WO2020259629A1 - Block chain-based data inspection method and apparatus - Google Patents

Block chain-based data inspection method and apparatus Download PDF

Info

Publication number
WO2020259629A1
WO2020259629A1 PCT/CN2020/098268 CN2020098268W WO2020259629A1 WO 2020259629 A1 WO2020259629 A1 WO 2020259629A1 CN 2020098268 W CN2020098268 W CN 2020098268W WO 2020259629 A1 WO2020259629 A1 WO 2020259629A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
tree
data field
value
information
Prior art date
Application number
PCT/CN2020/098268
Other languages
French (fr)
Chinese (zh)
Inventor
毛嘉宇
范瑞彬
张开翔
张龙
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2020259629A1 publication Critical patent/WO2020259629A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • the present invention relates to the field of Fintech, and in particular to a method and device for data inspection based on blockchain.
  • the data on the blockchain is stored in the form of smart contracts, and there are functional and performance problems in conversion, query, analysis, and processing.
  • the blockchain data is usually exported through the RPC (Remote Process Call) interface, and the message is converted into standardized and structured data, and then stored in a relational database or other general storage system.
  • RPC Remote Process Call
  • the protection measures usually adopt methods such as restricting access to IP, setting user permissions, setting user passwords, and regularly creating snapshots to obtain certain control and protection.
  • This application provides a data inspection method and device based on a blockchain to prevent the data imported into the storage system in the blockchain from being tampered with, and to increase the information security in the storage system.
  • An embodiment of the present invention provides a blockchain-based data verification method, including:
  • the second data field After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the storage system The data;
  • the first tree is established based on the hash value of the first data field, and the first data field is determined based on the first information data The data;
  • the embodiment of the present invention also provides a block chain-based data verification device, including:
  • the transceiver unit is configured to obtain the second data field from the storage system after receiving the processing request for the second data field; the second data field is determined according to the first information data in the blockchain and stored in Data in the storage system;
  • the verification unit is configured to use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is based on the Data determined by the first information data;
  • the determining unit is configured to determine that the second data field has not been tampered with when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
  • the embodiment of the present invention also provides an electronic device, including:
  • At least one processor and,
  • a memory communicatively connected with the at least one processor; wherein,
  • the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute the method described above.
  • the embodiment of the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium storing computer instructions, and the computer instructions are used to make the computer execute the method described above.
  • the verification system obtains the first information data from the blockchain, determines the first data field according to the first information data, establishes the first tree based on the hash value of the first data field, and converts the first tree Stored in storage system or verification system for maintenance. At the same time, the data determined by the first information data and stored in the storage system is used as the second data.
  • the verification system receives the processing request for the second data field, it obtains the second data field from the storage system and uses the first tree to verify the second data field. It is foreseeable that if the second data field stored in the storage system has not been tampered with, the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
  • the first tree can be used to check the second data field stored in the storage system to ensure the consistency of the data in the storage system and the blockchain, thereby avoiding the data stored in the storage system from being tampered with, and improving the storage system information security.
  • each leaf node in the first tree corresponds to the data in the blockchain one-to-one. Therefore, the data in the blockchain can be quickly located according to the first tree, so as to quickly locate the tampered data when tampering is found. .
  • Figure 1 is a schematic structural diagram of a possible system architecture provided by an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a blockchain-based data verification method provided by an embodiment of the present invention
  • Figure 3 is a schematic structural diagram of a blockchain-based data verification device provided by an embodiment of the present invention.
  • Fig. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.
  • a system architecture to which the embodiment of the present invention is applicable includes a blockchain 101, a verification system 102, and a database 103.
  • the verification system 102 obtains information data from the blockchain 101, and stores the information data in the database 103 after being structured. At the same time, it establishes a Merkle tree based on the obtained information data, and maintains it in the database 103 for comparison The data stored in the database 103 is checked to prevent the data in the database 103 from being tampered with.
  • an audit system 104 may also be included. The audit system 104 builds another Merkle tree based on the information data in the blockchain 101 to verify the Merkle tree maintained in the database 103 to prevent The Merkel tree was tampered with.
  • the blockchain 101 is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the Hash (hash) value of the previous block. In this way, a chain is formed.
  • a block is composed of a block header and a block body.
  • the block header definition includes important fields such as the block height h and the hash value prevHash of the previous block.
  • the block body mainly stores transaction data.
  • the verification system 102 and/or the audit system 104 may be an operating system installed on an independent server, or may be installed in a server cluster formed by multiple servers.
  • the verification system 102 and/or the audit system 104 may use cloud computing technology for information processing.
  • the database 103 is a data storage device. Preferably, it can be a relational database, which stores data in a table structure.
  • Buried point It is a commonly used data collection method for website analysis. Data burying points are divided into three ways: elementary, intermediate, and advanced. Data burying point is a good way to collect data for privatization deployment.
  • the primary method is to implant statistical codes at key points of product and service conversion, and ensure that data collection is not repeated according to its independent ID (such as click-through rate of purchase buttons).
  • the intermediate method is to implant multiple pieces of code to track the user's series of behaviors on each interface of the platform, and the events are independent of each other (such as opening the product details page-selecting the product model-adding to the shopping cart-placing an order-completing the purchase) .
  • the advanced method is to combine company engineering and ETL to collect and analyze the full amount of user behavior, establish user portraits, and restore user behavior models as the basis for product analysis and optimization.
  • Block chain is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the hash value of the previous block. In this way, a chain is formed.
  • a block is composed of a block header and a block body.
  • the block header definition includes important fields such as the block height h and the hash value of the previous block.
  • the block body mainly stores transaction data.
  • RPC Remote Procedure Call
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • Merkle trees are an important data structure of the blockchain. Their function is to quickly summarize and verify the existence and integrity of block data. In a general sense, it is a way of hashing a large number of data "blocks”. It relies on splitting these data "blocks" into smaller units of data blocks. Each bucket block contains only a few data "blocks”. , And then take each bucket unit data block to hash again, repeat the same process until the total number of hashes only becomes 1.
  • Information data and data fields In the embodiment of the present invention, transaction information, status information, and log information stored in the blockchain are collectively referred to as information data. After analyzing and processing the information data, data fields are obtained, and the data fields are stored in another storage device in the form of structured data, such as a relational database.
  • Block chain technology uses block chain data structure to verify and store data.
  • the Ethereum virtual machine is used to execute smart contracts, use smart contracts to establish and verify accounts, and process and store data.
  • the computing resources on the smart contract are limited, and its query efficiency is also low, making it difficult to handle various query requests in actual scenarios.
  • the data export application system will be used to export the data on the blockchain one by one according to the block height, and after structured processing, store it in a data storage system represented by a relational database.
  • Storage systems such as databases can be protected against tampering based on restricting access to IP, setting user permissions, setting user passwords, and regularly creating snapshots. But this protection is limited. Because storage systems such as databases support addition, deletion, modification, and checking, and can support convenient editing and modification, data may be mishandled or even tampered by people with ulterior motives; in addition, cyber hacker attacks cannot be completely prevented; it is difficult to prevent operational risks, moral hazards, Information security risks.
  • an embodiment of the present invention provides a blockchain-based data verification method.
  • the blockchain-based data verification method provided by the embodiment of the present invention includes the following steps:
  • Step 201 After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the Data in the storage system.
  • Step 202 Use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is based on the first data field. Data identified by information data.
  • Step 203 When the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that the second data field has not been tampered with.
  • the verification system obtains the first information data from the blockchain, determines the first data field according to the first information data, establishes the first tree based on the hash value of the first data field, and converts the first tree Stored in storage system or verification system for maintenance. At the same time, the data determined by the first information data and stored in the storage system is used as the second data. After receiving the processing request for the second data field, the verification system obtains the second data field from the storage system, and uses the first tree to verify the second data field. It is foreseeable that if the second data field stored in the storage system has not been tampered with, the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
  • the first tree can be used to check the second data field stored in the storage system to ensure the consistency of the data in the storage system and the blockchain, thereby avoiding the data stored in the storage system from being tampered with, and improving the storage system information security.
  • each leaf node in the first tree corresponds to the data in the blockchain one-to-one. Therefore, the data in the blockchain can be quickly located according to the first tree, so as to quickly locate the tampered data when tampering is found. .
  • the storage system in the embodiment of the present invention may be a relational database, NOSQL, file database and other types of data storage systems.
  • a relational database is mainly used as an example for introduction.
  • the Merkle tree is not established directly using the information data, but the Merkle tree is constructed after the information data is structured.
  • it is also allowed to directly use information data to build Merkle trees, such as the storage and verification of status and transaction information. The following is a detailed description of how to obtain information data from the blockchain and how to perform data processing after obtaining the information data.
  • logs are allowed to be defined in smart contracts to track transactions and information.
  • a contract can record and archive logs by defining "events" for clients to obtain.
  • a log buried point is created in the smart contract and the smart contract is published on the blockchain.
  • the application sends a transaction on-chain request, and the smart contract is called on the blockchain to process the transaction.
  • the embedded point log in the smart contract is triggered to generate transaction log information and store the transaction log information in the blockchain In the block information.
  • Log information can include information such as contract address, sender address, original initiator address, internal variable value, and return value of a function.
  • the smart contract on the blockchain will execute the request and save the relevant sender address, contract address and other log information to the blockchain block Information.
  • the server obtains transaction information, status information, and log information by calling the underlying RPC interface of the blockchain; and organizes the storage of data according to the table structure of the relational database.
  • the transaction information may include information such as the identification of the transaction participant, the transaction account number, and the transaction amount;
  • the status information may include the status change information of the corresponding account.
  • Contract1_event2 For example, if event2 is defined in Contract1, the data structure of Contract1_event2 will be defined in the storage system (if the storage system is a relational database, Contract1_event2 is a database table) to store all generated event2 data. Assuming that from 1 to 100 blocks, the smart contract executes event2 10 times, then a total of 10 event archives are saved on the blockchain; correspondingly, the server obtains a total of 10 structured data and saves it to In the data structure of Contract1_event2.
  • related transaction information, status information, and log information on the blockchain will be stored in corresponding tables or other structures according to the parsed structured form. In a table, all similar data derived from the blockchain is collected; a table may have several different data.
  • each table contains several fields, including block information fields, such as the block height corresponding to the exchange, the transaction serial number at the height, and the timestamp on the chain.
  • each table also contains specific business fields, which are derived from the log information generated by the embedded points in the smart contract. For example, in a transfer transaction, the business fields may include the transfer-in account number, the transfer-out account number, and the transfer amount.
  • event2 is defined in Contract1, which is defined as follows:
  • event event2 (int i,bytes32 msg,address a);
  • the log information contains three different types of fields i, msg, a.
  • the smart contract calls the corresponding function and executes the corresponding log record statement, the above information will be saved on the chain.
  • the server When the server calls the RPC interface of the blockchain to query the corresponding results, it will parse the above query results, and the corresponding data structure Contract1_event2 in the storage system will contain six data fields, which are the block height and the height of the log. Transaction number, time stamp on the chain, i, msg, and a.
  • the hash value of the above data field is calculated, and the Merkle tree is further established. After receiving the processing request for the second data field, before obtaining the second data field from the storage system, the method further includes:
  • the hash values of all the first data fields are used as the values of the leaf nodes of the first tree to establish the first tree.
  • the verification system uses the structured first information data, that is, the first data field, to construct the first tree when the information data in the blockchain is structured and stored in the database.
  • the first tree, the second tree and the third tree in the embodiment of the present invention are Merkel trees.
  • Merkle tree is a kind of tree, most of which are binary trees, which usually contain the underlying data, the root hash value of the block header (that is, the Merkle root), and all the branches along the underlying block data to the root hash.
  • the Merkle tree operation process is generally to hash the underlying data in groups, and insert the new hash value generated into the Merkle tree, and so recurse until there is only the last root hash value and recorded as the Merkle of the block header root.
  • Each hash node always contains two adjacent data blocks or their hash values.
  • Merkle tree can also be multi-branch tree, no matter it is a branch tree, it has all the characteristics of tree structure;
  • the value of the leaf node of the Merkle tree is the unit data of the data set or the hash value of the unit data.
  • the value of a non-leaf node is calculated according to the value of all the leaf nodes below it, and then calculated according to the hash algorithm.
  • a Merkle tree may be constructed based on a data structure.
  • a Merkel tree is constructed based on the six data fields of the data structure Contract1_event2.
  • the leaf nodes of the Merkle tree are the block height of the log, the transaction number at the height, the time stamp on the chain, i, msg, and a.
  • the hash value In this way, each independent data structure will obtain the value of a Merkel tree root, and the integrity of the data can be quickly verified and checked by simply comparing the Merkle tree root in the data structure with the same block height.
  • each data field of the data structure corresponds to a leaf node, and an independent Merkel tree is maintained. tree.
  • the root value of the Merkle tree for every 16384 records can be used as a leaf node to construct a total Merkle tree to reduce the amount of stored data.
  • a Merkle tree can also be maintained based on the block dimension, that is, all transactions in each block are sorted in ascending order of transaction sequence number, and the data field of each transaction corresponds to the leaf node of the Merkle tree to establish the Merkle tree .
  • a Merkle tree can also be maintained based on the dimensions of the transaction, which facilitates the maintenance of the transaction.
  • the verification system can maintain a Merkle tree based on the block height, so that after the block height is specified, the integrity and consistency of all data under the block height can be quickly checked and checked. It can also check the consistency and completeness of the data in a certain block height interval according to a specific block height interval.
  • the constructed first tree can be maintained in the verification system or in the storage system, which is not limited here.
  • the establishment of the above-mentioned first tree is based on the log information generated by the embedded point of the smart contract. This method can be extended to the transaction information and status information of the blockchain. The principle and method are similar to the above and will not be repeated.
  • the data in the database is taken out and processed, the data needs to be checked to ensure that the data has not been tampered with.
  • the hash value of the second data field can be directly calculated, and then the value of the leaf node in the first tree is compared one by one to check whether the second data field is Has been tampered with.
  • a second tree can also be established for all the second data fields, and only the root node of the second tree is compared with the root node of the first tree.
  • the data in the blockchain is structured in units of blocks.
  • the first tree can be built with the block as the dimension; it can also be with a single business type as the dimension, for example, the data of the same buried log is stored in a relational database table, and then the first tree is established through the dimension of the relational database table. It is possible to verify the first tree root data of the table when all single business data is required to be exported, and quickly determine whether the data has been tampered with.
  • the second data field is checked using a pre-stored first tree, and when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that all The second data field has not been tampered with, including:
  • the value of the root node of each first tree can be stored in a special storage table.
  • the verification system calculates the hash value of the second data field, and constructs the second tree in the same manner and dimension as the first tree. It is foreseeable that if the second data field has not been tampered with, each node of the second tree has the same value as the corresponding node of the first tree; if a second data field has been tampered with, the root of the second tree The value of the node and the root node of the first tree are not the same, so you can directly compare the value of the root node of the second tree with the value of the root node of the first tree to determine whether the second data field corresponding to the second tree is tamper.
  • the embodiment of the present invention also includes auditing the first tree, and the method includes:
  • an audit system can be introduced to review the third tree maintained in the verification system and/or the database.
  • the audit system can be replaced by another instance of the verification system.
  • the process of the audit system obtaining information data from the blockchain and establishing the third tree is the same as the process of the verification system obtaining information data and establishing the first tree.
  • the audit system may not store detailed data fields, but only store the tree structure of the Merkle tree. This can greatly reduce the amount of data storage and increase the speed of auditing.
  • the third tree can be used to verify the first tree, but also the fourth tree, the fifth tree...and the Nth tree to the first tree can be established.
  • the establishment method is similar to the above description, and will not be repeated here.
  • the audit system can only review part of the first tree of the verification system. For example, every 2 X block heights, initiate and query system storage verification work.
  • the calculation formula of X is as follows:
  • U is a predetermined parameter
  • 100 is recommended, and it can also be set according to empirical values.
  • the audit system can verify according to the dimensions of the data structure, or according to the dimensions of the block.
  • the specific process of verifying according to the dimensions of the data structure is as follows:
  • the audit system checks the values of the two nodes in the next layer to check which node has inconsistent values. If the value of the node at a corresponding position in the audit system and the verification system is the same, skip it; otherwise, trace its child nodes along the node until all inconsistent leaf nodes are found. These leaf nodes are transaction data that may be tampered with.
  • the audit system will re-download the information data to the blockchain based on the block height and serial number of the transaction corresponding to these leaf nodes, and calculate its hash value again. If the confirmation is consistent with the previously calculated value, the specific information data of the verification system can be located to be tampered with.
  • cross-validation and verification can also be carried out through the dimension of the data structure and the dimension of the block, which can quickly locate and determine the problematic information data and its corresponding block height and transaction serial number.
  • the audit system can send out corresponding alarms to notify the relevant responsible personnel for manual intervention; it can also send a request to notify the verification system, the verification system can monitor this type of notification, and adapt to automatic rollback and restart Synchronous function. After the verification system has processed the error, it needs to recalculate and maintain the Merkle tree verification value with independent data structure and block height.
  • the audit system can also directly monitor the underlying events or logs of the database.
  • Specific monitoring methods include:
  • the audit system when the audit system monitors the corresponding database modification event, it will obtain the detailed information of the event operation and parse it into the corresponding structured data. For example, obtain the data structure of the operation, the block height of the transaction, the serial number of the transaction, and the data structure field of the specific change.
  • the audit system obtains detailed information such as the status of the block or data structure in the verification system, and the corresponding completed time stamp; based on the detailed information, and based on customizable rules, it can determine whether the change is normal. For example, if the transaction is completed at a certain time point before the time stamp corresponding to the change, it can be determined that the change operation is basically illegal; the audit system can immediately issue an early warning.
  • the audit system will then compare the HASH value of the block where the data of the modification operation is located and the HASH value of the data structure where it is located. In order to ensure that the data source has not changed, the audit system will re-download and synchronize the corresponding information data on the blockchain.
  • the audit system After comparing the data, the audit system will formally issue an alarm and record the results and detailed information of the detected events; for subsequent manual processing and automatic system processing.
  • exception handling mechanisms can also be triggered, such as automatic re-downloading, manual intervention, etc. There is no restriction here.
  • Step S301 The verification system obtains the first information data from the blockchain.
  • Step S302 The verification system structures the first information data to obtain the first data field, and stores the structured first information data in the database.
  • Step S303 The verification system calculates the hash value of each first data field.
  • Step S304 The verification system uses the hash values of all the first data fields as the values of the leaf nodes of the first tree, establishes the first tree with the data structure in the database as the dimension, and stores the first tree.
  • Step S305 After receiving the processing request for the second data field sent by the client, the verification system obtains the second data field from the database.
  • Step S306 The verification system calculates the hash value of each second data field.
  • Step S307 The verification system uses the hash values of all the second data fields as the values of the leaf nodes of the second tree, and establishes the second tree with the data structure in the database as the dimension.
  • Step S308 Compare the value of the root node of the second tree with the value of the root node of the first tree. If the value of the root node of the second tree is the same as the value of the root node of the first tree, perform step 309, otherwise Go to step 310.
  • Step S309 Determine that the second data field has not been tampered with.
  • Step S310 It is determined that the second data field has been tampered with, and an alarm indication is issued.
  • the embodiment of the present invention also provides a block chain-based data verification device, as shown in FIG. 3, including:
  • the transceiver unit 401 is configured to obtain the second data field from the database after receiving the processing request for the second data field; the second data field is determined according to the first information data in the blockchain and stored in Data in the storage system;
  • the checking unit 402 is configured to check the second data field using a pre-stored first tree; the first tree is established based on the hash value of the first data field, and the first data field is based on the The data determined by the first information data;
  • the determining unit 403 is configured to determine that the second data field has not been tampered with when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
  • the verification unit 402 is specifically configured to calculate the hash value of each second data field; use the hash values of all the second data fields as the values of the leaf nodes of the second tree to establish the first Two trees; the value of any non-leaf node in the second tree is obtained by hashing the values of all the child nodes of the non-leaf node; and the value of the root node of the second tree and the The value of the root node of the first tree is compared;
  • the determining unit 403 is specifically configured to determine that the second data field has not been tampered with when the value of the root node of the second tree is the same as the value of the root node of the first tree.
  • the transceiving unit 401 is also used to obtain the first information data in the blockchain;
  • It also includes a establishing unit 404, which is used to structure the first information data to obtain a first data field, and store the structured first information data in the storage system; and calculate the data of each first data field. Hope value; the hash value of all first data fields is used as the value of the leaf node of the first tree to establish the first tree.
  • the present invention also provides an electronic device, as shown in FIG. 4, including:
  • processor 501 Including a processor 501, a memory 502, a transceiver 503, and a bus interface 504, wherein the processor 501, the memory 502 and the transceiver 503 are connected through the bus interface 504;
  • the processor 501 is configured to read the program in the memory 502 and execute the following methods:
  • the second data field After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the storage system The data;
  • the first tree is established based on the hash value of the first data field, and the first data field is determined based on the first information data The data;
  • the embodiment of the present invention also provides a computer storage medium that stores computer executable instructions that need to be executed to execute the above-mentioned processor, and contains programs that are used to execute the above-mentioned processor.
  • various aspects of the blockchain-based data verification method provided by the present invention can also be implemented in the form of a program product, which includes program code, and when the program product runs on a computer device,
  • the program code is used to make the computer device execute the steps in the blockchain-based data verification method provided according to various exemplary implementations of the present invention described above in this specification.
  • the computer device can execute the implementation of the present invention.
  • Example provides a blockchain-based data verification method.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Embodiments of the present invention relate to the technical field of Fintech, and particularly relate to a block chain-based data inspection method and apparatus, used for preventing data that is imported from a block chain to a storage system from being falsified, and improving information security in the storage system. The embodiments of the present invention comprise: after receiving a processing request for a second data field, obtaining the second data field from a storage system, wherein the second data field is data that is determined according to first information data in a block chain and stored in the storage system; using a pre-stored first tree to perform inspection on the second data field, wherein the first tree is created according to a hash value of a first data field, and the first data field is data that is determined according to the first information data; and when the hash value of the second data field is consistent with a node value of a corresponding node in the first tree, determining that the second data field is not falsified.

Description

一种基于区块链的数据检验方法及装置Data inspection method and device based on blockchain
相关申请的交叉引用Cross references to related applications
本申请要求在2019年06月24日提交中国专利局、申请号为201910548845.7、申请名称为“一种基于区块链的数据检验方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on June 24, 2019, the application number is 201910548845.7, and the application name is "a blockchain-based data inspection method and device", the entire content of which is by reference Incorporated in this application.
技术领域Technical field
本发明涉及科技金融(Fintech)领域,尤其涉及一种基于区块链的数据检验方法及装置。The present invention relates to the field of Fintech, and in particular to a method and device for data inspection based on blockchain.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Finteh)转变,区块链(Block chain)技术也不例外,但由于金融行业的安全性、实时性要求,也对技术提出的更高的要求。With the development of computer technology, more and more technologies are applied in the financial field. The traditional financial industry is gradually changing to Finteh. Blockchain technology is no exception, but due to the security of the financial industry , Real-time requirements, but also higher requirements for technology.
区块链上的数据通过智能合约的形式存储,在转换、查询、分析、处理等方面存在功能性和性能上的问题。为了解决这些问题,通常将区块链的数据通过RPC(Remote Process Call)接口导出,并将报文转换为标准化、结构化的数据,然后存储至关系型数据库或其他通用的存储***上。The data on the blockchain is stored in the form of smart contracts, and there are functional and performance problems in conversion, query, analysis, and processing. To solve these problems, the blockchain data is usually exported through the RPC (Remote Process Call) interface, and the message is converted into standardized and structured data, and then stored in a relational database or other general storage system.
数据存储至存储***后的保护措施,通常采用基于限定访问IP、设定用户权限、设置用户密码、定期建立快照等方式,以此来得到一定的控制和保护。After the data is stored in the storage system, the protection measures usually adopt methods such as restricting access to IP, setting user permissions, setting user passwords, and regularly creating snapshots to obtain certain control and protection.
但是这种保护是有限的,难以防范操作风险、内部作案风险、***设计缺陷造成的数据一致性问题等。由于数据库等存储***支持增删改查,可以对其中的数据进行编辑和修改,数据可能会被篡改,存在一定信息安全风险。However, this protection is limited, and it is difficult to prevent operational risks, internal crime risks, and data consistency problems caused by system design flaws. Since storage systems such as databases support addition, deletion, modification, and checking, the data in them can be edited and modified. The data may be tampered with, which poses a certain information security risk.
发明内容Summary of the invention
本申请提供一种基于区块链的数据检验方法及装置,用以防止区块链中导入至存储***中的数据被篡改,增加存储***中的信息安全性。This application provides a data inspection method and device based on a blockchain to prevent the data imported into the storage system in the blockchain from being tampered with, and to increase the information security in the storage system.
本发明实施例提供的一种基于区块链的数据检验方法,包括:An embodiment of the present invention provides a blockchain-based data verification method, including:
接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the storage system The data;
利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;Use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is determined based on the first information data The data;
当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。When the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that the second data field has not been tampered with.
本发明实施例还提供一种基于区块链的数据检验装置,包括:The embodiment of the present invention also provides a block chain-based data verification device, including:
收发单元,用于接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;The transceiver unit is configured to obtain the second data field from the storage system after receiving the processing request for the second data field; the second data field is determined according to the first information data in the blockchain and stored in Data in the storage system;
检验单元,用于利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;The verification unit is configured to use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is based on the Data determined by the first information data;
确定单元,用于当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。The determining unit is configured to determine that the second data field has not been tampered with when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
本发明实施例还提供一种电子设备,包括:The embodiment of the present invention also provides an electronic device, including:
至少一个处理器;以及,At least one processor; and,
与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如上所述的方法。The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute the method described above.
本发明实施例还提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行如上所述的方法。The embodiment of the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium storing computer instructions, and the computer instructions are used to make the computer execute the method described above.
本发明实施例中,校验***从区块链中获取第一信息数据,并根据第一信息数据确定第一数据字段,基于第一数据字段的哈希值建立第一树,将第一树存储于存储***或者校验***中进行维护。同时,将第一信息数据确定并存储于存储***中的数据作为第二数据。当校验***接收到针对第二数据 字段的处理请求后,从存储***中获取第二数据字段,并利用第一树对第二数据字段进行检验。可以预见的是,若存储于存储***中的第二数据字段未被篡改,则第二数据字段的哈希值与第一树中对应节点的节点值一致,若第二数据字段被篡改,则第二数据字段的哈希值与第一树中对应节点的节点值不一致。因此,可以利用第一树对存储***中存储的第二数据字段进行检验,确保存储***与区块链中的数据一致性,从而避免存储***中存储的数据被篡改,提高了存储***中的信息安全。此外,第一树中的每个叶子节点与区块链中的数据一一对应,因此,可以根据第一树迅速定位到区块链中的数据,从而实现发现篡改时迅速定位被篡改的数据。In the embodiment of the present invention, the verification system obtains the first information data from the blockchain, determines the first data field according to the first information data, establishes the first tree based on the hash value of the first data field, and converts the first tree Stored in storage system or verification system for maintenance. At the same time, the data determined by the first information data and stored in the storage system is used as the second data. When the verification system receives the processing request for the second data field, it obtains the second data field from the storage system and uses the first tree to verify the second data field. It is foreseeable that if the second data field stored in the storage system has not been tampered with, the hash value of the second data field is consistent with the node value of the corresponding node in the first tree. If the second data field is tampered with, then The hash value of the second data field is inconsistent with the node value of the corresponding node in the first tree. Therefore, the first tree can be used to check the second data field stored in the storage system to ensure the consistency of the data in the storage system and the blockchain, thereby avoiding the data stored in the storage system from being tampered with, and improving the storage system information security. In addition, each leaf node in the first tree corresponds to the data in the blockchain one-to-one. Therefore, the data in the blockchain can be quickly located according to the first tree, so as to quickly locate the tampered data when tampering is found. .
附图说明Description of the drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present invention, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings may be obtained from these drawings without creative labor.
图1为本发明实施例提供的一种可能的***构架的结构示意图;Figure 1 is a schematic structural diagram of a possible system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种基于区块链数据检验方法的流程示意图;2 is a schematic flowchart of a blockchain-based data verification method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种基于区块链数据检验装置的结构示意图;Figure 3 is a schematic structural diagram of a blockchain-based data verification device provided by an embodiment of the present invention;
图4为本发明实施例提供的电子设备的结构示意图。Fig. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. . Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
如图1所示,本发明实施例所适用的一种***架构,包括区块链101、校验***102和数据库103。其中,校验***102从区块链101中获取信息数据,将信息数据结构化后存入数据库103中,同时,根据获取的信息数据建立梅克尔树,维护与数据库103中,用于对数据库103中存储的数据进行检验, 防止数据库103中的数据被篡改。进一步地,还可以包括审计***104,审计***104基于区块链101中的信息数据建立另一个梅克尔树,用于对数据库103中维护的梅克尔树进行校验,防止数据库103中的梅克尔树被篡改。As shown in FIG. 1, a system architecture to which the embodiment of the present invention is applicable includes a blockchain 101, a verification system 102, and a database 103. Among them, the verification system 102 obtains information data from the blockchain 101, and stores the information data in the database 103 after being structured. At the same time, it establishes a Merkle tree based on the obtained information data, and maintains it in the database 103 for comparison The data stored in the database 103 is checked to prevent the data in the database 103 from being tampered with. Furthermore, an audit system 104 may also be included. The audit system 104 builds another Merkle tree based on the information data in the blockchain 101 to verify the Merkle tree maintained in the database 103 to prevent The Merkel tree was tampered with.
区块链101是由一系列区块组成的一条链,每个块上除了记录本区块的数据还会记录上一区块的Hash(哈希)值,通过这种方式组成一条链。区块链的核心理念有两个,一个是密码学技术,另一个是去中心化思想,基于这两个理念做到区块链上的历史信息无法被篡改。一个区块由块头和块体组成,其中块头定义包括该区块高度h、上一个区块的Hash值prevHash等重要字段,而块体主要存储交易数据。The blockchain 101 is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the Hash (hash) value of the previous block. In this way, a chain is formed. There are two core concepts of the blockchain, one is cryptography and the other is decentralization. Based on these two concepts, the historical information on the blockchain cannot be tampered with. A block is composed of a block header and a block body. The block header definition includes important fields such as the block height h and the hash value prevHash of the previous block. The block body mainly stores transaction data.
校验***102和/或审计***104可以为安装在一个独立的服务器上的操作***,也可以为安装于多个服务器所形成的服务器集群中。优选地,校验***102和/或审计***104可以采用云计算技术进行信息处理。The verification system 102 and/or the audit system 104 may be an operating system installed on an independent server, or may be installed in a server cluster formed by multiple servers. Preferably, the verification system 102 and/or the audit system 104 may use cloud computing technology for information processing.
数据库103为数据存储设备,较佳地,可以为关系型数据库,按照表结构的方式进行数据存储。The database 103 is a data storage device. Preferably, it can be a relational database, which stores data in a table structure.
为了便于理解,下面对本发明实施例中可能涉及的名词进行定义和解释。For ease of understanding, the following defines and explains the terms that may be involved in the embodiments of the present invention.
埋点:是网站分析的一种常用的数据采集方法。数据埋点分为初级、中级、高级三种方式。数据埋点是一种良好的私有化部署数据采集方式。初级方式为在产品、服务转化关键点植入统计代码,据其独立ID确保数据采集不重复(如购买按钮点击率)。中级方式为植入多段代码,追踪用户在平台每个界面上的系列行为,事件之间相互独立(如打开商品详情页——选择商品型号——加入购物车——下订单——购买完成)。高级方式为联合公司工程、ETL采集分析用户全量行为,建立用户画像,还原用户行为模型,作为产品分析、优化的基础。Buried point: It is a commonly used data collection method for website analysis. Data burying points are divided into three ways: elementary, intermediate, and advanced. Data burying point is a good way to collect data for privatization deployment. The primary method is to implant statistical codes at key points of product and service conversion, and ensure that data collection is not repeated according to its independent ID (such as click-through rate of purchase buttons). The intermediate method is to implant multiple pieces of code to track the user's series of behaviors on each interface of the platform, and the events are independent of each other (such as opening the product details page-selecting the product model-adding to the shopping cart-placing an order-completing the purchase) . The advanced method is to combine company engineering and ETL to collect and analyze the full amount of user behavior, establish user portraits, and restore user behavior models as the basis for product analysis and optimization.
区块链:区块链是由一系列区块组成的一条链,每个块上除了记录本块的数据还会记录上一块的Hash值,通过这种方式组成一条链。区块链的核心理念有两个,一个是密码学技术,另一个是去中心化思想,基于这两个理念做到区块链上的历史信息无法被篡改。一个区块由块头和块体组成,其中块头定义包括该区块高度h,上一个区块的Hash值等重要字段,而块体主要存储交易数据。Block chain: A block chain is a chain composed of a series of blocks. In addition to recording the data of this block, each block also records the hash value of the previous block. In this way, a chain is formed. There are two core concepts of the blockchain, one is cryptography and the other is decentralization. Based on these two concepts, the historical information on the blockchain cannot be tampered with. A block is composed of a block header and a block body. The block header definition includes important fields such as the block height h and the hash value of the previous block. The block body mainly stores transaction data.
RPC(Remote Procedure Call,远程过程调用):是一种通过网络从远程计 算机程序上请求服务,而不需要了解底层网络技术的协议。RPC协议假定某些传输协议的存在,如TCP或UDP,为通信程序之间携带信息数据。在OSI网络通信模型中,RPC跨越了传输层和应用层。RPC使得开发包括网络分布式多程序在内的应用程序更加容易。RPC (Remote Procedure Call): It is a protocol for requesting services from remote computer programs through the network without understanding the underlying network technology. The RPC protocol assumes the existence of certain transmission protocols, such as TCP or UDP, to carry information and data between communication programs. In the OSI network communication model, RPC spans the transport layer and the application layer. RPC makes it easier to develop applications including network distributed multiple programs.
梅克尔树(Merkle trees),是区块链的重要数据结构,其作用是快速归纳和校验区块数据的存在性和完整性。一般意义上来讲,它是哈希大量聚集数据“块”的一种方式,它依赖于将这些数据“块”***成较小单位的数据块,每一个bucket块仅包含几个数据“块”,然后取每个bucket单位数据块再次进行哈希,重复同样的过程,直至剩余的哈希总数仅变为1。Merkle trees are an important data structure of the blockchain. Their function is to quickly summarize and verify the existence and integrity of block data. In a general sense, it is a way of hashing a large number of data "blocks". It relies on splitting these data "blocks" into smaller units of data blocks. Each bucket block contains only a few data "blocks". , And then take each bucket unit data block to hash again, repeat the same process until the total number of hashes only becomes 1.
信息数据、数据字段:本发明实施例中,将区块链中保存的交易信息、状态信息和日志信息统称为信息数据。将信息数据解析处理后得到数据字段,数据字段以结构化数据的形式保存至另外的存储设备中,如关系型数据库中。Information data and data fields: In the embodiment of the present invention, transaction information, status information, and log information stored in the blockchain are collectively referred to as information data. After analyzing and processing the information data, data fields are obtained, and the data fields are stored in another storage device in the form of structured data, such as a relational database.
区块链技术是利用块链式数据结构来验证与存储数据。在以太坊等区块链技术产品中,通过以太坊虚拟机来执行智能合约,使用智能合约来建立和验证账户,处理与存储数据。但是,智能合约上的计算资源是有限的,同时其查询的效率也较低,难以处理实际场景中的各类查询类的请求。Block chain technology uses block chain data structure to verify and store data. In Ethereum and other blockchain technology products, the Ethereum virtual machine is used to execute smart contracts, use smart contracts to establish and verify accounts, and process and store data. However, the computing resources on the smart contract are limited, and its query efficiency is also low, making it difficult to handle various query requests in actual scenarios.
在基于区块链的应用***中,业务数据可视化、***运维监控、实时业务报表、业务数据对账等均是较为常见的需求;为了有效解决这些问题,满足业务复杂多变的需求,通常会使用数据导出的应用***,将区块链上的数据按照区块高度逐个导出,并经过结构化处理后,存储到以关系型数据库为代表的数据存储***中。In blockchain-based application systems, business data visualization, system operation and maintenance monitoring, real-time business reports, business data reconciliation, etc. are all common requirements; in order to effectively solve these problems and meet the complex and changeable business needs, usually The data export application system will be used to export the data on the blockchain one by one according to the block height, and after structured processing, store it in a data storage system represented by a relational database.
数据库等存储***可以基于限定访问IP、设定用户权限、设置用户密码、定期建立快照等方式来得到防篡改的保护。但是这种保护是有限的。由于数据库等存储***支持增删改查,可以支持方便地编辑和修改,数据可能会被误操作,甚至被别有用心的人员篡改;此外,也无法完全杜绝网络黑客攻击;难以防范操作风险、道德风险、信息安全风险。Storage systems such as databases can be protected against tampering based on restricting access to IP, setting user permissions, setting user passwords, and regularly creating snapshots. But this protection is limited. Because storage systems such as databases support addition, deletion, modification, and checking, and can support convenient editing and modification, data may be mishandled or even tampered by people with ulterior motives; in addition, cyber hacker attacks cannot be completely prevented; it is difficult to prevent operational risks, moral hazards, Information security risks.
因此,如何保证数据存储中的业务数据与区块链上数据的一致性;如何检测和监控存储数据是否被篡改;在检测到数据被篡改时,如何快速定位、发现和恢复被篡改的数据是现有区块链数据存储***的技术挑战。Therefore, how to ensure the consistency between the business data in the data storage and the data on the blockchain; how to detect and monitor whether the stored data has been tampered with; how to quickly locate, find and restore the tampered data when it is detected that the data has been tampered The technical challenges of existing blockchain data storage systems.
为了解决上述问题,基于上述架构,本发明实施例提供了一种基于区块 链的数据检验方法,如图2所示,本发明实施例提供的基于区块链的数据检验方法包括以下步骤:In order to solve the above problems, based on the above architecture, an embodiment of the present invention provides a blockchain-based data verification method. As shown in FIG. 2, the blockchain-based data verification method provided by the embodiment of the present invention includes the following steps:
步骤201、接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据。Step 201: After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the Data in the storage system.
步骤202、利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据。Step 202: Use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is based on the first data field. Data identified by information data.
步骤203、当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。Step 203: When the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that the second data field has not been tampered with.
本发明实施例中,校验***从区块链中获取第一信息数据,并根据第一信息数据确定第一数据字段,基于第一数据字段的哈希值建立第一树,将第一树存储于存储***或者校验***中进行维护。同时,将第一信息数据确定并存储于存储***中的数据作为第二数据。当校验***接收到针对第二数据字段的处理请求后,从存储***中获取第二数据字段,并利用第一树对第二数据字段进行检验。可以预见的是,若存储于存储***中的第二数据字段未被篡改,则第二数据字段的哈希值与第一树中对应节点的节点值一致,若第二数据字段被篡改,则第二数据字段的哈希值与第一树中对应节点的节点值不一致。如不相同,则比较下一级的节点;跳过相同的节点,在比较发现不同的节点时,继续比较不同节点的下一级节点的值,直到发现所有不同的叶子节点。因此,可以利用第一树对存储***中存储的第二数据字段进行检验,确保存储***与区块链中的数据一致性,从而避免存储***中存储的数据被篡改,提高了存储***中的信息安全。此外,第一树中的每个叶子节点与区块链中的数据一一对应,因此,可以根据第一树迅速定位到区块链中的数据,从而实现发现篡改时迅速定位被篡改的数据。In the embodiment of the present invention, the verification system obtains the first information data from the blockchain, determines the first data field according to the first information data, establishes the first tree based on the hash value of the first data field, and converts the first tree Stored in storage system or verification system for maintenance. At the same time, the data determined by the first information data and stored in the storage system is used as the second data. After receiving the processing request for the second data field, the verification system obtains the second data field from the storage system, and uses the first tree to verify the second data field. It is foreseeable that if the second data field stored in the storage system has not been tampered with, the hash value of the second data field is consistent with the node value of the corresponding node in the first tree. If the second data field is tampered with, then The hash value of the second data field is inconsistent with the node value of the corresponding node in the first tree. If they are not the same, compare the nodes of the next level; skip the same nodes, and when the comparison finds different nodes, continue to compare the values of the next level nodes of different nodes until all different leaf nodes are found. Therefore, the first tree can be used to check the second data field stored in the storage system to ensure the consistency of the data in the storage system and the blockchain, thereby avoiding the data stored in the storage system from being tampered with, and improving the storage system information security. In addition, each leaf node in the first tree corresponds to the data in the blockchain one-to-one. Therefore, the data in the blockchain can be quickly located according to the first tree, so as to quickly locate the tampered data when tampering is found. .
需要说明的是,本发明实施例中的存储***可以为关系型数据库、NOSQL、文件型数据库等多种类型的数据存储***,本发明实施例中主要以关系型数据库为例进行介绍。It should be noted that the storage system in the embodiment of the present invention may be a relational database, NOSQL, file database and other types of data storage systems. In the embodiment of the present invention, a relational database is mainly used as an example for introduction.
本发明实施例中,从区块链中获取信息数据后,不是直接利用信息数据建立梅克尔树,而是将信息数据结构化之后再建立梅克尔树。当然,在某些 场景下,也允许直接利用信息数据建立梅克尔树,例如对状态和交易信息的存储、校验。下面就如何从区块链中获取信息数据,获取信息数据后如何进行数据处理进行详细描述。In the embodiment of the present invention, after information data is obtained from the blockchain, the Merkle tree is not established directly using the information data, but the Merkle tree is constructed after the information data is structured. Of course, in some scenarios, it is also allowed to directly use information data to build Merkle trees, such as the storage and verification of status and transaction information. The following is a detailed description of how to obtain information data from the blockchain and how to perform data processing after obtaining the information data.
在以太坊等区块链平台中,允许在智能合约中定义日志来跟踪交易和信息,一个合约可以通过定义“事件”来记录和存档日志,供客户端获取。In blockchain platforms such as Ethereum, logs are allowed to be defined in smart contracts to track transactions and information. A contract can record and archive logs by defining "events" for clients to obtain.
为了实现区块链交易数据的结构化查询,在智能合约中创建日志埋点并将智能合约发布到区块链上。应用程序发出交易上链请求,区块链上会调用智能合约处理该交易,智能合约的调用过程中触发智能合约中的埋点日志,产生交易日志信息,并将交易日志信息储存到区块链的区块信息中。日志信息可以包括合约地址、发送者地址、原始发起人地址、内部变量值、某个函数返回值等信息。In order to realize the structured query of blockchain transaction data, a log buried point is created in the smart contract and the smart contract is published on the blockchain. The application sends a transaction on-chain request, and the smart contract is called on the blockchain to process the transaction. During the invocation of the smart contract, the embedded point log in the smart contract is triggered to generate transaction log information and store the transaction log information in the blockchain In the block information. Log information can include information such as contract address, sender address, original initiator address, internal variable value, and return value of a function.
也就是说,当区块链的应用发起交易上链请求后,区块链上的智能合约会执行该请求,并将相关的发送者地址、合约地址等日志信息保存到区块链的区块信息中。That is to say, when the application of the blockchain initiates a transaction on-chain request, the smart contract on the blockchain will execute the request and save the relevant sender address, contract address and other log information to the blockchain block Information.
为了实现业务数据可视化、***运维监控、实时业务报表、业务数据对账等要求,需要将区块链中的交易信息、状态信息和日志信息保存至另外的存储设备(如关系型数据库)中。服务器通过调用区块链底层RPC接口,获得交易信息、状态信息和日志信息;并按照关系型数据库的表结构的方式来组织数据的存储。其中,交易信息可以包括交易参与方标识、交易账号、交易金额等信息;状态信息可以包括对应账号的状态变化信息。In order to achieve business data visualization, system operation and maintenance monitoring, real-time business reports, business data reconciliation and other requirements, it is necessary to save transaction information, status information and log information in the blockchain to another storage device (such as a relational database) . The server obtains transaction information, status information, and log information by calling the underlying RPC interface of the blockchain; and organizes the storage of data according to the table structure of the relational database. Among them, the transaction information may include information such as the identification of the transaction participant, the transaction account number, and the transaction amount; the status information may include the status change information of the corresponding account.
例如,在合约Contract1中定义了event2,则在存储***中将定义Contract1_event2的数据结构(假如存储***为关系型数据库,则Contract1_event2为数据库表),用来存储所有产生的event2的数据。假设从1至100个区块中,智能合约共执行了10次event2,则区块链上共保存了10条事件的存档;相应的,服务器共获得了10条结构化的数据,并保存到了Contract1_event2的数据结构中。以此类推,区块链上相关的交易信息、状态信息和日志信息将按照解析后的结构化形式,分别存储到对应的表或其他结构中。在某个表之中,汇集了所有从区块链上导出的同类数据;一张表可能有若干条不同的数据。For example, if event2 is defined in Contract1, the data structure of Contract1_event2 will be defined in the storage system (if the storage system is a relational database, Contract1_event2 is a database table) to store all generated event2 data. Assuming that from 1 to 100 blocks, the smart contract executes event2 10 times, then a total of 10 event archives are saved on the blockchain; correspondingly, the server obtains a total of 10 structured data and saves it to In the data structure of Contract1_event2. By analogy, related transaction information, status information, and log information on the blockchain will be stored in corresponding tables or other structures according to the parsed structured form. In a table, all similar data derived from the blockchain is collected; a table may have several different data.
针对日志信息而言,每张表中包含若干个字段,其中包括区块信息字段, 如该交易所对应的区块高度、所在高度的交易序号和上链的时间戳。此外,每张表中还包含了具体的业务字段,这些字段来源于上述智能合约中埋点产生的日志信息。例如在转账交易中,业务字段可以包括转入账号、转出账号、转账金额。日志信息经过程序解析后,获得对应的结果值。例如,在智能合约Contract1中定义了event2,其定义如下:For log information, each table contains several fields, including block information fields, such as the block height corresponding to the exchange, the transaction serial number at the height, and the timestamp on the chain. In addition, each table also contains specific business fields, which are derived from the log information generated by the embedded points in the smart contract. For example, in a transfer transaction, the business fields may include the transfer-in account number, the transfer-out account number, and the transfer amount. After the log information is parsed by the program, the corresponding result value is obtained. For example, event2 is defined in Contract1, which is defined as follows:
event event2(int i,bytes32 msg,address a);event event2(int i,bytes32 msg,address a);
则这个日志信息中包含了三个不同类型的字段i,msg,a,在智能合约调用相应的函数并执行对应的日志记录语句时,上述信息会被保存到链上。Then the log information contains three different types of fields i, msg, a. When the smart contract calls the corresponding function and executes the corresponding log record statement, the above information will be saved on the chain.
当服务器调用区块链的RPC接口查询对应的结果时,会解析上述的查询结果,则存储***中对应的数据结构Contract1_event2将包含六个数据字段,分别为该日志的区块高度、所在高度的交易序号、上链时间戳、i、msg和a。When the server calls the RPC interface of the blockchain to query the corresponding results, it will parse the above query results, and the corresponding data structure Contract1_event2 in the storage system will contain six data fields, which are the block height and the height of the log. Transaction number, time stamp on the chain, i, msg, and a.
本发明实施例中,将上述数据字段计算哈希值,并进一步建立梅克尔树。所述接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段之前,还包括;In the embodiment of the present invention, the hash value of the above data field is calculated, and the Merkle tree is further established. After receiving the processing request for the second data field, before obtaining the second data field from the storage system, the method further includes:
获取所述区块链中的第一信息数据;Acquiring the first information data in the blockchain;
将所述第一信息数据结构化,得到第一数据字段,并将结构化的第一信息数据存储于所述存储***中;Structure the first information data to obtain a first data field, and store the structured first information data in the storage system;
计算每一个第一数据字段的哈希值;Calculate the hash value of each first data field;
将所有第一数据字段的哈希值作为所述第一树的叶子节点的值,建立所述第一树。The hash values of all the first data fields are used as the values of the leaf nodes of the first tree to establish the first tree.
具体实施过程中,校验***在将区块链中的信息数据结构化处理存储至数据库时,会利用结构化的第一信息数据,即第一数据字段构建第一树。In the specific implementation process, the verification system uses the structured first information data, that is, the first data field, to construct the first tree when the information data in the blockchain is structured and stored in the database.
较佳地,本发明实施例中的第一树、第二树和第三树为梅克尔树。Preferably, the first tree, the second tree and the third tree in the embodiment of the present invention are Merkel trees.
梅克尔树是一种树,大多数是二叉树,通常包含底层数据、区块头的根哈希值(即Merkle根),以及所有沿底层区块数据到根哈希的分支。梅克尔树运算过程一般是将底层数据进行分组哈希,并将生成的新哈希值***到梅克尔树中,如此递归直到只剩最后一个根哈希值并记为区块头的Merkle根。其每个哈希节点总是包含两个相邻的数据块或其哈希值。梅克尔树的特点如下:Merkle tree is a kind of tree, most of which are binary trees, which usually contain the underlying data, the root hash value of the block header (that is, the Merkle root), and all the branches along the underlying block data to the root hash. The Merkle tree operation process is generally to hash the underlying data in groups, and insert the new hash value generated into the Merkle tree, and so recurse until there is only the last root hash value and recorded as the Merkle of the block header root. Each hash node always contains two adjacent data blocks or their hash values. The characteristics of Merkel tree are as follows:
1.梅克尔树也可以多叉树,无论是几叉树,它都具有树结构的所有特点;1. Merkle tree can also be multi-branch tree, no matter it is a branch tree, it has all the characteristics of tree structure;
2.梅克尔树的叶子节点的值是数据集合的单元数据或者单元数据的哈希 值。2. The value of the leaf node of the Merkle tree is the unit data of the data set or the hash value of the unit data.
3.非叶子节点的值是根据它下面所有的叶子节点值,然后按照哈希算法计算而得出的。3. The value of a non-leaf node is calculated according to the value of all the leaf nodes below it, and then calculated according to the hash algorithm.
本发明实施例中,可以是基于一条数据结构构建一个梅克尔树。例如基于数据结构Contract1_event2的六个数据字段构建一个梅克尔树,该梅克尔树的叶子节点分别为该日志的区块高度、所在高度的交易序号、上链时间戳、i、msg和a的哈希值。这样,每个独立的数据结构都将获得一个梅克尔树根的值,只需比较相同块高下该数据结构内的梅克尔树根,即可快速校验和检查数据的完整性。一般来说,当某数据结构的条数小于16384(该数字仅供举例,也可以是其他值),则将该数据结构的每一个数据字段对应一个叶子节点,维护一棵独立的梅克尔树。反之,每16384条记录的梅克尔树根值可以作为叶子节点构建一个总的梅克尔树,以减少存储的数据量。其次,也可以基于区块维度维护一棵梅克尔树,即将每个区块的所有交易按照交易序号升序排序,每个交易的数据字段对应梅克尔树的叶子节点,建立梅克尔树。此外,也可以基于交易的维度维护一棵梅克尔树,从而便于对交易进行维护。进一步地,校验***可以维护基于区块高度的梅克尔树,从而在指定区块高度后,快速校验和检查该区块高度下所有数据的完整性和一致性。还可根据特定的区块高度区间,检验某个区块高度区间内数据的一致性和完整性。In the embodiment of the present invention, a Merkle tree may be constructed based on a data structure. For example, a Merkel tree is constructed based on the six data fields of the data structure Contract1_event2. The leaf nodes of the Merkle tree are the block height of the log, the transaction number at the height, the time stamp on the chain, i, msg, and a. The hash value. In this way, each independent data structure will obtain the value of a Merkel tree root, and the integrity of the data can be quickly verified and checked by simply comparing the Merkle tree root in the data structure with the same block height. Generally speaking, when the number of a data structure is less than 16384 (the number is only for example, it can also be other values), then each data field of the data structure corresponds to a leaf node, and an independent Merkel tree is maintained. tree. Conversely, the root value of the Merkle tree for every 16384 records can be used as a leaf node to construct a total Merkle tree to reduce the amount of stored data. Secondly, a Merkle tree can also be maintained based on the block dimension, that is, all transactions in each block are sorted in ascending order of transaction sequence number, and the data field of each transaction corresponds to the leaf node of the Merkle tree to establish the Merkle tree . In addition, a Merkle tree can also be maintained based on the dimensions of the transaction, which facilitates the maintenance of the transaction. Further, the verification system can maintain a Merkle tree based on the block height, so that after the block height is specified, the integrity and consistency of all data under the block height can be quickly checked and checked. It can also check the consistency and completeness of the data in a certain block height interval according to a specific block height interval.
本发明实施例中,构建的第一树可以维护在校验***中,也可以维护在存储***中,这里不做限制。In the embodiment of the present invention, the constructed first tree can be maintained in the verification system or in the storage system, which is not limited here.
上述第一树的建立是基于智能合约埋点产生的日志信息,该方法可以扩展到区块链的交易信息和状态信息,原理和方法与上述类似,不再赘述。The establishment of the above-mentioned first tree is based on the log information generated by the embedded point of the smart contract. This method can be extended to the transaction information and status information of the blockchain. The principle and method are similar to the above and will not be repeated.
建立了第一树之后,当数据库中的数据被取出处理时,需要对数据进行检验,确定该数据未被篡改。对于从数据库中取出的第二数据字段,本发明实施例中可以直接将第二数据字段计算哈希值,然后逐个与第一树中的叶子节点的值进行对比,以检验第二数据字段是否被篡改。较佳地,还可以将所有第二数据字段建立第二树,仅对比第二树的根节点与第一树的根节点。After the first tree is established, when the data in the database is taken out and processed, the data needs to be checked to ensure that the data has not been tampered with. For the second data field retrieved from the database, in the embodiment of the present invention, the hash value of the second data field can be directly calculated, and then the value of the leaf node in the first tree is compared one by one to check whether the second data field is Has been tampered with. Preferably, a second tree can also be established for all the second data fields, and only the root node of the second tree is compared with the root node of the first tree.
需要说明的是,本发明实施例中,在区块链中的数据按照区块为单元来构造,但在某些具体的业务场景中,存在大量的以业务类型维度来查询数据。第一树的建立可以以区块为维度;也可以以单一业务类型为维度,例如通过 关系型数据库表存储同一埋点日志的数据,然后通过关系型数据库表的维度来建立第一树,这样就可以在要求导出所有单个业务数据的时候校验该表的第一树根数据,快速判断数据是否被篡改。It should be noted that, in the embodiment of the present invention, the data in the blockchain is structured in units of blocks. However, in some specific business scenarios, there are a large number of business type dimensions to query data. The first tree can be built with the block as the dimension; it can also be with a single business type as the dimension, for example, the data of the same buried log is stored in a relational database table, and then the first tree is established through the dimension of the relational database table. It is possible to verify the first tree root data of the table when all single business data is required to be exported, and quickly determine whether the data has been tampered with.
进一步地,所述利用预先存储的第一树对所述第二数据字段进行检验,当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改,包括:Further, the second data field is checked using a pre-stored first tree, and when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that all The second data field has not been tampered with, including:
计算每一个第二数据字段的哈希值;Calculate the hash value of each second data field;
将所有第二数据字段的哈希值作为所述第二树的叶子节点的值,建立所述第二树;所述第二树中任一非叶子节点的值是将所述非叶子节点的所有子节点的值进行哈希运算得到的;Use the hash values of all the second data fields as the value of the leaf node of the second tree to establish the second tree; the value of any non-leaf node in the second tree is the value of the non-leaf node The values of all child nodes are hashed;
将所述第二树的根节点的值与所述第一树的根节点的值进行对比;Comparing the value of the root node of the second tree with the value of the root node of the first tree;
当所述第二树的根节点的值与所述第一树的根节点的值相同时,确定所述第二数据字段未被篡改。When the value of the root node of the second tree is the same as the value of the root node of the first tree, it is determined that the second data field has not been tampered with.
为了便于检验,可以将每个第一树的根节点的值存储到专门的存储表中。校验***计算第二数据字段的哈希值,并以与构建第一树相同的方式和维度构建第二树。可以预见的,若第二数据字段均未被篡改,则第二树的每一个节点与第一树的对应节点的值均相等;若有一个第二数据字段被篡改,则第二树的根节点与第一树的根节点的值不相同,因此可以直接将第二树的根节点的值与第一树的根节点的值进行对比,从而确定第二树对应的第二数据字段是否被篡改。To facilitate verification, the value of the root node of each first tree can be stored in a special storage table. The verification system calculates the hash value of the second data field, and constructs the second tree in the same manner and dimension as the first tree. It is foreseeable that if the second data field has not been tampered with, each node of the second tree has the same value as the corresponding node of the first tree; if a second data field has been tampered with, the root of the second tree The value of the node and the root node of the first tree are not the same, so you can directly compare the value of the root node of the second tree with the value of the root node of the first tree to determine whether the second data field corresponding to the second tree is tamper.
为了进一步对数据进行有效的保护和审计,本发明实施例中还包括对第一树的审计,方法包括:In order to further effectively protect and audit data, the embodiment of the present invention also includes auditing the first tree, and the method includes:
从区块链中获取第二信息数据,所述第一信息数据中包含所述第二信息数据;Acquiring second information data from the blockchain, where the first information data includes the second information data;
将所述第二信息数据结构化得到第三数据字段;Structure the second information data to obtain a third data field;
根据所述第三数据字段的哈希值建立第三树;Establishing a third tree according to the hash value of the third data field;
利用所述第三树对所述第一树进行校验。Use the third tree to verify the first tree.
具体实施过程中,可以引入审计***,对校验***和/或数据库中维护的第三树进行审查。一般来说,需要对审计***与校验***和/或数据库操作范围及权限进行隔离,即校验***和审计***无法干涉或修改对方的行为和数 据,在大多数情况下,只保留相互的只读权限。此外,审计***可用另外一个实例的校验***来代替。During the specific implementation process, an audit system can be introduced to review the third tree maintained in the verification system and/or the database. Generally speaking, it is necessary to isolate the audit system and the verification system and/or the operating scope and authority of the database, that is, the verification system and the audit system cannot interfere or modify the behavior and data of the other party. In most cases, only mutual information is retained. Read only permission. In addition, the audit system can be replaced by another instance of the verification system.
审计***从区块链中获取信息数据并建立第三树的过程与校验***获取信息数据并建立第一树的过程相同。审计***中可以不保存明细的数据字段,而只存储梅克尔树的树结构。这样可以大大降低数据存储量,提升审计的速度。The process of the audit system obtaining information data from the blockchain and establishing the third tree is the same as the process of the verification system obtaining information data and establishing the first tree. The audit system may not store detailed data fields, but only store the tree structure of the Merkle tree. This can greatly reduce the amount of data storage and increase the speed of auditing.
需要说明的是,发明实施例中不仅可以利用第三树对第一树进行校验,还可以建立第四树、第五树……直至第N树对第一树,其中,每一个树的建立方法与上述描述类似,这里不做赘述。It should be noted that, in the embodiment of the invention, not only the third tree can be used to verify the first tree, but also the fourth tree, the fifth tree...and the Nth tree to the first tree can be established. The establishment method is similar to the above description, and will not be repeated here.
为了进一步减轻审计的工作量,提升审计速度,审计***可以仅对校验***的部分第一树进行审查。例如每隔2 X个区块高度,发起与查询***存储的校验工作。X的计算公式如下: In order to further reduce the workload of the audit and improve the audit speed, the audit system can only review part of the first tree of the verification system. For example, every 2 X block heights, initiate and query system storage verification work. The calculation formula of X is as follows:
2 X-1<当前区块高度/U<=2 X…………公式1 2 X-1 <Current block height/U<=2 X …………Formula 1
其中,U为预定参数,推荐为100,也可以根据经验值设置。Among them, U is a predetermined parameter, 100 is recommended, and it can also be set according to empirical values.
审计***可以按照数据结构的维度进行校验,也可以按照区块的维度进行校验,按照数据结构的维度进行校验的具体过程如下:The audit system can verify according to the dimensions of the data structure, or according to the dimensions of the block. The specific process of verifying according to the dimensions of the data structure is as follows:
将数据结构的按照字母进行排序并逐一校验,比对每个独立数据结构的第一树的根节点的值与第三树的根节点的值是否一致。如果一致,则进一步检查下一个数据结构。Sort the data structures alphabetically and check them one by one, and compare whether the value of the root node of the first tree of each independent data structure is consistent with the value of the root node of the third tree. If they are consistent, check the next data structure.
如果不一致,则说明审计***与校验***中的数据不一致。审计***按照梅克尔树的结构,检查下一层的两个节点的值,检查究竟是哪个节点的值不一致。如果审计***与校验***某个对应位置的节点的值相同,则跳过;否则,一直沿着节点追溯其子节点,直到找到所有不一致的叶子节点。这些叶子节点即为可能被篡改的交易数据。If they are inconsistent, the data in the audit system and the verification system are inconsistent. According to the structure of the Merkle tree, the audit system checks the values of the two nodes in the next layer to check which node has inconsistent values. If the value of the node at a corresponding position in the audit system and the verification system is the same, skip it; otherwise, trace its child nodes along the node until all inconsistent leaf nodes are found. These leaf nodes are transaction data that may be tampered with.
当找到所有不一致的叶子节点以后,审计***会重新根据这些叶子节点对应的交易的所在区块高度及序号,重新到区块链上下载这些信息数据,并再次计算其哈希值。如果确认和之前计算的值一致,则可定位到校验***的具体信息数据被篡改。When all inconsistent leaf nodes are found, the audit system will re-download the information data to the blockchain based on the block height and serial number of the transaction corresponding to these leaf nodes, and calculate its hash value again. If the confirmation is consistent with the previously calculated value, the specific information data of the verification system can be located to be tampered with.
按区块的维度进行校验的方法与原理同上,无需赘述。The method and principle of checking according to the dimension of the block are the same as above, and there is no need to go into details.
此外,也可通过数据结构的维度与区块的维度进行交叉验证和校验,可 以快速定位和确定出问题的信息数据和其对应的区块高度和交易序号。In addition, cross-validation and verification can also be carried out through the dimension of the data structure and the dimension of the block, which can quickly locate and determine the problematic information data and its corresponding block height and transaction serial number.
在发现问题后,审计***可发出对应的警报通知相关的责任人员,进行人工的介入;也可发送请求通知校验***,校验***可监听该类型的通知,并适配自动回滚和重新同步的功能。校验***在处理完错误后,需要重新计算和维护以独立数据结构和区块高度两个维度的梅克尔树校验值。After the problem is found, the audit system can send out corresponding alarms to notify the relevant responsible personnel for manual intervention; it can also send a request to notify the verification system, the verification system can monitor this type of notification, and adapt to automatic rollback and restart Synchronous function. After the verification system has processed the error, it needs to recalculate and maintain the Merkle tree verification value with independent data structure and block height.
为了进一步提升审计的效率,审计***还可以直接监听数据库的底层事件或日志等。具体监听方法包括:In order to further improve the efficiency of auditing, the audit system can also directly monitor the underlying events or logs of the database. Specific monitoring methods include:
对所述存储***的日志进行监控;Monitoring the logs of the storage system;
监听到所述存储***的日志中的存储***修改事件后,解析所述存储***修改事件,获取所述存储***修改事件对应的操作的详细信息;After monitoring the storage system modification event in the log of the storage system, analyze the storage system modification event to obtain detailed information of the operation corresponding to the storage system modification event;
根据所述操作的详细信息和预先设置的检验规则,确定所述操作为非法时,发送告警信息。According to the detailed information of the operation and preset inspection rules, when it is determined that the operation is illegal, an alarm information is sent.
具体实施过程中,当审计***监听到对应的数据库修改事件时,会获取到该事件操作的详细信息,并将其解析为对应的结构化数据。例如,获得操作的数据结构、交易所在的块高、交易的序号、具体改动的数据结构字段等。In the specific implementation process, when the audit system monitors the corresponding database modification event, it will obtain the detailed information of the event operation and parse it into the corresponding structured data. For example, obtain the data structure of the operation, the block height of the transaction, the serial number of the transaction, and the data structure field of the specific change.
审计***获取校验***中该区块或数据结构的状态、对应完成的时间戳等详细信息;根据详细信息,并基于可自定义设置的规则,判断该改动是否为正常。例如,如果交易在改动对应的时间戳之前的某个时间点完成,则可判定该改动操作基本为非法的;审计***可立刻发出预警。The audit system obtains detailed information such as the status of the block or data structure in the verification system, and the corresponding completed time stamp; based on the detailed information, and based on customizable rules, it can determine whether the change is normal. For example, if the transaction is completed at a certain time point before the time stamp corresponding to the change, it can be determined that the change operation is basically illegal; the audit system can immediately issue an early warning.
审计***接下来将按照对比改动操作的数据所在区块的HASH值及所在数据结构的HASH值。为了确保数据源未发生改变,审计***会重新到区块链上重新下载和同步对应的信息数据。The audit system will then compare the HASH value of the block where the data of the modification operation is located and the HASH value of the data structure where it is located. In order to ensure that the data source has not changed, the audit system will re-download and synchronize the corresponding information data on the blockchain.
在对比完数据后,审计***会正式发出警报,并记录检测到的事件结果和详细信息;以供后续的人工处理及***自动处理。当然,除了发送告警信息,还可以触发其它异常处理机制,例如自动重新下载、人工介入等,这里不做限制。After comparing the data, the audit system will formally issue an alarm and record the results and detailed information of the detected events; for subsequent manual processing and automatic system processing. Of course, in addition to sending alarm information, other exception handling mechanisms can also be triggered, such as automatic re-downloading, manual intervention, etc. There is no restriction here.
为了更清楚地理解本发明,下面以具体实施例对上述流程进行详细描述,具体实施例的步骤如下所示,包括:In order to understand the present invention more clearly, the above process will be described in detail with specific embodiments below. The steps of the specific embodiments are as follows, including:
步骤S301:校验***从区块链中获取第一信息数据。Step S301: The verification system obtains the first information data from the blockchain.
步骤S302:校验***将第一信息数据结构化,得到第一数据字段,并将 结构化的第一信息数据存储于数据库中。Step S302: The verification system structures the first information data to obtain the first data field, and stores the structured first information data in the database.
步骤S303:校验***计算每一个第一数据字段的哈希值。Step S303: The verification system calculates the hash value of each first data field.
步骤S304:校验***将所有第一数据字段的哈希值作为第一树的叶子节点的值,以数据库中的数据结构为维度建立第一树,并将第一树进行存储。Step S304: The verification system uses the hash values of all the first data fields as the values of the leaf nodes of the first tree, establishes the first tree with the data structure in the database as the dimension, and stores the first tree.
步骤S305:校验***接收到客户端发送的针对第二数据字段的处理请求后,从数据库中获取所述第二数据字段。Step S305: After receiving the processing request for the second data field sent by the client, the verification system obtains the second data field from the database.
步骤S306:校验***计算每一个第二数据字段的哈希值。Step S306: The verification system calculates the hash value of each second data field.
步骤S307:校验***将所有第二数据字段的哈希值作为第二树的叶子节点的值,以数据库中的数据结构为维度建立第二树。Step S307: The verification system uses the hash values of all the second data fields as the values of the leaf nodes of the second tree, and establishes the second tree with the data structure in the database as the dimension.
步骤S308:将第二树的根节点的值与第一树的根节点的值进行对比,若第二树的根节点的值与第一树的根节点的值相同,则执行步骤309,否则执行步骤310。Step S308: Compare the value of the root node of the second tree with the value of the root node of the first tree. If the value of the root node of the second tree is the same as the value of the root node of the first tree, perform step 309, otherwise Go to step 310.
步骤S309:确定第二数据字段未被篡改。Step S309: Determine that the second data field has not been tampered with.
步骤S310:确定第二数据字段被篡改,发出告警指示。Step S310: It is determined that the second data field has been tampered with, and an alarm indication is issued.
本发明实施例还提供了一种基于区块链的数据检验装置,如图3所示,包括:The embodiment of the present invention also provides a block chain-based data verification device, as shown in FIG. 3, including:
收发单元401,用于接收到针对第二数据字段的处理请求后,从数据库中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;The transceiver unit 401 is configured to obtain the second data field from the database after receiving the processing request for the second data field; the second data field is determined according to the first information data in the blockchain and stored in Data in the storage system;
检验单元402,用于利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;The checking unit 402 is configured to check the second data field using a pre-stored first tree; the first tree is established based on the hash value of the first data field, and the first data field is based on the The data determined by the first information data;
确定单元403,用于当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。The determining unit 403 is configured to determine that the second data field has not been tampered with when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
进一步地,所述检验单元402,具体用于计算每一个第二数据字段的哈希值;将所有第二数据字段的哈希值作为所述第二树的叶子节点的值,建立所述第二树;所述第二树中任一非叶子节点的值是将所述非叶子节点的所有子节点的值进行哈希运算得到的;将所述第二树的根节点的值与所述第一树的根节点的值进行对比;Further, the verification unit 402 is specifically configured to calculate the hash value of each second data field; use the hash values of all the second data fields as the values of the leaf nodes of the second tree to establish the first Two trees; the value of any non-leaf node in the second tree is obtained by hashing the values of all the child nodes of the non-leaf node; and the value of the root node of the second tree and the The value of the root node of the first tree is compared;
所述确定单元403,具体用于当所述第二树的根节点的值与所述第一树的 根节点的值相同时,确定所述第二数据字段未被篡改。The determining unit 403 is specifically configured to determine that the second data field has not been tampered with when the value of the root node of the second tree is the same as the value of the root node of the first tree.
进一步地,所述收发单元401,还用于获取所述区块链中的第一信息数据;Further, the transceiving unit 401 is also used to obtain the first information data in the blockchain;
还包括建立单元404,用于将所述第一信息数据结构化,得到第一数据字段,并将结构化的第一信息数据存储于所述存储***中;计算每一个第一数据字段的哈希值;将所有第一数据字段的哈希值作为所述第一树的叶子节点的值,建立所述第一树。It also includes a establishing unit 404, which is used to structure the first information data to obtain a first data field, and store the structured first information data in the storage system; and calculate the data of each first data field. Hope value; the hash value of all first data fields is used as the value of the leaf node of the first tree to establish the first tree.
进一步地,还包括审查单元405,用于:Further, it also includes a review unit 405, which is used to:
从区块链中获取第二信息数据,所述第一信息数据中包含所述第二信息数据;Acquiring second information data from the blockchain, where the first information data includes the second information data;
将所述第二信息数据结构化得到第三数据字段;Structure the second information data to obtain a third data field;
根据所述第三数据字段的哈希值建立第三树;Establishing a third tree according to the hash value of the third data field;
利用所述第三树对所述第一树进行校验;Verifying the first tree by using the third tree;
对所述存储***的日志进行监控;Monitoring the logs of the storage system;
监听到所述存储***的日志中的存储***修改事件后,解析所述存储***修改事件,获取所述存储***修改事件对应的操作的详细信息;After monitoring the storage system modification event in the log of the storage system, analyze the storage system modification event to obtain detailed information of the operation corresponding to the storage system modification event;
根据所述操作的详细信息和预先设置的检验规则,确定所述操作为非法时,发送告警信息。According to the detailed information of the operation and preset inspection rules, when it is determined that the operation is illegal, an alarm information is sent.
基于相同的原理,本发明还提供一种电子设备,如图4所示,包括:Based on the same principle, the present invention also provides an electronic device, as shown in FIG. 4, including:
包括处理器501、存储器502、收发机503、总线接口504,其中处理器501、存储器502与收发机503之间通过总线接口504连接;Including a processor 501, a memory 502, a transceiver 503, and a bus interface 504, wherein the processor 501, the memory 502 and the transceiver 503 are connected through the bus interface 504;
所述处理器501,用于读取所述存储器502中的程序,执行下列方法:The processor 501 is configured to read the program in the memory 502 and execute the following methods:
接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the storage system The data;
利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;Use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is determined based on the first information data The data;
当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。When the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that the second data field has not been tampered with.
本发明实施例还提供了一种计算机存储介质,存储为执行上述处理器所 需执行的计算机可执行指令,其包含用于执行上述处理器所需执行的程序。The embodiment of the present invention also provides a computer storage medium that stores computer executable instructions that need to be executed to execute the above-mentioned processor, and contains programs that are used to execute the above-mentioned processor.
在一些可能的实施方式中,本发提供的基于区块链的数据检验方法各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在计算机设备上运行时,所述程序代码用于使所述计算机设备执行本说明书上述描述的根据本发明各种示例性实施提供的基于区块链的数据检验方法中的步骤,例如,所述计算机设备可以执行本发明实施例提供的基于区块链的数据检验方法。In some possible implementation manners, various aspects of the blockchain-based data verification method provided by the present invention can also be implemented in the form of a program product, which includes program code, and when the program product runs on a computer device, The program code is used to make the computer device execute the steps in the blockchain-based data verification method provided according to various exemplary implementations of the present invention described above in this specification. For example, the computer device can execute the implementation of the present invention. Example provides a blockchain-based data verification method.
本发明是参照根据本发明实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although the preferred embodiments of the present invention have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包括这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. In this way, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention is also intended to include these modifications and variations.

Claims (10)

  1. 一种基于区块链的数据检验方法,其特征在于,包括:A data verification method based on blockchain, which is characterized in that it includes:
    接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;After receiving the processing request for the second data field, obtain the second data field from the storage system; the second data field is determined according to the first information data in the blockchain and stored in the storage system The data;
    利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;Use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is determined based on the first information data The data;
    当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。When the hash value of the second data field is consistent with the node value of the corresponding node in the first tree, it is determined that the second data field has not been tampered with.
  2. 如权利要求1所述的方法,其特征在于,所述利用预先存储的第一树对所述第二数据字段进行检验,当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改,包括:The method of claim 1, wherein the first tree stored in advance is used to verify the second data field, and when the hash value of the second data field is compared with the first tree When the node values of the corresponding nodes are consistent, determining that the second data field has not been tampered with includes:
    计算每一个第二数据字段的哈希值;Calculate the hash value of each second data field;
    将所有第二数据字段的哈希值作为所述第二树的叶子节点的值,建立所述第二树;所述第二树中任一非叶子节点的值是将所述非叶子节点的所有子节点的值进行哈希运算得到的;Use the hash values of all the second data fields as the value of the leaf node of the second tree to establish the second tree; the value of any non-leaf node in the second tree is the value of the non-leaf node The values of all child nodes are hashed;
    将所述第二树的根节点的值与所述第一树的根节点的值进行对比;Comparing the value of the root node of the second tree with the value of the root node of the first tree;
    当所述第二树的根节点的值与所述第一树的根节点的值相同时,确定所述第二数据字段未被篡改。When the value of the root node of the second tree is the same as the value of the root node of the first tree, it is determined that the second data field has not been tampered with.
  3. 如权利要求1所述的方法,其特征在于,所述接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段之前,还包括;5. The method according to claim 1, wherein after receiving the processing request for the second data field, before obtaining the second data field from the storage system, the method further comprises;
    获取所述区块链中的第一信息数据;Acquiring the first information data in the blockchain;
    将所述第一信息数据结构化,得到第一数据字段,并将结构化的第一信息数据存储于所述存储***中;Structure the first information data to obtain a first data field, and store the structured first information data in the storage system;
    计算每一个第一数据字段的哈希值;Calculate the hash value of each first data field;
    将所有第一数据字段的哈希值作为所述第一树的叶子节点的值,建立所述第一树。The hash values of all the first data fields are used as the values of the leaf nodes of the first tree to establish the first tree.
  4. 如权利要求1至3任一项所述的方法,其特征在于,还包括:The method according to any one of claims 1 to 3, further comprising:
    从区块链中获取第二信息数据,所述第一信息数据中包含所述第二信息数据;Acquiring second information data from the blockchain, where the first information data includes the second information data;
    将所述第二信息数据结构化得到第三数据字段;Structure the second information data to obtain a third data field;
    根据所述第三数据字段的哈希值建立第三树;Establishing a third tree according to the hash value of the third data field;
    利用所述第三树对所述第一树进行校验。Use the third tree to verify the first tree.
  5. 如权利要求1至3任一项所述的方法,其特征在于,还包括:The method according to any one of claims 1 to 3, further comprising:
    对所述存储***的日志进行监控;Monitoring the logs of the storage system;
    监听到所述存储***的日志中的存储***修改事件后,解析所述存储***修改事件,获取所述存储***修改事件对应的操作的详细信息;After monitoring the storage system modification event in the log of the storage system, analyze the storage system modification event to obtain detailed information of the operation corresponding to the storage system modification event;
    根据所述操作的详细信息和预先设置的检验规则,确定所述操作为非法时,发送告警信息。According to the detailed information of the operation and preset inspection rules, when it is determined that the operation is illegal, an alarm information is sent.
  6. 一种基于区块链的数据检验装置,其特征在于,包括:A block chain-based data inspection device is characterized in that it comprises:
    收发单元,用于接收到针对第二数据字段的处理请求后,从存储***中获取所述第二数据字段;所述第二数据字段为根据区块链中的第一信息数据确定并存储于所述存储***中的数据;The transceiver unit is configured to obtain the second data field from the storage system after receiving the processing request for the second data field; the second data field is determined according to the first information data in the blockchain and stored in Data in the storage system;
    检验单元,用于利用预先存储的第一树对所述第二数据字段进行检验;所述第一树为根据第一数据字段的哈希值建立的,所述第一数据字段为根据所述第一信息数据确定的数据;The verification unit is configured to use a pre-stored first tree to verify the second data field; the first tree is established based on the hash value of the first data field, and the first data field is based on the Data determined by the first information data;
    确定单元,用于当所述第二数据字段的哈希值与所述第一树中对应节点的节点值一致时,确定所述第二数据字段未被篡改。The determining unit is configured to determine that the second data field has not been tampered with when the hash value of the second data field is consistent with the node value of the corresponding node in the first tree.
  7. 如权利要求6所述的装置,其特征在于,The device of claim 6, wherein:
    所述检验单元,具体用于计算每一个第二数据字段的哈希值;将所有第二数据字段的哈希值作为所述第二树的叶子节点的值,建立所述第二树;所述第二树中任一非叶子节点的值是将所述非叶子节点的所有子节点的值进行哈希运算得到的;将所述第二树的根节点的值与所述第一树的根节点的值进行对比;The verification unit is specifically configured to calculate the hash value of each second data field; use the hash values of all the second data fields as the values of the leaf nodes of the second tree to establish the second tree; The value of any non-leaf node in the second tree is obtained by hashing the values of all child nodes of the non-leaf node; and the value of the root node of the second tree is compared with the value of the first tree The value of the root node is compared;
    所述确定单元,具体用于当所述第二树的根节点的值与所述第一树的根节点的值相同时,确定所述第二数据字段未被篡改;The determining unit is specifically configured to determine that the second data field has not been tampered with when the value of the root node of the second tree is the same as the value of the root node of the first tree;
    所述收发单元,还用于获取所述区块链中的第一信息数据;The transceiver unit is also used to obtain the first information data in the blockchain;
    还包括建立单元,用于将所述第一信息数据结构化,得到第一数据字段, 并将结构化的第一信息数据存储于所述存储***中;计算每一个第一数据字段的哈希值;将所有第一数据字段的哈希值作为所述第一树的叶子节点的值,建立所述第一树。It also includes a establishing unit for structuring the first information data to obtain a first data field, and storing the structured first information data in the storage system; calculating the hash of each first data field Value; the hash value of all first data fields is used as the value of the leaf node of the first tree to establish the first tree.
  8. 如权利要求6或7所述的装置,其特征在于,还包括审查单元,用于:The device according to claim 6 or 7, characterized in that it further comprises an examination unit for:
    从区块链中获取第二信息数据,所述第一信息数据中包含所述第二信息数据;Acquiring second information data from the blockchain, where the first information data includes the second information data;
    将所述第二信息数据结构化得到第三数据字段;Structure the second information data to obtain a third data field;
    根据所述第三数据字段的哈希值建立第三树;Establishing a third tree according to the hash value of the third data field;
    利用所述第三树对所述第一树进行校验;Verifying the first tree by using the third tree;
    所述审查单元,还用于:The review unit is also used for:
    对所述存储***的日志进行监控;Monitoring the logs of the storage system;
    监听到所述存储***的日志中的存储***修改事件后,解析所述存储***修改事件,获取所述存储***修改事件对应的操作的详细信息;After monitoring the storage system modification event in the log of the storage system, analyze the storage system modification event to obtain detailed information of the operation corresponding to the storage system modification event;
    根据所述操作的详细信息和预先设置的检验规则,确定所述操作为非法时,发送告警信息。According to the detailed information of the operation and preset inspection rules, when it is determined that the operation is illegal, an alarm information is sent.
  9. 一种电子设备,其特征在于,包括:An electronic device, characterized in that it comprises:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行权利要求1-5任一所述的方法。The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute the method according to any one of claims 1-5 .
  10. 一种非暂态计算机可读存储介质,其特征在于,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行权利要求1~5任一所述方法。A non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to make the computer execute the method described in any one of claims 1 to 5 .
PCT/CN2020/098268 2019-06-24 2020-06-24 Block chain-based data inspection method and apparatus WO2020259629A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910548845.7A CN110278211B (en) 2019-06-24 2019-06-24 Data inspection method and device based on block chain
CN201910548845.7 2019-06-24

Publications (1)

Publication Number Publication Date
WO2020259629A1 true WO2020259629A1 (en) 2020-12-30

Family

ID=67961738

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/098268 WO2020259629A1 (en) 2019-06-24 2020-06-24 Block chain-based data inspection method and apparatus

Country Status (2)

Country Link
CN (1) CN110278211B (en)
WO (1) WO2020259629A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112907248A (en) * 2021-03-25 2021-06-04 芝麻链(北京)科技有限公司 Data storage transaction method and transaction system based on block chain
CN112948898A (en) * 2021-03-31 2021-06-11 北京众享比特科技有限公司 Method for preventing application data from being tampered in block chain and security module
CN113220503A (en) * 2021-05-19 2021-08-06 中国银行股份有限公司 Processing method and system of co-constructed code backup library based on block chain
CN113255001A (en) * 2021-06-09 2021-08-13 湖北央中巨石信息技术有限公司 Block chain-based calculation accounting method, system, device and medium
CN113420085A (en) * 2021-06-07 2021-09-21 国网辽宁省电力有限公司信息通信分公司 Block chain-based power network safety storage method and supervision and inspection method
CN115221893A (en) * 2022-09-21 2022-10-21 中国电子信息产业集团有限公司 Quality inspection rule automatic configuration method and device based on rule and semantic analysis
CN115687527A (en) * 2022-11-09 2023-02-03 呼和浩特市大旗网络有限公司 Storage system based on block chain big data
CN115694841A (en) * 2022-11-09 2023-02-03 中煤科工集团信息技术有限公司 Block chain and IPFS network-based metadata circulation method and device and storage medium
CN116028990A (en) * 2023-03-30 2023-04-28 中国科学技术大学 Anti-tampering privacy protection log auditing method based on blockchain
CN116366678A (en) * 2023-06-02 2023-06-30 杭州端点网络科技有限公司 Dynamic data distributed storage system of data operation intelligent platform
CN116599971A (en) * 2023-05-15 2023-08-15 山东大学 Digital asset data storage and application method, system, equipment and storage medium

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278211B (en) * 2019-06-24 2023-04-07 深圳前海微众银行股份有限公司 Data inspection method and device based on block chain
CN112667855B (en) * 2019-10-15 2022-07-05 北京新唐思创教育科技有限公司 Block chain data management method, electronic device and computer storage medium
CN111177255A (en) * 2019-12-05 2020-05-19 中国铁道科学研究院集团有限公司电子计算技术研究所 Data consistency detection method and device, storage medium and server
CN111400772A (en) * 2020-03-06 2020-07-10 厦门区块链云科技有限公司 Distributed digital identity system based on block chain
CN111526047B (en) * 2020-04-15 2022-11-08 杭州溪塔科技有限公司 Block chain-based message queue design method and device
CN111523896B (en) * 2020-05-06 2023-05-30 杭州复杂美科技有限公司 Attack prevention method, apparatus and storage medium
CN111898155B (en) * 2020-06-19 2024-04-26 杭州鸽子蛋网络科技有限责任公司 Information storage method, information checking method and information storage and checking system
CN111666289A (en) * 2020-06-23 2020-09-15 中信银行股份有限公司 Data storage and query method and device, electronic equipment and readable storage medium
US12010244B2 (en) * 2020-11-09 2024-06-11 International Business Machines Corporation Blockchain based verifiability of user status
CN112765420A (en) * 2021-01-13 2021-05-07 湖北宸威玺链信息技术有限公司 Block chain-based error field data processing method, system, device and medium
CN114154192A (en) * 2021-11-25 2022-03-08 海信集团控股股份有限公司 Data processing method and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548091A (en) * 2016-10-14 2017-03-29 北京爱接力科技发展有限公司 A kind of data deposit card, the method and device of checking
CN108647361A (en) * 2018-05-21 2018-10-12 中国工商银行股份有限公司 A kind of date storage method, apparatus and system based on block chain
CN108733710A (en) * 2017-04-21 2018-11-02 北京京东尚科信息技术有限公司 Method, apparatus, electronic equipment and the readable medium of outsourcing data query verification
CN109684880A (en) * 2019-01-07 2019-04-26 江西金格科技股份有限公司 A kind of web data guard method based on block chain
US10325084B1 (en) * 2018-12-11 2019-06-18 block.one Systems and methods for creating a secure digital identity
CN110278211A (en) * 2019-06-24 2019-09-24 深圳前海微众银行股份有限公司 A kind of data checking method and device based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150012974A1 (en) * 2013-07-06 2015-01-08 Newvoicemedia, Ltd. System and methods for tamper proof interaction recording and timestamping
CN107040585B (en) * 2017-02-22 2020-06-19 创新先进技术有限公司 Service checking method and device
US10749879B2 (en) * 2017-08-31 2020-08-18 Topia Technology, Inc. Secure decentralized file sharing systems and methods
CN108446407B (en) * 2018-04-12 2021-04-30 北京百度网讯科技有限公司 Database auditing method and device based on block chain
CN109034833B (en) * 2018-06-16 2021-07-23 复旦大学 Product tracing information management system and method based on block chain
CN109146683A (en) * 2018-08-01 2019-01-04 江苏恒宝智能***技术有限公司 A kind of information management and Verification System using block chain
CN109657501B (en) * 2018-12-12 2020-07-03 杭州基尔区块链科技有限公司 Traceable anti-tampering chip research and development transaction data storage method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548091A (en) * 2016-10-14 2017-03-29 北京爱接力科技发展有限公司 A kind of data deposit card, the method and device of checking
CN108733710A (en) * 2017-04-21 2018-11-02 北京京东尚科信息技术有限公司 Method, apparatus, electronic equipment and the readable medium of outsourcing data query verification
CN108647361A (en) * 2018-05-21 2018-10-12 中国工商银行股份有限公司 A kind of date storage method, apparatus and system based on block chain
US10325084B1 (en) * 2018-12-11 2019-06-18 block.one Systems and methods for creating a secure digital identity
CN109684880A (en) * 2019-01-07 2019-04-26 江西金格科技股份有限公司 A kind of web data guard method based on block chain
CN110278211A (en) * 2019-06-24 2019-09-24 深圳前海微众银行股份有限公司 A kind of data checking method and device based on block chain

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112907248A (en) * 2021-03-25 2021-06-04 芝麻链(北京)科技有限公司 Data storage transaction method and transaction system based on block chain
CN112948898A (en) * 2021-03-31 2021-06-11 北京众享比特科技有限公司 Method for preventing application data from being tampered in block chain and security module
CN113220503A (en) * 2021-05-19 2021-08-06 中国银行股份有限公司 Processing method and system of co-constructed code backup library based on block chain
CN113220503B (en) * 2021-05-19 2024-04-16 中国银行股份有限公司 Processing method and system of co-built code backup library based on block chain
CN113420085A (en) * 2021-06-07 2021-09-21 国网辽宁省电力有限公司信息通信分公司 Block chain-based power network safety storage method and supervision and inspection method
CN113255001A (en) * 2021-06-09 2021-08-13 湖北央中巨石信息技术有限公司 Block chain-based calculation accounting method, system, device and medium
CN115221893A (en) * 2022-09-21 2022-10-21 中国电子信息产业集团有限公司 Quality inspection rule automatic configuration method and device based on rule and semantic analysis
CN115221893B (en) * 2022-09-21 2023-01-13 中国电子信息产业集团有限公司 Quality inspection rule automatic configuration method and device based on rule and semantic analysis
CN115694841A (en) * 2022-11-09 2023-02-03 中煤科工集团信息技术有限公司 Block chain and IPFS network-based metadata circulation method and device and storage medium
CN115687527B (en) * 2022-11-09 2023-10-10 北京北纬三十度网络科技有限公司 Storage system based on big data of block chain
CN115694841B (en) * 2022-11-09 2024-01-26 中煤科工集团信息技术有限公司 Metadata circulation method, device and storage medium based on blockchain and IPFS network
CN115687527A (en) * 2022-11-09 2023-02-03 呼和浩特市大旗网络有限公司 Storage system based on block chain big data
CN116028990A (en) * 2023-03-30 2023-04-28 中国科学技术大学 Anti-tampering privacy protection log auditing method based on blockchain
CN116599971A (en) * 2023-05-15 2023-08-15 山东大学 Digital asset data storage and application method, system, equipment and storage medium
CN116366678A (en) * 2023-06-02 2023-06-30 杭州端点网络科技有限公司 Dynamic data distributed storage system of data operation intelligent platform
CN116366678B (en) * 2023-06-02 2023-08-01 杭州端点网络科技有限公司 Dynamic data distributed storage system of data operation intelligent platform

Also Published As

Publication number Publication date
CN110278211B (en) 2023-04-07
CN110278211A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
WO2020259629A1 (en) Block chain-based data inspection method and apparatus
CN110912937B (en) Block chain-based digital certificate storage platform and certificate storage method
US11611441B2 (en) Decentralized database optimizations
US11841736B2 (en) Immutable logging of access requests to distributed file systems
US11637706B2 (en) Using a tree structure to segment and distribute records across one or more decentralized, acyclic graphs of cryptographic hash pointers
CN110543464B (en) Big data platform applied to intelligent park and operation method
US11444787B2 (en) Method and system for efficient distribution of configuration data utilizing permissioned blockchain technology
US20210209077A1 (en) Communicating fine-grained application database access to a third-party agent
CN111801927B (en) Method associated with industrial data verification and system that facilitates industrial data verification
CN111159769A (en) Building engineering cost supervision system and method based on block chain
EP3709568A1 (en) Deleting user data from a blockchain
KR20200084136A (en) System for auditing data access based on block chain and the method thereof
US11803461B2 (en) Validation of log files using blockchain system
CN106708859B (en) Resource access behavior auditing method and device
WO2020237874A1 (en) Project data verification method, device, computer apparatus and storage medium
CN114564757A (en) Data auditing method, device and equipment of block chain and readable storage medium
CN112214519A (en) Data query method, device, equipment and readable medium
CN110908910B (en) Block chain-based test monitoring method and device and readable storage medium
CN110347678B (en) Financial data storage method, system, device and equipment
CN117749344A (en) Power data cross-domain supervision method, system and storage medium based on blockchain
CN111885088A (en) Log monitoring method and device based on block chain
CN115934642A (en) Electronic archive inspection system, method, equipment and medium based on chain hash
CN113938491B (en) Instruction data traceable tamper-proof method and system based on block chain technology
CN114925044A (en) Data synchronization method, device and equipment based on cloud storage and storage medium
CN100555237C (en) Be used to detect and prevent the method and system of replay attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20833554

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20833554

Country of ref document: EP

Kind code of ref document: A1