CN110071802A - Data processing method and device suitable for block chain - Google Patents

Data processing method and device suitable for block chain Download PDF

Info

Publication number
CN110071802A
CN110071802A CN201910333894.9A CN201910333894A CN110071802A CN 110071802 A CN110071802 A CN 110071802A CN 201910333894 A CN201910333894 A CN 201910333894A CN 110071802 A CN110071802 A CN 110071802A
Authority
CN
China
Prior art keywords
protocol code
common recognition
message
node
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910333894.9A
Other languages
Chinese (zh)
Inventor
王虎
杨文韬
吉忠华
陈昌
唐凌
宣松涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Paper Internet Technology Co Ltd
Original Assignee
Xi'an Paper Internet Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Paper Internet Technology Co Ltd filed Critical Xi'an Paper Internet Technology Co Ltd
Priority to CN201910333894.9A priority Critical patent/CN110071802A/en
Publication of CN110071802A publication Critical patent/CN110071802A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention provides a kind of data processing method and device suitable for block chain, method includes: to obtain target data and destination request, preset common recognition protocol code is executed, the common recognition message for corresponding to destination request is generated, common recognition protocol code is placed in credible performing environment;Tls protocol code is executed common recognition message is encrypted, encrypted common recognition message is obtained, and executes Transmission Control Protocol code and encrypted common recognition message is packaged, is transferred to check-node, so that the check-node obtains common recognition message, confirmation message is issued according to common recognition message;After the confirmation message for receiving check-node, target data is generated into encryption file according to destination request and is stored, it is performed simultaneously common recognition protocol code, generate the storage request for corresponding to target data, it is transferred to check-node, the possibility for generating Byzantine fault in distributed system is eliminated, guarantees the confidentiality and integrity of data, alliance's block chain is made to can satisfy enterprise-level demand in security performance.

Description

适用于区块链的数据处理方法及装置Data processing method and device suitable for blockchain

技术领域technical field

本发明涉及计算机安全处理技术领域,尤其涉及一种适用于区块链的数据处理方法及装置。The present invention relates to the technical field of computer security processing, and in particular, to a data processing method and device suitable for blockchain.

背景技术Background technique

在分布式系统中,当节点发生错误时可能会导致整个系统的崩溃。节点发生错误可能是由于计算基础设施中不可预测的错误引起的,比如硬件故障导致计算机的宕机和不响应,也可能是由于人为的恶意操作所导致的。人为恶意的篡改协议程序、攻击操作系统的底层技术栈,以及硬件执行环境、拦截网络消息,修改消息等原因导致的系统错误我们称为拜占庭错误。为了预测人为的恶意行为,需要对分布式系统中的参与者进行建模和分析,但是在实际情况中,分布式系统中的相关参与者的信息通常是不完善并且是隐私的,这就使得拜占庭错误的数量很难确定。由于无法准确确定分布式系统中的拜占庭错误的数量,因此需要设计能够尽可能多的处理拜占庭错误的一致性算法。Paxos算法和Raft算法被提出用于解决分布式系统一致性的问题,但是没有考虑系统中存在拜占庭错误,即没有考虑分布式系统中存在恶意节点的情况。PBFT算法的提出使得分布式系统可以容忍不超过1/3的恶意节点。但是如果在分布式系统中存在的恶意节点超过总节点的1/3,恶意攻击者仍然可以通过篡改代码或者数据来破坏系统的安全性,对系统造成严重损坏。In a distributed system, when a node fails, it can lead to the collapse of the entire system. Node errors can be caused by unpredictable errors in the computing infrastructure, such as hardware failures that cause computers to crash and become unresponsive, or by malicious human operations. System errors caused by malicious tampering with protocol programs, attacking the underlying technology stack of the operating system, hardware execution environment, intercepting network messages, and modifying messages are called Byzantine errors. In order to predict man-made malicious behavior, it is necessary to model and analyze the participants in the distributed system, but in practical situations, the information of the relevant participants in the distributed system is usually imperfect and private, which makes the The number of Byzantine errors is difficult to determine. Since the number of Byzantine errors in a distributed system cannot be accurately determined, it is necessary to design a consensus algorithm that can handle as many Byzantine errors as possible. The Paxos algorithm and the Raft algorithm are proposed to solve the problem of distributed system consistency, but they do not consider the existence of Byzantine errors in the system, that is, do not consider the existence of malicious nodes in the distributed system. The proposed PBFT algorithm makes the distributed system tolerate no more than 1/3 of malicious nodes. However, if the malicious nodes in the distributed system exceed 1/3 of the total nodes, malicious attackers can still damage the security of the system by tampering with code or data, causing serious damage to the system.

发明内容SUMMARY OF THE INVENTION

针对现有技术存在的问题,本发明实施例提供一种适用于区块链的数据处理方法及装置。In view of the problems existing in the prior art, the embodiments of the present invention provide a data processing method and apparatus suitable for a blockchain.

本发明实施例提供一种适用于区块链的数据处理方法,包括:An embodiment of the present invention provides a data processing method suitable for a blockchain, including:

目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;The target node obtains the target data and the target request, executes the preset consensus protocol code, and generates a consensus message corresponding to the target request, and the consensus protocol code is placed in a trusted execution environment;

执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;Execute the preset TLS protocol code to encrypt the consensus message, obtain the encrypted consensus message, and execute the preset TCP protocol code to encapsulate the encrypted consensus message, and transmit it to the check node, so that the said consensus message is encapsulated. The check node obtains a consensus message, sends out a confirmation message according to the consensus message, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment;

接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;After receiving the confirmation message from the check node, generate and store the target data into an encrypted file according to the target request, and execute the consensus protocol code at the same time to generate a storage request corresponding to the target data;

执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。Execute the TLS protocol code to encrypt the storage request, obtain the encrypted storage request, and execute the TCP protocol code to encapsulate the encrypted storage request, and transmit it to the verification node, so that the verification The node obtains the storage request, and generates an encrypted file from the target data and stores it according to the storage request.

本发明实施例提供一种适用于区块链的数据处理方法,包括:An embodiment of the present invention provides a data processing method suitable for a blockchain, including:

校验节点获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;The check node obtains the encapsulated and encrypted consensus message, executes the preset TCP protocol code to decapsulate to obtain the encrypted consensus message, and executes the preset TLS protocol code to decrypt to obtain the consensus message, which is the target node to obtain the target. data and target request, execute the preset consensus protocol code, and generate a consensus message corresponding to the target request, wherein the consensus protocol code is placed in a trusted execution environment, and the TLS protocol code is placed in a trusted execution environment In, the TCP protocol code is placed outside the trusted execution environment;

根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;A confirmation message is sent out according to the consensus message, so that after the target node receives the confirmation message from the check node, an encrypted file is generated and stored for the target data according to the target request, and at the same time, the consensus protocol code is executed to generate a corresponding a storage request for the target data;

获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;Obtain the encapsulated and encrypted storage request, execute the TCP protocol code decapsulation to obtain the encrypted storage request, and execute the TLS protocol code decryption to obtain the storage request;

根据存储请求将所述目标数据生成加密文件并存储。An encrypted file is generated from the target data according to the storage request and stored.

本发明实施例提供一种适用于区块链的数据处理装置,包括:An embodiment of the present invention provides a data processing device suitable for a blockchain, including:

生成模块,用于获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;a generation module, configured to obtain target data and target request, execute preset consensus protocol code, generate a consensus message corresponding to the target request, and place the consensus protocol code in a trusted execution environment;

传输模块,用于执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;The transmission module is used to execute the preset TLS protocol code to encrypt the consensus message, obtain the encrypted consensus message, and execute the preset TCP protocol code to encapsulate the encrypted consensus message and transmit it to the check node , so that the check node obtains a consensus message, sends out a confirmation message according to the consensus message, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment;

第一存储模块,用于接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;The first storage module is used to generate and store the encrypted file of the target data according to the target request after receiving the confirmation message of the check node, and execute the consensus protocol code at the same time to generate a corresponding file corresponding to the target data. storage request;

请求模块,用于执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。A request module, configured to execute the TLS protocol code to encrypt the storage request, obtain the encrypted storage request, and execute the TCP protocol code to encapsulate the encrypted storage request, and transmit it to the check node to obtain an encrypted storage request. The check node is made to obtain a storage request, and according to the storage request, an encrypted file is generated from the target data and stored.

本发明实施例提供一种适用于区块链的数据处理装置,包括:An embodiment of the present invention provides a data processing device suitable for a blockchain, including:

第一获取模块,用于获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;The first obtaining module is used to obtain the encapsulated and encrypted consensus message, execute the preset TCP protocol code decapsulation to obtain the encrypted consensus message, and execute the preset TLS protocol code decryption to obtain the consensus message, and the consensus message is The target node obtains the target data and the target request, executes the preset consensus protocol code, and generates a consensus message corresponding to the target request, wherein the consensus protocol code is placed in a trusted execution environment, and the TLS protocol code is placed in the trusted execution environment. In the trusted execution environment, the TCP protocol code is placed outside the trusted execution environment;

确认模块,用于根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;A confirmation module, configured to send out a confirmation message according to the consensus message, so that after the target node receives the confirmation message from the check node, generate an encrypted file according to the target request and store the target data, and execute the consensus at the same time protocol code, generating a storage request corresponding to the target data;

第二获取模块,用于获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;The second obtaining module is used to obtain the encapsulated and encrypted storage request, execute the TCP protocol code decapsulation to obtain the encrypted storage request, and execute the TLS protocol code decryption to obtain the storage request;

第二存储模块,用于根据存储请求将所述目标数据生成加密文件并存储。The second storage module is configured to generate and store an encrypted file from the target data according to the storage request.

本发明实施例提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述适用于区块链的数据处理方法的步骤。An embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor implements the data applicable to the blockchain as described above when the processor executes the program The steps of the processing method.

本发明实施例提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述适用于区块链的数据处理方法的步骤。Embodiments of the present invention provide a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above-mentioned data processing method applicable to a blockchain.

本发明实施例提供的适用于区块链的数据处理方法及装置,通过将共识协议代码置于可信执行环境中运行,以及执行环境中的TLS协议完成消息加密,致使攻击者无法篡改可信执行环境中的程序代码和数据,消除了分布式系统中产生拜占庭错误的可能,保证数据的机密性和完整性,使联盟区块链在安全性能上可以满足企业级需求。The data processing method and device suitable for blockchain provided by the embodiments of the present invention run the consensus protocol code in a trusted execution environment, and the TLS protocol in the execution environment completes message encryption, so that an attacker cannot tamper with the trusted execution environment. The program code and data in the execution environment eliminate the possibility of Byzantine errors in the distributed system, ensure the confidentiality and integrity of the data, and enable the consortium blockchain to meet enterprise-level needs in terms of security performance.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1为本发明适用于区块链的数据处理方法实施例流程图;FIG. 1 is a flowchart of an embodiment of a data processing method applicable to a blockchain according to the present invention;

图2为本发明适用于区块链的数据处理方法实施例流程图;FIG. 2 is a flowchart of an embodiment of a data processing method applicable to a blockchain according to the present invention;

图3为本发明适用于区块链的数据处理装置实施例结构图;FIG. 3 is a structural diagram of an embodiment of a data processing device suitable for blockchain according to the present invention;

图4为本发明适用于区块链的数据处理装置实施例结构图;4 is a structural diagram of an embodiment of a data processing device suitable for blockchain according to the present invention;

图5为本发明电子设备实施例结构图;5 is a structural diagram of an embodiment of an electronic device of the present invention;

图6为本发明电子设备实施例结构图。FIG. 6 is a structural diagram of an embodiment of an electronic device of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

图1示出了本发明一实施例提供的一种适用于区块链的数据处理方法,包括:FIG. 1 shows a data processing method applicable to a blockchain provided by an embodiment of the present invention, including:

S11、目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;S11, the target node obtains the target data and the target request, executes the preset consensus protocol code, and generates a consensus message corresponding to the target request, and the consensus protocol code is placed in a trusted execution environment;

S12、执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;S12. Execute the preset TLS protocol code to encrypt the consensus message, obtain the encrypted consensus message, and execute the preset TCP protocol code to encapsulate the encrypted consensus message and transmit it to the check node, so that the encrypted consensus message is encapsulated by the preset TCP protocol code. The check node obtains a consensus message, sends a confirmation message according to the consensus message, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment;

S13、接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;S13. After receiving the confirmation message from the check node, generate and store the target data into an encrypted file according to the target request, and execute the consensus protocol code at the same time to generate a storage request corresponding to the target data;

S14、执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。S14. Execute the TLS protocol code to encrypt the storage request, obtain an encrypted storage request, and execute the TCP protocol code to encapsulate the encrypted storage request, and transmit it to the check node, so that the The check node obtains the storage request, and generates an encrypted file from the target data and stores it according to the storage request.

针对步骤S11,需要说明的是,在本发明实施例中,所述方法用于在区块链领域中抵抗拜占庭错误的故障容错。区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的应用模式。区块链本质上是一个去中心化的数据库,能够实现各处理节点之间的数据共享。在这里,为了清楚的阐述所述方法,本实施例中以其中一个处理节点作为目标节点,其他处理节点作为校验节点进行阐述。Regarding step S11, it should be noted that, in the embodiment of the present invention, the method is used for fault tolerance against Byzantine errors in the blockchain field. Blockchain is an application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. The blockchain is essentially a decentralized database that enables data sharing among processing nodes. Here, in order to clearly describe the method, in this embodiment, one of the processing nodes is used as the target node, and the other processing nodes are used as the check nodes for description.

在本发明实施例中,由于可信执行环境(TEE)能够保障关键代码和数据的机密性和完整性。故在本发明实施例中,将共识协议代码置于可信执行环境中。共识协议代码包括Raft协议、PBFT协议或Pow协议,但不局限于此。共识协议代码置于可信执行环境中,攻击者便无法对代码进行获取或篡改。但是攻击者却可以把篡改后的代码编译后,放在可信执行环境中执行。为了检测出这种篡改,需要通过获取校验节点发送的共识协议代码,判断各节点预置的共识协议代码是否相同,并在确定各节点预置的共识协议代码相同时,获取目标数据和目标请求。另外,需要说明的是,可以以外置的验证平台对各个节点预置的共识协议代码判断是否相同。In this embodiment of the present invention, the confidentiality and integrity of key codes and data can be guaranteed due to the Trusted Execution Environment (TEE). Therefore, in the embodiment of the present invention, the consensus protocol code is placed in a trusted execution environment. The consensus protocol code includes Raft protocol, PBFT protocol or Pow protocol, but is not limited to this. The consensus protocol code is placed in a trusted execution environment, and attackers cannot obtain or tamper with the code. However, an attacker can compile the tampered code and execute it in a trusted execution environment. In order to detect this kind of tampering, it is necessary to obtain the consensus protocol code sent by the check node to determine whether the preset consensus protocol code of each node is the same, and when it is determined that the preset consensus protocol code of each node is the same, obtain the target data and target ask. In addition, it should be noted that an external verification platform can be used to judge whether the consensus protocol codes preset by each node are the same.

在本发明实施例中,目标节点获取目标数据和目标请求。如:目标数据为“A”,目标请求为“请将A写入硬盘”。In the embodiment of the present invention, the target node obtains target data and target request. For example, the target data is "A", and the target request is "Please write A to the hard disk".

目标节点执行所述共识协议代码,生成对应于所述目标请求的共识消息。如:共识消息为“请准备将A写入硬盘”。所述共识消息是用于向其他校验节点发送,以达成与各校验节点的共识。The target node executes the consensus protocol code to generate a consensus message corresponding to the target request. For example, the consensus message is "Please prepare to write A to the hard disk". The consensus message is used to send to other check nodes to reach a consensus with each check node.

针对步骤S12,需要说明的是,在本发明实施例中,目标节点与校验节点之间存在数据传输。在传输过程中,攻击者容易对通信部分的代码篡改这,生成错误的数据。为了使攻击者无法伪造消息,可以把消息加密。执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息。在这里,所述TLS协议代码置于可信执行环境中。实际上可以只将加密所需要的非对称和对称密钥保存在可信执行环境中,攻击者也无法获取。Regarding step S12, it should be noted that, in this embodiment of the present invention, there is data transmission between the target node and the check node. During the transmission process, it is easy for an attacker to tamper with the code of the communication part and generate erroneous data. In order to make it impossible for attackers to forge the message, the message can be encrypted. Execute the preset TLS protocol code to encrypt the consensus message to obtain the encrypted consensus message. Here, the TLS protocol code is placed in a trusted execution environment. In fact, only the asymmetric and symmetric keys required for encryption can be kept in the trusted execution environment, and attackers cannot obtain them.

在传输层,由目标节点向校验节点传输消息。执行预置的TCP协议代码对加密后的共识消息进行封装,获得TCP数据包,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息。其中,所述TCP协议代码置于可信执行环境外。致使攻击者控制了非可信执行环境中的TCP数据包,也无法伪造出合法的TLS数据包。At the transport layer, the target node transmits the message to the check node. Execute the preset TCP protocol code to encapsulate the encrypted consensus message, obtain a TCP data packet, and transmit it to the check node, so that the check node obtains the consensus message and sends out the confirmation message according to the consensus message. Wherein, the TCP protocol code is placed outside the trusted execution environment. As a result, the attacker controls the TCP data packets in the untrusted execution environment, and cannot forge legitimate TLS data packets.

在本发明实施例中,校验节点获取到TCP数据包后,执行TCP协议代码对数据包进行解封,获取加密后的共识消息。然后执行预置的TLS协议代码解密获得共识消息,并根据共识消息发出确认消息。如:确认消息为“已准备好将A写入硬盘”。In the embodiment of the present invention, after obtaining the TCP data packet, the check node executes the TCP protocol code to decapsulate the data packet, and obtains the encrypted consensus message. Then execute the preset TLS protocol code decryption to obtain a consensus message, and issue a confirmation message according to the consensus message. For example: the confirmation message is "ready to write A to the hard disk".

针对步骤S13,需要说明的是,在本发明实施例中,当各个校验节点都向目标节点反馈确认消息后,目标节点则会根据所述目标请求将所述目标数据生成加密文件并存储。如:将“A”进行加密成“akj23lc45”,写入硬盘。另外,当个别校验节点出现故障未向目标节点反馈确认信息,只要系统中发生故障的节点数量不超过1/2,共识协议可以保证系统的安全性和可用性。在本发明实施例中,由于需达到各个节点的一致性,故目标节点在存储目标数据后,会同时执行所述共识协议代码,生成对应于所述目标数据的存储请求。所述存储请求包括目标数据和存储消息。如:存储消息为“允许将A写入硬盘”。Regarding step S13, it should be noted that, in this embodiment of the present invention, after each check node feeds back a confirmation message to the target node, the target node will generate and store the target data into an encrypted file according to the target request. For example, encrypt "A" into "akj23lc45" and write it to the hard disk. In addition, when an individual check node fails and fails to feed back confirmation information to the target node, as long as the number of failed nodes in the system does not exceed 1/2, the consensus protocol can ensure the security and availability of the system. In the embodiment of the present invention, since the consistency of each node needs to be achieved, after storing the target data, the target node will simultaneously execute the consensus protocol code to generate a storage request corresponding to the target data. The storage request includes target data and a storage message. For example: the storage message is "Allow A to be written to the hard disk".

针对步骤S14,需要说明的是,在本发明实施例中,执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。如:将“A”进行加密成“kop28qw15”,写入硬盘。With respect to step S14, it should be noted that in this embodiment of the present invention, the TLS protocol code is executed to encrypt the storage request, an encrypted storage request is obtained, and the TCP protocol code is executed to encrypt the storage request. The request is encapsulated and transmitted to the check node, so that the check node obtains a storage request, and generates an encrypted file from the target data and stores it according to the storage request. For example, encrypt "A" into "kop28qw15" and write it to the hard disk.

本发明实施例提供的一种适用于区块链的数据处理方法,通过将共识协议代码置于可信执行环境中运行,以及执行环境中的TLS协议完成消息加密,使攻击者无法篡改可信执行环境中的程序代码和数据,消除了分布式系统中产生拜占庭错误的可能,保证数据的机密性和完整性,使联盟区块链在安全性能上可以满足企业级需求。A data processing method suitable for blockchain provided by the embodiment of the present invention, by placing the consensus protocol code in a trusted execution environment to run, and the TLS protocol in the execution environment completes message encryption, so that attackers cannot tamper with the trusted execution environment. The program code and data in the execution environment eliminate the possibility of Byzantine errors in the distributed system, ensure the confidentiality and integrity of the data, and enable the consortium blockchain to meet enterprise-level needs in terms of security performance.

图2示出了本发明一实施例提供的一种适用于区块链的数据处理方法,包括:FIG. 2 shows a data processing method applicable to a blockchain provided by an embodiment of the present invention, including:

S21、校验节点获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;S21. The check node obtains the encapsulated and encrypted consensus message, executes the preset TCP protocol code decapsulation to obtain the encrypted consensus message, and executes the preset TLS protocol code decryption to obtain the consensus message, where the consensus message is the target node Obtain target data and target request, execute preset consensus protocol code, and generate a consensus message corresponding to the target request, wherein the consensus protocol code is placed in a trusted execution environment, and the TLS protocol code is placed in a trusted execution environment In the execution environment, the TCP protocol code is placed outside the trusted execution environment;

S22、根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;S22. Send a confirmation message according to the consensus message, so that after the target node receives the confirmation message from the check node, generate an encrypted file according to the target request and store the target data, and execute the consensus protocol code at the same time, generating a storage request corresponding to the target data;

S23、获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;S23, obtain the encapsulated and encrypted storage request, execute the TCP protocol code decapsulation to obtain the encrypted storage request, and execute the TLS protocol code decryption to obtain the storage request;

S24、根据存储请求将所述目标数据生成加密文件并存储。S24. Generate and store the target data into an encrypted file according to the storage request.

针对本发明实施例,所述方法的执行主体是校验节点,对于校验节点的处理过程在上述实施例中有所解释说明,并且上述实施例也阐述了与校验节点交互的目标节点的处理过程,在此不再赘述。According to the embodiment of the present invention, the execution body of the method is the check node, and the processing process of the check node is explained in the above-mentioned embodiment, and the above-mentioned embodiment also describes the processing of the target node interacting with the check node. The processing process will not be repeated here.

本发明实施例提供的一种适用于区块链的数据处理方法,通过将共识协议代码置于可信执行环境中运行,以及执行环境中的TLS协议完成消息加密,使攻击者无法篡改可信执行环境中的程序代码和数据,消除了分布式系统中产生拜占庭错误的可能,保证数据的机密性和完整性,使联盟区块链在安全性能上可以满足企业级需求。A data processing method suitable for blockchain provided by the embodiment of the present invention, by placing the consensus protocol code in a trusted execution environment to run, and the TLS protocol in the execution environment completes message encryption, so that attackers cannot tamper with the trusted execution environment. The program code and data in the execution environment eliminate the possibility of Byzantine errors in the distributed system, ensure the confidentiality and integrity of the data, and enable the consortium blockchain to meet enterprise-level needs in terms of security performance.

图3示出了本发明一实施例提供的一种适用于区块链的数据处理装置,包括生成模块31、传输模块32、第一存储模块33和请求模块34,其中:3 shows a data processing device suitable for blockchain provided by an embodiment of the present invention, including a generation module 31, a transmission module 32, a first storage module 33, and a request module 34, wherein:

生成模块31,用于获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;The generating module 31 is used to obtain target data and target request, execute preset consensus protocol code, and generate a consensus message corresponding to the target request, and the consensus protocol code is placed in a trusted execution environment;

传输模块32,用于执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;The transmission module 32 is configured to execute the preset TLS protocol code to encrypt the consensus message, obtain the encrypted consensus message, and execute the preset TCP protocol code to encapsulate the encrypted consensus message, and transmit it to the verification node, so that the check node obtains a consensus message, sends a confirmation message according to the consensus message, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment;

第一存储模块33,用于接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;The first storage module 33 is configured to, after receiving the confirmation message from the check node, generate and store the target data into an encrypted file according to the target request, and execute the consensus protocol code at the same time to generate the target data corresponding to the target data. storage requests;

请求模块34,用于执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。The request module 34 is configured to execute the TLS protocol code to encrypt the storage request, obtain the encrypted storage request, and execute the TCP protocol code to encapsulate the encrypted storage request, and transmit it to the check node, so that the check node obtains a storage request, and generates an encrypted file from the target data and stores it according to the storage request.

由于本发明实施例所述装置与上述实施例所述方法的原理相同,对于更加详细的解释内容在此不再赘述。Since the principle of the apparatus described in the embodiment of the present invention is the same as that of the method described in the foregoing embodiment, more detailed explanations are not repeated here.

需要说明的是,本发明实施例中可以通过硬件处理器(hardware processor)来实现相关功能模块。It should be noted that, in the embodiments of the present invention, relevant functional modules may be implemented by a hardware processor (hardware processor).

本发明实施例提供的一种适用于区块链的数据处理装置,通过将共识协议代码置于可信执行环境中运行,以及执行环境中的TLS协议完成消息加密,使攻击者无法篡改可信执行环境中的程序代码和数据,消除了分布式系统中产生拜占庭错误的可能,保证数据的机密性和完整性,使联盟区块链在安全性能上可以满足企业级需求。A data processing device suitable for a blockchain provided by an embodiment of the present invention operates by placing the consensus protocol code in a trusted execution environment, and the TLS protocol in the execution environment completes message encryption, so that attackers cannot tamper with the trusted execution environment. The program code and data in the execution environment eliminate the possibility of Byzantine errors in the distributed system, ensure the confidentiality and integrity of the data, and enable the consortium blockchain to meet enterprise-level needs in terms of security performance.

图4示出了本发明一实施例提供的一种适用于区块链的数据处理装置,包括第一获取模块41、确认模块42、第二获取模块43和第二存储模块44,其中:4 shows a data processing device suitable for blockchain provided by an embodiment of the present invention, including a first acquisition module 41, a confirmation module 42, a second acquisition module 43, and a second storage module 44, wherein:

第一获取模块41,用于获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;The first obtaining module 41 is used to obtain the encapsulated and encrypted consensus message, execute the preset TCP protocol code decapsulation to obtain the encrypted consensus message, and execute the preset TLS protocol code decryption to obtain the consensus message, the consensus message Obtain the target data and the target request for the target node, execute the preset consensus protocol code, and generate a consensus message corresponding to the target request, wherein the consensus protocol code is placed in a trusted execution environment, and the TLS protocol code is placed in the trusted execution environment. In a trusted execution environment, the TCP protocol code is placed outside the trusted execution environment;

确认模块42,用于根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;The confirmation module 42 is configured to send out a confirmation message according to the consensus message, so that after the target node receives the confirmation message of the check node, according to the target request, generate and store the target data into an encrypted file, and execute the consensus protocol code, generating a storage request corresponding to the target data;

第二获取模块43,用于获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;The second obtaining module 43 is used to obtain the encapsulated and encrypted storage request, execute the TCP protocol code decapsulation to obtain the encrypted storage request, and execute the TLS protocol code decryption to obtain the storage request;

第二存储模块44,用于根据存储请求将所述目标数据生成加密文件并存储。The second storage module 44 is configured to generate and store an encrypted file from the target data according to the storage request.

由于本发明实施例所述装置与上述实施例所述方法的原理相同,对于更加详细的解释内容在此不再赘述。Since the principle of the apparatus described in the embodiment of the present invention is the same as that of the method described in the foregoing embodiment, more detailed explanations are not repeated here.

需要说明的是,本发明实施例中可以通过硬件处理器(hardware processor)来实现相关功能模块。It should be noted that, in the embodiments of the present invention, relevant functional modules may be implemented by a hardware processor (hardware processor).

本发明实施例提供的一种适用于区块链的数据处理装置,通过将共识协议代码置于可信执行环境中运行,以及执行环境中的TLS协议完成消息加密,使攻击者无法篡改可信执行环境中的程序代码和数据,消除了分布式系统中产生拜占庭错误的可能,保证数据的机密性和完整性,使联盟区块链在安全性能上可以满足企业级需求。A data processing device suitable for a blockchain provided by an embodiment of the present invention operates by placing the consensus protocol code in a trusted execution environment, and the TLS protocol in the execution environment completes message encryption, so that attackers cannot tamper with the trusted execution environment. The program code and data in the execution environment eliminate the possibility of Byzantine errors in the distributed system, ensure the confidentiality and integrity of the data, and enable the consortium blockchain to meet enterprise-level needs in terms of security performance.

图5示例了一种电子设备的实体结构示意图,如图5所示,该电子设备可以包括:处理器(processor)51、通信接口(Communications Interface)52、存储器(memory)53和通信总线54,其中,处理器51,通信接口52,存储器53通过通信总线54完成相互间的通信。处理器51可以调用存储器53中的逻辑指令,以执行如下方法:获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。FIG. 5 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG. 5 , the electronic device may include: a processor (processor) 51, a communication interface (Communications Interface) 52, a memory (memory) 53 and a communication bus 54, The processor 51 , the communication interface 52 , and the memory 53 communicate with each other through the communication bus 54 . The processor 51 can call the logic instructions in the memory 53 to perform the following method: obtain the target data and the target request, execute the preset consensus protocol code, and generate a consensus message corresponding to the target request, and the consensus protocol code is placed in the In a trusted execution environment; execute the preset TLS protocol code to encrypt the consensus message, obtain the encrypted consensus message, execute the preset TCP protocol code to encapsulate the encrypted consensus message, and transmit it to the verification node, so that the check node obtains a consensus message, sends out a confirmation message according to the consensus message, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment; After verifying the confirmation message of the node, according to the target request, the target data is generated into an encrypted file and stored, and the consensus protocol code is executed at the same time to generate a storage request corresponding to the target data; Encrypt the storage request, obtain the encrypted storage request, and execute the TCP protocol code to encapsulate the encrypted storage request, and transmit it to the check node, so that the check node obtains the storage request, according to the storage request. The target data is generated into an encrypted file and stored.

此外,上述的存储器53中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory 53 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

本发明实施例还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各实施例提供的传输方法,例如包括:获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,所述共识协议代码置于可信执行环境中;执行预置的TLS协议代码对所述共识消息进行加密处理,获得加密后的共识消息,并执行预置的TCP协议代码对加密后的共识消息进行封装,传输给校验节点,以使所述校验节点获得共识消息,根据共识消息发出确认消息,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;执行所述TLS协议代码对所述存储请求进行加密处理,获得加密后的存储请求,并执行所述TCP协议代码对加密后的存储请求进行封装,传输给校验节点,以使所述校验节点获得存储请求,根据存储请求将所述目标数据生成加密文件并存储。Embodiments of the present invention further provide a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, is implemented to execute the transmission methods provided by the foregoing embodiments, for example, including: acquiring target data and target request, execute the preset consensus protocol code, generate a consensus message corresponding to the target request, the consensus protocol code is placed in a trusted execution environment; execute the preset TLS protocol code to encrypt the consensus message process, obtain the encrypted consensus message, and execute the preset TCP protocol code to encapsulate the encrypted consensus message, and transmit it to the check node, so that the check node obtains the consensus message, and sends out the confirmation message according to the consensus message, The TLS protocol code is placed in the trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment; after receiving the confirmation message from the check node, the target data is generated according to the target request. An encrypted file and store, and execute the consensus protocol code at the same time to generate a storage request corresponding to the target data; execute the TLS protocol code to encrypt the storage request, obtain the encrypted storage request, and execute the TCP protocol The code encapsulates the encrypted storage request and transmits it to the check node, so that the check node obtains the storage request, and generates and stores the encrypted file from the target data according to the storage request.

图6示例了一种电子设备的实体结构示意图,如图6所示,该电子设备可以包括:处理器(processor)61、通信接口(Communications Interface)62、存储器(memory)63和通信总线64,其中,处理器61,通信接口62,存储器63通过通信总线64完成相互间的通信。处理器61可以调用存储器63中的逻辑指令,以执行如下方法:获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;根据存储请求将所述目标数据生成加密文件并存储。FIG. 6 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG. 6 , the electronic device may include: a processor (processor) 61, a communication interface (Communications Interface) 62, a memory (memory) 63 and a communication bus 64, The processor 61 , the communication interface 62 , and the memory 63 communicate with each other through the communication bus 64 . The processor 61 can call the logic instructions in the memory 63 to execute the following method: obtain the encapsulated and encrypted consensus message, execute the preset TCP protocol code to decapsulate the encrypted consensus message, and execute the preset TLS protocol code Decrypt to obtain a consensus message, the consensus message is that the target node obtains target data and target request, executes the preset consensus protocol code, and generates a consensus message corresponding to the target request, wherein the consensus protocol code is placed in trusted execution. In the environment, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol code is placed outside the trusted execution environment; a confirmation message is sent according to the consensus message, so that the target node receives the confirmation of the check node After the message, according to the target request, the target data is generated into an encrypted file and stored, and the consensus protocol code is executed at the same time to generate a storage request corresponding to the target data; the encapsulated and encrypted storage request is obtained, and the described The encrypted storage request is obtained by decapsulating the TCP protocol code, and the TLS protocol code is decrypted to obtain the storage request; according to the storage request, the target data is generated into an encrypted file and stored.

此外,上述的存储器53中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory 53 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

本发明实施例还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各实施例提供的传输方法,例如包括:获取封装且加密后的共识消息,执行预置的TCP协议代码解封获得加密后的共识消息,并执行预置的TLS协议代码解密获得共识消息,所述共识消息为目标节点获取目标数据和目标请求,执行预置的共识协议代码,生成对应于所述目标请求的共识消息,其中,所述共识协议代码置于可信执行环境中,所述TLS协议代码置于可信执行环境中,所述TCP协议代码置于可信执行环境外;根据共识消息发出确认消息,以使所述目标节点接收所述校验节点的确认消息后,根据所述目标请求将所述目标数据生成加密文件并存储,同时执行所述共识协议代码,生成对应于所述目标数据的存储请求;获取封装且加密后的存储请求,执行所述TCP协议代码解封获得加密后的存储请求,并执行所述TLS协议代码解密获得存储请求;根据存储请求将所述目标数据生成加密文件并存储。Embodiments of the present invention further provide a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, is implemented to execute the transmission methods provided by the foregoing embodiments, for example, including: obtaining a package and The encrypted consensus message is decrypted by executing the preset TCP protocol code to obtain the encrypted consensus message, and the preset TLS protocol code is decrypted to obtain the consensus message. The consensus message is that the target node obtains the target data and the target request, and executes The preset consensus protocol code generates a consensus message corresponding to the target request, wherein the consensus protocol code is placed in a trusted execution environment, the TLS protocol code is placed in a trusted execution environment, and the TCP protocol The code is placed outside the trusted execution environment; a confirmation message is sent according to the consensus message, so that after the target node receives the confirmation message from the check node, the target data is generated and stored according to the target request. Execute the consensus protocol code to generate a storage request corresponding to the target data; obtain the encapsulated and encrypted storage request, execute the TCP protocol code decapsulation to obtain the encrypted storage request, and execute the TLS protocol code decryption A storage request is obtained; an encrypted file is generated from the target data and stored according to the storage request.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. a kind of data processing method suitable for block chain characterized by comprising
Destination node obtains target data and destination request, executes preset common recognition protocol code, generates and corresponds to the target The common recognition message of request, the common recognition protocol code are placed in credible performing environment;
It executes preset tls protocol code the common recognition message is encrypted, obtains encrypted common recognition message, and hold The preset Transmission Control Protocol code of row is packaged encrypted common recognition message, check-node is transferred to, so that the check-node Common recognition message is obtained, confirmation message is issued according to common recognition message, the tls protocol code is placed in credible performing environment, described Transmission Control Protocol code is placed in outside credible performing environment;
After the confirmation message for receiving the check-node, the target data is generated simultaneously by encryption file according to the destination request Storage is performed simultaneously the common recognition protocol code, generates the storage request for corresponding to the target data;
It executes the tls protocol code storage request is encrypted, obtains encrypted storage request, and execute The Transmission Control Protocol code is packaged encrypted storage request, is transferred to check-node, so that the check-node obtains The target data is generated encryption file according to storage request and stored by storage request.
2. the data processing method according to claim 1 suitable for block chain, which is characterized in that further include: obtain school The common recognition protocol code for testing node transmission, judges whether the preset common recognition protocol code of each node is identical, and determining each node When preset common recognition protocol code is identical, target data and destination request are obtained.
3. a kind of data processing method suitable for block chain characterized by comprising
Check-node obtains encapsulation and encrypted common recognition message, and it is encrypted to execute preset Transmission Control Protocol code deblocking acquisition Common recognition message, and execute preset tls protocol code decryption and obtain common recognition message, the common recognition message is that destination node obtains mesh Data and destination request are marked, preset common recognition protocol code is executed, generates the common recognition message for corresponding to the destination request, In, the common recognition protocol code is placed in credible performing environment, and the tls protocol code is placed in credible performing environment, described Transmission Control Protocol code is placed in outside credible performing environment;
Confirmation message is issued according to common recognition message, so that after the destination node receives the confirmation message of the check-node, root The target data is generated into encryption file according to the destination request and is stored, the common recognition protocol code is performed simultaneously, is generated Storage corresponding to the target data is requested;
It obtains encapsulation and encrypted storage is requested, execute the Transmission Control Protocol code deblocking and obtain encrypted storage request, and It executes the tls protocol code decryption and obtains storage request;
The target data is generated into encryption file according to storage request and is stored.
4. the data processing method according to claim 3 suitable for block chain, which is characterized in that further include: Xiang Suoshu Destination node send common recognition protocol code so that the destination node judge the preset common recognition protocol code of each node whether phase Together, and when determining that the preset common recognition protocol code of each node is identical, target data and destination request are obtained.
5. a kind of data processing equipment suitable for block chain characterized by comprising
Generation module executes preset common recognition protocol code, generates described in corresponding to for obtaining target data and destination request The common recognition message of destination request, the common recognition protocol code are placed in credible performing environment;
Transmission module is encrypted the common recognition message for executing preset tls protocol code, obtains encrypted Common recognition message, and execute preset Transmission Control Protocol code and encrypted common recognition message is packaged, it is transferred to check-node, with So that the check-node is obtained common recognition message, confirmation message is issued according to common recognition message, the tls protocol code is placed in credible hold In row environment, the Transmission Control Protocol code is placed in outside credible performing environment;
First memory module, after the confirmation message for receiving the check-node, according to the destination request by the target Data generate encryption file and store, and are performed simultaneously the common recognition protocol code, generate the storage for corresponding to the target data Request;
Request module is encrypted storage request for executing the tls protocol code, obtains encrypted deposit Storage request, and execute the Transmission Control Protocol code and encrypted storage request is packaged, it is transferred to check-node, so that institute It states check-node and obtains storage request, the target data is generated by encryption file according to storage request and is stored.
6. a kind of data processing equipment suitable for block chain characterized by comprising
First obtains module, for obtaining encapsulation and encrypted common recognition message, executes preset Transmission Control Protocol code deblocking and obtains Encrypted common recognition message, and execute preset tls protocol code decryption and obtain common recognition message, the common recognition message is target section Point obtains target data and destination request, executes preset common recognition protocol code, generates the common recognition for corresponding to the destination request Message, wherein the common recognition protocol code is placed in credible performing environment, and the tls protocol code is placed in credible performing environment In, the Transmission Control Protocol code is placed in outside credible performing environment;
Confirmation module, for issuing confirmation message according to common recognition message, so that the destination node receives the check-node After confirmation message, the target data is generated by encryption file according to the destination request and is stored, the common recognition is performed simultaneously Protocol code generates the storage request for corresponding to the target data;
Second obtains module, for obtaining encapsulation and encrypted storage request, executes the Transmission Control Protocol code deblocking and is added Storage request after close, and execute the tls protocol code decryption and obtain storage request;
Second memory module, for the target data to be generated encryption file according to storage request and is stored.
7. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that realize when the processor executes described program and be suitable for as described in any one of claim 1 to 2 The step of data processing method of block chain.
8. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer journey The step of data processing method for being suitable for block chain as described in any one of claim 1 to 2 is realized when sequence is executed by processor.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that realize when the processor executes described program and be suitable for as described in any one of claim 3 to 4 The step of data processing method of block chain.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer The step as described in any one of claim 3 to 4 suitable for the data processing method of block chain is realized when program is executed by processor Suddenly.
CN201910333894.9A 2019-04-24 2019-04-24 Data processing method and device suitable for block chain Pending CN110071802A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910333894.9A CN110071802A (en) 2019-04-24 2019-04-24 Data processing method and device suitable for block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910333894.9A CN110071802A (en) 2019-04-24 2019-04-24 Data processing method and device suitable for block chain

Publications (1)

Publication Number Publication Date
CN110071802A true CN110071802A (en) 2019-07-30

Family

ID=67368631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910333894.9A Pending CN110071802A (en) 2019-04-24 2019-04-24 Data processing method and device suitable for block chain

Country Status (1)

Country Link
CN (1) CN110071802A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278193A (en) * 2019-05-20 2019-09-24 阿里巴巴集团控股有限公司 It is marked and transaction, the receipt storage method of event type and node in conjunction with code
CN110490003A (en) * 2019-08-09 2019-11-22 杭州安存网络科技有限公司 User's trust data generation method, acquisition methods, apparatus and system
CN110992027A (en) * 2019-11-29 2020-04-10 支付宝(杭州)信息技术有限公司 Efficient transaction method and device for realizing privacy protection in block chain
CN111339569A (en) * 2020-02-26 2020-06-26 百度在线网络技术(北京)有限公司 Block chain data processing method and device, electronic equipment and medium
WO2019228562A3 (en) * 2019-09-11 2020-07-09 Alibaba Group Holding Limited Shared blockchain data storage based on error correction coding in trusted execution environments
CN112286731A (en) * 2020-07-03 2021-01-29 支付宝(杭州)信息技术有限公司 Restarting processing method of block chain consensus node, consensus node and block chain system
CN113556339A (en) * 2021-07-20 2021-10-26 北京冲量在线科技有限公司 Privacy calculation method supporting heterogeneous TEE computational power node interaction

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018148069A1 (en) * 2017-02-07 2018-08-16 Microsoft Technology Licensing, Llc Transaction processing for consortium blockchain network
CN108848056A (en) * 2018-05-03 2018-11-20 南京理工大学 Block chain common recognition method based on verifying
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018148069A1 (en) * 2017-02-07 2018-08-16 Microsoft Technology Licensing, Llc Transaction processing for consortium blockchain network
CN108848056A (en) * 2018-05-03 2018-11-20 南京理工大学 Block chain common recognition method based on verifying
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278193A (en) * 2019-05-20 2019-09-24 阿里巴巴集团控股有限公司 It is marked and transaction, the receipt storage method of event type and node in conjunction with code
CN110278193B (en) * 2019-05-20 2021-06-01 创新先进技术有限公司 Receipt storage method and node combining code annotation with transaction and event types
CN110490003A (en) * 2019-08-09 2019-11-22 杭州安存网络科技有限公司 User's trust data generation method, acquisition methods, apparatus and system
CN110490003B (en) * 2019-08-09 2022-04-22 杭州安存网络科技有限公司 User trusted data generation method, user trusted data acquisition method, device and system
WO2019228562A3 (en) * 2019-09-11 2020-07-09 Alibaba Group Holding Limited Shared blockchain data storage based on error correction coding in trusted execution environments
US10833846B1 (en) 2019-09-11 2020-11-10 Alibaba Group Holding Limited Shared blockchain data storage based on error correction coding in trusted execution environments
CN110992027A (en) * 2019-11-29 2020-04-10 支付宝(杭州)信息技术有限公司 Efficient transaction method and device for realizing privacy protection in block chain
CN110992027B (en) * 2019-11-29 2022-02-25 支付宝(杭州)信息技术有限公司 Efficient transaction method and device for realizing privacy protection in block chain
CN111339569A (en) * 2020-02-26 2020-06-26 百度在线网络技术(北京)有限公司 Block chain data processing method and device, electronic equipment and medium
CN112286731A (en) * 2020-07-03 2021-01-29 支付宝(杭州)信息技术有限公司 Restarting processing method of block chain consensus node, consensus node and block chain system
CN113556339A (en) * 2021-07-20 2021-10-26 北京冲量在线科技有限公司 Privacy calculation method supporting heterogeneous TEE computational power node interaction

Similar Documents

Publication Publication Date Title
EP3937424B1 (en) Blockchain data processing methods and apparatuses based on cloud computing
CN110071802A (en) Data processing method and device suitable for block chain
US20220245070A1 (en) Technologies for secure authentication and programming of accelerator devices
EP3520368B1 (en) Device-driven auto-recovery using multiple recovery sources
CN102170440B (en) Method suitable for safely migrating data between storage clouds
US10530752B2 (en) Efficient device provision
CN110730973A (en) Method and apparatus for computer-aided testing of blockchain
US10621055B2 (en) Adaptive data recovery for clustered data devices
US11356445B2 (en) Data access interface for clustered devices
CN111355684B (en) An Internet of Things data transmission method, device, system, electronic device and medium
US10691619B1 (en) Combined integrity protection, encryption and authentication
US11126567B1 (en) Combined integrity protection, encryption and authentication
CN111917696A (en) TPM-based secure multi-party computing system using non-bypassable gateways
WO2019231761A1 (en) Locally-stored remote block data integrity
US20250202724A1 (en) Data processing method and related device
US10728045B2 (en) Authentication device, authentication system, authentication method, and program
EP4352918A1 (en) Securely and reliably transmitting messages between network devices
CN114301928A (en) A SGX-based on-chain and off-chain hybrid consensus method and system
CN111869165A (en) Method and control system for controlling and/or monitoring a device
CN116541046A (en) Energy storage system upgrading method and device, computer equipment and readable storage medium
WO2018028359A1 (en) Service processing method and device, and storage medium and electronic device
CN115361147A (en) Device registration method and device, computer device and storage medium
WO2025031108A1 (en) Remote attestation method, apparatus and related device
US12511379B2 (en) Method and device for identifying malicious services in a network
CN120301607A (en) Method, device and electronic device for ensuring the security of image file supply chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190730

RJ01 Rejection of invention patent application after publication