CN109933987A - For the key generation method of block chain network, endorsement method, storage medium, calculate equipment - Google Patents
For the key generation method of block chain network, endorsement method, storage medium, calculate equipment Download PDFInfo
- Publication number
- CN109933987A CN109933987A CN201811454401.9A CN201811454401A CN109933987A CN 109933987 A CN109933987 A CN 109933987A CN 201811454401 A CN201811454401 A CN 201811454401A CN 109933987 A CN109933987 A CN 109933987A
- Authority
- CN
- China
- Prior art keywords
- key
- block chain
- management program
- chain node
- key management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
It is a kind of for the key generation method of block chain network, endorsement method, storage medium, calculate equipment, the key generation method includes: the first key that A. locally generates block chain link point in block chain management client, and the calculating environment of the block chain management client includes trusted computation environment;B. in the trusted computation environment; it is encrypted using first key described in the second key pair; to generate third key; wherein; second key is pre-stored in shielded memory associated with the block chain management client, and is only capable of being run the key management program reading in trusted computation environment;C. the third key is sent to BaaS platform associated with the block chain management client;D. the key management program is sent to the BaaS platform.The scheme provided through the invention can be improved the safety coefficient of the key of block chain node, reduces key and is stolen risk, it is ensured that is stored in the safety of the data on block chain account book.
Description
Technical field
The present invention relates to block chain technical field, more particularly to a kind of key generation method for block chain network,
Endorsement method, calculates equipment at storage medium.
Background technique
Block chain be with distributed data base identification, propagate and information-recording intelligent peer-to-peer network, be also referred to as worth
Internet.Block chain technology includes guaranteeing transmission and access safety etc. using cryptography with block structure storing data, can be real
Existing data consistency storage, tamper-resistant, the technical system for going to center.
According to existing block catenary system, block chain is safeguarded jointly by the block chain node of all participation, each participation
The block chain node of maintenance can obtain the complete copy of a block chain data (may be simply referred to as data) and independently be tested
Card.Specifically, each block chain node is owned by a node key (may be simply referred to as key), when a transaction is in an area
When executing on block chain node, which can sign to the transaction, and the key used of signing is the block chain link
The key of point.Block chain node ensures transaction in the reliability for executing link the signature of transaction.
Summary of the invention
It is situated between the embodiment provides a kind of for the key generation method of block chain network, endorsement method, storage
Matter calculates equipment.
The first aspect of the embodiment of the present invention provides a kind of key generation method for block chain network, comprising: A. exists
Block chain management client locally generates the first key of block chain link point, the calculating environment packet of the block chain management client
Include trusted computation environment;B. it in the trusted computation environment, is encrypted using first key described in the second key pair,
To generate third key, wherein second key is pre-stored in associated shielded with the block chain management client
In memory, and it is only capable of being run the key management program reading in trusted computation environment;C. by the third key be sent to
The associated BaaS platform of block chain management client;D. the key management program is sent to the BaaS platform.
Scheme described in the present embodiment is by the key encapsulation of block chain node in the key data file of safety, it can be ensured that
The safety of key itself improves the safety coefficient of the key of block chain node, reduces key and is stolen risk.Specifically, block
Chain management client only sends third key to BaaS platform, and the key (alternatively referred to as first key) of the block chain node is originally
Body will not transmit between block chain management client, BaaS platform and block chain node, to protect block to the maximum extent
The key of chain node.Further, the second key pair block chain is used in the trusted computation environment of block chain management client
The first key of node is encrypted, since the second key is only capable of being run the key management program in trusted computation environment
It reads, so that ensuring that the external world can not directly obtain first key, to reduce the risk that block chain node is falsely used.The external world
It can be the third party outside Except block chain management client and the block chain node.
The embodiment of the present invention also provides a kind of calculating equipment, including processor and memory, is stored on the memory
The computer instruction that can be run on the processor, the processor execute following step when running the computer instruction
Rapid: A. locally generates the first key of block chain link point, the meter of the block chain management client in block chain management client
Calculating environment includes trusted computation environment;B. it in the trusted computation environment, is carried out using first key described in the second key pair
Encryption, to generate third key, wherein second key is pre-stored in associated with the block chain management client
In shielded memory, and it is only capable of being run the key management program reading in trusted computation environment;C. by the third key
It is sent to BaaS platform associated with the block chain management client;D. the key management program is sent to described
BaaS platform.
The embodiment of the present invention also provides a kind of endorsement method for block chain network, comprising: A. obtains number to be signed
According to;B. third key is obtained from BaaS platform, the third key is in the trusted computation environment of block chain management client
It is obtained using the first key encryption of the second key pair block chain node, second key is pre-stored in and the block
In the associated shielded memory of chain node, and it is only capable of being run the key management program reading in trusted computation environment, institute
It states key management program and is obtained from the BaaS platform;C. place is decrypted using third key described in second key pair
Reason, to obtain the first key, wherein the calculating environment of the block chain node includes trusted computation environment, the decryption
The operation of processing is carried out in the trusted computation environment of the block chain node;D. in the credible meter of the block chain node
It calculates in environment, is signed using the first key to the data to be signed.
The arithmetic logic for using key to sign is operated in the credible meter of block chain node by scheme described in the present embodiment
It calculates in environment, it can be ensured that the safety in signature calculating process, while ensuring to be stored in the safety of the data on block chain.
Specifically, the operation signed to data to be signed is to carry out in the trusted computation environment of block chain node, and use
In the key for the block chain node signed to data to be signed be it is processed in advance, be only capable of in trusted computation environment
It is middle to be used, the risk that the key of block chain node is stolen is reduced, so that other people can not forge block chain node treatment region
Data on block chain, to achieve the effect that improve Information Security.Wherein, the first key as the key of block chain node
It is only capable of being used in the trusted computation environment of block chain management client and the trusted computation environment of block chain node.
The embodiment of the present invention also provides a kind of calculating equipment, including processor and memory, is stored on the memory
The computer instruction that can be run on the processor, the processor execute following step when running the computer instruction
Rapid: A. obtains data to be signed;B. third key is obtained from BaaS platform, the third key is in block chain managing customer
It is obtained in the trusted computation environment at end using the first key encryption of the second key pair block chain node, described second is close
Key is pre-stored in shielded memory associated with the block chain node, and is only capable of being run in the close of trusted computation environment
Key management program is read, and the key management program is obtained from the BaaS platform;C. using described in second key pair the
Three keys are decrypted, to obtain the first key, wherein the calculating environment of the block chain node includes credible meter
Environment is calculated, the operation of the decryption processing is carried out in the trusted computation environment of the block chain node;D. in the area
In the trusted computation environment of block chain node, signed using the first key to the data to be signed.
The embodiment of the present invention also provides a kind of storage medium, is stored thereon with computer instruction, the computer instruction fortune
The step of above method is executed when row.
Detailed description of the invention
Fig. 1 is a kind of flow chart of key generation method for block chain network of the embodiment of the present invention;
Fig. 2 is the flow chart of a specific embodiment of step B in Fig. 1;
Fig. 3 is the schematic diagram of a typical application scenarios of the embodiment of the present invention;
Fig. 4 is the schematic diagram of another typical application scenarios of the embodiment of the present invention;
Fig. 5 is a kind of flow chart of endorsement method for block chain network of the embodiment of the present invention;
Fig. 6 is the flow chart of a specific embodiment of step C in Fig. 5;
Fig. 7 is the schematic diagram of another typical application scenarios of the embodiment of the present invention.
Specific embodiment
Present inventor the analysis found that, in existing block catenary system, lack to the key of block chain node
Effective protection seriously affects the safety of data in block chain network.
Specifically, the key of existing block chain node is stored in clear in the disk of block chain node, in block
When chain node serve starts, key is loaded to memory from disk, when then trading every time, is signed using key pair transaction.
The key of existing block chain node is stored in clear on block chain node, and the protection of key is relied primarily on
In the user right mechanism of operating system.But if the permission of the root user (root) of the block chain node is stolen or lets out
Leakage, then criminal can easily get the key of the block chain node.
Once the key of block chain node is obtained by other people, also mean that other people can pretend to be normal block chain node
Transaction is executed, and the transaction data of mistake is entered in block chain.
The first aspect of the embodiment of the present invention provides a kind of key generation method for block chain network, comprising: A. exists
Block chain management client locally generates the first key of block chain link point, the calculating environment packet of the block chain management client
Include trusted computation environment;B. it in the trusted computation environment, is encrypted using first key described in the second key pair,
To generate third key, wherein second key is pre-stored in associated shielded with the block chain management client
In memory, and it is only capable of being run the key management program reading in trusted computation environment;C. by the third key be sent to
The associated BaaS platform of block chain management client;D. the key management program is sent to the BaaS platform.
Scheme described in the present embodiment is by the key encapsulation of block chain node in the key data file of safety, it can be ensured that
The safety of key itself improves the safety coefficient of the key of block chain node, reduces key and is stolen risk.Specifically, block
Chain management client only sends third key to BaaS platform, and the key (alternatively referred to as first key) of the block chain node is originally
Body will not transmit between block chain management client, BaaS platform and block chain node, to protect block to the maximum extent
The key of chain node.Further, the second key pair block chain is used in the trusted computation environment of block chain management client
The first key of node is encrypted, since the second key is only capable of being run the key management program in trusted computation environment
It reads, so that this programme ensures that the external world can not directly obtain first key, to reduce the risk that block chain node is falsely used.Institute
State the extraneous third party that can be outside Except block chain management client and the block chain node.
It is understandable to enable above-mentioned purpose of the invention, feature and beneficial effect to become apparent, with reference to the accompanying drawing to this
The specific embodiment of invention is described in detail.
Below with reference to each exemplary embodiment of the attached drawing detailed description disclosure.Flow chart and block diagram in attached drawing are shown
The architecture, function and operation in the cards of method and system according to various embodiments of the present disclosure.It should be noted that
Each box in flowchart or block diagram can represent a part of a module, section or code, the module, program segment
Or a part of code may include it is one or more for realizing in each embodiment the logic function of defined it is executable
Instruction.It should also be noted that in some alternative implementations, function marked in the box can also be according to different from attached drawing
Middle marked sequence occurs.For example, two boxes succeedingly indicated can actually be basically executed in parallel or they
Sometimes it can also execute in a reverse order, this depends on related function.It should also be noted that flow chart and/
Or the combination of each box in block diagram and the box in flowchart and or block diagram, can be used execution as defined in function or
The dedicated hardware based system of operation realizes, or can be used specialized hardware and computer instruction combination come it is real
It is existing.It shall also be noted that the serial number of each step does not represent the restriction to the execution sequence of each step in flow chart.
Term as used herein "comprising", " comprising " and similar terms are understood to open term, i.e.,
" including/including but not limited to ", expression can also include other content.In this disclosure, term "based" is " at least portion
It is based on dividing ";Term " one embodiment " expression " at least one embodiment ";Term " another embodiment " expression " at least one
Other embodiment ".
Herein presented " block chain management client " refers to: to each block chain node in the block chain network
The equipment that is managed of key, such as terminal device used in tissue in the block chain network.The block chain pipe
Reason client can be used for generating, manage the key of at least part block chain node in block chain network.
In one embodiment, the block chain network may include multiple block chain nodes, the multiple block chain link
At least partly block chain node in point can be to be described organizing deployment, and the block chain management client can be used for giving birth to
At the key with the management at least partly block chain node.
Further, the block chain management client can be also used for carrying out signing etc. to key management program management behaviour
Make.Wherein, the key management program is only capable of operating in trusted computation environment.
Herein presented " the calculating environment of block chain management client " refers to: the block chain management client carries out
Processing and the environment calculated.Typically, the calculating environment of block chain management client may include based on central processing unit
The computing environment that (Central Processing Unit, abbreviation CPU) is realized.More specifically, the computing environment may include
Conventional environment and trusted computation environment, trusted computation environment are to calculate that specific software or application program is only allowed to transport in environment
Row, the part accessed, conventional environment are to calculate the part for allowing all software or application program operation, access in environment.Into
For one step, the trusted computation environment based on CPU is a kind of safety protecting mechanism of chip level, is referred to as credible execution
Environment (Trusted Execution Environment, abbreviation TEE).
For example, can use software protection extension (Software Guard Extensions, abbreviation SGX) technology building
The trusted computation environment, alternatively referred to as based on the trusted computation environment of SGX.Specifically, the trusted computation environment will be legal
The safety operation of software is encapsulated in a region (enclave), protects it from the attack of Malware, franchise or non-spy
The software of power can not all access the region.That is, when software and data are located in the region, even if operating system also can not shadow
Ring the code and data inside the region.The security boundary in the region only includes CPU and own.A CPU can in SGX
To run multiple safety zones, concurrently executes and also may be used.
Similar, herein presented " the calculating environment of block chain node " refers to: the block chain link point is handled
With the environment of calculating.Further, the calculating environment of the block chain node also may include the operation ring realized based on CPU
Border, the computing environment also may include conventional environment and trusted computation environment.
Herein presented " first key " refers to: when deployment block chain node, distributing to the close of the block chain node
Key, that is, the key of the block chain node.The first key can be used for signing to data, the number after being signed
According to may be added to newly-generated block.The data may include the related letter for the transaction that the block chain node executes
Breath.The first key can be corresponded with the block chain node, and be generated by the block chain management client.
In embodiments of the present invention, the first key of generation will not be directly in block chain management client, block chain
It is transmitted between node and BaaS platform, but life is encrypted to the first key by the block chain management client
After third key, network transmission is carried out, in the form of third key to improve the safety of key.
Herein presented " third key " refers to: the key generated after the first key is encrypted.Institute
Stating third key can store local in block chain node, such as can store in trusted computation environment and/or commonly calculate ring
Border, still, the third key are only capable of in trusted computation environment being used.In addition, the third key may be stored in
Block chain management client is local, to back up.As a result, the third key can directly in a network transimission and storage in area
Block chain node is local, can get compromised without worrying.
For example, the first key, which is encrypted, to be referred to: being carried out using first key described in the second key pair
Encryption.
Specifically, herein presented " trusted computation environment " may include the credible meter of the block chain management client
Calculate the trusted computation environment of environment and the block chain node.
For example, the first key is encrypted in the trusted computation environment of block chain management client, with
The third key is generated, the block chain node is sent to by BaaS platform, by the trusted computation environment of block chain node
After obtaining first key based on the third key recovery, signature behaviour is carried out to data to be signed using the first key
Make.
For example, the first key, which is encrypted, to be referred to: being carried out using first key described in the second key pair
Encryption.Correspondingly, block chain node is decrypted using third key described in second key pair, to obtain
First key is stated, and signature operation is carried out to the data to be signed using the first key.
Herein presented " the second key " refers to: being stored in shielded memory, is only capable of being run in credible meter
Calculate the key that the key management program of environment is read.Thus, it is possible to which the third key for ensuring to encrypt using the second key is only
It can be used in trusted computation environment.
Specifically, second key initially can be hardware-level, generated in trusted computation environment by CPU
Key is stored to the shielded memory, for future use after generating second key.Such as visitor is managed by block chain
The CPU at family end is generated in the trusted computation environment of block chain management client, or by block chain node CPU in block chain link
It is generated in the trusted computation environment of point.Since trusted computation environment only allows specific softward interview, calculate in environment except credible
Second key can not be obtained by calculating the part other than environment, even if other people, which obtain, is stored in block chain node local or area
The third key of block chain management client local, also can not directly decrypt the key data, and it is close also can not just to obtain described first
Key.
Herein presented " shielded memory " refers to: only allowing to run on the routine access in trusted computation environment
Calculator memory.In embodiments of the present invention, the shielded memory may include: and the block chain management client phase
Associated shielded memory, and shielded memory associated with the block chain node.
In embodiments of the present invention, shielded memory associated with the block chain node can be the block chain
Node locally specially marks off the region of memory come, is also possible to the External memory equipment independently of the block chain node, institute
It states External memory equipment to communicate with the block chain node, and only allows to transport in the trusted computation environment of the block chain node
Capable routine access.
Similar, shielded memory associated with the block chain management client can be the block chain management
Client locally specially marks off the region of memory come, is also possible to the external storage independently of the block chain management client
Equipment, the External memory equipment are communicated with the block chain management client, and only allow the block chain managing customer
The routine access run in the trusted computation environment at end.
When the shielded interior External memory equipment saved as independently of block chain node and block chain management client
When, the External memory equipment can be associated with the block chain node and block chain management client, and allows to run on
Key management program in the trusted computation environment of block chain management client, and run on the trust computing of block chain node
Key management program access in environment.
In one embodiment, the key pipe for being run in the trusted computation environment of the block chain management client
Program, and the key management program run in the trusted computation environment of the block chain node are managed, if the two key pipes
Reason program is signed by same tissue, then the CPU of the CPU of block chain management client and block chain node can be used identical
Key create-rule generate second key respectively, and be stored respectively in respective associated shielded memory, with true
The third key successful decryption that block chain node can provide the block chain management client is protected, to obtain described first
Key.
In a change case, the block chain management client, can also will be described after generating second key
Second key is sent to the BaaS platform in an encrypted form, and the block chain node obtains described the from the BaaS platform
Two keys are simultaneously stored in shielded memory.
Further, second key is closed with the tissue in the key management program and the block chain network
Connection.Specifically, the mark (identification, abbreviation ID) of second key and the key management program, and
The certificate of the tissue is associated with.The certificate of mark and the tissue to the key management program and second key
It is operation associated to can be in hardware-level realization.
The generated as a result, by the key management program for running on the trusted computation environment of the block chain management client
Three keys can be decrypted and be used by the key management program for running on the trusted computation environment of the block chain node, thus
Ensure block chain node under the premise of not receiving first key from the external world, remain to based on the third key safely, it is quasi-
Really restore the first key.
In one embodiment, running on key management program in the trusted computation environment of the block chain node can be with
It is signed in advance using the key of the tissue by the block chain management client, and is sent to BaaS platform, the area
Block chain node is downloaded the key management program and is loaded onto its trusted computation environment and runs from the BaaS platform.
Herein presented " key management program " refers to: the first key being encrypted, and in transaction
The application program signed when chain to data.The key management program is only capable of operating in trusted computation environment.Wherein, on
It will include that the block of transaction data is added to block chain account book that chain, which refers to,.
For example, the key management program may operate in the trust computing of the block chain management client place CPU
In environment, to generate the third key.In another example the key management program can also operate in the block chain node
In trusted computation environment based on CPU, to sign to the transaction results on block chain node.
In one embodiment, described key management program itself can be signed by the tissue in the block chain network,
To protect the key management program itself not to be tampered.Further, it can be carried in the key management program described
The certificate of tissue.For example, the behaviour to sign to the key management program can be executed by the block chain management client
Make.
Further, the key management program after signature can be sent to BaaS and put down by the block chain management client
Platform, so as to the BaaS platform when disposing the block chain node by after the signature key management program and the third
Key is sent to the block chain node together.
In another embodiment, described key management program itself can be stored in the block chain link not as file
Point, and be stored in block chain and service (Blockchain as a Service, abbreviation BaaS) platform, the BaaS platform
The service providing platform that can be a block chain is mainly responsible for block chain underlying platform and the application service based on block chain
Deployment, management and O&M.It, can be from described when the block chain node is when being disposed, restarting or being triggered by call instruction
BaaS platform calls the key management program.After calling the key management program, block chain node can be by key pipe
Reason program is stored in local, until calling the key from BaaS platform again restart or receive call instruction next time after
Management program.The call instruction for example can be to be issued by BaaS platform.
Wherein, the BaaS platform can be communicated with each block chain node in the block chain network, with management
With block chain network described in O&M;The BaaS platform can also be communicated with the block chain management client, to dispose
It indicates that the block chain management client generates the third key when block chain node, block chain management client is generated
Third key is sent to the block chain node, and sends in block chain node request and manage visitor by the block chain
The key management program of family end signature.
Herein presented " request voucher " refers to: for proving the verifying letter of the identity legitimacy of the block chain node
Breath.For example, the request voucher can be sent to the label (token) of block chain node, block chain link in advance for BaaS platform
After point is activated, described in request when key management program, the block chain node can send institute to the BaaS platform
Token is stated, after the BaaS platform validation passes through, Xiang Suoshu block chain node sends the key management program.Thus, it is possible to
In the case where the key of block chain node is sealed by the trusted computation environment of itself, a kind of Authentication mechanism is provided, so as to
Block chain node described in BaaS platform management.
Herein presented " data " refer to: at least one affairs that block chain node generates or is related in process of exchange
In Transaction Information.Wherein, the Transaction Information refers to that affairs (transaction) carries out the various data generated in the process.
Further, Transaction Information may include affairs carry out during generate various intermediate data and affairs carry out after the completion of
Obtained various result datas.
Herein presented " business " includes the system in order to reach specific purpose or realize specific function and carry out
The set of column (i.e. one or more, usually multiple) affairs.For example, tracing back to reach the commodity that commodity are traced to the source purpose and carried out
Source business may include a series of affairs such as source area delivery affairs, carrier transport affairs.
It should be appreciated that provide these exemplary embodiments merely to make those skilled in the art can better understand that into
And realize embodiment of the disclosure, and do not in any way limit the scope of the invention.
The block chain technical solution of the embodiment of the present invention can be applied in different fields, in the present embodiment, for
It answers chain financial business and commodity to trace to the source for business to be illustrated.
In an application scenarios of supply chain financial business, the block chain node can be in supply chain financial business
The node that any participant maintains, the data may include being authorized to the thing of the business association of inquiry in supply chain financial business
Business data, for example, upstream and downstream block chain node additional various files in process of exchange in supply chain financial business, such as order
Single, contract etc..
In the application scenarios that commodity trace to the source business, the block chain node is that commodity are traced to the source any participation in business
The node just maintained, the data may include the Transaction Information for generating and being related in a series of links such as Commodity Transportation, delivery,
For example, a series of Transaction Information of affairs such as source area delivery affairs, carrier transport affairs.
Fig. 1 is a kind of flow chart of key generation method for block chain network of the embodiment of the present invention.
Wherein, the block chain network can be made of multiple block chain nodes communicated.With wherein a certain block chain
For node, the block chain node is communicated by BaaS Platform deployment, the BaaS platform with block chain management client, institute
Block chain management client is stated for generating and managing the key of the block chain node.The scheme of the present embodiment can be by described
Block chain management client executes.
Specifically, in the present embodiment, the key generation method for block chain network may include:
At 101, step A is executed, the first key of block chain link point is locally generated in block chain management client, it is described
The calculating environment of block chain management client includes trusted computation environment;
At 102, step B is executed, in the trusted computation environment, is carried out using first key described in the second key pair
Encryption, to generate third key, wherein second key is pre-stored in associated with the block chain management client
In shielded memory, and it is only capable of being run the key management program reading in trusted computation environment;
At 103, step C is executed, the third key is sent to associated with the block chain management client
BaaS platform;
At 104, step D is executed, the key management program is sent to the BaaS platform.
Wherein, the step C and step D, which can be, either synchronously or asynchronously executes, and when asynchronous execution, the two executes sequence
It can be interchanged.
More specifically, the first key and the third key generated after step B processing can store
In the file system of block chain management client local, the difference of the two is, the first key is with plaintext side
Formula storage, and the third key be then encrypted it is processed, be only capable of in trusted computation environment being used.
In one embodiment, for further increase block chain node key safety, after the step B,
Key generation method described in the present embodiment can also include: step F, delete the institute that the block chain management client is locally stored
State first key.The block chain management client locally also only stores the third key as a result, even if described in other people acquisitions
The user right of block chain management client simultaneously can only obtain the third key.Further, even if other people obtain the third
Key can not also decrypt the third key, and it is even more impossible to pretend to be the block chain node to execute the operations such as transaction cochain.
Wherein, the step F and step D, which can be, either synchronously or asynchronously executes, and the step F and step C be also possible to
Either synchronously or asynchronously execute.
It In yet another embodiment, can be in the credible meter of the block chain management client when executing the step B
The read operation for calling the key management program to execute second key in environment is calculated, the key management program is only capable of
It is run in trusted computation environment.
As a change case, the step A is also possible to call the key management program execution.For example, can be with
Generation operation is executed, in the trusted computation environment of the block chain management client by the key management program to be described
Block chain node generates first key.
In a further embodiment, the key management program can be by the tissue signature in the block chain network
, the tissue can be the tissue for disposing the block chain node.The signature operation can manage visitor by the block chain
Family end executes.
Specifically, the step D may include: step D1, use the key pair institute of the tissue in the block chain network
Key management program is stated to sign;The key management program after signature is sent to the BaaS platform by step D2.
In yet another embodiment, before the step A, key generation method described in the present embodiment can also include:
Step E receives solicited message from the BaaS platform, and the solicited message is close for block chain node described in request
Key.
In embodiments of the present invention, the solicited message can be used for the first close of block chain node described in request
Key, still, what the block chain management client was sent to BaaS platform is the third key of the block chain node, the area
Block chain node can obtain the first key by decrypting the third key.Thus, the block chain management client
Although front does not respond the request that the BaaS platform obtains the first key of block chain node, third of its reality in feedback
The first key is implicitly provided in key, and the mode that third key is fed back described in the present embodiment is more advantageous to first
The protection of key.
In one embodiment, it may further include with reference to Fig. 2, the step B:
At 1021, step B1 is executed, the mark of the key management program is obtained;
At 1022, step B2 is executed, the certificate of the tissue is obtained;
At 1023, step B3 is executed, according to the mark of the key management program and the certificate of the tissue, from institute
State obtained in the associated shielded memory of block chain management client it is described with the key management program and weave connection
Second key;
At 1024, step B4 is executed, first key described in second key pair using acquisition is encrypted,
To generate the third key.
Wherein, the mark of the key management program and the certificate of the tissue can be pre-stored in and the block chain pipe
It manages in the associated shielded memory of client.
In a typical application scenarios, with reference to Fig. 3, the generating process of this scene third key described in the present embodiment
Do exemplary elaboration.
Specifically, BaaS platform 31 can send the solicited message to the block chain management client 32.
Further, in response to receiving the solicited message, the block chain management client 32 can call block
The first key (not shown) of the generation block chain link point (not shown) of chain management client program 33.
Trusted computation environment 34, key management program can have been run on the CPU of the block chain management client 32
36 are only capable of running in trusted computation environment such as the trusted computation environment 34 of the block chain management client 32.
Further, in response to receiving the solicited message, the block chain management client 32 may call upon institute
It states key management program 36 and is run in its trusted computation environment 34.
Specifically, after generating the first key, the block chain management client program 33 can execute operation s1,
The first key generated to be sent to the key management program 36 for running on the trusted computation environment 34.
Further, in response to receiving the first key, the key management program 36 can execute above-mentioned Fig. 1 institute
Show step B described in embodiment, to call the encryption function of CPU, from it is associated with the block chain management client 32 by
The second key (not shown) is read in the memory of protection, and the first key is converted to using second key
Three keys.In this scene, it is assumed that specially dividing in the memory block 35 of the block chain management client 32 has specific storage
Region is as the shielded memory.Therefore, it is possible to think that second key is also stored in the memory block 35, only
But, the key management program 36 that second key only allows to run on the trusted computation environment 34 is read.
Further, the key management program 36 can execute operation s2, the third key storage that will be obtained
It is local to the block chain management client 32, it such as stores to memory block 35.
Further, the block chain management client program 33 can execute operation s3, by the key management journey
The third key that sequence 36 generates is uploaded to the BaaS platform 31.
The block chain node can obtain the third key from the BaaS platform 31 and store.
In another typical application scenarios, with reference to Fig. 4, this scene is described in the present embodiment to key management program
Signature process does exemplary elaboration.
Specifically, the BaaS platform 31 can execute operation s4, to send the key management program unsigned to described
Block chain management client 32.
In response to receiving the key management program unsigned, the block chain management client 32 can call institute
Block chain management client program 33 is stated to execute the signature operation.
Specifically, the block chain management client program 33 can execute operation s5, to use the block chain node
The key management program unsigned that the key pair of affiliated tissue receives is signed, thus the key after being signed
Management program (key management program 36 i.e. shown in Fig. 3).Wherein, the key of the tissue can store in the block chain pipe
It is local to manage client 32, or is obtained from the tissue immediately.
Further, the block chain management client program 33 can be anti-by the key management program 36 after signature
The BaaS platform 31 is fed to be stored.
Further, in the generation operation for executing third key shown in above-mentioned Fig. 3, the block chain management client 32
Key management program 36 after the signature being locally stored can be called, and in the trust computing of the block chain management client 32
It is run in environment 34.
The scheme for using the present embodiment as a result, by the key encapsulation of block chain node in the key data file of safety,
It can ensure the safety of key itself, improve the safety coefficient of the key of block chain node, reduce key and be stolen risk.
Specifically, block chain management client only sends third key to BaaS platform, the key of the block chain node
(alternatively referred to as first key) will not be transmitted itself between block chain management client, BaaS platform and block chain node, from
And the key of block chain link point is protected to the maximum extent.
Further, the second key pair block chain node is used in the trusted computation environment of block chain management client
First key is encrypted, since the second key is only capable of being run the key management program reading in trusted computation environment,
So that this programme ensures that the external world can not directly obtain first key, to reduce the risk that block chain node is falsely used.It is described outer
Boundary can be the third party outside Except block chain management client and the block chain node.
The embodiment of the present invention also provides a kind of calculating equipment, including processor and memory, is stored on the memory
The computer instruction that can be run on the processor, the processor execute following step when running the computer instruction
Rapid: A. locally generates the first key of block chain link point, the meter of the block chain management client in block chain management client
Calculating environment includes trusted computation environment;B. it in the trusted computation environment, is carried out using first key described in the second key pair
Encryption, to generate third key, wherein second key is pre-stored in associated with the block chain management client
In shielded memory, and it is only capable of being run the key management program reading in trusted computation environment;C. by the third key
It is sent to BaaS platform associated with the block chain management client;D. the key management program is sent to described
BaaS platform.
In one embodiment, the step D may further include: D1. uses the tissue in the block chain network
Key pair described in key management program sign;D2. the key management program after signature is sent to the BaaS
Platform.
In one embodiment, before the step A, following steps are can also be performed in the calculating equipment: E. is from institute
It states BaaS platform and receives solicited message, key of the solicited message for block chain node described in request.
In one embodiment, second key can in the key management program and the block chain network
Weave connection.
In one embodiment, the step B may further include: B1. obtains the mark of the key management program;
B2. the certificate of the tissue is obtained;B3. according to the mark of the key management program and the certificate of the tissue, from described
Described the with the key management program and weave connection is obtained in the associated shielded memory of block chain management client
Two keys;B4. first key described in second key pair using acquisition is encrypted, close to generate the third
Key.
In one embodiment, the section that the block chain node can maintain for participant any in supply chain financial business
Point.
In one embodiment, the block chain node can trace to the source the section that any participant maintains in business for commodity
Point.
About working principle, the more contents of working method for calculating equipment, it is referred in above-mentioned Fig. 1 to Fig. 4
Associated description, which is not described herein again.
Fig. 5 is a kind of flow chart of endorsement method for block chain network of the embodiment of the present invention.Wherein, the area
Block chain network can be made of multiple block chain nodes communicated, and the scheme of the present embodiment can be held by the block chain node
Row.
Specifically, in the present embodiment, the endorsement method for block chain network may include:
At 501, step A is executed, data to be signed are obtained;
At 502, step B is executed, obtains third key from BaaS platform, the third key is to manage visitor in block chain
It is obtained in the trusted computation environment at family end using the first key encryption of the second key pair block chain node, described second
Key is pre-stored in shielded memory associated with the block chain node, and is only capable of being run in trusted computation environment
Key management program is read, and the key management program is obtained from the BaaS platform;
At 503, step C is executed, is decrypted using third key described in second key pair, to obtain
State first key, wherein the calculating environment of the block chain node includes trusted computation environment, and the operation of the decryption processing is
It is carried out in the trusted computation environment of the block chain node;
At 504, executes step D and use the first key pair in the trusted computation environment of the block chain node
The data to be signed are signed.
More specifically, the data to be signed can refer to the data for needing to be added to block chain account book.Further,
The data to be signed can be provided by user, and the user can be the user of the block chain node, such as the area
Tissue in block chain network.
In one embodiment, when executing the step C, key management program can be called to execute decryption oprerations, institute
Key management program is stated to be only capable of running in trusted computation environment.The trusted computation environment include the block chain node can
Letter calculates environment.
As a change case, the step B can also be by calling the key management program to execute.For example, can be with
Read operation is executed in the trusted computation environment of the block chain node by the key management program, with oneself and the block chain
The associated shielded memory of node obtains second key, and executes decryption oprerations described in the step C, to obtain
The first key.
In another embodiment, such as when the block chain node starts, before executing the step C, the present embodiment
The endorsement method can also include: step E, download the key management program, the Baas platform from the BaaS platform
The key management program of storage may come from the block chain management client.
For example, the key management program of the BaaS platform storage can be, executed by the block chain management client
The key management program that the scheme of above-mentioned embodiment illustrated in fig. 1 obtains after being signed.
Further, after the step E, before the step C, endorsement method described in the present embodiment can also be wrapped
Include: step F verifies the signature of the key management program, to confirm that the key management program is by the block
What the tissue in chain network was signed.
For example, itself certificate can be sent to the block chain node in advance by the tissue, it is described in response to receiving
The key management program that BaaS platform is sent, the block chain node can extract the tissue from the key management program
Certificate and signature, whether correct sign described in the certification authentication by the tissue, while comparing the key management received
Whether the certificate and the tissue certificate for being previously transmitted to block chain node in program are consistent, to judge that the key management program is
No signed by the tissue.
In a further embodiment, the step E may further include: the transmission of step E1, Xiang Suoshu BaaS platform is asked
Information is sought, the solicited message includes the request voucher of the block chain node, the request voucher and the block chain node
It corresponds and is obtained from the BaaS platform in advance;Step E2 receives the feedback information of information in response to the request, described
Feedback information includes the key management program.
For example, the request voucher, which can be to be generated and sent by BaaS platform when disposing block chain node, gives block chain
Node, the starting opportunity of the block chain node can be by the BaaS platform courses, as started institute by BaaS platform
State block chain node.In response to being activated, it includes the request that the block chain node can be sent to the BaaS platform
Whether the solicited message of voucher, request voucher described in the BaaS platform validation match with the block chain node.Work as verifying
By when, Xiang Suoshu block chain node send feedback information, the feedback information include the block chain node key management
Program.
In one embodiment, second key can be and the key management program and the block chain network
In tissue it is associated.
Specifically, it may further include with reference to Fig. 6, the step C:
At 5031, step C1 is executed, the mark of the key management program is obtained;
At 5032, step C2 is executed, the certificate of the tissue is obtained;
At 5033, step C3 is executed, according to the mark of the key management program and the certificate of the tissue, from institute
State obtained in the associated shielded memory of block chain node with it is described the second of the key management program and weave connection close
Key;
At 5034, step C4 is executed, third key described in second key pair using acquisition is decrypted,
To obtain the first key.
Key management program due to only operating in trusted computation environment can read second key, so that he
People can not crack the third key to obtain the first key, namely can not be by wrong data cochain.
In the present embodiment, due to different CPU be directed to run on respective trusted computation environment, by same tissue signature
Key management program second key can be generated using identical key create-rule so that being pre-stored in the block chain
Second key of node is consistent with the second key for being pre-stored in block chain management client, so that it is guaranteed that running on block chain
The key management program of the trusted computation environment of node can decrypt the trust computing ring by running on block chain management client
The third key of the key management program encryption in border.
In a typical application scenarios, with reference to Fig. 7, this scene uses the close of block chain node described in the present embodiment
The process that key is signed does exemplary elaboration.Wherein, the key of the block chain node is real shown in above-mentioned Fig. 1 to Fig. 6
Apply the first key in example.
Specifically, block chain node 71 have block chain service module 72, for completing the relevant item of block chain, such as with
The interaction of other block chain nodes is added to block chain etc. to be traded, by the data generated in process of exchange.
Further, the block chain node kernel service unit 73 of the block chain service module 72 receives transaction request
And after having executed process of exchange, signature caller 74 is called to sign transaction results, wherein the transaction results are
The data to be signed.
Further, the signature caller 74 receives the data to be signed, and executes operation s1, to call fortune
Key management program 75 of the row in the trusted computation environment 76 based on CPU signs to data to be signed.Wherein, described
CPU is the CPU of the block chain node 71.For example, the signature caller 74 can be described to be signed by what is received
Data are transferred to the key management program 75.
Further, in response to receiving the data to be signed, the key management program 75 can execute operation
S2 is using described second to read the third key and second key from the memory block 77 of block chain node 71
After the decryption of third key described in key pair, signed using the first key that decryption obtains to the data to be signed.?
In this scene, the memory block 77 can correspond to memory block 35 described in above-mentioned embodiment illustrated in fig. 3, deposit in the memory block 77
Contain the third key generated through above-mentioned Fig. 1 to Fig. 4 illustrated embodiment and the second key (not shown).
Further, after completing signature operation, the data after signature can be back to by the key management program 75
The signature caller 74.
Further, the block chain node kernel service unit 73 gets the label from the signature caller 74
After data after name, it can be attached in transaction results and be added to the block chain together.
Wherein, the memory block 77 of the block chain node 71 can be the memory of the block chain node 71, thereon can be with
Special divide has shielded memory associated with the block chain node 71.
Wherein, trusted computation environment 76, key management program 75 can have been run on the CPU of the block chain node 71
It is only capable of the block chain management client 32 shown in the trusted computation environment and above-mentioned Fig. 3 and Fig. 4 of the block chain node 71
It is run in trusted computation environment.
Wherein, the key management program 75 is obtained from the BaaS platform when the block chain node 71 is activated
(Fig. 7 is not shown), and the trusted computation environment 76 of the block chain node 71 is run on after being acquired always.
The scheme for using the present embodiment as a result, operates in block chain node for the arithmetic logic for using key to sign
Trusted computation environment in, it can be ensured that the safety in signature calculating process while ensuring to be stored in the data on block chain
Safety.
Specifically, the operation signed to data to be signed is carried out in the trusted computation environment of block chain node
, and the key of the block chain node for signing to data to be signed be it is processed in advance, be only capable of credible
It is used in calculating environment, the risk that the key of block chain node is stolen is reduced, so that other people can not forge block chain link
Data on point processing block chain, to achieve the effect that improve Information Security.
Wherein, the first key as the key of block chain node is only capable of the trust computing ring in block chain management client
It is used in the trusted computation environment of border and block chain node.
The embodiment of the present invention also provides a kind of calculating equipment, including processor and memory, is stored on the memory
The computer instruction that can be run on the processor, the processor can execute following when running the computer instruction
Step: A. obtains data to be signed;B. third key is obtained from BaaS platform, the third key is to manage visitor in block chain
It is obtained in the trusted computation environment at family end using the first key encryption of the second key pair block chain node, described second
Key is pre-stored in shielded memory associated with the block chain node, and is only capable of being run in trusted computation environment
Key management program is read, and the key management program is obtained from the BaaS platform;C. using described in second key pair
Third key is decrypted, to obtain the first key, wherein the calculating environment of the block chain node includes credible
Environment is calculated, the operation of the decryption processing is carried out in the trusted computation environment of the block chain node;D. described
In the trusted computation environment of block chain node, signed using the first key to the data to be signed.
In one embodiment, before executing the step C, following steps are can also be performed in the calculating equipment: E.
The key management program is downloaded from the BaaS platform, the key management program of the Baas platform storage is from the area
Block chain management client.
In one embodiment, after the step E, before the step C, the calculating equipment can also be performed with
Lower step: F. verifies the signature of the key management program, to confirm that the key management program is by the block
What the tissue in chain network was signed.
In one embodiment, the step E may further include: E1. sends solicited message to the BaaS platform,
The solicited message includes the request voucher of the block chain node, and the request voucher and the block chain node correspond
And it is obtained from the BaaS platform in advance;E2. the feedback information of information in response to the request is received, the feedback information includes
The key management program.
In one embodiment, second key can in the key management program and the block chain network
Weave connection.
In one embodiment, the step C may further include: C1. obtains the mark of the key management program;
C2. the certificate of the tissue is obtained;C3. according to the mark of the key management program and the certificate of the tissue, from described
Second key with the key management program and weave connection is obtained in the associated shielded memory of block chain node;
C4. third key described in second key pair using acquisition is decrypted, to obtain the first key.
In one embodiment, the section that the block chain node can maintain for participant any in supply chain financial business
Point.
In one embodiment, the block chain node can trace to the source the section that any participant maintains in business for commodity
Point.
About working principle, the more contents of working method for calculating equipment, above-mentioned Fig. 5 is referred into Fig. 7
Associated description, which is not described herein again.
In one embodiment, the calculating equipment can be personal computer, smart phone, server etc..
The scheme for using the present embodiment as a result, using block chain node and the CPU of block chain management client provide can
Letter calculates the cryptographic key protection that environment realizes hardware view.
Specifically, the encryption function of the CPU based on block chain management client is realized the encryption storage of first key, is made
It obtains extraneous can not directly decrypt and obtains the first key.Also, first key is not necessarily to be delivered and stored on block chain node,
More guarantee the safety of first key.
Further, the block chain management client runs on the server of block chain manager (such as described tissue)
On, it is ensured that BaaS platform did not interfered with the key of block chain node securely generates process.
Further, the trusted computation environment that the CPU based on block chain node is provided, in signature process, first key
Always it is protected in distinctive region of memory in the CPU of block chain node, and the region of memory is used by the CPU of block chain node
The random key of hardware (i.e. described second key) carried out encryption, to improve the key of block chain node in signature process
Safety coefficient.
In other words, after completing encryption, first key can be deleted by block chain management client, extraneous energy
The third key of acquisition is by encryption, other people can not directly obtain the first key based on the key, also with regard to nothing
Method is signed using the key pair wrong data.
Further, in signature process, the key management program only operated in trusted computation environment can be to institute
It states third key to be decrypted to obtain first key, then uses the first key to be signed in trusted computation environment
Data sign.Therefrom, it may be appreciated that being, the first key is protected in the block chain node and block chain always
In the trusted computation environment of management client, it is equivalent to and is sealed in black box and will not be cracked by the external world.
In the supply chain financial business scene based on block chain network based on BaaS platform management, the supply chain gold
The participant for melting business may include fund side, core enterprise and provide the medium-sized and small enterprises of product for core enterprise, each industry
Business side can have the block chain node of oneself.In entire block chain network, relevant financing transaction is all recorded in block chain
In account book.For supply chain financial business, the safety of the block chain node of each side is most important.If either party
The key of block chain node is leaked, it would be possible to be led to the normal block chain node of malicious node disguise as, be participated in supply chain gold
The business activity melted causes direct traffic lost or transaction data to reveal.Thus, using the scheme of the embodiment of the present invention,
The block chain node of each side can carry out effective protection based on key of the affiliated block chain management client to oneself, to protect
The authenticity and validity of the financing transaction data recorded on card block chain account book.
It traces to the source in business scenario in the commodity based on BaaS platform management, the trace to the source participant of business of the commodity can wrap
The participant of each link in commodity circulation is included, each participant accesses in entire block chain network, and possesses the area of oneself
Block chain node.When commodity pass through specific link, by the link block chain nodes records commodity information to block chain account book
In.If the key of the block chain node of any one link is leaked, it would be possible to lead to the normal area of malicious node disguise as
Block chain node, the commodity of misregistration trace to the source information into block chain account book, and commodity is caused to trace to the source the mistake of information.Thus, it adopts
It can be based on affiliated block chain management client to the close of oneself with the block chain node of the scheme of the embodiment of the present invention, each side
Key carries out effective protection, to guarantee that the commodity recorded on block chain account book are traced to the source the authenticity and validity of data.
Further, a kind of storage medium is also disclosed in the embodiment of the present invention, is stored thereon with computer instruction, the calculating
Above-mentioned Fig. 1 is executed to method and technology scheme described in embodiment illustrated in fig. 7 when machine instruction operation.Preferably, the storage is situated between
Matter may include non-volatile (Non-Volatile) memory or non-transient (Non-Transitory) memory etc.
Computer readable storage medium.The storage medium may include ROM, RAM, disk or CD etc..
Although present disclosure is as above, present invention is not limited to this.Anyone skilled in the art are not departing from this
It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute
Subject to the range of restriction.
Claims (23)
1. a kind of key generation method for block chain network characterized by comprising
A. the first key of block chain link point, the meter of the block chain management client are locally generated in block chain management client
Calculating environment includes trusted computation environment;
B. it in the trusted computation environment, is encrypted using first key described in the second key pair, to generate third
Key, wherein second key is pre-stored in shielded memory associated with the block chain management client, and only
The key management program reading in trusted computation environment can be run;
C. the third key is sent to BaaS platform associated with the block chain management client;
D. the key management program is sent to the BaaS platform.
2. key generation method according to claim 1, which is characterized in that the step D further comprises:
D1. key management program described in the key pair using the tissue in the block chain network is signed;
D2. the key management program after signature is sent to the BaaS platform.
3. key generation method according to claim 1, which is characterized in that before the step A, further includes:
E. solicited message is received from the BaaS platform, the solicited message is close for block chain node described in request
Key.
4. key generation method according to claim 1, which is characterized in that second key and the key management journey
Weave connection in sequence and the block chain network.
5. key generation method according to claim 4, which is characterized in that the step B further comprises:
B1. the mark of the key management program is obtained;
B2. the certificate of the tissue is obtained;
B3. it according to the mark of the key management program and the certificate of the tissue, is closed from the block chain management client
Second key with the key management program and weave connection is obtained in the shielded memory of connection;
B4. first key described in second key pair using acquisition is encrypted, to generate the third key.
6. a kind of calculating equipment, which is characterized in that including processor and memory, being stored on the memory can be described
The computer instruction run on processor, the processor execute following steps when running the computer instruction:
A. the first key of block chain link point, the meter of the block chain management client are locally generated in block chain management client
Calculating environment includes trusted computation environment;
B. it in the trusted computation environment, is encrypted using first key described in the second key pair, to generate third
Key, wherein second key is pre-stored in shielded memory associated with the block chain management client, and only
The key management program reading in trusted computation environment can be run;
C. the third key is sent to BaaS platform associated with the block chain management client;
D. the key management program is sent to the BaaS platform.
7. calculating equipment according to claim 6, which is characterized in that the step D further comprises:
D1. key management program described in the key pair using the tissue in the block chain network is signed;
D2. the key management program after signature is sent to the BaaS platform.
8. calculating equipment according to claim 6, which is characterized in that before the step A, the calculating equipment is also held
Row following steps:
E. solicited message is received from the BaaS platform, the solicited message is close for block chain node described in request
Key.
9. calculating equipment according to claim 6, which is characterized in that second key and the key management program with
And the weave connection in the block chain network.
10. calculating equipment according to claim 9, which is characterized in that the step B further comprises:
B1. the mark of the key management program is obtained;
B2. the certificate of the tissue is obtained;
B3. it according to the mark of the key management program and the certificate of the tissue, is closed from the block chain management client
Second key with the key management program and weave connection is obtained in the shielded memory of connection;
B4. first key described in second key pair using acquisition is encrypted, to generate the third key.
11. a kind of endorsement method for block chain network characterized by comprising
A. data to be signed are obtained;
B. third key is obtained from BaaS platform, the third key is in the trusted computation environment of block chain management client
It is obtained using the first key encryption of the second key pair block chain node, second key is pre-stored in and the block
In the associated shielded memory of chain node, and it is only capable of being run the key management program reading in trusted computation environment, institute
It states key management program and is obtained from the BaaS platform;
C. it is decrypted using third key described in second key pair, to obtain the first key, wherein described
The calculating environment of block chain node includes trusted computation environment, the operation of the decryption processing be in the block chain node can
It is carried out in letter calculating environment;
D. in the trusted computation environment of the block chain node, the data to be signed are carried out using the first key
Signature.
12. endorsement method according to claim 11, which is characterized in that before executing the step C, further includes:
E. download the key management program from the BaaS platform, the key management program of the Baas platform storage from
The block chain management client.
13. endorsement method according to claim 12, which is characterized in that after the step E, before the step C,
Further include:
F. the signature of the key management program is verified, to confirm that the key management program is by the block link network
What the tissue in network was signed.
14. endorsement method according to claim 12, which is characterized in that the step E further comprises:
E1. solicited message is sent to the BaaS platform, the solicited message includes the request voucher of the block chain node, institute
It states request voucher and the block chain node corresponds and is obtained from the BaaS platform in advance;
E2. the feedback information of information in response to the request is received, the feedback information includes the key management program.
15. endorsement method according to claim 11, which is characterized in that second key and the key management program
And the weave connection in the block chain network.
16. endorsement method according to claim 15, which is characterized in that the step C further comprises:
C1. the mark of the key management program is obtained;
C2. the certificate of the tissue is obtained;
C3. according to the mark of the key management program and the certificate of the tissue, from the block chain node it is associated by
Second key with the key management program and weave connection is obtained in the memory of protection;
C4. third key described in second key pair using acquisition is decrypted, to obtain the first key.
17. a kind of calculating equipment, which is characterized in that including processor and memory, being stored on the memory can be in institute
The computer instruction run on processor is stated, the processor executes following steps when running the computer instruction:
A. data to be signed are obtained;
B. third key is obtained from BaaS platform, the third key is in the trusted computation environment of block chain management client
It is obtained using the first key encryption of the second key pair block chain node, second key is pre-stored in and the block
In the associated shielded memory of chain node, and it is only capable of being run the key management program reading in trusted computation environment, institute
It states key management program and is obtained from the BaaS platform;
C. it is decrypted using third key described in second key pair, to obtain the first key, wherein described
The calculating environment of block chain node includes trusted computation environment, the operation of the decryption processing be in the block chain node can
It is carried out in letter calculating environment;
D. in the trusted computation environment of the block chain node, the data to be signed are carried out using the first key
Signature.
18. calculating equipment according to claim 17, which is characterized in that before executing the step C, the calculating is set
It is standby also to execute following steps:
E. download the key management program from the BaaS platform, the key management program of the Baas platform storage from
The block chain management client.
19. calculating equipment according to claim 18, which is characterized in that after the step E, before the step C,
The calculating equipment also executes following steps:
F. the signature of the key management program is verified, to confirm that the key management program is by the block link network
What the tissue in network was signed.
20. calculating equipment according to claim 18, which is characterized in that the step E further comprises:
E1. solicited message is sent to the BaaS platform, the solicited message includes the request voucher of the block chain node, institute
It states request voucher and the block chain node corresponds and is obtained from the BaaS platform in advance;
E2. the feedback information of information in response to the request is received, the feedback information includes the key management program.
21. calculating equipment according to claim 17, which is characterized in that second key and the key management program
And the weave connection in the block chain network.
22. calculating equipment according to claim 21, which is characterized in that the step C further comprises:
C1. the mark of the key management program is obtained;
C2. the certificate of the tissue is obtained;
C3. according to the mark of the key management program and the certificate of the tissue, from the block chain node it is associated by
Second key with the key management program and weave connection is obtained in the memory of protection;
C4. third key described in second key pair using acquisition is decrypted, to obtain the first key.
23. a kind of storage medium, is stored thereon with computer instruction, which is characterized in that the computer instruction executes when running
The step of any one of any one of claim 1 to 5 the method or claim 11 to 16 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811454401.9A CN109933987A (en) | 2018-11-30 | 2018-11-30 | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811454401.9A CN109933987A (en) | 2018-11-30 | 2018-11-30 | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109933987A true CN109933987A (en) | 2019-06-25 |
Family
ID=66984697
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811454401.9A Pending CN109933987A (en) | 2018-11-30 | 2018-11-30 | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109933987A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111090865A (en) * | 2019-12-17 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Secret key authorization method and system |
CN111539033A (en) * | 2020-07-08 | 2020-08-14 | 南京金宁汇科技有限公司 | Method and system for realizing credibility of data calculation in block chain |
CN111737266A (en) * | 2020-07-31 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Block data access method, block data storage method and device |
WO2021253299A1 (en) * | 2020-06-17 | 2021-12-23 | 达闼机器人有限公司 | Data processing method, storage medium, electronic device and data transaction system |
CN113869901A (en) * | 2021-12-02 | 2021-12-31 | 腾讯科技(深圳)有限公司 | Key generation method, key generation device, computer-readable storage medium and computer equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108282334A (en) * | 2018-04-13 | 2018-07-13 | 济南浪潮高新科技投资发展有限公司 | It is a kind of based on the multi-party key agreement device of block chain, method and system |
CN108600182A (en) * | 2018-03-29 | 2018-09-28 | 深圳前海微众银行股份有限公司 | Block chain key management method, system and key management apparatus, storage medium |
US20180309581A1 (en) * | 2017-04-19 | 2018-10-25 | International Business Machines Corporation | Decentralized biometric signing of digital contracts |
-
2018
- 2018-11-30 CN CN201811454401.9A patent/CN109933987A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180309581A1 (en) * | 2017-04-19 | 2018-10-25 | International Business Machines Corporation | Decentralized biometric signing of digital contracts |
CN108600182A (en) * | 2018-03-29 | 2018-09-28 | 深圳前海微众银行股份有限公司 | Block chain key management method, system and key management apparatus, storage medium |
CN108282334A (en) * | 2018-04-13 | 2018-07-13 | 济南浪潮高新科技投资发展有限公司 | It is a kind of based on the multi-party key agreement device of block chain, method and system |
Non-Patent Citations (2)
Title |
---|
唐德权等: "《电子商务安全》", 31 December 2011, 华中科技大学出版社 * |
张焕国等: "《可信计算》", 31 August 2011, 武汉大学出版社 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111090865A (en) * | 2019-12-17 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Secret key authorization method and system |
WO2021253299A1 (en) * | 2020-06-17 | 2021-12-23 | 达闼机器人有限公司 | Data processing method, storage medium, electronic device and data transaction system |
CN111539033A (en) * | 2020-07-08 | 2020-08-14 | 南京金宁汇科技有限公司 | Method and system for realizing credibility of data calculation in block chain |
CN111737266A (en) * | 2020-07-31 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Block data access method, block data storage method and device |
CN113869901A (en) * | 2021-12-02 | 2021-12-31 | 腾讯科技(深圳)有限公司 | Key generation method, key generation device, computer-readable storage medium and computer equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111770200B (en) | Information sharing method and system | |
CN111770201B (en) | Data verification method, device and equipment | |
CN105659559B (en) | The safety of authenticating remote server | |
CN109933987A (en) | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment | |
US20190303932A1 (en) | Method and system for verifying policy compliance of transactions in a blockchain executing smart contracts | |
CN110914857B (en) | Product promotions using intelligent contracts in blockchain networks | |
WO2019007396A1 (en) | Method and device for conducting encrypted transaction based on smart contract, and blockchain | |
CN111770198B (en) | Information sharing method, device and equipment | |
CN111770199B (en) | Information sharing method, device and equipment | |
CN101937528A (en) | Systems and methods for implementing supply chain visibility policies | |
CN111770112B (en) | Information sharing method, device and equipment | |
CN109829013A (en) | For running the method for intelligent contract in block chain network, storage medium, calculating equipment | |
CN113010861B (en) | Identity verification method and system in financing transaction based on block chain | |
CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
CN111818186B (en) | Information sharing method and system | |
CN112785202A (en) | Asset management method, device and system | |
CN111460525A (en) | Data processing method and device based on block chain and storage medium | |
CN109934579A (en) | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment | |
CN112347516A (en) | Asset certification method and device based on block chain | |
CN110417557B (en) | Intelligent terminal peripheral data security control method and device | |
CN111491024A (en) | Block chain-based bank letter method, system, terminal and storage medium | |
CN110992034A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment | |
CN109697368A (en) | Method, equipment and system that user information data safety uses, storage medium | |
CN111814193B (en) | Information sharing method, device and equipment | |
Noam et al. | Realizing privacy aspects in blockchain networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190625 |