FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
TITLE
METHOD AND SYSTEM FOR SECURITY MANAGEMENT IN BLOCKCHAIN NETWORK
Applicant
Tata Consultancy Services Limited A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India
Preamble to the Description
The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD [001] The embodiments herein generally relate to the field of blockchain network and, more particularly, to security management in the blockchain network.
BACKGROUND [002] Security is a prime concern for enterprise or entities while using new technology/application area. Blockchain as a platform provides built-in security. However that is not adequate since there are multiple security aspects associated with nodes of a blockchain network and it is critical that these are monitored and modified seamlessly in accordance with observations noted. Security aspects of the blockchain include security levels of a node, security policy settings at the node defining mode of access to file systems of the blockchain security keys and so on that need to be monitored, analyzed and modified as and when required. Existing systems and approaches attempting to provide solution for security management of blockchain are platform specific and applicable to issues related to the specific blockchain platform. Further, they address a few on many security aspects that require to be addresses for enhanced security for the blockchain platform. Further, hardly any security management solutions are provided as a single platform for an end user to access and modify the security changes required for various security aspects. Moreover, existing solutions the blockchain network and users will be dependent on third party interference for such management. .
SUMMARY [003] Embodiments of the present disclosure present technological improvements as solutions to one or more of the above-mentioned technical problems recognized by the inventors in conventional systems. For example, in one embodiment, a method for security management in a blockchain network. The method comprising generating and displaying, via one or more hardware

processors, an interactive view of a plurality of nodes in the blockchain network
on a Graphical User Interface (GUI), wherein each node among the plurality of
nodes is displayed with a name, an Internet Protocol (IP) address, an owner
associated with each node and a role of a plurality of participants associated
with each node, and wherein one or more nodes selected among the plurality of nodes are received from an authorized user through the GUI for initiating a plurality of actions for the security management of the one or more nodes. Further, the method comprising providing, via the one or more hardware processors, a multilevel node security setting to the authorized user to receive a current security level selected by the authorized user from the multilevel node security setting for each of the one or more nodes, wherein each security level among the multilevel node security settings is associated with unique security controls, and wherein the unique security controls are defined in a set of configuration files of the blockchain network and are configurable. Further, the method comprising applying, via the one or more hardware processors, a set of security controls to each of the one or more nodes in accordance with the current security level selected, wherein the set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level. Further, the method comprising initiating, via the one or more hardware processors, at least one security action among a plurality of security actions on each of the one or more nodes The plurality of security actions comprise: performing a security analysis of each of the one or more nodes to determine and address one or more security gaps associated with a network domain related security level and a use case related security level at each of the one or more nodes; performing a security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network; performing a multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using an existing key set and generating a fresh key set keys; and performing an identity and access control management. The identity

and access control management is performed to verify, validate a node entry into the blockchain network in accordance with the role of an entry participant defined in an invitation link; and dynamically modify the role of the entry participant and the plurality of participants based on a request from the authorized user.
[004] In another aspect, a system for security management in a
blockchain network is provided. The system comprises a memory storing
instructions; one or more Input/Output (I/O) interfaces; and one or more hardware
processors coupled to the memory via the one or more I/O interfaces, wherein the
one or more hardware processors are configured by the instructions to generate
and display an interactive view of a plurality of nodes in the blockchain network
on a Graphical User Interface (GUI), wherein each node among the plurality of
nodes is displayed with a name, an Internet Protocol (IP) address, an owner
associated with each node and a role of a plurality of participants associated
with each node, and wherein one or more nodes selected among the plurality of nodes are received from an authorized user through the GUI for initiating a plurality of actions for the security management of the one or more nodes. Further, the one or more hardware processors are configured to provide a multilevel node security setting to the authorized user to receive a current security level selected by the authorized user from the multilevel node security setting for each of the one or more nodes, wherein each security level among the multilevel node security settings is associated with unique security controls, and wherein the unique security controls are defined in a set of configuration files of the blockchain network and are configurable. Further, the one or more hardware processors are configured apply a set of security controls to each of the one or more nodes in accordance with the current security level selected, wherein the set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level. Further, the one or more hardware processors are configured to initiate at least one security action among a plurality of security actions on each of the one or more nodes The plurality of security actions comprise: performing a security analysis of each of the one or more nodes

to determine and address one or more security gaps associated with a network domain related security level and a use case related security level at each of the one or more nodes; performing a security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network; performing a multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using an existing key set and generating a fresh key set keys; and performing an identity and access control management. The identity and access control management is performed to verify, validate a node entry into the blockchain network in accordance with the role of an entry participant defined in an invitation link; and dynamically modify the role of the entry participant and the plurality of participants based on a request from the authorized user.
[005] In yet another aspect, there are provided one or more non-transitory machine readable information storage mediums comprising one or more instructions, which when executed by one or more hardware processors causes a method for generating and displaying, via one or more hardware processors, an interactive view of a plurality of nodes in a blockchain network on a Graphical User Interface (GUI), wherein each node among the plurality of nodes is displayed with a name, an Internet Protocol (IP) address, an owner associated with each node and a role of a plurality of participants associated with each node, and wherein one or more nodes selected among the plurality of nodes are received from an authorized user through the GUI for initiating a plurality of actions for the security management of the one or more nodes. Further, the method comprising providing, via the one or more hardware processors, a multilevel node security setting to the authorized user to receive a current security level selected by the authorized user from the multilevel node security setting for each of the one or more nodes, wherein each security level among the multilevel node security settings is associated with unique security controls, and wherein the unique security controls are defined in a set of configuration files of the blockchain network and are configurable. Further, the method comprising

applying, via the one or more hardware processors, a set of security controls to each of the one or more nodes in accordance with the current security level selected, wherein the set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level. Further, the method comprising initiating, via the one or more hardware processors, at least one security action among a plurality of security actions on each of the one or more nodes The plurality of security actions comprise: performing a security analysis of each of the one or more nodes to determine and address one or more security gaps associated with a network domain related security level and a use case related security level at each of the one or more nodes; performing a security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network; performing a multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using an existing key set and generating a fresh key set keys; and performing an identity and access control management. The identity and access control management is performed to verify, validate a node entry into the blockchain network in accordance with the role of an entry participant defined in an invitation link; and dynamically modify the role of the entry participant and the plurality of participants based on a request from the authorized user.
[006] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS [007] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles:

[008] FIG. 1 is a functional block diagram of a system for security management in a blockchain network, in accordance with some embodiments of the present disclosure.
[009] FIG. 2 is a flow diagram illustrating a method for security management in the blockchain network, using the system of FIG. 1, in accordance with some embodiments of the present disclosure.
[010] FIG. 3 is a process depicting steps for performing security analysis to determine and address one or more security gaps associated with a network domain related security level, in accordance with the method of FIG. 2 and the system of FIG. 1, in accordance with some embodiments of the present disclosure.
[011] FIG. 4 is a process depicting steps for performing security analysis to determine and address one or more security gaps associated with a use case related security level, in accordance with the method of FIG. 2 and the system of FIG. 1, in accordance with some embodiments of the present disclosure.
[012] FIG. 5 is a process depicting steps for performing security policy setting, in accordance with the method of FIG. 2 and the system of FIG. 1, in accordance with some embodiments of the present disclosure.
[013] FIG. 6A and 6B is a process depicting steps for performing multi-key security upgrade, in accordance with the method of FIG. 2 and the system of FIG. 1, in accordance with some embodiments of the present disclosure.
DETAILED DESCRIPTION OF EMBODIMENTS [014] Exemplary embodiments are described with reference to the accompanying drawings. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the scope of the disclosed embodiments. It is intended that the following detailed description be considered as exemplary only, with the true scope being indicated by the following claims.

[015] Embodiments herein provide a method and system for security management of a plurality of nodes in a blockchain network. The method disclosed enables an authorized user to seamlessly and dynamically manage a plurality of security actions using a single platform by monitoring and controlling one or more security aspects of the blockchain network. The plurality security actions include performing a security analysis, applying a security policy setting, performing a multi-key security upgrade, and performing an identity and access control management. Each of the security actions can be applied to all or one or more nodes of interest. Thus, the method disclosed herein enables node specific or customized security management for individual requirements of a participant/owner of the specific node. Thus, the method disclosed provides flexibility in handling each node individually from a single end. Further, consensus is sought on various aspects of security such as policy templates, security controls defined for each security level, which are stored in a set of configuration files of the blockchain network. The method disclosed herein can be implemented in any one of the plurality of nodes of the blockchain network.
[016] Unlike the existing approaches that are platform specific, the method and system disclosed herein is platform agnostic and is applicable for and can be implemented across various platforms of the blockchain networks. For instance, an enterprise may utilize one among the many existing blockchain platform, such as Hyperledger Sawtooth. Hyperleger Sawtooth has unique features such as Parallel transaction execution and Event System. The method disclosed can be implemented for Hyperledger Sawtooth platform for security management. In future, if an enterprise chooses to re-platform, say on Hyperledger Fabric, then current challenge is that features such as the Parallel transaction execution and the Event System are not present in the Hyperledger Fabric and major changes specific to the new platform may be required to implement any security management on the new platform. To address this concern, the method disclosed herein provides scripts to deploy and monitor Zero Message Queue (ZMQ) socket used for event subscriptions and seamlessly apply implement the system disclosed herein in Hyperledger fabric with minimal

required modifications. Thus, the system disclosed herein, which is implemented in an older blockchain platform can be used in a new platform without any major impact/changes.
[017] Referring now to the drawings, and more particularly to FIGS. 1 through 6B, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[018] FIG. 1 is a functional block diagram of a system 100 for security management in a blockchain network, in accordance with some embodiments of the present disclosure. In an embodiment, the system 100 includes a processor (s) 104, communication interface device(s), alternatively referred as or input/output (I/O) interface(s) 106, and one or more data storage devices or a memory 102 operatively coupled to the processor (s) 104. In an embodiment, the processor (s) 104, can be one or more hardware processors (104). In an embodiment, the one or more hardware processors (104) can be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor(s) 104 is configured to fetch and execute computer-readable instructions stored in the memory 102. In an embodiment, the system 100 can be implemented in a variety of computing systems, such as laptop computers, notebooks, hand-held devices, workstations, mainframe computers, servers, a network cloud and the like. In an embodiment, the computing systems, which implements the system 100 disclosed herein, can be a node among the plurality of nodes of the blockchain network.
[019] The I/O interface(s) 106 can include a variety of software and hardware interfaces, for example, a web interface, a Graphical User Interface (GUI), and the like and can facilitate multiple communications within a wide variety of networks N/W and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or

satellite. In an embodiment, the I/O interface (s) 106 can include one or more ports for connecting a number of devices to one another or to another server. For example, the I/O interface 106 enables the authorized user to access the system disclosed herein through the GUI and communicate with other plurality of nodes of the blockchain network via the one or more ports. The GUI of the system 100 enables an end user to have an interactive view of the plurality of nodes of the blockchain network and additional data related with the such as a name, an Internet Protocol (IP) address, an owner associated with each node and a role of a plurality of participants associated with each node,. This data related to the nodes may be stored in the memory 102. Further, a set of configuration files, a plurality of security policies, a plurality of policy templates and the like can be stored in a database 108 of the memory 102. Further, an existing key set and a fresh key set generated for the multi-key upgrade may also be stored in the database 108. The memory 102 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. Thus, the memory 102 may comprise information pertaining to input(s)/output(s) of each step performed by the processor(s) 104 of the system 100 and methods of the present disclosure.
[020] Functions of the components of system 100 are explained in conjunction with method steps of flow diagrams depicted in FIG. 2 through FIG. 6. In an embodiment, the system 100 can be implemented in any one node among the plurality of nodes of the blockchain network. In another implementation, the system 100 can be implemented on all the nodes of the blockchain network, enabling all users of the node to have the view of the participants and corresponding nodes. However, only an authorized user can access the system 100 through the GUI for initiating the security actions from any of the plurality of nodes.
[021] FIG. 2 is a flow diagram illustrating a method 200 for security management in the blockchain network, using the system of FIG. 1, in accordance

with some embodiments of the present disclosure. In an embodiment, the system 100 comprises one or more data storage devices or the memory 102 operatively coupled to the processor(s) 104, and is configured to store instructions for execution of steps of the method 200 by the processor(s) 104. The steps of the method 200 of the present disclosure will now be explained with reference to the components or blocks of the system 100 as depicted in FIG. 1 and the steps of flow diagram as depicted in FIG. 2 through FIG. 6. Although process steps, method steps, techniques or the like may be described in a sequential order, such processes, methods and techniques may be configured to work in alternate orders. In other words, any sequence or order of steps that may be described does not necessarily indicate a requirement that the steps to be performed in that order. The steps of processes described herein may be performed in any order practical. Further, some steps may be performed simultaneously.
[022] Referring to the steps of the method 200, at step 202, the one or more hardware processors (104) are configured to generate and display an interactive view of the plurality of nodes in the blockchain network on the GUI. Each node among the plurality of nodes is displayed with the name, the Internet Protocol (IP) address, the owner and the role of the plurality of participants associated with each node. The authorized user can select one or more nodes through the interactive view of the GUI for initiating the plurality of security actions during the security management of the one or more nodes. Data corresponding to each node is received by the system 100 either through direct entry or through XML/JSON files during a node discovery or node addition. This data corresponding to the nodes is stored in the database 108 and used for further processes in the life cycle of the nodes until the node is marked as inactive. The interactive display provides a single view to any participant desiring to have information of participating nodes of the blockchain without need to traverse multiple pages. The consolidated view provides a brief glance of the entire network with mouse hovering the additional information. In an embodiment, the authorized user can be a participant among the plurality of participants associated

with the plurality of nodes of the blockchain network determined in accordance with consensus of participants of the plurality of nodes.
[023] For the selected nodes, at step 204 of the method 200, the one or
more hardware processors (104) are configured to provide a multilevel node
security setting to the authorized user. The authorized user can then select a current
security level from the multilevel node security setting for each of the one or more
nodes. Each security level among the multilevel node security settings is associated
with unique security controls. The unique security controls are defined in the set of
configuration files of the blockchain network and are configurable. Multiple
security controls such as Static ARP Entries, Anti ARP solution, HSTS
Implementation, DNS Spoofing Protection, Private Key Encryption, Payload
Encryption, File Encryption and the like are available. For each security level a
unique combination of security controls can be defined by the authorized user in
accordance with consensus from the plurality of participants. These unique
combinations per level are stored in the set of configuration files. For example, in a
three level multi-security setting, unique security controls for lowest security at
Level 1 can be: Static ARP Entries, Anti ARP solution. For Level 2: as DNS
Spoofing Protection and HSTS Implementation, and Level 3: as Payload
Encryption and File Encryption. Thus, multiple levels of security, not limited to three levels, can be configured.
[024] Upon receiving the selected current security level from the authorized user, at step 206 of the method 200, the one or more hardware processors (104) are configured to apply a set of security controls to each of the one or more nodes in accordance with the current security level selected. The set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level. As security level for a node shifts to a higher level, security controls with all lower levels are automatically included by the system 100. For example, if the current security level for a node is selected as Level 3, then the set of security controls associated with the node have the security features

defined for Level3 though Level 1, which include Payload Encryption and File Encryption, HSTS Implementation, DNS Spoofing Protection.
[025] Once each of the nodes is set with the current security level, at step 208 of the method 200, the one or more hardware processors 104 are configured to initiate at least one security action among the plurality of security actions on each of the one or more nodes. The plurality of security actions comprise:
a) performing the security analysis of each of the one or more nodes to
determine and address one or more security gaps associated with a network
domain related security level and a use case related security level at each
of the one or more nodes.
b) performing the security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network;
c) performing the multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using existing key set or generating a fresh key set; and
d) performing the identity and access control management to:
1. Verify, validate a node entry into the blockchain network in accordance
with role of entry participant defined in an invitation link; and
2. Dynamically modify the role of the entry participant and the plurality of
participants based on a request from the authorized user, wherein the role
change of any participant is in consensus with all the participants of the
blockchain network.
For example, in an enterprise blockchain network, a participant (new node entry) joins the blockchain network through an invitation link. The system 100 verifies and validates the information. After validation the information enters into a user look up table stored in the database 108 and finally the participant is provided the access to view or perform any action on the blockchain network based on the role mentioned in the invitation link. In situation, a need may arise where based on the consensus a participant role needs to be elevated

post joining say from read only participant to developer enabling access to deploy the changes in the blockchain network. Thus, the method 200 enables the authorized user to apply the role change through the single platform for a particular participant associated with the new node or any existing node through the identity and access control management option. The corresponding files among the set of configuration files are then updated in accordance with the role changes.
[026] A process 300 of FIG. 3 depicts steps of the security analysis of each of the one or more nodes to determine and address one or more security gaps associated with the network domain related security level. At step 302, the one or more hardware processors (104) are configured to determine whether the current security level of each of the one or more nodes is at a lower security level in comparison to a network security level of the network domain of the blockchain network, wherein the network security level is defined by the unique security controls identified for the network domain. At step 304, the one or more hardware processors (104) are configured to compare the unique security controls associated with the current security level of each of the one or more nodes and the unique security controls associated with the network security level to identify the one or more security gaps. The identified one or more security gaps refer to one or more unique security controls present in the network security level and absent in the current security level of each of the one or more nodes. At step 306, the one or more hardware processors (104) are configured to recommend a set of corrective measures to the authorized user to address the identified one or more security gaps at each of the one or more nodes. The corrective measures correspond to updating the current security level of the node to the network security level by adding the one or more unique security controls present in the network security level and absent in the current security level. For example, if the current security level of the node is less than the desired network security level of a network domain identifier, then recommendation is provided to increase the security level of the node. For example, say the current security level of the node is at Level =2, but the network security level with the network domain identifier value contains file encryption

which is at level 3 security, then it the system 100 recommends to increase the node security level to Level 3. After the authorized user accepts the recommendation for the deployment then the current security level of the node is updated with the recent elevation, in the example herein to Level =3. At step 308, the one or more hardware processors (104) are configured to perform a security update process at each of the one or more nodes in accordance with the set of corrective measures if the authorized user accepts the set of corrective measures. At step 310, the one or more hardware processors (104) are configured to update the set of configuration files corresponding to each of the one or more nodes in accordance with the security update process performed for each of the one or more nodes.
[027] The authorized user is provided the option to accept or ignore the set of corrective measures. The identified one or more security gaps and the set of corrective measures recommended are stored in the database 108 for future reference and analysis to revise the recommendations generated by the system 100. Future reference herein refers to auditing, wherein the stored corrective measures can be used to enhance the security patches by getting previous and last updates.
[028] A process 400 of FIG. 4 depicts steps of the security analysis of each of the one or more nodes to determine and address one or more security gaps associated with the use case related security level at each of the one or more nodes. At step 402, the one or more hardware processors (104) are configured to determine, based on the unique security controls associated, whether the current security level of each of the one or more nodes is at a higher security level than a security level required for a current use case handled by each of the one or more nodes. The security level and associated unique security controls required for each of a plurality of use cases are defined in the set of the configuration files by consensus from the plurality of participants. At step 404, the one or more hardware processors (104) are configured to recommend the authorized user to elevate or reduce the current security level to a recommended security level from the plurality of security levels, for the current use case. At step 406, the one or

more hardware processors (104) are configured to elevate or reduce the current security level of each of the one or more nodes to the recommended security level for the current use case if the authorized user accepts the recommended security level. At step 408, the one or more hardware processors (104) are configured to update the set of configuration files corresponding to each of the one or more nodes in accordance with the recommended security level.
[029] In practical scenarios each Blockchain network does not require the same level of security. Higher the security level enabled, higher the compute needed to ensure the nodes and transaction are confirming to the security controls. If the use case does not need higher level of security, the level can be reduced to reduce computation and increase time efficiency of the blockchain processes. Similarly the security level can be elevated based on use case or business decision and enhance the security level required. Thus method enables dynamic analysis and changing the security levels of the node to one that is best suited for the use case and align with the network security level
[030] A process 500 of FIG. 5 depicts steps of the security policy setting for each of the one or more nodes in accordance with the security policy to access the file system in the blockchain network. At step 502, the one or more hardware processors (104) are configured to display, to the authorized user, a plurality of security policies for accessing the file system in the blockchain network. A security policy among the plurality of security policies is selected by the authorized user for each of the one or more nodes. The selected security policy is in accordance with consensus from the plurality of participants corresponding to each of the one or more nodes. For example, the plurality of security policies comprise client read/write, client read only, cross core, cross core block signing and the like. At step 504, the one or more hardware processors (104) are configured to deploy the security policy setting at each of the one or more nodes for accessing the file system based on the selected security policy, role of the plurality of participants corresponding to each of the one or more nodes and a policy template among a set of policy templates. The policy template defines a set of one or more predefined rules for automatically applying a security policy to the specific type of file. The

policy templates are generated in accordance with consensus from the plurality of participants of each of the one or more nodes. At step 504, the one or more hardware processors (104) are configured to store a plurality of changes introduced as a result of deploying the selected security policy setting to each of the one or more nodes for future reference in the corresponding configuration files of each of the one or more nodes.
[031] From the various security policies such as the client read/write, the client read only, the cross core and the like, which can be applied at the participant level and the node level, based on the consensus from the participants, the authorized user can select any of the policies to be applied on the node or participant. For example, if the selected security policy for the node is the client read only then the security policy allows the participant corresponding to the node to only read content and restricts any write to that file system in the blockchain network. In another scenario,
[032] Further, the policy templates also drive the security policies, which is configurable in this system 100. For example, the policy template can define a policy stating any code file which has been approved by all participant stored in a specific location is enabled as the client read only. So every participant will able to view the file and unable to override that file. This specific change, for example, ‘the approved code file location is read only’, is stored in the database 108.
[033] A process 600 of FIG. 6A and 6B depicts steps of performing the multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes of interest. At step 602, the one or more hardware processors (104) are configured to receive a request for the multi-key security upgrade from the authorized user. The authorized user herein for the multi-key security upgrade is a participant among the plurality of participants interested in securing the file type or the transaction type with the multi-key security upgrade. At step 604 the one or more hardware processors (104) are configured to identify the file type or the transaction type to be encrypted using the multi-key upgrade. The file type or the transaction type is provided by the authorized user. At step 606, the one or more hardware processors (104) are configured to request the

authorized user to select a key type from a plurality of key types displayed, to be utilized for encrypting the file type or the transaction type. The plurality of key types comprises an existing key set or a fresh key set. At step 608, the one or more hardware processors (104) are configured to request the authorized user to select an encryption technique among a plurality of encryption techniques displayed, if the selected key type for the multi-party key upgrade is the fresh key set. The encryption technique can be any user defined/selected technique such as Rivest– Shamir–Adleman (RSA) and Secure Hash Algorithms (SHA) or the like. At step 610, the one or more hardware processors (104) are configured to request the authorized user to provide a pass phrase comprising unique combination of characters lying within a predefined range of characters, if the selected key type is the fresh key set. The pass phrase is a secret phrase chosen by the creator (participant initiating the transaction) which will be part of the key. The pass phrase can be of 8 to 32 characters of length which includes at least two words and is dictionary words only. At step 612, the one or more hardware processors (104) are configured to generate the fresh key set using the selected encryption technique and the pass phrase. At step 614, the one or more hardware processors (104) are configured to request the authorized user to identify a set of participants, from the plurality of participants, for the multi-key upgrade for the file type or the transaction type. At step 614, the one or more hardware processors (104) are configured to communicate, based on the selected key type, one of the existing key set or the generated fresh key set to each of the one or more nodes corresponding to the identified set of participants. The communicated existing key set or the fresh key set is required by the identified set of participants for successfully carrying out one or more transactions from the transaction type or accessing one or more files from the file type. Further, at step 618, the one or more hardware processors (104) are configured to update the existing key set with the generated fresh key set for use during future multi-key upgrade requests.
[034] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other

modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[035] It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g. any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g. hardware means like e.g. an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software processing components located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g. using a plurality of CPUs.
[036] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various components described herein may be implemented in other components or combinations of other components. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[037] The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed.

These examples are presented herein for purposes of illustration, and not
limitation. Further, the boundaries of the functional building blocks have been
arbitrarily defined herein for the convenience of the description. Alternative
boundaries can be defined so long as the specified functions and relationships
thereof are appropriately performed. Alternatives (including equivalents,
extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[038] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
[039] It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.

We Claim:
1. A processor implemented method for security management in a blockchain network, the method comprising:
generating and displaying, via one or more hardware processors, an interactive view of a plurality of nodes in the blockchain network on a Graphical User Interface (GUI), wherein each node among the plurality of nodes is displayed with a name, an Internet Protocol (IP) address, an owner associated with each node and a role of a plurality of participants associated with each node, and wherein one or more nodes selected among the plurality of nodes are received from an authorized user through the GUI for initiating a plurality of actions for the security management of the one or more nodes (202);
providing, via the one or more hardware processors, a multilevel node security setting to the authorized user to receive a current security level selected by the authorized user from the multilevel node security setting for each of the one or more nodes, wherein each security level among the multilevel node security settings is associated with unique security controls, and wherein the unique security controls are defined in a set of configuration files of the blockchain network and are configurable (204);
applying, via the one or more hardware processors, a set of security controls to each of the one or more nodes in accordance with the current security level selected, wherein the set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level (206); and
initiating, via the one or more hardware processors, at least one security action among a plurality of security actions on each of the one or more nodes (208), wherein the plurality of security actions comprise:
performing a security analysis of each of the one or more
nodes to determine and address one or more security gaps

associated with a network domain related security level and a use case related security level at each of the one or more nodes;
performing a security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network;
performing a multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using an existing key set and generating a fresh key set keys; and
performing an identity and access control management to: verify, validate a node entry into the blockchain network in accordance with the role of an entry participant defined in an invitation link; and dynamically modify the role of the entry participant and the plurality of participants based on a request from the authorized user.
2. The method as claimed in claim 1, wherein performing the security analysis of each of the one or more nodes to determine and address the one or more security gaps associated with the network domain related security level comprises:
determining whether the current security level of each of the one or more nodes is at a lower security level in comparison to a network security level of the network domain of the blockchain network, wherein the network security level is defined by the unique security controls identified for the network domain (302);
comparing the unique security controls associated with the current security level of each of the one or more nodes and the unique security controls associated with the network security level to identify the one or more security gaps, wherein the identified one or more security gaps refer to one or more unique security controls present in the network security

level and absent in the current security level of each of the one or more nodes (304);
recommending a set of corrective measures to the authorized user to address the identified one or more security gaps at each of the one or more nodes, wherein the corrective measures correspond to updating the current security level of the node to the network security level by adding the one or more unique security controls present in the network security level and absent in the current security level , and wherein the authorized user is provided the option to accept or ignore the set of corrective measures (306); and
performing a security update process at each of the one or more nodes in accordance with the set of corrective measures if the authorized user accepts the set of corrective measures (308); and
updating the set of configuration files corresponding to each of the one or more nodes in accordance with the security update process performed for each of the one or more nodes (310).
3. The method as claimed in 1, wherein performing the security analysis of each of the one or more nodes to determine and address the one or more security gaps associated with the use case related security level comprises:
determining based on the unique security controls associated, whether the current security level of each of the one or more nodes is at a higher security level or a lower security level than a security level required for a current use case handled by each of the one or more nodes, wherein the security level and associated unique security controls required for each of a plurality of use cases are defined in the set of the configuration files based on consensus collected from the plurality of participants (402);
recommending the authorized user to elevate or reduce the current security level to a recommended security level from the plurality of security levels for the current use case (404);

elevating or reducing the current security level of each of the one or more nodes to the recommended security level for the current use case if the authorized user accepts the recommended security level (406); and
updating the set of configuration files corresponding to each of the one or more nodes in accordance with the recommended security level (408).
4. The method as claimed in claim 1, wherein performing the security policy setting for each of the one or more nodes comprises:
displaying, to the authorized user, a plurality of security policies for accessing the file system in the blockchain network, wherein a security policy among the plurality of security policies is selected by the authorized user for each of the one or more nodes, and wherein the selected security policy is in accordance with consensus from the plurality of participants corresponding to each of the one or more nodes (502);
deploying the security policy setting at each of the one or more nodes for accessing the file system based on the selected security policy, the role of the plurality of participants corresponding to each of the one or more nodes and a policy template among a set of policy templates, wherein the policy template defines a set of one or more predefined rules for automatically applying a security policy to the specific type of file, wherein the policy templates are generated in accordance with consensus from the plurality of participants of each of the one or more nodes (504); and
storing a plurality of changes introduced as a result of deploying the selected security policy setting to each of the one or more nodes for future reference in the corresponding configuration files of each of the one or more nodes (506).

5. The method as claimed in claim 1, wherein performing the multi-key security upgrade for the file type or the transaction type handled at each of the one or more nodes comprises:
receiving a request for the multi-key security upgrade from the authorized user, wherein the authorized user for the multi-key security upgrade is a participant among the plurality of participants interested in securing the file type or the transaction type with the multi-key security upgrade (602);
identifying the file type or the transaction type to be encrypted using the multi-key upgrade, wherein the file type or the transaction type is provided by the authorized user (604);
requesting the authorized user to select a key type from a plurality of key types displayed to be utilized for encrypting the file type or the transaction type, wherein the plurality of key types comprises the existing key set or the fresh key set (606);
requesting the authorized user to select an encryption technique among a plurality of encryption techniques displayed, if the selected key type for the multi-party key upgrade is the fresh key set (608);
requesting the authorized user to provide a pass phrase comprising unique combination of characters lying within a predefined range of characters, if the selected key type is the fresh key set(610);
generating the fresh key set using the selected encryption technique and the pass phrase (612);
requesting the authorized user to identify a set of participants for the multi-key upgrade for the file type or the transaction type from the plurality of participants (614);
communicating, based on the selected key type, one of the existing key set or the generated fresh key set to each of the one or more nodes corresponding to the identified set of participants, wherein the communicated existing key set or the generated key set is required by the identified set of participants for successfully carrying out one or more

transactions from the transaction type or accessing one or more files from the file type (616); and
updating the existing key set with the generated fresh key set for use during future multi-key upgrade requests (618).
6. The method as claimed in claim 1, wherein the plurality of security policies comprise client read/write, client read only, cross core, and cross core block signing.
7. The method as claimed in claim 1, wherein the identified one or more security gaps and the set of corrective measures recommended are stored in a database for future reference and analysis.
8. The method as claimed in claim 1, wherein the authorized user is a participant among the plurality of participants associated with the plurality of nodes of the blockchain network determined in accordance with consensus of participants of the plurality of nodes.
9. A system (100) for security management in a blockchain network, the system (100) comprising:
a memory (102) storing instructions;
one or more Input/Output (I/O) interfaces (106); and
one or more hardware processors (104) coupled to the memory (102) via
the one or more I/O interfaces (106), wherein the one or more hardware
processors (104) are configured by the instructions to:
generate and display an interactive view of a plurality of nodes in the blockchain network on a Graphical User Interface (GUI), wherein each node among the plurality of nodes is displayed with a name, an Internet Protocol (IP) address, an owner associated with each node and a role of a

plurality of participants associated with each node, and wherein one or more nodes selected among the plurality of nodes are received from an authorized user through the GUI for initiating a plurality of actions for the security management of the one or more nodes;
provide a multilevel node security setting to the authorized user to receive a current security level selected by the authorized user from the multilevel node security setting for each of the one or more nodes, wherein each security level among the multilevel node security settings is associated with unique security controls, and wherein the unique security controls are defined in a set of configuration files of the blockchain network and are configurable;
apply a set of security controls to each of the one or more nodes in accordance with the current security level selected, wherein the set of security controls comprise the unique security controls associated with the current security level and the unique security controls associated with security levels lower than the current security level; and
initiate at least one security action among a plurality of security actions on each of the one or more nodes, wherein the plurality of security actions comprise:
performing a security analysis of each of the one or more nodes to determine and address one or more security gaps associated with a network domain related security level and a use case related security level at each of the one or more nodes;
performing a security policy setting for each of the one or more nodes in accordance with a security policy to access a file system in the blockchain network;
performing a multi-key security upgrade for a file type or a transaction type handled at each of the one or more nodes by encrypting the file type or the transaction type by one of using an existing key set and generating a fresh key set keys; and
performing an identity and access control management to:

verify, validate a node entry into the blockchain network in accordance with the role of an entry participant defined in an invitation link; and
dynamically modify the role of the entry participant and the plurality of participants based on a request from the authorized user.
10. The system (100) as claimed in claim 9, wherein the one or more hardware processors (104) are configured to perform the security analysis of each of the one or more nodes to determine and address the one or more security gaps associated with the network domain related security level by:
determining whether the current security level of each of the one or more nodes is at a lower security level in comparison to a network security level of the network domain of the blockchain network, wherein the network security level is defined by the unique security controls identified for the network domain;
comparing the unique security controls associated with the current security level of each of the one or more nodes and the unique security controls associated with the network security level to identify the one or more security gaps, wherein the identified one or more security gaps refer to one or more unique security controls present in the network security level and absent in the current security level of each of the one or more nodes;
recommending a set of corrective measures to the authorized user to address the identified one or more security gaps at each of the one or more nodes, wherein the corrective measures correspond to updating the current security level of the node to the network security level by adding the one or more unique security controls present in the network security level and absent in the current security level , and wherein the authorized

user is provided the option to accept or ignore the set of corrective measures;
performing a security update process at each of the one or more nodes in accordance with the set of corrective measures if the authorized user accepts the set of corrective measures; and
updating the set of configuration files corresponding to each of the one or more nodes in accordance with the security update process performed for each of the one or more nodes.
11. The system (100) as claimed in claim 9, wherein the one or more hardware processors (104) are configured to perform the security analysis of each of the one or more nodes to determine and address the one or more security gaps associated with the use case related security level by:
determining based on the unique security controls associated, whether the current security level of each of the one or more nodes is at a higher security level or a lower security level than a security level required for a current use case handled by each of the one or more nodes, wherein the security level and associated unique security controls required for each of a plurality of use cases are defined in the set of the configuration files based on consensus collected from the plurality of participants;
recommending the authorized user to elevate or reduce the current security level to a recommended security level from the plurality of security levels for the current use case;
elevating or reducing the current security level of each of the one or more nodes to the recommended security level for the current use case if the authorized user accepts the recommended security level; and
updating the set of configuration files corresponding to each of the one or more nodes in accordance with the recommended security level (408).

12. The system (100) as claimed in claim 9, wherein the one or more hardware
processors (104) are configured to perform the security policy setting for
each of the one or more nodes by:
displaying, to the authorized user, a plurality of security policies for accessing the file system in the blockchain network, wherein a security policy among the plurality of security policies is selected by the authorized user for each of the one or more nodes, and wherein the selected security policy is in accordance with consensus from the plurality of participants corresponding to each of the one or more nodes;
deploying the security policy setting at each of the one or more nodes for accessing the file system based on the selected security policy, the role of the plurality of participants corresponding to each of the one or more nodes and a policy template among a set of policy templates, wherein the policy template defines a set of one or more predefined rules for automatically applying a security policy to the specific type of file, wherein the policy templates are generated in accordance with consensus from the plurality of participants of each of the one or more nodes; and
storing a plurality of changes introduced as a result of deploying the selected security policy setting to each of the one or more nodes for future reference in the corresponding configuration files of each of the one or more nodes.
13. The system (100) as claimed in claim 9, wherein the one or more hardware
processors (104) are configured to perform the multi-key security upgrade
for the file type or the transaction type handled at each of the one or more
nodes by:
receiving a request for the multi-key security upgrade from the authorized user, wherein the authorized user for the multi-key security upgrade is a participant among the plurality of participants interested in

securing the file type or the transaction type with the multi-key security upgrade;
identifying the file type or the transaction type to be encrypted using the multi-key upgrade, wherein the file type or the transaction type is provided by the authorized user;
requesting the authorized user to select a key type from a plurality of key types displayed to be utilized for encrypting the file type or the transaction type, wherein the plurality of key types comprises the existing key set or the fresh key set;
requesting the authorized user to select an encryption technique among a plurality of encryption techniques displayed, if the selected key type for the multi-party key upgrade is the fresh key set;
requesting the authorized user to provide a pass phrase comprising unique combination of characters lying within a predefined range of characters, if the selected key type is the fresh key set;
generating the fresh key set using the selected encryption technique and the pass phrase;
requesting the authorized user to identify a set of participants for the multi-key upgrade for the file type or the transaction type from the plurality of participants;
communicating, based on the selected key type, one of the existing key set or the generated fresh key set to each of the one or more nodes corresponding to the identified set of participants, wherein the communicated existing key set or the generated key set is required by the identified set of participants for successfully carrying out one or more transactions from the transaction type or accessing one or more files from the file type; and
updating the existing key set with the generated fresh key set for use during future multi-key upgrade requests.

14. The system (100) as claimed in claim 9, wherein the plurality of security policies comprise client read/write, client read only, cross core, and cross core block signing.
15. The system (100) as claimed in claim 9, wherein the identified one or more security gaps and the set of corrective measures recommended are stored in a database for future reference and analysis.
16. The system (100) as claimed in claim 9, wherein the authorized user is a participant among the plurality of participants associated with the plurality of nodes of the blockchain network determined in accordance with consensus of participants of the plurality of nodes.