模块：用于根据成绩查询模块发送的成绩，生成电子成绩单并输出给所述第三客户端管理模块；The second electronic certificate module: for generating electronic transcripts and outputting them to the third client management module according to the grades sent by the grade query module;

所述第一服务器包括：The first server includes:

第一客户端管理模块：用于提供接口和界面；The first client management module: used to provide interfaces and interfaces;

第一新区块更新模块：用于收到广播的新区块数据后，对新区块进行正确性验证，更新本节点区块链数据，使得更新后的区块链中包含所有的共识区块；The first new block update module: used to verify the correctness of the new block after receiving the broadcasted new block data, and update the blockchain data of the node so that the updated blockchain includes all consensus blocks;

成绩查询审计模块：用于接收第一客户端管理模块发送的审计请求，并获取审计请求中待审计数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值，同时，向对应的数据上传节点获取对应链下成绩并计算对应链下成绩信息的哈希值，将所有的哈希值进行对比，生成对应的审计结果并输出给所述第一客户端管理模块。Achievement query audit module: used to receive the audit request sent by the first client management module, obtain the data index corresponding to the data to be audited in the audit request, obtain the hash value corresponding to the data index from all nodes on the alliance chain, and at the same time, Obtain the corresponding off-chain score from the corresponding data upload node and calculate the hash value of the corresponding off-chain score information, compare all the hash values, generate the corresponding audit result and output it to the first client management module.

所述第一服务器、第二服务器和第三服务器均包括初始化模块和数字身份模块；The first server, the second server and the third server all include an initialization module and a digital identity module;

所述初始化模块用于确认联盟链的当前节点，以及同步联盟链中的区块；The initialization module is used to confirm the current node of the consortium chain and synchronize the blocks in the consortium chain;

所述数字身份模块由数字身份认证中心提供，用于对节点用户进行身份的授权和认证；The digital identity module is provided by the digital identity authentication center, and is used to authorize and authenticate the node user's identity;

所述第三服务器还包括成绩获取模块，所述第三服务器通过成绩获取模块向所述第二服务器发送成绩获取信息。The third server further includes a score acquisition module, and the third server sends score acquisition information to the second server through the score acquisition module.

本发明与现有技术相比具有以下有益效果：Compared with the prior art, the present invention has the following beneficial effects:

1、本发明基于联盟链存储包括成绩信息的数据索引和成绩信息的哈希值的区块数据，实现成绩的存证，使得系统具有一定的去中心化特性，即使网络中有部分节点离线、被攻击、数据损坏也不会影响整个系统的运行。1. The present invention stores the block data including the data index of the score information and the hash value of the score information based on the alliance chain, and realizes the storage of the score, so that the system has a certain degree of decentralization, even if some nodes in the network are offline, Attacks and data corruption will not affect the operation of the entire system.

2、本发明使用了哈希函数和非对称加密算法实现成绩对应的哈希值数据到联盟链的上传，而成绩只保存在数据上传节点；因此，黑客无法破解链上的哈希数据，因此不会造成链上的成绩数据被黑客解密泄露，而且区块链的链式结构可以保证链上的共识数据无法被黑客篡改。节点的管理员同样无法破解链上的哈希数据，因此，通过链上和链下的比对验证，可以识别出篡改信息。2. The present invention uses a hash function and an asymmetric encryption algorithm to upload the hash value data corresponding to the score to the alliance chain, and the score is only stored in the data upload node; therefore, hackers cannot crack the hash data on the chain, so It will not cause the score data on the chain to be decrypted and leaked by hackers, and the chain structure of the blockchain can ensure that the consensus data on the chain cannot be tampered with by hackers. The administrator of the node is also unable to crack the hash data on the chain. Therefore, the tampering information can be identified through the comparison verification between the chain and the chain.

3、本发明通过联盟链实现成绩的存证，系统中设置有成绩查询模块，成绩查询审计模块，电子证照模块，可以实现成绩的查询和审计，而且，各个模块相互传输学生成绩信息时，采用非对称加密，确保了链上成绩数据在整个传输过程中的隐私和安全。3. The present invention realizes the storage of grades through the alliance chain. The system is provided with a grade query module, a grade query audit module, and an electronic certificate module, which can realize grade query and audit. Moreover, when each module transmits student grade information to each other, it uses Asymmetric encryption ensures the privacy and security of the score data on the chain during the entire transmission process.

4、本发明通过授权第三节点，可以实现增加联盟链的灵活性，此外，通过在各个第二节点设置第一成绩交互模块，可以实现基于成绩信息的智能合约，使得学生成绩信息的共享、交易等商用和跨链场景更安全、更高效。4. The present invention can increase the flexibility of the alliance chain by authorizing the third node. In addition, by setting the first achievement interaction module at each second node, the smart contract based on the achievement information can be realized, so that the sharing of student achievement information, Commercial and cross-chain scenarios such as transactions are safer and more efficient.

附图说明Description of drawings

图1为本发明实施例一提供的一种基于联盟链的成绩管理方法的流程示意图；Fig. 1 is a schematic flow chart of a performance management method based on alliance chain provided by Embodiment 1 of the present invention;

图2为本发明实施例一中的联盟链的结构示意图；Fig. 2 is a schematic structural diagram of the alliance chain in Embodiment 1 of the present invention;

图3为本发明实施例一中数据索引与成绩信息哈希值的对应关系示意图；Fig. 3 is a schematic diagram of the corresponding relationship between the data index and the hash value of the achievement information in Embodiment 1 of the present invention;

图4为本发明实施例二提供的一种基于联盟链的成绩管理系统的结构示意图。FIG. 4 is a schematic structural diagram of a score management system based on an alliance chain provided by Embodiment 2 of the present invention.

具体实施方式detailed description

为使本发明实施例的目的、技术方案和优点更加清楚，下面将对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明的一部分实施例，而不是全部的实施例；基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below. Obviously, the described embodiments are part of the embodiments of the present invention, rather than All the embodiments; based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts all belong to the protection scope of the present invention.

实施例一Embodiment one

如图1所示，本发明实施例一提供了一种基于联盟链的成绩存证方法，包括以下步骤：As shown in Figure 1, Embodiment 1 of the present invention provides a method for storing certificates of achievements based on alliance chains, including the following steps:

S1、确定联盟链的底层参数、规则和联盟链节点，搭建联盟链；所述联盟链节点包括第一节点、数字身份认证中心和多个第二节点；所述第一节点和第二节点中均存储整个联盟链的区块数据，每个区块数据包括成绩信息的数据索引和成绩信息的哈希值。如图2所示，为本发明实施例中搭建的联盟链的结构示意图。S1. Determine the underlying parameters, rules, and nodes of the alliance chain, and build the alliance chain; the nodes of the alliance chain include a first node, a digital identity authentication center, and a plurality of second nodes; among the first node and the second node Both store the block data of the entire alliance chain, and each block data includes the data index of the score information and the hash value of the score information. As shown in Figure 2, it is a schematic structural diagram of the alliance chain built in the embodiment of the present invention.

所述步骤S1中，初始搭建的联盟链还可以包括第三节点，所述第三节点用于存储第二节点上传的区块数据，还用于实现执行节点用户的查询操作，并在验证通过后生成对应的电子成绩单。In the step S1, the initial consortium chain may also include a third node, the third node is used to store the block data uploaded by the second node, and is also used to implement the query operation of the user of the execution node, and when the verification passes Then generate the corresponding electronic transcript.

本实施例中，三种节点的区别在于，第一节点可以用于实现第二节点和第三节点的授权，第二节点可以用于根据要存证的成绩生成要上传区块数据，第三节点仅仅用于成绩的查询验证等操作。此外，要存证的成绩本身，只存储在第二节点中，则当第一节点需要获取成绩时，由第二节点将成绩发送给第一节点。In this embodiment, the difference between the three nodes is that the first node can be used to realize the authorization of the second node and the third node, the second node can be used to generate block data to be uploaded according to the grades to be stored, and the third node Nodes are only used for operations such as query verification of results. In addition, the grades to be stored are only stored in the second node, and when the first node needs to obtain the grades, the second node will send the grades to the first node.

搭建联盟链之前，首先确定第一节点和第二节点对应的部门单位。本实施例中，第一节点可以为上级主管教育部门，第二节点为可以上传成绩的各个学校。联盟链中的底层参数和规则设置（例如：区块大小，数据索引，成绩信息种类和类型，区块的排序等）由上级教育部门，例如省教育厅决定。Before building the alliance chain, first determine the department units corresponding to the first node and the second node. In this embodiment, the first node may be the superior education department, and the second node may be each school that can upload scores. The underlying parameters and rule settings in the consortium chain (for example: block size, data index, type and type of achievement information, ordering of blocks, etc.) are determined by the higher education department, such as the Provincial Department of Education.

S2、通过数字身份认证中心为各个节点进行身份的授权和认证。S2. Perform identity authorization and authentication for each node through the digital identity authentication center.

数字身份认证中心（例如：上海CA认证中心）为各个节点（包括第一节点、第二节点或第三节点）进行身份的授权和认证，提供数字身份认证与管理服务。通过数字身份认证中心对第二节点进行身份授权之前，需要经过第一节点对第二节点进行授权。The digital identity authentication center (for example: Shanghai CA authentication center) performs identity authorization and authentication for each node (including the first node, second node or third node), and provides digital identity authentication and management services. Before the identity authorization of the second node is performed by the digital identity authentication center, the second node needs to be authorized by the first node.

S3、第二节点对需要上链的成绩信息创建数据索引，并采用哈希加密算法计算其哈希值；将数据索引和成绩信息的哈希值进行数字签名之后打包生成新区块数据后，向联盟链中的各个节点进行广播，同时更新本节点的区块。S3. The second node creates a data index for the score information that needs to be uploaded to the chain, and uses a hash encryption algorithm to calculate its hash value; digitally signs the data index and the hash value of the score information and packages it to generate new block data, and sends it to Each node in the consortium chain broadcasts and updates the block of the node at the same time.

如图3所示，为本实施例中的数据索引示意图。成绩上链之前的预处理具体是指，按照高校现有的教学流程环节，教师提交的成绩存储在教务系统的服务器，对需要上链的本科生成绩等相关信息创建数据索引，并对需要上链的学生成绩信息使用哈希加密算法计算其哈希值，本科生成绩等相关信息参见表1，数据索引与成绩信息哈希值的对应关系参见图3。As shown in FIG. 3 , it is a schematic diagram of data indexing in this embodiment. The preprocessing before the grades are uploaded to the chain specifically refers to that according to the existing teaching process of the university, the grades submitted by the teachers are stored in the server of the educational affairs system, and the data index is created for the relevant information such as the grades of undergraduates that need to be uploaded to the chain, and the data that needs to be uploaded The student grade information of the chain uses the hash encryption algorithm to calculate its hash value. For relevant information such as undergraduate grades, see Table 1. For the correspondence between data indexes and grade information hash values, see Figure 3.

表1 遴选准备上链的成绩信息及其类别Table 1 The grade information and its category for selection to be uploaded to the chain

具体地，所述步骤S3中，第二节点对管理员进行身份认证后，再进行数据的索引的创建。此外，第二节点的其它操作，包括数据上链，成绩交互等等，也可以都在管理员的授权下进行操作。Specifically, in the step S3, after the second node authenticates the administrator, the data index is created. In addition, other operations of the second node, including data uploading, score interaction, etc., can also be performed under the authorization of the administrator.

S4、除了数据上传外的所有节点针对新区块的格式以及签名进行验证，若其中一个节点的验证不通过，则该节点丢弃该区块；若验证通过，则各个节点更新本地节点中的区块数据。所述进行验证和更新区块的节点包括第一节点和其它第二节点。S4. All nodes except data upload verify the format and signature of the new block. If the verification of one of the nodes fails, the node discards the block; if the verification passes, each node updates the block in the local node data. The nodes for verifying and updating blocks include the first node and other second nodes.

所述步骤S4中，各个节点如果在短时间内收到多个节点的区块广播，按照预定规则配置多个节点的区块顺序。只要其余节点检查新区块的正确性之后，新区块就已经上链，速度更快，不存在竞争记账的节点设计，也不存在新区块被逐渐确认的过程，只有在接受新区块排序冲突的时候，会按照预定规则解决。In the step S4, if each node receives block broadcasts from multiple nodes within a short period of time, configure the sequence of blocks of multiple nodes according to predetermined rules. As long as the rest of the nodes check the correctness of the new block, the new block has already been uploaded to the chain, and the speed is faster. There is no node design for competing bookkeeping, and there is no process of new blocks being gradually confirmed. time, it will be resolved according to predetermined rules.

其余节点针对新区块的格式以及签名进行验证，上海CA认证中心的授权，保证了新区块的签名无法被发送方以外的节点伪造，而任意节点都可以验证该签名的正确性，其余节点对新区块的正确性验证不通过的，则丢弃该区块；其余节点对新区块验证正确性之后，更新本地节点中的区块数据，每个节点如果在短时间（例如1分钟）内收到多个节点的区块广播，按照预定规则配置（例如节点名称的字典音序排序）多个节点的区块顺序。The remaining nodes verify the format and signature of the new block. The authorization of the Shanghai CA Certification Center ensures that the signature of the new block cannot be forged by nodes other than the sender, and any node can verify the correctness of the signature. If the correctness verification of the block fails, the block will be discarded; after the rest of the nodes verify the correctness of the new block, they will update the block data in the local node. If each node receives multiple The block broadcast of a node, the block order of multiple nodes is configured according to predetermined rules (such as the dictionary order of node names).

本实施例中，数字身份认证中心授权以后，才能进行成绩信息上链的操作，同时数据索引和成绩信息哈希值上附加有第二节点的管理员的数字签名，用于对操作和人员的存证与溯源。In this embodiment, only after being authorized by the digital identity authentication center can the operation of uploading the achievement information to the chain be carried out. At the same time, the digital signature of the administrator of the second node is attached to the data index and the hash value of the achievement information, which is used to verify the operation and personnel. Evidence and traceability.

S5、当需要查询、验证或审计链下成绩数据时，确定该成绩数据对应的数据索引，按照数据索引获取所有节点上的数据索引对应的哈希值H₁~H_n，同时，计算对应的链下的成绩信息的哈希值H₀，并将所有的哈希值进行对比，如果全部相等，则证明验证通过，成绩正确无误，否则说明已被篡改。链下的成绩信息存储在对应的进行数据上传的第二节点中，H_n表示第n个联盟链节点中对应的哈希值，n表示联盟链中节点的个数。S5. When querying, verifying or auditing off-chain score data is required, determine the data index corresponding to the score data, obtain the hash values H₁ ~H_n corresponding to the data indexes on all nodes according to the data index, and calculate the corresponding The hash value H₀ of the score information under the chain is compared with all the hash values. If they are all equal, it proves that the verification is passed and the score is correct, otherwise it means that it has been tampered with. The off-chain score information is stored in the corresponding second node for data upload, H_n represents the corresponding hash value in the nth consortium chain node, and n represents the number of nodes in the consortium chain.

具体地，节点用户对链下成绩数据进行查询、验证、审计正确性的时候，根据检索字段等查询到数据索引，按照数据索引获取所有节点上的成绩信息哈希数据，同时按照数据索引再次计算成绩等相关信息的哈希值，将所有的哈希值进行对比。如果全部相等，证明成绩正确无误，否则说明教务系统的成绩数据或某些节点存储的成绩信息哈希值已被篡改。Specifically, when the node user queries, verifies, and audits the correctness of the off-chain score data, he or she can query the data index according to the search field, obtain the hash data of the score information on all nodes according to the data index, and calculate again according to the data index The hash value of relevant information such as grades, and compares all the hash values. If all are equal, it proves that the grades are correct, otherwise, it means that the grade data of the educational administration system or the hash value of the grade information stored by some nodes has been tampered with.

所述步骤S6中，当节点用户验证通过后，生成的电子成绩单还包括成绩信息的哈希值，以及电子成绩单对应的二维码。此外，电子成绩单还包括对应的第二节点的数字签名。In the step S6, after the verification of the node user is passed, the generated electronic transcript also includes a hash value of the score information and a QR code corresponding to the electronic transcript. In addition, the electronic transcript also includes the digital signature of the corresponding second node.

S7、授权新节点作为联盟链的第三节点，所述第三节点用于存储第二节点上传的区块数据，还用于实现执行节点用户的查询操作，并在验证通过后生成对应的电子成绩单。S7. Authorize the new node as the third node of the alliance chain. The third node is used to store the block data uploaded by the second node, and is also used to implement the query operation of the node user, and generate the corresponding electronic transcript.

本实施例中，第三节点可以为其他机构（例如：省人社厅、省科技厅、省统计局、学信网、用人单位、人力资源中介、咨询机构、学生成绩数据交易方、其他行业联盟链节点等，第三节点的授权，需要通过第一节点的同意。此外，应做出说明的是，当联盟链中包括第三节点时，所述步骤S3中进行广播时也包括向第三节点进行广播。所述步骤S4中验证和更新区块的操作的节点也包括第三节点。In this embodiment, the third node can be other institutions (for example: Provincial Department of Human Resources and Social Security, Provincial Department of Science and Technology, Provincial Bureau of Statistics, Xuexin.com, employers, human resources intermediaries, consulting agencies, transaction parties of student achievement data, other industries Consortium chain nodes, etc., the authorization of the third node requires the consent of the first node. In addition, it should be noted that when the consortium chain includes the third node, broadcasting in the step S3 also includes broadcasting to the first node. The three nodes broadcast. The nodes verifying and updating the blocks in the step S4 also include the third node.

此外，当第三方机构被授权为第三节点之后，第三节点可以执行新区块的正确性验证、更新和排序的操作，以及实现成绩交互，在验证通过后获取对应的成绩。除此之外，还可以执行更复杂的智能合约，例如：本科学生成绩在数据脱敏之后，可以被当成是一种资源，从而给第三方大数据机构共享，进行学情分析、数据分析、数据挖掘，获得更加有用的信息；也可以在数据脱敏之后被当成是一种资产，与第三方进行成绩交易；或者被其他行业领域的联盟链使用，实现商用和跨链的需求。In addition, when the third-party organization is authorized as the third node, the third node can perform the correctness verification, update and sorting operations of the new block, as well as achieve score interaction, and obtain the corresponding score after the verification is passed. In addition, more complex smart contracts can also be executed. For example, undergraduate student grades can be used as a resource after data desensitization, so as to be shared with third-party big data institutions for academic analysis, data analysis, Data mining to obtain more useful information; it can also be used as an asset after data desensitization to conduct performance transactions with third parties; or be used by alliance chains in other industries to achieve commercial and cross-chain needs.

实施例二Embodiment two

如图4所示，本发明实施例二提供了一种基于联盟链的成绩存证系统，用于实施实施例一所述的一种基于联盟链的成绩存证方法，包括：第一服务器和多个第二服务器；所述第一服务器用于作为第一节点加入联盟链，所述第二服务器用于作为第二节点加入联盟链。As shown in Figure 4, Embodiment 2 of the present invention provides a consortium chain-based performance certificate storage system for implementing the consortium chain-based performance certificate storage method described in Embodiment 1, including: a first server and A plurality of second servers; the first server is used to join the consortium chain as a first node, and the second server is used to join the consortium chain as a second node.

具体地，如图4所示，本实施例中，所述第二服务器包括：Specifically, as shown in FIG. 4, in this embodiment, the second server includes:

成绩验证模块：用于接收第二客户端管理模块发送的验证请求，并获取验证请求中的待验证数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值H₁~H_n，同时计算对应的链下成绩信息的哈希值H₀，并将获取的哈希值H₁~H_n与H₀进行对比，若完全一致则发送验证通过信息至所述电子证照生成模块；Score verification module: used to receive the verification request sent by the second client management module, obtain the data index corresponding to the data to be verified in the verification request, and obtain the hash value H₁ ~ corresponding to the data index from all nodes on the alliance chain H_n , at the same time calculate the hash value H₀ of the corresponding off-chain score information, and compare the acquired hash values H₁ ~ H_n with H₀ , and if they are completely consistent, send the verification pass information to the electronic certificate generation module;

所述第二服务器中，成绩验证模块与第一电子证照模块之间相互传输学生成绩信息时，采用非对称加密后发送，保护学生成绩信息的隐私和安全。In the second server, when the achievement verification module and the first electronic certificate module transmit the student achievement information to each other, asymmetric encryption is used to transmit the information, so as to protect the privacy and security of the student achievement information.

具体地，如图4所示，本实施例中，所述第一服务器包括：Specifically, as shown in FIG. 4, in this embodiment, the first server includes:

成绩查询审计模块：用于接收第一客户端管理模块发送的审计请求，并获取审计请求中待审计数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值H₁~H_n，同时向对应的第二服务器获取数据索引对应的链下成绩并计算其哈希值H₀，按照数据索引再次计算学校教务系统发来的成绩信息的哈希值，并将各个节点存储的哈希值H₁~H_n与H₀对比，生成对应的审计结果并输出给所述第一客户端管理模块。Result query audit module: used to receive the audit request sent by the first client management module, obtain the data index corresponding to the data to be audited in the audit request, and obtain the hash value H₁ ~ corresponding to the data index from all nodes on the alliance chain H_n , at the same time obtain the off-chain grades corresponding to the data index from the corresponding second server and calculate its hash value H₀ , calculate the hash value of the grade information sent by the school’s educational affairs system again according to the data index, and store each node The hash values H₁ -H_n are compared with H₀ to generate a corresponding audit result and output it to the first client management module.

所述第一服务器中，成绩查询审计模块获取到成绩信息发送给所述第一客户端管理模块时，采用非对称加密后发送，保护学生成绩信息的隐私和安全。In the first server, when the grade query audit module acquires grade information and sends it to the first client management module, it uses asymmetric encryption to protect the privacy and security of student grade information.

进一步地，如图4所示，本实施例的一种基于联盟链的成绩存证系统，还包括第三服务器，所述第三服务器用于作为第三节点加入所述联盟链，包括：Further, as shown in FIG. 4 , a consortium chain-based score certificate storage system in this embodiment also includes a third server, and the third server is used to join the consortium chain as a third node, including:

成绩查询模块：用于接收第三客户端管理模块发送的查询请求，并获取查询请求中待查询数据对应的数据索引，向联盟链上的所有节点获取数据索引对应的哈希值H₁~H_n，同时向对应的第二服务器获取数据索引的对应链下成绩并计算链下成绩的哈希值H₀，并将各个节点存储的哈希值H₁~H_n与H₀进行对比，若一致则获取对应的第二服务器上的对应成绩信息并发送至所述第二电子证照模块；Achievement query module: used to receive the query request sent by the third client management module, and obtain the data index corresponding to the data to be queried in the query request, and obtain the hash value H₁ ~H corresponding to the data index from all nodes on the alliance chain_n , at the same time obtain the corresponding off-chain score of the data index from the corresponding second server and calculate the hash value H₀ of the off-chain score, and compare the hash values H₁ ~H_n stored in each node with H₀ , if If consistent, obtain the corresponding achievement information on the corresponding second server and send it to the second electronic certificate module;

第二电子证照模块：用于根据成绩查询模块发送的成绩，生成电子成绩单并输出给所述第三客户端管理模块。The second electronic certificate module: used to generate an electronic transcript according to the grade sent by the grade query module and output it to the third client management module.

所述第三服务器中，成绩查询模块获取到成绩信息发送给所述第二电子证照模块时，采用非对称加密后发送，保护学生成绩信息的隐私和安全。In the third server, when the achievement inquiry module acquires the achievement information and sends it to the second electronic certificate module, it uses asymmetric encryption to protect the privacy and security of the student achievement information.

进一步地，如图4所示，本实施例中，所述第一服务器、第二服务器和第三服务器均包括初始化模块和数字身份模块；所述初始化模块用于确认联盟链的当前节点，以及同步联盟链中的区块；所述数字身份模块由数字身份认证中心提供，用于对节点用户进行身份的授权和认证。Further, as shown in Figure 4, in this embodiment, the first server, the second server and the third server all include an initialization module and a digital identity module; the initialization module is used to confirm the current node of the consortium chain, and Synchronize the blocks in the consortium chain; the digital identity module is provided by the digital identity authentication center to authorize and authenticate the identity of node users.

进一步地，所述第二服务器还包括：第一成绩交互模块，所述第二服务器通过所述第一成绩交互模块将对应成绩通过非对称加密的形式发送至所述第一服务器或第三服务器，所述第二服务器还通过所述第一成绩交互模块实现基于成绩信息的智能合约。第一成绩交互模块可以用于执行基于成绩信息的智能合约，使得学生成绩信息的共享、交易等商用和跨链场景更安全、更高效。例如：学生成绩在本地进行数据脱敏或者同态加密，发送给第三方进行数据挖掘；学生成绩在本地进行确权，定价，利用智能合约自动与第三方进行成绩交易。所述第三服务器还包括成绩获取模块，所述第三服务器通过成绩获取模块向所述第二服务器发送成绩获取信息。Further, the second server also includes: a first score interaction module, through which the second server sends the corresponding score to the first server or the third server in the form of asymmetric encryption , the second server also implements a smart contract based on score information through the first score interaction module. The first grade interaction module can be used to execute smart contracts based on grade information, making the sharing and trading of student grade information and other commercial and cross-chain scenarios safer and more efficient. For example: student grades are desensitized locally or homomorphically encrypted, and sent to a third party for data mining; student grades are confirmed locally, priced, and automatically traded with third parties using smart contracts. The third server further includes a score acquisition module, and the third server sends score acquisition information to the second server through the score acquisition module.

最后应说明的是：以上各实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述各实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分或者全部技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.

Claims

1. A achievement evidence storing method based on a alliance chain is characterized by comprising the following steps:

s1, determining bottom layer parameters, rules and alliance chain nodes of an alliance chain, and building the alliance chain; the federation chain node comprises a first node, a digital identity authentication center and a plurality of second nodes; the first node and the second node are used for storing block data of the whole alliance chain, and each block data comprises a data index of achievement information and a hash value of the achievement information;

s2, authorizing and authenticating the identity of each node through a digital identity authentication center;

s3, the second node creates a data index for the score information needing to be linked, and a hash value of the score information is calculated by adopting a hash encryption algorithm; after carrying out digital signature on the hash values of the data index and the achievement information, packaging to generate new block data, and broadcasting to all nodes in the alliance chain;

s4, all nodes in the alliance chain verify the format and the signature of the new block, and if the verification of one node fails, the node discards the block; if the verification is passed, each node updates the block data in the local node;

and S5, when the score data under the chain needs to be inquired, verified or audited, determining a data index corresponding to the score data, acquiring hash values corresponding to the data indexes on all nodes according to the data indexes, meanwhile, calculating the hash values of the corresponding score information under the chain, comparing all the hash values, and if all the hash values are equal, proving that the verification is passed, the score is correct, otherwise, indicating that the score is falsified.

2. The achievement storing method based on the alliance chain as claimed in claim 1, wherein in S3, after the second node authenticates the identity of the administrator, the second node creates the index of the data;

in S4, if each node receives the block broadcast of multiple nodes in a short time, the block sequence of each node is configured according to a predetermined rule.

3. The league-chain-based achievement crediting method according to claim 1, further comprising the steps of:

and S6, after the verification is passed, the corresponding second node generates an electronic score sheet containing the score information of the student and sends the electronic score sheet to the inquiry user.

4. The alliance-chain-based achievement deposit method according to claim 3, wherein in the step S6, after the verification of the node user is passed, the generated electronic achievement list further comprises a hash value of achievement information, a corresponding two-dimensional code and a corresponding digital signature of the second node.

5. The alliance-chain-based achievement credentialing method as recited in claim 1, further comprising the steps of:

and S7, authorizing the new node to serve as a third node of the alliance chain, wherein the third node is used for storing the block data uploaded by the second node, executing the query operation of the node user and generating a corresponding electronic score list after the verification is passed.

6. A result evidence keeping system based on a alliance chain is used for implementing the result evidence keeping method based on the alliance chain of any one of claims 1 to 5, and comprises the following steps: a first server and a plurality of second servers; the first server is used as a first node to join the alliance chain, and the second server is used as a second node to join the alliance chain.

7. A federation chain-based score credentialing system as recited in claim 6, wherein said second server comprises:

the second client management module: for providing an interface and an interface;

a score uplink module: the system comprises a first client management module, a second client management module, a first server and a second server, wherein the first client management module is used for sending result information needing uplink to the first server and the second server;

a second new block update module: after receiving the broadcasted new block data, the method carries out correctness verification on the new block, and updates the data of the node block chain so that the updated block chain comprises all the common identification blocks;

a score verification module: the system comprises a first electronic license module, a second electronic license module, a first client management module, a second client management module and a second electronic license module, wherein the first electronic license module is used for receiving a verification request sent by the second client management module, acquiring a data index corresponding to data to be verified in the verification request, acquiring hash values corresponding to the data index from all nodes on a alliance chain, acquiring corresponding down-chain achievements and calculating hash values corresponding to down-chain achievement information, comparing all the hash values, and sending verification passing information to the first electronic license module if the hash values are consistent;

the first electronic license module: and the electronic score list is generated according to the verification passing information sent by the score verification module and then sent to the second client management module.

8. A federation chain-based score verification system as claimed in claim 7, wherein said second server further comprises:

a first performance interaction module: the second server sends the corresponding achievement to the first server or the third server through the first achievement interactive module in an asymmetric encryption mode,

the second server also realizes the intelligent contract based on the achievement information through the first achievement interacting module.

9. A federation chain-based score verification system as claimed in claim 6 further comprising a third server, said third server being adapted to join the federation chain as a third node, comprising:

a third client management module: for providing an interface and an interface;

a third new block update module: after receiving the broadcasted new block data, the method carries out correctness verification on the new block, and updates the data of the node block chain so that the updated block chain comprises all the common identification blocks;

a score inquiry module: the system comprises a first client management module, a second client management module, a first electronic license module, a second electronic license module and a data index module, wherein the first client management module is used for receiving a query request sent by the third client management module, acquiring a data index corresponding to data to be queried in the query request, acquiring a hash value corresponding to the data index from all nodes on a alliance chain, acquiring corresponding down-link scores from corresponding data uploading nodes, recalculating the hash value corresponding to down-link score information, comparing all hash values, and if the hash values are consistent, acquiring score information stored on a second server and sending the score information to the second electronic license module;

the second electronic license module: the electronic score list is generated according to the scores sent by the score inquiry module and is output to the third client management module;

the first server includes:

the first client management module: for providing an interface and an interface;

the first new block updating module: after receiving the broadcasted new block data, the method carries out correctness verification on the new block, and updates the data of the node block chain so that the updated block chain comprises all the common identification blocks;

score inquiry auditing module: the system comprises a first client management module, a second client management module and a data uploading node, wherein the first client management module is used for receiving an audit request sent by the first client management module, acquiring a data index corresponding to-be-audited data in the audit request, acquiring a hash value corresponding to the data index from all nodes on an alliance chain, acquiring a corresponding down-link score from a corresponding data uploading node, calculating a hash value corresponding to down-link score information, comparing all the hash values, generating a corresponding audit result and outputting the audit result to the first client management module.

10. The alliance-chain-based score keeping system of claim 9, wherein the first server, the second server and the third server each comprise an initialization module and a digital identity module;

the initialization module is used for confirming the current node of the alliance chain and synchronizing the blocks in the alliance chain;

the digital identity module is provided by a digital identity authentication center and is used for authorizing and authenticating the identity of the node user;

the third server also comprises a score acquisition module, and the third server sends score acquisition information to the second server through the score acquisition module.