CN117009983A - Node cluster and data backup method - Google Patents
Node cluster and data backup method Download PDFInfo
- Publication number
- CN117009983A CN117009983A CN202210468559.1A CN202210468559A CN117009983A CN 117009983 A CN117009983 A CN 117009983A CN 202210468559 A CN202210468559 A CN 202210468559A CN 117009983 A CN117009983 A CN 117009983A
- Authority
- CN
- China
- Prior art keywords
- node
- transaction
- block
- data
- cluster
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000004891 communication Methods 0.000 claims description 30
- 238000012546 transfer Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 5
- 238000002955 isolation Methods 0.000 abstract description 19
- 230000008569 process Effects 0.000 description 21
- 230000006870 function Effects 0.000 description 20
- 238000012545 processing Methods 0.000 description 20
- 230000007246 mechanism Effects 0.000 description 18
- 230000001360 synchronised effect Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 238000011144 upstream manufacturing Methods 0.000 description 11
- 238000007726 management method Methods 0.000 description 8
- 238000004806 packaging method and process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013479 data entry Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000005236 sound signal Effects 0.000 description 2
- 101100439060 Talaromyces verruculosus cdmA gene Proteins 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Development Economics (AREA)
- Quality & Reliability (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- Technology Law (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the application provides a node cluster and a data backup method, which are applied to the field of block chains and comprise the following steps: the first node is used for acquiring a first block and first authority information of a first transaction, wherein the first block comprises transaction data of the first transaction; encrypting transaction data of the first transaction to obtain a second block under the condition that the first authority information indicates that the second node cluster does not have access authority to the at least one first transaction; and transmitting the second block to the second node so that the second node cluster performs data backup on the second block. The application can ensure the data isolation of the cross-authority domain.
Description
Technical Field
The application relates to the technical field of Internet, in particular to a node cluster and a data backup method.
Background
In a Blockchain (Blockchain) system, data is stored in blocks, and newly written data forms new blocks, which are added at the end of the current Blockchain. Each block holds data and simultaneously holds a unique corresponding number (often hash values of all recorded data) of all recorded data in the previous block, thereby forming a chain. Thus, a blockchain system may be considered a system that maintains a set of traceable, non-tamperable chained data together by consensus rules by computers on a distributed network that are not fully trusted with each other.
In the business scenario of the block chain combination enterprise, the data isolation requirement is high, and due to the mechanism of implementing hierarchical management, the parent level mechanism has higher authority and has the data access authority of all the child level mechanisms, while the authority of the child level mechanism is relatively lower, and only the data related to the mechanism and the data of the mechanism and the child level mechanism can be accessed. And data isolation may be required between sub-level mechanisms at the same level, as shown in fig. 1.
Ledger data (also referred to as transaction data in the embodiment of the present application) can be backed up to a node cluster, in a conventional blockchain, identities of all nodes are equal, and the same ledger data is stored on each node, so that when facing the above scenario, the requirement of data isolation cannot be met.
Disclosure of Invention
The embodiment of the application provides a node cluster and a data backup method, which can improve the performance of storing data in a blockchain network.
In a first aspect, the present application provides a node cluster, where the node cluster includes a first node cluster and a second node cluster, and a communication connection is between a first node in the first node cluster and a second node in the second node cluster, where the method includes: the first node is configured to obtain a first block and first authority information, where the first block includes transaction data of a first transaction, and the first authority information is authority information of the first transaction; encrypting transaction data of the first transaction to obtain a second block, wherein the second block comprises the encrypted transaction data of the first transaction under the condition that the first authority information indicates that the second node cluster does not have access authority to the at least one first transaction; and transmitting the second block to the second node so that the second node cluster performs data backup on the second block.
In the embodiment of the application, the blockchain network is divided into tree-shaped sub-groups (zones), so that the arrangement of the network structure is ordered, the network topology structure can be improved, and the synchronization performance and the upper limit of the scale can be improved. In addition, the data synchronization process filters transactions outside the rights, and can ensure data isolation across the rights domains. And only the hash value after hash processing is stored for the data in the non-authority domain, the hash value is usually far smaller than the data body, the network load can be reduced, and the performance is improved.
In one possible implementation, the first node cluster further includes nodes other than the first node, the second node cluster further includes nodes other than the second node, and data is transferred between the first node cluster and the second node cluster only through the first node and the second node.
In one possible implementation, the nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
In order to ensure data isolation, the embodiment of the application takes the first node cluster and the second node cluster as examples, wherein the first node cluster and the second node cluster only transmit data through the nodes with specific roles (for example, the first node and the second node cluster only transmit data through the data transmission from the first node to the second node), other nodes except the first node in the first node cluster do not have permission to transmit data to the second node cluster, the nodes of the second node cluster do not have permission to transmit data to the first node cluster, and the nodes do not have permission to actively acquire data from the first node cluster.
In one possible implementation, the second block further includes transaction data for a third transaction; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster; the first node is further configured to transmit second permission information of the third transaction to the second node; the third node is configured to encrypt transaction data of the third transaction based on the second permission information indicating that the third node cluster does not have access to the third transaction, so as to obtain a third block, where the third block includes the encrypted transaction data of the third transaction; and transmitting the third block to the fourth node so that the third node cluster performs data backup on the third block.
In one possible implementation, the second block further includes transaction data for a fourth transaction; the second authority information indicates that the cluster to which the third node belongs has access authority to the fourth transaction, and the third block includes transaction data of the fourth transaction.
In a second aspect, the present application provides a data backup method applied to a first node, where the first node and a second node are in communication connection, and the first node and the second node belong to different clusters, and the method includes: the first node acquires a first block and first authority information, wherein the first block comprises transaction data of a first transaction, and the first authority information is the authority information of the first transaction; encrypting transaction data of the first transaction by the first node to obtain a second block under the condition that the first authority information indicates that the second node cluster does not have access authority to the at least one first transaction, wherein the second block comprises the encrypted transaction data of the first transaction; the first node transmits the second block to the second node so that the second node cluster performs data backup on the second block.
In the embodiment of the application, the blockchain network is divided into tree-shaped sub-groups (zones), so that the arrangement of the network structure is ordered, the network topology structure can be improved, and the synchronization performance and the upper limit of the scale can be improved. In addition, the data synchronization process filters transactions outside the rights, and can ensure data isolation across the rights domains. And only the hash value after hash processing is stored for the data in the non-authority domain, the hash value is usually far smaller than the data body, the network load can be reduced, and the performance is improved.
In one possible implementation, the first node belongs to a first node cluster, the second node belongs to a second node cluster, the first node cluster further includes nodes other than the first node, the second node cluster further includes nodes other than the second node, and data is transferred between the first node cluster and the second node cluster only through the first node and the second node.
In one possible implementation, the nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
In order to ensure data isolation, the embodiment of the application takes the first node cluster and the second node cluster as examples, wherein the first node cluster and the second node cluster only transmit data through the nodes with specific roles (for example, the first node and the second node cluster only transmit data through the data transmission from the first node to the second node), other nodes except the first node in the first node cluster do not have permission to transmit data to the second node cluster, the nodes of the second node cluster do not have permission to transmit data to the first node cluster, and the nodes do not have permission to actively acquire data from the first node cluster.
In one possible implementation, the first block further includes transaction data of a second transaction, the transaction data being plaintext data; the rights information indicates that the second cluster of nodes has access rights to the second transaction, the second block including transaction data of the second transaction.
In one possible implementation, the second block is obtained by replacing transaction data of the first transaction in the first block with the ciphertext data.
In one possible implementation, the second block further includes transaction data of a third transaction, the transaction data being plaintext data; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster; the method further comprises the steps of: the first node transmits second authority information of the third transaction to the second node; the third node indicates that the third node cluster does not have access rights to the third transaction based on the second right information, and encrypts transaction data of the third transaction to obtain a third block, wherein the third block comprises the encrypted transaction data of the third transaction; and the third node transmits the third block to the fourth node so that the third node cluster performs data backup on the third block.
In one possible implementation, the second block further includes transaction data of at least one fourth transaction, the transaction data being plaintext data; the rights information indicates that the second cluster of nodes has access rights to the at least one fourth transaction, the third block comprising transaction data of the at least one fourth transaction.
In one possible implementation, the first permission information includes at least one permission level having access to the first transaction; the method further comprises the steps of: the first node determines that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
In one possible implementation, the transaction data of the first transaction is data generated by a consensus node.
In one possible implementation, the first node cluster may be a consensus cluster (a node cluster including consensus nodes), the consensus nodes in the first node cluster may generate a first block, the first nodes in the first node cluster may generate a second block (the first block and the second region may be the same or different) from the first block, and pass through the first nodes (linker nodes) in the first node cluster to the second nodes (master nodes) in the second node cluster.
In one possible implementation, the first node cluster may be a non-consensus cluster (a node cluster that does not include a consensus node), the master node in the first node cluster may receive a first block sent by a linker node from a previous level node cluster, the first node in the first node cluster may generate a second block (the first block and the second region may be the same or different) from the first block, and transfer the second block to the second node (master node) in the second node cluster through the first node (linker node) in the first node cluster.
In one possible implementation, the second node cluster includes a plurality of nodes including the second node, and the second node cluster performs data backup on the second block, including: each node of the plurality of nodes performs data backup on the second block.
In a third aspect, the present application provides a data backup device, applied to a first node, where the first node and a second node are in communication connection, and the first node and the second node belong to different clusters, and the first node includes:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a first block and first authority information, the first block comprises transaction data of a first transaction, and the first authority information is the authority information of the first transaction;
The block generation module is used for encrypting the transaction data of the first transaction by the first node to obtain a second block when the first authority information indicates that the second node cluster does not have the access authority to the at least one first transaction, and the second block comprises the encrypted transaction data of the first transaction;
and the transmission module is used for transmitting the second block to the second node so that the second node cluster performs data backup on the second block.
In one possible implementation, the first node belongs to a first node cluster, the second node belongs to a second node cluster, the first node cluster further includes nodes other than the first node, the second node cluster further includes nodes other than the second node, and data is transferred between the first node cluster and the second node cluster only through the first node and the second node.
In one possible implementation, the nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
In one possible implementation, the first block further includes transaction data for a second transaction;
The first permission information indicates that the second node cluster has access to the second transaction, and the second block includes transaction data of the second transaction.
In one possible implementation, the second block is obtained by replacing transaction data of the first transaction in the first block with the encrypted transaction data of the first transaction.
In one possible implementation, the second block further includes transaction data for a third transaction; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster; the transfer module is further configured to:
transmitting second rights information for the third transaction to the second node;
the third node includes:
the block generation module is configured to encrypt transaction data of the third transaction based on the second permission information indicating that the third node cluster does not have access permission to the third transaction, so as to obtain a third block, where the third block includes the encrypted transaction data of the third transaction;
and the transmission module is used for transmitting the third block to the fourth node so that the third node cluster performs data backup on the third block.
In one possible implementation, the second block further includes transaction data for a fourth transaction;
the second authority information indicates that the cluster to which the third node belongs has access authority to the fourth transaction, and the third block includes transaction data of the fourth transaction.
In one possible implementation, the first permission information includes at least one permission level having access to the first transaction; the block generation module is specifically configured to:
the first node determines that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
In one possible implementation, the transaction data of the first transaction is data generated by a consensus node.
In one possible implementation, the first node cluster further includes: consensus nodes;
the acquiring the first block includes: the first block communicated from the consensus node is received.
In one possible implementation, the second node cluster includes a plurality of nodes including the second node, and the second node cluster performs data backup on the second block, including:
Each node of the plurality of nodes performs data backup on the second block.
In a fourth aspect, an embodiment of the present application provides an apparatus, including a memory, a processor, and a bus system, where the memory is configured to store a program, and the processor is configured to execute the program in the memory, so as to perform any one of the optional methods in the second aspect and the second aspect.
In a fifth aspect, embodiments of the present application also provide a system comprising at least one processor, at least one memory, and at least one communication interface; the processor, the memory and the communication interface are connected through a communication bus and complete communication;
the memory is used for storing application program codes for executing the scheme, and the execution is controlled by the processor. The processor is used for executing the application program codes stored in the memory; wherein the memory stores code that performs one of the data backup methods provided above.
A communication interface for communicating with other devices or communication networks to send data to the devices or communication networks.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored therein, which when run on a computer causes the computer to perform the second aspect and any of its optional methods described above.
In a seventh aspect, embodiments of the present application provide a computer-readable storage medium storing one or more instructions that, when executed by one or more computers, cause the one or more computers to implement the second aspect and any optional system thereof.
In an eighth aspect, embodiments of the present application provide a computer program which, when run on a computer, causes the computer to perform the second aspect and any of its alternative methods described above.
In a ninth aspect, the present application provides a chip system comprising a processor for supporting a terminal device or a server to perform the functions involved in the above aspects, for example, to transmit or process data involved in the above method; or, information. In one possible design, the chip system further includes a memory for holding program instructions and data necessary for the terminal device or the server. The chip system can be composed of chips, and can also comprise chips and other discrete devices.
Drawings
FIG. 1 is a schematic illustration of enterprise rights;
FIG. 2 is a schematic diagram of a block chain network architecture according to the present application;
FIG. 3 is a schematic diagram of a data backup method according to an embodiment of the present application;
FIG. 4 is a schematic view of a rights provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a block according to an embodiment of the present application;
FIG. 6 is a schematic view of a rights provided by an embodiment of the present application;
FIG. 7 is a schematic diagram of an embodiment of a data backup device according to the present application;
FIG. 8 is a schematic diagram of a data backup device according to an embodiment of the present application;
fig. 9 is a schematic diagram of a server structure according to an embodiment of the present application.
Detailed Description
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The "blockchain" may specifically refer to a P2P network system with a distributed data storage structure, where each node achieves a data distribution in the blockchain through a consensus mechanism, and the data distribution in the blockchain is in a plurality of blocks (blocks) that are temporally connected, where the later blocks include the data digests of the previous blocks, and achieve full data backup of all or part of the nodes according to the specific consensus mechanism (such as POW, POS, dPOS or PBFt). Blockchains may include public chains, federated chains, private chains, etc., depending on the form of distribution of their network nodes. In practical applications, particularly for alliance chains, it is common to set separate blockchains for different scenes, such as blockchains for processing house renting service scenes, blockchains for processing copyrighted-work use service scenes, and the like; for the blockchain arranged in a larger application scene, related business refinement subchains, such as a blockchain main chain for processing house renting business scenes, can hang blockchain subchains of various subdivision businesses under a plurality of house rentals, such as a blockchain subchain special for recording house renting orders, a blockchain special for recording house details available for renting, and the like, wherein the subchain is a plurality of examples conforming to the blockchain main chain protocol.
In some specific application scenarios, higher requirements are placed on data isolation of the blockchain network and performance of the large-scale clusters, which challenges the conventional blockchain network.
Taking a business scenario of a block chain enterprise as an example:
in the business scenario of the block chain combination enterprise, the data isolation requirement is high, and due to the mechanism of implementing hierarchical management, the parent level mechanism has higher authority and has the data access authority of all the child level mechanisms, while the authority of the child level mechanism is relatively lower, and only the data related to the mechanism and the data of the mechanism and the child level mechanism can be accessed. And data isolation may be required between sub-level mechanisms at the same level, as shown in fig. 1.
The account book data (also referred to as transaction data in the embodiment of the application) can be backed up to the node cluster, in the traditional blockchain, identities of all nodes are equal, the same account book data is stored on each node, when facing the scene, the requirement of data isolation cannot be met, and the nodes store a large amount of data which cannot be accessed by themselves, so that larger resource waste is caused.
First, some noun definitions related to embodiments of the present application are described:
Peer-to-peer (P2P): also known as point-to-point technology, is an internet architecture that relies on user groups (peers) to exchange information without a central server.
The block (block) refers to a data structure formed by packing a plurality of transactions in a block chain, is a unit for transmitting messages and synchronizing in a block chain network, and has higher performance compared with a block-based transaction batch processing mode.
Transaction (transaction), which refers to a request for data change initiated by a client to a blockchain system, the blockchain system will back up the transaction data at all nodes, and the process of recording the transaction data is called "accounting".
The merck tree (merkle tree) is a hash binary tree, consisting of a root node (root), a set of intermediate nodes, and a set of leaf nodes (leaf). The leaf nodes of the merck tree in the blockchain are hashes of transactions in the block, while the intermediate/root node is the hash value of its child nodes.
Synchronization (sync), herein refers to the process of multiple nodes backing up the same piece of data.
The discovery and management of node members are limited in each zone, and the nodes in each zone perform data synchronization and member information maintenance autonomously.
Rights (domains), which refer to multiple rights domains of blockchain data, each node has a rights domain to which it is configured and can only see transactions within its rights domain.
A consensus node (consensus node) is the portal to blockchain network transactions, packaging transactions from clients into blocks and synchronizing downstream.
Coordinator nodes (coordinators), which are responsible for maintaining the present zone meta-information (e.g., zone cluster member states) in a zone cluster, at least one coordinator node per zone.
The master node is a leader node in the coordinator node of the zone and is responsible for managing the functions of the coordinator node, communicating with the upper level zone (acquiring new data and forwarding transactions) and the like, and each zone has only one master node.
linker node: and the node in the upstream zone, which establishes a link with the master of the downstream zone, is responsible for sending the latest data to the downstream zone, detecting the state of the downstream zone and other functions.
Peer node: and each zone can be provided with a plurality of peer nodes for data synchronization and backup.
Seed node: when the new node is to join the current zone cluster, a request is sent to the Seed node first, and the Seed node forwards the request to the master node of the current zone for processing.
Referring to fig. 2, fig. 2 is a schematic diagram of a block chain network according to the present application.
As shown in fig. 2, the blockchain network provided by the present application includes a plurality of regions, where a region may also be described as a node cluster, and data cannot be actively read between different node clusters, and data may be transferred only through nodes with fixed roles (such as a linker node and a coordinator node shown in fig. 2).
Wherein the node peers shown in FIG. 2 may collectively maintain one or more blockchains.
The root zone may include a consensus node (consensus node), where the consensus node may only exist in a consensus cluster (e.g., the root zone shown in fig. 2), where the consensus node may be used as a data entry of a blockchain network, specifically, all transactions of a client may first enter the consensus node, and then step-by-step downstream perform data synchronization on the nodes (i.e., the consensus node may package data of the transactions into blocks and transfer the blocks to nodes in other zones, so that each node performs data backup on the blocks).
It should be noted that, the blockchain stores the transaction list in units of blocks, the blocks in the blockchain are generated according to a time sequence, and each block is used for recording the transaction list generated in a period of time. All transaction lists recorded on the blockchain are ledgers (ledgers), and in the application, the ledgers and the blockchains are equivalent concepts which can be replaced with each other under the condition of not causing ambiguity.
It should be noted that the system architecture is only a logic schematic; physically, one node in a blockchain network is on one physical machine (server), or multiple nodes in multiple blockchain networks are on the same server, and a node may specifically refer to one process or a series of processes running in a server, for example, different nodes in a blockchain network may be two processes running on a server.
The application can divide the blockchain network into tree-shaped sub-clusters, each sub-cluster is called zone or node cluster, and improves the blockchain synchronization performance and the upper limit of scale by improving the network communication topological structure. The discovery and management of node members is limited to each zone, each zone is autonomous in data synchronization among the nodes, and the inter-zone communication is limited between the master node of the zone and the linker node of the upper-level zone. zone is a network concept that represents a locally synchronous cluster in a blockchain network with relatively independent node management and synchronization patterns.
Wherein, a plurality of zone clusters can be configured on the chain, each zone cluster has a Parent cluster called Parent zone, which means that the nodes of the cluster synchronize block data from the Parent zone, each zone can be configured with a zone Id, and optionally, the zone Id is null. The consensus node may be only in the top-most Root zone.
All the latest blocks on the chain are generated by a consensus cluster, root zone where a consensus node is located has the latest full data, and then the latest full data is diffused to the whole network along the tree relation of the zones, an autonomous synchronous protocol can be set in each zone, independent node member management is provided, the data in each zone is consistent, and the data synchronization of the whole blockchain network can be abstracted into data multicast in a tree network formed by zone nodes.
Referring to fig. 3, fig. 3 is a schematic diagram of data backup provided by an embodiment of the present application, and as shown in fig. 3, a data backup method provided by an embodiment of the present application includes:
301. the first node acquires a first block and first authority information, wherein the first block comprises transaction data of a first transaction, and the first authority information is the authority information of the first transaction.
In one possible implementation, the data backup method in the embodiment of the present application may be applied to a node cluster, where the node cluster may include a plurality of node clusters, and a connection relationship between the plurality of node clusters may form a tree structure. Referring to fig. 2, a node cluster may include a plurality of zones (zones), a cluster as a root node may be a root zone including a consensus node (the embodiment of the present application may also be described as a consensus cluster), the root zone may include a consensus node, the consensus node may generate a block based on a transaction from a client and directly or indirectly transfer the block to a peer node within the root zone, and a linker node in the peer node may transfer the block to other node clusters.
The consensus node can only exist in the consensus cluster, and bears the following functions in the cluster: data entry as an entire blockchain network: all transactions of the client firstly enter a consensus node, and then data synchronization is carried out downstream step by step; and the transaction is packed into blocks, and the consensus node can carry out a flow of packing the transaction, so that the method is beneficial to improving the synchronization performance of the system in batch processing.
In one possible implementation, the cluster may include multiple connection branches, where root nodes of the multiple connection branches are root regions, and blocks may propagate (e.g., multicast) along each connection branch of the tree structure to subsequent clusters of nodes.
Taking an example that the plurality of node clusters may include a first node cluster and a second node cluster, a communication connection is between a first node in the first node cluster and a second node in the second node cluster.
Wherein the first node cluster and the second node cluster may include manager nodes and peer nodes. From the function implementation, both the coordinator node and the peer node can perform data backup, and the coordinator node can be responsible for managing the cluster where the data backup is located, for example, when the node cluster is constructed and configured, the coordinator node is responsible for managing the cluster. In addition, the coordinators node may further include a master node, and the master node may lead the cluster formed by the coordinators node to perform normal functions. For example, the master node may be generated by an automatic election of the coordinator node. The master node can backup data with other coordinators to prevent single point failure.
In the embodiment of the present application, the second node in the second node cluster may be a master node described above, and the master node may be responsible for managing member information in the cluster and distributing connections. Meanwhile, the master node can also be used as a data inlet of the whole node cluster and connected with the consensus cluster or other zone clusters.
In order to ensure data isolation, the embodiment of the application takes the first node cluster and the second node cluster as examples, wherein the first node cluster and the second node cluster only transmit data through the nodes with specific roles (for example, the first node and the second node cluster only transmit data through the data transmission from the first node to the second node), other nodes except the first node in the first node cluster do not have permission to transmit data to the second node cluster, the nodes of the second node cluster do not have permission to transmit data to the first node cluster, and the nodes do not have permission to actively acquire data from the first node cluster.
Wherein the peer nodes may be data synchronization nodes, optionally each peer node may be responsible for managing the connections with its own directly connected nodes. Alternatively, the synchronized data may be passed unidirectionally between peers in order to reduce message redundancy. Meanwhile, in order to avoid abnormal data synchronization caused by single-point faults, each peer node can establish a plurality of connections with a plurality of peer nodes in the node cluster where the peer nodes are located, so that reliability is ensured.
The peer nodes and the coordinator nodes in the cluster can bear the following auxiliary functions besides the present functions: linker function: and can be borne by any node. When the zones are cascaded, the node of the upper zone connected with the lower zone is called a linker node. Communication between the zones is performed by a linker of the parent zone and a coordinator (e.g., master) node of the subordinate zone.
In the embodiment of the application, the first node cluster may be a parent zone, the second node cluster may be a lower-level zone, the first node in the first node cluster may be a linker node, the linker node may be a coordinator node or a peer node, the second node in the second node cluster may be a master node, and the master node may be a coordinator node.
Optionally, the node cluster may further include a seed node, where the seed node is borne by any node in the node cluster. When a node joins a zone, the node that is currently in the zone may be designated as a seed node so that information of a master node is obtained from the seed node and connected to the master node for registration. The seed node is called a seed node.
In one possible implementation, the first node cluster may be a consensus cluster (a node cluster including consensus nodes), the consensus nodes in the first node cluster may generate a first block, the first nodes in the first node cluster may generate a second block (the first block and the second region may be the same or different) from the first block, and pass through the first nodes (linker nodes) in the first node cluster to the second nodes (master nodes) in the second node cluster.
In one possible implementation, the first node cluster may be a non-consensus cluster (a node cluster that does not include a consensus node), the master node in the first node cluster may receive a first block sent by a linker node from a previous level node cluster, the first node in the first node cluster may generate a second block (the first block and the second region may be the same or different) from the first block, and transfer the second block to the second node (master node) in the second node cluster through the first node (linker node) in the first node cluster.
Next, how to generate the second block from the first block is described.
In the embodiment of the present application, different node clusters may have different data access rights, for example, as described in fig. 1, different node clusters may be allocated to different organizations, and an organization having a higher level of access rights may correspond to a node cluster closer to the root node. That is, in the bifurcated tree formed by the node clusters, the node cluster closer to the root node should have access rights not lower than the node cluster farther from the root node among the node clusters located in the same branch.
In one possible implementation, the first node needs to obtain the data access right of the second node cluster, where the data access right may indicate which data in the first block has access right and which data has no access right, and process the first block based on the data access right, so as to encrypt and compress the data that the second node cluster does not have access right, so as to obtain the second block.
In one possible implementation, each node cluster may be configured with a corresponding access permission level (also referred to as a permission domain (domain) in the embodiment of the present application), where a node cluster closer to the root node in the node clusters on the same branch has a higher access permission. The root zone where the consensus node is located can have full data, and when the data is synchronized from an upstream zone to a downstream zone, a linker node in the upstream zone can judge whether the authority domain bound by the downstream node has the access rights of all transactions in the block. If the downstream node does not have the access right of the specific transaction, the transaction in the block is compressed (for example, the transaction data body can be deleted and replaced by the hash value of the transaction), so that the downstream node cannot acquire the transaction data body, the data isolation is ensured, and the data quantity to be stored by the downstream node is reduced. It can be seen that, since the data is filtered step by step from upstream to downstream, the amount of data acquired by the downstream zone may be no higher than that of the upstream zone, i.e. the authority inheritance thereof is from the upstream, i.e. the aforementioned authority inheritance relationship is consistent with the data stream.
The corresponding authority domain (domain) can be bound when the node cluster (zone) is created, so that the authority range of the node can be defined when the node joins a specific sub-cluster without additional designation.
For example, reference may be made to fig. 4, where fig. 4 is a schematic illustration of access rights configured for a respective node cluster.
In addition, when designating the authority of each transaction, the transaction designates a target domain list to support a specific domain Path or wild card mode, such as: all secondary domains of/domain_a are represented by/domain_a; the/domain_a/represents the entire subtree of the/domain_a domain node.
In one possible implementation, the consensus node may obtain a required level of access to the data of each transaction in the first chunk, which may be communicated to other clusters of nodes along with the chunk data. Correspondingly, the linker node in each node cluster can also acquire the required access level, in addition, the linker node can also maintain the access right of the data transfer object (node cluster), and based on the required access level and the access right of the node cluster, it is determined which data in the block have the right to access and which data do not have the right to access.
Taking the first node cluster and the second node cluster as examples, a first node in the first node cluster can acquire a first block and first authority information of a first transaction, wherein the first block comprises transaction data of the first transaction, and the transaction data is plaintext data. Wherein the first transaction may be data of some or all of the transactions in the first block.
When the first node cluster is a consensus cluster, all transaction data in the first block may be plaintext data, and when the first node cluster is not a consensus cluster, part of transaction data in the first block may be plaintext data, part of transaction data may be ciphertext data, or all transaction data in the first block may be plaintext data, depending on access rights of the first node cluster to each transaction in the first block.
In one possible implementation, the first rights information for the first transaction may include a level of access required to access the first transaction.
Each transaction needs to specify at least 1 target domain when initiated (all domains are visible by default if not specified), and finally the transaction can be synchronized to all nodes with the specified domain authority (any one of domain lists specified by the transaction is contained in a zone-associated domain list where the node is located, and then the node can receive the transaction data).
302. And under the condition that the first authority information indicates that the second node cluster does not have the access authority to the at least one first transaction, the first node encrypts the transaction data of the first transaction to obtain a second block, and the second block comprises the encrypted transaction data of the first transaction.
In one possible implementation, the first node may determine, based on the first permission information, that the second node cluster does not have access permission to the first transaction, and then may compress and encrypt (for example, hash) the data of the first transaction in the first block, so as to obtain ciphertext data obtained by performing hash on the transaction data of the first transaction, and replace the ciphertext data with corresponding plaintext data in the first block, so as to obtain the second block.
In one possible implementation, the first permission information includes at least one permission level having access to the first transaction; the first node may determine that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
For example, the at least one authority level having access to the first transaction may be domain_a, the authority level of the second node cluster is domain_a1, and the second node cluster does not have access to the first transaction because the authority level domain_a1 of the second node cluster is not in the at least one authority level (domain_a).
In the embodiment of the application, when data is synchronized from an upstream zone to a downstream zone, a linker node in the upstream zone can judge whether the authority domain bound by the downstream node has the access right of all transactions in the block. If the downstream node does not have the access right of the specific transaction, the transaction in the block is "compressed" (namely, the transaction data body is deleted and replaced by the hash value of the transaction), so that the downstream node cannot acquire the transaction data body, the data isolation is ensured, and the data quantity to be stored by the downstream node is reduced. It can be seen that, since the data is filtered step by step from upstream to downstream, the amount of data acquired by the downstream zone cannot be higher than that of the upstream zone, i.e. the authority inheritance from the upstream zone, i.e. the authority inheritance relationship mentioned above is consistent with the data stream.
An illustration of the above hash process is described below:
a block (block) may be composed of a block header (block header) and a block body (block body), where the block body (block body) is composed of a plurality of transactions, and the merkel tree Root in the block header is a Root hash value of the merkel tree with the hash of each transaction in the block as a leaf node. The merck Root can be used for checking whether the transaction in the block is tampered (i.e. after the receiver receives the block, all the transactions in the block are re-constructed to obtain a new merkel tree Root value, and the new merkel tree Root value is compared with the value in the block head, and if the new merkel tree Root value is consistent with the value in the block head, the transaction is proved not tampered).
For example, reference may be made to fig. 5, and fig. 5 is a schematic block diagram.
When a parent zone (e.g., a first node cluster in the embodiment of the present application) sends a block (e.g., a first block in the embodiment of the present application) to a downstream zone (e.g., a second node cluster in the embodiment of the present application), if it is found that at least one transaction in the lower zone has no rights to acquire the block (i.e., all domain rights associated with the lower zone have no intersection with domains specified by the transaction), the transaction is compressed. The compression process is to replace the data body of the transaction with the hash of the transaction. Through hash processing, isolation of transaction data can be ensured, and a lower level cannot acquire and store a data body. The hash value of the transaction is preserved. The transaction hash value is a leaf node of the block merck tree, so the receiver can still reconstruct the merck tree through the hash value to check whether the block data is tampered with. In addition, the hash value is usually far smaller than the data body, so that network load can be reduced, and performance can be improved.
In one possible implementation, the first block further includes transaction data of a second transaction, the transaction data being plaintext data; correspondingly, when the authority information indicates that the second node cluster has the access authority to the second transaction, transaction data of the second transaction in the first block can be reserved, and further, the obtained second block can include transaction plaintext data of the second transaction.
In the embodiment of the application, the blockchain network is divided into tree-shaped sub-groups (zones), so that the arrangement of the network structure is ordered, the network topology structure can be improved, and the synchronization performance and the upper limit of the scale can be improved. In addition, the data synchronization process filters transactions outside the rights, and can ensure data isolation across the rights domains. And only the hash value after hash processing is stored for the data in the non-authority domain, the hash value is usually far smaller than the data body, the network load can be reduced, and the performance is improved.
303. The first node transmits the second block to the second node so that the second node cluster performs data backup on the second block.
In one possible implementation, after obtaining the second block, the first node may transfer the second block to the second node. In turn, each node in the second cluster of nodes may perform a data backup (i.e., data storage) on the second block.
In one possible implementation, the second node cluster includes a plurality of nodes including the second node, and the second node cluster performs data backup on the second block, which may specifically include: each node of the plurality of nodes performs data backup on the second block. For example, a data transmission path may exist between the nodes in the second node cluster, and the second block may be propagated to the nodes through the data transmission path, so that the nodes in the second node cluster may perform data backup on the second block.
In one possible implementation, the third node cluster may be used as a downstream zone of the second node cluster, and further, a linker node (e.g., the third node in the embodiment of the present application) in the second node cluster may transfer the block data to the third node cluster for data backup.
In one possible implementation, the second block further includes transaction data of a third transaction, the transaction data being plaintext data; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster; the third node may obtain second rights information for the third transaction; the third node indicates that the third node cluster does not have access rights to the third transaction based on the second right information, and generates a third block according to the second block, wherein the third block comprises ciphertext data obtained by carrying out hash processing on transaction data of the third transaction; and the third node transmits the third block to the fourth node so that the third node cluster performs data backup on the third block.
In one possible implementation, the second block further includes transaction data of at least one fourth transaction, the transaction data being plaintext data; the rights information indicates that the second cluster of nodes has access rights to the at least one fourth transaction, the third block comprising transaction data of the at least one fourth transaction.
The following describes a flowchart of a blockchain network creation in an embodiment of the present application:
(1) Creation of domain
Rights domain may be created by a client initiating a request to a cluster. After a domain is created, a zone associated therewith may be created and a transaction directed to the domain may be sent.
(2) Creation of zone
Each zone must bind at least one already existing domain.
It should be noted that the bound domain needs to satisfy the domain rights restriction with the Parent zone (the tree synchronization of the zone and the tree rights of the domain need to satisfy that the data needed by the Child zone can be obtained from the Parent zone completely).
(3) Node addition zone
The new node added sends own node information to the master node through any node (seed node) in the cluster, the master node finishes Id and connection distribution, and then the new member information is synchronized to the whole cluster to finish the node adding process.
For example, referring to FIG. 6, a blockchain network may be created and transactions of different rights sent and the synchronization process presented. In the process of creating the domain, a request can be sent to the blockchain network through the client to create domain_a, domain_a/domain_a1, domain_b/domain_b1 and domain_c.
In the process of creating a zone, a request can be sent to a blockchain network through a client to create zone_b, zone_a/zone_a1, zone_b/zone_b1 and zone_c, and domain_a, domain_a/domain_a1, domain_b/domain_b1 and domain_c are respectively associated.
In the process of adding nodes to the zones, a request can be sent to the blockchain network through a client, a certain number of nodes are added to all the zones in the root zone, and each zone is guaranteed to have at least one node.
In the process of data backup, transactions can be sent, and the blockchain network realizes data synchronization.
Illustratively, trade tx_1, trade tx_2, and trade tx_3 are taken as examples; the transaction tx_1 can be sent, the designated authority domain is/domain_b, when the data is synchronized to three downstream zones (zone_a, zone_b and zone_c) after the consensus cluster completes the transaction packaging block, only zone_b associated with/domain_b has authority, therefore, only the block containing tx_1 is sent to zone_b, and tx_1 is compressed in the blocks sent to zone_a and zone_c;
after the transaction data synchronization is completed, the downstream zone (zone_b:: zone_b1) is synchronized, and the downstream zone has no authority, so tx_1 in the block is compressed.
The zone downstream of zone_a has no authority, and only the block compressed by tx_1 can be obtained. The branches and the levels of the zone can determine the upper limit of the data right which can be acquired, and safer data isolation is realized.
Transmitting transaction tx_2, and designating authority domain as/domain_b/;
after the consensus cluster completes the transaction packaging block, processing is the same as above;
after the transaction data is synchronized, the downstream zone (zone_b:: zone_b1) is synchronized, and the downstream zone has authority, so that the block containing tx_2 data is synchronized downstream.
Send transaction tx_3, no rights field specified (using default values/+);
after the consensus cluster completes the transaction packaging block, when synchronizing data to three downstream zones (zone_a, zone_b, zone_c), all downstream zones have authority, and therefore all downstream zones will be sent a tx_3 containing block.
After the transaction data synchronization is completed, the zone_a and zone_b are synchronized with the downstream zone, and the/indicates that all subdomains under the root domain have authority, so that the block containing tx_3 is sent to all downstream zones.
The embodiment of the application provides a data backup method, which is applied to a node cluster, wherein the node cluster comprises a first node cluster and a second node cluster, and the first node in the first node cluster is in communication connection with the second node in the second node cluster, and the method comprises the following steps: the first node acquires a first block and first authority information of a first transaction, wherein the first block comprises transaction data of the first transaction, and the transaction data is plaintext data; the first node indicates that the second node cluster does not have access rights to the first transaction based on the first right information, and generates a second block according to the first block, wherein the second block comprises ciphertext data obtained by carrying out hash processing on transaction data of the first transaction; the first node transmits the second block to the second node so that the second node cluster performs data backup on the second block. In the embodiment of the application, the blockchain network is divided into tree-shaped sub-groups (zones), so that the arrangement of the network structure is ordered, the network topology structure can be improved, and the synchronization performance and the upper limit of the scale can be improved. In addition, the data synchronization process filters transactions outside the rights, and can ensure data isolation across the rights domains. And only the hash value after hash processing is stored for the data in the non-authority domain, the hash value is usually far smaller than the data body, the network load can be reduced, and the performance is improved.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a data backup device according to an embodiment of the present application, which is applied to a first node, where the first node and a second node are communicatively connected, the first node and the second node belong to different clusters, and the first node 700 includes:
an obtaining module 701, configured to obtain a first block and first authority information, where the first block includes transaction data of a first transaction, and the first authority information is authority information of the first transaction;
for a specific description of the acquisition module 701, reference may be made to the description of step 301 in the above embodiment, and the description of the similarity will not be repeated.
A block generating module 702, configured to encrypt, when the first permission information indicates that the second node cluster does not have access to the at least one first transaction, transaction data of the first transaction by the first node to obtain a second block, where the second block includes the encrypted transaction data of the first transaction;
for a specific description of the block generating module 702, reference may be made to the description of step 302 in the above embodiment, and the description is omitted here for brevity.
And the transfer module 703 is configured to transfer the second block to the second node, so that the second node cluster performs data backup on the second block.
The specific description of the transfer module 703 may refer to the description of step 303 in the above embodiment, and the similarities are not repeated.
In one possible implementation, the first node cluster further includes nodes other than the first node, the second node cluster further includes nodes other than the second node, and data is transferred between the first node cluster and the second node cluster only through the first node and the second node.
In one possible implementation, the nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
In one possible implementation, the first block further includes transaction data for a second transaction;
the rights information indicates that the second cluster of nodes has access rights to the second transaction, the second block including transaction data of the second transaction.
In one possible implementation, the second block is obtained by replacing transaction data of the first transaction in the first block with the encrypted transaction data of the first transaction.
In one possible implementation, the second block further includes transaction data for a third transaction; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster; the transfer module is further configured to:
transmitting second rights information for the third transaction to the second node;
the third node includes:
the block generation module is configured to encrypt transaction data of the third transaction based on the second permission information indicating that the third node cluster does not have access permission to the third transaction, so as to obtain a third block, where the third block includes the encrypted transaction data of the third transaction;
and the transmission module is used for transmitting the third block to the fourth node so that the third node cluster performs data backup on the third block.
In one possible implementation, the second block further includes transaction data for a fourth transaction;
the second authority information indicates that the cluster to which the third node belongs has access authority to the fourth transaction, and the third block includes transaction data of the fourth transaction.
In one possible implementation, the first permission information includes at least one permission level having access to the first transaction; the block generation module is specifically configured to:
the first node determines that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
In one possible implementation, the transaction data of the first transaction is data generated by a consensus node.
In one possible implementation, the first node cluster further includes: consensus nodes;
the acquiring the first block includes: the first block communicated from the consensus node is received.
In one possible implementation, the second node cluster includes a plurality of nodes including the second node, and the second node cluster performs data backup on the second block, including:
each node of the plurality of nodes performs data backup on the second block.
The embodiment of the application also provides a data backup device, as shown in fig. 8, fig. 8 is a schematic structural diagram of the data backup device in the embodiment of the application, and for convenience of explanation, only the relevant parts of the embodiment of the application are shown, and specific technical details are not disclosed, please refer to the method parts of the embodiment of the application. The data backup device operates at a terminal, and the terminal can be any terminal equipment including a mobile phone, a tablet personal computer, a personal digital assistant (personal digital assistant, pdA), a Point of Sale (POs), a vehicle-mounted computer and the like, taking the terminal as an example of the mobile phone:
The mobile phone comprises: radio Frequency (RF) circuitry 810, memory 820, input unit 830, display unit 840, sensor 850, audio circuitry 860, wireless fidelity (wireless fidelity, wiFi) module 870, processor 880, and power supply 890. Those skilled in the art will appreciate that the handset configuration shown in fig. 8 is not limiting of the handset and may include more or fewer components than shown, or may combine certain components, or may be arranged in a different arrangement of components.
The RF circuit 810 may be used for receiving and transmitting signals during a message or a call, and in particular, after receiving downlink information of a base station, it is processed by the processor 880; in addition, the data of the design uplink is sent to the base station. Typically, the RF circuitry 810 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (low noise amplifier, lNA), a duplexer, and the like. In addition, the RF circuitry 810 may also communicate with networks and other devices via wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (global system of mobile communication, gsm), general packet radio services (general packet radio service, GPRs), code division multiple access (code division multiple access, cdmA), wideband code division multiple access (wideband code division multiple access, WCdmA), long term evolution (long term evolution, ltE), email, short message service (short messaging service, sms), and the like.
The memory 820 may be used to store software programs and modules, and the processor 880 performs various functional applications and data processing of the cellular phone by executing the software programs and modules stored in the memory 820. The memory 820 may mainly include a storage program area that may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), and a storage data area; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, memory 820 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The input unit 830 may be used to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset. In particular, the input unit 830 may include a touch panel 831 and other input devices 832. The touch panel 831, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 831 or thereabout using any suitable object or accessory such as a finger, stylus, etc.), and actuate the corresponding connection device according to a predetermined program. Alternatively, the touch panel 831 may include two portions of a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 880 and can receive commands from the processor 880 and execute them. In addition, the touch panel 831 may be implemented in various types of resistive, capacitive, infrared, surface acoustic wave, and the like. The input unit 830 may include other input devices 832 in addition to the touch panel 831. In particular, other input devices 832 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.
The display unit 840 may be used to display information input by a user or information provided to the user and various menus of the mobile phone. The display unit 840 may include a display panel 841, and optionally, the display panel 841 may be configured in the form of a liquid crystal display (liquid crystal display, lCd), an organic light-emitting diode (OlEd), or the like. Further, the touch panel 831 may overlay the display panel 841, and when the touch panel 831 detects a touch operation thereon or thereabout, the touch operation is transferred to the processor 880 to determine the type of touch event, and the processor 880 then provides a corresponding visual output on the display panel 841 according to the type of touch event. Although in fig. 8, touch panel 881 and display panel 841 are shown as two separate components to implement the input and input functions of the handset, in some embodiments touch panel 831 may be integrated with display panel 841 to implement the input and output functions of the handset.
The handset may also include at least one sensor 850, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 841 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 841 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for applications of recognizing the gesture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the handset are not described in detail herein.
Audio circuitry 860, speaker 861, microphone 862 may provide an audio interface between the user and the handset. The audio circuit 860 may transmit the received electrical signal converted from audio data to the speaker 861, and the electrical signal is converted into a sound signal by the speaker 861 to be output; on the other hand, microphone 862 converts the collected sound signals into electrical signals, which are received by audio circuit 860 and converted into audio data, which are processed by audio data output processor 880 for transmission to, for example, another cell phone via RF circuit 810, or which are output to memory 820 for further processing.
WiFi belongs to a short-distance wireless transmission technology, and a mobile phone can help a user to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 870, so that wireless broadband Internet access is provided for the user. Although fig. 8 shows a WiFi module 870, it is understood that it does not belong to the necessary components of a cell phone, and can be omitted entirely as needed within a range that does not change the essence of the application.
The processor 880 is a control center of the mobile phone, connects various parts of the entire mobile phone using various interfaces and lines, and performs various functions of the mobile phone and processes data by running or executing software programs and/or modules stored in the memory 820 and calling data stored in the memory 820, thereby performing overall monitoring of the mobile phone. In the alternative, processor 880 may include one or more processing units; alternatively, the processor 880 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 880.
The handset further includes a power supply 890 (e.g., a battery) for powering the various components, optionally in logical communication with the processor 880 through a power management system, as well as performing functions such as managing charge, discharge, and power consumption by the power management system.
In an embodiment of the present application, the processor 880 included in the terminal may perform the steps described in the embodiment corresponding to the above-described figures.
The data backup device provided by the embodiment of the application can be deployed in a server, and the server can be a single server or a server cluster formed by a plurality of servers, and the description is made by the single server. Referring to fig. 9, fig. 9 is a schematic diagram of a server structure provided in an embodiment of the present application, where the server 900 may have a relatively large difference due to configuration or performance, and may include one or more central processing units (central processing units, CPU) 922 (e.g., one or more processors) and a memory 932, and one or more storage media 930 (e.g., one or more mass storage devices) storing application programs 942 or data 944. Wherein the memory 932 and the storage medium 930 may be transitory or persistent. The program stored in the storage medium 930 may include one or more modules (not shown), each of which may include a series of instruction operations on a server. Still further, the central processor 922 may be arranged to communicate with a storage medium 930 to execute a series of instruction operations in the storage medium 930 on the server 900.
The server 900 may also include one or more power supplies 926, one or more wired or wireless network interfaces 950, one or more input/output interfaces 958, and/or one or more operating systems 941, such as Windows server, mac Os Xtm, unixtm, linuxtm, freeBsdtm, and the like.
The steps performed by the server in the above embodiments may be based on the server structure shown in fig. 9.
CPU 922 may perform the steps described above for the corresponding embodiment of fig. 3.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, dsl)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., dVd), or a semiconductor medium (e.g., solid state disk (ssd)), etc.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only memory (ROm), a random access memory (RAm, random Access memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (26)
1. A node cluster comprising a first node cluster and a second node cluster, a communication connection between a first node in the first node cluster and a second node in the second node cluster, the method comprising:
the first node is configured to obtain a first block and first authority information, where the first block includes transaction data of a first transaction, and the first authority information is authority information of the first transaction;
encrypting transaction data of the first transaction to obtain a second block, wherein the second block comprises the encrypted transaction data of the first transaction under the condition that the first authority information indicates that the second node cluster does not have access authority to the at least one first transaction;
And transmitting the second block to the second node so that the second node cluster performs data backup on the second block.
2. The node cluster of claim 1, wherein the first node cluster further comprises nodes other than the first node, the second node cluster further comprises nodes other than the second node, and data is transferred between the first node cluster and the second node cluster only through the first node and the second node.
3. The node cluster according to claim 1 or 2, characterized in that the nodes in the second node cluster are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
4. A cluster of nodes according to any one of claims 1 to 3, wherein the second block further comprises transaction data for a third transaction; the node cluster further comprises a third node cluster, and a third node in the second node cluster is in communication connection with a fourth node in the third node cluster;
the first node is further configured to transmit second permission information of the third transaction to the second node;
The third node is configured to encrypt transaction data of the third transaction based on the second permission information indicating that the third node cluster does not have access to the third transaction, so as to obtain a third block, where the third block includes the encrypted transaction data of the third transaction;
and transmitting the third block to the fourth node so that the third node cluster performs data backup on the third block.
5. The cluster of nodes of claim 4, wherein the second block further comprises transaction data for a fourth transaction;
the second authority information indicates that the cluster to which the third node belongs has access authority to the fourth transaction, and the third block includes transaction data of the fourth transaction.
6. A data backup method, applied to a first node, where the first node and a second node are in communication connection, and the first node and the second node belong to different clusters, the method comprising:
the first node acquires a first block and first authority information, wherein the first block comprises transaction data of a first transaction, and the first authority information is the authority information of the first transaction;
Encrypting transaction data of the first transaction by the first node to obtain a second block under the condition that the first authority information indicates that the second node cluster does not have access authority to the at least one first transaction, wherein the second block comprises the encrypted transaction data of the first transaction;
the first node transmits the second block to the second node so that the second node cluster performs data backup on the second block.
7. The method of claim 6, wherein the first node belongs to a first node cluster and the second node belongs to a second node cluster, the first node cluster further comprising nodes other than the first node, the second node cluster further comprising nodes other than the second node, and wherein data transfer between the first node cluster and the second node cluster is performed only through the first node and the second node.
8. The method according to claim 6 or 7, wherein the nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
9. The method of any one of claims 6 to 8, wherein the first block further comprises transaction data for a second transaction;
the first permission information indicates that the second node cluster has access to the second transaction, and the second block includes transaction data of the second transaction.
10. A method according to any one of claims 6 to 9, wherein the second block is derived by replacing transaction data of the first transaction in the first block with the encrypted transaction data of the first transaction.
11. The method according to any of claims 6 to 10, wherein the first rights information comprises at least one rights level having access rights to the first transaction; the method further comprises the steps of:
the first node determines that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
12. A method according to any one of claims 6 to 11, wherein the transaction data of the first transaction is data generated by a consensus node.
13. The method according to any of claims 6 to 12, wherein the first cluster of nodes further comprises: consensus nodes;
the acquiring the first block includes: the first block communicated from the consensus node is received.
14. The method according to any one of claims 6 to 13, wherein the second node cluster includes a plurality of nodes including the second node, and the second node cluster performs data backup on the second block, including:
each node of the plurality of nodes performs data backup on the second block.
15. A data backup device, applied to a first node, where the first node and a second node are communicatively connected, and the first node and the second node belong to different clusters, and the first node includes:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a first block and first authority information, the first block comprises transaction data of a first transaction, and the first authority information is the authority information of the first transaction;
the block generation module is used for encrypting the transaction data of the first transaction by the first node to obtain a second block when the first authority information indicates that the second node cluster does not have the access authority to the at least one first transaction, and the second block comprises the encrypted transaction data of the first transaction;
And the transmission module is used for transmitting the second block to the second node so that the second node cluster performs data backup on the second block.
16. The apparatus of claim 15, wherein the first node belongs to a first node cluster and the second node belongs to a second node cluster, the first node cluster further comprising nodes other than the first node, the second node cluster further comprising nodes other than the second node, and wherein data transfer between the first node cluster and the second node cluster is performed only through the first node and the second node.
17. The apparatus according to claim 15 or 16, wherein nodes in the second cluster of nodes are configured to: and the authority of actively accessing the data of the nodes in the first node cluster is not provided.
18. The apparatus of any one of claims 15 to 17, wherein the first block further comprises transaction data for a second transaction;
the first permission information indicates that the second node cluster has access to the second transaction, and the second block includes transaction data of the second transaction.
19. The apparatus of any of claims 15 to 18, wherein the second block is derived by replacing transaction data of the first transaction in the first block with the encrypted transaction data of the first transaction.
20. The apparatus of any of claims 15 to 19, wherein the first permission information comprises at least one permission level having access to the first transaction; the block generation module is specifically configured to:
the first node determines that the first permission information indicates that the second node cluster does not have access to the first transaction based on the permission level of the second node cluster not being in the at least one permission level.
21. The apparatus of any of claims 15 to 20, wherein the transaction data for the first transaction is data generated by a consensus node.
22. The apparatus according to any of claims 15 to 21, wherein the first cluster of nodes further comprises: consensus nodes;
the acquisition module is specifically configured to: the first block communicated from the consensus node is received.
23. The apparatus of any of claims 15 to 22, wherein the second node cluster includes a plurality of nodes including the second node, the second node cluster performs data backup on the second block, and the method comprises:
Each node of the plurality of nodes performs data backup on the second block.
24. A data backup apparatus comprising: memory, transceiver, processor, and bus system; wherein the memory is used for storing programs and instructions; the transceiver is used for receiving or transmitting information under the control of the processor; the processor is used for executing the program in the memory; the bus system is used for connecting the memory, the transceiver and the processor so as to enable the memory, the transceiver and the processor to communicate; the processor is configured to invoke program instructions in the memory to perform a data backup method as claimed in any of claims 6 to 14.
25. A computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform the data backup method of any of claims 6 to 14.
26. A computer program product comprising code which, when executed, is adapted to carry out the data backup method of any one of claims 6 to 14.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468559.1A CN117009983A (en) | 2022-04-29 | 2022-04-29 | Node cluster and data backup method |
| PCT/CN2023/090186 WO2023207871A1 (en) | 2022-04-29 | 2023-04-24 | Node cluster and data backup method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468559.1A CN117009983A (en) | 2022-04-29 | 2022-04-29 | Node cluster and data backup method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117009983A true CN117009983A (en) | 2023-11-07 |
Family
ID=88517773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210468559.1A Pending CN117009983A (en) | 2022-04-29 | 2022-04-29 | Node cluster and data backup method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117009983A (en) |
| WO (1) | WO2023207871A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110290094B (en) * | 2018-03-19 | 2022-03-11 | 华为技术有限公司 | Method and device for controlling data access authority |
| CN111899104B (en) * | 2018-11-27 | 2023-12-01 | 创新先进技术有限公司 | Service execution method and device |
| CN111553670B (en) * | 2020-04-28 | 2021-10-15 | 腾讯科技(深圳)有限公司 | Transaction processing method and device and computer readable storage medium |
| CN112615847B (en) * | 2020-12-14 | 2021-09-17 | 上海交通大学 | Data sharing and privacy protection method based on block chain |
| CN113822675A (en) * | 2021-09-29 | 2021-12-21 | 平安银行股份有限公司 | Block chain based message processing method, device, equipment and storage medium |
-
2022
- 2022-04-29 CN CN202210468559.1A patent/CN117009983A/en active Pending
-
2023
- 2023-04-24 WO PCT/CN2023/090186 patent/WO2023207871A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023207871A1 (en) | 2023-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11296937B2 (en) | Decentralized data storage and processing for IoT devices | |
| CN110601849B (en) | Trusted timestamp adding method and device and storage medium | |
| KR101871383B1 (en) | Method and system for using a recursive event listener on a node in hierarchical data structure | |
| US11444783B2 (en) | Methods and apparatuses for processing transactions based on blockchain integrated station | |
| US20210326863A1 (en) | Methods and apparatuses for identifying replay transaction based on blockchain integrated station | |
| CN111131079B (en) | Policy query method and device | |
| US20210329093A1 (en) | Methods and apparatuses for identifying to-be-filtered transaction based on blockchain integrated station | |
| WO2021043062A1 (en) | Cross-network wake-up method and related device | |
| CN113420007B (en) | Audit processing method and device for database access and electronic equipment | |
| CN113259460A (en) | Cross-chain interaction method and device | |
| CN110113406B (en) | Distributed computing service cluster system | |
| EP4357950A1 (en) | Device management method, system and apparatus | |
| CN112003943A (en) | Voice data synchronization method and device | |
| CN113067838B (en) | Cross-chain interaction method and device | |
| CN113032160B (en) | Data synchronization management method and related device | |
| CN103685497A (en) | On-line storing and sharing method and system | |
| CN117009983A (en) | Node cluster and data backup method | |
| US10292047B1 (en) | Systems and methods for preventing tracking of mobile devices | |
| CN114880717A (en) | Data archiving method and device | |
| US11622005B2 (en) | Internet of Things system, central control device, application device and communication methods | |
| CN108683586A (en) | Data processing method, device, medium in instant communicating system and computing device | |
| CN116644128A (en) | Block chain-based data processing method, device and storage medium | |
| Carta | Implementation of a disaster mode to maintain twitter communications in times of network outages | |
| CN117354324A (en) | Block chain uplink method, related device and medium | |
| CN117240710A (en) | Block chain node management method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |