[go: up one dir, main page]

CN119254404A - Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario - Google Patents

Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario Download PDF

Info

Publication number
CN119254404A
CN119254404A CN202411365242.0A CN202411365242A CN119254404A CN 119254404 A CN119254404 A CN 119254404A CN 202411365242 A CN202411365242 A CN 202411365242A CN 119254404 A CN119254404 A CN 119254404A
Authority
CN
China
Prior art keywords
node
data
blockchain
nodes
hierarchical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411365242.0A
Other languages
Chinese (zh)
Inventor
赵龙波
苑海涛
李伯虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202411365242.0A priority Critical patent/CN119254404A/en
Publication of CN119254404A publication Critical patent/CN119254404A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a data security circulation method based on a blockchain in a hierarchical novel cloud manufacturing application scene. Aiming at the data security problems of data leakage, data tampering, data difficult traceability and the like in the data circulation and data storage processes of the novel cloud manufacturing system, the design provides a block chain-based data security circulation method in the hierarchical novel cloud manufacturing application scene in combination with the hierarchical structure of the cloud manufacturing application scene, and considering privacy data protection requirements. The data security circulation system based on the blockchain in the hierarchical novel cloud manufacturing application scene is composed of a blockchain network, a distributed account book database, a node admission approval process, a node state updating algorithm, an authorization approval mechanism, a chain up-chain and chain down-chain low-overhead storage method and other modules. The invention realizes the efficient circulation of data among peer nodes and the safe convergence among non-peer nodes through redesign of the block chain platform service, ensures the availability of private data to be invisible through a data ciphertext storage mode and a data encryption logic on the chain, and realizes the on-chain closed-loop management of the data through a data management component based on intelligent contracts. In conclusion, the method ensures the authenticity, the integrity and the confidentiality of the data in the hierarchical novel cloud manufacturing application scene, and realizes the authority management and the hierarchical propagation of the private data.

Description

Block chain-based data security circulation method in hierarchical novel cloud manufacturing application scene
Technical Field
The invention relates to a data security technology of a novel cloud manufacturing system. More particularly, the invention relates to a blockchain-based data secure circulation method in a hierarchical novel cloud manufacturing application scenario.
Background
In the novel cloud manufacturing system, user data are gathered on the cloud from the edges and ends, and after being processed on the cloud, the user data are returned to the edges and ends. In the process of bidirectional circulation and storage of the user data, the data security problems such as data leakage, data tampering, data difficult to trace and the like exist.
When the new cloud manufacturing system cloud manufacturing platform fails to resist the network attack, the data of the platform may have a risk of disclosure. Mass data interaction exists in links of outsourcing, online supply-demand butt joint, collaborative design manufacturing and the like of the novel cloud manufacturing system, the authority of an administrator in the traditional centralized management mode is overlarge, the possibility of manually tampering data exists, public confidence is lacked, and the enthusiasm of developing business on a user line can be seriously influenced. Enterprise users of the novel cloud manufacturing system are reluctant to disclose private information such as transaction information and model data of all supply chains or high-value attribute data, so that the supply chain data is lost, the sources of the data cannot be bound with enterprises, the model data is difficult to multiplex, difficulty is caused in product quality tracing, and complex business cooperation efficiency is reduced.
To achieve the above objective, existing work generally adopts blockchain technology to design new cloud manufacturing systems. The blockchain technology is a distributed data flow account book realized based on specific network topology, data structure, consensus mechanism and cryptography principle, and has the characteristics of non-falsification, collective maintenance, traceability, decentralization and the like. The problems of data protection, trust establishment, quality tracing and the like in the novel cloud manufacturing system can be solved by utilizing the blockchain technology.
However, in a novel cloud manufacturing system related to complex product manufacturing and large enterprises, the enterprises are built based on a hierarchical system with single or multiple mechanisms layered and clear responsibilities, the cooperation relationship among the enterprises is set according to hierarchy, and the corresponding responsibilities are larger and the management scope is larger along with the improvement of the enterprise hierarchy. Taking complex product cooperation matching as an example, an enterprise is divided into three layers of a headquarter, a part and a matching unit, wherein the headquarter is the highest level, the headquarter is the next level, and the matching unit is the lowest level. The data management relationship is vertical, and each level enterprise is a relationship of direct upper and lower levels in data management. Data is converged to a first-level enterprise, and hierarchical control is performed. The enterprise management and the data circulation are primary management and primary, and the upper level authorizes and approves the lower level and the lower level to apply for the upper level and obeys the upper level, so that a high-efficiency consensus mechanism is formed.
Disadvantages of conventional blockchains in the application of the novel cloud manufacturing system are mainly reflected in three aspects. Firstly, the hierarchical structure contradiction is that the novel cloud manufacturing system application is not a simple distributed manufacturer to centralized data convergence relation, and particularly corresponds to the manufacturing of a complex system or equipment, and the hierarchical structure contradiction is also that the novel cloud manufacturing system application is in an upper-lower relation, and the novel cloud manufacturing system application is in a structural contradiction with a traditional flattened blockchain network. The existing blockchain nodes are peer-to-peer in node roles and peer in information, no vertical management relation exists among the nodes, the data flow direction is not fixed, and the existing flattened blockchain network architecture design is not in accordance with the hierarchical system management data flow requirement. The traditional block chain system data interaction mode is generally transverse interaction, and in the novel cloud manufacturing system hierarchical application scene, two data circulation relations of transverse interaction and longitudinal convergence are included. The transverse interaction refers to data sharing among non-matched relation nodes, and the longitudinal aggregation refers to data aggregation of a lower node to an upper node. Thirdly, the data of the traditional block chain system is stored on the chain in a public transparent mode, and all data on the chain can be directly accessed by the peer-to-peer network nodes. In the new cloud manufacturing system, the cloud manufacturing process often corresponds to a hierarchical management process, and access control requirements of different institutions and different hierarchies on data are different. It is difficult to adapt a single data storage mode in a conventional blockchain to diversified and multi-demand cloud manufacturing data access control.
In summary, the conventional flattened blockchain network structure is not suitable for the above-mentioned hierarchical cloud manufacturing application scenario, and the mode stored on the full-data plaintext chain is also not suitable for the requirements of the cloud manufacturing mechanism on the protection of sensitive data in the novel cloud manufacturing system scenario. Blockchain-based secure circulation of data becomes very challenging in an applicable hierarchical new cloud manufacturing application scenario.
In order to solve the problems, unlike the existing work, the system is applicable to safe circulation of data based on block chains in a hierarchical novel cloud manufacturing application scene. Specifically, the patent focuses on the block chain node design, the ledger design, the contract design and the storage mode design on the basis of considering the existing block chain hierarchical network design and the common design. The blockchain in the hierarchical novel cloud manufacturing system data security circulation system divides service nodes into 4 different types according to functions. Each node of the hierarchical novel cloud manufacturing system data security circulation system blockchain maintains a hierarchical data ledger. The patent comprehensively considers the review confirmation design of adding the superior mechanism, realizes the approval confirmation of the intelligent contract, allows the authority to enter the hierarchical blockchain system through the signing contract execution, and realizes the influence of the superior mechanism on the control of the blockchain key data, results and instructions. In addition, the patent specifically provides a data security circulation participation node admission control, a data security circulation participation node state update and a data security circulation authorization approval mechanism. And consider a low overhead storage design on-chain, including a storage design on-chain index encryption storage, and a storage design on-chain data ciphertext fragment storage. By combining the factors, the method constructs the data security circulation application implementation based on the blockchain in the hierarchical novel cloud manufacturing application scene, utilizes various services provided by the blockchain platform to realize the efficient circulation of data among peer nodes and the security convergence among non-peer nodes, protects the data privacy through data encryption, and utilizes means such as intelligent contracts to realize the on-chain closed-loop management of the data, so that the authenticity, the integrity and the confidentiality of the data in the hierarchical novel cloud manufacturing application scene can be ensured, and the realization of the authority management, the hierarchical propagation and the survivability resistance of the data is facilitated.
Disclosure of Invention
The invention aims to provide a block chain-based data security circulation system node design, a distributed account book database design, a node approval design and a chain up-chain and down-chain storage mode design in a hierarchical novel cloud manufacturing application scene, and provides a lower block chain-based data security circulation service application scheme on the basis.
In order to achieve the above purpose, the invention adopts the following technical scheme:
according to a first aspect of the invention, a hierarchical novel data security circulation system node design method based on a blockchain for cloud manufacturing application scenes is provided. The bottom layer of the data security circulation system based on the block chain realizes the data security circulation function by depending on the block chain system, and nodes in the block chain system are communication main bodies for realizing data circulation. Multiple different types of nodes may run on the same physical server. In the hierarchical novel cloud manufacturing application scene, service nodes are divided into 4 different types according to functions in a data security circulation system based on a block chain, wherein the service nodes are respectively client nodes, full-function nodes, consensus nodes and query nodes.
According to a second aspect of the invention, a hierarchical novel cloud manufacturing application scenario block-chain-based data security circulation system distributed ledger database design method is provided. In the data security circulation system based on the blockchain, data is synchronously circulated through an account book of a bottom layer blockchain platform, and the invention establishes a data security circulation blockchain network structure of the novel cloud manufacturing system by adopting the existing hierarchical blockchain network according to the characteristic that the novel cloud manufacturing system has a hierarchical relationship.
According to a third aspect of the invention, a hierarchical novel cloud manufacturing application scenario data security circulation system node approval method based on blockchain is provided. The novel cloud manufacturing system data circulation realized based on the blockchain system can bring the benefits of safety, trust establishment among institutions, problem tracking and tracing, and the like, but the use of the blockchain can also cause redundant data sharing and distribution and the problem of difficult management and control of the system on the data uplink of the cloud manufacturing participation institutions. Typically, the correctness and availability of existing blockchain contract automation execution results can only be determined by the completeness of the contract design and the security of the execution environment, and cannot be controlled by the upper-level institutions. Therefore, a review confirmation design of the superior mechanism is required to be added, so that the approval confirmation of the intelligent contract is realized, the authority is allowed to enter the hierarchical blockchain system through the signing contract execution, and the superior mechanism is used for controlling the blockchain key data, results and instructions.
According to a fourth aspect of the invention, a method for designing a low-overhead storage under a chain of a block chain-based data security circulation system of a hierarchical novel cloud manufacturing application scene is provided. The invention designs the on-chain and off-chain storage design of the on-chain index encryption storage and the off-chain data ciphertext fragment storage. The only information on the blockchain chain and data is the digest of the data and the encrypted index value. After the data receiver obtains the authorization of the data owner and the decryption key corresponding to the index ciphertext, the data receiver can decrypt and obtain the index value plaintext, and obtain a plurality of ciphertexts of the data under the chain from the partitioned storage system according to the index value, and the complete ciphertext data is obtained by combining. The data receiver uses the decryption key corresponding to the ciphertext data to decrypt and obtain the data plaintext, and the data circulation from the data owner to the data receiver is realized.
According to the aspect of the invention, a hierarchical novel cloud manufacturing application scenario is constructed for a blockchain-based data security circulation application. The data security circulation of the hierarchical novel cloud manufacturing application scene mainly utilizes a block chain platform to gather and manage data from bottom to top, and confidentiality, integrity and usability of data circulation process data of the novel cloud manufacturing system are guaranteed. The hierarchical block chain design is utilized to provide hierarchical communication, hierarchical consensus and hierarchical account book, so that the authenticity, the integrity and the confidentiality of data are ensured, the authority management, the hierarchical propagation and the survivability resistance of the data are conveniently realized, and the hierarchical block chain service is provided for upper-layer applications. The data circulation application realizes the efficient circulation of data among peer nodes and the safe convergence among non-peer nodes by utilizing various services provided by the platform, protects the data privacy by data encryption, and realizes the on-chain closed-loop management of the data by utilizing means such as intelligent contracts.
To sum up, the data security circulation method based on the blockchain in the application scene of the hierarchical novel cloud manufacturing comprises the following steps:
s1, designing a data security circulation system node based on a block chain in a hierarchical novel cloud manufacturing application scene;
Preferably, the blockchain in the novel cloud manufacturing system data security circulation system divides the service nodes into 4 different types according to functions, wherein the service nodes are respectively client nodes, full-function nodes, consensus nodes and query nodes, and a blockchain network formed by the nodes is shown in figure 2.
Wherein the client node installs a command line client program or application program representing an entity operated by the user. Communication with the blockchain network can only be established if the client node is connected to a blockchain service node, such as submitting a data query request to any node or submitting a transaction request to a billing node. The full function node can receive a transaction application from the client node, package the transaction into block data, and broadcast the block data to the blockchain network for consensus. The full-function node itself also participates in the consensus process, and after the sequence and the content of each node agree on the block, the data is locally landed. The client node may query the in-chain data through the full function node, which queries from locally stored ledger data and returns the results to the client node. The consensus node can participate in the consensus process of the block data, verify the correctness and the integrity of the data, and store the block data into a local account after the block chain node in the network achieves consensus. Meanwhile, the consensus node can receive a data query application from the client node and return a query result. The query node cannot receive the transaction application, does not participate in the data consensus process, and is only used for querying the data on the chain. And broadcasting a next block request message to other nodes to acquire the block information on the chain one by one, so that a complete account book data is saved. The organization represents the infrastructure of the blockchain composed of different types of nodes and ensures the operation and security of the blockchain network. In the hierarchical novel cloud manufacturing scene, the first-level blockchain represents the blockchain formed by the first-layer nodes, the second-level blockchain represents the blockchain formed by the second-layer nodes, and the third-level blockchain represents the blockchain formed by the third-layer nodes. BaaS (Blockchain AS A SERVICE), namely "blockchain as a service", is a service for embedding blockchain technology into a cloud computing platform, and provides a convenient and high-performance blockchain ecological environment and matched service for developers.
S2, designing a hierarchical novel cloud manufacturing application scene data security circulation system distributed account book database based on block chains;
Preferably, X represents a system node, i represents a level of the node in the system, j, f and g represent positions of the node in the same level, k, o and l represent sibling nodes of a certain node, a, b and c represent three nodes of the same layer respectively, and z represents a certain node of a certain layer, so that the system can be described as follows, namely, an i-th layer node X i,j,Xi,j+1,…,Xi,j+k is a child node of an i+1th layer node X i+1,a in the system, formalized as { X i,j,Xi,j+1,…,Xi,j+k}∈Xi+1,a, an i+1th layer node X i+1,a,Xi+1,b,Xi+1,c is a child node of an i+2th layer node X i+2,z, formalized as { X i+1,a,Xi+1,b,Xi+1,c}∈Xi+2,z, a node X i,j,…,Xi,j+k has the same father node X i+1,a, is a mutual sibling node, and is a non-sibling node without a common direct father node. The novel cloud manufacturing system level block chain consensus process comprises a two-stage mode of a lower consensus process and an upper consensus process, wherein the i+1th layer node realizes consensus with a corresponding node of the i layer through the lower consensus process, and the i+1th layer node completes consensus with the i+2th layer node through the upper consensus process.
Hierarchical novel cloud manufacturing application scenario each node of a blockchain-based data security circulation system maintains a hierarchical data ledger. In the blockchain network, a data consensus process occurs between a father node and a child node thereof, after the data is completely consensus, the child node lands the data and records the data on an account book, if the father node does not have the father node, the data after the consensus is also recorded on a local account book, otherwise, the father node continues to consensus the data to the network of the father node and the father node thereof. Thus, a set of account books is maintained among brothers, an ancestor node (top node) maintains a set of account books, and the data range of the account books is gradually expanded from a lower node to a higher node.
The blockchain ledger is a hierarchical association ledger structure, and is a ledger formed among brother nodes of each layer after consensus. The account book association is a data association relationship between account books, the high-level account book data comprises low-level sub-node account book data, and a novel cloud manufacturing system level block chain account book structure is shown in fig. 3. The ledger structure is described as follows, layer i+1node X i+1,a, node X i+1,b, node X i+1,c together maintain ledger Ledger i+1,abc (t), layer i node { X i,j,Xi,j+1,…,Xi,j+k } maintain ledger Ledger ij (t), node { X i,f,Xi,f+1,…,Xi,f+o } maintain ledger Ledger if (t), node { X i,g,Xi,g+1,…,Xi,g+l } maintain ledger Ledger ig (t). The (i+1) -th ledger data includes data of the (i) -th ledger, i.e., the (i+1) -th ledger Ledger i+1,abc (t) -th data includes data of the (i) -th ledgers Ledger ij(t)、Ledgerif (t) and Ledger ig (t).
S3, designing a hierarchical novel cloud manufacturing application scene data security circulation system node approval method based on block chains;
The adoption of the mechanism for setting the admission of the blockchain node realizes that unnecessary nodes do not join the network, and in addition, in order to prevent the operations such as offline and deleting of the nodes from affecting the safety and stability of the blockchain network, a node admission control mechanism and a node state detection mechanism are required to be set, so that data security events caused by offline of part of the nodes are prevented. The method specifically comprises the following steps:
Preferably, aiming at the requirement that the hierarchical novel cloud manufacturing application scene based on the blockchain data security circulation system carries out corresponding admission control on the blockchain network among a plurality of levels and each level, an authorization control mechanism carried out when nodes join and exit the blockchain network is realized by designing node admission control contracts.
Preferably, the node admission control flow is specifically that before admission, the identity of the node needs to be verified, and the node carrying the legal certificate can be allowed to join the blockchain network. Whether or not the start-up operation information of the node is successfully started up, the start-up operation information of the node needs to be reported to the father node. The node admission control request is initiated by the node end, then a starting verification method of the admission control contract is executed, and the validity and the effectiveness of the identity certificate of the node are verified. If the verification is passed, the node is agreed to be started, otherwise, the node is refused to be started. And sending the contract execution result to the management end, and selecting a node uplink by the management end to record the starting information of the node. The node admission control flow is shown in figure 4.
Preferably, the node admission control flow is specifically that a management end selects a full-function node from father nodes which normally operate the node, then the node starting information is reported to the node, the node executes a data uplink method of admission control contracts, and finally the information is uplink. The admission control is divided into two parts for deployment, the verification method starting part is a built-in system contract and can be directly invoked, and the data uplink method part can be invoked after manual deployment.
Before admission, whether the node exits the network or not needs to be judged, and the consensus process of other nodes in the network is affected, so that data cannot be normally converged. The stop operation information of the node is reported to its parent node whether or not the node can exit the network. in fig. 5, count hie(Xi,j) represents the number of consensus nodes whose hierarchical properties agree with those of the node except for X i,j, count father(Xi,j) represents the number of parent nodes of node X i,j (assuming that the hierarchical property value of node { X i,j、Xi,j+1……Xi,j+k } is a-b-c, then the parent node of node { X i+1,m、Xi+1,m+1……Xi+1,m+o } whose hierarchical property is a-b is { X i,j、Xi,j+1……Xi,j+k }, and { X i,j、Xi,j+1……Xi,j+k } is a child node of { X i+1,m、Xi+1,m+1……Xi+1,m+o }), count uc(Xi,j) represents the number of nodes which can participate in consensus among nodes_up X(i,j) except for X i,j, count son(Xi,j) represents the number of child nodes of node X i,j, and Count dc(Xi,j) represents the number of nodes which can participate in consensus except for X i,j, nodes_down X(i,j).
The node admission control is initiated by the platform management end, a user initiates a node stop request at the management point interface, and then the management end judges whether the node stop can influence the consensus of the subsequent data of other nodes of the layer and the transmission of the lower layer data. Firstly judging whether the layer has a consensus node with the same level attribute as the node after the node stops, if not, refusing to stop the node, otherwise, carrying out the next round of judgment. And judging whether the node has a father node, if so, judging whether the peer node can also complete upward consensus, if not, refusing to stop the node, and if so, entering the next round of judgment. And then judging whether the child node of the node can complete upward consensus after stopping the node, if so, agreeing to stop the node, otherwise, refusing to stop the node. The node stopping result is reported to the management end, the management end selects a full-function node from father nodes which normally operate the node, then the node stopping information is reported to the node, and the node executes a data uplink method of a quasi-output control contract to uplink the information. The node admission control flow is shown in fig. 5.
Preferably, for node state update requirements in daily operation of the data security circulation system of the hierarchical novel cloud manufacturing application scene based on the blockchain, contracts used for recording the state of the node on the blockchain are designed. All nodes need to periodically call a node state update contract to update the attribute state of the node, and the superior node of the node can check the latest attribute state at any time.
After the node is successfully started, executing a timing task and periodically reporting the self state information to the father node. The method comprises the steps that a node sends information such as a name, IP (Internet Protocol) addresses, hierarchical attributes and a current state to a management end, after the management end receives the state information, the management end selects a full-function node from father nodes which normally operate the node, then calls a father node function interface, stores the node state information and the current time into a new node state set newMap, and finally the father node executes a data uplink method of a node state information update contract to link the state information of the child nodes. The new node state set newMap and the old node state set oldMap are new and old node state sets, and are composed of key-value pairs, wherein a key is node and state information thereof, and a value is current system time. The father node screens the abnormal state of the nodes according to the information of the two sets, and a hierarchical novel cloud manufacturing application scene is based on a data security circulation participation node state updating algorithm of a block chain, which is shown in fig. 6.
Preferably, aiming at the requirement that the upper node needs to confirm and authorize before operations such as data query, modification and the like of the lower node in the hierarchical novel cloud manufacturing application scene based on the data security circulation system, the process of authorizing and approving the contract specifically comprises the steps that a user initiates a service application through an application system, and after the application system processes corresponding data, an intelligent contract is called to uplink service application information. The approval user of the service logs in the application system, inquires the application information on the chain, approves according to the service flow, stores the approval comments on the blockchain through the intelligent contract, and updates the state of the application behavior. And the user inquires the service state through the application system, and if the user is approved, the user can continue to develop the subsequent service according to the approval result. The block chain-based data security circulation system authorization approval flow of the hierarchical novel cloud manufacturing application scenario is shown in fig. 7.
S4, designing a hierarchical novel cloud manufacturing application scene based on a block chain data security circulation system chain uplink and downlink low-overhead storage method;
Preferably, aiming at the requirements of a hierarchical novel cloud manufacturing application scene based on the data security circulation system of the blockchain on the data circulation security, convenience and certainty, the design flow of on-chain index encryption storage and off-chain data ciphertext fragment storage is specifically that information on the blockchain and data only has the abstract and encrypted index value of the data. After the data receiver obtains the authorization of the data owner and the decryption key corresponding to the index ciphertext, the data receiver can decrypt and obtain the index value plaintext, and obtain a plurality of ciphertexts of the data under the chain from the partitioned storage system according to the index value, and the complete ciphertext data is obtained by combining. The data receiver uses the decryption key corresponding to the ciphertext data to decrypt and obtain the data plaintext, and the data circulation from the data owner to the data receiver is realized.
S5, realizing the data security circulation application of the hierarchical novel cloud manufacturing application scene based on the block chain.
Preferably, in the hierarchical novel cloud manufacturing application scenario, the participants comprise a data provider and a data receiver. Different participants access the bottom layer blockchain network through the security suite, the data provider completes data uplink and transmission by calling the intelligent contract on the chain, data circulation is completed through synchronization of the account book, and the data receiver also completes data reading on the chain through intelligent contract calling, so that sharing of cloud manufacturing production service data is realized. In the specific implementation process, the data security circulation application disassembles and repacks the received cloud manufacturing service data, packages the cloud manufacturing service data into standard data packets, and links the standard data packets in a data security circulation blockchain network. When the data on the chain is required to be read, the hash value of the data or the file is searched through transaction hash, and the hash value is returned to a data reader in a standardized data packet format, so that the safety circulation requirements of different business party applications on the data are met. A schematic diagram of a hierarchical new cloud manufacturing application scenario for implementing a blockchain-based data security circulation application is shown in fig. 8.
The beneficial effects of the invention are as follows:
The technical scheme of the invention can improve the challenging problem of safe circulation of data based on the blockchain in the application scene of the hierarchical novel cloud manufacturing. Aiming at the problems that the user data safety exchange circulation, trust establishment and resource sharing requirements of enterprises of the novel cloud manufacturing system and the requirements of a flattened structure unsuitable hierarchy system of a traditional blockchain network cannot meet the data safety circulation of a cloud manufacturing application scene of a multi-hierarchy system of the novel cloud manufacturing system, the invention provides a blockchain-based data safety circulation technology of the novel hierarchical cloud manufacturing application scene, and provides a blockchain link point design, an account book design, a node approval design and a storage mode design.
Drawings
The following describes the embodiments of the present invention in further detail with reference to the drawings;
fig. 1 illustrates a block chain based data security flow diagram in an implementation-layering novel cloud manufacturing application scenario.
Fig. 2 shows a block chain network composition diagram in a hierarchical novel cloud manufacturing application scenario.
Fig. 3 shows a block chain ledger structure diagram of a data security circulation system in a hierarchical novel cloud manufacturing application scenario.
Fig. 4 illustrates a data security flow system blockchain node admission control flow diagram in a hierarchical novel cloud manufacturing application scenario.
Fig. 5 shows a block chain node admission control flow diagram of a data security flow system in a hierarchical novel cloud manufacturing application scenario.
Fig. 6 illustrates a data security flow system blockchain participation node status update algorithm in a hierarchical novel cloud manufacturing application scenario.
Fig. 7 shows a block chain-based data security flow system authorization approval flow diagram in a hierarchical novel cloud manufacturing application scenario.
Fig. 8 shows a schematic diagram of a blockchain-based data security circulation application implementation in a hierarchical novel cloud manufacturing application scenario.
Detailed Description
In order to more clearly illustrate the present invention, the present invention will be further described with reference to preferred examples and drawings. Like parts in the drawings are denoted by the same reference numerals. It is to be understood by persons skilled in the art that the following detailed description is illustrative and not restrictive, and that this invention is not limited to the details given herein.
As shown in fig. 1, fig. 2, fig. 3, fig. 4, fig. 5, fig. 6, fig. 7 and fig. 8, the invention discloses a block chain-based data security circulation method in an application scene of hierarchical novel cloud manufacturing, which comprises the following steps:
s1, designing a data security circulation system node based on a block chain in a hierarchical novel cloud manufacturing application scene;
In the blockchain-based data secure streaming system proposed in this patent, a client node installs a command line client program or application program, representing an entity operated by a user. Communication with the blockchain network can only be established if the client node is connected to a blockchain service node, such as submitting a data query request to any node or submitting a transaction request to a billing node. The full function node can receive a transaction application from the client node, package the transaction into block data, and broadcast the block data to the blockchain network for consensus. The full-function node itself also participates in the consensus process, and after the sequence and the content of each node agree on the block, the data is locally landed. The client node may query the in-chain data through the full function node, which queries from locally stored ledger data and returns the results to the client node. The consensus node can participate in the consensus process of the block data, verify the correctness and the integrity of the data, and store the block data into a local account after the block chain node in the network achieves consensus. Meanwhile, the consensus node can receive a data query application from the client node and return a query result. The query node cannot receive the transaction application, does not participate in the data consensus process, and is only used for querying the data on the chain. And broadcasting a next block request message to other nodes to acquire the block information on the chain one by one, so that a complete account book data is saved. The organization represents the infrastructure of the blockchain composed of different types of nodes and ensures the operation and security of the blockchain network. In the hierarchical novel cloud manufacturing scene, the first-level blockchain represents the blockchain formed by the first-layer nodes, the second-level blockchain represents the blockchain formed by the second-layer nodes, and the third-level blockchain represents the blockchain formed by the third-layer nodes. BaaS (Blockchain AS A SERVICE), namely "blockchain as a service", is a service for embedding blockchain technology into a cloud computing platform, and provides a convenient and high-performance blockchain ecological environment and matched service for developers.
S2, designing a distributed account book database of a data security circulation system based on block chains in a hierarchical novel cloud manufacturing application scene;
The system node is represented by X, i represents the level of the node in the system, j, f and g represent the positions of the nodes in the same level, k, o and l represent the sibling nodes of a certain node, a, b and c represent three nodes of the same layer respectively, and z represents a certain node of a certain layer. The ith node X i,j,Xi,j+1,…,Xi,j+k is a child node of the (i+1) th node X i+1,a in the system, the formal description is { X i,j,Xi,j+1,…,Xi,j+k}∈Xi+1,a }, the (i+1) th node X i+1,a,Xi+1,b,Xi+1,c is a child node of the (i+2) th node X i+2,z, the formal description is { X i+1,a,Xi+1,b,Xi+1,c}∈Xi+2,z }, the nodes X i,j,…,Xi,j+k have identical father nodes X i+1,a, are brother nodes, and are non-brother nodes without common direct father nodes. The novel cloud manufacturing system level block chain consensus process comprises a two-stage mode of a lower consensus process and an upper consensus process, wherein the i+1th layer node realizes consensus with a corresponding node of the i layer through the lower consensus process, and the i+1th layer node completes consensus with the i+2th layer node through the upper consensus process.
Each node of the blockchain-based data security circulation system maintains a hierarchical data ledger in a hierarchical novel cloud manufacturing application scene. In a common blockchain network, all service nodes are completely peer-to-peer and together maintain a set of data ledgers. In a hierarchical blockchain network, there is a hierarchical relationship of data flows mapped from managed vertical relationships between nodes, forming a hierarchical ledger. In the hierarchical blockchain network, a data consensus process occurs between a father node and a child node of the father node, after the data is completely consensus, the child node lands the data and records the data on an account book, if the father node does not have the father node, the data after the consensus is also recorded on a local account book, otherwise, the father node continues to consensus the data to the network of the father node and the father node. Thus, a set of account books is maintained among brothers, an ancestor node (top node) maintains a set of account books, and the data range of the account books is gradually expanded from a lower node to a higher node.
The hierarchical blockchain ledger is a hierarchical association ledger structure, and is a ledger formed among brother nodes of each layer after consensus. The ledger association is a data association relationship between ledgers, and the high-level ledger data includes low-level child node ledger data. The ledger structure is described as follows, layer i+1node X i+1,a, node X i+1,b, node X i+1,c together maintain ledger Ledger i+1,abc (t), layer i node { X i,j,Xi,j+1,…,Xi,j+k } maintain ledger Ledger ij (t), node { X i,f,Xi,f+1,…,Xi,f+o } maintain ledger Ledger if (t), node { X i,g,Xi,g+1,…,Xi,g+l } maintain ledger Ledger ig (t). The (i+1) -th ledger data includes data of the (i) -th ledger, i.e., the (i+1) -th ledger Ledger i+1,abc (t) -th data includes data of the (i) -th ledgers Ledger ij(t)、Ledgerif (t) and Ledger ig (t).
S3, designing a hierarchical novel data security circulation system node approval method based on block chains in a cloud manufacturing application scene;
The adoption of the mechanism for setting the admission of the blockchain node realizes that unnecessary nodes do not join the network, and in addition, in order to prevent the operations such as offline and deleting of the nodes from affecting the safety and stability of the blockchain network, a node admission control mechanism and a node state detection mechanism are required to be set, so that data security events caused by offline of part of the nodes are prevented. Aiming at the requirement that a blockchain-based data security circulation system in a hierarchical novel cloud manufacturing application scene carries out corresponding admission control on a plurality of levels and blockchain networks among the levels, an authorization control mechanism carried out when nodes join and exit the blockchain network is realized by designing node admission control contracts.
The node admission control flow is specifically that before admission, the identity of the node needs to be verified, and the node carrying the legal certificate can be allowed to join the blockchain network. Whether or not the start-up operation information of the node is successfully started up, the start-up operation information of the node needs to be reported to the father node. The node admission control request is initiated by the node end, then a starting verification method of the admission control contract is executed, and the validity and the effectiveness of the identity certificate of the node are verified. If the verification is passed, the node is agreed to be started, otherwise, the node is refused to be started. And sending the contract execution result to the management end, and selecting a node uplink by the management end to record the starting information of the node.
The node admission control flow is that the management end selects a full-function node from father nodes which normally operate the node, then reports the node starting information to the node, the node executes the data linking method of admission control contract, and finally links the information. The admission control is divided into two parts for deployment, the verification method starting part is a built-in system contract and can be directly invoked, and the data uplink method part can be invoked after manual deployment.
Before admission, whether the node exits the network or not needs to be judged, and the consensus process of other nodes in the network is affected, so that data cannot be normally converged. The stop operation information of the node is reported to its parent node whether or not the node can exit the network. In the figure, count hie(Xi,j) represents the number of consensus nodes whose hierarchical properties agree with that node except X i,j, count father(Xi,j) represents the parent node number of node X i,j (assuming that the hierarchical property value of node { X i,j、Xi,j+1……Xi,j+k } is a-b-c, then the parent node of node { X i+1,m、Xi+1,m+1……Xi+1,m+o } whose hierarchical property is a-b is { X i,j、Xi,j+1……Xi,j+k }, and { X i,j、Xi,j+1……Xi,j+k } is a child node of { X i+1,m、Xi+1,m+1……Xi+1,m+o }), count uc(Xi,j) represents the number of nodes that can participate in consensus in nodes_up X(i,j) except X i,j, count son(Xi,j) represents the number of child nodes of node X i,j, and Count dc(Xi,j) represents the number of nodes that can participate in consensus in node_down X(i,j) except X i,j.
The node admission control is initiated by the platform management end, a user initiates a node stop request at the management point interface, and then the management end judges whether the node stop can influence the consensus of the subsequent data of other nodes of the layer and the transmission of the lower layer data. Firstly judging whether the layer has a consensus node with the same level attribute as the node after the node stops, if not, refusing to stop the node, otherwise, carrying out the next round of judgment. And judging whether the node has a father node, if so, judging whether the peer node can also complete upward consensus, if not, refusing to stop the node, and if so, entering the next round of judgment. And then judging whether the child node of the node can complete upward consensus after stopping the node, if so, agreeing to stop the node, otherwise, refusing to stop the node. The node stopping result is reported to the management end, the management end selects a full-function node from father nodes which normally operate the node, then the node stopping information is reported to the node, and the node executes a data uplink method of a quasi-output control contract to uplink the information.
Aiming at node state updating requirements in daily operation of a data security circulation system based on a blockchain in a hierarchical novel cloud manufacturing application scene, contracts used for recording the states of the nodes on the blockchain are designed. All nodes need to periodically call a node state update contract to update the attribute state of the node, and the superior node of the node can check the latest attribute state at any time. After the node is successfully started, executing a timing task and periodically reporting the self state information to the father node. The method comprises the steps that a node sends information such as a name, an IP address, a hierarchical attribute, a current state and the like to a management end, the management end receives the state information, then selects a full-function node from father nodes which normally operate the node, calls a father node function interface, stores the node state information and the current time into a new node state set newMap, and finally the father node executes a data uplink method of a node state information update contract to link the state information of the child nodes. newMap and oldMap are new and old node state sets, and are composed of key-value pairs, wherein a key is node and state information thereof, and a value is current system time. And the father node screens the abnormal state of the node according to the information of the two sets.
Aiming at the requirement that the upper node needs to confirm and authorize before operations such as data query, modification and the like of the lower node in the data security circulation system based on the blockchain in the hierarchical novel cloud manufacturing application scene, the process of authorizing and approving contracts specifically comprises the steps that a user initiates a service application through an application system, and after the application system processes corresponding data, an intelligent contract is called to uplink service application information. The approval user of the service logs in the application system, inquires the application information on the chain, approves according to the service flow, stores the approval comments on the blockchain through the intelligent contract, and updates the state of the application behavior. And the user inquires the service state through the application system, and if the user is approved, the user can continue to develop the subsequent service according to the approval result.
S4, designing a low-overhead storage method for the uplink and the downlink of a block chain-based data security circulation system chain in a hierarchical novel cloud manufacturing application scene;
aiming at the requirements of the hierarchical novel cloud manufacturing application scene on the security, convenience and certainty of data circulation, the on-chain index encryption storage and the off-chain data ciphertext fragment storage on-chain and off-chain storage design flow is specifically that information related to data on a blockchain chain only has the abstract and encrypted index value of the data. After the data receiver obtains the authorization of the data owner and the decryption key corresponding to the index ciphertext, the data receiver can decrypt and obtain the index value plaintext, and obtain a plurality of ciphertexts of the data under the chain from the partitioned storage system according to the index value, and the complete ciphertext data is obtained by combining. The data receiver uses the decryption key corresponding to the ciphertext data to decrypt and obtain the data plaintext, and the data circulation from the data owner to the data receiver is realized.
S5, realizing data security circulation application based on block chains in the hierarchical novel cloud manufacturing application scene.
Under the hierarchical novel cloud manufacturing application scene, the method comprises the specific steps that the data security circulation application disassembles and repacks the received cloud manufacturing service data, packages the data security circulation application into standard data packets, and uplinks in a data security circulation blockchain network. When the data on the chain is required to be read, the hash value of the data or the file is searched through transaction hash, and the hash value is returned to a data reader in a standardized data packet format, so that the safety circulation requirements of different business side applications on the data are met.
The data flow application is in butt joint with the hierarchical blockchain platform, platform resources need to be planned, and subsequent data related operations can be subjected to uplink management. Firstly, a demand person puts forward the construction demands of a service chain and each cloud manufacturing node according to specific services, provides a reference basis for the deployment of a bottom layer block chain service of data circulation application, and provides a guarantee for the normal operation of subsequent applications. Then, system maintainers deploy the hierarchical blockchain platform, start platform services, log in the hierarchical blockchain platform by each node user, create corresponding types of nodes and start node services. After the preparation work is completed, the deployment work of the data flow application can be developed, the corresponding system configuration of the application is modified according to the deployment environment, and then the application system is started. And then, each node user can log in the application system to start each data circulation service, and the blockchain service can uplink the information records such as service data, user behaviors and the like in the service operation process and is used for supporting the data circulation management function of the application. The system administrator can perform data audit and chain audit operations, and audit data such as data records, data maintenance records, user use records of the data, user behavior records and the like.
It should be understood that the foregoing examples of the present invention are provided merely for clearly illustrating the present invention and are not intended to limit the embodiments of the present invention, and that various other changes and modifications may be made therein by one skilled in the art without departing from the spirit and scope of the present invention as defined by the appended claims.

Claims (8)

1.根据所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,首先设计基于区块链的数据安全流通系统节点,区块链网络组成如图2所示。1. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario, it is characterized in that a data security circulation system node based on blockchain is first designed, and the blockchain network composition is shown in Figure 2. 其中,客户端节点安装命令行客户端程序或者应用程序,代表由用户操作的实体。只有客户端节点连接到某区块链服务节点上,才能与区块链网络建立通信,例如向任意节点提交数据查询请求,或者向记账节点提交交易请求。全功能节点能够接收来自客户端节点的交易申请,并将交易打包成区块数据,广播到区块链网络中进行共识。全功能节点自身也会参与到共识过程中,待各节点对区块的顺序和内容达成一致后,在本地将数据落地。客户端节点可以通过全功能节点查询链上数据,全功能节点从本地存储的账本数据中进行查询并将结果返回给客户端节点。共识节点能够参与到区块数据的共识过程中,对数据的正确性和完整性进行验证,待网络中的区块链节点达成共识后将区块数据存入本地账本。同时,共识节点能够接收来自客户端节点的数据查询申请并返回查询结果。查询节点无法接收交易申请,也不参与数据共识过程,仅用于对链上数据的查询。通过向其他节点广播“nextblock”请求消息,逐一获取链上区块信息,从而保存一份完整的账本数据。组织表示由不同类型节点构成的区块链的基础设施,并确保区块链网络的运行和安全。层级化新型云制造场景下,一级区块链表示第一层节点组成的区块链,二级区块链表示第二层节点组成的区块链,三级区块链表示第三层节点组成的区块链。BaaS(Blockchain as aService),即“区块链即服务”,是一种将区块链技术嵌入云计算平台的服务,为开发者提供便捷、高性能的区块链生态环境和配套服务。Among them, the client node installs a command line client program or application, representing an entity operated by the user. Only when the client node is connected to a certain blockchain service node can it establish communication with the blockchain network, such as submitting a data query request to any node, or submitting a transaction request to the accounting node. The full-function node can receive transaction applications from the client node, package the transaction into block data, and broadcast it to the blockchain network for consensus. The full-function node itself will also participate in the consensus process. After each node reaches an agreement on the order and content of the block, the data will be landed locally. The client node can query the on-chain data through the full-function node. The full-function node queries from the locally stored ledger data and returns the results to the client node. The consensus node can participate in the consensus process of the block data, verify the correctness and integrity of the data, and store the block data in the local ledger after the blockchain nodes in the network reach a consensus. At the same time, the consensus node can receive data query applications from the client node and return the query results. The query node cannot receive transaction applications, nor does it participate in the data consensus process. It is only used to query on-chain data. By broadcasting "nextblock" request messages to other nodes, the block information on the chain is obtained one by one, thereby saving a complete copy of the ledger data. Organizations represent the infrastructure of the blockchain composed of different types of nodes and ensure the operation and security of the blockchain network. In the hierarchical new cloud manufacturing scenario, the first-level blockchain represents the blockchain composed of the first-layer nodes, the second-level blockchain represents the blockchain composed of the second-layer nodes, and the third-level blockchain represents the blockchain composed of the third-layer nodes. BaaS (Blockchain as a Service), that is, "Blockchain as a Service", is a service that embeds blockchain technology into a cloud computing platform, providing developers with a convenient, high-performance blockchain ecosystem and supporting services. 2.根据权利要求1所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计基于区块链的数据安全流通系统分布式账本数据库,区块链账本结构如图3所示。2. According to the method for secure data circulation based on blockchain in a hierarchical new cloud manufacturing application scenario applicable to claim 1, it is characterized in that a distributed ledger database of a data security circulation system based on blockchain is designed, and the blockchain ledger structure is shown in FIG3. 其中,用X表示系统节点,i表示节点在系统中处于的层级,j、f和g表示节点在同一层级中的位置,k、o和l表示某一节点的兄弟节点,a、b、c分别表示同一层的三个节点,z表示某层的某个节点,则可将系统描述如下。系统中第i层节点Xi,j,Xi,j+1,…,Xi,j+k为第i+1层节点Xi+1,a的子节点,形式化描述为{Xi,j,Xi,j+1,…,Xi,j+k}∈Xi+1,a;第i+1层节点Xi+1,a,Xi+1,b,Xi+1,c是第i+2层节点Xi+2,z的子节点,形式化描述为{Xi+1,a,Xi+1,b,Xi+1,c}∈Xi+2,z;节点Xi,j,…,Xi,j+k有相同的父节点Xi+1,a,互相为兄弟节点,无共同直接父节点的为非兄弟节点。新型云制造系统层级区块链共识过程包括对下共识过程、对上共识过程两阶段方式,第i+1层节点通过对下共识过程实现与第i层相应节点的共识;第i+1层节点通过对上共识过程完成与第i+2层节点的共识。Among them, X represents the system node, i represents the level of the node in the system, j, f and g represent the position of the node in the same level, k, o and l represent the sibling nodes of a node, a, b, c represent three nodes in the same level respectively, and z represents a node in a level. The system can be described as follows. In the system, the i-th layer node Xi ,j , Xi ,j+1 ,…,Xi ,j+k is the child node of the i+1-th layer node Xi +1,a , formally described as { Xi,j ,Xi,j+1 ,…,Xi ,j+k }∈Xi +1,a ; the i+1-th layer node Xi +1,a ,Xi +1,b ,Xi +1,c is the child node of the i+2-th layer node Xi +2,z , formally described as {Xi +1,a ,Xi +1,b ,Xi +1,c }∈Xi +2,z ; the nodes Xi ,j ,…,Xi ,j+k have the same parent node Xi +1,a , and are brother nodes to each other. Those without a common direct parent node are non-brother nodes. The hierarchical blockchain consensus process of the new cloud manufacturing system includes two stages: the downward consensus process and the upward consensus process. The i+1th layer nodes achieve consensus with the corresponding nodes of the i-th layer through the downward consensus process; the i+1th layer nodes complete the consensus with the i+2th layer nodes through the upward consensus process. 基于区块链的数据安全流通系统各节点维护层级数据账本。在层级区块链网络中,节点之间存在由管理上的垂直关系映射而成的数据流动的层级关系,从而形成层级账本。在本发明所提的层级区块链网络中,数据共识过程发生在父节点与其子节点之间;共识完成后,子节点将数据落地,记录到账本上,若该父节点不存在父节点,则也将共识后的数据记录到本地账本;否则,该父节点将数据继续向其兄弟节点与其父节点的网络中进行共识。由此,各兄弟节点间维护一套账本,祖先节点(顶层节点)维护一套账本,账本的数据范围从低层节点到高层节点逐级扩大。区块链账本为分层关联账本结构,是共识后各层兄弟节点间形成的账本。账本关联是账本间的数据关联关系,高层级账本数据包含低层级子节点账本数据。Each node in the blockchain-based data security circulation system maintains a hierarchical data account book. In a hierarchical blockchain network, there is a hierarchical relationship of data flow between nodes mapped by a vertical relationship in management, thereby forming a hierarchical account book. In the hierarchical blockchain network proposed in the present invention, the data consensus process occurs between the parent node and its child nodes; after the consensus is completed, the child node lands the data and records it in the account book. If the parent node does not have a parent node, the data after consensus is also recorded in the local account book; otherwise, the parent node continues to reach a consensus on the data between its sibling node and its parent node network. Thus, a set of account books is maintained between each sibling node, and a set of account books is maintained by the ancestor node (top node), and the data range of the account book is gradually expanded from the low-level node to the high-level node. The blockchain account book is a hierarchical association account book structure, which is an account book formed between the sibling nodes of each layer after consensus. Account book association is a data association relationship between account books, and the high-level account book data contains the low-level child node account book data. 图3中,第i+1层节点Xi+1,a、节点Xi+1,b、节点Xi+1,c共同维护账本Ledgeri+1,abc(t),第i层节点{Xi,j,Xi,j+1,…,Xi,j+k}维护账本Ledgerij(t),节点{Xi,f,Xi,f+1,…,Xi,f+o}维护账本Ledgerif(t),节点{Xi,g,Xi,g+1,…,Xi,g+l}维护账本Ledgerig(t)。第i+1层账本数据包含第i层账本的数据,即:第i+1层账本Ledgeri+1,abc(t)数据包含了第i层账本Ledgerij(t)、Ledgerif(t)和Ledgerig(t)的数据。In Figure 3, the i+1th layer nodes Xi +1,a , Xi +1,b , and Xi +1,c jointly maintain the ledger Ledger i+1,abc (t), the i-th layer nodes {Xi ,j , Xi ,j+1 ,…,Xi ,j+k } maintain the ledger Ledger ij (t), the nodes {Xi ,f , Xi ,f+1 ,…,Xi, f+o } maintain the ledger Ledger if (t), and the nodes {Xi ,g , Xi ,g+1 ,…,Xi ,g+l } maintain the ledger Ledger ig (t). The i+1th layer ledger data contains the data of the i-th layer ledger, that is, the i+1th layer ledger Ledger i+1,abc (t) data contains the data of the i-th layer ledger Ledger ij (t), Ledger if (t), and Ledger ig (t). 3.根据权利要求1所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计层级化新型云制造应用场景下基于区块链的数据安全流通系统节点准入机制及准入控制合约,实现对节点加入和退出区块链网络时进行的授权控制机制,防止非必要节点不加入网络。节点准入控制流程具体为:准入前需要对节点身份进行验证,携带合法证书的节点才能被允许加入区块链网络。无论是否成功启动,该节点的启动操作信息都需要上报给其父节点。节点准入控制请求由节点端发起,然后执行准入控制合约的启动验证方法,对节点的身份证书的合法性、有效性进行验证。若验证通过,则同意启动该节点;否则拒绝启动该节点。合约执行结果发送给管理端,由管理端选择节点上链记录该节点的启动信息。具体流程如图4所示。3. According to the method for secure data circulation based on blockchain in hierarchical new cloud manufacturing application scenarios, the node access mechanism and access control contract of the data security circulation system based on blockchain in hierarchical new cloud manufacturing application scenarios are designed to realize the authorization control mechanism for nodes to join and exit the blockchain network, so as to prevent unnecessary nodes from not joining the network. The node access control process is as follows: the node identity needs to be verified before admission, and only nodes with legal certificates are allowed to join the blockchain network. Regardless of whether the startup is successful or not, the startup operation information of the node needs to be reported to its parent node. The node access control request is initiated by the node end, and then the startup verification method of the access control contract is executed to verify the legitimacy and validity of the node's identity certificate. If the verification is passed, the node is allowed to be started; otherwise, the node is refused to be started. The contract execution result is sent to the management end, and the management end selects the node to be chained to record the startup information of the node. The specific process is shown in Figure 4. 4.根据权利要求3所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计层级化新型云制造应用场景下基于区块链的数据安全流通系统节点准出控制机制及准出控制合约,实现对节点退出区块链网络时进行的授权控制机制,防止节点的离线、删除等操作影响区块链网络的安全性和稳定性。节点准出控制流程具体为:管理端在该节点正常运行的父节点中选取一个全功能节点,然后将节点启动信息上报给该节点,该节点执行准出控制合约的数据上链方法,最终将信息上链。准出控制合约分为两部分进行部署,启动验证方法部分为内置系统合约,可直接调用;数据上链方法部分需要手动部署后方能调用,具体流程如图5所示。4. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario applicable to claim 3, it is characterized by designing a node exit control mechanism and an exit control contract for the data security circulation system based on blockchain in the hierarchical new cloud manufacturing application scenario, realizing an authorization control mechanism for nodes when they exit the blockchain network, and preventing the node's offline, deletion and other operations from affecting the security and stability of the blockchain network. The node exit control process is specifically as follows: the management end selects a full-function node from the parent node of the node that is operating normally, and then reports the node startup information to the node, and the node executes the data chain method of the exit control contract, and finally chains the information. The exit control contract is divided into two parts for deployment, the startup verification method part is a built-in system contract, which can be called directly; the data chain method part needs to be manually deployed before it can be called, and the specific process is shown in Figure 5. 准出前需要判断该节点退出网络后,是否会影响网络中其他节点的共识过程,从而导致数据无法正常汇聚。无论该节点是否能够退出网络,该节点的停止操作信息都会被上报给其父节点。图5中,Counthie(Xi,j)表示除Xi,j外,层级属性与该节点一致的共识节点的数量;Countfather(Xi,j)表示节点Xi,j的父节点数量(设节点{Xi,j、Xi,j+1……Xi,j+k}的层级属性值为a-b-c,则层级属性为a-b的节点{Xi+1,m、Xi+1,m+1……Xi+1,m+o}为{Xi,j、Xi,j+1……Xi,j+k}的父节点,{Xi,j、Xi,j+1……Xi,j+k}为{Xi+1,m、Xi+1,m+1……Xi+1,m+o}的子节点);Countuc(Xi,j)表示除Xi,j外,nodes_upX(i,j)中能参与共识的节点数量;Countson(Xi,j)表示节点Xi,j的子节点数量;Countdc(Xi,j)表示除Xi,j外,nodes_downX(i,j)能参与共识的节点数量。Before the node is allowed to exit, it is necessary to determine whether the node's exit from the network will affect the consensus process of other nodes in the network, thereby causing data to fail to converge normally. Regardless of whether the node can exit the network, the node's stop operation information will be reported to its parent node. In Figure 5, Count hie (X i,j ) represents the number of consensus nodes with the same hierarchical attributes as the node except Xi ,j ; Count father (X i,j ) represents the number of father nodes of node Xi ,j (assuming that the hierarchical attribute value of nodes {X i,j , Xi ,j+1 … Xi ,j+k } is abc, then the nodes {X i+1,m , Xi +1,m+1 … Xi +1,m+o } with hierarchical attribute ab are the father nodes of {X i,j , Xi ,j+1 … Xi ,j+k }, and {X i,j , Xi ,j+1 … Xi ,j+k } are the child nodes of {X i+1,m , Xi+1,m+1 … Xi +1,m+o }); Count uc (X i,j ) represents the number of nodes in nodes_up X(i,j) that can participate in consensus except Xi ,j ; Count son (X i,j ) represents the number of child nodes of node Xi ,j ; Count dc (X i,j ) represents the number of nodes that can participate in the consensus of nodes_down X(i,j) except Xi ,j . 节点准出控制由平台管理端发起,用户在管理点界面发起节点停止请求,而后管理端判断该节点停止后是否会影响该层其他节点后续数据的共识以及下层数据的传递。首先判断该节点停止后,该层是否还有层级属性与该节点一致的共识节点,若没有,则拒绝停止该节点;否则进行下一轮判断。然后判断该节点是否有父节点,若有则需要判断该节点停止后,其同级节点是否还能够完成向上共识,若不能,则拒绝停止该节点;若能或者没有父节点,则进入下一轮判断。接下来判断该节点停止后,该节点的子节点是否还能够完成向上共识,若能,则同意停止该节点,否则拒绝停止该节点。节点停止结果被报送给管理端,管理端在该节点正常运行的父节点中选取一个全功能节点,然后将节点停止信息上报给该节点,该节点执行准出控制合约的数据上链方法将信息上链。The node exit control is initiated by the platform management end. The user initiates a node stop request in the management point interface, and then the management end determines whether the node will affect the consensus of subsequent data of other nodes in the layer and the transmission of lower-layer data after the node stops. First, it is determined whether there is a consensus node with the same hierarchical attributes as the node in the layer after the node stops. If not, the node is refused to be stopped; otherwise, the next round of judgment is carried out. Then it is determined whether the node has a parent node. If so, it is necessary to determine whether its peer nodes can still complete the upward consensus after the node stops. If not, the node is refused to be stopped; if it can or there is no parent node, the next round of judgment is entered. Next, it is determined whether the child nodes of the node can still complete the upward consensus after the node stops. If so, it is agreed to stop the node, otherwise it is refused to stop the node. The node stop result is reported to the management end. The management end selects a fully functional node from the parent node of the node that is operating normally, and then reports the node stop information to the node. The node executes the data chain method of the exit control contract to chain the information. 5.根据权利要求4所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计层级化新型云制造应用场景下基于区块链的数据安全流通系统节点状态检测机制,设计将本节点的状态记录在区块链上所用的合约,实现所有节点周期的调用节点状态更新合约更新自己的属性状态,节点的上级节点可以随时查看其最新属性状态。具体流程为:节点将名称、IP(Internet Protocol)地址、层级属性以及当前状态等信息发送给管理端,管理端接收到状态信息后,从该节点正常运行的父节点中选取一个全功能节点;然后调用父节点功能接口,将<节点状态信息,当前时间>存入节点状态集newMap;最后父节点执行节点状态信息更新合约的数据上链方法将子节点状态信息上链。新节点状态集newMap与旧节点状态集oldMap均为节点状态集合,由键值对组成,其中“键”为节点与其状态信息,“值”为当前系统时间。父节点根据以上两个集合的信息筛选节点异常状态,具体算法如图6所示。5. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario according to claim 4, it is characterized in that a node status detection mechanism of the data security circulation system based on blockchain in the hierarchical new cloud manufacturing application scenario is designed, and a contract used to record the status of the node on the blockchain is designed to realize the call of the node status update contract of all nodes to update their own attribute status in a periodic manner, and the node's superior node can view its latest attribute status at any time. The specific process is: the node sends information such as name, IP (Internet Protocol) address, hierarchical attribute and current status to the management end. After receiving the status information, the management end selects a full-function node from the parent node of the node in normal operation; then calls the parent node function interface, and stores <node status information, current time> in the node status set newMap; finally, the parent node executes the data chaining method of the node status information update contract to chain the child node status information. The new node status set newMap and the old node status set oldMap are both node status sets, which are composed of key-value pairs, where the "key" is the node and its status information, and the "value" is the current system time. The parent node filters the abnormal node status according to the information of the above two sets, and the specific algorithm is shown in Figure 6. 6.根据权利要求5所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计层级化新型云制造应用场景下基于区块链的数据安全流通系统授权审批机制,实现下级节点数据查询、修改等操作前需由上级节点进行确认授权的需求,具体流程为:用户通过应用系统发起业务申请,应用系统进行相应数据处理后,调用智能合约将业务申请信息上链。该业务的审批用户登录应用系统,查询链上申请信息,并按照业务流程进行审批,审批意见通过智能合约存储到区块链上,同时更新申请行为的状态。用户通过应用系统查询业务状态,若已审批则可根据审批结果继续开展后续业务,具体流程如图7所示。6. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario of claim 5, it is characterized in that the authorization and approval mechanism of the data security circulation system based on blockchain in the hierarchical new cloud manufacturing application scenario is designed to realize the need for confirmation and authorization by the upper node before the lower node data query, modification and other operations. The specific process is: the user initiates a business application through the application system, and after the application system performs corresponding data processing, it calls the smart contract to upload the business application information to the chain. The approving user of the business logs in to the application system, queries the application information on the chain, and approves it according to the business process. The approval opinion is stored on the blockchain through the smart contract, and the status of the application behavior is updated at the same time. The user queries the business status through the application system. If it has been approved, the subsequent business can continue to be carried out according to the approval result. The specific process is shown in Figure 7. 7.根据权利要求6所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,设计层级化新型云制造应用场景下基于区块链的数据安全流通链上链下低开销存储方法,具体为:针对层级化新型云制造应用场景下对数据流通安全性、便捷性、确权性的要求,链上索引加密存储、链下数据密文分片存储的链上链下存储设计流程具体为:区块链链上和数据有关的信息只有数据的摘要和加密后索引值。数据接收方在得到数据所有者授权、获得索引密文对应的解密密钥后,可以解密获得索引值明文,并依据索引值从分片存储系统中获得链下数据的多片密文,组合得到完整的密文数据。数据接收方使用密文数据对应的解密密钥,解密得到数据明文,实现数据从数据所有者到数据接收方的数据流通。7. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario of claim 6, it is characterized in that a low-overhead storage method for data security circulation based on blockchain in the hierarchical new cloud manufacturing application scenario is designed, specifically: in view of the requirements for data circulation security, convenience, and confirmation of rights in the hierarchical new cloud manufacturing application scenario, the on-chain and off-chain storage design process of on-chain index encryption storage and off-chain data ciphertext shard storage is specifically: the information related to the data on the blockchain chain is only the summary of the data and the encrypted index value. After obtaining the authorization of the data owner and obtaining the decryption key corresponding to the index ciphertext, the data recipient can decrypt and obtain the index value plaintext, and obtain multiple pieces of off-chain data ciphertext from the shard storage system according to the index value, and combine them to obtain the complete ciphertext data. The data recipient uses the decryption key corresponding to the ciphertext data to decrypt and obtain the data plaintext, realizing the data circulation from the data owner to the data recipient. 8.根据权利要求7所述的适用层级化新型云制造应用场景下基于区块链的数据安全流通方法,其特征在于,层级化新型云制造应用场景下基于区块链的数据安全流通应用,具体为:在层级化新型云制造应用场景下,不同的参与方通过安全套件接入底层区块链网络中,数据提供方通过调用链上智能合约完成数据上链和传输,通过账本的同步完成数据流通,接收方同样通过智能合约调用完成链上数据读取,实现云制造生产业务数据的共享。具体实现过程中,数据安全流通应用对接收到的云制造业务数据进行拆解再封装,将其打包成为标准数据包,并在数据安全流通区块链网络中上链。需要读取链上数据时,通过交易哈希查找数据或者文件的哈希值,将其以标准化数据包的格式返回给数据读取方,满足了不同业务方应用对数据的安全流转需求,具体流程如图8所示。8. According to the data security circulation method based on blockchain in the hierarchical new cloud manufacturing application scenario of claim 7, it is characterized in that the data security circulation application based on blockchain in the hierarchical new cloud manufacturing application scenario is specifically as follows: in the hierarchical new cloud manufacturing application scenario, different participants access the underlying blockchain network through the security suite, the data provider completes the data chain and transmission by calling the smart contract on the chain, completes the data circulation through the synchronization of the account book, and the receiver also completes the data reading on the chain through the smart contract call, so as to realize the sharing of cloud manufacturing production business data. In the specific implementation process, the data security circulation application disassembles and repackages the received cloud manufacturing business data, packages it into a standard data packet, and chains it in the data security circulation blockchain network. When it is necessary to read the data on the chain, the hash value of the data or file is found through the transaction hash, and it is returned to the data reader in the format of a standardized data packet, which meets the data security circulation requirements of different business applications. The specific process is shown in Figure 8.
CN202411365242.0A 2024-09-29 2024-09-29 Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario Pending CN119254404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411365242.0A CN119254404A (en) 2024-09-29 2024-09-29 Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411365242.0A CN119254404A (en) 2024-09-29 2024-09-29 Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario

Publications (1)

Publication Number Publication Date
CN119254404A true CN119254404A (en) 2025-01-03

Family

ID=94027558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411365242.0A Pending CN119254404A (en) 2024-09-29 2024-09-29 Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario

Country Status (1)

Country Link
CN (1) CN119254404A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170276A (en) * 2023-02-15 2023-05-26 北京计算机技术及应用研究所 A Design Method for Consortium Blockchain Basic Platform Supporting Non-Peer Node Relationships

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111523131A (en) * 2020-04-16 2020-08-11 丝链(常州)控股有限公司 Encrypted data storage method with high safety
CN114785804A (en) * 2022-04-29 2022-07-22 蚂蚁区块链科技(上海)有限公司 System and method for cross-block chain interaction
CN116170276A (en) * 2023-02-15 2023-05-26 北京计算机技术及应用研究所 A Design Method for Consortium Blockchain Basic Platform Supporting Non-Peer Node Relationships
CN116455549A (en) * 2023-03-10 2023-07-18 重庆邮电大学 A Consensus Optimization Method for Blockchain Sharding Based on Aggregate Signature

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111523131A (en) * 2020-04-16 2020-08-11 丝链(常州)控股有限公司 Encrypted data storage method with high safety
CN114785804A (en) * 2022-04-29 2022-07-22 蚂蚁区块链科技(上海)有限公司 System and method for cross-block chain interaction
CN116170276A (en) * 2023-02-15 2023-05-26 北京计算机技术及应用研究所 A Design Method for Consortium Blockchain Basic Platform Supporting Non-Peer Node Relationships
CN116455549A (en) * 2023-03-10 2023-07-18 重庆邮电大学 A Consensus Optimization Method for Blockchain Sharding Based on Aggregate Signature

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170276A (en) * 2023-02-15 2023-05-26 北京计算机技术及应用研究所 A Design Method for Consortium Blockchain Basic Platform Supporting Non-Peer Node Relationships

Similar Documents

Publication Publication Date Title
US12032558B2 (en) Blockchain maintenance method and apparatus, server, and computer-readable storage medium
CN115210741B (en) partially ordered blockchain
CN110870254B (en) Method and system for providing distributed private subspaced data structures
US20200371995A1 (en) System or method to implement right to be forgotten on metadata driven blockchain using shared secrets and consensus on read
US8365298B2 (en) Comprehensive security architecture for dynamic, web service based virtual organizations
CN111144881A (en) Selective access to asset transfer data
CN112866380B (en) Chain network architecture based on block chain
CN113850599B (en) Cross-link transaction method and system applied to alliance link
CN111737352B (en) Supply chain information collaborative management method based on block chain
CN111221914A (en) Data exchange sharing tracing method based on block chain
CN112615847A (en) Data sharing and privacy protection method based on block chain
WO2020228531A1 (en) Consortium blockchain governance method and apparatus, computer device and storage medium
CN119254404A (en) Data security circulation method based on blockchain in hierarchical new cloud manufacturing application scenario
WO2024244249A1 (en) Data processing method and apparatus based on blockchain, and device and medium
CN116800541A (en) Classified and hierarchical access control and access method for flight operation data
Guo et al. Antitampering scheme of evidence transfer information in judicial system based on blockchain
CN116611840A (en) A blockchain-based distributed data asset circulation traceability system and method
CN114239044B (en) A decentralized traceable shared access system
CN117786635A (en) A ship data management system based on user rights management in the ship supply chain
JP4967056B2 (en) Policy determination apparatus, method, and program
CN117896130A (en) Industrial Internet data access control method, device, equipment and medium
CN119067657A (en) Blockchain-based data processing method, device, equipment and storage medium
WO2021254282A1 (en) Blockchain-based interconnection method and apparatus, and computer storage medium
CN112348539A (en) Industrial product circulation life cycle tracing management system based on license chain and application thereof
JP4967055B2 (en) Information processing system, method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination