A blockchain-based commodity traceability method, device, equipment and medium
By employing decentralized blockchain technology to authenticate nodes and verify data in product traceability, generating traceability data blocks and storing them on the chain, the security and reliability issues of centralized database traceability methods are resolved, achieving more efficient and reliable traceability information management.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 河北盛马电子科技有限公司
- Filing Date
- 2026-06-12
- Publication Date
- 2026-07-14
Smart Images

Figure CN122390767A_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of commodity traceability technology, and more specifically, relates to a commodity traceability method, device, equipment and medium based on blockchain. Background Technology
[0002] In today's era of booming globalized trade, the production, distribution, and sales of goods are becoming increasingly complex, involving multiple regions, numerous participants, and intricate supply chain networks. Product traceability, as a crucial means of protecting consumer rights, enhancing corporate reputation, and strengthening market supervision, has emerged and received widespread attention.
[0003] Existing product traceability methods are primarily based on centralized database systems. In this model, a core institution or enterprise is typically responsible for building and maintaining the traceability database. Each node involved in the traceability process uploads product information to this central database for storage and management. Consumers or regulators access the central database to query product traceability information. This traceability method, to a certain extent, achieves the functions of recording and querying product information, providing basic support for product traceability.
[0004] Since all traceability data is stored centrally in a database, if the database is attacked by hackers, tampered with by internal personnel, or damaged or lost due to natural disasters, it will seriously damage the entire traceability system and make it difficult to guarantee the security and credibility of the data. Summary of the Invention
[0005] The purpose of this application is to provide a blockchain-based product traceability method, apparatus, device, and medium to address the technical problems of poor data security and low reliability in existing centralized database-based product traceability methods, thereby improving the data security and credibility of product traceability. To achieve the above objective, the technical solution provided by this application is as follows: Firstly, a blockchain-based product traceability method is provided, including: Decentralized identity authentication is performed on each node involved in the traceability of the target product. Authentication nodes are assigned a unique identity and connected to the blockchain network. For each target product, if the target product enters the traceability process, a unique traceability identifier is generated for the target product, and a physical tag and a dynamic digital tag are bound to the target product according to the traceability identifier, generating a tag binding record; the physical tag includes the traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag; For each stage, the target product information for that stage is obtained, and the validity of the target product information is verified to generate a valid data package; the target product information includes the target product's attributes, circulation stages, and environmental data; Based on valid data packets, traceability data blocks are determined and associated with unique traceability identifiers. The traceability data blocks are stored on the blockchain and linked sequentially using hash pointers to generate the traceability chain for the target product. In response to a query request to scan a dynamic digital tag, the system verifies the validity of the binding relationship between the current dynamic digital tag, physical tag, and traceability identifier based on the tag binding record. If the binding relationship is valid, the system determines the chain integrity index and real-time health status of the target product based on the unique traceability identifier and generates a traceability report for the target product.
[0006] Secondly, a blockchain-based product traceability device is provided, comprising: The identity authentication module is used to perform decentralized identity authentication on each node involved in the traceability of the target product, assign a unique identity to the authenticated node, and connect it to the blockchain network. The tag binding record generation module is used to generate a unique traceability identifier for each target product if the target product enters the traceability process, and bind a physical tag and a dynamic digital tag to the target product based on the traceability identifier, thereby generating a tag binding record; the physical tag includes the traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag; The valid data packet generation module is used to obtain the target product information for each stage, verify the validity of the target product information, and generate a valid data packet; the target product information includes the target product's attributes, circulation stages, and environmental data; The traceability chain generation module is used to determine traceability data blocks based on valid data packets and associate the traceability data blocks with unique traceability identifiers; store the traceability data blocks on the blockchain and link the traceability data blocks corresponding to each link in sequence through hash pointers to generate the traceability chain of the target product; The traceability report generation module is used to respond to query requests for scanning dynamic digital tags. Based on the tag binding records, it verifies whether the binding relationship between the current dynamic digital tag, physical tag and traceability identifier is valid. If the binding relationship is valid, it determines the chain integrity index and real-time health status of the target product based on the unique traceability identifier and generates a traceability report for the target product.
[0007] Thirdly, embodiments of this application also provide an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the blockchain-based product traceability method provided by any possible implementation of the first aspect.
[0008] Fourthly, embodiments of this application also provide a computer-readable storage medium storing a computer program that, when executed by a processor, implements the blockchain-based product traceability method provided by any possible implementation of the first aspect.
[0009] The beneficial effects of the technical solution provided in this application are as follows: This application provides a blockchain-based product traceability method, apparatus, device, and medium. Compared with related technologies, this application utilizes decentralized blockchain technology to overcome the shortcomings of centralized databases in existing technologies, which are susceptible to attacks and data loss or tampering. By combining node identity authentication, data validity verification, tag binding, and rapid query mechanisms, it ensures the authenticity and reliability of traceability information. This effectively solves the problems of low data security and credibility in existing centralized product traceability methods, enhances the authenticity and reliability of traceability information, and improves the efficiency and convenience of product traceability. It provides a safer, more reliable, and more efficient new approach to product traceability, better protecting consumer rights. Attached Figure Description
[0010] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments of this application will be briefly introduced below.
[0011] Figure 1 A flowchart illustrating a blockchain-based product traceability method provided in this application embodiment; Figure 2 A structural block diagram of a blockchain-based product traceability device provided in this application embodiment; Figure 3 A schematic block diagram of an electronic device provided in an embodiment of this application. Detailed Implementation
[0012] The embodiments of this application are described below with reference to the accompanying drawings. It should be understood that the embodiments described below with reference to the accompanying drawings are exemplary descriptions for explaining the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions of the embodiments of this application.
[0013] Those skilled in the art will understand that, unless otherwise stated, the singular forms “a,” “an,” and “the” used herein may also include the plural forms. It should be further understood that the terms “comprising” and “including” as used in embodiments of this application mean that the corresponding feature can be implemented as the presented feature, information, data, step, operation, element, and / or component, but do not exclude implementation as other features, information, data, step, operation, element, component, and / or combinations thereof supported by the art. It should be understood that when we say that an element is “connected” or “coupled” to another element, the one element can be directly connected or coupled to the other element, or it can mean that the one element and the other element establish a connection relationship through an intermediate element. Furthermore, “connected” or “coupled” as used herein can include wireless connection or wireless coupling. The term “and / or” as used herein indicates at least one of the items defined by the term; for example, “A and / or B” can be implemented as “A,” or as “B,” or as “A and B.” When describing multiple (two or more) items, if the relationship between the multiple items is not explicitly defined, the multiple items can refer to one, several or all of the multiple items. For example, the description of "parameter A includes A1, A2, A3" can be implemented as parameter A includes A1 or A2 or A3, or it can be implemented as parameter A includes at least two of the three items A1, A2 and A3.
[0014] It is understood that in the embodiments of this application, data such as user information are involved. When the embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with relevant laws, regulations and standards.
[0015] To make the objectives, technical solutions, and advantages of this application clearer, the following description will be provided in conjunction with the accompanying drawings and specific embodiments.
[0016] This application provides a blockchain-based product traceability method, which can be executed by an electronic device, such as... Figure 1 As shown, the method may include: S101: Decentralized identity authentication is performed on each node involved in the traceability of the target product. Authentication is granted a unique identity and the node is connected to the blockchain network.
[0017] In this embodiment, each stage may include production, storage, transportation, and sales. The nodes in this embodiment refer to the various participating entities or authorized data collection devices involved in the circulation of the target commodity, such as production workshops, logistics vehicles, and warehouse management equipment.
[0018] This embodiment uses a decentralized identity authentication mechanism to ensure that the identity of each node in each link is authentic, trustworthy, and tamper-proof, laying the identity foundation for the subsequent collection and on-chaining of traceability data.
[0019] This embodiment first performs node identity registration and authentication. Specifically, each node initiates an identity registration request to the blockchain network and submits identity credentials. These credentials may include business licenses, digital certificates, identity verification documents, etc. Verification nodes in the blockchain network (which may be pre-defined authoritative nodes or nodes selected through a consensus mechanism) verify the submitted identity credentials. After successful verification, the verification node generates an identity authentication result, which is then confirmed across the entire network through a consensus mechanism (e.g., using a Byzantine fault-tolerant protocol) to ensure the consistency and immutability of the verification result. The verification methods in this embodiment may include: querying public industry databases; verifying the validity and issuing chain of digital certificates; and calling trusted identity service interfaces for online verification.
[0020] This embodiment combines identity credential information to obtain a composite string. After successful identity authentication, a unique identity identifier is generated for the node. This unique identity identifier can be a unique string (e.g., a hash value or a distributed identifier), generated using the node's composite string as input data through a one-way operation using a cryptographic hash algorithm (e.g., SHA-256). This unique identity identifier can be associated with the node's public key, identity attributes (e.g., affiliated stage, scope of authority), and other information, thereby being written into the blockchain identity registry. This blockchain identity registry is a decentralized, immutable, and authoritative database stored on the blockchain, used to record and manage the identity information of all entities participating in the blockchain network.
[0021] This embodiment encapsulates a node's unique identifier, public key, identity attributes, and verification timestamp into an identity data block and stores it on the blockchain. Based on the node's role and business scope, its data upload and query permissions are configured in the smart contract, ensuring that the node can only participate in the traceability process within its authorized scope. The smart contract is a core technical component for achieving process automation, rigid rule execution, and system trustlessness. It encodes complex logic (identity authentication, tag binding, dual verification, health calculation, etc.) into a series of automatically executed programs, ensuring the efficiency, reliability, and tamper-proof nature of the entire traceability process.
[0022] In this embodiment, after a node obtains its unique identifier and corresponding private key (used for digital signature operations), it connects to the blockchain network via a blockchain client or API. After connection, the node can participate in operations such as submitting, verifying, and querying traceability data according to its permissions. All operations must be digitally signed using its private key to ensure traceability and non-repudiation. In this embodiment, the digital signature can adopt the Chinese national cryptographic algorithm SM2.
[0023] S102: For each target product, if the target product enters the traceability process, a unique traceability identifier is generated for the target product, and a physical tag and a dynamic digital tag are bound to the target product according to the traceability identifier, generating a tag binding record.
[0024] In this embodiment, the physical tag includes a traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag.
[0025] In this embodiment, when a target product (e.g., a case of wine) completes production or is ready to enter the distribution chain, an authorized authentication node (e.g., the manufacturer) initiates a product traceability process creation request to the electronic device. Upon receiving the request, the electronic device generates a unique traceability identifier for the target product. This unique traceability identifier represents the target product's globally unique identity code within the blockchain network, typically consisting of a string of numbers, letters, or symbols with sufficient randomness and uniqueness. For example, for a bottle of 2023 vintage premium wine, the unique traceability identifier might be "WINE-T-2023-BATCH7-NO-000189," which includes product type, grade, vintage, batch number, and serial number information.
[0026] This embodiment creates a physical tag based on the unique traceability identifier. This physical tag can be firmly attached to the product or its smallest sales packaging, referring to a physical carrier that is physically attached to the product and carries the traceability identifier information. For example, the unique traceability identifier can be encoded as a barcode and printed on the back label of a wine bottle; this barcode is the physical tag in this embodiment. Simultaneously, a dynamic digital tag is generated for the target product (the aforementioned wine) and associated with its physical tag and unique traceability identifier, thereby generating a tag binding record. The dynamic digital tag in this embodiment can be a dynamically updatable QR code. The backend access address or content pointed to by the QR code can be updated in the backend according to the needs of product status, circulation process, or security policies.
[0027] In this embodiment, one physical tag corresponds to one dynamic digital tag. That is, when the dynamic digital tag is generated, it is bound to the corresponding physical tag and the unique traceability identifier at that time.
[0028] In one possible implementation, a tag binding record is generated by binding a physical tag and a dynamic digital tag to the target product based on the traceability identifier, including: Generate a unique anti-counterfeiting feature code for the physical label based on a physically non-cloning function; The traceability identifier is combined with the anti-counterfeiting feature code to obtain the combined feature string. The password hash value of the feature string is obtained and used as the seed value of the digital tag. Generate the initial accessible address of the dynamic digital tag based on the seed value of the digital tag; The traceability identifier, anti-counterfeiting feature code, and initial accessible address are associated to generate a tag binding record.
[0029] In this embodiment, the Physical Unclonable Function (PUF) is used to transform the randomness characteristics of a physical entity into verifiable digital features. The anti-counterfeiting code can be extracted from the physical label using PUF technology and calculated as a unique digital sequence. In this embodiment, the physical label is a dedicated anti-counterfeiting label or carrier that can possess PUF characteristics. Specifically, the method for determining the digital sequence can be: During the fabrication or affixing of the physical tag, a specific external stimulus is applied to the tag (e.g., for an optical PUF, irradiation with a specific light source, such as a 532nm wavelength laser with an intensity of 10mW / cm², for 100ms; for an oscillator-based electrical PUF, a 1.2V, 1MHz square wave excitation signal can be applied), causing the tag to generate a unique response signal. During digital sampling and preprocessing, a 12-bit ADC with a sampling frequency of 1MHz can be used for sampling. The sampled signal is then converted from analog to digital, and a median filtering algorithm is used to remove impulse noise, obtaining stable feature data that characterizes the uniqueness of the physical tag. This feature data is then converted into a fixed-length numeric string based on a physically non-cloning function (e.g., through a hash algorithm or encoding), which serves as the anti-counterfeiting feature code. For example, this anti-counterfeiting feature code could be PUF-A1B2C3D4E5.
[0030] In this embodiment, the hardware selection for the PUF technology can be an SRAM PUF type, for example, specifically using the Microchip 23LC1024 SRAM chip; alternatively, a ring oscillator PUF can be used, for example, implemented using the configurable logic block built into the Xilinx Artix-7 FPGA. In this embodiment, the PUF technology and physical tag compatibility standard meets the requirements for the PUF stimulus-response pair format definition and communication protocol requirements in GB / T 40653-2021 "Information Security Technology - Physical Non-cloning Function Interface Specification".
[0031] In this embodiment, the anti-counterfeiting feature code is combined with the aforementioned unique traceability identifier to obtain a cryptographic hash value used to derive the dynamic digital label. This cryptographic hash value is used as the seed value for the digital label. Specifically, the obtained unique traceability identifier and anti-counterfeiting feature code are combined according to a preset format (e.g., using delimiters) to form a combined feature string (e.g., the feature string could be WINE-T-2023-BATCH7-NO-000189|PUF-A1B2C3D4E5). The feature string is then calculated using a cryptographic hash function to obtain the corresponding hash value, which is used as the seed value for the digital label. In this embodiment, the digital label seed value integrates the product's dynamic digital label and physical label, ensuring its uniqueness and collision resistance.
[0032] In this embodiment, the initial accessible address represents the backend service address or resource identifier that the dynamic digital tag points to when it is first generated. This address can be generated from the digital tag seed value through preset address rules to ensure its unique correspondence with a specific physical tag.
[0033] In this embodiment, the seed value of the numeric tag is processed according to a preset address rule to generate an accessible URL or resource identifier. Specifically, the preset address rule can be a direct mapping rule (which refers to using a part of the seed value of the numeric tag as a short link code or resource ID, and after concatenating it to obtain the basic domain name, generating the initial accessible address of the dynamic numeric tag).
[0034] The aforementioned key information is encapsulated in the order of traceability identifier, anti-counterfeiting feature code, and initial accessible address to obtain encapsulated data. The encapsulated data and the corresponding timestamp together constitute a tag binding record. This tag binding record is then uploaded to the blockchain network, becoming the sole credential for verifying the authenticity of the binding relationship between the target product, the physical tag, and the digital tag.
[0035] S103: For each step, obtain the target product information for that step, verify the validity of the target product information, and generate a valid data packet.
[0036] In this embodiment, target product information refers to the status and contextual data of the target product recorded by the corresponding recorder at a specific time and location. The target product information in this embodiment may include the target product's attributes, circulation stages, and environmental data. Specifically, the target product's attributes may include its name, specifications, batch number, and quantity; the circulation stages refer to the current business operation type (e.g., loading and shipping, warehousing and storage), the stage code, and the upstream and downstream node identifiers involved in this operation type (e.g., shipper ID, recipient ID, etc.); and the environmental data refers to the surrounding environmental data related to the quality or safety of the target product collected by electronic devices during the operation, such as temperature, humidity, light intensity, and geographic coordinates.
[0037] In one possible implementation, the target product information is validated to generate a valid data packet, including: Perform initial verification on the target product information to obtain an initial set of product information; The target product information set is obtained by performing dual linkage verification based on the initial product information set and the evidence stored in the blockchain network. The dual linkage verification includes node linkage verification and tag binding verification, and the node linkage verification and tag binding verification are in a progressive relationship. The product information in the target product information set is encapsulated according to a preset format to obtain a valid data packet.
[0038] In this embodiment, node linkage verification and tag binding verification are progressive. If node linkage verification fails, the current data is deemed invalid, the verification process is immediately terminated, tag binding verification is no longer performed, and an error message indicating abnormal node identity or permissions is returned. In this embodiment, the tag binding verification stage only begins after node linkage verification has completely passed.
[0039] In this embodiment, node linkage verification refers to the process of comprehensively verifying the legality of the identity of the current operating node, its operating authority, and the legality of its upstream and downstream node identifiers. It is used to verify whether the node identity of the data collected in the current stage is legal, and whether it has the authority to perform the operation in this stage. Tag binding verification refers to the process of verifying whether the anti-counterfeiting feature code of the currently scanned physical tag matches the initial digital tag seed value recorded on the chain. It is used to further verify whether the target product being operated on is genuine, that is, whether the physical tag of the target product is consistent with the information bound to the initial product information recorded on the chain, based on the legality of the node identity.
[0040] In this embodiment, the acquired target product information is first initially validated. Specifically, the target product information is first validated for format and completeness, checking whether the data fields conform to preset data format specifications (e.g., date format, numerical range, etc.), and whether any fields are missing by referring to the field list. If the format and completeness validation of the target product information passes, logical judgment is made according to preset business rules. For example, if the outbound quantity is less than or equal to the inventory quantity, the current coordinate position should be geographically close to the warehouse address when the product is outbound. If the logical rationality validation of the target product information passes, the validated data items are organized to generate an initial product information set.
[0041] After obtaining the initial target product information set, this set is submitted to the blockchain network. A dual verification process, linking the initial target product information set with the stored data in the blockchain network, is performed using pre-defined verification rules. Specifically, the pre-defined verification rules first extract the operation node identifier from the initial product information set and query the blockchain identity registry to determine if the node identifier exists and is "valid." Then, based on the current flow stage, it checks whether the node's operation is authorized. Finally, it extracts the upstream and downstream node identifiers involved in the initial product information to confirm the validity of those identifiers. If all the above verifications pass, a node-linked product information set is generated. This set, based on the initial product information set, includes a hidden tag indicating that "the legality between nodes and stages has been verified," and contains detailed information for subsequent verification, such as verification timestamps and anti-counterfeiting feature codes.
[0042] In this embodiment, based on verifying the validity of the node's identity, the currently read anti-counterfeiting feature code is further extracted from the set of linked products of the node, and the pre-stored digital tag seed value in the blockchain network is obtained; the anti-counterfeiting feature code is recombined with the unique traceability identifier of the product, and the password hash value of the combined data is calculated; the password hash value is compared with the pre-stored digital tag seed value, and the tag binding verification is determined based on the comparison result.
[0043] In this embodiment, all node-linked product information sets verified through tag binding are used as the target product information set. This target product information set is standardized and encapsulated according to a data format conforming to the blockchain network to obtain a valid data packet. The encapsulation steps can be as follows: first, product attributes, circulation stages, verification timestamps, and related node signatures are arranged according to a preset structured format (e.g., JSON Schema or Protobuf) to obtain formatted data; then, the formatted data is packaged to generate a valid data packet. This valid data packet possesses an integrity signature, and the content within the valid data packet has been verified by the blockchain network as "trustworthy in origin, compliant in operation, and authentic in object."
[0044] In one possible implementation, a target product information set is obtained by performing a dual-verification process based on an initial set of product information and stored evidence data in a blockchain network, including: A node-linked verification operation is performed on the initial set of product information and the evidence-stored data in the blockchain network. After the verification is successful, the node-linked product information set is obtained. A tag binding verification operation is performed on the node-linked product information set and the evidence-stored data in the blockchain network to obtain the target product information set; the target product information set includes the node-linked product information and the tag binding verification result. The node linkage verification operation includes: Based on the node's identity identifier and the initial product information set in the evidence data, the legality of the node's identity identifier in the collected product information, as well as the legality of the node identifiers corresponding to the upstream and downstream links of this link, are verified. If the node and its upstream and downstream nodes have completed decentralized identity authentication, and the node has the authority to collect the target product information of this link, then the verification is deemed successful, and the node-linked product information set is obtained. The node-linked product information set includes product identifier information, link attribute information, node and link information, environmental data, physical tag information, and timestamp. The tag binding verification operation includes: Extract anti-counterfeiting feature codes from the set of linked product information from nodes, and obtain the pre-stored digital label seed value based on the evidence data and the label binding record corresponding to the target product. Calculate the cryptographic hash value of the anti-counterfeiting feature code; If the pre-stored digital tag seed value matches the password hash value, the tag binding verification is considered successful.
[0045] In this embodiment, the evidence storage data refers to key reference data pre-stored on the blockchain network and confirmed through consensus, used to verify the current operation. In this embodiment, the evidence storage data may include identity identifiers and tag binding records. The identity identifier may be a unique identity identifier registered in each node, along with public keys and status information; the tag binding record may be an on-chain record used to record the binding relationship between traceability identifiers, PUF anti-counterfeiting feature codes, and dynamic digital tags.
[0046] In this embodiment, the "operation node identifier" (i.e., the identity of the node initiating the current data collection) is extracted from the initial product information set; the identity identifier data (identity registry) on the blockchain network is queried to check whether the identifier exists and its status. If the identifier exists and its status is valid, the process proceeds to permission verification; if the identifier does not exist or its status is invalid (e.g., frozen, revoked, expired, etc.), the verification is immediately terminated, a "node identity invalid" error is returned, and the batch of data is rejected.
[0047] In the process permission verification step, based on the process attribute information (e.g., cold chain transportation to warehouse) in the initial product information set, the node is checked for permission to perform the operation by querying the identity authorization operation list. If the current process type is in the node's authorization list, the supply chain relationship verification is initiated; otherwise, the verification terminates and returns the error "Node does not have permission to perform this process operation".
[0048] In the supply chain relationship verification step, the upstream node identifier (e.g., shipper) and downstream node identifier (e.g., consignee) extracted from the current node are queried from the corresponding blockchain identity registry to confirm their existence and validity. Furthermore, considering the type of the current stage, it is determined whether the supply chain relationship between the current node and the upstream and downstream identifiers conforms to business logic (e.g., the shipper in the transportation stage should be a node in the previous warehousing stage). If the verified identities of both upstream and downstream nodes are valid and the relationship logic is consistent, the node linkage verification operation is considered successful; if any associated node's identity is invalid or there is a logical contradiction in the relationship, the verification fails, and a "supply chain node invalid or relationship abnormal" error is returned.
[0049] In this embodiment, if all node linkage verifications pass, a set of node linkage product information is generated.
[0050] In this embodiment, after the node linkage verification is passed, to further verify whether the operated product (target product) itself is genuine, a tag binding verification operation is further performed on the node-linked product information set. Specifically, the currently read anti-counterfeiting feature code (e.g., the current anti-counterfeiting feature code is PUF-Current) is extracted from the node-linked product information set. Based on the product traceability identifier in the node-linked product set, the pre-stored tag binding record on the blockchain network is queried to obtain the digital tag seed value generated and stored during the initialization of the target product (e.g., the pre-stored digital tag seed value is Sssd-stored).
[0051] This embodiment recombines the traceability identifier of the current target product with the extracted anti-counterfeiting feature code (PUF-Current), and calculates a new hash value (e.g., Hash-Calculated) for the current combination based on a cryptographic hash algorithm. The new hash value is compared with the pre-stored digital tag seed value. If the new hash value is equal to the pre-stored digital tag seed value, it is determined that the characteristics of the current physical tag are completely consistent with the initially bound characteristics, indicating that the tag binding verification has passed. If the new hash value is not equal to the pre-stored digital tag seed value, it is determined that the current physical tag may be counterfeit, or the product has been swapped. At this time, the verification terminates, returns a "product tag verification failed" error, and triggers an anti-counterfeiting alarm.
[0052] In this embodiment, the dual-linkage verification is considered successful only after the tag binding verification passes. At this point, a target product information set is generated. This set contains all the content of the node-linked product information set and is marked with a trusted tag indicating that the tag binding verification has passed.
[0053] For example, taking wine in the transportation and transshipment process as an example, when the logistics vehicle arrives at the transshipment station, the target product information of that node is collected, including the operation node identifier being logistics company A1, the link being the transshipment link, the upstream identifier being warehouse A2, the downstream identifier being city distribution center A3, the ambient temperature being 5℃, and the anti-counterfeiting code in the physical label being ABC123.
[0054] In the node linkage verification step, the identity registration form is queried to obtain that the logistics company's A1 identifier is valid and has transportation authority; by querying the upstream identifier warehouse A2 and the downstream identifier city distribution center A3, both identifiers are valid, and the relationship logic of the transportation link is determined to be correct, the node linkage verification is determined to be successful, and a node linkage commodity information set is generated.
[0055] Based on the traceability identifier of the wine box, the pre-stored digital label seed value of the wine box is queried from the blockchain network as xyz789. The current anti-counterfeiting code (ABC123) is recombined with the traceability identifier and a new hash value is obtained through cryptographic hashing. After comparison, it is found that the new hash value is the same as the pre-stored digital label seed value xyz789. Then, a target product information set containing all information and the "label binding verification passed" trusted mark is generated.
[0056] This embodiment constructs a firewall for data on-chain through progressive verification of "node linkage verification and tag binding verification" from two fundamental levels: behavior authorization and object authenticity. This ensures that every traceability record in the blockchain originates from a trusted operator's credible operation on a real product, greatly improving the data quality and credibility of the entire traceability chain.
[0057] To further enhance the credibility, tamper-proofness, and spatiotemporal relevance of environmental information in traceability data, this embodiment, after performing dual linkage verification, also includes: For each stage, acquire the environmental data collected at that stage node, along with time synchronization proof; the time synchronization proof is used to verify the collection time of the environmental data; the time synchronization proof is determined based on the timestamp corresponding to the hash value in the environmental data; Extract environmental data fragments from environmental data within a time window that overlaps with the time point of target product information collection; Obtain the first feature value of the environmental data fragment, and obtain the second feature value corresponding to the environmental data in the initial product information set within the time window; If the deviation between the first eigenvalue and the second eigenvalue is within the allowable error range, then an environmental consistency proof is generated; Add environmental consistency proofs and time synchronization proofs to the valid data packets.
[0058] In this embodiment, time synchronization proof is a cryptographic evidence attached to data to undisputedly confirm that the data was collected at a specific moment. It is typically achieved by submitting the hash value of the data to a trusted timestamp service or utilizing blockchain block timestamps, ensuring that the "when the data was generated" is unforgeable.
[0059] The preset allowable error range in this embodiment can be determined comprehensively based on the characteristics of the target product, environmental data, the operation time of the business process, and relevant industry standards. For example, for temperature-sensitive products, the allowable temperature error range can be set to ±2°C; the allowable error range of the time window can be set to ±30 seconds based on the data reporting frequency of IoT devices and network latency.
[0060] In this embodiment, for each stage, in addition to the environmental data recorded by the operation node when collecting target product information (which is already included in the initial product information set), continuous environmental data with time synchronization proof is also independently acquired by the trusted IoT device deployed in that stage.
[0061] This embodiment extracts the timestamp 't' (in seconds) of the completion of product information collection for this stage from the verified set of target product information. A preset reasonable time interval is then extended before and after timestamp 't' to form a time window with overlapping time points. For example, this time window can be [t-5s, t+5s]. This window covers the brief period before and after the operation node. The preset reasonable time interval can be determined based on the information collection frequency, the operation duration of the business process, or changes in environmental parameters. For example, based on the information collection frequency, if the IoT device reports data every 5 seconds, the half-width of the time window can be set to 5 seconds; based on the operation duration, if the barcode scanning and warehousing operation typically takes 2-5 seconds, the half-width of the time window can be set to 5 seconds; based on the rate of change of environmental parameters, if the temperature may change by 0.1℃ per second and is allowed to fluctuate by ±0.5℃, the half-width of the time window can be set to 5 seconds.
[0062] From the collected continuous environmental data with time synchronization proof, all data points whose timestamps fall within the specified time window are extracted to form an environmental data segment. This environmental data segment represents the environmental state of the location before and after the operation node.
[0063] In this embodiment, all data points (e.g., temperature values) in the obtained environmental data segment are processed according to a preset statistical method (e.g., calculating the average value) to obtain the average value of the environmental data segment within the time window, and this average value is used as the first feature value. The first feature value characterizes the environmental state perceived by the IoT device within the operating time window.
[0064] In this embodiment, the average value of the environmental data recorded in this step is extracted from the set of linked product information of the node, and this average value is used as the second feature value. The second feature value represents the environmental state of the operating node at time t.
[0065] In this embodiment, the absolute deviation between the first feature value and the second feature value is compared with a preset allowable error range. If the absolute deviation is less than or equal to the preset allowable error range, the environmental data is determined to be consistent, that is, the environmental data recorded by the node and the data independently monitored by the IoT device are consistent within the allowable error range. If the absolute deviation is greater than the preset allowable error range, the environmental data is determined to be inconsistent, which may indicate that the node record is incorrect, the device is faulty, or there is a risk of data tampering.
[0066] In this embodiment, an environmental consistency certificate is generated only when the feature value comparison passes (the deviation is within the allowable range). This certificate includes at least: the compared stage, the time window, the feature value calculation method used, the first and second feature values, the comparison result, and the timestamp of the generated certificate. After the comparison passes, the environmental consistency certificate and the time synchronization certificate (or its main summary) extracted from the IoT data are added to the valid data packet to be uploaded to the blockchain. Thus, the valid data packet not only contains the product flow information verified through dual linkage, but also includes a trusted environmental data certificate that has undergone independent time synchronization and cross-validation.
[0067] This embodiment improves tamper resistance by introducing environmental data with independent timestamps and performing time-aligned cross-validation with environmental data from business operation records. By ensuring consistency between two independent data sources, the authenticity and credibility of environmental data (especially for products sensitive to temperature and humidity) are greatly enhanced. This ensures that the recorded environmental data is indeed highly consistent with the actual environment experienced by the product, thereby improving the overall quality and value of traceability data.
[0068] S104: Determine the traceability data block based on the valid data packet and associate the traceability data block with the unique traceability identifier; store the traceability data block on the chain and link the traceability data blocks corresponding to each link in sequence through the hash pointer to generate the traceability chain of the target product.
[0069] In this embodiment, a traceability data block refers to a basic data unit of traceability information for an independent stage stored on the blockchain. A traceability data block may include block header information, core data body, and the hash value of this block. The block header information contains the metadata of this data block, such as version number, generation timestamp, and a hash pointer to the previous data block (this can be empty for the initial stage). The core data body is the entire content of the valid data packet, including product attributes, stage information, verified environmental data, environmental consistency proof, and digital signatures of relevant nodes. The hash value of this block is the cryptographic hash value calculated from the entire data block content (including the block header and data body).
[0070] In this embodiment, the hash pointer is a data structure that stores the cryptographic hash value of the previous data block, rather than a traditional memory address. This hash pointer serves a dual purpose: both as a "logical pointer" and for "content verification." On the one hand, the hash value allows for locating and retrieving the previous data block within the blockchain storage system; on the other hand, if the content of the previous data block is tampered with, its hash value will inevitably change, rendering the hash pointer stored in the current block invalid and thus allowing for the detection of tampering.
[0071] In this embodiment, a valid data packet is used as the core data body, and block header information (timestamp, version, etc.) is added to it to obtain a complete data structure. A hash function (such as SHA-256) is applied to this complete data structure to generate the hash value of the traceability data block.
[0072] In this embodiment, a unique traceability identifier for the target product is added to the block header information of the traceability data block, thereby establishing an index relationship between the "traceability data block" and the "specific product", so that all relevant data blocks of the product can be retrieved through the identifier.
[0073] This embodiment encapsulates the traceability data block into a legitimate blockchain transaction. The operating node in this step digitally signs the transaction using its private key and then broadcasts it to the blockchain network. Consensus nodes in the blockchain network (e.g., miners or validators) verify the transaction (including signature validity, data structure compliance, etc.) and reach a consensus through a consensus mechanism (e.g., Proof-of-Work, Proof-of-Stake, etc.) to confirm the transaction's validity. The confirmed valid transaction is then saved to a new blockchain "block." When this block is successfully added to the blockchain's main chain, it means that the traceability data block it contains acquires the properties of immutability and non-repudiation. Any subsequent modifications will cause its hash value to change, thus being rejected by the network.
[0074] In this embodiment, when constructing the traceability data block for the Nth stage (N>1), the hash value Hprev of the previous stage (N-1th stage) traceability data block is filled into its block header information as the "previous stage hash pointer". For the data block of the first stage, this field can be filled with a specific initial value (e.g., an initial value of zero). In this embodiment, each new traceability data block "points back" to the data block of the previous stage through its internally stored hash pointer. All data blocks associated with the same unique traceability identifier are chained together by these hash pointers according to the chronological order of the stages, forming a traceability chain for the target product. This traceability chain for the target product starts from the initialization of the product and runs through all stages such as production, distribution, and sales. The data in any link of the chain is permanently locked and cryptographically bound to the preceding and following links, ensuring the integrity and tamper-proof nature of the entire traceability history.
[0075] S105: In response to the query request for scanning dynamic digital tags, verify whether the binding relationship between the current dynamic digital tag, physical tag and traceability identifier is valid according to the tag binding record. If the binding relationship is valid, determine the chain integrity index and real-time health status of the target product based on the unique traceability identifier, and generate a traceability report for the target product.
[0076] In this embodiment, in response to a query request for scanning a dynamic digital tag, the request is parsed, and a verification credential associated with the physical manifestation is extracted from the parsed information. Based on the tag binding record, the binding relationship between the tag binding credential, the current dynamic digital tag, the physical tag, and the traceability identifier is verified to be valid.
[0077] In this embodiment, based on the product traceability identifier obtained above, the tag binding record on the blockchain is queried to obtain the original binding certificate of the target product recorded during initialization, which includes information such as the physical tag anti-counterfeiting feature code and the dynamic digital tag seed value.
[0078] The status of the currently scanned dynamic digital tag (e.g., inactive, valid, used, expired, cancelled, etc.) is compared with the original binding credential recorded on the blockchain for online verification. If the status of the currently scanned dynamic digital tag matches the on-chain record (e.g., the on-chain record shows the tag as "valid," and the status of the currently scanned dynamic digital tag is also "valid"), and its corresponding physical tag has not been reported lost or cancelled, then the online verification is considered successful.
[0079] In this embodiment, if the on-chain record shows that the tag binding is normal and the current dynamic digital tag is in a valid state (i.e., not used, not expired, and not cancelled), then the current binding relationship is determined to be valid. That is, this query is for a product with a "real identity" and can be safely used for subsequent in-depth analysis.
[0080] If the on-chain record shows that the tag binding is not displayed correctly (possible reasons include: the dynamic QR code has expired, the product has been recalled (tag cancellation), or the on-chain binding record is displayed abnormally), the current binding relationship is determined to be invalid. At this time, the generation of a detailed traceability report will be terminated, and a clear warning message will be returned to the user, such as "The product tag has expired, please purchase with caution" or "Unable to verify the authenticity of the product".
[0081] In this embodiment, when the binding relationship is valid, the integrity of the historical traceability chain of the target product is assessed, generating a chain integrity index; the latest status of the target product is assessed in real time, generating a real-time health status of the target product. A traceability report for the target product is then generated based on the chain integrity index and the real-time health status.
[0082] The traceability report for the target product may include: basic product information (name, specifications, batch number, and unique traceability identifier, etc.), authenticity verification results (displaying an indicator that "label binding relationship verification is valid"), core evaluation indicators (chain integrity index and real-time status health), traceability chain visualization, and detailed data summary.
[0083] In one possible implementation, the chain integrity index of the target product is determined based on a unique traceability identifier, including: Retrieve and parse all on-chain traceability data blocks associated with a unique traceability identifier from the blockchain network to form a traceability data sequence; The types of each link in the traceability data sequence are compared with the preset standard links to determine the coverage ratio of the on-chain links to the preset standard links; the preset standard links represent the node sequence stored in the blockchain network that has mandatory recording requirements. The integrity of each traceable data block in the traceable data sequence is verified, and the data integrity ratio of all complete traceable data blocks to the total number of traceable data blocks is recorded. Analyze the rationality of the timestamp intervals between adjacent traceability data blocks in the traceability data sequence, and determine the temporal continuity ratio of consecutive links with reasonable time intervals to the total consecutive links; the rationality of the timestamp intervals is used to characterize whether the time difference between the data on the chain of two adjacent links conforms to physical laws and business logic. Extract the password hash value of each traceability data block in the traceability data sequence, compare the password hash value corresponding to each link with the seed value of the digital tag, and take the links with the same comparison result as the links that are successfully matched, and obtain the binding consistency ratio of all successfully matched links to the total links; Based on the coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, and using the chain integrity index calculation formula, the chain integrity index of the target product is calculated. The chain integrity index is used to characterize the completeness, credibility, and reliability of the traceability records of the target product throughout its entire life cycle on the blockchain network. The formula for calculating the chain integrity index is: ,in, C This represents the chain integrity index of the target product. Indicates the coverage ratio. Indicates the data integrity ratio. Indicates the ratio of temporal continuity. Indicates the binding consistency ratio. These represent the preset weighting coefficients for coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, respectively. .
[0084] In this embodiment, a query is initiated to the blockchain network using the unique traceability identifier of the target product as the search key. The query result will return all traceability data blocks associated with this traceability identifier and successfully stored on the blockchain. These traceability data blocks are then arranged in ascending order according to their internal timestamps (recorded in the data block header) to form a traceability data sequence arranged in chronological order. This sequence represents all the key events that the product has experienced from its inception to the present, which have been recorded by the blockchain.
[0085] In this embodiment, the preset standard steps represent the node sequence stored in the blockchain network that has mandatory recording requirements. The coverage ratio is used to evaluate whether the traceability steps of the actual records cover all the steps that the business requires to be recorded, reflecting the "comprehensiveness" of the chain.
[0086] This embodiment compares the actual types of links that appear in the traceability data sequence (extracted from the "link attribute information" of each data block) with a preset standard link list, and determines the coverage ratio based on the ratio of the number of actual link types to the total number of standard links in the standard link list. .
[0087] In this embodiment, the data integrity ratio is used to evaluate the integrity and validity of the content of each traceability data block that has been uploaded to the chain, reflecting the "health" of each node in the chain. This embodiment performs integrity verification on each traceability data block in the traceability data sequence, including whether the data block structure conforms to the specifications, whether core data fields are missing, whether the attached digital signature is valid and matches the recording unit operation node, and whether the included environmental consistency proof is valid.
[0088] By traversing the entire traceability data sequence, the above integrity check is performed on each traceability data block, and the number of all traceability data blocks that pass the check is counted. The data integrity ratio is determined based on the ratio of the number of all traceability data blocks that pass the check to the total number of traceability data blocks. .
[0089] In this embodiment, the temporal continuity ratio is used to evaluate whether the time order and interval of data uploading to the chain in adjacent links conform to the flow rules of the physical world and business logic, reflecting the "logical rationality" of the chain. This embodiment can sequentially examine two adjacent traceability data blocks in the traceability data sequence (for example, the two traceability data blocks are block 1 and block 2, where block 1 precedes block 2). The timestamp difference Δt = t2-t1 is calculated, and it is determined whether Δt is within a preset reasonable range [t...]. min ,t max Within this range, the preset reasonable interval is set based on the physical laws of the process type (for example, it may take 1-3 days from production to shipment, and 1-5 hours for intra-city transportation). If Δt is within the reasonable range and is positive (ensuring that time increases), then the interval between the processes is considered reasonable.
[0090] This embodiment identifies all consecutive link pairs in the traceability data sequence and determines reasonably spaced link pairs based on the aforementioned consecutive row verification. The temporal continuity ratio is determined by the ratio of the number of reasonably verified link pairs to the total number of consecutive link pairs. .
[0091] In this embodiment, the binding consistency ratio is used to verify the legality and consistency of the physical identifier (tag) of the target product in each stage of its circulation, reflecting the continuous binding relationship between the "product" and the "chain," and is a core indicator for preventing tampering. For each data block in the traceability data sequence, the binding consistency verification method can be as follows: extract the physical tag information scanned or read at that time from the data block (e.g., the read PUF feature code); obtain the initial tag binding record of the product from the blockchain network to obtain the original digital tag seed value; combine the physical tag information read in this stage with the product traceability identifier, and calculate the hash value corresponding to the combination; compare the hash value with the initial digital tag seed value to obtain the comparison result. If the hash value is consistent with the result of the initial digital tag seed value, it is determined that the consistency binding is successful; if the hash value is inconsistent with the result of the initial digital tag seed value, it is determined that the consistency binding fails.
[0092] In the traceability data sequence, the ratio of the number of all successfully consistent binding steps to the total number of steps is used as the binding consistency ratio. .
[0093] In this embodiment, the coverage ratio weight, data integrity ratio weight, temporal continuity ratio weight, and binding consistency ratio weight can be dynamically configured according to the product type and business focus. For example, for high-value products, a higher binding consistency ratio weight can be set, such as 0.5; for products with strict regulations, a higher coverage ratio weight can be set. This embodiment calculates the chain integrity index of the target product based on the obtained ratios and their corresponding weights, using the chain integrity index calculation formula. The chain integrity index calculation formula can be: ,in, C This represents the chain integrity index of the target product. Indicates the coverage ratio. Indicates the data integrity ratio. Indicates the ratio of temporal continuity. Indicates the binding consistency ratio. These represent the preset weighting coefficients corresponding to coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, respectively. , The specific value can be dynamically configured based on the risk attributes of the product.
[0094] In this embodiment, the chain integrity index is used to characterize the completeness, credibility, and reliability of the traceability records of the target product throughout its entire lifecycle on the blockchain network. The chain integrity index can be a value between 0 and 1, where the closer the chain integrity index C is to 1, the more complete the blockchain traceability chain of the target product, the more reliable the data, the more self-consistent the logic, and the stronger the anti-counterfeiting binding.
[0095] In one possible implementation, the real-time health status of the target product is determined based on on-chain data from the target product's traceability chain, including: The latest traceability data block associated with the unique traceability identifier is retrieved from the blockchain network and used as the current state data block; the latest traceability data block represents the latest location and status of the target product. Obtain the sequence of traceable data blocks within a preset time period in the past as a state history sequence; The current status data block is parsed to extract the current key status parameters. Each key status parameter is compared with its corresponding preset benchmark range, and the current status compliance score is determined based on the comparison results. Key status parameters include at least one of environmental parameters, geographical location, and operational status. Extract the identity and operation type of the current operation node from the current state data block; query the preset authorized node list to verify whether the identity of the operation node exists in the preset authorized node list; query the operation permission mapping table to verify whether the operation type is within its authorized operation permission set; if both verifications pass, the operation credibility flag is set to 1, otherwise it is 0. Extract parameter value sequences formed by arranging the same key state parameter in chronological order from the state history sequence and the current state data block; for each key state parameter, its dynamic reasonable fluctuation threshold can be determined by using the standard deviation method based on its corresponding state history sequence; determine whether the change of the current value of the parameter relative to its previous historical value exceeds the dynamic reasonable fluctuation threshold, and if it does, determine that the parameter has an abnormal trend; count the number of parameters with abnormal trends among all monitored key state parameters, and obtain the trend abnormality score of the number of parameters with abnormal trends as a percentage of the total number of parameters; Based on the current status compliance score, process operation credibility identifier, and trend anomaly score, and using the status health calculation formula, the real-time status health of the target product is calculated; the real-time status health indicates whether the latest status of the target product at the query time meets the requirements of safety, compliance, and business specifications. The formula for calculating health status is: ,in, H This indicates the health status value of the target product. S This indicates the current compliance score of the target product. T This indicates the operational credibility of the target product. A This indicates the score for the trend anomaly of the target product. The weighting of the current compliance score for the target product. This indicates the weight of the operational credibility identifier for the target product. This represents the weight of the trend anomaly score for the target product, and .
[0096] In this embodiment, based on the unique traceability identifier of the target product, the latest timestamped traceability data block associated with it is retrieved from the blockchain network and used as the current state data block. This data block encapsulates the latest known location, status, and operational information of the target product. All traceability data blocks generated within a preset time period (e.g., the last 7 days, the last 10 stages) are obtained and arranged chronologically to form a state history sequence. This state history sequence is used to analyze state change trends.
[0097] In this embodiment, the current state data block is parsed to extract the key state parameters recorded therein. These key state parameters include environmental parameters, geographical location, and operational status.
[0098] Each extracted key status parameter is compared with its preset benchmark range. The benchmark range for each key parameter can be preset according to product characteristics, regulations, and contractual requirements (e.g., the benchmark range for transporting cold chain pharmaceuticals is 2℃-8℃). For each key status parameter, if its value is within the benchmark range, it is considered compliant; if its value is outside the benchmark range, it is considered non-compliant. The current status compliance score S is determined based on the ratio of all compliant parameters to the total number of monitored key parameters. This status compliance score is a value between 0 and 1, with the value closer to 1 indicating a higher level of compliance.
[0099] In this embodiment, the process operation credibility identifier is used to determine whether the latest operation that led the product to its current state was executed by a trusted and authorized entity. From the current state data block, the node identity identifier and the specific operation type (e.g., warehousing, temperature adjustment) recording the operation are extracted. A double-linkage verification is performed on the node's identifier. If the double-linkage verification passes, the process operation credibility identifier is assigned a value of 1; if the double-linkage verification fails, the operation process credibility identifier is assigned a value of 0.
[0100] In this embodiment, the trend anomaly score is used to assess whether the key status of the target product has recently experienced abnormal fluctuations that exceed normal patterns, and to provide early warning of potential risks.
[0101] For each monitored key state parameter (e.g., temperature), based on data from the state history sequence, a dynamic reasonable fluctuation threshold is determined using statistical methods (e.g., calculating the standard deviation of adjacent historical changes). Specifically, the dynamic reasonable fluctuation threshold can be set to k times the standard deviation, i.e., Δth = k × σ, where k represents a preset multiplier (preferably, k is 2 or 3), Δth represents the dynamic reasonable fluctuation threshold, and σ represents the standard deviation of adjacent historical changes. It is then determined whether the absolute value of the change in the current value of the key state parameter relative to its previous historical value, |Δx| = |x1 - x0|, exceeds the dynamic reasonable fluctuation threshold Δth, where x1 represents the current value of the key state parameter, and x0 represents the previous historical value. If |Δx| > Δth, the parameter is determined to have an abnormal trend; otherwise, it is determined to be a normal fluctuation. In this embodiment, the preset multiplier k can be configured according to the sensitivity of the target product and the business risk requirements. For example, for highly sensitive products (vaccines, fresh food, etc.), k=2 can be set to improve sensitivity; for low-sensitivity products or links with large environmental fluctuations, k=3 can be set to reduce false alarms.
[0102] In this embodiment, the trend anomaly score is determined based on the ratio between the number of parameters exhibiting abnormal trends and the total number of monitored key status parameters. This trend anomaly score can be a value between 0 and 1, where 0 indicates all key parameters are normal, and 1 indicates all key parameters exhibit abnormal trends.
[0103] This embodiment calculates the real-time status health value based on the current status compliance score, process operation credibility identifier, and trend anomaly score, along with their respective weights, using a real-time status health calculation formula. The status health calculation formula can be: ,in, H This indicates the health status value of the target product. S This indicates the current compliance score of the target product. T This indicates the operational credibility of the target product. A This indicates the score for the trend anomaly of the target product. The weighting of the current compliance score for the target product. This indicates the weight of the operational credibility identifier for the target product. This represents the weight of the trend anomaly score for the target product, and The values of each weight can be dynamically configured based on the type of the target product and its risk attributes (for example, for products sensitive to operational processes, the weight can be set to...). (Higher)
[0104] As can be seen from the above, this embodiment performs decentralized identity authentication on each node involved in the traceability of the target product, assigns a unique identity identifier to the authenticated node, and connects it to the blockchain network. This avoids the risks associated with control by a single centralized institution, ensuring the authenticity and reliability of each node's identity and guaranteeing the credibility of traceability information from the source. When verifying the validity of the target product information, this embodiment employs an initial verification followed by a dual-linkage verification based on the initial product information set and the evidence-stored data in the blockchain network. This improves the accuracy and reliability of the information and effectively prevents false information from entering the traceability chain. This embodiment generates a unique traceability identifier for the target product and binds a physical tag and a dynamic digital tag to the target product based on the traceability identifier, generating a tag binding record. This facilitates product identification and management, allowing consumers and managers to quickly query product traceability information by scanning the dynamic digital tag.
[0105] Based on the same principle as the blockchain-based product traceability method provided in the embodiments of this application, the embodiments of this application also provide a blockchain-based product traceability device, such as... Figure 2 As shown, the blockchain-based product traceability device 20 may specifically include: an identity authentication module 21, a tag binding record generation module 22, a valid data packet generation module 23, a traceability chain generation module 24, and a traceability report generation module 25.
[0106] Among them, the identity authentication module 21 is used to perform decentralized identity authentication on each node involved in the traceability of the target product, assign a unique identity to the authenticated node, and connect it to the blockchain network. The tag binding record generation module 22 is used to generate a unique traceability identifier for each target product if the target product enters the traceability process, and bind a physical tag and a dynamic digital tag to the target product according to the traceability identifier, thereby generating a tag binding record; the physical tag includes the traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag; The valid data packet generation module 23 is used to obtain the target product information for each stage, verify the validity of the target product information, and generate a valid data packet; the target product information includes the attributes of the target product, the circulation stage, and environmental data; The traceability chain generation module 24 is used to determine traceability data blocks based on valid data packets and associate traceability data blocks with unique traceability identifiers; store traceability data blocks on the blockchain and link the traceability data blocks corresponding to each link in sequence through hash pointers to generate the traceability chain of the target product. The traceability report generation module 25 is used to respond to the query request of scanning dynamic digital tags, verify whether the binding relationship between the current dynamic digital tag, physical tag and traceability identifier is valid according to the tag binding record. If the binding relationship is valid, the chain integrity index and real-time health status of the target product are determined based on the unique traceability identifier, and a traceability report of the target product is generated.
[0107] In one embodiment of this application, when generating a tag binding record by binding a physical tag and a dynamic digital tag to the target product based on the traceability identifier, the tag binding record generation module 22 is specifically used for: Generate a unique anti-counterfeiting feature code for the physical label based on a physically non-cloning function; The traceability identifier is combined with the anti-counterfeiting feature code to obtain the combined feature string. The password hash value of the feature string is obtained and used as the seed value of the digital tag. Generate the initial accessible address of the dynamic digital tag based on the seed value of the digital tag; The traceability identifier, anti-counterfeiting feature code, and initial accessible address are associated to generate a tag binding record.
[0108] In one embodiment of this application, when validating the target product information and generating a valid data packet, the valid data packet generation module 23 is specifically used for: Perform initial verification on the target product information to obtain an initial set of product information; The target product information set is obtained by performing dual linkage verification based on the initial product information set and the evidence stored in the blockchain network. The dual linkage verification includes node linkage verification and tag binding verification, and the node linkage verification and tag binding verification are in a progressive relationship. The product information in the target product information set is encapsulated according to a preset format to obtain a valid data packet.
[0109] In one embodiment of this application, the evidence storage data includes identity identifiers and tag binding records. When a target product information set is obtained by performing dual linkage verification based on the initial product information set and the evidence storage data in the blockchain network, the valid data packet generation module 23 is specifically used for: A node-linked verification operation is performed on the initial set of product information and the evidence-stored data in the blockchain network. After the verification is successful, the node-linked product information set is obtained. A tag binding verification operation is performed on the node-linked product information set and the evidence-stored data in the blockchain network to obtain the target product information set; the target product information set includes the node-linked product information and the tag binding verification result. The node linkage verification operation includes: Based on the node's identity identifier and the initial product information set in the evidence data, the legality of the node's identity identifier in the collected product information, as well as the legality of the node identifiers corresponding to the upstream and downstream links of this link, are verified. If the node and its upstream and downstream nodes have completed decentralized identity authentication, and the node has the authority to collect the target product information of this link, then the verification is deemed successful, and the node-linked product information set is obtained. The node-linked product information set includes product identifier information, link attribute information, node and link information, environmental data, physical tag information, and timestamp. The tag binding verification operation includes: Extract anti-counterfeiting feature codes from the set of linked product information from nodes, and obtain the pre-stored digital label seed value based on the evidence data and the label binding record corresponding to the target product. Calculate the cryptographic hash value of the anti-counterfeiting feature code; If the pre-stored digital tag seed value matches the password hash value, the tag binding verification is considered successful.
[0110] In one embodiment of this application, when determining the chain integrity index of the target product based on the unique traceability identifier, the traceability report generation module 25 is specifically used for: Retrieve and parse all on-chain traceability data blocks associated with a unique traceability identifier from the blockchain network to form a traceability data sequence; The types of each link in the traceability data sequence are compared with the preset standard links to determine the coverage ratio of the on-chain links to the preset standard links; the preset standard links represent the node sequence stored in the blockchain network that has mandatory recording requirements. The integrity of each traceable data block in the traceable data sequence is verified, and the data integrity ratio of all complete traceable data blocks to the total number of traceable data blocks is recorded. Analyze the rationality of the timestamp intervals between adjacent traceability data blocks in the traceability data sequence, and determine the temporal continuity ratio of consecutive links with reasonable time intervals to the total consecutive links; the rationality of the timestamp intervals is used to characterize whether the time difference between the data on the chain of two adjacent links conforms to physical laws and business logic. Extract the password hash value of each traceability data block in the traceability data sequence, compare the password hash value corresponding to each link with the obtained digital tag seed value, and take the links with the same comparison result as the links that are successfully matched, and obtain the binding consistency ratio of all successfully matched links to the total links. Based on the coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, and using the chain integrity index calculation formula, the chain integrity index of the target product is calculated. The chain integrity index is used to characterize the completeness, credibility, and reliability of the traceability records of the target product throughout its entire life cycle on the blockchain network. The formula for calculating the chain integrity index is: ,in, C This represents the chain integrity index of the target product. Indicates the coverage ratio. Indicates the data integrity ratio. Indicates the ratio of temporal continuity. Indicates the binding consistency ratio. These represent the preset weighting coefficients for coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, respectively. .
[0111] In one embodiment of this application, when determining the real-time health status of the target product based on the unique traceability identifier, the traceability report generation module 25 is specifically used for: The latest traceability data block associated with the unique traceability identifier is retrieved from the blockchain network and used as the current state data block; the latest traceability data block represents the latest location and status of the target product. Obtain the sequence of traceable data blocks within a preset time period in the past as a state history sequence; The current status data block is parsed to extract the current key status parameters. Each key status parameter is compared with its corresponding preset benchmark range, and the current status compliance score is determined based on the comparison results. Key status parameters include at least one of environmental parameters, geographical location, and operational status. Extract the identity and operation type of the current operation node from the current state data block; query the preset authorized node list to verify whether the identity of the operation node exists in the preset authorized node list; query the operation permission mapping table to verify whether the operation type is within its authorized operation permission set; if both verifications pass, the operation credibility flag is set to 1, otherwise it is 0. Extract parameter value sequences formed by arranging the same key state parameter in chronological order from the state history sequence and the current state data block; for each key state parameter, determine its dynamic reasonable fluctuation threshold based on its corresponding state history sequence; determine whether the change of the current value of the parameter relative to its previous historical value exceeds the dynamic reasonable fluctuation threshold, and if it does, determine that the parameter has an abnormal trend; count the number of parameters with abnormal trends among all monitored key state parameters, and obtain the trend abnormality score of the number of parameters with abnormal trends as a percentage of the total number of parameters; Based on the current status compliance score, process operation credibility identifier, and trend anomaly score, and using the status health calculation formula, the real-time status health of the target product is calculated; the real-time status health indicates whether the latest status of the target product at the query time meets the requirements of safety, compliance, and business specifications. The formula for calculating health status is: ,in, H This indicates the health status value of the target product. S This indicates the current compliance score of the target product. T This indicates the operational credibility of the target product. A This indicates the score for the trend anomaly of the target product. The weighting of the current compliance score for the target product. This indicates the weight of the operational credibility identifier for the target product. This represents the weight of the trend anomaly score for the target product, and .
[0112] In one embodiment of this application, after the dual linkage verification is performed, the valid data packet generation module 23 is further configured to: For each stage, acquire the environmental data collected at that stage node, along with time synchronization proof; the time synchronization proof is used to verify the collection time of the environmental data; the time synchronization proof is determined based on the timestamp corresponding to the hash value in the environmental data; Extract environmental data fragments from environmental data within a time window that overlaps with the time point of target product information collection; Obtain the first feature value of the environmental data fragment, and obtain the second feature value corresponding to the environmental data in the initial product information set within the time window; If the deviation between the first eigenvalue and the second eigenvalue is within the allowable error range, then an environmental consistency proof is generated; Add environmental consistency proofs and time synchronization proofs to the valid data packets.
[0113] The apparatus in this application embodiment can execute the method provided in this application embodiment, and the implementation principle is similar. The actions performed by each module in the apparatus of each embodiment of this application correspond to the steps in the method of each embodiment of this application. For detailed functional descriptions of each module of the apparatus, please refer to the descriptions in the corresponding methods shown above, which will not be repeated here.
[0114] Figure 3 A schematic diagram of the structure of an electronic device to which this application embodiment applies is shown, such as... Figure 3 As shown, the electronic device can be used to implement the methods provided in any embodiment of this application.
[0115] like Figure 3 As shown, the electronic device 300 may primarily include at least one processor 301. Figure 3The diagram shows components such as a memory 302, a communication module 303, and an input / output interface 304. Optionally, these components can be connected and communicate with each other via a bus 305. It should be noted that... Figure 3 The structure of the electronic device 300 shown is merely illustrative and does not constitute a limitation on the electronic devices to which the methods provided in the embodiments of this application are applicable.
[0116] The memory 302 can be used to store operating systems and applications, etc. The applications can include computer programs that implement the methods shown in the embodiments of this application when invoked by the processor 301, and can also include programs for implementing other functions or services. The memory 302 can be ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, RAM (Random Access Memory) or other types of dynamic storage devices that can store information and computer programs, or it can be EEPROM (Electrically Erasable Programmable Read Only Memory), CD-ROM (Compact Disc Read Only Memory) or other optical disc storage, optical disc storage (including compressed optical discs, laser discs, optical discs, digital universal optical discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
[0117] Processor 301 is connected to memory 302 via bus 305 and implements corresponding functions by calling the application programs stored in memory 302. Processor 301 can be a CPU (Central Processing Unit), a general-purpose processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute the various exemplary logic blocks, modules, and circuits described in conjunction with the disclosure of this application. Processor 301 can also be a combination that implements computing functions, such as a combination of one or more microprocessors, a combination of a DSP and a microprocessor, etc.
[0118] Electronic device 300 can connect to a network via communication module 303 (which may include, but is not limited to, components such as a network interface) to communicate with other devices (such as user terminals or servers) through the network and achieve data interaction, such as sending data to or receiving data from other devices. Communication module 303 may include wired network interfaces and / or wireless network interfaces, meaning the communication module may include at least one of wired or wireless communication modules.
[0119] The electronic device 300 can connect to necessary input / output devices, such as a keyboard and display device, via the input / output interface 304. The electronic device 300 itself may have a display device, and other display devices can also be connected externally via the interface 304. Optionally, a storage device, such as a hard drive, can also be connected via the interface 304 to store data from the electronic device 300, read data from the storage device, or store data from the storage device in the memory 302. It is understood that the input / output interface 304 can be a wired interface or a wireless interface. Depending on the actual application scenario, the device connected to the input / output interface 304 can be a component of the electronic device 300 or an external device connected to the electronic device 300 when needed.
[0120] The bus 305 used to connect the components may include a path for transmitting information between the components. The bus 305 may be a PCI (Peripheral Component Interconnect) bus or an EISA (Extended Industry Standard Architecture) bus, etc. Depending on its function, the bus 305 may be divided into an address bus, a data bus, a control bus, etc.
[0121] Optionally, for the solution provided in the embodiments of this application, the memory 302 can be used to store a computer program that executes the solution of this application, and the processor 301 runs the computer program. When the processor 301 runs the computer program, it implements the operation of the method or apparatus provided in the embodiments of this application.
[0122] Based on the same principle as the method provided in the embodiments of this application, the embodiments of this application provide a computer-readable storage medium storing a computer program, which, when executed by a processor, can implement the corresponding content of the aforementioned method embodiments.
[0123] It should be noted that the terms "first," "second," "third," "fourth," "1," "2," etc. (if present) in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in a sequence other than that shown in the figures or text.
[0124] In the embodiments of this application, the terms "module" or "unit" refer to a computer program or part of a computer program that has a predetermined function and works with other related parts to achieve a predetermined goal, and can be implemented wholly or partially using software, hardware (such as processing circuitry or memory), or a combination thereof. Similarly, a processor (or multiple processors or memory) can be used to implement one or more modules or units. Furthermore, each module or unit can be part of an overall module or unit that includes the functionality of that module or unit.
[0125] It should be understood that although arrows indicate various operation steps in the flowcharts of this application's embodiments, the order in which these steps are implemented is not limited to the order indicated by the arrows. Unless explicitly stated herein, in some implementation scenarios of this application's embodiments, the implementation steps in each flowchart can be executed in other orders as required. Furthermore, some or all steps in each flowchart, based on the actual implementation scenario, may include multiple sub-steps or multiple stages. Some or all of these sub-steps or stages can be executed at the same time, and each sub-step or stage can also be executed at different times. In scenarios where execution times differ, the execution order of these sub-steps or stages can be flexibly configured according to requirements, and this application's embodiments do not limit this.
[0126] The above description is only an optional implementation method for some implementation scenarios of this application. It should be noted that for those skilled in the art, other similar implementation methods based on the technical concept of this application without departing from the technical concept of this application also fall within the protection scope of the embodiments of this application.
Claims
1. A product traceability method based on blockchain, characterized in that, The method is performed by an electronic device, and the method includes: Decentralized identity authentication is performed on each node involved in the traceability of the target product. Authentication nodes are assigned a unique identity and connected to the blockchain network. For each target product, if the target product enters the traceability process, a unique traceability identifier is generated for the target product, and a physical tag and a dynamic digital tag are bound to the target product according to the traceability identifier, generating a tag binding record; the physical tag includes the traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag; For each stage, the target product information for that stage is obtained, and the validity of the target product information is verified to generate a valid data packet; the target product information includes the target product's attributes, circulation stages, and environmental data; The traceability data block is determined based on the valid data packet, and the traceability data block is associated with the unique traceability identifier; the traceability data block is stored on the blockchain, and the traceability data blocks corresponding to each link are linked sequentially through the hash pointer to generate the traceability chain of the target product; In response to a query request to scan the dynamic digital tag, the binding relationship between the current dynamic digital tag, the physical tag, and the traceability identifier is verified based on the tag binding record. If the binding relationship is valid, the chain integrity index and real-time health status of the target product are determined based on the unique traceability identifier, and a traceability report for the target product is generated.
2. The method as described in claim 1, characterized in that, The step of binding a physical tag and a dynamic digital tag to the target product based on the traceability identifier and generating a tag binding record includes: Generate a unique anti-counterfeiting feature code based on a physically non-cloning function for the physical tag; The traceability identifier is combined with the anti-counterfeiting feature code to obtain the combined feature string. The password hash value of the feature string is obtained and the password hash value is used as the seed value of the digital tag. The initial accessible address of the dynamic digital tag is generated based on the seed value of the digital tag; The traceability identifier, the anti-counterfeiting feature code, and the initial accessible address are associated to generate a tag binding record.
3. The method as described in claim 2, characterized in that, The step of validating the target product information and generating a valid data packet includes: The target product information is initially verified to obtain an initial product information set; The target product information set is obtained by performing dual linkage verification based on the initial product information set and the evidence storage data in the blockchain network. The dual linkage verification includes node linkage verification and tag binding verification, wherein the node linkage verification and the tag binding verification are in a progressive relationship. The product information in the target product information set is encapsulated according to a preset format to obtain a valid data packet.
4. The method as described in claim 3, characterized in that, The evidence storage data includes identity identifiers and tag binding records. The target product information set is obtained by performing a dual verification process based on the initial product information set and the evidence-stored data in the blockchain network, including: A node-linked verification operation is performed on the initial set of product information and the evidence-stored data in the blockchain network. After the verification is successful, a node-linked set of product information is obtained. A tag binding verification operation is performed on the node-linked product information set and the evidence-stored data in the blockchain network to obtain a target product information set; the target product information set includes the node-linked product information and the tag binding verification result. The node linkage verification operation includes: Based on the node's identity identifier in the stored evidence data and the initial product information set, the legality of the node's identity identifier in the collected product information, as well as the legality of the node identifiers corresponding to the upstream and downstream links of this link, are verified. If the node and its upstream and downstream nodes have completed decentralized identity authentication, and the node has the authority to collect the target product information of this link, then the verification is deemed successful, and the node-linked product information set is obtained. The node-linked product information set includes product identifier information, link attribute information, node and link information, environmental data, physical tag information, and timestamp. The tag binding verification operation includes: Extract anti-counterfeiting feature codes from the set of linked product information of the nodes, and obtain the pre-stored digital label seed value based on the stored evidence data and the label binding record corresponding to the target product; Calculate the cryptographic hash value of the anti-counterfeiting feature code; If the pre-stored digital tag seed value matches the password hash value, the tag binding verification is deemed successful.
5. The method as described in claim 2, characterized in that, Based on the unique traceability identifier, the chain integrity index of the target product is determined, including: Retrieve and parse all on-chain traceability data blocks associated with the unique traceability identifier from the blockchain network to form a traceability data sequence; The types of each link in the traceability data sequence are compared with preset standard links to determine the coverage ratio of the on-chain links to the preset standard links; the preset standard links represent the node sequence stored in the blockchain network that has mandatory recording requirements. The integrity of each traceability data block in the traceability data sequence is verified, and the data integrity ratio of all complete traceability data blocks to the total number of traceability data blocks is recorded. Analyze the reasonableness of the timestamp intervals between adjacent traceability data blocks in the traceability data sequence, and determine the temporal continuity ratio of continuous links with reasonable time intervals to the total continuous links; the reasonableness of the timestamp intervals is used to characterize whether the time difference between the data on the chain of two adjacent links conforms to physical laws and business logic; Extract the password hash value of each traceability data block in the traceability data sequence, compare the password hash value corresponding to each link with the seed value of the digital tag, and take the links with the same comparison result as the links that are successfully matched, and obtain the binding consistency ratio of all successfully matched links to the total links. Based on the coverage ratio, the data integrity ratio, the temporal continuity ratio, and the binding consistency ratio, and using the chain integrity index calculation formula, the chain integrity index of the target product is calculated. The chain integrity index is used to characterize the completeness, credibility, and reliability of the traceability records of the target product throughout its entire lifecycle on the blockchain network. The formula for calculating the chain integrity index is as follows: ,in, C This represents the chain integrity index of the target product. Indicates the coverage ratio. Indicates the data integrity ratio. Indicates the ratio of temporal continuity. Indicates the binding consistency ratio. These represent the preset weighting coefficients for coverage ratio, data integrity ratio, temporal continuity ratio, and binding consistency ratio, respectively. .
6. The method as described in claim 5, characterized in that, Based on the unique traceability identifier, the real-time health status of the target product is determined, including: The latest traceability data block associated with the unique traceability identifier is obtained from the blockchain network and used as the current state data block; the latest traceability data block represents the latest location and status of the target product. Obtain the sequence of traceable data blocks within a preset time period in the past as a state history sequence; The current status data block is parsed to extract key status parameters. Each key status parameter is compared with its corresponding preset benchmark range, and the compliance score of the current status is determined based on the comparison results. The key status parameters include at least one of environmental parameters, geographical location, and operational status. Extract the identity and operation type of the current operation node from the current state data block; query the preset authorized node list to verify whether the identity of the operation node exists in the preset authorized node list; query the operation permission mapping table to verify whether the operation type is in its authorized operation permission set; if both verifications pass, the operation credibility identifier is determined to be 1, otherwise it is 0; From the state history sequence and the current state data block, extract the parameter value sequence formed by arranging the same key state parameter in chronological order; for each key state parameter, determine its dynamic reasonable fluctuation threshold based on its corresponding state history sequence; determine whether the change of the current value of the parameter relative to its previous historical value exceeds the dynamic reasonable fluctuation threshold, and if it does, determine that the parameter has an abnormal trend; count the number of parameters with abnormal trends among all monitored key state parameters, and obtain the trend abnormality score of the number of parameters with abnormal trends as a percentage of the total number of parameters; Based on the current status compliance score, the process operation credibility identifier, and the trend anomaly score, and using the status health calculation formula, the real-time status health of the target product is calculated; the real-time status health indicates whether the latest status of the target product at the query time meets the requirements of safety, compliance, and business specifications. The formula for calculating the health status is as follows: ,in, H This indicates the health status value of the target product. S This indicates the current compliance score of the target product. T This indicates the operational credibility of the target product. A This indicates the score for the trend anomaly of the target product. The weighting of the current compliance score for the target product. This indicates the weight of the operational credibility identifier for the target product. This represents the weight of the trend anomaly score for the target product, and .
7. The method as described in claim 3, characterized in that, After performing the dual-linkage verification, the following is also included: For each stage, environmental data collected at that stage node and accompanied by time synchronization proof is obtained; the time synchronization proof is used to verify the collection time of the environmental data; the time synchronization proof is determined based on the timestamp corresponding to the hash value in the environmental data; Extract environmental data fragments from the environmental data that overlap with the time point of the target product information collection; Obtain the first feature value of the environmental data segment, and obtain the second feature value corresponding to the environmental data in the initial product information set within the time window; If the deviation between the first feature value and the second feature value is within the allowable error range, then an environmental consistency proof is generated; The environmental consistency proof and the time synchronization proof are added to the valid data packet.
8. A product traceability device based on blockchain, characterized in that, include: The identity authentication module is used to perform decentralized identity authentication on each node involved in the traceability of the target product, assign a unique identity to the authenticated node, and connect it to the blockchain network. The tag binding record generation module is used to generate a unique traceability identifier for each target product if the target product enters the traceability process, and bind a physical tag and a dynamic digital tag to the target product according to the traceability identifier to generate a tag binding record; the physical tag includes the traceability identifier, and the dynamic digital tag is a dynamically updatable QR code associated with the physical tag; The valid data packet generation module is used to obtain the target product information for each stage, verify the validity of the target product information, and generate a valid data packet; the target product information includes the attributes of the target product, the circulation stage, and environmental data; The traceability chain generation module is used to determine traceability data blocks based on the valid data packets and associate the traceability data blocks with the unique traceability identifier; store the traceability data blocks on the blockchain and link the traceability data blocks corresponding to each link sequentially through hash pointers to generate the traceability chain of the target product. The traceability report generation module is used to respond to the query request of scanning the dynamic digital tag, verify whether the binding relationship between the current dynamic digital tag, the physical tag and the traceability identifier is valid according to the tag binding record, and if the binding relationship is valid, determine the chain integrity index and real-time health status of the target product based on the unique traceability identifier, and generate a traceability report for the target product.
9. An electronic device, characterized in that, The electronic device includes a memory and a processor. The memory stores a computer program, and the processor executes a blockchain-based product traceability method according to any one of claims 1 to 7 when running the computer program.
10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements a blockchain-based product traceability method as described in any one of claims 1 to 7.