CN113381859B - Process mutual sign communication method and system for block chain - Google Patents

Abstract

The invention discloses a process mutual sign communication method for block chains, which establishes a mutual sign trust mechanism between parallel computing processes under the scene of process mutual communication, and completes authentication before specific data starts to be transmitted by authorizing a process object or authorizing communication content, thereby enabling the processes to respond to only the processes in a trust range during communication, realizing the effect of safe communication among multiple processes in one node, not influencing the efficiency of the communication process, solving the problem of malicious attack by false impersonation of the processes among the multiple processes in one node, and enabling the processes to be fresh, efficient and safe for communication. The invention also provides a process mutual sign communication system for the block chain, which comprises a process object module, a process key module and a process authorization module, and realizes the function of safety communication among multiple processes in one node.

Description

Process mutual sign communication method and system for block chain

Technical Field

The invention relates to the technical field of blockchains, in particular to a process mutual sign communication method and a system for a blockchain.

Background

The rapid development of computers provides the basis for computing power for our social activities, which brings about a significant increase in social productivity. The productivity is greatly improved, and the demand of people is higher, so that the calculation basis is required to provide higher calculation capability. However, the improvement of the computing performance of the computer unit is physically limited, and it is very difficult to obtain effective performance improvement at this stage, but the demand for higher computing power is not reduced, which has led to a parallel computing solution.

Particularly, in the blockchain, the characteristic of the decentralization of the blockchain is that the operation of the blockchain is composed of a plurality of independently working computing nodes, and at the moment, the single computing power of the independent nodes often becomes the bottleneck of the computing power of the blockchain, and is similar to the development of parallel computing of a computer, in this case, the concept of parallel computing is also induced in the blockchain nodes, and the implementation of the method is that the integral computing power of the single node is improved by adopting a multi-process parallel computing mode in a multi-core computer. However, unlike a common computer, a conventional computer has a unified coordination control center when parallel computing is realized, so that computing equipment or chips participating in parallel computing can be well controlled, but the characteristic of the decentralization of the blockchain does not exist, and participants cannot be interfered in a managed and controlled manner, so that serious safety problems are often caused when parallel computing is introduced into the blockchain, particularly node equipment completely exposed in a public network environment, and the safety problems are the biggest obstacle if parallel computing is realized. Therefore, how to fully develop the computing capability of the multi-core resource of a single node under the decentralizing environment, and avoid the security problem caused by parallel computing becomes a urgent problem to be solved.

Disclosure of Invention

The invention aims to provide a process mutual sign communication method and a system for a block chain, and designs a concept of process mutual sign. The method has the core thought that a mutual signature trust mechanism is established between processes related to parallel computation, only processes in a trust range are responded, and the effect of safe communication among multiple processes in one node is realized. The method solves the problem that multiple processes in one node are attacked by fake and malicious.

A method for process mutual sign communication for a blockchain, the method comprising:

s1, when a process A is started, the process A generates a unique identification number, an authorization manager enables the process to obtain a pair of secret keys, a process object is generated, and a process list is obtained;

s2, circulating a process list, and finishing the process list processing;

s3, the process B generates instruction information, data are sent to the process A, the process A extracts the unique number of the process B, extracts the object information of the process B, checks whether the object information is a communicated object, if yes, stores the instruction, and if not, the process A extracts an own authorization list;

s4, circulating the authorization list, completing list circulation and completing instruction transmission;

further, the cyclic process list in step S2 includes:

s21, reading the process information A and extracting the process signature;

s22, comparing whether the process signature is the locally recorded signature of the B process, if not, continuing the next cycle, if so, extracting the unique process identification number, and adding the process identification number into the my authorization list;

s23, completing authorization of the process B.

Further, the circular authorization list in step S4 includes:

s41, extracting authorization information of the process A;

s42, comparing whether the signature information is the unique number of the B process, if not, continuing the next cycle, and if so, extracting the signature information of the B process;

s43, comparing whether the signature information of the process B is locally stored signature information, if not, discarding the instruction, and if so, storing the instruction and storing the communication object;

s44, completing signature checking and authorization checking.

The invention also extends to a process mutual sign communication system for a block chain based on the block forging method, which is characterized by comprising the following steps:

process manager: the interface is used for managing the process state and also providing data interaction for other components;

an authorization manager: the method is used for supporting the permission of inter-process communication and synchronizing the authorization information, and is also used as an intermediate bridge for the inter-process communication in specific applications;

a data manager: the method is used for storing data in the communication process of the management process, timely collecting the processing result of the process and scheduling other processes;

the system starts the process A and generates a unique identification number through a process manager, the process obtains a pair of secret keys through an authorization manager, a process object is generated, the process manager obtains a process list, the process list is cycled, the process list is processed, authorization is finished, the process B sends an instruction to the process A, the process B generates instruction information through a data manager, the process B sends data to the process A, the process A extracts the unique number of the process B, the process A extracts the object information of the process B, the object information is checked to see whether the object information is a communicated object, the list is cycled, list cycling is completed, instruction sending is completed through the data manager, the data manager operates in the process manager, the authorization manager operates outside the process manager, the process manager is controlled by the authorization manager, and the process manager, the authorization manager and the data manager are connected in a cross network mode, so that data access can be performed mutually.

Further, the process manager includes:

a process start-stop module: the method comprises the steps of performing starting and closing operations on a process, and creating a management object and unique identification information for the process when the process is started;

process monitoring module: the method comprises the steps of monitoring the running state of a process, collecting an abnormal log, and restarting the process when the process is abnormally suspended;

and a process interface module: and the access port is used for providing data interaction for the process, receiving instructions and data of other processes or sending messages to other processes after the authority verification is carried out by the authorization manager.

Further, the authorization manager includes:

and a process object module: the method is used for managing the currently existing process objects and is used as a basis for subsequent key and authorization management;

process key module: the method is used for allocating a pair of unique key pairs for the process object, and can be provided with a plurality of key pairs according to different encryption modes, but one process is provided with at least one key pair;

process authorization module: the method is used for distributing and managing the authorization relation between the processes and managing the batch authorization management in the processes.

Further, the data manager includes:

and a data storage module: the system is used for storing data of inter-process communication and data in the process of business processing of the process, and the data also comprises tracking information such as logs of process operation;

and a data query module: a service for querying data stored in the data manager and providing data queries for other components;

and a data cleaning module: the method is used for clearing the expired data, clearing the related data when the process exits or is destroyed, and timely releasing the memory.

Further, the process key module may use one key pair for communication with all processes according to security requirements of upper layer applications, or use a different key pair for each target communication object, or use a different key pair for different batches in one communication object.

Compared with the prior art, the invention has the following advantages:

(1) The invention mainly completes authentication before specific data starts to be transmitted in the process communication process, thereby realizing safe communication, only receiving instructions from a trusted source, avoiding the problem that other processes send malicious instructions and not affecting the efficiency of the communication process;

(2) The process is fresh, efficient and safe to communicate, and even if malicious processes around the process send malicious instructions, the malicious processes are not affected, so that the computing capability of single-node multi-core resources is fully exerted under the environment of decentralization, and the safety problem caused by parallel computing can be avoided.

Drawings

FIG. 1 is a flow chart of a process mutual sign communication method for blockchain according to the present invention;

FIG. 2 is a flow chart of a cyclic process list according to the present invention;

FIG. 3 is a schematic flow chart of the cyclic authority list according to the present invention;

FIG. 4 is a schematic diagram of a system for a process mutual sign communication method for blockchains in accordance with the present invention;

FIG. 5 is a schematic diagram of the components of the process manager of the present invention;

FIG. 6 is a schematic diagram of the components of the authorization manager of the present invention;

FIG. 7 is a schematic diagram of the components of the data manager of the present invention;

wherein: 100 a process manager; 200 an authorization manager; 300 a data manager; 101, a process start-stop module; 102 node process monitoring module; 103 a process interface module; a 201 process object module; 202 a process key module; 203 a process authorization module; 301 a data storage module; 302 a data query module; 303 a data cleaning module;

Detailed Description

The invention will be described in further detail with reference to the drawings and the specific examples. It should be noted that the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.

The method adopts two approaches, one is to authorize a process object and the other is to authorize communication content. The specific flow is as follows, as shown in fig. 1, wherein the process a is a process for receiving information, and the process B is a process for sending information:

s1, when a process A is started, the process A generates a unique identification number, an authorization manager enables the process to obtain a pair of secret keys, a process object is generated, and a process list is obtained;

s2, circulating a process list, and finishing the process list processing;

s3, the process B generates instruction information, data are sent to the process A, the process A extracts the unique number of the process B, extracts the object information of the process B, checks whether the object information is a communicated object, if yes, stores the instruction, and if not, the process A extracts an own authorization list;

s4, circulating the authorized list, completing list circulation, and completing instruction sending.

Step S1, enabling a process to generate a unique identification number and a secret key for a process object when the process is started;

step S2, mutually carrying out signature authentication for one time between processes, and checking whether the processes are processes in a system of the processes;

step S3, when the process performs data communication, a batch of unique identification number is generated for the data transmitted by the process, an opponent process receiving the information extracts the object information of the process, and the process is checked to save the instruction of the data communication under the condition that the process is communicated with the process, so that the consumption of calculation performance in the process communication is saved;

as shown in fig. 2, in the present embodiment, the cyclic process list described in step S2 includes:

s21, reading the process information A and extracting the process signature;

s22, comparing whether the process signature is the locally recorded signature of the B process, if not, continuing the next cycle, if so, extracting the unique process identification number, and adding the process identification number into the my authorization list;

s23, completing authorization of the process B.

Step S22 adds the process identification number capable of being communicated into the authorization list, so that the next time of communication with the process can be efficiently and directly carried out without checking again, and the calculation performance consumption is saved.

As shown in fig. 3, in this embodiment, the recurring grant list in step S4 includes:

s41, extracting authorization information of the process A;

s42, comparing whether the signature information is the unique number of the B process, if not, continuing the next cycle, and if so, extracting the signature information of the B process;

s43, comparing whether the signature information of the process B is locally stored signature information, if not, discarding the instruction, and if so, storing the instruction and storing the communication object;

s44, completing signature checking and authorization checking.

In step S43, the signature information of the process is applied to the communication content of the process to verify, so as to realize communication security, only receive the instruction of a trusted source during communication, avoid interference of other malicious processes, and improve efficiency of process communication operation.

As shown in fig. 4, the present invention further proposes a process mutual sign communication system for blockchain, where the system includes the following components and functions:

process manager 100: the system comprises a process management module, a data interaction module and a data interaction module, wherein the process management module is used for managing the process state, including starting a new process, ending an existing process, monitoring the process state, restarting the process when the process is abnormally terminated, and providing a data interaction interface for other components;

the authorization manager 200: the method comprises the steps that rights used for supporting inter-process communication are used as an intermediate bridge for communication between processes in a specific application, the intermediate bridge for communication between processes is a process manager under the default condition, authorization information is synchronized from the process manager to an authorization manager, and instructions and messages can be sent to the specific process only through the authorized process;

data manager 300: the method is used for storing data in the communication process of the management process, and timely collecting the processing result of the process and scheduling other processes.

The data manager operates in a process manager, the authorization manager operates outside the process manager, and the process manager is controlled by the authorization manager.

The specific workflow of the system comprises:

the system starts the process A through the process manager 100 and generates a unique identification number, the process A obtains a pair of secret keys through the authorization manager 200, a process object is generated, the process list is obtained through the process manager 100, the process list is circulated, the process list processing is completed, authorization is finished, the process B sends an instruction to the process A, the process B generates instruction information through the data manager 300, the process B sends data to the process A, the process A extracts a unique number of the process B information, the process A extracts object information of the process B through the authorization manager 200, whether the object information is a communicated object is checked, the list circulation is completed, and the instruction sending is completed through the data manager 300.

The process manager 100, the authorization manager 200, and the data manager 300 are cross-meshed with each other to enable data access to each other.

As shown in fig. 5, preferably, the process manager 100 includes:

process start-stop module 101: the method comprises the steps of performing starting and closing operations on a process, and creating a management object and unique identification information for the process when the process is started;

process monitor module 102: the method is used for monitoring the running state of the process, collecting an abnormal log, and restarting the process by connecting the process starting and stopping module 101 when the process is abnormally stopped;

process interface module 103: the access port is used for providing data interaction for the process, when other processes send instructions and data, the instructions and the data are received through the interface module, authority verification is performed through the authorization manager 200 before the instructions and the data are received, and the instructions and the data can only appear in the interface module after the instructions and the data are received. When a process needs to send a message with other processes, the process also sends a message through the process interface module 103, and the authority verification is also performed through the authorization manager 200.

As shown in fig. 6, preferably, the authorization manager 200 includes:

process object module 201: the method is used for managing the currently existing process objects and is used as a basis for subsequent key and authorization management;

process key module 202: for assigning a unique pair of key pairs to a process object, multiple pairs of key pairs may be present, depending on the encryption scheme used, but at least one key pair is present for a process.

One process can use one key pair to communicate with all processes, can use different key pairs with each target communication object, can also use different key pairs according to different batches in one communication object, and can select different modes according to the requirements of upper-layer application on security;

process authorization module 203: the process authorization module is a real whitelist of inter-process communication, and is used for distributing and managing the authorization relation between processes and managing the batch authorization management in the processes, and only the processes and batches (including the process objects which have been communicated) which have been authorized can send data to the target objects.

The process of communication can only send messages at the process interface module 103 after each module in the authorization manager 200 is authorized.

As shown in fig. 7, preferably, the data manager 300 includes:

the data storage module 301: the system is used for storing data of inter-process communication and data in the process of business processing of the process, and the data also comprises tracking information such as logs of process operation;

the data query module 302: a service for querying data stored in the data manager and providing data queries for other components;

data cleaning module 303: for cleaning up expired data and cleaning up its associated data when the process exits or is destroyed, and releasing the memory in time, avoiding the data storage module 301 from accumulating excessive expired information after a period of operation.

Compared with the existing process communication method for the block chain, the process communication method for the block chain is fresh, efficient and safe in communication, even if malicious processes around the process communication method are not affected when malicious instructions are sent, authentication is completed before specific data starts to be transmitted, and therefore safe communication is achieved, and the efficiency of the communication process is not affected. The process communication safety, especially when in inter-process communication, only receives the instruction of a trusted source, thereby avoiding the problem that other processes send malicious instructions. For the security of the communication content, only the signature of the process needs to be applied to the communication content.

The above description is only of the preferred embodiments of the present invention, and should not be taken as limiting the technical scope of the present invention, but all changes and modifications that come within the scope of the invention as defined by the claims and the specification are to be embraced by the invention. Although the present invention is described with respect to a blockchain scenario, the same approach can be applied to all computations requiring multi-process task processing.

Claims (1)

1. A method for process mutual sign communication for a blockchain, the method comprising:

s1, when a process A is started, the process A generates a unique identification number, an authorization manager enables the process to obtain a pair of secret keys, a process object is generated, and a process list is obtained; wherein the A process is a process for receiving information, and the B process is a process for sending information;

s2, circulating a process list, and finishing the process list processing;

the cyclic process list in step S2 includes:

s21, reading the process information A and extracting the process signature;

s22, comparing whether the process signature is the locally recorded signature of the B process, if not, continuing the next cycle, if so, extracting the unique process identification number, and adding the process identification number into the my authorization list;

s23, completing authorization of the process B;

s3, the process B generates instruction information, data are sent to the process A, the process A extracts the unique number of the process B, extracts the object information of the process B, checks whether the object information is a communicated object, if yes, stores the instruction, and if not, the process A extracts an own authorization list;

s4, circulating the authorization list, completing list circulation and completing instruction transmission;

the circular authorization list in step S4 includes:

s41, extracting authorization information of the process A;

s42, comparing whether the signature information is the unique number of the B process, if not, continuing the next cycle, and if so, extracting the signature information of the B process;

s43, comparing whether the signature information of the process B is locally stored signature information, if not, discarding the instruction, and if so, storing the instruction and storing the communication object;

s44, completing signature checking and authorization checking.