CN112565303B

CN112565303B - Method and device for performing authentication connection between block chain nodes and related product

Info

Publication number: CN112565303B
Application number: CN202011642999.1A
Authority: CN
Inventors: 阮安邦; 陈凯; 魏明; 陈旭明
Original assignee: Beijing Octa Innovations Information Technology Co Ltd
Current assignee: Fuzhou Qiyuan Information Technology Co.,Ltd.
Priority date: 2020-12-30
Filing date: 2020-12-30
Publication date: 2023-03-28
Anticipated expiration: 2040-12-30
Also published as: CN112565303A

Abstract

The method, device, and related products for authentication connection between blockchain nodes provided in the embodiments of the present application monitor whether communication is performed between two blockchain nodes in the blockchain system; if monitored, the two The authentication system on the peer blockchain node in the blockchain node performs an integrity check on the authentication system on the blockchain node at the other end; if the authentication system on the blockchain node at the other end is complete, the two districts The block chain node establishes the authentication connection, thereby performing authentication based on the authentication connection during authentication, which simplifies the authentication process of the block chain node and improves the authentication efficiency of the block chain node.

Description

Method, device and related products for authenticated connection between blockchain nodes

技术领域technical field

本申请涉及区块链技术领域，特别是涉及一种区块链节点之间进行认证连接的方法、装置及相关产品。The present application relates to the technical field of block chains, in particular to a method, device and related products for authentication connection between block chain nodes.

背景技术Background technique

区块链系统(本质上是大数据系统)是分布式数据存储系统、点对点传输、共识机制、加密算法等技术的集成应用模式，能够在互联网上实现传统互联网无法实现的信任和价值传递。区块链系统包括若干个区块链节点，由于区块链系统是去中心化的系统，如果保证区块链系统的正常且安全的运行，必须对区块链节点(本质上是区块链节点)进行认证，只有区块链节点的状态是认证通过的，这些区块链节点才可以参与运行。但是，现有技术中，区块链节点之间的认证没有任何逻辑关系导致在认证时要按照单个区块链节点为单位进行认证导致这种认证的过程比较复杂，导致认证的效率较低，极大的影响了区块链系统的运行。The blockchain system (essentially a big data system) is an integrated application model of distributed data storage system, point-to-point transmission, consensus mechanism, encryption algorithm and other technologies, which can realize trust and value transfer that cannot be realized on the traditional Internet on the Internet. The blockchain system includes several blockchain nodes. Since the blockchain system is a decentralized system, if the normal and safe operation of the blockchain system is guaranteed, the blockchain nodes (essentially the blockchain Nodes) for authentication, only when the state of the blockchain nodes is certified, these blockchain nodes can participate in the operation. However, in the prior art, there is no logical relationship between the authentication between the blockchain nodes, which leads to the authentication in units of a single blockchain node, which makes the authentication process more complicated and results in lower authentication efficiency. It has greatly affected the operation of the blockchain system.

发明内容Contents of the invention

基于上述问题，本申请实施例提供了一种区块链节点之间进行认证连接的方法、装置及相关产品。Based on the above problems, the embodiments of the present application provide a method, device and related products for authenticated connection between blockchain nodes.

第一方面，本申请实施例提供了一种区块链节点之间进行认证连接的方法，包括：In the first aspect, the embodiment of the present application provides a method for authenticated connection between blockchain nodes, including:

监控区块链系统中的两个区块链节点之间是否进行通信；Monitor whether there is communication between two blockchain nodes in the blockchain system;

若监控到，则两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测；If it is monitored, the authentication system on the peer blockchain node in the two blockchain nodes performs an integrity check on the authentication system on the blockchain node at the other end;

若另外一端的区块链节点上的认证系统完整，两个区块链节点建立认证连接。If the authentication system on the blockchain node at the other end is complete, the two blockchain nodes establish an authentication connection.

可选地，在一种具体地实施方式中，监控区块链系统中的两个区块链节点之间产生的网络流量，以监控区块链系统中的两个区块链节点之间是否进行通信。Optionally, in a specific implementation manner, the network traffic generated between two blockchain nodes in the blockchain system is monitored to monitor whether the two blockchain nodes in the blockchain system to communicate.

可选地，在一种具体地实施方式中，通过流量截获的方式监控区块链系统中的两个区块链节点之间产生的网络流量。Optionally, in a specific implementation manner, the network traffic generated between two blockchain nodes in the blockchain system is monitored by way of traffic interception.

第二方面，本申请实施例提供了一种区块链节点之间进行认证连接的装置，包括：In the second aspect, the embodiment of the present application provides a device for authenticating connections between blockchain nodes, including:

监控单元，用于监控区块链系统中的两个区块链节点之间是否进行通信；A monitoring unit, configured to monitor whether communication is performed between two blockchain nodes in the blockchain system;

完整性检测单元，用于在监控到两个区块链节点之间进行通信时，使两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测；The integrity detection unit is used to make the authentication system on the peer blockchain node of the two blockchain nodes check the authentication system on the blockchain node at the other end when the communication between the two blockchain nodes is monitored. Integrity testing of the certification system;

可选地，在一种具体地实施方式中，监控单元进一步用于监控区块链系统中的两个区块链节点之间产生的网络流量，以监控区块链系统中的两个区块链节点之间是否进行通信。Optionally, in a specific implementation manner, the monitoring unit is further used to monitor network traffic generated between two blockchain nodes in the blockchain system, so as to monitor two blocks in the blockchain system Whether to communicate between chain nodes.

可选地，在一种具体地实施方式中，监控单元进一步用于通过流量截获的方式监控区块链系统中的两个区块链节点之间产生的网络流量。Optionally, in a specific implementation manner, the monitoring unit is further configured to monitor network traffic generated between two blockchain nodes in the blockchain system by way of traffic interception.

可选地，在一种具体地实施方式中，两个区块链节点之间的通信基于上层服务组件之间启动。Optionally, in a specific implementation manner, the communication between two blockchain nodes is initiated between upper-layer service components.

第三方面，本申请实施例提供了一种区块链系统，包括：多个区块链节点，每个区块链节点上设置有区块链节点之间进行认证连接的装置，其包括：In the third aspect, the embodiment of the present application provides a blockchain system, including: a plurality of blockchain nodes, and each blockchain node is provided with an authentication connection device between blockchain nodes, which includes:

第四方面，本申请实施例提供了一种电子设备，包括：存储器以及处理器，存储器上存储有计算机可执行指令，处理器用于执行计算机可执行指令以执行如下步骤：In a fourth aspect, the embodiment of the present application provides an electronic device, including: a memory and a processor, where computer-executable instructions are stored in the memory, and the processor is used to execute the computer-executable instructions to perform the following steps:

第五方面，本申请实施例提供了一种计算机存储介质，计算机存储介质上存储有计算机可执行指令，计算机可执行指令被执行时实施如下步骤：In the fifth aspect, the embodiment of the present application provides a computer storage medium, on which computer executable instructions are stored, and the following steps are implemented when the computer executable instructions are executed:

本申请实施例的技术方案中，通过监控区块链系统中的两个区块链节点之间是否进行通信；若监控到，则两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测；若另外一端的区块链节点上的认证系统完整，两个区块链节点建立认证连接,从而在认证时基于认证连接进行认证，简化了区块链节点的认证过程，提高了区块链节点的认证效率。In the technical solution of the embodiment of the present application, by monitoring whether communication is performed between two blockchain nodes in the blockchain system; if monitored, the peer blockchain node in the two blockchain nodes The authentication system checks the integrity of the authentication system on the blockchain node at the other end; if the authentication system on the blockchain node at the other end is complete, the two blockchain nodes establish an authentication connection, so that authentication is based on the authentication connection The authentication process simplifies the authentication process of blockchain nodes and improves the authentication efficiency of blockchain nodes.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present application. Those skilled in the art can also obtain other drawings based on these drawings without any creative effort.

图1为本申请实施例提供的一种互联网节点之间进行认证连接的方法流程图；FIG. 1 is a flow chart of a method for authenticating connections between Internet nodes provided by an embodiment of the present application;

图2为本申请实施例提供的一种互联网节点之间进行认证连接的装置示意图；FIG. 2 is a schematic diagram of a device for authenticating connections between Internet nodes provided by an embodiment of the present application;

图3为本申请实施例提供的一种区块链系统的示意图；FIG. 3 is a schematic diagram of a block chain system provided by an embodiment of the present application;

图4为本申请实施例提供的一种电子设备的示意图；FIG. 4 is a schematic diagram of an electronic device provided in an embodiment of the present application;

图5为本申请实施例提供的一种电子设备的结构示意图；FIG. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present application;

图6为本申请实施例提供的一种计算机存储介质示意图。FIG. 6 is a schematic diagram of a computer storage medium provided by an embodiment of the present application.

具体实施方式Detailed ways

实施本申请实施例的任一技术方案必不一定需要同时达到以上的所有优点。Implementing any technical solution of the embodiments of the present application does not necessarily need to achieve all the above advantages at the same time.

为了使本技术领域的人员更好地理解本发明方案，下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

实施例一、Embodiment one,

请参阅图1，本申请实施例提供了一种区块链节点之间进行认证连接的方法，包括：Please refer to Figure 1, the embodiment of this application provides a method for authentication connection between blockchain nodes, including:

S101：监控区块链系统中的两个区块链节点之间是否进行通信；S101: Monitor whether communication is performed between two blockchain nodes in the blockchain system;

可选地，本实施例中，多个区块链节点可以组成区块链系统，该区块链系统比如为联盟链、私有链或者公有链；可选地，本实施例中，所述区块链节点包括区块链节点，所述区块链节点可以为区块链轻节点和区块链全节点。区块链全节点就是拥有全网所有的交易数据的节点，区块链轻节点就是只拥有和自己相关的交易数据节点。Optionally, in this embodiment, multiple blockchain nodes can form a blockchain system, such as a consortium chain, a private chain, or a public chain; optionally, in this embodiment, the district The block chain nodes include block chain nodes, and the block chain nodes may be block chain light nodes and block chain full nodes. A blockchain full node is a node that owns all the transaction data of the entire network, and a blockchain light node is a node that only owns transaction data related to itself.

本实施例中，需要说明的是，当多个区块链节点组成区块链系统时，可以只在部分区块链节点上部署上述认证系统，或者在所有的区块链节点上部署上述认证系统。比如，对于私有链，由于区块链节点的数量本身就比较少，为此，为了保证区块链系统的安全运行，可以在所有的区块链节点上部署上述认证系统。再比如，对于联盟链，可以参照私有链，在所有的区块链节点上部署上述认证系统。还比如，对于私有链，由于区块链节点的数量本身就比较多，为此，为了保证区块链系统的安全运行，可以在部分区块链节点上部署上述认证系统，比如，在所有的区块链全节点上部署上述认证系统，而在部分区块链轻节点上部署上述认证系统；或者，在少量的区块链全节点上部署上述认证系统，而在所有的区块链轻节点上部署上述认证系统。In this embodiment, it should be noted that when multiple blockchain nodes form a blockchain system, the above-mentioned authentication system can be deployed only on some blockchain nodes, or the above-mentioned authentication system can be deployed on all blockchain nodes. system. For example, for a private chain, since the number of blockchain nodes is relatively small, in order to ensure the safe operation of the blockchain system, the above authentication system can be deployed on all blockchain nodes. For another example, for the consortium chain, the above authentication system can be deployed on all blockchain nodes with reference to the private chain. For example, for a private chain, since the number of blockchain nodes is relatively large, in order to ensure the safe operation of the blockchain system, the above-mentioned authentication system can be deployed on some blockchain nodes, for example, in all Deploy the above authentication system on all blockchain nodes, and deploy the above authentication system on some blockchain light nodes; or, deploy the above authentication system on a small number of blockchain full nodes, and deploy the above authentication system on all blockchain light nodes Deploy the authentication system above.

可选地，本实施例中，通过监控网络流量的方式，可快速地监控到两个区块链节点之间是否进行通信，即两个区块链节点之间是否即将发生数据交互或者正在进行数据交互。Optionally, in this embodiment, by monitoring network traffic, it is possible to quickly monitor whether there is communication between two blockchain nodes, that is, whether data interaction between two blockchain nodes is about to occur or is in progress Data interaction.

可选地，本实施例中，通过截取网络流量的方式，可快速地监控到两个区块链节点之间是否进行通信，即两个区块链节点之间是否即将发生数据交互或者正在进行数据交互。Optionally, in this embodiment, by intercepting network traffic, it is possible to quickly monitor whether there is communication between two blockchain nodes, that is, whether data interaction between two blockchain nodes is about to occur or is in progress Data interaction.

可选地，本实施例中，监控的通信是两个区块链节点之间基于上次服务组件之间的通信，从而保证了认证针对对象的准确性，进一步在进行认证时，保证了认证结果的可用性、参考性。Optionally, in this embodiment, the monitored communication is the communication between two blockchain nodes based on the last communication between service components, thereby ensuring the accuracy of the authentication for the object, and further ensuring that the authentication Availability and reference of results.

S102：若监控到，则两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测；S102: If monitored, the authentication system on the peer blockchain node of the two blockchain nodes performs an integrity check on the authentication system on the blockchain node at the other end;

可选地，在一种具体地实施方式中，两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测，包括：判断认证系统中是否存储有信任评估核矩阵，且信任评估核矩阵是否需要更新，若存在且需要更新，则判定另外一端的区块链节点上的认证系统完整。Optionally, in a specific implementation manner, the authentication system on the peer blockchain node of the two blockchain nodes performs an integrity check on the authentication system on the blockchain node at the other end, including: Judging whether there is a trust evaluation kernel matrix stored in the authentication system, and whether the trust evaluation kernel matrix needs to be updated, if it exists and needs to be updated, it is determined that the authentication system on the blockchain node at the other end is complete.

可选地，在一种具体地实施方式中，判断认证系统中是否存储有信任评估核矩阵，包括：判断认证系统中是否存在认证内核，且信任评估核矩阵是否存储在认证内核中；Optionally, in a specific implementation manner, judging whether a trust evaluation kernel matrix is stored in the authentication system includes: judging whether there is an authentication kernel in the authentication system, and whether the trust evaluation kernel matrix is stored in the authentication kernel;

判断信任评估核矩阵是否需要更新，包括：判断是否通过内核维护模块对认证内核中的信任评估核矩阵进行更新。Judging whether the trust evaluation kernel matrix needs to be updated includes: judging whether to update the trust evaluation kernel matrix in the authentication kernel through the kernel maintenance module.

本实施例中，信任评估核矩阵用于记录区块链节点对区块链节点的信任认证数据，此处，需要说明的是，可以对区块链系统中的区块链节点进行分组，每组区块链节点记录本组内部所有区块链节点之间的信任认证数据；而对于组和组之间，则可以从一组区块链节点中挑选一个区块链节点作为对外联络节点，该对外联络节点同时属于另外一组区块链节点，即两组区块链节点具有共同的区块链节点，该共同的区块链节点的数量可以为一个，或者也可以为多个，其具体数量根据应用场景的需求灵活配置。比如，如果区块链系统为公有链，由于其在互联网上的可见度更高，受到网络攻击而具有安全隐患的可能较大，因此，两组区块链节点具有共同的区块链节点的数量为多个。而对于私有链和联盟链来说，由于其在互联网上的可见度交底，受到网络攻击而具有安全隐患的可能较小，因此，两组区块链节点具有共同的区块链节点的数量为一个。In this embodiment, the trust evaluation kernel matrix is used to record the trust authentication data of the blockchain node to the blockchain node. Here, it should be noted that the blockchain nodes in the blockchain system can be grouped, and each The group blockchain node records the trust authentication data between all blockchain nodes within the group; and between groups, a blockchain node can be selected from a group of blockchain nodes as the external contact node. The external contact node belongs to another group of blockchain nodes at the same time, that is, the two groups of blockchain nodes have a common blockchain node, and the number of the common blockchain nodes can be one, or it can be multiple. The specific number can be flexibly configured according to the requirements of the application scenario. For example, if the blockchain system is a public chain, due to its higher visibility on the Internet, it is more likely to be a security risk due to network attacks. Therefore, the two groups of blockchain nodes have a common number of blockchain nodes for multiple. For private chains and consortium chains, due to their visibility on the Internet, they are less likely to have security risks due to network attacks. Therefore, the two sets of blockchain nodes have a common number of blockchain nodes. .

如前所述，本申请中之所以要进行认证，是为了保证区块链节点作为互联网系统的组成部分参与到系统运行时，如何基于区块链节点自身的安全从而保证整个系统的安全运行，为此，只有两个区块链节点有数据交互时，这种安全问题才需要考虑，为此，本实施例中，通过配置了监控单元来监控区块链节点之间是否的通信，如果有通信，则表明两个区块链节点之间即将发生数据交互或者正在进行数据交互，为此，触发所述认证内核所述两个区块链节点中的对端的认证系统进行认证得到所述信任评估核矩阵，否则，无须触发所述认证内核所述两个区块链节点中的对端的认证系统进行认证得到所述信任评估核矩阵。As mentioned above, the reason for the certification in this application is to ensure that when the blockchain nodes participate in the system operation as an integral part of the Internet system, how to ensure the safe operation of the entire system based on the security of the blockchain nodes themselves, For this reason, only when there is data interaction between two blockchain nodes, this security issue needs to be considered. For this reason, in this embodiment, a monitoring unit is configured to monitor whether the communication between the blockchain nodes, if there is communication, it indicates that data interaction between two blockchain nodes is about to occur or data interaction is in progress, for this reason, the authentication system of the opposite end of the two blockchain nodes in the authentication kernel is triggered to perform authentication to obtain the trust Evaluate the kernel matrix, otherwise, it is not necessary to trigger the authentication system of the authentication kernel at the opposite end of the two blockchain nodes to perform authentication to obtain the trust evaluation kernel matrix.

可选地，在一种具体地实施方式中，判断是否通过内核维护模块对认证内核中的信任评估核矩阵进行更新，包括：判断是否内核维护模块在更新信任评估核矩阵，通过交换的方式。Optionally, in a specific implementation manner, judging whether to update the trust evaluation kernel matrix in the authentication kernel through the kernel maintenance module includes: judging whether the kernel maintenance module is updating the trust evaluation kernel matrix by way of exchange.

可选地，本实施例中，所述内核维护模块在将所述信任核矩阵交换到对端区块链节点上时，优选交换到其邻居区块链节点，即其他区块链节点为邻居区块链节点，该邻居区块链节点可以是直接相邻，也可以是间接相邻。当间接相邻时，可以通过设定相邻步长或者相邻距离来控制邻居的数量。Optionally, in this embodiment, when the kernel maintenance module exchanges the trust kernel matrix to the peer blockchain node, it preferably switches to its neighbor blockchain node, that is, other blockchain nodes are neighbors Blockchain nodes, the neighboring blockchain nodes can be directly adjacent or indirectly adjacent. When indirectly adjacent, the number of neighbors can be controlled by setting the neighbor step or neighbor distance.

进一步地，当区块链系统中，如果其中的所有区块链节点被分成若干组，则所述内核维护模块在将所述信任核矩阵交换对端区块链节点上时，判断所述对端区块链节点与所述另一端区块链节点是否在同一组。Further, when in the block chain system, if all the block chain nodes are divided into several groups, the kernel maintenance module judges that the pair Whether the end block chain node and the other end block chain node are in the same group.

进一步地，如前所述，相邻两组区块链节点具有共同的区块链节点上时，通过共同的区块链节点可以在相邻两组区块链节点之间进行所述信任核矩阵的交换。Further, as mentioned above, when the adjacent two groups of blockchain nodes have a common blockchain node, the trust kernel can be performed between the adjacent two groups of blockchain nodes through the common blockchain node. matrix exchange.

可选地，在一种具体地实施方式中，进行信任核矩阵的更新时，通过分散认证框架的方式实施。Optionally, in a specific implementation manner, when updating the trust kernel matrix, it is implemented by means of a decentralized authentication framework.

可选地，本实施例中，通过分散认证框架可以实现认证的去中心化，使得两个区块链节点之间无须任何第三方既可以进行快速的认证，从而保证了所述信任核矩阵的更新速度。Optionally, in this embodiment, the decentralization of authentication can be realized through the decentralized authentication framework, so that fast authentication can be performed between two blockchain nodes without any third party, thereby ensuring the integrity of the trust kernel matrix. Update Speed.

可选地，在一种具体地实施方式中，区块链节点之间进行认证连接的方法还包括：导出信任核矩阵，以使得内核维护模块在两个区块链节点之间进行信任核矩阵的更新。Optionally, in a specific implementation manner, the method for authenticating connection between blockchain nodes further includes: deriving a trust kernel matrix, so that the kernel maintenance module performs trust kernel matrix between two blockchain nodes update.

可选地，本实施例中，可通过虚拟化可信管理模块(VTPMS，virtual trusted-platforms)导出信任核矩阵，以使得内核维护模块在两个区块链节点之间进行信任核矩阵的更新，虚拟化可信管理模块可以保证两个区块链节点在进行所述信任核矩阵的交换时，快速地执行，从而保证了任一一个区块链节点上的所述信任核矩阵都会被实时更新，保证了交换的实时性以及快速性。Optionally, in this embodiment, the trust kernel matrix can be derived through a virtual trusted management module (VTPMS, virtual trusted-platforms), so that the kernel maintenance module can update the trust kernel matrix between two blockchain nodes , the virtualized trusted management module can ensure that two blockchain nodes perform the exchange of the trust kernel matrix quickly, thus ensuring that the trust kernel matrix on any blockchain node will be Real-time update ensures the real-time and fast exchange.

可选地，在一种具体地实施方式中，设置在区块链节点上的一个认证系统作为一个神经元。Optionally, in a specific implementation manner, an authentication system set on a block chain node serves as a neuron.

可选地，在一种具体地实施方式中，内核维护模块还用于使得频繁通信的多个区块链节点形成神经元认证网络，在神经元认证网络中所有的神经元共享上层服务组件。Optionally, in a specific implementation manner, the kernel maintenance module is also used to enable multiple blockchain nodes that communicate frequently to form a neuron authentication network, and all neurons in the neuron authentication network share upper-layer service components.

可选地，本实施例中，通过使得频繁通信的多个区块链节点形成神经元认证网络且在所述神经元认证网络中所有的神经元共享上层服务组件，可以有侧重的确定认证针对的对象，从而优选只对那些频繁通信的区块链节点进行认证，相对于对区块链系统中的所有只要发生通信的区块链节点进行认证来说，从而保证了认证的实施效率。Optionally, in this embodiment, by making multiple blockchain nodes with frequent communication form a neuron authentication network and all neurons in the neuron authentication network share the upper-layer service components, it is possible to focus on determining the authentication for Therefore, it is preferable to only authenticate those blockchain nodes that communicate frequently, compared to authenticating all blockchain nodes that only need to communicate in the blockchain system, thereby ensuring the implementation efficiency of authentication.

可选地，本实施例中，由于区块链节点之间的通信行为是实时发生变化的，为此，其通信频率也在不断变化，所以所述神经元认证网络的组成也是动态变化的。Optionally, in this embodiment, since the communication behavior between blockchain nodes changes in real time, the communication frequency is also constantly changing, so the composition of the neuron authentication network is also dynamically changing.

可选地，在一种具体地实施方式中，神经元认证网络具有一统一接口，用于提供神经元认证网络中神经元之间托管的交互服务的证明。Optionally, in a specific implementation manner, the neuron authentication network has a unified interface for providing proof of interaction services hosted between neurons in the neuron authentication network.

可选地，本实施例中，该统一接口可以配置在所述神经元认证网络具有较高权限或者具有较高安全年性的一个区块链节点上。Optionally, in this embodiment, the unified interface can be configured on a blockchain node with higher authority or higher security in the neuron authentication network.

S103：若另外一端的区块链节点上的认证系统完整，两个区块链节点建立认证连接。S103: If the authentication system on the blockchain node at the other end is complete, the two blockchain nodes establish an authentication connection.

实施例二、Embodiment two,

请参阅图2，本申请实施例提供了一种区块链节点之间进行认证连接的装置20，包括：Please refer to Figure 2, the embodiment of the present application provides a device 20 for authenticating connections between blockchain nodes, including:

监控单元201，用于监控区块链系统中的两个区块链节点之间是否进行通信；A monitoring unit 201, configured to monitor whether communication is performed between two blockchain nodes in the blockchain system;

完整性检测单元202，用于在监控到两个区块链节点之间进行通信时，使两个区块链节点中的对端区块链节点上的认证系统对另外一端的区块链节点上的认证系统进行完整性检测；Integrity detection unit 202, configured to enable the authentication system on the peer blockchain node in the two blockchain nodes to check the blockchain node at the other end when monitoring the communication between the two blockchain nodes. Integrity testing of the authentication system on the Internet;

下面具体说明:The specific instructions are as follows:

可选地，在一种具体地实施方式中，监控单元201进一步用于监控区块链系统中的两个区块链节点之间产生的网络流量，以监控区块链系统中的两个区块链节点之间是否进行通信。Optionally, in a specific implementation manner, the monitoring unit 201 is further used to monitor the network traffic generated between two blockchain nodes in the blockchain system, so as to monitor the two areas in the blockchain system Whether to communicate between blockchain nodes.

可选地，本实施例中，监控单元201通过监控网络流量的方式，可快速地监控到两个区块链节点之间是否进行通信，即两个区块链节点之间是否即将发生数据交互或者正在进行数据交互。Optionally, in this embodiment, by monitoring network traffic, the monitoring unit 201 can quickly monitor whether there is communication between two blockchain nodes, that is, whether data interaction between two blockchain nodes is about to occur Or data interaction is in progress.

可选地，在一种具体地实施方式中，监控单元201进一步用于通过流量截获的方式监控区块链系统中的两个区块链节点之间产生的网络流量。Optionally, in a specific implementation manner, the monitoring unit 201 is further configured to monitor network traffic generated between two blockchain nodes in the blockchain system by way of traffic interception.

可选地，本实施例中，监控单元201通过截取网络流量的方式，可快速地监控到两个区块链节点之间是否进行通信，即两个区块链节点之间是否即将发生数据交互或者正在进行数据交互。Optionally, in this embodiment, the monitoring unit 201 can quickly monitor whether there is communication between two blockchain nodes by intercepting network traffic, that is, whether data interaction between two blockchain nodes is about to occur Or data interaction is in progress.

可选地，本实施例中，所述监控单元201监控的通信是两个区块链节点之间基于上次服务组件之间的通信，从而保证了认证针对对象的准确性，进一步在进行认证时，保证了认证结果的可用性、参考性。Optionally, in this embodiment, the communication monitored by the monitoring unit 201 is the communication between two blockchain nodes based on the last service component, thereby ensuring the accuracy of the authentication object, and further performing the authentication , ensuring the availability and reference of the certification results.

可选地，在一种具体地实施方式中，完整性检测单元202进一步用于判断认证系统中是否存储有信任评估核矩阵，且信任评估核矩阵是否需要更新，若存在且需要更新，则判定另外一端的区块链节点上的认证系统完整。Optionally, in a specific implementation manner, the integrity detection unit 202 is further used to determine whether a trust evaluation kernel matrix is stored in the authentication system, and whether the trust evaluation kernel matrix needs to be updated, and if it exists and needs to be updated, then determine The authentication system on the blockchain node at the other end is complete.

可选地，在一种具体地实施方式中，完整性检测单元202进一步用于判断认证系统中是否存在认证内核，且信任评估核矩阵是否存储在认证内核中；Optionally, in a specific implementation manner, the integrity detection unit 202 is further used to determine whether there is an authentication kernel in the authentication system, and whether the trust evaluation kernel matrix is stored in the authentication kernel;

完整性检测单元202进一步用于判断是否通过内核维护模块对认证内核中的信任评估核矩阵进行更新。The integrity detection unit 202 is further used to judge whether to update the trust evaluation kernel matrix in the authentication kernel through the kernel maintenance module.

本实施例中，信任评估核矩阵用于记录区块链节点对区块链节点的信任认证数据，此处，需要说明的是，完整性检测单元202还可以用于对区块链系统中的区块链节点进行分组，每组区块链节点记录本组内部所有区块链节点之间的信任认证数据；而对于组和组之间，则可以从一组区块链节点中挑选一个区块链节点作为对外联络节点，该对外联络节点同时属于另外一组区块链节点，即两组区块链节点具有共同的区块链节点，该共同的区块链节点的数量可以为一个，或者也可以为多个，其具体数量根据应用场景的需求灵活配置。比如，如果区块链系统为公有链，由于其在互联网上的可见度更高，受到网络攻击而具有安全隐患的可能较大，因此，两组区块链节点具有共同的区块链节点的数量为多个。而对于私有链和联盟链来说，由于其在互联网上的可见度交底，受到网络攻击而具有安全隐患的可能较小，因此，两组区块链节点具有共同的区块链节点的数量为一个。In this embodiment, the trust evaluation kernel matrix is used to record the trust authentication data of the blockchain node to the blockchain node. Here, it should be noted that the integrity detection unit 202 can also be used to check the blockchain system. Blockchain nodes are grouped, and each group of blockchain nodes records the trust authentication data among all blockchain nodes within the group; and between groups, a block can be selected from a group of blockchain nodes. The block chain node is used as an external contact node, and the external contact node belongs to another group of block chain nodes at the same time, that is, the two sets of block chain nodes have a common block chain node, and the number of the common block chain nodes can be one, Or there may be more than one, and the specific number is flexibly configured according to the requirements of the application scenario. For example, if the blockchain system is a public chain, due to its higher visibility on the Internet, it is more likely to be a security risk due to network attacks. Therefore, the two groups of blockchain nodes have a common number of blockchain nodes for multiple. For private chains and consortium chains, due to their visibility on the Internet, they are less likely to have security risks due to network attacks. Therefore, the two sets of blockchain nodes have a common number of blockchain nodes. .

如前所述，本申请中之所以要进行认证，是为了保证区块链节点作为互联网系统的组成部分参与到系统运行时，如何基于区块链节点自身的安全从而保证整个系统的安全运行，为此，只有两个区块链节点有数据交互时，这种安全问题才需要考虑，为此，本实施例中，通过配置了监控单元201来监控区块链节点之间是否的通信，如果有通信，则表明两个区块链节点之间即将发生数据交互或者正在进行数据交互，为此，触发所述认证内核所述两个区块链节点中的对端的认证系统进行认证得到所述信任评估核矩阵，否则，无须触发所述认证内核所述两个区块链节点中的对端的认证系统进行认证得到所述信任评估核矩阵。As mentioned above, the reason for the certification in this application is to ensure that when the blockchain nodes participate in the system operation as an integral part of the Internet system, how to ensure the safe operation of the entire system based on the security of the blockchain nodes themselves, For this reason, only when two blockchain nodes have data interaction, this security issue needs to be considered. For this reason, in this embodiment, the monitoring unit 201 is configured to monitor whether the communication between the blockchain nodes, if If there is communication, it indicates that data interaction between the two blockchain nodes is about to occur or is in progress. For this reason, trigger the authentication system of the peer authentication system of the two blockchain nodes in the authentication kernel to perform authentication to obtain the Trust evaluation kernel matrix, otherwise, it is not necessary to trigger the authentication kernel at the peer authentication system of the two blockchain nodes to perform authentication to obtain the trust evaluation kernel matrix.

可选地，在一种具体地实施方式中，完整性检测单元202进一步用于判断是否内核维护模块在更新信任评估核矩阵，通过交换的方式。Optionally, in a specific implementation manner, the integrity detection unit 202 is further configured to determine whether the kernel maintenance module is updating the trust evaluation kernel matrix by means of exchange.

可选地，在一种具体地实施方式中，完整性检测单元202进一步用于进行信任核矩阵的更新时，通过分散认证框架的方式实施。Optionally, in a specific implementation manner, when the integrity detection unit 202 is further used to update the trust kernel matrix, it is implemented by means of a decentralized authentication framework.

可选地，在一种具体地实施方式中，区块链节点之间进行认证连接的装置20还包括：虚拟化可信管理模块，用于导出信任核矩阵，以使得内核维护模块在两个区块链节点之间进行信任核矩阵的更新。Optionally, in a specific implementation manner, the device 20 for authenticating connections between blockchain nodes further includes: a virtualized trusted management module, which is used to derive a trust kernel matrix, so that the kernel maintenance module is in two The trust kernel matrix is updated between blockchain nodes.

可选地，本实施例中，虚拟化可信管理模块(VTPMS，virtual trusted-platforms)可以保证两个区块链节点在进行所述信任核矩阵的交换时，快速地执行，从而保证了任一一个区块链节点上的所述信任核矩阵都会被实时更新，保证了交换的实时性以及快速性。Optionally, in this embodiment, the virtualized trusted management module (VTPMS, virtual trusted-platforms) can ensure that the two blockchain nodes perform the exchange of the trust core matrix quickly, thereby ensuring that any The trust kernel matrix on each blockchain node will be updated in real time, ensuring real-time and rapid exchange.

实施例三、Embodiment three,

请参阅图3，本申请实施例提供了一种区块链系统，包括：多个区块链节点301，每个区块链节点上设置有区块链节点之间进行认证连接的装置20，其包括：Please refer to FIG. 3 , the embodiment of the present application provides a block chain system, including: a plurality of block chain nodes 301, each block chain node is provided with a device 20 for authentication connection between block chain nodes, It includes:

下面具体说明:The specific instructions are as follows:

实施例四、Embodiment four,

请参阅图4，本申请实施例提供了一种电子设备40，包括：存储器401以及处理器402，存储器401上存储有计算机可执行指令，处理器402用于执行计算机可执行指令以执行如下步骤：Referring to FIG. 4 , an embodiment of the present application provides an electronic device 40, including: a memory 401 and a processor 402, the memory 401 stores computer-executable instructions, and the processor 402 is used to execute the computer-executable instructions to perform the following steps :

下面具体说明：The specific instructions are as follows:

请参阅图5，图5为本申请实施例一种电子设备的结构示意图；如图5所示，该电子设备的硬件结构可以包括：处理器501，通信接口502，存储器503和通信总线504；Please refer to FIG. 5. FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application; as shown in FIG. 5, the hardware structure of the electronic device may include: a processor 501, a communication interface 502, a memory 503 and a communication bus 504;

其中，处理器501、通信接口502、存储器503通过通信总线504完成相互间的通信；Wherein, the processor 501, the communication interface 502, and the memory 503 complete mutual communication through the communication bus 504;

可选的，通信接口502可以为通信模块的接口，如GSM模块的接口；Optionally, the communication interface 502 may be an interface of a communication module, such as an interface of a GSM module;

其中，处理器501具体可以配置为运行存储器503上存储的可执行程序，从而执行上述任一方法实施例的所有处理步骤或者其中部分处理步骤。Wherein, the processor 501 may be specifically configured to run an executable program stored on the memory 503, so as to execute all or part of the processing steps in any one of the above method embodiments.

处理器501可以是通用处理器，包括中央处理器(Central Processing Unit，简称CPU)、网络处理器(Network Processor，简称NP)等；还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 501 can be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc.; it can also be a digital signal processor (DSP), an application-specific integrated circuit (ASIC) ), off-the-shelf programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps, and logic block diagrams disclosed in the embodiments of the present application may be implemented or executed. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

本申请实施例的电子设备以多种形式存在，包括但不限于:The electronic equipment of the embodiment of the present application exists in various forms, including but not limited to:

(1)移动通信设备:这类设备的特点是具备移动通信功能，并且以提供话音、数据通信为主要目标。这类终端包括:智能手机(例如iPhone)、多媒体手机、功能性手机，以及低端手机等。(1) Mobile communication equipment: This type of equipment is characterized by mobile communication functions, and its main goal is to provide voice and data communication. Such terminals include: smart phones (such as iPhone), multimedia phones, feature phones, and low-end phones.

(2)超移动个人计算机设备:这类设备属于个人计算机的范畴，有计算和处理功能，一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等，例如iPad。(2) Ultra-mobile personal computer equipment: This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has the characteristics of mobile Internet access. Such terminals include: PDA, MID and UMPC equipment, such as iPad.

(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器(例如iPod)，掌上游戏机，电子书，以及智能玩具和便携式车载导航设备。(3) Portable entertainment equipment: This type of equipment can display and play multimedia content. Such devices include: audio and video players (such as iPod), handheld game consoles, e-books, as well as smart toys and portable car navigation devices.

(4)服务器:提供计算服务的设备，服务器的构成包括处理器710、硬盘、内存、系统总线等，服务器和通用的计算机架构类似，但是由于需要提供高可靠的服务，因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(4) Server: a device that provides computing services. The composition of the server includes a processor 710, hard disk, memory, system bus, etc. The server is similar to a general-purpose computer architecture, but due to the need to provide highly reliable services, it needs to be processed in terms of processing power and stability. It has high requirements in terms of performance, reliability, security, scalability, and manageability.

(5)其他具有数据交互功能的电子装置。(5) Other electronic devices with data interaction function.

本申请实施例中，处理器501可以采取例如微处理器或存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit，ASIC)、可编程逻辑处理器和嵌入微处理器的形式，处理器的例子包括但不限于以下微处理器：ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320，存储器处理器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道，除了以纯计算机可读程序代码方式实现处理器以外，完全可以通过将方法步骤进行逻辑编程来使得处理器以逻辑门、开关、专用集成电路、可编程逻辑处理器和嵌入微处理器等的形式来实现相同功能。因此这种处理器可以被认为是一种硬件部件，而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至，可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。In the embodiment of the present application, the processor 501 may take, for example, a microprocessor or a computer-readable medium storing computer-readable program code (such as software or firmware) executable by the (micro)processor, logic gates, switches, dedicated integrated Circuits (Application Specific Integrated Circuit, ASIC), programmable logic processors and embedded microprocessors, examples of processors include but are not limited to the following microprocessors: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, memory The processor can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the processor in pure computer-readable program code, it is entirely possible to make the processor use logic gates, switches, application-specific integrated circuits, programmable logic processors, and embedded The same function can be realized in the form of a microprocessor or the like. Therefore, such a processor can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as structures within the hardware component. Or even, means for realizing various functions can be regarded as a structure within both a software module realizing a method and a hardware component.

实施例五、Embodiment five,

请参阅图6，本申请实施例提供了一种计算机存储介质，计算机存储介质上存储有计算机可执行指令，计算机可执行指令被执行时实施如下步骤：Please refer to FIG. 6, the embodiment of the present application provides a computer storage medium, on which computer executable instructions are stored, and the following steps are implemented when the computer executable instructions are executed:

下面具体说明：The specific instructions are as follows:

另外，计算机存储介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括，但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带，磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质，可用于存储可以被计算设备访问的信息。按照本文中的界定，计算机存储介质不包括暂存电脑可读媒体(transitory media)，如调制的数据信号和载波。In addition, computer storage media, including permanent and non-permanent, removable and non-removable media, may be implemented by any method or technology for information storage. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridge, tape magnetic disk storage or other magnetic storage device or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer storage media does not include transitory media, such as modulated data signals and carrier waves.

还需要说明的是，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes Other elements not expressly listed, or elements inherent in the process, method, commodity, or apparatus are also included. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述，例如程序模块。一般地，程序模块包括执行特定事务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请，在这些分布式计算环境中，由通过通信网络而被连接的远程处理设备来执行事务。在分布式计算环境中，程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular transactions or implement particular abstract data types. The application may also be practiced in distributed computing environments where transactions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

需要说明的是，本说明书中的各个实施例均采用递进的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。尤其，对于设备及系统实施例而言，由于其基本相似于方法实施例，所以描述得比较简单，相关之处参见方法实施例的部分说明即可。以上所描述的设备及系统实施例仅仅是示意性的，其中作为分离部件说明的模块可以是或者也可以不是物理上分开的，作为模块提示的部件可以是或者也可以不是物理模块，即可以位于一个地方，或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下，即可以理解并实施。It should be noted that each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments. place. In particular, for the device and system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for relevant parts, please refer to part of the description of the method embodiments. The device and system embodiments described above are only illustrative, and the modules described as separate components may or may not be physically separated, and the components indicated as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without creative effort.

以上所述，仅为本申请的一种具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到的变化或替换，都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应该以权利要求的保护范围为准。The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any person familiar with the technical field can easily think of changes or Replacement should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims

1. A method of authenticated connection between block link points, comprising:

monitoring whether communication is carried out between two blockchain nodes in a blockchain system;

if so, the authentication system on the block chain link point at the opposite end of the two block chain nodes carries out integrity detection on the authentication system on the block chain link point at the other end;

the authentication system on the opposite end block chain link point in the two block chain nodes carries out integrity detection on the authentication system on the other end block chain link point, and the method comprises the following steps: judging whether a trust evaluation core matrix is stored in the authentication system or not, judging whether the trust evaluation core matrix needs to be updated or not, and if the trust evaluation core matrix exists and needs to be updated, judging that the authentication system on the block chain link point at the other end is complete; judging whether a trust evaluation kernel matrix is stored in the authentication system or not, wherein the judging comprises the following steps: judging whether an authentication kernel exists in the authentication system or not, and judging whether the trust evaluation kernel matrix is stored in the authentication kernel or not; judging whether the trust evaluation core matrix needs to be updated or not, wherein the judging comprises the following steps: judging whether a trust evaluation kernel matrix in the authentication kernel is updated through a kernel maintenance module;

and if the authentication system on the block link point at the other end is complete, establishing authentication connection between the two block link points.

2. A method for authenticated connection between blockchain nodes according to claim 1, wherein network traffic generated between the two blockchain nodes in the blockchain system is monitored to monitor whether communication is performed between the two blockchain nodes in the blockchain system.

3. A method for authenticated connection between blockchain nodes according to claim 2, wherein network traffic generated between the two blockchain nodes in the blockchain system is monitored by means of traffic interception.

4. An apparatus for authenticated connection between block link points, comprising:

the monitoring unit is used for monitoring whether communication is carried out between two block chain nodes in the block chain system;

the integrity detection unit is used for enabling the authentication system on the opposite-end block chain link point in the two block chain nodes to carry out integrity detection on the authentication system on the other-end block chain link point when the communication between the two block chain nodes is monitored; the authentication system on the block chain link point at the opposite end of the two block chain nodes carries out integrity detection on the authentication system on the block chain link point at the other end, and the integrity detection comprises the following steps: judging whether a trust evaluation core matrix is stored in the authentication system or not, judging whether the trust evaluation core matrix needs to be updated or not, and if the trust evaluation core matrix exists and needs to be updated, judging that the authentication system on the block chain link point at the other end is complete; judging whether a trust evaluation core matrix is stored in the authentication system or not, comprising the following steps: judging whether an authentication kernel exists in the authentication system or not, and judging whether a trust evaluation kernel matrix is stored in the authentication kernel or not; judging whether the trust evaluation core matrix needs to be updated or not, comprising the following steps: judging whether a trust evaluation kernel matrix in the authentication kernel is updated through a kernel maintenance module;

5. An apparatus for performing an authenticated connection between blockchain nodes according to claim 4, wherein the monitoring unit is further configured to monitor network traffic generated between the two blockchain nodes in the blockchain system to monitor whether communication is performed between the two blockchain nodes in the blockchain system.

6. The apparatus according to claim 5, wherein the monitoring unit is further configured to monitor network traffic generated between the two blockchain nodes in the blockchain system by means of traffic interception.

7. An arrangement for authenticated connection between blockchain nodes according to any of claims 4-6, characterised in that communication between the two blockchain nodes is initiated based on an upper layer service component.

8. A blockchain system, comprising: a plurality of block chain nodes are provided with the device that carries out the authentication between the block chain node on every block chain node, and it includes:

the integrity detection unit is used for enabling the authentication system on the block chain link point at the opposite end of the two block chain nodes to carry out integrity detection on the authentication system on the block chain link point at the other end when the communication between the two block chain nodes is monitored; the authentication system on the opposite end block chain link point in the two block chain nodes carries out integrity detection on the authentication system on the other end block chain link point, and the method comprises the following steps: judging whether a trust evaluation core matrix is stored in the authentication system or not, judging whether the trust evaluation core matrix needs to be updated or not, and if the trust evaluation core matrix exists and needs to be updated, judging that the authentication system on the block chain link point at the other end is complete; judging whether a trust evaluation core matrix is stored in the authentication system or not, comprising the following steps: judging whether an authentication kernel exists in the authentication system or not, and judging whether the trust evaluation kernel matrix is stored in the authentication kernel or not; judging whether the trust evaluation core matrix needs to be updated or not, comprising the following steps: judging whether a trust evaluation kernel matrix in the authentication kernel is updated through a kernel maintenance module;

9. An electronic device, comprising: a memory having computer-executable instructions stored thereon and a processor for executing the computer-executable instructions to perform the steps of:

if so, the authentication system on the opposite-end block chain link point in the two block chain nodes carries out integrity detection on the authentication system on the other-end block chain link point; the authentication system on the block chain link point at the opposite end of the two block chain nodes carries out integrity detection on the authentication system on the block chain link point at the other end, and the integrity detection comprises the following steps: judging whether a trust evaluation core matrix is stored in the authentication system or not, judging whether the trust evaluation core matrix needs to be updated or not, and if the trust evaluation core matrix exists and needs to be updated, judging that the authentication system on the block chain link point at the other end is complete; judging whether a trust evaluation core matrix is stored in the authentication system or not, comprising the following steps: judging whether an authentication kernel exists in the authentication system or not, and judging whether the trust evaluation kernel matrix is stored in the authentication kernel or not; judging whether the trust evaluation core matrix needs to be updated or not, comprising the following steps: judging whether a trust evaluation kernel matrix in the authentication kernel is updated through a kernel maintenance module;

10. A computer storage medium having computer-executable instructions stored thereon that, when executed, perform the steps of:

monitoring whether communication is carried out between two block chain nodes in a block chain system;

if so, the authentication system on the block chain link point at the opposite end of the two block chain nodes carries out integrity detection on the authentication system on the block chain link point at the other end; the authentication system on the block chain link point at the opposite end of the two block chain nodes carries out integrity detection on the authentication system on the block chain link point at the other end, and the integrity detection comprises the following steps: judging whether a trust evaluation core matrix is stored in the authentication system or not, judging whether the trust evaluation core matrix needs to be updated or not, and if the trust evaluation core matrix exists and needs to be updated, judging that the authentication system on the block chain link point at the other end is complete; judging whether a trust evaluation core matrix is stored in the authentication system or not, comprising the following steps: judging whether an authentication kernel exists in the authentication system or not, and judging whether a trust evaluation kernel matrix is stored in the authentication kernel or not; judging whether the trust evaluation core matrix needs to be updated or not, comprising the following steps: judging whether a trust evaluation kernel matrix in the authentication kernel is updated through a kernel maintenance module;