Movatterモバイル変換

[0]ホーム
URL:

TWI783441B - Data processing method and apparatus for cooperation with blockchain - Google Patents

Data processing method and apparatus for cooperation with blockchainDownload PDF

Info

Publication number
TWI783441B
TWI783441BTW110113296ATW110113296ATWI783441BTW I783441 BTWI783441 BTW I783441BTW 110113296 ATW110113296 ATW 110113296ATW 110113296 ATW110113296 ATW 110113296ATW I783441 BTWI783441 BTW I783441B
Authority
TW
Taiwan
Prior art keywords
data
hash value
identification
record data
identification number
Prior art date
Application number
TW110113296A
Other languages
Chinese (zh)
Other versions
TW202130154A (en
Inventor
黃冠寰
Original Assignee
國際信任機器股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國際信任機器股份有限公司filedCritical國際信任機器股份有限公司
Priority to TW110113296ApriorityCriticalpatent/TWI783441B/en
Publication of TW202130154ApublicationCriticalpatent/TW202130154A/en
Application grantedgrantedCritical
Publication of TWI783441BpublicationCriticalpatent/TWI783441B/en

Links

Images

Landscapes

Abstract

Data processing methods and apparatuses for cooperation with a blockchain are provided. The data processing method includes receiving, from at least one terminal apparatuses, first record data and first identification data corresponding to the first record data; generating a first identification number according to the first identification data, the first identification number is used for identifying a first leaf node of a plurality of leaf nodes in a binary tree; storing, in the first leaf node, a hash value of the first record data; generating a plurality of slices according to the binary tree; uploading a root hash value of the binary tree to the blockchain; and transmitting a first slice of the plurality of slices to the at least one terminal apparatuses, the first slice including the first leaf node storing the hash value of the first record data.

Description

Translated fromChinese
用於與區塊鏈協作的資料處理方法與裝置Data processing method and device for cooperation with blockchain

本發明是關於一種可與區塊鏈協作並用於處理鏈接資料的方法與裝置。The present invention relates to a method and device for processing linked data in cooperation with blockchain.

在現有技術中,區塊鏈(blockchain)採取分散式架構來達到去中心化的目的,全世界的終端電腦可藉由區塊鏈而產生連接,任一終端電腦所傳送到區塊鏈上的資料,可透過特定的運算方式而分佈在區塊鏈上的其他終端電腦中。由於這些資料是存在於區塊鏈上的大量終端電腦中,因此資料的正確性可透過區塊鏈的大量終端電腦互相驗證,這使得區塊鏈資料難以被變造或竄改。In the existing technology, the blockchain (blockchain) adopts a decentralized architecture to achieve the purpose of decentralization. Terminal computers all over the world can be connected through the blockchain, and the data transmitted by any terminal computer to the blockchain Data can be distributed among other terminal computers on the blockchain through specific computing methods. Since these data exist in a large number of terminal computers on the blockchain, the correctness of the data can be verified by a large number of terminal computers in the blockchain, which makes it difficult for the blockchain data to be altered or tampered with.

在傳統的終端電腦對中心伺服器的架構中,當一台終端電腦要將資料上傳到伺服器或是由伺服器下載資料,此作業只牽涉到終端電腦、中心伺服器與兩者間的網路伺服器等有限裝置的運作,以時下的網路速度與電腦計算能力來說,此作業可以執行得極為快速。但在區塊鏈的架構中,當一台終端電腦要將資料上傳到區塊鏈或是由區塊鏈下載資料時,基於區塊鏈的特性,此作業會牽涉到區塊鏈上其他大量的終端電腦(如礦工)的驗證程序,從而導致龐大的網路傳輸需求及運算量,因此相對耗時,且運算成本(如礦工費用)居高不下。In the traditional terminal computer-to-central server architecture, when a terminal computer wants to upload data to the server or download data from the server, this operation only involves the terminal computer, the central server and the network between the two. The operation of limited devices such as road servers can be performed extremely quickly with the current network speed and computer computing power. But in the blockchain architecture, when a terminal computer wants to upload data to the blockchain or download data from the blockchain, based on the characteristics of the blockchain, this operation will involve a large number of other The verification program of terminal computers (such as miners) leads to huge network transmission requirements and calculations, so it is relatively time-consuming, and the calculation costs (such as miners' fees) remain high.

一般來說,區塊鏈是採用二元樹(binary tree)或稱模克樹(Merkle tree)的樹狀資料結構,所有資料會經過雜湊運算而產生雜湊值(hash value)。所述二元樹包括頂層的樹根(root)與底層的多個葉節點(leaf node),每一筆資料的雜湊值會被儲存在葉節點,而所有葉節點的雜湊值會經過逐層運算而最終產生位於樹根的根雜湊值(root hash)。所有的二元樹會儲存在區塊鏈上的各個終端電腦中,若要驗證某一二元樹的某一筆資料的正確性,可藉由比對此二元樹在各終端電腦上的根雜湊值,來驗證此二元樹與其資料的正確性。Generally speaking, the blockchain adopts a tree-like data structure called a binary tree or a Merkle tree, and all data will undergo a hash operation to generate a hash value. The binary tree includes the top-level root (root) and the bottom-level leaf nodes (leaf nodes). The hash value of each piece of data will be stored in the leaf node, and the hash values of all leaf nodes will be calculated layer by layer. And finally generate the root hash value (root hash) at the root of the tree. All binary trees will be stored in each terminal computer on the blockchain. If you want to verify the correctness of a certain piece of data in a certain binary tree, you can compare the root hash of the binary tree on each terminal computer. value to verify the correctness of this binary tree and its data.

基於現有區塊鏈,當大量讀取區塊鏈上的資料時,會造成區塊鏈上的終端電腦的負荷,且效率不彰。此外,若大量讀取資料的動作被區塊鏈上的終端電腦當成惡意行為,輕則此次的讀取要求被區塊鏈上的終端電腦阻擋,造成資料無法讀取,重則發出讀取要求的網路位址被區塊鏈上的終端電腦列入黑名單,從此無法再由此終端電腦存取區塊鏈。Based on the existing blockchain, when a large amount of data on the blockchain is read, it will cause a load on the terminal computer on the blockchain, and the efficiency is not good. In addition, if the actions of reading a large amount of data are regarded as malicious behavior by the terminal computer on the blockchain, the reading request this time will be blocked by the terminal computer on the blockchain, making the data unreadable, or sending a reading request The network address of is blacklisted by the terminal computer on the blockchain, and the terminal computer can no longer access the blockchain from this terminal computer.

有鑑於此,在本發明的一些實施例中,提出一種用於與區塊鏈協作的資料處理方法與裝置,以及用於處理鏈接資料的方法、裝置以及驗證系統,藉此解決大量讀取區塊鏈上的資料時所導致效率不彰的問題,且解決大量讀取時造成區塊鏈的網路傳輸需求與運算負荷過大的問題。In view of this, in some embodiments of the present invention, a data processing method and device for cooperating with blockchain, as well as a method, device and verification system for processing linked data are proposed, thereby solving the problem of a large number of reading areas The problem of inefficiency caused by the data on the block chain, and solve the problem of excessive network transmission requirements and computing load of the block chain caused by a large number of reads.

本發明一實施例提出一種由安全協定裝置執行的用於處理鏈接資料的方法。此方法包括:將多個二元樹儲存於鏈下的一資料庫,其中各個二元樹包括樹根與多個葉節點,各個樹根儲存有根雜湊值。此方法更包括:讀取資料庫上的該些根雜湊值;對讀取自資料庫的該些根雜湊值進行雜湊與鏈接運算,以決定一推算根雜湊值;自區塊鏈讀取一特定根雜湊值,判斷特定根雜湊值與推算根雜湊值是否一致;以及在特定根雜湊值與推算根雜湊值一致時,判斷資料庫的該些根雜湊值為正確。An embodiment of the invention proposes a method for processing link data performed by a security protocol device. The method includes: storing multiple binary trees in a database under the chain, wherein each binary tree includes a tree root and a plurality of leaf nodes, and each tree root stores a root hash value. The method further includes: reading the root hash values on the database; performing hash and link operations on the root hash values read from the database to determine an estimated root hash value; reading a root hash value from the blockchain The specific root hash value is used to determine whether the specific root hash value is consistent with the estimated root hash value; and when the specific root hash value is consistent with the estimated root hash value, it is determined that the root hash values of the database are correct.

本發明一實施例提出一種由安全協定裝置。此安全協定裝置包括記憶體以及處理器。處理器耦接記憶體,並用以:將多個二元樹儲存於鏈下的一資料庫,其中各個二元樹包括樹根與多個葉節點,各個樹根儲存有根雜湊值。處理器更用以:讀取資料庫上的該些根雜湊值;對讀取自資料庫的該些根雜湊值進行雜湊與鏈接運算,以決定一推算根雜湊值;自區塊鏈讀取一特定根雜湊值;判斷特定根雜湊值與推算根雜湊值是否一致;以及在特定根雜湊值與推算根雜湊值一致時,判斷資料庫的該些根雜湊值為正確。An embodiment of the present invention provides a security protocol device. The security protocol device includes a memory and a processor. The processor is coupled to the memory and is used for: storing multiple binary trees in a database under the chain, wherein each binary tree includes a tree root and a plurality of leaf nodes, and each tree root stores a root hash value. The processor is further used to: read the root hash values on the database; perform hash and link operations on the root hash values read from the database to determine an estimated root hash value; read from the blockchain A specific root hash value; judging whether the specific root hash value is consistent with the estimated root hash value; and judging that the root hash values of the database are correct when the specific root hash value is consistent with the estimated root hash value.

本發明一實施例提出一種由區塊鏈裝置執行的方法,當中包括:自安全協定裝置接收多個根雜湊值,根據該些根雜湊值產生鏈接資料串,其中鏈接資料串包括多個以串列方式鏈接的資料集合,各資料集合分別包括各根雜湊值與對應的鏈接雜湊值,該些資料集合的最前者的鏈接雜湊值為雜湊化初始鏈接值而產生,而在最前的資料集合之後的各資料集合的鏈接雜湊值為雜湊化前一資料集合而產生。此方法更包括:傳送特定根雜湊值至安全協定裝置,以供安全協定裝置驗證儲存於鏈下的資料庫中的多個二元樹的正確性;其中,特定根雜湊值為鏈接資料串的資料區段中的最後一筆的資料集合的根雜湊值,而資料區段對應於提供至安全協定裝置的讀取指令所指示的資料讀取範圍。An embodiment of the present invention proposes a method executed by a block chain device, which includes: receiving a plurality of root hash values from the security agreement device, and generating a link data string according to the root hash values, wherein the link data string includes a plurality of root hash values The data sets linked in a column manner, each data set includes each root hash value and the corresponding link hash value, the first link hash value of these data sets is generated by hashing the initial link value, and after the first data set The link hash value of each data set in is produced by hashing the previous data set. The method further includes: sending a specific root hash value to the security protocol device for the security protocol device to verify the correctness of multiple binary trees stored in a database under the chain; wherein the specific root hash value is the link data string The root hash value of the last data set in the data segment, and the data segment corresponds to the data read range indicated by the read command provided to the security protocol device.

本發明一實施例提出一種區塊鏈裝置,其包括記憶體以及處理器。處理器耦接記憶體,並用以自安全協定裝置接收多個根雜湊值,以及根據該些根雜湊值產生鏈接資料串,其中鏈接資料串包括多個以串列方式鏈接的資料集合,各資料集合分別包括各根雜湊值與對應的鏈接雜湊值,該些資料集合的最前者的鏈接雜湊值為雜湊化初始鏈接值而產生,而在最前的資料集合之後的各資料集合的鏈接雜湊值為雜湊化前一資料集合而產生。處理器更用以傳送特定根雜湊值至安全協定裝置,以供安全協定裝置驗證儲存於鏈下的資料庫中的多個二元樹的正確性;其中,特定根雜湊值為鏈接資料串的資料區段中的最後一筆的資料集合的根雜湊值,而資料區段對應於提供至安全協定裝置的讀取指令所指示的資料讀取範圍。An embodiment of the present invention provides a blockchain device, which includes a memory and a processor. The processor is coupled to the memory, and is used for receiving a plurality of root hash values from the security protocol device, and generating a link data string according to the root hash values, wherein the link data string includes a plurality of data sets linked in series, and each data The sets respectively include each root hash value and the corresponding link hash value. The first link hash value of these data sets is generated by hashing the initial link value, and the link hash values of each data set after the first data set are Generated by hashing the previous data set. The processor is further used to send a specific root hash value to the security protocol device for the security protocol device to verify the correctness of multiple binary trees stored in the database under the chain; wherein the specific root hash value is the link data string The root hash value of the last data set in the data segment, and the data segment corresponds to the data read range indicated by the read command provided to the security protocol device.

本發明一實施例提出一種驗證系統,其適用於與區塊鏈協作並用於鏈接資料。驗證系統包括安全協定裝置、區塊鏈裝置與資料庫裝置。安全協定裝置接收多個紀錄資料並根據雜湊函數整合該些紀錄資料為多個二元樹,各二元樹包括樹根與多個葉節點,各樹根儲存有根雜湊值,且各紀錄資料的雜湊值分別儲存於各葉節點。區塊鏈裝置位於區塊鏈且通訊連接安全協定裝置,安全協定裝置傳送該些二元樹的該些根雜湊值至區塊鏈裝置。區塊鏈裝置包括至少一鏈接資料串,鏈接資料串包括多個以串列方式鏈接的資料集合,各資料集合分別包括各根雜湊值與對應的鏈接雜湊值,每一資料集合的鏈接雜湊值關聯於前一資料集合的根雜湊值與鏈接雜湊值,且該些資料集合最前者的鏈接雜湊值關聯於初始鏈接值。資料庫裝置在無涉於區塊鏈的鏈下通訊連接安全協定裝置,安全協定裝置儲存該些二元樹與初始鏈接值於資料庫裝置。An embodiment of the present invention proposes a verification system suitable for cooperating with blockchain and used for linking data. The verification system includes a security protocol device, a block chain device and a database device. The security protocol device receives multiple record data and integrates these record data into multiple binary trees according to the hash function. Each binary tree includes a tree root and a plurality of leaf nodes, and each tree root stores a root hash value, and each record data The hash value of is stored in each leaf node respectively. The block chain device is located in the block chain and communicates with the security protocol device, and the security protocol device transmits the root hash values of the binary trees to the block chain device. The block chain device includes at least one link data string, the link data string includes a plurality of data sets linked in series, each data set includes each root hash value and the corresponding link hash value, and the link hash value of each data set The root hash value and the link hash value associated with the previous data set, and the link hash value of the first data set is associated with the initial link value. The database device communicates with the security protocol device under the chain not related to the block chain, and the security protocol device stores the binary trees and initial link values in the database device.

本發明一實施例提出一種驗證方法,其適用於與區塊鏈協作。驗證方法包括:在無涉於區塊鏈的鏈下接收多個紀錄資料;根據雜湊函數整合該些紀錄資料為多個二元樹,其中,各二元樹包括樹根與多個葉節點,各樹根儲存有根雜湊值,且各紀錄資料的雜湊值分別儲存於各葉節點;傳送該些二元樹的該些根雜湊值至區塊鏈,其中,區塊鏈上設置有至少一鏈接資料串,鏈接資料串包括多個以串列方式鏈接的資料集合,各資料集合分別包括各根雜湊值與對應的鏈接雜湊值,每一資料集合的鏈接雜湊值關聯於前一資料集合的根雜湊值與鏈接雜湊值,且該些資料集合最前者的鏈接雜湊值關聯於初始鏈接值;以及,在無涉於區塊鏈的鏈下儲存該些二元樹與初始鏈接值。An embodiment of the present invention proposes a verification method, which is suitable for cooperation with blockchain. The verification method includes: receiving multiple record data under the chain not related to the blockchain; integrating the record data into multiple binary trees according to the hash function, wherein each binary tree includes a tree root and a plurality of leaf nodes, Each tree root stores a root hash value, and the hash value of each record data is stored in each leaf node; the root hash values of these binary trees are sent to the block chain, wherein at least one is set on the block chain The link data string, the link data string includes a plurality of data sets linked in series, each data set includes each root hash value and the corresponding link hash value, and the link hash value of each data set is associated with the previous data set a root hash value and a link hash value, and the first link hash value of the data sets is associated with the initial link value; and storing the binary tree and the initial link value under a chain not related to the block chain.

本發明一實施例提出一種用於與區塊鏈協作的資料處理方法,該資料處理方法包括:自至少一終端裝置接收第一紀錄資料以及對應該第一紀錄資料的第一識別資料;根據該第一識別資料產生第一識別編號,該第一識別編號用以識別二元樹中的複數個葉節點中的第一葉節點;根據該第一識別編號,將該第一紀錄資料的雜湊值儲存至該第一葉節點;根據該二元樹產生複數個切片,各該切片包括該二元樹中的根節點以及該二元樹中的一組葉節點以及對應該組葉節點的至少一中間節點;將儲存於該根節點的根雜湊值上傳至該區塊鏈;以及將該些切片中的第一切片回傳至該至少一終端裝置,該第一切片包括儲存該第一紀錄資料的雜湊值的該第一葉節點。An embodiment of the present invention proposes a data processing method for cooperating with blockchain, the data processing method includes: receiving first record data and first identification data corresponding to the first record data from at least one terminal device; according to the The first identification data generates a first identification number, the first identification number is used to identify the first leaf node among the plurality of leaf nodes in the binary tree; according to the first identification number, the hash value of the first record data storing to the first leaf node; generating a plurality of slices according to the binary tree, each of which includes a root node in the binary tree, a set of leaf nodes in the binary tree, and at least one corresponding to the set of leaf nodes an intermediate node; uploading the root hash value stored in the root node to the block chain; and returning the first slice among the slices to the at least one terminal device, the first slice including storing the first The first leaf node that records the hash value of the data.

本發明一實施例提出一種安全協定裝置,其包括識別編號單元以及切片單元。識別編號單元被配置以根據對應於第一紀錄資料的第一識別資料產一第一識別編號,並根據該第一識別編號,將該第一紀錄資料的雜湊值儲存至第一葉節點,其中該安全協定裝置被配置以自至少一終端裝置接收該第一紀錄資料以及該第一識別資料,該第一葉節點為二元樹中的複數個葉節點的其中之一,該第一識別編號用以識別該第一葉節點。該切片單元被配置以根據該二元樹產生複數個切片,並將該些切片中的第一切片回傳至該至少一終端裝置,其中各該切片包括該二元樹中的一根節點以及該二元樹中的一組葉節點以及對應該組葉節點的至少一中間節點,該第一切片包括儲存該第一紀錄資料的雜湊值的該第一葉節點;其中該安全協定裝置更被配置以將儲存於該根節點的一根雜湊值上傳至區塊鏈。An embodiment of the present invention provides a security protocol device, which includes an identification numbering unit and a slice unit. The identification number unit is configured to generate a first identification number according to the first identification data corresponding to the first record data, and store the hash value of the first record data in the first leaf node according to the first identification number, wherein The security protocol device is configured to receive the first record data and the first identification data from at least one terminal device, the first leaf node is one of a plurality of leaf nodes in the binary tree, the first identification number Used to identify the first leaf node. The slicing unit is configured to generate a plurality of slices according to the binary tree, and return a first slice of the slices to the at least one terminal device, wherein each slice includes a node in the binary tree and a set of leaf nodes in the binary tree and at least one intermediate node corresponding to the set of leaf nodes, the first slice includes the first leaf node storing the hash value of the first record data; wherein the security protocol device It is further configured to upload a hash value stored in the root node to the blockchain.

本發明一實施例提出一種終端裝置,其包括紀錄資料產生單元以及識別資料產生單元。紀錄資料產生單元被配置以產生第一紀錄資料。識別資料產生單元被配置以產生對應該第一紀錄資料的第一識別資料。該終端裝置更被配置以:將該第一紀錄資料以及該第一識別資料傳送至安全協定裝置;在傳送該第一紀錄資料以及該第一識別資料後,自該安全協定裝置接收二元樹的切片,該切片包括該二元樹中的一根節點以及該二元樹中的一組葉節點以及對應該組葉節點的至少一中間節點,該組葉節點包括第一葉節點,該第一葉節點儲存一雜湊值; 對該第一紀錄資料作雜湊運算以取得的該第一紀錄資料的雜湊值;判斷該第一葉節點儲存的該雜湊值與該第一紀錄資料的雜湊值是否一致;以及在判斷該第一葉節點儲存的該雜湊值與該第一紀錄資料的雜湊值不一致時,傳送抗議訊息至區塊鏈。An embodiment of the present invention provides a terminal device, which includes a recording data generation unit and an identification data generation unit. The record data generating unit is configured to generate first record data. The identification data generating unit is configured to generate first identification data corresponding to the first record data. The terminal device is further configured to: transmit the first record data and the first identification data to a security protocol device; receive a binary tree from the security protocol device after transmitting the first record data and the first identification data slice, the slice includes a node in the binary tree, a group of leaf nodes in the binary tree and at least one intermediate node corresponding to the group of leaf nodes, the group of leaf nodes includes the first leaf node, the second A leaf node stores a hash value; performing a hash operation on the first record data to obtain a hash value of the first record data; judging whether the hash value stored in the first leaf node and the hash value of the first record data are consistent; and when it is judged that the hash value stored by the first leaf node is inconsistent with the hash value of the first record data, sending a protest message to the block chain.

綜上所述,根據本發明實施例的驗證系統、方法與裝置,在需要大量讀取二元樹的根雜湊值時,可透過鏈下資料庫裝置中讀取這些根雜湊值,並以區塊鏈上的鏈接資料串的資料集合在後者的鏈接雜湊值來驗證由鏈下讀取的根雜湊值的正確性,從而在維持資料的可信任度的前提下,減輕區塊鏈的網路傳輸需求與運算負荷。To sum up, according to the verification system, method and device of the embodiments of the present invention, when it is necessary to read a large number of root hash values of binary trees, these root hash values can be read through the off-chain database device, and the area The data of the link data string on the block chain is collected in the latter link hash value to verify the correctness of the root hash value read from the chain, so as to reduce the network complexity of the blockchain while maintaining the trustworthiness of the data. Transmission requirements and computing load.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟悉相關技術者暸解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技術者可輕易地理解本發明相關之目的及優點。The detailed features and advantages of the present invention are described in detail below in the implementation mode, the content is enough to make any person familiar with the related art understand the technical content of the present invention and implement it accordingly, and according to the content disclosed in this specification, the patent scope of the application and the drawings , anyone skilled in the related art can easily understand the related objects and advantages of the present invention.

請參照圖1,圖1為本發明一實施例的驗證系統10的方塊示意圖。在本實施例中,驗證系統10適用於與區塊鏈BC協作,區塊鏈BC可包括公有區塊鏈、私有區塊鏈或其組合。驗證系統10用以在鏈下(off chain)OC,亦即透過鏈下通道(off-chain channel),通訊連接多個終端裝置400,並在區塊鏈BC與鏈下OC間進行協作,且各終端裝置400可產生至少一筆紀錄資料RD。所述鏈下OC是指獨立於區塊鏈BC之外的路徑,即無涉於區塊鏈BC的路徑;所述在鏈下OC通訊連接是指在獨立於區塊鏈BC之外的路徑具有通訊連接關係,即透過無涉於區塊鏈BC的路徑建立通訊連接。例如,兩裝置在鏈下OC通訊連接,意味這兩裝置之間可透過網路直接連接並互相傳送訊號而無涉於區塊鏈BC。終端裝置400例如是桌上型電腦、筆記型電腦或各種感測器,紀錄資料RD例如是桌上型電腦或筆記型電腦產生的檔案或交易資訊或是感測器所感測的數值資訊,但不限於此。Please refer to FIG. 1 , which is a schematic block diagram of averification system 10 according to an embodiment of the present invention. In this embodiment, theverification system 10 is suitable for cooperating with the blockchain BC, and the blockchain BC may include a public blockchain, a private blockchain or a combination thereof. Theverification system 10 is used to communicate and connect multipleterminal devices 400 in the off-chain OC, that is, through an off-chain channel, and to cooperate between the blockchain BC and the off-chain OC, and Eachterminal device 400 can generate at least one record data RD. The off-chain OC refers to a path independent of the blockchain BC, that is, a path not involved in the blockchain BC; the off-chain OC communication connection refers to a path independent of the blockchain BC There is a communication connection relationship, that is, a communication connection is established through a path not involved in the blockchain BC. For example, two devices are connected by OC communication under the chain, which means that the two devices can be directly connected through the network and send signals to each other without involving the blockchain BC. Theterminal device 400 is, for example, a desktop computer, a notebook computer, or various sensors, and the record data RD is, for example, a file or transaction information generated by a desktop computer or a notebook computer, or numerical information sensed by the sensor. Not limited to this.

如圖1所示,在本實施例中,驗證系統10包括安全協定裝置100、資料庫裝置200與區塊鏈裝置300。安全協定裝置100是在無涉於區塊鏈BC的鏈下OC通訊連接資料庫裝置200,且安全協定裝置100通訊連接位於區塊鏈BC上的區塊鏈裝置300。資料庫裝置200例如是獨立於區塊鏈BC之外的資料儲存伺服器,區塊鏈裝置300例如是連接區塊鏈BC的複數電腦的集合,但不限於此。在本實施例中,安全協定裝置100是兼具區塊鏈BC與鏈下OC的通訊能力的伺服器。舉例來說,安全協定裝置100是位於鏈下OC與區塊鏈BC之間的中介者,其可作為終端裝置400與資料庫裝置200以及區塊鏈裝置300之間的橋樑,容後詳述。As shown in FIG. 1 , in this embodiment, theverification system 10 includes asecurity protocol device 100 , adatabase device 200 and ablockchain device 300 . Thesecurity protocol device 100 communicates with thedatabase device 200 under the OC not involved in the blockchain BC, and thesecurity protocol device 100 communicates with theblockchain device 300 located on the blockchain BC. Thedatabase device 200 is, for example, a data storage server independent of the blockchain BC, and theblockchain device 300 is, for example, a collection of multiple computers connected to the blockchain BC, but is not limited thereto. In this embodiment, thesecurity protocol device 100 is a server with the communication capability of the blockchain BC and the off-chain OC. For example, thesecurity protocol device 100 is an intermediary between the off-chain OC and the blockchain BC, which can serve as a bridge between theterminal device 400, thedatabase device 200 and theblockchain device 300, which will be described in detail later .

請再參照圖2,圖2所示為本發明一實施例的二元樹BT的示意圖。如圖1與圖2所示,在本實施例中,各終端裝置400產生紀錄資料RD後,各終端裝置400會在鏈下OC傳送紀錄資料RD至安全協定裝置100。安全協定裝置100在鏈下OC接收各終端裝置400的該些紀錄資料RD之後,安全協定裝置100會根據雜湊函數整合該些紀錄資料RD為至少一二元樹BT。Please refer to FIG. 2 again. FIG. 2 is a schematic diagram of a binary tree BT according to an embodiment of the present invention. As shown in FIG. 1 and FIG. 2 , in this embodiment, after eachterminal device 400 generates the record data RD, eachterminal device 400 will send the record data RD to thesecurity protocol device 100 in the off-chain OC. After thesecurity protocol device 100 receives the record data RD of eachterminal device 400 in the off-chain OC, thesecurity protocol device 100 integrates the record data RD into at least one binary tree BT according to a hash function.

如圖2所示,在本實施例中,二元樹BT包括樹根R、多個中間節點MN與多個葉節點LN,以二元樹BT的樹狀資料結構來看,樹根R位於頂層、葉節點LN位於底層、而中間節點MN分佈於頂層與底層之間的一或多層。每兩個相鄰的葉節點LN在往上一層會合而為一個中間節點MN,每一層中的每兩個相鄰的中間節點MN在更往上一層又會合而為一個中間節點MN,而位於最上層的兩個中間節點MN會合而為樹根R。每一葉節點LN分別儲存各紀錄資料RD的雜湊值RDH,而每一中間節點MN的雜湊值與樹根R中的根雜湊值RH則關聯於各紀錄資料RD的雜湊值RDH。As shown in Figure 2, in this embodiment, the binary tree BT includes a tree root R, a plurality of intermediate nodes MN and a plurality of leaf nodes LN, from the perspective of the tree-like data structure of the binary tree BT, the tree root R is located at On the top layer, the leaf nodes LN are located at the bottom layer, and the middle nodes MN are distributed on one or more layers between the top layer and the bottom layer. Every two adjacent leaf nodes LN meet at the upper layer to form an intermediate node MN, and every two adjacent intermediate nodes MN in each layer meet at the upper layer to form an intermediate node MN, and the The two intermediate nodes MN on the uppermost layer meet to form the root R of the tree. Each leaf node LN stores the hash value RDH of each record data RD, and the hash value of each intermediate node MN and the root hash value RH in the tree root R are associated with the hash value RDH of each record data RD.

舉例來說,安全協定裝置100可採用SHA-256的雜湊函數將各筆紀錄資料RD雜湊化而產生對應的雜湊值RDH,且安全協定裝置100會將各紀錄資料RD的雜湊值RDH分別儲存於各葉節點LN。並且,每一組兩個相鄰的葉節點LN中所儲存的兩筆雜湊值會被連接後再被雜湊化而儲存於上一層的中間節點MN,每一層中的每一組兩個相鄰的中間節點MN所儲存的兩筆雜湊值也會被連接後再被雜湊化而儲存於更上一層的中間節點MN,以此類推。在本實施例中,所述兩筆雜湊值被連接後再被雜湊化的實現方式,可以是將此兩筆雜湊值先連接為一串編碼後再對此串編碼進行雜湊化,但不限於此。舉例來說,第一筆雜湊值是「xxx」,第二筆雜湊值是「ooo」,此兩筆雜湊值會先被連接為「xxxooo」的一串編碼,而此串編碼「xxxooo」會再被雜湊化而產生雜湊值。最後,位於最上層的兩個中間節點MN所儲存的兩筆雜湊值會被連接後再被雜湊化而產生根雜湊值RH。換言之,二元樹BT包括儲存於各葉節點LN中的紀錄資料RD的雜湊值RDH與儲存於樹根R的根雜湊值RH,並且,紀錄資料RD是不可竄改的,這是因為只要二元樹BT中任一筆紀錄資料RD遭到竄改,此筆紀錄資料RD的雜湊值RDH會產生變化,而只要任一葉節點LN的紀錄資料RD的雜湊值RDH產生變化,則二元樹BT的根雜湊值RH也會對應變化。藉由判斷根雜湊值RH是否產生變化,即可驗證此二元樹BT對應的紀錄資料RD的正確性。在不同的實施例中,單一個葉節點LN亦可儲存兩筆以上的紀錄資料RD的雜湊值RDH,在此情況下,此葉節點LN中所儲存的雜湊值RDH為兩筆以上的紀錄資料RD的雜湊值RDH被連接後再被雜湊化後之值。For example, thesecurity protocol device 100 can use the hash function of SHA-256 to hash each record data RD to generate a corresponding hash value RDH, and thesecurity protocol device 100 will store the hash value RDH of each record data RD in Each leaf node LN. Moreover, the two hash values stored in each group of two adjacent leaf nodes LN will be connected and then hashed and stored in the middle node MN of the upper layer. Each group of two adjacent leaf nodes in each layer The two hash values stored in the intermediate node MN of the network will also be connected and then hashed and stored in the intermediate node MN of the upper layer, and so on. In this embodiment, the implementation of hashing after the two hash values are connected may be that the two hash values are first connected into a string of codes and then the string of codes is hashed, but is not limited to this. For example, if the first hash value is "xxx" and the second hash value is "ooo", these two hash values will be connected into a string of codes "xxxooo", and this string of codes "xxxooo" will be Then it is hashed to generate a hash value. Finally, the two hash values stored by the two intermediate nodes MN on the uppermost layer will be concatenated and then hashed to generate a root hash value RH. In other words, the binary tree BT includes the hash value RDH of the record data RD stored in each leaf node LN and the root hash value RH stored in the root R of the tree, and the record data RD cannot be tampered with because only the binary If any record data RD in the tree BT is tampered with, the hash value RDH of this record data RD will change, and as long as the hash value RDH of the record data RD of any leaf node LN changes, the root hash value of the binary tree BT The value RH will also change accordingly. By judging whether the root hash value RH changes, the correctness of the record data RD corresponding to the binary tree BT can be verified. In different embodiments, a single leaf node LN can also store the hash value RDH of more than two record data RD, in this case, the hash value RDH stored in this leaf node LN is more than two record data The hash value of RD is the value after RDH is concatenated and then hashed.

如圖1與圖2所示,在本實施例中,安全協定裝置100包括二元樹處理單元110與驗證單元120。二元樹處理單元110與驗證單元120例如但不限於是軟體/硬體所構成的功能模組,以分別執行特定功能,且二元樹處理單元110與驗證單元120可以是各自獨立的模組或整合為一體的模組。As shown in FIG. 1 and FIG. 2 , in this embodiment, thesecurity protocol device 100 includes a binarytree processing unit 110 and averification unit 120 . The binarytree processing unit 110 and theverification unit 120 are, for example but not limited to, functional modules composed of software/hardware to perform specific functions respectively, and the binarytree processing unit 110 and theverification unit 120 may be independent modules Or an integrated module.

在本實施例中,安全協定裝置100的二元樹處理單元110會自動將所接收的該些紀錄資料RD進行雜湊化並整合產生二元樹BT。安全協定裝置100會傳送二元樹BT的根雜湊值RH至區塊鏈裝置300,亦即這些根雜湊值RH將會被儲存到區塊鏈BC上。此外,安全協定裝置100會將二元樹BT儲存於資料庫裝置200中,亦即完整的二元樹BT是儲存在鏈下OC,而不會儲存於區塊鏈BC上。在其他實施例中,完整的二元樹BT亦可同時儲存於資料庫裝置200並傳送至區塊鏈裝置300。In this embodiment, the binarytree processing unit 110 of thesecurity protocol device 100 automatically hashes the received record data RD and integrates them to generate a binary tree BT. Thesecurity agreement device 100 will transmit the root hash value RH of the binary tree BT to theblock chain device 300 , that is, these root hash values RH will be stored in the block chain BC. In addition, thesecurity protocol device 100 will store the binary tree BT in thedatabase device 200, that is, the complete binary tree BT is stored in the off-chain OC instead of on the blockchain BC. In other embodiments, the complete binary tree BT can also be stored in thedatabase device 200 and transmitted to theblockchain device 300 at the same time.

在本實施例中,安全協定裝置100的驗證單元120會驗證資料庫裝置200所儲存的二元樹BT的正確性。當安全協定裝置100接收一驗證要求,且此驗證要求是針對某一筆紀錄資料RD的正確性進行驗證,此時驗證單元120會自動比對區塊鏈裝置300上的對應於此紀錄資料RD的二元樹BT的根雜湊值RH與資料庫裝置200儲存的對應於此紀錄資料RD的二元樹BT的根雜湊值RH,以驗證資料庫裝置200儲存的二元樹BT的正確性。若區塊鏈裝置300上的根雜湊值RH與資料庫裝置200儲存的二元樹BT的根雜湊值RH經比對是一致的,則基於區塊鏈BC的特性,代表資料庫裝置200所儲存的此筆紀錄資料RD的二元樹BT正確無誤。In this embodiment, theverification unit 120 of thesecurity protocol device 100 verifies the correctness of the binary tree BT stored in thedatabase device 200 . When thesecurity protocol device 100 receives a verification request, and the verification request is to verify the correctness of a certain record data RD, theverification unit 120 will automatically compare the data corresponding to the record data RD on theblock chain device 300 The root hash value RH of the binary tree BT and the root hash value RH of the binary tree BT corresponding to the record data RD stored by thedatabase device 200 are used to verify the correctness of the binary tree BT stored by thedatabase device 200 . If the root hash value RH on theblock chain device 300 is consistent with the root hash value RH of the binary tree BT stored in thedatabase device 200, then based on the characteristics of the block chain BC, it represents that thedatabase device 200 The stored binary tree BT of this record data RD is correct.

由於完整的二元樹BT是位於鏈下OC的資料庫裝置200中,因此紀錄資料RD的雜湊值RDH的存取與運算主要是在鏈下OC進行,可節省傳統上在區塊鏈BC進行此項作業的網路傳輸需求、運算量、運算時間與運算成本。並且,資料庫裝置200中的二元樹BT的根雜湊值RH可經由與區塊鏈裝置300上的對應根雜湊值RH比對而得到驗證,鏈下OC的資料庫裝置200的資料正確性也得以確保。Since the complete binary tree BT is located in thedatabase device 200 of the off-chain OC, the access and calculation of the hash value RDH of the record data RD is mainly performed in the off-chain OC, which saves the traditional BC The network transmission requirements, calculation amount, calculation time and calculation cost of this operation. Moreover, the root hash value RH of the binary tree BT in thedatabase device 200 can be verified by comparing it with the corresponding root hash value RH on theblockchain device 300. is also ensured.

請參照圖3,圖3為本發明一實施例的鏈接資料串CDS的示意圖一。如圖1與圖3所示,在本實施例中,區塊鏈裝置300包括至少一鏈接資料串CDS,鏈接資料串CDS包括多個以串列方式鏈接的資料集合DS。所述串列是指由第一筆、第二筆、第三筆依序至倒數第二筆與最後一筆,且每一筆資料會關聯於前一筆資料,例如第二筆資料會關聯於第一筆資料、第三筆資料會關聯於第二筆資料而最後一筆資料會關聯於倒數第二筆資料,以此類推。在本實施例中,各資料集合DS分別包括各根雜湊值RH與對應的鏈接雜湊值CH,每一資料集合DS的鏈接雜湊值CH關聯於前一資料集合DS的根雜湊值RH與鏈接雜湊值CH,且該些資料集合DS最前者的鏈接雜湊值CH關聯於一初始鏈接值CH0Please refer to FIG. 3 . FIG. 3 is a first schematic diagram of a link data string CDS according to an embodiment of the present invention. As shown in FIG. 1 and FIG. 3 , in this embodiment, theblock chain device 300 includes at least one link data string CDS, and the link data string CDS includes a plurality of data sets DS linked in series. The series refers to the order from the first, second, third to the penultimate and the last, and each data will be associated with the previous data, for example, the second data will be associated with the first The first data, the third data will be associated with the second data and the last data will be associated with the penultimate data, and so on. In this embodiment, each data set DS includes each root hash value RH and the corresponding link hash value CH, and the link hash value CH of each data set DS is associated with the root hash value RH and link hash value of the previous data set DS. value CH, and the first link hash value CH of the data sets DS is associated with an initial link value CH0 .

如圖1所示,在本實施例中,區塊鏈裝置300包括鏈接處理單元311,鏈接處理單元311用以產生鏈接資料串CDS。如圖1與圖3所示,在本實施例中,當區塊鏈裝置300接收多個二元樹BT的根雜湊值RH之後,鏈接處理單元311根據所接收的這些二元樹BT的根雜湊值RH的產生或接收時間,依序產生資料集合DS,每一資料集合DS的鏈接雜湊值CH為雜湊化前一資料集合DS而產生,且最前的資料集合DS的鏈接雜湊值CH為雜湊化初始鏈接值CH0而產生。As shown in FIG. 1 , in this embodiment, theblockchain device 300 includes alink processing unit 311 , and thelink processing unit 311 is configured to generate a link data string CDS. As shown in Figure 1 and Figure 3, in this embodiment, after theblockchain device 300 receives the root hash values RH of multiple binary trees BT, thelink processing unit 311 When the hash value RH is generated or received, the data sets DS are generated in sequence. The link hash value CH of each data set DS is generated by hashing the previous data set DS, and the link hash value CH of the first data set DS is hash Generated by optimizing the initial link value CH0 .

在本實施例中,鏈接處理單元311會先產生所述初始鏈接值CH0,初始鏈接值CH0可以是任意數值或任意字母或數字的組合。並且,鏈接處理單元311會根據以下兩個公式產生鏈接資料串CDS中的多個以串列方式鏈接的資料集合DS:In this embodiment, thelink processing unit 311 first generates the initial link value CH0 , and the initial link value CH0 may be any value or any combination of letters or numbers. Furthermore, thelink processing unit 311 will generate a plurality of serially linked data sets DS in the linked data string CDS according to the following two formulas:

CHi=hash(RHi-1| CHi-1);以及CHi =hash(RHi-1 | CHi-1 ); and

CH1=hash(CH0)。CH1 =hash(CH0 ).

其中,RHi-1為根雜湊值RH,CHi-1為鏈接雜湊值CH,且i為2至k的整數。Wherein, RHi-1 is the root hash value RH, CHi-1 is the link hash value CH, and i is an integer from 2 to k.

如圖3所示,最前的資料集合DS的根雜湊值RH為RH1而鏈接雜湊值CH為CH1,且CH1為雜湊化CH0而產生的雜湊值。在後的(排列在最前的資料集合DS後)的第二筆資料集合DS的根雜湊值RH為RH2而鏈接雜湊值CH為CH2,且CH2為雜湊化連接後的RH1與CH1而產生的雜湊值。如前所述,所述雜湊化連接後的RH1與CH1的實現方式,可以是將RH1與CH1連接後再進行雜湊化,但不限於此。在後的(排列在第二筆資料集合DS後)的第三筆資料集合DS的根雜湊值RH為RH3而鏈接雜湊值CH為CH3,且CH3為雜湊化連接後的RH2與CH2而產生的雜湊值。最後的資料集合DS的根雜湊值RH為RHk而鏈接雜湊值CH為CHk,且CHk為雜湊化連接後的RHk-1與CHk-1而產生的雜湊值。其餘資料集合DS的根雜湊值RH與鏈接雜湊值CH則以此類推。並且,這些以串列方式鏈接的資料集合DS組成鏈接資料串CDS。在本實施例中,安全協定裝置100會將初始鏈接值CH0儲存至資料庫裝置200,但不限於此。As shown in FIG. 3 , the root hash value RH of the first data set DS is RH1 , the link hash value CH is CH1 , and CH1 is a hash value generated by hashing CH0 . The root hash value RH of the second data set DS in the latter (arranged after the first data set DS) is RH2 and the link hash value CH is CH2 , and CH2 is the hash-connected RH1 and CH The hash value generated by1 . As mentioned above, the implementation of the hash-connected RH1 and CH1 may be to perform hashing after connecting the RH1 and CH1 , but it is not limited thereto. The root hash value RH of the third data set DS in the latter (arranged after the second data set DS) is RH3 and the link hash value CH is CH3 , and CH3 is the hashed connection of RH2 and The hash value generated by CH2 . The root hash value RH of the final data set DS is RHk and the link hash value CH is CHk , and CHk is a hash value generated by hashing the concatenated RHk−1 and CHk−1 . The root hash value RH and the link hash value CH of the remaining data sets DS can be deduced by analogy. And, these serially linked data sets DS form a linked data string CDS. In this embodiment, thesecurity protocol device 100 stores the initial link value CH0 into thedatabase device 200 , but it is not limited thereto.

如圖1與圖3所示,在本實施例中,安全協定裝置100更包括讀取單元130,讀取單元130用以自區塊鏈裝置300與資料庫裝置200讀取對應的資料。終端裝置400可傳送讀取要求RR至安全協定裝置100,以讀取一或多個二元樹BT的根雜湊值RH。當安全協定裝置100接收讀取要求RR,且此讀取要求RR是要求讀取多個根雜湊值RH,而這多個根雜湊值RH屬於鏈接資料串CDS的多個資料集合DS,讀取單元130會自區塊鏈裝置300讀取此鏈接資料串CDS的該些資料集合DS在後者的根雜湊值RH,並自資料庫裝置200讀取此鏈接資料串CDS的該些資料集合DS在前者的一或多個根雜湊值RH,且安全協定裝置100以區塊鏈裝置300的在後的資料集合DS的鏈接雜湊值CH驗證資料庫裝置200的在前的一或多個根雜湊值RH的正確性。As shown in FIG. 1 and FIG. 3 , in this embodiment, thesecurity protocol device 100 further includes areading unit 130 for reading corresponding data from theblockchain device 300 and thedatabase device 200 . Theterminal device 400 may send a read request RR to thesecurity protocol device 100 to read the root hash values RH of one or more binary trees BT. When thesecurity protocol device 100 receives the read request RR, and the read request RR is to read multiple root hash values RH, and the multiple root hash values RH belong to multiple data sets DS of the link data string CDS, read Theunit 130 will read the root hash value RH of the data sets DS of the link data string CDS from theblock chain device 300, and read the data sets DS of the link data string CDS from thedatabase device 200. The former one or more root hash values RH, and thesecurity protocol device 100 verifies the previous one or more root hash values of thedatabase device 200 with the link hash value CH of the subsequent data set DS of theblockchain device 300 The correctness of RH.

舉例來說,當安全協定裝置100接收讀取要求RR,此讀取要求RR是要求讀取如圖3的鏈接資料串CDS的RH1至RHk的k個根雜湊值RH,讀取單元130會自區塊鏈裝置300讀取此鏈接資料串CDS的該些資料集合DS最後一筆的資料集合DS的根雜湊值RH與鏈接雜湊值CH(即RHk與CHk),並且,讀取單元130會自資料庫裝置200讀取在前的資料集合DS的根雜湊值RH(即RH1至RHk-1),並且,驗證單元120會以最後一筆的資料集合DS的RHk來驗證資料庫裝置200的在前的資料集合DS的RH1至RHk-1的正確性。驗證單元120可使用前述兩個公式,並以資料庫裝置200儲存的初始鏈接值CH0與RH1至RHk-1進行雜湊與鏈接運算而推算出CHk,並以推算出的CHk來比對區塊鏈裝置300上的CHk。若推算出的CHk與區塊鏈裝置300上的CHk一致,則表示資料庫裝置200儲存的RH1至RHk-1與區塊鏈裝置300上的RH1至RHk-1也會一致。因為基於雜湊運算,只要資料庫裝置200儲存的RH1至RHk-1中任一個根雜湊值RH與區塊鏈裝置300上的RH1至RHk-1中的對應根雜湊值RH不一致,則推算出的CHk就會不同於區塊鏈裝置300上的CHkFor example, when thesecurity protocol device 100 receives a read request RR, the read request RR is to read the k root hash values RH of RH1 to RHk of the link data string CDS shown in FIG. 3 , theread unit 130 The root hash value RH and the link hash value CH (that is, RHk and CHk ) of the last data set DS of the data sets DS of the link data string CDS will be read from theblock chain device 300, and theread unit 130 will read the root hash value RH (that is, RH1 to RHk-1 ) of the previous data set DS from thedatabase device 200, and theverification unit 120 will use the RHk of the last data set DS to verify the data The correctness of RH1 to RHk−1 of the previous data set DS of thelibrary device 200 . Theverification unit 120 can use the aforementioned two formulas to calculate CHk by performing hash and link operations on the initial link values CH0 and RH1 to RHk-1 stored in thedatabase device 200, and use the calculated CHk to Compare CHk on theblock chain device 300 . If the calculated CHk is consistent with the CHk on theblock chain device 300, it means that the RH1 to RH k-1 stored in thedatabase device 200 and the RH1 to RHk-1on theblock chain device 300 will also be unanimous. Because it is based on a hash operation, as long as any root hash value RH stored in thedatabase device 200 from RH1 to RHk-1 is inconsistent with the corresponding root hash value RH in RH1 to RHk-1 on theblockchain device 300, Then the calculated CHk will be different from the CHk on theblockchain device 300 .

請參照圖3a,圖3a為本發明一實施例的鏈接資料串CDS的示意圖二。圖3a的鏈接資料串CDS實質上同於圖3的鏈接資料串CDS,但為了便於說明,圖3a的鏈接資料串CDS示出一個連續的資料集合DS的資料區段SEC。如圖3a所示,在本實施例中,安全協定裝置100還可讀取鏈接資料串CDS的任一資料區段SEC的資料集合DS,並以此資料區段SEC的最後一筆資料集合DS進行驗證。舉例來說,當安全協定裝置100接收讀取要求RR,此讀取要求RR是要求讀取如圖3的鏈接資料串CDS的資料區段SEC的RHx-10至RHx共十一個根雜湊值RH,其中x小於k且大於等於10,讀取單元130會自區塊鏈裝置300讀取此資料區段SEC的該些資料集合DS最後一筆的資料集合DS的根雜湊值RH與鏈接雜湊值CH(即RHx與CHx),並且,讀取單元130會自資料庫裝置200讀取此資料區段SEC的在前的資料集合DS的根雜湊值RH(即RHx-10至RHx-1),並且,驗證單元120會以資料區段SEC的最後一筆的資料集合DS的RHx來驗證資料庫裝置200的資料區段SEC在前的資料集合DS的RHx-10至RHx-1的正確性。Please refer to FIG. 3 a . FIG. 3 a is a second schematic diagram of a link data string CDS according to an embodiment of the present invention. The linked data string CDS in FIG. 3a is substantially the same as the linked data string CDS in FIG. 3 , but for convenience of illustration, the linked data string CDS in FIG. 3a shows a data section SEC of a continuous data set DS. As shown in Figure 3a, in this embodiment, thesecurity protocol device 100 can also read the data set DS of any data segment SEC in the link data string CDS, and perform verify. For example, when thesecurity protocol device 100 receives the read request RR, the read request RR is to read the eleven roots from RHx-10 to RHx of the data segment SEC of the link data string CDS shown in FIG. 3 Hash value RH, where x is less than k and greater than or equal to 10, thereading unit 130 will read from theblock chain device 300 the root hash value RH and link Hash value CH (that is, RHx and CHx ), and thereading unit 130 will read the root hash value RH (that is, RHx-10 to RHx-1 ), and theverification unit 120 will use the RHx of the last data set DS of the data segment SEC to verify the RHx-10 to the previous data set DS of the data segment SEC of thedatabase device 200 Correctness of RHx-1 .

在一些實施例中,初始鏈接值CH0可不儲存於資料庫裝置200中。取而代之地,當安全協定裝置100接收讀取要求RR,讀取單元130會自區塊鏈裝置300讀取鏈接資料串CDS的初始鏈接值CH0以及該些資料集合DS在後者的資料集合DS的根雜湊值RH,並自資料庫裝置200讀取鏈接資料串CDS的該些資料集合DS在前者的一或多個根雜湊值RH。In some embodiments, the initial link value CH0 may not be stored in thedatabase device 200 . Instead, when thesecurity protocol device 100 receives the read request RR, thereading unit 130 will read the initial link value CH0 of the link data string CDS and the data sets DS in the latter data set DS from theblock chain device 300. root hash value RH, and read from thedatabase device 200 one or more root hash values RH of the data sets DS linked to the data string CDS in the former.

請參照圖4,圖4為本發明另一實施例的驗證系統10a的方塊示意圖。圖1與圖4的驗證系統10、10a相同或相似的元件、連接關係與功能不再贅述,圖4的驗證系統10a相較於圖1的驗證系統10的差異之一在於,圖4的驗證系統10a的安全協定裝置100更包括鏈接處理單元140,而區塊鏈裝置300則不具有鏈接處理單元。在安全協定裝置100的二元樹處理單元110產生多個二元樹BT之後,安全協定裝置100的鏈接處理單元140會根據這些二元樹BT的多個根雜湊值RH依序產生資料集合DS,並根據前述兩個公式產生鏈接資料串CDS,而安全協定裝置100會將鏈接資料串CDS傳送至區塊鏈裝置300。也就是說,安全協定裝置100傳送至區塊鏈BC的資料已是具有鏈接資料串CDS的資料結構。Please refer to FIG. 4 , which is a schematic block diagram of averification system 10 a according to another embodiment of the present invention. The same or similar components, connections and functions of theverification system 10, 10a in FIG. 1 and FIG. 4 will not be described in detail. One of the differences between theverification system 10a in FIG. Thesecurity protocol device 100 of thesystem 10 a further includes alink processing unit 140 , while theblockchain device 300 does not have a link processing unit. After the binarytree processing unit 110 of thesecurity protocol device 100 generates multiple binary trees BT, thelink processing unit 140 of thesecurity protocol device 100 will sequentially generate a data set DS according to multiple root hash values RH of these binary trees BT , and generate the link data string CDS according to the aforementioned two formulas, and thesecurity protocol device 100 will transmit the link data string CDS to theblock chain device 300 . That is to say, the data transmitted by thesecurity protocol device 100 to the blockchain BC is already a data structure with a link data string CDS.

請參照圖5,圖5為本發明又一實施例的驗證系統10b的方塊示意圖。圖1與圖5的驗證系統10、10b相同或相似的元件、連接關係與功能不再贅述,圖5的驗證系統10b相較於圖1的驗證系統10的差異之一在於,圖5的驗證系統10b包括安全協定裝置100、資料庫裝置200、區塊鏈裝置300與多個終端裝置400,安全協定裝置100通訊連接位於區塊鏈BC的區塊鏈裝置300並在鏈下OC通訊連接資料庫裝置200與各終端裝置400,且各終端裝置400還通訊連接區塊鏈裝置300。安全協定裝置100包括二元樹處理單元110、驗證單元120、讀取單元130、識別編號單元150、定位搜尋單元160、切片單元170與識別序號單元180,其中二元樹處理單元110、驗證單元120、讀取單元130、識別編號單元150、定位搜尋單元160、切片單元170與識別序號單元180例如但不限於是軟體/硬體所構成的功能模組,以分別執行特定功能,且二元樹處理單元110、驗證單元120、讀取單元130、識別編號單元150、定位搜尋單元160、切片單元170與識別序號單元180可以是各自獨立的模組或整合為一體的模組。Please refer to FIG. 5 , which is a schematic block diagram of averification system 10 b according to another embodiment of the present invention. The same or similar components, connections and functions of theverification system 10, 10b in FIG. 1 and FIG. Thesystem 10b includes asecurity protocol device 100, adatabase device 200, ablock chain device 300, and a plurality ofterminal devices 400. Thesecurity protocol device 100 communicates with theblock chain device 300 located in the block chain BC and communicates with the data in the off-chain OC. Thelibrary device 200 communicates with eachterminal device 400 , and eachterminal device 400 is also communicatively connected to theblock chain device 300 . Thesecurity protocol device 100 includes a binarytree processing unit 110, averification unit 120, areading unit 130, anidentification number unit 150, alocation search unit 160, aslice unit 170, and anidentification number unit 180, wherein the binarytree processing unit 110, theverification unit 120, thereading unit 130, theidentification number unit 150, thelocation search unit 160, theslice unit 170 and the identificationserial number unit 180 are, for example but not limited to, functional modules composed of software/hardware to perform specific functions respectively, and binary Thetree processing unit 110 , theverification unit 120 , thereading unit 130 , theidentification number unit 150 , thelocation search unit 160 , theslice unit 170 and theidentification number unit 180 may be independent modules or integrated modules.

如圖5所示,在本實施例中,區塊鏈裝置300包括至少一個智能合約(smart contract)310,安全協定裝置100傳送至區塊鏈裝置300的根雜湊值RH會儲存在對應的智能合約310中。在不同實施例中,區塊鏈裝置300亦可包括不同於智能合約的程式架構或介面,而根雜湊值RH可對應於不同的程式架構或介面而儲存在區塊鏈裝置300中。As shown in Figure 5, in this embodiment, theblock chain device 300 includes at least one smart contract (smart contract) 310, and the root hash value RH transmitted by thesecurity agreement device 100 to theblock chain device 300 will be stored in the corresponding smart contract. Incontract 310. In different embodiments, theblock chain device 300 may also include a program structure or interface different from the smart contract, and the root hash value RH may be stored in theblock chain device 300 corresponding to a different program structure or interface.

如圖5所示,在本實施例中,各終端裝置400包括紀錄資料產生單元410、識別資料產生單元420與切片驗證單元430。紀錄資料產生單元410、識別資料產生單元420與切片驗證單元430例如但不限於是軟體/硬體所構成的功能模組,以分別執行特定功能,且紀錄資料產生單元410、識別資料產生單元420與切片驗證單元430可以是各自獨立的模組或整合為一體的模組。紀錄資料產生單元410用以產生前述的紀錄資料RD,並且,當各終端裝置400的紀錄資料產生單元410產生紀錄資料RD時,各終端裝置400的識別資料產生單元420還會產生分別對應於各紀錄資料RD的多個識別資料ID,使得各紀錄資料RD會具有對應的識別資料ID。終端裝置400會將紀錄資料RD與對應的識別資料ID同時傳送給安全協定裝置100。在一些實施例中,終端裝置400可將紀錄資料RD與對應的識別資料ID整合為同一筆整合資料並傳送此筆整合資料至安全協定裝置100。在一些實施例中,識別資料ID為明碼。As shown in FIG. 5 , in this embodiment, eachterminal device 400 includes a recordingdata generation unit 410 , an identificationdata generation unit 420 and aslice verification unit 430 . The recorddata generation unit 410, the identificationdata generation unit 420 and theslice verification unit 430 are, for example but not limited to, functional modules composed of software/hardware to perform specific functions respectively, and the recorddata generation unit 410, the identificationdata generation unit 420 Theverification unit 430 and the slice can be independent modules or integrated modules. The recorddata generation unit 410 is used to generate the aforementioned record data RD, and when the recorddata generation unit 410 of eachterminal device 400 generates the record data RD, the identificationdata generation unit 420 of eachterminal device 400 will also generate There are multiple identification data IDs of the record data RD, so that each record data RD has a corresponding identification data ID. Theterminal device 400 transmits the record data RD and the corresponding identification data ID to thesecurity protocol device 100 at the same time. In some embodiments, theterminal device 400 can integrate the record data RD and the corresponding identification data ID into one integrated data and send the integrated data to thesecurity protocol device 100 . In some embodiments, the identification ID is clear.

如圖5所示,在本實施例中,安全協定裝置100會接收該些紀錄資料RD與該些對應的識別資料ID,且安全協定裝置100根據各識別資料ID儲存各紀錄資料RD的雜湊值RDH至對應的各葉節點LN。舉例來說,當安全協定裝置100接收該些識別資料ID之後,安全協定裝置100的識別編號單元150會根據各識別資料ID產生分別對應於各葉節點LN的多個識別編號IN,且安全協定裝置100會根據各識別編號IN儲存各紀錄資料RD的雜湊值RDH至對應的各葉節點LN。在此情況下,每個識別編號IN在任一二元樹BT中是唯一的,且各識別編號IN會分別對應二元樹BT中的各葉節點LN。因此,各紀錄資料RD的雜湊值RDH可藉由對應的識別編號IN而被定位於各葉節點LN,容後詳述。As shown in FIG. 5 , in this embodiment, thesecurity protocol device 100 will receive the record data RD and the corresponding identification data IDs, and thesecurity protocol device 100 will store the hash value of each record data RD according to each identification data ID RDH to each corresponding leaf node LN. For example, after thesecurity agreement device 100 receives these identification data IDs, theidentification number unit 150 of thesecurity agreement device 100 will generate a plurality of identification numbers IN corresponding to each leaf node LN according to each identification data ID, and the security agreement Thedevice 100 stores the hash value RDH of each record data RD to each corresponding leaf node LN according to each identification number IN. In this case, each identification number IN is unique in any binary tree BT, and each identification number IN corresponds to each leaf node LN in the binary tree BT. Therefore, the hash value RDH of each record data RD can be located in each leaf node LN by the corresponding identification number IN, which will be described in detail later.

在本實施例中,安全協定裝置100的識別編號單元150會自各識別資料ID的雜湊值中取出多個預定位元以產生各識別編號IN。並且,所述預定位元的數量可關聯於對應的二元樹BT的高度值H。在二元樹BT具有高度值H的情況下,二元樹BT會具有2(H-1)個葉節點LN。為使此二元樹BT的各葉節點LN具有對應且專屬唯一的識別編號IN,則該些預定位元是自各識別資料ID的雜湊值取出的至少H-1個位元,如此一來,這H-1個位元的排列組合將可滿足葉節點LN的數量,使得對應於葉節點LN的識別編號IN不會重複而具有唯一性。在本實施例中,這H-1個位元例如但不限於是識別資料ID的雜湊值中的前H-1個位元。在其他實施例中,所述H-1個位元可以是取自識別資料ID的雜湊值中的後H-1個位元或任意位置的H-1個位元。In this embodiment, theidentification number unit 150 of thesecurity protocol device 100 extracts a plurality of predetermined bits from the hash value of each identification material ID to generate each identification number IN. Also, the number of predetermined bits may be associated with the height H of the corresponding binary tree BT. In case the binary tree BT has a height value H, the binary tree BT will have 2(H-1) leaf nodes LN. In order to make each leaf node LN of the binary tree BT have a corresponding and unique identification number IN, the predetermined bits are at least H-1 bits extracted from the hash value of each identification data ID, so that, The permutation and combination of these H−1 bits can satisfy the number of leaf nodes LN, so that the identification numbers IN corresponding to the leaf nodes LN will not be repeated and have uniqueness. In this embodiment, the H-1 bits are, for example but not limited to, the first H-1 bits in the hash value of the identification material ID. In other embodiments, the H-1 bits may be the last H-1 bits or the H-1 bits at any position in the hash value of the identification material ID.

舉例來說,圖2的二元樹BT的高度值H為5,且此二元樹BT具有2(5-1)個葉節點LN,亦即二元樹BT具有16個葉節點LN。假設對應於某一紀錄資料RD的識別資料ID為「E1534391」,則識別編號單元150會將此識別資料ID以SHA-256的雜湊函數進行雜湊化,而產生雜湊值「dbb9ed8b677468b4834d2f634a77ea1e6663431bf1ee7523041467ff8023fa64」,接著識別編號單元150會取出此雜湊值轉換為二進位後的位元數列的前4個位元「1101」,並轉換1101為十進位值「13」,從而產生識別編號IN為「13」。識別編號單元150可將此二元樹BT的所有16個葉節點LN依序設定為編號1至16的葉節點LN,而識別編號IN為13的紀錄資料RD的雜湊值RDH則儲存於編號13的葉節點LN中。在一些實施例中,不同的識別資料ID可能產生相同的識別編號IN,或者不同的紀錄資料RD可能具有相同的識別資料ID而產生相同的識別編號IN,在此情況下,多筆紀錄資料RD的雜湊值RDH可對應於相同的識別編號IN而儲存於相同的葉節點LN中。在一些實施例中,二元樹BT的每一葉節點LN可儲存兩筆以上的紀錄資料RD的雜湊值RDH,且對應於某一葉節點LN的兩筆以上的紀錄資料RD的雜湊值RDH會被連接後再被雜湊化而產生雜湊值,此對應於兩筆以上的紀錄資料RD的雜湊值會儲存於此葉節點LN中。For example, the height H of the binary tree BT in FIG. 2 is 5, and the binary tree BT has 2(5-1) leaf nodes LN, that is, the binary tree BT has 16 leaf nodes LN. Assuming that the identification data ID corresponding to a certain record data RD is "E1534391", theidentification number unit 150 will hash the identification data ID with the hash function of SHA-256 to generate a hash value "dbb9ed8b677468b4834d2f634a77ea1e6663431bf1ee7523041467ff8023fa64", and then the identification number Theunit 150 will take out the first 4 bits "1101" of the bit sequence after converting the hash value into binary, and convert 1101 into the decimal value "13", thereby generating the identification number IN as "13". Theidentification number unit 150 can sequentially set all 16 leaf nodes LN of the binary tree BT as leaf nodes LN numbered 1 to 16, and the hash value RDH of the record data RD whose identification number IN is 13 is stored innumber 13 in the leaf node LN. In some embodiments, different identification data IDs may generate the same identification number IN, or different record data RD may have the same identification data ID and generate the same identification number IN. In this case, multiple record data RD The hash value RDH of can be stored in the same leaf node LN corresponding to the same identification number IN. In some embodiments, each leaf node LN of the binary tree BT can store more than two hash values RDH of record data RD, and the hash value RDH of more than two record data RD corresponding to a certain leaf node LN will be After the connection, it is hashed to generate a hash value, and the hash value corresponding to more than two record data RD will be stored in the leaf node LN.

如圖5所示,在本實施例中,安全協定裝置100的定位搜尋單元160可藉由識別編號IN而能定位紀錄資料RD的雜湊值RDH。當使用者需要尋找或驗證資料庫裝置200中的對應於某一二元樹BT中的某一筆紀錄資料RD的雜湊值RDH時,使用者可透過安全協定裝置100進行上述作業。此時,安全協定裝置100的定位搜尋單元160會透過識別編號IN以定位此筆紀錄資料RD的雜湊值RDH的位置(即所儲存的葉節點LN),並直接由對應於此識別編號IN的二元樹BT的葉節點LN中取出此筆紀錄資料RD的雜湊值RDH,達到可快速定位與搜尋資料的目的。並且,若要驗證某筆紀錄資料RD不存在,亦可藉由識別編號IN來完成,安全協定裝置100無須取得完整的二元樹BT中的所有雜湊值,安全協定裝置100的定位搜尋單元160可透過對應於此筆紀錄資料RD的識別編號IN以定位此筆紀錄資料RD的雜湊值RDH的位置,即對應的葉節點LN,並可直接確認此紀錄資料RD的雜湊值RDH是否存在於此葉節點LN中。若此葉節點LN沒有此筆紀錄資料RD的雜湊值RDH,即可驗證此筆紀錄資料RD不存在。如此一來,整個驗證作業所耗費的網路傳輸需求、運算量、運算時間與運算成本可大幅降低。As shown in FIG. 5 , in this embodiment, thelocation search unit 160 of thesecurity protocol device 100 can locate the hash value RDH of the record data RD by using the identification number IN. When the user needs to find or verify the hash value RDH corresponding to a certain record data RD in a certain binary tree BT in thedatabase device 200 , the user can perform the above operation through thesecurity protocol device 100 . At this time, thelocation search unit 160 of thesecurity protocol device 100 will use the identification number IN to locate the position of the hash value RDH of the record data RD (that is, the stored leaf node LN), and directly use the corresponding identification number IN The hash value RDH of the record data RD is taken out from the leaf node LN of the binary tree BT to achieve the purpose of quickly locating and searching for data. Moreover, if it is necessary to verify that a certain record data RD does not exist, it can also be completed by the identification number IN. Thesecurity protocol device 100 does not need to obtain all the hash values in the complete binary tree BT. Thelocation search unit 160 of thesecurity protocol device 100 The position of the hash value RDH of this record data RD can be located through the identification number IN corresponding to this record data RD, that is, the corresponding leaf node LN, and it can be directly confirmed whether the hash value RDH of this record data RD exists here In the leaf node LN. If the leaf node LN does not have the hash value RDH of the record data RD, it can be verified that the record data RD does not exist. In this way, the network transmission requirements, calculation amount, calculation time and calculation cost consumed by the entire verification operation can be greatly reduced.

如前所述,在一些實施例中,不同的紀錄資料RD的識別資料ID可能產生相同的識別編號IN,在此情況下,某一筆紀錄資料RD的雜湊值RDH可能被定位至兩個以上的葉節點LN,若需要驗證此筆紀錄資料RD,安全協定裝置100可由資料庫裝置200取得此兩個以上的葉節點LN中的雜湊值RDH並進行驗證。在本實施例中,重複的識別編號IN的機率相對低,即使某一筆紀錄資料RD的雜湊值RDH被定位至兩個以上的葉節點LN,這些被定位的葉節點LN的數量仍是小於或遠小於所有葉節點LN的數量,整個驗證作業所耗費的網路傳輸需求、運算量、運算時間與運算成本仍可大幅降低。As mentioned above, in some embodiments, the identification data ID of different record data RD may generate the same identification number IN. In this case, the hash value RDH of a certain record data RD may be located in more than two If the leaf node LN needs to verify the record data RD, thesecurity protocol device 100 can obtain the hash value RDH in the two or more leaf nodes LN from thedatabase device 200 and perform verification. In this embodiment, the probability of repeated identification numbers IN is relatively low. Even if the hash value RDH of a certain record data RD is located at more than two leaf nodes LN, the number of these located leaf nodes LN is still less than or Far smaller than the number of all leaf nodes LN, the network transmission requirements, calculation amount, calculation time and calculation cost consumed by the entire verification operation can still be greatly reduced.

如圖5所示,在本實施例中,終端裝置400更包括識別編號單元440,終端裝置400的識別編號單元440與安全協定裝置100的識別編號單元150具有相同的功能,識別編號單元440亦可根據紀錄資料RD的識別資料ID而產生識別編號IN,且終端裝置400可透過識別編號單元440驗證安全協定裝置100是否從正確的葉節點LN取得資料。舉例來說,若終端裝置400需要驗證某一紀錄資料RD,且此紀錄資料RD的識別資料ID為「E1534391」(請參照前述例子),當終端裝置400傳送此驗證要求至安全協定裝置100,安全協定裝置100的定位搜尋單元160可透過對應於此筆紀錄資料RD的識別編號IN以定位此筆紀錄資料RD的雜湊值RDH的位置,並找出其是位於資料庫裝置200中的二元樹BT的編號13的葉節點LN中,且回傳編號13的葉節點LN中的雜湊值RDH至終端裝置400,以讓終端裝置400進行驗證。終端裝置400的識別編號單元440同樣可根據此紀錄資料RD的識別資料ID為「E1534391」而產生識別編號IN,並根據識別編號IN可推算此紀錄資料RD的雜湊值RDH應是儲存於編號13的葉節點LN中,藉此,終端裝置400可確認安全協定裝置100所回傳的紀錄資料RD的雜湊值RDH是否來自於正確的位置(即編號13的葉節點LN)。As shown in Figure 5, in this embodiment, theterminal device 400 further includes anidentification number unit 440, theidentification number unit 440 of theterminal device 400 has the same function as theidentification number unit 150 of thesecurity agreement device 100, and theidentification number unit 440 also The identification number IN can be generated according to the identification data ID of the record data RD, and theterminal device 400 can verify whether thesecurity protocol device 100 obtains the data from the correct leaf node LN through theidentification number unit 440 . For example, if theterminal device 400 needs to verify a certain record data RD, and the identification data ID of the record data RD is "E1534391" (please refer to the above example), when theterminal device 400 sends the verification request to thesecurity agreement device 100, Thelocation search unit 160 of thesecurity agreement device 100 can locate the position of the hash value RDH of the record data RD through the identification number IN corresponding to the record data RD, and find out that it is located in the binary data in thedatabase device 200. In the leaf node LN of thenumber 13 of the tree BT, and return the hash value RDH in the leaf node LN of thenumber 13 to theterminal device 400 for verification by theterminal device 400 . Theidentification number unit 440 of theterminal device 400 can also generate the identification number IN according to the identification data ID of the record data RD being "E1534391", and according to the identification number IN, it can be deduced that the hash value RDH of the record data RD should be stored innumber 13 In this way, theterminal device 400 can confirm whether the hash value RDH of the record data RD returned by thesecurity protocol device 100 comes from the correct location (ie, the leaf node LN numbered 13).

請再參照圖6,圖6為本發明一實施例的二元樹BT的切片BTS的示意圖。如圖5與圖6所示,在本實施例中,當安全協定裝置100傳送二元樹BT的根雜湊值RH至區塊鏈裝置300時,安全協定裝置100的切片單元170會自動切割二元樹BT為多個切片(slice)BTS且回傳各切片BTS至對應的各終端裝置400,而各終端裝置400的切片驗證單元430會驗證所接收的各切片BTS的正確性。如圖2與圖6所示,在本實施例中,每一切片BTS為二元樹BT的樹根R、對應的兩個葉節點LN與必要的中間節點MN所組成的模克證明(Merkle proof)。此組葉節點LN中儲存的紀錄資料RD的雜湊值RDH,可經由前述的運算過程,而得到位於樹根R的根雜湊值RH,而切片BTS的根雜湊值RH應與完整二元樹BT的根雜湊值RH一致。舉例來說,某一終端裝置400將某一筆紀錄資料RD與識別資料ID傳送至安全協定裝置100後,安全協定裝置100會將此紀錄資料RD的雜湊值RDH儲存至某一二元樹BT的某一葉節點LN中且會回傳此葉節點LN所對應的切片BTS至此終端裝置400,而此終端裝置400會比對此切片BTS的葉節點LN中的此筆紀錄資料RD的雜湊值RDH與此終端裝置400所產生的原始紀錄資料RD的原始雜湊值RDH是否一致,若一致則表示驗證正確,若不一致則表示驗證不正確。若驗證不正確,對應的終端裝置400可傳送一抗議訊息至區塊鏈裝置300,以進行後續資料修正或無效等程序。Please refer to FIG. 6 again. FIG. 6 is a schematic diagram of a slice BTS of a binary tree BT according to an embodiment of the present invention. As shown in Figures 5 and 6, in this embodiment, when thesecurity protocol device 100 transmits the root hash value RH of the binary tree BT to theblock chain device 300, theslicing unit 170 of thesecurity protocol device 100 will automatically cut two The meta tree BT is a plurality of slice BTSs, and each slice BTS is sent back to each correspondingterminal device 400, and theslice verification unit 430 of eachterminal device 400 will verify the correctness of each received slice BTS. As shown in Figure 2 and Figure 6, in this embodiment, each slice BTS is a Merkle proof (Merkle proof). The hash value RDH of the record data RD stored in this group of leaf nodes LN can be obtained through the aforementioned calculation process to obtain the root hash value RH at the root R of the tree, and the root hash value RH of the slice BTS should be the same as the complete binary tree BT The root hash value RH is consistent. For example, after aterminal device 400 transmits a record data RD and identification data ID to thesecurity protocol device 100, thesecurity protocol device 100 will store the hash value RDH of the record data RD in a binary tree BT. In a certain leaf node LN and will return the slice BTS corresponding to the leaf node LN to theterminal device 400, and theterminal device 400 will compare the hash value RDH of the record data RD in the leaf node LN of the slice BTS with Whether the original hash value RDH of the original record data RD generated by theterminal device 400 is consistent, if consistent, it means that the verification is correct, and if not, it means that the verification is incorrect. If the verification is incorrect, the correspondingterminal device 400 can send a protest message to theblock chain device 300 for subsequent procedures such as data correction or invalidation.

在本實施例中,各終端裝置400包括區塊鏈晶片,所述區塊鏈晶片例如但不限於是可自動在區塊鏈BC與驗證系統10、10b之間互相傳送訊號的積體電路(IC)。藉由區塊鏈晶片,終端裝置400可設計得更加輕薄短小,且終端裝置400可更容易設置於任何物件上或整合至任何電子裝置中。舉例來說,終端裝置400可設置或整合至電池(如電動或油電混合的公車或汽車用的大電池組)、電錶、汽車大燈、汽車本體(如透過5G聯網的汽車的行車電腦)或畫框,且終端裝置400會自動且持續上傳各物件的紀錄資料RD,這些紀錄資料RD例如但不限於是電池、電錶或汽車大燈的每時或每日(依據上傳預定間隔而定)歷史使用狀況,或汽車本體各感測器資訊(如引擎、里程表、啟動次數…等)的每時或每日的歷史感測資料,或畫框上的感測器所感測的每時或每日的濕溼度變化歷史感測資料與畫者原始資料等,而安全協定裝置100可將這些紀錄資料RD的雜湊值RDH儲存至鏈下OC的資料庫裝置200,並將根雜湊值RH上傳至區塊鏈裝置300。In this embodiment, eachterminal device 400 includes a blockchain chip, which is, for example but not limited to, an integrated circuit ( IC). With the blockchain chip, theterminal device 400 can be designed to be thinner, lighter and smaller, and theterminal device 400 can be more easily arranged on any object or integrated into any electronic device. For example, theterminal device 400 can be installed or integrated into a battery (such as a large battery pack for an electric or gasoline-electric hybrid bus or a car), an electric meter, a car headlight, and a car body (such as a driving computer of a car connected to the Internet through 5G) or picture frame, and theterminal device 400 will automatically and continuously upload the record data RD of each object, such as but not limited to, every hour or every day of the battery, electric meter or car headlights (depending on the scheduled upload interval) Historical usage status, or the hourly or daily historical sensing data of each sensor information of the car body (such as engine, odometer, number of starts, etc.), or the hourly or daily historical sensing data sensed by the sensors on the frame The daily humidity and humidity change history sensing data and the original data of the painter, etc., and thesecurity protocol device 100 can store the hash value RDH of these record data RD to thedatabase device 200 of the off-chain OC, and upload the root hash value RH To blockchain device 300.

基於驗證系統10、10a、10b,除了可藉由鏈下OC的資料庫裝置200來達到各種資料的快速定位與搜尋之外,也可藉由區塊鏈BC的驗證來達到資料的不可否認性。且基於終端裝置400的搭配應用,物件的狀況可獲得保證,而物件的價值也得以提高。例如原本長程車用的中古大電池組在使用一定程度後可轉給短程車用,而短程車用的中古大電池組在使用一定程度後又可轉給諸如漁塭等場所作為備用發電電池。而這之間每一次轉換都可經過諸如中古買賣平台進行交易,而每次交易都可藉由驗證系統10、10a、10b來驗證物件的狀況,從而提高物件品質的信賴度與物件價值。Based on theverification system 10, 10a, 10b, in addition to the rapid location and search of various data through thedatabase device 200 of the off-chain OC, the non-repudiation of data can also be achieved through the verification of the blockchain BC . And based on the matching application of theterminal device 400, the condition of the object can be guaranteed, and the value of the object can also be increased. For example, the second-hand large battery pack originally used for long-distance vehicles can be transferred to short-distance vehicles after being used to a certain extent, and the second-hand large battery pack used for short-distance vehicles can be transferred to places such as fishing farms as backup power generation batteries after being used to a certain extent. And every conversion can be traded through such as the medieval trading platform, and each transaction can be verified by theverification system 10, 10a, 10b to verify the condition of the object, thereby improving the reliability of the quality of the object and the value of the object.

如圖5所示,在本實施例中,區塊鏈裝置300的智能合約310更包括鏈接處理單元311與累計序號單元312。安全協定裝置100的識別序號單元180用以產生識別序號IS,區塊鏈裝置300的累計序號單元312用以產生累計序號AS,而鏈接處理單元311用以產生鏈接資料串CDS。As shown in FIG. 5 , in this embodiment, thesmart contract 310 of theblockchain device 300 further includes alink processing unit 311 and a cumulativeserial number unit 312 . The identificationserial number unit 180 of thesecurity protocol device 100 is used to generate the identification serial number IS, the cumulativeserial number unit 312 of theblockchain device 300 is used to generate the cumulative serial number AS, and thelink processing unit 311 is used to generate the link data string CDS.

請參照圖7,圖7為本發明另一實施例的鏈接資料串CDS的示意圖。如圖5與圖7所示,在本實施例中,鏈接資料串CDS的每一筆資料集合DS包括根雜湊值RH、識別序號IS、累計序號AS與鏈接雜湊值CH,每一資料集合DS的鏈接雜湊值CH關聯於前一資料集合DS的根雜湊值RH、識別序號IS、累計序號AS與鏈接雜湊值CH,且該些資料集合DS最前者的鏈接雜湊值CH關聯於初始鏈接值CH0。在一些實施例中,鏈接資料串CDS的每一筆資料集合DS包括根雜湊值RH、識別序號IS與鏈接雜湊值CH,但不包括累計序號AS,而每一資料集合DS的鏈接雜湊值CH關聯於前一資料集合DS的根雜湊值RH、識別序號IS與鏈接雜湊值CH。在本實施例中,每一資料集合DS的鏈接雜湊值CH為雜湊化前一資料集合DS而產生,且最前的資料集合DS的鏈接雜湊值CH為雜湊化初始鏈接值CH0而產生。Please refer to FIG. 7 , which is a schematic diagram of a link data string CDS according to another embodiment of the present invention. As shown in Figures 5 and 7, in this embodiment, each data set DS of the link data string CDS includes a root hash value RH, an identification number IS, an accumulative number AS, and a link hash value CH, each data set DS The chain hash value CH is associated with the root hash value RH, identification number IS, cumulative number AS and chain hash value CH of the previous data set DS, and the chain hash value CH of the first data set DS is associated with the initial chain value CH0 . In some embodiments, each data set DS of the link data string CDS includes a root hash value RH, an identification number IS and a link hash value CH, but does not include the cumulative number AS, and the link hash value CH of each data set DS is associated with The root hash value RH, the identification number IS and the link hash value CH in the previous data set DS. In this embodiment, the chain hash value CH of each data set DS is generated by hashing the previous data set DS, and the chain hash value CH of the first data set DS is generated by hashing the initial chain value CH0 .

如圖5與圖7所示,在本實施例中,鏈接資料串CDS的各資料集合DS的識別序號IS分別對應於各根雜湊值RH。當安全協定裝置100傳送該些根雜湊值RH至區塊鏈裝置300,安全協定裝置100還會對應產生並傳送該些識別序號IS至區塊鏈裝置300。舉例來說,識別序號IS包括時間戳記,時間戳記關聯於對應的該根雜湊值RH,當安全協定裝置100在一特定時間點產生某一筆根雜湊值RH時,識別序號單元180會對應於此特定時間點而產生識別序號IS,此識別序號IS即包括對應此特定時間點的時間戳記。換句話說,不同時間點產生的根雜湊值RH必定會對應於不同的識別序號IS,且時間是不斷推進,在後產生的根雜湊值RH的識別序號IS的時間戳記所對應的時間點必定會晚於在前產生的根雜湊值RH的識別序號IS的時間戳記所對應的時間點。相應的,在鏈接資料串CDS中,在後的資料集合DS的識別序號IS的時間戳記所對應的時間點必定會晚於在前的資料集合DS的識別序號IS的時間戳記所對應的時間點。藉此,可加強鏈接資料串CDS的資料集合DS的不可修改性,使鏈接資料串CDS的資料難以被竄改。As shown in FIG. 5 and FIG. 7 , in this embodiment, the identification numbers IS of each data set DS of the linked data string CDS correspond to each root hash value RH respectively. When thesecurity protocol device 100 transmits the root hash values RH to theblockchain device 300 , thesecurity protocol device 100 will correspondingly generate and transmit the identification serial numbers IS to theblockchain device 300 . For example, the identification number IS includes a time stamp, and the time stamp is associated with the corresponding root hash value RH. When thesecurity agreement device 100 generates a certain root hash value RH at a specific time point, theidentification number unit 180 will correspond to this An identification number IS is generated at a specific time point, and the identification number IS includes a time stamp corresponding to the specific time point. In other words, the root hash value RH generated at different time points must correspond to different identification numbers IS, and the time is constantly advancing, and the time point corresponding to the time stamp of the identification number IS of the root hash value RH generated later must be It will be later than the time point corresponding to the time stamp of the identification sequence number IS of the previously generated root hash value RH. Correspondingly, in the linked data string CDS, the time point corresponding to the time stamp of the identification number IS of the subsequent data set DS must be later than the time point corresponding to the time stamp of the identification number IS of the previous data set DS . Thereby, the unmodifiability of the data set DS of the link data string CDS can be enhanced, making it difficult for the data of the link data string CDS to be tampered with.

如圖5與圖7所示,在本實施例中,鏈接資料串CDS的各資料集合DS的累計序號AS分別對應於各根雜湊值RH,且每一資料集合DS的累計序號AS為前一資料集合DS的累計序號AS的累計值。當安全協定裝置100傳送該些根雜湊值RH與該些識別序號IS至區塊鏈裝置300,區塊鏈裝置300的累計序號單元312會對應於該些根雜湊值RH與該些識別序號IS而依序產生該些累計序號AS。舉例來說,當區塊鏈裝置300接收到第一筆根雜湊值RH與對應的識別序號IS,累計序號單元312會產生值為整數1的累計序號AS,而鏈接處理單元311會整合第一筆資料集合DS,其中包括第一筆根雜湊值RH、對應的識別序號IS、值為整數1的累計序號AS與對應的鏈接雜湊值CH。而當安全協定裝置100接收到第二筆根雜湊值RH與對應的識別序號IS,累計序號單元312會累加1至前一筆累計序號AS而產生值為整數2的累計序號AS,而鏈接處理單元311會整合第二筆資料集合DS,其中包括第二筆根雜湊值RH、對應的識別序號IS、值為整數2的累計序號AS與對應的鏈接雜湊值CH。換句話說,累計序號AS是不斷累加的,而在後產生的資料集合DS的累計序號AS必定會大於在前產生的資料集合DS的累計序號AS。並且,累計序號AS是由區塊鏈上的區塊鏈裝置300產生,其具有不可否認性。藉此,可加強鏈接資料串CDS的資料集合DS的不可修改性,使鏈接資料串CDS的資料難以被竄改。As shown in Fig. 5 and Fig. 7, in this embodiment, the cumulative sequence number AS of each data set DS linked to the data string CDS corresponds to each root hash value RH, and the cumulative sequence number AS of each data set DS is the previous one. The accumulation value of the accumulation serial number AS of the data set DS. When thesecurity protocol device 100 transmits the root hash values RH and the identification numbers IS to theblock chain device 300, the cumulativesequence number unit 312 of theblock chain device 300 will correspond to the root hash values RH and the identification number IS And these accumulative sequence numbers AS are generated sequentially. For example, when theblock chain device 300 receives the first root hash value RH and the corresponding identification serial number IS, the cumulativeserial number unit 312 will generate a cumulative serial number AS with an integer value of 1, and thelink processing unit 311 will integrate the first The data set DS includes the first root hash value RH, the corresponding identification number IS, the cumulative number AS whose value is aninteger 1, and the corresponding link hash value CH. And when thesecurity protocol device 100 receives the second root hash value RH and the corresponding identification sequence number IS, the cumulativesequence number unit 312 will accumulate 1 to the previous cumulative sequence number AS to generate the cumulative sequence number AS with an integer value of 2, and thelink processing unit 311 integrates the second data set DS, which includes the second root hash value RH, the corresponding identification number IS, the cumulative number AS whose value is aninteger 2, and the corresponding link hash value CH. In other words, the accumulative sequence number AS is continuously accumulated, and the accumulative sequence number AS of the data set DS generated later must be greater than the cumulative sequence number AS of the data set DS generated earlier. Moreover, the accumulative serial number AS is generated by theblockchain device 300 on the blockchain, which has non-repudiation. Thereby, the unmodifiability of the data set DS of the link data string CDS can be enhanced, making it difficult for the data of the link data string CDS to be tampered with.

在本實施例中,鏈接處理單元311會根據以下兩個公式產生鏈接資料串CDS中的多個以串列方式鏈接的資料集合DS:In this embodiment, thelink processing unit 311 will generate a plurality of serially linked data sets DS in the linked data string CDS according to the following two formulas:

CHi=hash(RHi-1| ISi-1| i-1 | CHi-1);以及CHi = hash(RHi-1 | ISi-1 | i-1 | CHi-1 ); and

CH1=hash(CH0)。CH1 =hash(CH0 ).

其中,RHi-1為根雜湊值RH,ISi-1為識別序號IS,i-1為累計序號AS,CHi-1為鏈接雜湊值CH,且i為2至k的整數。Wherein, RHi-1 is the root hash value RH, ISi-1 is the identification number IS, i-1 is the accumulation number AS, CHi-1 is the link hash value CH, and i is an integer from 2 to k.

如圖7所示,最前的資料集合DS的根雜湊值RH為RH1、識別序號IS為IS1、累計序號AS為1而鏈接雜湊值CH為CH1,且CH1為雜湊化CH0而產生的雜湊值。在後的(排列在最前的資料集合DS後)的第二筆資料集合DS的根雜湊值RH為RH2、識別序號IS為IS2、累計序號AS為2而鏈接雜湊值CH為CH2,且CH2為雜湊化連接後的RH1、IS1、1與CH1而產生的雜湊值。在後的(排列第二筆資料集合DS後)的第三筆資料集合DS的根雜湊值RH為RH3、識別序號IS為IS3、累計序號AS為3而鏈接雜湊值CH為CH3,且CH3為雜湊化連接後的RH2、IS2、2與CH2而產生的雜湊值。最後的資料集合DS的根雜湊值RH為RHk、識別序號IS為ISk、累計序號AS為k而鏈接雜湊值CH為CHk,且CHk為雜湊化連接後的RHk-1、ISk-1、k-1與CHk-1而產生的雜湊值。其餘資料集合DS的根雜湊值RH、識別序號IS、累計序號AS與鏈接雜湊值CH則以此類推。並且,這些以串列方式鏈接的資料集合DS組成鏈接資料串CDS。As shown in Figure 7, the root hash value RH of the first data set DS is RH1 , the identification number IS is IS1 , the cumulative number AS is 1 and the link hash value CH is CH1 , and CH1 is hashed CH0 and generated hash value. The root hash value RH of the second data set DS following (arranged after the first data set DS) is RH2 , the identification number IS is IS2 , the cumulative number AS is 2 and the link hash value CH is CH2 , And CH2 is a hash value generated by hashing the connected RH1 , IS1 , 1 and CH1 . The root hash value RH of the third data set DS following (after the second data set DS is arranged) is RH3 , the identification serial number IS is IS3 , the cumulative serial number AS is 3 and the link hash value CH is CH3 , And CH3 is a hash value generated by hashing the connected RH2 , IS2 , 2 and CH2 . The root hash value RH of the final data set DS is RHk , the identification sequence number IS is ISk , the cumulative sequence number AS is k and the link hash value CH is CHk , and CHk is RHk-1 , IS The hash value generated byk-1 , k-1 and CHk-1 . The root hash value RH, identification number IS, cumulative number AS, and link hash value CH of the rest of the data set DS can be deduced by analogy. And, these serially linked data sets DS form a linked data string CDS.

如圖5與圖7所示,在本實施例中,安全協定裝置100除了會將二元樹BT與初始鏈接值CH0儲存到資料庫裝置200中,安全協定裝置100也會將對應於各二元樹BT的各根雜湊值RH(或對應於鏈接資料串CDS的各資料集合DS)的識別序號IS與累計序號AS儲存到資料庫裝置200中。當安全協定裝置100接收讀取要求RR,且此讀取要求RR是要求讀取多個根雜湊值RH,而這多個根雜湊值RH屬於某一鏈接資料串CDS的多個資料集合DS,讀取單元130會自區塊鏈裝置300讀取此鏈接資料串CDS的該些資料集合DS在後者的根雜湊值RH,並自資料庫裝置200讀取此鏈接資料串CDS的該些資料集合DS在前者的一或多個根雜湊值RH,且安全協定裝置100以區塊鏈裝置300的在後的資料集合DS的鏈接雜湊值CH驗證資料庫裝置200的在前的一或多個根雜湊值RH的正確性。As shown in FIG. 5 and FIG. 7, in this embodiment, in addition to storing the binary tree BT and the initial link value CH0 in the database device200 , thesecurity protocol device 100 will also store the corresponding The identification number IS and cumulative number AS of each root hash value RH of the binary tree BT (or each data set DS corresponding to the link data string CDS) are stored in thedatabase device 200 . When thesecurity protocol device 100 receives the read request RR, and the read request RR is to read multiple root hash values RH, and the multiple root hash values RH belong to multiple data sets DS of a certain link data string CDS, Thereading unit 130 will read the root hash value RH of the data sets DS of the link data string CDS from theblock chain device 300, and read the data sets of the link data string CDS from thedatabase device 200 DS is at the former one or more root hash values RH, and thesecurity protocol device 100 verifies the previous one or more roots of thedatabase device 200 with the link hash value CH of the subsequent data set DS of theblockchain device 300 The correctness of the hash value RH.

舉例來說,當安全協定裝置100接收讀取要求RR,此讀取要求RR是要求讀取如圖7的鏈接資料串CDS的RH1至RHk的k個根雜湊值RH,讀取單元130會自區塊鏈裝置300讀取此鏈接資料串CDS的該些資料集合DS最後一筆的資料集合DS的根雜湊值RH與鏈接雜湊值CH(即RHk與CHk),並且,讀取單元130會自資料庫裝置200讀取在前的資料集合DS的根雜湊值RH(即RH1至RHk-1)、識別序號IS(即IS1至ISk-1)與累計序號AS(即1至k-1),並且,驗證單元120會以最後一筆的資料集合DS的RHk來驗證資料庫裝置200的在前的資料集合DS的RH1至RHk-1的正確性。驗證單元120可使用前述兩個公式,並以資料庫裝置200儲存的初始鏈接值CH0、RH1至RHk-1、IS1至ISk-1與1至k-1進行雜湊與鏈接運算而推算出CHk,並以推算出的CHk來比對區塊鏈裝置300上的CHk。若推算出的CHk與區塊鏈裝置300上的CHk一致,則表示資料庫裝置200儲存的RH1至RHk-1與區塊鏈裝置300上的RH1至RHk-1也會一致。因為基於雜湊運算,只要資料庫裝置200儲存的RH1至RHk-1中任一個根雜湊值RH與區塊鏈裝置300上的RH1至RHk-1中的對應根雜湊值RH不一致,則推算出的CHk就會不同於區塊鏈裝置300上的CHkFor example, when thesecurity protocol device 100 receives a read request RR, the read request RR is to read the k root hash values RH of RH1 to RHk of the link data string CDS shown in FIG. 7 , theread unit 130 The root hash value RH and the link hash value CH (that is, RHk and CHk ) of the last data set DS of the data sets DS of the link data string CDS will be read from theblock chain device 300, and theread unit 130 will read from thedatabase device 200 the root hash value RH (ie RH1 to RHk-1 ), the identification serial number IS (ie IS1 to ISk-1 ) and the cumulative serial number AS (ie 1 to k-1), and theverification unit 120 will use the RHk of the last data set DS to verify the correctness of RH1 to RHk-1 of the previous data set DS of thedatabase device 200 . Theverification unit 120 can use the aforementioned two formulas and perform hash and link operations with the initial link values CH0 , RH1 to RHk-1 , IS1 to ISk-1 and 1 to k-1 stored in thedatabase device 200 And calculate CHk , and compare CHk on theblock chain device 300 with the calculated CHk . If the calculated CHk is consistent with the CHk on theblock chain device 300, it means that the RH1 to RH k-1 stored in thedatabase device 200 and the RH1 to RHk-1on theblock chain device 300 will also be unanimous. Because it is based on a hash operation, as long as any root hash value RH stored in thedatabase device 200 from RH1 to RHk-1 is inconsistent with the corresponding root hash value RH in RH1 to RHk-1 on theblockchain device 300, Then the calculated CHk will be different from the CHk on theblockchain device 300 .

在不同實施例中,驗證系統10、10a與10b中的各元件可任意組合。例如,驗證系統10b可不包括終端裝置400;或者,驗證系統10、10a可包括類似於驗證系統10b的終端裝置400,但不限於此。In different embodiments, various components in theauthentication systems 10, 10a and 10b can be combined arbitrarily. For example, theverification system 10b may not include theterminal device 400; alternatively, theverification system 10, 10a may include theterminal device 400 similar to theverification system 10b, but not limited thereto.

請參照圖8,圖8為本發明一實施例的驗證方法的流程圖。在本實施例中,驗證方法可透過圖1或圖4所示的驗證系統10、10a實現,但不限於此。驗證方法適用於與區塊鏈BC協作。在步驟S101中,安全協定裝置100會在鏈下OC自多個終端裝置400接收多個紀錄資料RD。在步驟S103中,安全協定裝置100會根據雜湊函數整合該些紀錄資料RD為至少一二元樹BT,且各紀錄資料RD的雜湊值RDH分別儲存於二元樹BT的各葉節點LN。在步驟S105中,安全協定裝置100會傳送二元樹BT的根雜湊值RH至區塊鏈BC,且區塊鏈裝置300會儲存這些根雜湊值RH。在步驟S107中,區塊鏈裝置300或安全協定裝置100會根據前述公式產生鏈接資料串CDS。Please refer to FIG. 8 , which is a flowchart of a verification method according to an embodiment of the present invention. In this embodiment, the verification method can be implemented through theverification system 10, 10a shown in FIG. 1 or FIG. 4, but is not limited thereto. The verification method is suitable for collaboration with blockchain BC. In step S101 , thesecurity agreement device 100 receives a plurality of record data RD from a plurality ofterminal devices 400 in the off-chain OC. In step S103 , thesecurity protocol device 100 integrates the record data RD into at least one binary tree BT according to the hash function, and the hash value RDH of each record data RD is stored in each leaf node LN of the binary tree BT. In step S105 , thesecurity agreement device 100 will transmit the root hash value RH of the binary tree BT to the blockchain BC, and theblockchain device 300 will store the root hash value RH. In step S107, theblockchain device 300 or thesecurity protocol device 100 will generate a link data string CDS according to the aforementioned formula.

在步驟S109中,安全協定裝置100會在鏈下OC儲存二元樹BT與初始鏈接值CH0,即安全協定裝置100會將完整的二元樹BT與初始鏈接值CH0儲存於鏈下OC的資料庫裝置200。在不同實施例中,初始鏈接值CH0可不儲存於資料庫裝置200中;當有需要時,安全協定裝置100可自區塊鏈裝置300讀取初始鏈接值CH0In step S109, thesecurity protocol device 100 will store the binary tree BT and the initial link value CH0 in the off-chain OC, that is, thesecurity protocol device 100 will store the complete binary tree BT and the initial link value CH0 in the off-chainOC database device 200. In different embodiments, the initial link value CH0 may not be stored in thedatabase device 200 ; when necessary, thesecurity protocol device 100 may read the initial link value CH0 from theblockchain device 300 .

在步驟S111中,當安全協定裝置100接收一驗證要求,安全協定裝置100會比對位於區塊鏈BC上的區塊鏈裝置300中的根雜湊值RH與在鏈下OC的資料庫裝置200中儲存的二元樹BT的根雜湊值RH,以驗證在鏈下OC儲存的二元樹BT的正確性。在步驟S113中,當安全協定裝置100接收讀取要求RR,且此讀取要求RR要求讀取鏈接資料串CDS中的多個資料集合DS的多個根雜湊值RH,安全協定裝置100會讀取區塊鏈BC上的資料集合DS在後者的根雜湊值RH並讀取在鏈下OC儲存的資料集合DS在前者的一或多個根雜湊值RH。在步驟S115中,安全協定裝置100會以區塊鏈BC上的在後的資料集合DS的鏈接雜湊值CH驗證在鏈下OC儲存的在前的一或多個根雜湊值RH的正確性。In step S111, when thesecurity protocol device 100 receives a verification request, thesecurity protocol device 100 will compare the root hash value RH in theblockchain device 300 on the blockchain BC with thedatabase device 200 in the off-chain OC The root hash value RH of the binary tree BT stored in OC is used to verify the correctness of the binary tree BT stored in the off-chain OC. In step S113, when thesecurity protocol device 100 receives the read request RR, and the read request RR requests to read multiple root hash values RH of multiple data sets DS in the link data string CDS, thesecurity protocol device 100 will read Take the root hash value RH of the data set DS on the blockchain BC in the latter and read one or more root hash values RH of the data set DS stored in the off-chain OC in the former. In step S115 , thesecurity protocol device 100 verifies the correctness of one or more previous root hash values RH stored in the off-chain OC with the link hash value CH of the subsequent data set DS on the blockchain BC.

請參照圖9,圖9為本發明另一實施例的驗證方法的流程圖。在本實施例中,驗證方法可透過圖5所示的驗證系統10b實現,但不限於此。在步驟S201中,安全協定裝置100會在鏈下OC自多個終端裝置400接收多個紀錄資料RD與多個識別資料ID,各識別資料ID是分別對應於各紀錄資料RD。在步驟S203中,當安全協定裝置100接收該些識別資料ID之後,安全協定裝置100會根據各識別資料ID產生分別對應於各葉節點LN的多個識別編號IN,二元樹BT的每一葉節點LN會對應於專屬的識別編號IN。舉例來說,安全協定是自各識別資料ID的雜湊值中取出多個預定位元以產生各識別編號IN,並且,若二元樹BT具有一高度值H,該些預定位元為各識別資料ID的雜湊值的前H-1個位元。在步驟S205中,安全協定裝置100會根據雜湊函數整合該些紀錄資料RD為至少一二元樹BT。在步驟S207中,安全協定裝置100會根據各識別編號IN,儲存各紀錄資料RD的雜湊值RDH至對應的各葉節點LN。在步驟S209中,安全協定裝置100會傳送二元樹BT的根雜湊值RH與對應的識別序號IS至區塊鏈BC,且區塊鏈裝置300會儲存這些根雜湊值RH與對應的識別序號IS。在步驟S211中,安全協定裝置100會將二元樹BT切割為多個切片BTS。在步驟S213中,安全協定裝置100會在鏈下OC回傳各切片BTS至對應的各終端裝置400。Please refer to FIG. 9 , which is a flowchart of a verification method according to another embodiment of the present invention. In this embodiment, the verification method can be implemented through theverification system 10b shown in FIG. 5 , but is not limited thereto. In step S201 , thesecurity protocol device 100 receives a plurality of record data RD and a plurality of identification data IDs from a plurality ofterminal devices 400 in the off-chain OC, and each identification data ID is respectively corresponding to each record data RD. In step S203, after thesecurity protocol device 100 receives these identification data IDs, thesecurity protocol device 100 will generate a plurality of identification numbers IN corresponding to each leaf node LN according to each identification data ID, and each leaf node of the binary tree BT The node LN will correspond to a unique identification number IN. For example, the security agreement is to extract a plurality of predetermined bits from the hash value of each identification data ID to generate each identification number IN, and if the binary tree BT has a height value H, these predetermined bits are each identification data The first H-1 bits of the hash value of the ID. In step S205, thesecurity protocol device 100 integrates the record data RD into at least one binary tree BT according to the hash function. In step S207 , thesecurity protocol device 100 stores the hash value RDH of each record data RD to each corresponding leaf node LN according to each identification number IN. In step S209, thesecurity protocol device 100 will transmit the root hash value RH and the corresponding identification number IS of the binary tree BT to the blockchain BC, and theblockchain device 300 will store these root hash values RH and the corresponding identification number IS. In step S211 , thesecurity protocol device 100 cuts the binary tree BT into a plurality of slices BTS. In step S213 , thesecurity agreement device 100 returns each slice BTS to each correspondingterminal device 400 in the off-chain OC.

接著,各終端裝置400會驗證所接收的各切片BTS的正確性。在步驟S215中,當切片BTS驗證為不正確,對應的終端裝置400傳送抗議訊息至區塊鏈BC。在步驟S217中,當切片BTS驗證為正確,終端裝置400無需傳送抗議訊息至區塊鏈BC。Next, eachterminal device 400 verifies the correctness of each received slice BTS. In step S215, when the slice BTS is verified to be incorrect, the correspondingterminal device 400 sends a protest message to the blockchain BC. In step S217, when the verification of the slice BTS is correct, theterminal device 400 does not need to send a protest message to the blockchain BC.

在步驟S219中,區塊鏈BC的區塊鏈裝置300對應於根雜湊值RH與識別序號IS,而依序產生累計序號AS。在步驟S221中,區塊鏈BC的區塊鏈裝置300會根據根雜湊值RH、識別序號IS與累計序號AS而產生鏈接資料串CDS。在步驟S223中,安全協定裝置100會在鏈下OC將二元樹BT、初始鏈接值CH0、識別序號IS與累計序號AS儲存至資料庫裝置200。In step S219 , theblockchain device 300 of the blockchain BC generates an accumulative serial number AS in sequence corresponding to the root hash value RH and the identification serial number IS. In step S221, theblockchain device 300 of the blockchain BC generates a link data string CDS according to the root hash value RH, the identification serial number IS and the accumulated serial number AS. In step S223 , thesecurity protocol device 100 stores the binary tree BT, the initial link value CH0 , the identification number IS and the cumulative number AS in thedatabase device 200 in the off-chain OC.

在步驟S225中,當安全協定裝置100接收一驗證要求,安全協定裝置100會比對位於區塊鏈BC上的區塊鏈裝置300中的根雜湊值RH與在鏈下OC的資料庫裝置200中儲存的二元樹BT的根雜湊值RH,以驗證在鏈下OC儲存的二元樹BT的正確性。在步驟S227中,當安全協定裝置100接收一搜尋要求,且此搜尋要求是針對某一紀錄資料RD,安全協定裝置100會根據對應此紀錄資料RD的識別編號IN而定位在鏈下OC儲存的二元樹BT的葉節點LN,以搜尋對應於此識別編號IN的葉節點LN並由此葉節點LN取得此紀錄資料RD的雜湊值RDH,或驗證此紀錄資料RD的雜湊值RDH不存在此葉節點LN中。In step S225, when thesecurity protocol device 100 receives a verification request, thesecurity protocol device 100 will compare the root hash value RH in theblockchain device 300 on the blockchain BC with thedatabase device 200 in the off-chain OC The root hash value RH of the binary tree BT stored in OC is used to verify the correctness of the binary tree BT stored in the off-chain OC. In step S227, when thesecurity protocol device 100 receives a search request, and the search request is for a certain record data RD, thesecurity protocol device 100 will locate the OC stored under the chain according to the identification number IN corresponding to the record data RD. The leaf node LN of the binary tree BT searches for the leaf node LN corresponding to the identification number IN and obtains the hash value RDH of the record data RD from the leaf node LN, or verifies that the hash value RDH of the record data RD does not exist In the leaf node LN.

在步驟S229中,當安全協定裝置100接收讀取要求RR,且此讀取要求RR要求讀取鏈接資料串CDS中的多個資料集合DS的多個根雜湊值RH,安全協定裝置100會讀取區塊鏈BC上的資料集合DS在後者的根雜湊值RH並讀取在鏈下OC儲存的資料集合DS在前者的一或多個根雜湊值RH。在步驟S231中,安全協定裝置100會以區塊鏈BC上的在後的資料集合DS的鏈接雜湊值CH驗證在鏈下OC儲存的在前的一或多個根雜湊值RH的正確性。In step S229, when thesecurity protocol device 100 receives the read request RR, and the read request RR requests to read multiple root hash values RH of multiple data sets DS in the link data string CDS, thesecurity protocol device 100 will read Take the root hash value RH of the data set DS on the blockchain BC in the latter and read one or more root hash values RH of the data set DS stored in the off-chain OC in the former. In step S231 , thesecurity protocol device 100 verifies the correctness of one or more previous root hash values RH stored in the off-chain OC with the chain hash value CH of the subsequent data set DS on the blockchain BC.

藉由驗證系統10、10a與10b,在有需要讀取大量資料時,可在基於鏈接資料串CDS的架構下,由鏈下OC讀取相對大量的資料,而僅需由區塊鏈BC讀取相對少量的資料,並以區塊鏈BC的資料來驗證鏈下OC的資料,從而可兼顧效率與可信度。舉例來說,一個公司中,各員工的每日上下班打卡紀錄的雜湊值會對應儲存在二元樹BT中的各葉節點LN中,且每一二元樹BT即是此間公司的所有員工單日上下斑打卡紀錄。那麼,所有員工一整年的打卡紀錄會累積成數百筆資料,即數百個二元樹BT,而這些資料都會基於驗證系統10、10a或10b加以儲存與運用。如果有一天,此公司的內控部門需要調出某位員工數年來的打卡紀錄,驗證系統10、10a或10b不需要對區塊鏈BC進行大量讀取,只須讀取區塊鏈BC上的每個鏈接資料串CDS的最後一筆資料集合DS的根雜湊值RH與鏈接雜湊值CH,而各鏈接資料串CDS的其餘根雜湊值RH皆可由鏈下OC的資料庫裝置200讀取,並可由區塊鏈BC上的最後一筆資料集合DS的鏈接雜湊值CH來驗證資料庫裝置200的其餘根雜湊值RH的正確性。如此一來,可大幅減輕區塊鏈的網路傳輸需求與運算負荷,同時也可經過驗證而確保鏈下OC資料的正確性。By verifying thesystem 10, 10a and 10b, when it is necessary to read a large amount of data, under the architecture based on the link data string CDS, a relatively large amount of data can be read by the off-chain OC, and only need to be read by the blockchain BC Take a relatively small amount of data, and use the data of blockchain BC to verify the data of OC under the chain, so as to take into account both efficiency and credibility. For example, in a company, the hash value of each employee's daily check-in record will be stored in each leaf node LN in the binary tree BT, and each binary tree BT is all employees of the company Single-day check-in record. Then, the check-in records of all employees throughout the year will accumulate hundreds of data, that is, hundreds of binary trees BT, and these data will be stored and used based on theverification system 10, 10a or 10b. If one day, the company's internal control department needs to call up the clock-in records of an employee for several years, theverification system 10, 10a or 10b does not need to read a large number of blockchain BC, but only needs to read the data on the blockchain BC. The root hash value RH and the link hash value CH of the last data set DS of each link data string CDS, and the remaining root hash values RH of each link data string CDS can be read by thedatabase device 200 of the off-chain OC, and can be read by The link hash value CH of the last data set DS on the blockchain BC is used to verify the correctness of the remaining root hash values RH of thedatabase device 200 . In this way, the network transmission requirements and computing load of the blockchain can be greatly reduced, and at the same time, the correctness of off-chain OC data can be ensured through verification.

綜上所述,習知的區塊鏈架構是將資料全部傳送到區塊鏈上,再透過區塊鏈礦工對資料進行驗證,如此將耗費大量的區塊鏈運算資源。根據本發明實施例的驗證系統與方法,在維持資料的可信任度(不可否認性)的前提下,可將大部分資料設置於鏈下資料庫裝置中,並透過安全協定裝置比對鏈下資料庫裝置的二元樹的根雜湊值與區塊鏈的對應根雜湊值,來驗證二元樹的正確性,藉此將主要運算轉為在鏈下執行,大幅減少區塊鏈的負荷。此外,安全協定裝置可根據識別編號定位紀錄資料,藉此可快速搜尋資料庫裝置中的紀錄資料的雜湊值所儲存的葉節點,並可快速驗證紀錄資料是否不存在。藉由本發明實施例的驗證系統與方法,可降低系統整體的運算量、運算時間與運算成本。並且,具有區塊鏈晶片的終端裝置可設置或整合至各種物件中,在實際應用上更加簡單方便,且可提高物件品質的信賴度與物件價值。To sum up, the conventional blockchain architecture is to transmit all data to the blockchain, and then verify the data through blockchain miners, which will consume a lot of blockchain computing resources. According to the verification system and method of the embodiment of the present invention, under the premise of maintaining the trustworthiness (non-repudiation) of the data, most of the data can be set in the off-chain database device, and compared with the off-chain through the security protocol device The root hash value of the binary tree of the database device and the corresponding root hash value of the blockchain are used to verify the correctness of the binary tree, thereby converting the main calculations to be performed off-chain and greatly reducing the load on the blockchain. In addition, the security protocol device can locate the record data according to the identification number, thereby quickly searching the leaf node stored in the hash value of the record data in the database device, and quickly verifying whether the record data does not exist. With the verification system and method of the embodiments of the present invention, the calculation amount, calculation time and calculation cost of the whole system can be reduced. Moreover, terminal devices with blockchain chips can be set or integrated into various objects, which is simpler and more convenient in practical application, and can improve the reliability and value of object quality.

除此之外,藉由本發明實施例的驗證系統與方法的鏈接資料串,在需要大量讀取二元樹的根雜湊值時,可透過鏈下資料庫裝置中讀取這些根雜湊值,並以區塊鏈上的鏈接資料串的資料集合在後者的鏈接雜湊值來驗證由鏈下讀取的根雜湊值的正確性,從而在維持資料的可信任度的前提下,減輕區塊鏈的網路傳輸需求與運算負荷。In addition, with the link data string of the verification system and method of the embodiment of the present invention, when it is necessary to read a large number of root hash values of the binary tree, these root hash values can be read through the off-chain database device, and The link hash value of the link data string on the blockchain is used to verify the correctness of the root hash value read from the chain, thereby reducing the burden of the blockchain on the premise of maintaining the trustworthiness of the data. Network transmission requirements and computing load.

雖然本發明的技術內容已經以較佳實施例揭露如上,然其並非用以限定本發明,任何熟習此技術者,在不脫離本發明之精神所作些許之更動與潤飾,皆應涵蓋於本發明的範疇內,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the technical content of the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Any modification and modification made by those skilled in the art without departing from the spirit of the present invention should be covered by the present invention. Therefore, the scope of protection of the present invention should be defined by the scope of the appended patent application.

10、10a、10b:驗證系統100:安全協定裝置110:二元樹處理單元120:驗證單元130:讀取單元140:鏈接處理單元150:識別編號單元160:定位搜尋單元170:切片單元180:識別序號單元200:資料庫裝置300:區塊鏈裝置310:智能合約311:鏈接處理單元312:累計序號單元400:終端裝置410:紀錄資料產生單元420:識別資料產生單元430:切片驗證單元440:識別編號單元AS:累計序號BT:二元樹BTS:二元樹的切片CDS:鏈接資料串CH:鏈接雜湊值CH0:初始鏈接值DS:資料集合H:高度值ID:識別資料IN:識別編號IS:識別序號LN:葉節點MN:中間節點OC:鏈下BC:區塊鏈R:樹根RD:紀錄資料RDH:紀錄資料的雜湊值RH:根雜湊值RR:讀取要求SEC:資料區段S101:在鏈下自多個終端裝置接收多個紀錄資料S103:根據雜湊函數整合紀錄資料為二元樹S105:傳送二元樹的根雜湊值至區塊鏈S107:產生鏈接資料串S109:在鏈下儲存二元樹與初始鏈接值S111:當接收驗證要求,比對區塊鏈上的根雜湊值與在鏈下儲存的二元樹的根雜湊值S113:當接收讀取要求,讀取區塊鏈上的資料集合在後者的根雜湊值並讀取在鏈下儲存的資料集合在前者的一或多個根雜湊值S115:以區塊鏈上的在後的資料集合的鏈接雜湊值驗證在鏈下儲存的在前的一或多個根雜湊值的正確性S201:在鏈下自多個終端裝置接收多個紀錄資料與多個識別資料S203:當接收識別資料之後,根據各識別資料產生分別對應於各葉節點的多個識別編號S205:根據雜湊函數整合紀錄資料為二元樹S207:根據各識別編號儲存各紀錄資料的雜湊值至對應的各葉節點S209:傳送二元樹的根雜湊值與識別序號至區塊鏈S211:切割二元樹為多個切片S213:在鏈下回傳各切片至對應的各終端裝置S215:驗證不正確,對應的終端裝置傳送抗議訊息至區塊鏈S217:驗證正確,終端裝置無需傳送抗議訊息至區塊鏈S219:依序產生累計序號S221:產生鏈接資料串S223:在鏈下儲存二元樹、初始鏈接值、識別序號與累計序號S225:當接收驗證要求,比對區塊鏈上的根雜湊值與在鏈下儲存的二元樹的根雜湊值S227:當接收搜尋要求,根據識別編號定位在鏈下儲存的二元樹的葉節點S229:當接收讀取要求,讀取區塊鏈上的資料集合在後者的根雜湊值並讀取在鏈下儲存的資料集合在前者的一或多個根雜湊值S231:以區塊鏈上的在後的資料集合的鏈接雜湊值驗證在鏈下儲存的在前的一或多個根雜湊值的正確性10, 10a, 10b: verification system 100: security agreement device 110: binary tree processing unit 120: verification unit 130: reading unit 140: link processing unit 150: identification number unit 160: location search unit 170: slice unit 180: Identification serial number unit 200: database device 300: blockchain device 310: smart contract 311: link processing unit 312: cumulative serial number unit 400: terminal device 410: record data generation unit 420: identification data generation unit 430: slice verification unit 440 : Identification number unit AS: Cumulative serial number BT: Binary tree BTS: Binary tree slice CDS: Link data string CH: Link hash value CH0 : Initial link value DS: Data set H: Height value ID: Identification data IN: Identification number IS: identification serial number LN: leaf node MN: intermediate node OC: off-chain BC: blockchain R: tree root RD: record data RDH: hash value of record data RH: root hash value RR: read request SEC: Data segment S101: Receive multiple record data from multiple terminal devices under the chain S103: Integrate the record data into a binary tree according to the hash function S105: Send the root hash value of the binary tree to the block chain S107: Generate a link data string S109: Store the binary tree and the initial link value under the chain S111: When receiving the verification request, compare the root hash value on the blockchain with the root hash value of the binary tree stored under the chain S113: When receiving the read request , read the root hash value of the data set on the blockchain on the latter and read one or more root hash values of the data set stored under the chain on the former. The link hash value verifies the correctness of one or more previous root hash values stored under the chain S201: receiving multiple record data and multiple identification data from multiple terminal devices under the chain S203: after receiving the identification data, Generate a plurality of identification numbers corresponding to each leaf node according to each identification data S205: integrate the record data into a binary tree according to the hash function S207: store the hash value of each record data according to each identification number to each corresponding leaf node S209: send The root hash value and identification number of the binary tree are sent to the block chain S211: Cut the binary tree into multiple slices S213: Return each slice to the corresponding terminal device under the chain S215: The verification is incorrect, and the corresponding terminal device transmits Protest message to block chain S217: Verification is correct, terminal device does not need to send protest message to block chain S219: Generate cumulative sequence number S221: Generate link data string S223: Store binary tree, initial link value, identification sequence number under the chain With the cumulative sequence number S225: When receiving the verification request, compare the root hash value on the block chain with the root hash value of the binary tree stored under the chain S227: When receiving the search request, locate the binary tree stored under the chain according to the identification number Leaf node S229 of the meta tree: when receiving a read request, read the root hash value of the data set on the blockchain and read the data set stored under the chain in the former One or more root hash values S231: Verify the correctness of the previous one or more root hash values stored under the chain with the link hash value of the subsequent data set on the blockchain

圖1所示為本發明一實施例的驗證系統的方塊示意圖;圖2所示為本發明一實施例的二元樹的示意圖;圖3所示為本發明一實施例的鏈接資料串的示意圖一;圖3a所示為本發明一實施例的鏈接資料串的示意圖二;圖4所示為本發明另一實施例的驗證系統的方塊示意圖;圖5所示為本發明又一實施例的驗證系統的方塊示意圖;圖6所示為本發明一實施例的二元樹的切片的示意圖;圖7所示為本發明另一實施例的鏈接資料串的示意圖;圖8所示為本發明一實施例的驗證方法的流程圖;以及圖9所示為本發明另一實施例的驗證方法的流程圖。FIG. 1 is a schematic block diagram of a verification system according to an embodiment of the present invention;Fig. 2 is a schematic diagram of a binary tree according to an embodiment of the present invention;FIG. 3 is a first schematic diagram of a link data string according to an embodiment of the present invention;FIG. 3a is a second schematic diagram of a link data string according to an embodiment of the present invention;FIG. 4 is a schematic block diagram of a verification system according to another embodiment of the present invention;FIG. 5 is a schematic block diagram of a verification system according to another embodiment of the present invention;FIG. 6 is a schematic diagram of a slice of a binary tree according to an embodiment of the present invention;FIG. 7 is a schematic diagram of a link data string according to another embodiment of the present invention;FIG. 8 is a flowchart of a verification method according to an embodiment of the present invention; andFIG. 9 is a flowchart of a verification method according to another embodiment of the present invention.

10b:驗證系統10b: Verification system

100:安全協定裝置100: Safety protocol device

110:二元樹處理單元110: Binary tree processing unit

120:驗證單元120: verification unit

130:讀取單元130: read unit

150:識別編號單元150: Identification number unit

160:定位搜尋單元160: Location search unit

170:切片單元170: slice unit

180:識別序號單元180: identification serial number unit

200:資料庫裝置200: Database device

300:區塊鏈裝置300:Blockchain device

310:智能合約310:Smart contract

311:鏈接處理單元311: link processing unit

312:累計序號單元312: Cumulative serial number unit

400:終端裝置400: terminal device

410:紀錄資料產生單元410: record data generating unit

420:識別資料產生單元420: Identification data generation unit

430:切片驗證單元430: slice verification unit

440:識別編號單元440: Identification number unit

AS:累計序號AS: Cumulative serial number

BT:二元樹BT: binary tree

BTS:二元樹的切片BTS: Slices of Binary Trees

CDS:鏈接資料串CDS: link data string

CH0:初始鏈接值CH0 : initial link value

ID:識別資料ID: identification information

IS:識別序號IS: identification number

OC:鏈下OC: off-chain

BC:區塊鏈BC: Blockchain

RD:紀錄資料RD: record data

RDH:紀錄資料的雜湊值RDH: hash value of record data

RH:根雜湊值RH: root hash value

RR:讀取要求RR: read request

Claims (7)

Translated fromChinese
一種用於與一區塊鏈協作的資料處理方法,該資料處理方法包括:自至少一終端裝置接收一第一紀錄資料以及對應該第一紀錄資料的一第一識別資料;根據該第一識別資料產生一第一識別編號,該第一識別編號用以識別一二元樹中的複數個葉節點中的一第一葉節點;根據該第一識別編號,將該第一紀錄資料的雜湊值儲存至該第一葉節點;根據該二元樹產生複數個切片,各該切片包括該二元樹中的一根節點以及該二元樹中的一組葉節點以及對應該組葉節點的至少一中間節點;將儲存於該根節點的一根雜湊值上傳至該區塊鏈;將該些切片中的一第一切片回傳至該至少一終端裝置,該第一切片包括儲存該第一紀錄資料的雜湊值的該第一葉節點;自該至少一終端裝置接收一搜尋要求,該搜尋要求對應於一第二紀錄資料的一第二識別編號,該第二識別編號用以識別該些葉節點中的一第一葉節點;根據該搜尋要求,自該些葉節點中搜尋由該第二識別編號所識別的該第二葉節點;以及判斷該第二葉節點是否儲存該第二紀錄資料的雜湊值,以驗證該第二紀錄資料是否存在於一資料庫裝置。A data processing method for cooperating with a block chain, the data processing method comprising: receiving a first record data and a first identification data corresponding to the first record data from at least one terminal device; according to the first identification The data generates a first identification number, which is used to identify a first leaf node among a plurality of leaf nodes in a binary tree; according to the first identification number, the hash value of the first record data storing to the first leaf node; generating a plurality of slices according to the binary tree, each of which includes a node in the binary tree and a group of leaf nodes in the binary tree and at least an intermediate node; upload a hash value stored in the root node to the block chain; return a first slice among the slices to the at least one terminal device, the first slice includes storing the The first leaf node of the hash value of the first record data; a search request is received from the at least one terminal device, the search request corresponds to a second identification number of a second record data, and the second identification number is used for identification A first leaf node among the leaf nodes; according to the search request, search for the second leaf node identified by the second identification number from the leaf nodes; and determine whether the second leaf node stores the first leaf node The hash value of the second record data is used to verify whether the second record data exists in a database device.如請求項1所述之資料處理方法,更包括:自該至少一終端裝置接收一第三紀錄資料以及對應該第三紀錄資料的一第三識別資料;根據該第三識別資料產生一第三識別編號,該第三識別編號用以識別該二元樹的該些葉節點中的一第三葉節點;根據該第三識別編號,將該第三紀錄資料的雜湊值儲存至該第三葉節點;以及將該些切片中的一第三切片回傳至該至少一終端裝置,該第三切片包括儲存該第三紀錄資料的雜湊值的該第三葉節點。The data processing method described in claim 1 further includes:Receive a third record data and a third identification data corresponding to the third record data from the at least one terminal device; generate a third identification number according to the third identification data, and the third identification number is used to identify the binary A third leaf node among the leaf nodes of the tree; according to the third identification number, store the hash value of the third record data in the third leaf node; and return a third slice among the slices to transmitted to the at least one terminal device, the third slice includes the third leaf node storing the hash value of the third record data.如請求項2所述之資料處理方法,其中該第一紀錄資料以及該第一識別資料來自該至少一終端裝置中的一第一終端裝置,該第三紀錄資料以及該第三識別資料來自該至少一終端裝置中的一第二終端裝置,該第一切片以及該第三切片分別被傳送至該第一終端裝置以及該第二終端裝置。The data processing method as described in Claim 2, wherein the first record data and the first identification data come from a first terminal device among the at least one terminal device, and the third record data and the third identification data come from the A second terminal device of at least one terminal device, the first slice and the third slice are transmitted to the first terminal device and the second terminal device respectively.如請求項1所述之資料處理方法,更包括:對該第一識別資料作雜湊運算以取得該第一識別資料的雜湊值;將該第一識別資料的雜湊值轉換為一二進位數列;以及擷取該二進位數列的部分位元以作為該第一識別編號。The data processing method as described in Claim 1, further comprising: performing a hash operation on the first identification data to obtain a hash value of the first identification data; converting the hash value of the first identification data into a binary sequence; and extracting some bits of the binary string as the first identification number.一種安全協定裝置,其包括:一識別編號單元,其被配置以根據對應於一第一紀錄資料的一第一識別資料產生一第一識別編號,並根據該第一識別編號,將該第一紀錄資料的雜湊值儲存至一第一葉節點,其中該安全協定裝置被配置以自至少一終端裝置接收該第一紀錄資料以及該第一識別資料,該第一葉節點為一二元樹中的複數個葉節點的其中之一,該第一識別編號用以識別該第一葉節點;以及一切片單元,其被配置以根據該二元樹產生複數個切片,並將該些切片中的一第一切片回傳至該至少一終端裝置,其中各該切片包括該二元樹中的一根節點以及該二元樹中的一組葉節點以及對應該組葉節點的至少一中間節點,該第一切片包括儲存該第一紀錄資料的雜湊值的該第一葉節點;其中該安全協定裝置更被配置以將儲存於該根節點的一根雜湊值上傳至一區塊鏈,其中該安全裝置更被配置以:自該至少一終端裝置接收一搜尋要求,該搜尋要求對應於用以識別一第二紀錄資料的一第二識別編號;根據該搜尋要求,自該些葉節點中搜尋該第二識別編號所識別的一第二葉節點;以及判斷該第二葉節點是否儲存該第二紀錄資料的雜湊值,以驗證該第二紀錄資料是否存在於一資料庫裝置。A security protocol device, which includes: an identification number unit configured to generate a first identification number according to a first identification data corresponding to a first record data, and according to the first identification number, the first The hash value of the record data is stored in a first leaf node, wherein the security protocol device is configured to receive the first record data and the first identification data from at least one terminal device, the first leaf node is in a binary tree one of the plurality of leaf nodes, the first identification number is used to identify the first leaf node; anda slice unit configured to generate a plurality of slices according to the binary tree, and return a first slice among the slices to the at least one terminal device, wherein each slice includes a slice in the binary tree A node, a group of leaf nodes in the binary tree, and at least one intermediate node corresponding to the group of leaf nodes, the first slice includes the first leaf node storing the hash value of the first record data; wherein the The security protocol device is further configured to upload a hash value stored in the root node to a blockchain, wherein the security device is further configured to: receive a search request from the at least one terminal device, the search request corresponding to A second identification number used to identify a second record data; according to the search request, search for a second leaf node identified by the second identification number from the leaf nodes; and determine whether the second leaf node stores The hash value of the second record data is used to verify whether the second record data exists in a database device.如請求項5所述之安全協定裝置,其中該識別編號單元更被配置以根據對應於一第三紀錄資料的一第三識別資料產生一第三識別編號,並根據該第三識別編號,將該第三紀錄資料的雜湊值儲存至一第三葉節點,其中該安全協定裝置被配置以自該至少一終端裝置接收該第三紀錄資料以及該第三識別資料,該第三葉節點為該二元樹中的該些葉節點的其中之一,該第三識別編號用以識別該第三葉節點;以及該切片單元更被配置以將該些切片中的一第三切片回傳至該至少一終端裝置,該第三切片包括儲存該第三紀錄資料的雜湊值的該第三葉節點。The security protocol device as described in claim 5, wherein the identification number unit is further configured to generate a third identification number according to a third identification data corresponding to a third record data, and according to the third identification number, the The hash value of the third record data is stored in a third leaf node, wherein the security protocol device is configured to receive the third record data and the third identification data from the at least one terminal device, the third leaf node is the One of the leaf nodes in the binary tree, the third identification number is used to identify the third leaf node; and the slice unit is further configured to return a third slice among the slices to the leaf node For at least one terminal device, the third slice includes the third leaf node storing a hash value of the third record data.如請求項5所述之安全協定裝置,其中該安全裝置更被配置以:對該第一識別資料作雜湊運算以取得該第一識別資料的雜湊值;將該第一識別資料的雜湊值轉換為一二進位數列;以及擷取該二進位數列的部分位元以作為該第一識別編號。The security protocol device as described in claim 5, wherein the security device is further configured to:performing a hash operation on the first identification data to obtain a hash value of the first identification data; converting the hash value of the first identification data into a binary sequence; and extracting some bits of the binary sequence as the first identification number.
TW110113296A2019-04-242019-04-24Data processing method and apparatus for cooperation with blockchainTWI783441B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
TW110113296ATWI783441B (en)2019-04-242019-04-24Data processing method and apparatus for cooperation with blockchain

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
TW110113296ATWI783441B (en)2019-04-242019-04-24Data processing method and apparatus for cooperation with blockchain

Publications (2)

Publication NumberPublication Date
TW202130154A TW202130154A (en)2021-08-01
TWI783441Btrue TWI783441B (en)2022-11-11

Family

ID=78282772

Family Applications (1)

Application NumberTitlePriority DateFiling Date
TW110113296ATWI783441B (en)2019-04-242019-04-24Data processing method and apparatus for cooperation with blockchain

Country Status (1)

CountryLink
TW (1)TWI783441B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20240184747A1 (en)*2022-12-012024-06-06International Trust Machines CorporationMethod and system for blockchain-based data management

Citations (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20120143830A1 (en)*2010-12-022012-06-07At&T Intellectual Property I, L.P.Interactive proof to validate outsourced data stream processing
US20150180971A1 (en)*2012-12-132015-06-25Level 3 Communications, LlcMulti-level peering in a content delivery framework
TW201535146A (en)*2014-03-052015-09-16Ind Tech Res InstCertificate authorization device, on-board unit and certificate generation, revocation and verification methods
US20180101701A1 (en)*2016-10-072018-04-12Acronis International GmbhSystem and method for file authenticity certification using blockchain network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20120143830A1 (en)*2010-12-022012-06-07At&T Intellectual Property I, L.P.Interactive proof to validate outsourced data stream processing
US20150180971A1 (en)*2012-12-132015-06-25Level 3 Communications, LlcMulti-level peering in a content delivery framework
TW201535146A (en)*2014-03-052015-09-16Ind Tech Res InstCertificate authorization device, on-board unit and certificate generation, revocation and verification methods
US20180101701A1 (en)*2016-10-072018-04-12Acronis International GmbhSystem and method for file authenticity certification using blockchain network

Also Published As

Publication numberPublication date
TW202130154A (en)2021-08-01

Similar Documents

PublicationPublication DateTitle
TWI708154B (en)Verifying system and method applied for cooperation between blockchain and off-chain devices
TWI706662B (en)Method and apparatus for chaining data
US20200252221A1 (en)Optimizations for verification of interactions system and method
CN109542979B (en)Fast synchronization and simple data storage mode of block chain system
TWI715036B (en)File verification method, file verification system and file verification server
WO2021108258A1 (en)Optimizations for verification of interactions system and method using probability density functions
CN110012005A (en)Identify method, apparatus, electronic equipment and the storage medium of abnormal data
CN116319815B (en)Cloud data placement policy management system introducing SaaS features
CN111432009A (en)Method and device for synchronizing block chain data, electronic equipment and storage medium
CN114418092A (en) Block chain-based federated learning malicious node identification method
TWI783441B (en)Data processing method and apparatus for cooperation with blockchain
TWI728899B (en)Methods and apparatuses for processing chaining data
CN101464902A (en)Verification method and system for outsourced database query result
CN116107801B (en) Transaction processing methods and related products
CN116760632A (en)Data processing method, device, equipment and readable storage medium
WO2024114784A1 (en)Method and system for blockchain-based data management
CN114048097A (en) Interface monitoring method, device, computing device and medium
CN111079199B (en)Enterprise credit data screenshot tamper-proofing method based on block chain technology
CN109359008A (en) System log management method and device
WO2024187592A1 (en)Storage format conversion method and apparatus for seismic data, device, and storage medium
CN113868255A (en) A blockchain-based device identification storage method, device and electronic device
CN119537377A (en) KV embedded database data consistency verification method and system based on B+ tree
[8]ページ先頭
©2009-2025 Movatter.jp