CN112150158A - Block chain transaction delivery verification method and device - Google Patents

Block chain transaction delivery verification method and device Download PDF

Info

Publication number
CN112150158A
CN112150158A CN201910588164.3A CN201910588164A CN112150158A CN 112150158 A CN112150158 A CN 112150158A CN 201910588164 A CN201910588164 A CN 201910588164A CN 112150158 A CN112150158 A CN 112150158A
Authority
CN
China
Prior art keywords
certificate
node
identity
list
identity certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910588164.3A
Other languages
Chinese (zh)
Inventor
刘奇
刘文杰
檀景辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201910588164.3A priority Critical patent/CN112150158A/en
Publication of CN112150158A publication Critical patent/CN112150158A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention discloses a block chain transaction payment verification method and a block chain transaction payment verification device, wherein the method comprises the following steps: the second node generates a first verification message comprising a certificate identifier corresponding to the identity certificate of the second node, sends the first verification message to the first node, receives the first verification message, obtains the certificate identifier in the first verification message through analysis, further obtains the identity certificate corresponding to the certificate identifier from a certificate list stored in the first node, and verifies the identity of the second node through the identity certificate. In the process, the first verification message comprises the certificate identifier corresponding to the self-identity certificate of the second node, so that the original self-identity certificate of the second node is replaced, the data processing amount in the block chain transaction process is reduced, the network overhead and the storage overhead are reduced, and the block chain transaction efficiency is improved.

Description

Block chain transaction delivery verification method and device
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain transaction delivery and verification method and device.
Background
The block chain technology has been applied to the fields of finance, trade, credit investigation, internet of things, sharing economy and the like. Due to the distributed fault tolerance, non-tamper-ability and privacy protection of the block-chain technology, enterprises or government departments can be helped to establish a trusted, low-cost and secure network. A user may complete all exchanges related to information, value (including currency, securities, patents, copyright, digital goods, physical goods, etc.), credit, etc. in a blockchain network.
The block chain platform is used as a distributed infrastructure, the bottom layer platform is complex to build, and the operation and maintenance are complex. This is a challenge for many application developers, making it impossible for enterprises to focus on the development and innovation of upper-level applications. To solve these problems, a blockchain cloud service platform is produced. The blockchain cloud service can provide rapid service for a developer to create and use, even a safety monitoring blockchain platform by utilizing the deployment and management advantages of cloud service infrastructure. Currently, some Blockchain frontier technology teams have developed and brought online Blockchain service platforms in the industry, mainly including Huaqi cloud Blockchain service (BCS), Alice cloud Blockchain service (Baas), Tencent cloud Blockchain service (TBaaS), Amazon Managed Blockchain (Amazon Managed Block) of AWS, and Bluemix cloud Blockchain service of IBM.
And in the process of using the block chain cloud service, a user needs to purchase computing resources, communication resources and storage resources provided by a public cloud platform. IT infrastructure overhead often accounts for a large amount of expenditure of the enterprise, increasing the cost of the enterprise using blockchain services. When the application scene of enterprise-level mass data is faced, the transaction amount in the blockchain system is increased sharply, so that the network cost and the storage cost of blockchain service are increased sharply. In the BCS service of the hua-yun, the network overhead of some enterprises is even as high as 50% of the enterprise cost, so that the infrastructure overhead such as the network cost and the storage cost is reduced, and the cost performance of improving the block chain service becomes a main requirement of users.
Currently, the available scenarios of blockchain techniques are greatly limited by long transaction validation times and low throughput. Under a public chain scene, the number of transactions that can be processed by the current bitcoin system per second is 7, and the safe transaction confirmation time is about one hour. Under the scene of a alliance chain, certain trust premises and benefit constraints exist among participating parties, and a more optimized design can be adopted to improve the performance. The throughput of the HyperLegend Fabric represented by the alliance chain is only in the order of hundreds to thousands of transactions per second, and cannot meet the requirement of the current financial system on the throughput (tens of thousands of transactions per second). Therefore, there is currently a great interest in improving the throughput of blockchain system transactions while reducing the transaction acknowledgement delay.
Disclosure of Invention
The embodiment of the invention provides a method and a device for delivering and verifying blockchain transactions.
In a first aspect, an embodiment of the present invention provides a blockchain transaction verification method, which is applied to a first node in a blockchain system, and the method includes:
receiving a first verification message sent by a second node, and analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier;
acquiring an identity certificate corresponding to the certificate identifier from a certificate list of the first node, wherein the certificate list comprises a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers;
and verifying the second node according to the identity certificate.
In the embodiment of the application, when receiving a verification message sent by a second node, if it is analyzed that the certificate field content includes a certificate identifier, a first node obtains an identity certificate corresponding to the certificate identifier from a certificate list, and then verifies the second node according to the identity certificate. In the process, the first node receives the certificate identification instead of the identity certificate, so that the receiving efficiency can be improved; the identity certificate corresponding to the certificate identification is obtained from the certificate list, so that the convenience of obtaining the identity certificate can be improved, and the reliability is guaranteed. The method improves the efficiency of receiving and acquiring the identity certificate for transaction verification on the whole.
In a possible embodiment, the method further comprises:
receiving a second verification message sent by a second node, analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate, and the second verification message is sent before the first verification message;
verifying the second node according to the identity certificate;
determining whether the identity certificate is included in a certificate list of the first node;
if the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
In a possible embodiment, before obtaining the identity certificate corresponding to the certificate identifier from the certificate list of the first node, the method further includes:
storing a certificate list of the first node in a cache of the first node; and/or
Storing a certificate list for the first node in a local database of the first node.
In a second aspect, an embodiment of the present invention provides a blockchain transaction delivery method, which is applied to a second node in a blockchain system, and the method includes:
determining whether a certificate list of the second node comprises a self-identity certificate, wherein the self-identity certificate is an identity certificate issued by a CA (certificate authority) for the second node;
if the certificate list comprises the self identity certificate, acquiring a certificate identifier corresponding to the self identity certificate, and generating a first verification message comprising the certificate identifier;
sending the first authentication message to the first node.
In the embodiment of the application, when it is determined that the certificate list of the second node includes the self identity certificate, the certificate identifier corresponding to the self identity certificate is obtained, the first verification message including the certificate identifier is generated, and finally the first verification message is sent to the first node. In the process, after the certificate list of the second node comprises the self identity certificate, the first verification message sent to the first node comprises the certificate identification corresponding to the self identity certificate instead of the certificate, so that the data processing amount during generation of the first verification message can be effectively reduced, and the generation and sending efficiency of the first verification message is improved. The method improves the efficiency of generating and sending the first verification message for transaction verification on the whole.
In a possible embodiment, after determining whether the self-identity certificate is included in the certificate list of the second node, the method further includes:
if the certificate list of the second node does not comprise the self-identity certificate, obtaining the self-identity certificate of the second node from the outside of the certificate list, and generating a second verification message comprising the self-identity certificate, wherein the self-identity certificate of the second node is an identity certificate issued by a CA (certificate authority) for the second node;
sending the second authentication message to the first node.
In a possible embodiment, the obtaining the certificate identifier corresponding to the self-identity certificate includes:
and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
In a possible embodiment, the method further comprises:
acquiring a self identity certificate and a private key corresponding to the second node issued by CA;
acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using a private key to acquire a signature corresponding to the second node;
generating a first verification message for the second node based on the signature, the sent message, and a certificate field, wherein the certificate field content includes the certificate identification; or
And generating a second verification message of the second node according to the signature, the sending message and the certificate field, wherein the content of the certificate field comprises the self-identity certificate.
In a third aspect, an embodiment of the present invention provides a blockchain transaction verification apparatus, including:
the receiving unit is used for receiving the verification message sent by the second node and analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier;
an obtaining unit, configured to obtain an identity certificate corresponding to the certificate identifier from a certificate list of the first node, where the certificate list includes a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers;
and the verification unit is used for verifying the second node according to the identity certificate.
In a possible embodiment, the obtaining unit is further configured to:
receiving a second verification message sent by a second node, analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate, and the second verification message is sent before the first verification message;
the verification unit is further configured to:
verifying the second node according to the identity certificate;
determining whether the identity certificate is included in a certificate list of the first node;
if the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
In a possible embodiment, the apparatus further comprises a storage unit for:
storing a certificate list of the first node in a cache of the first node; and/or
Storing a certificate list for the first node in a local database of the first node.
In a fourth aspect, an embodiment of the present invention provides a blockchain transaction delivery apparatus, where the apparatus includes:
a determining unit, configured to determine whether a certificate of self identity is included in the certificate list of the second node;
the generating unit is used for acquiring a certificate identifier corresponding to the self identity certificate and generating a first verification message comprising the certificate identifier if the certificate list comprises the self identity certificate;
a sending unit, configured to send the first verification message to the first node.
In a possible embodiment, after determining whether the certificate list of the second node includes the self-identity certificate, the generating unit is further configured to:
if the certificate list of the second node does not comprise the self-identity certificate, acquiring the self-identity certificate of the second node from the outside of the certificate list, and generating a second verification message comprising the self-identity certificate;
sending the second authentication message to the first node.
In a possible embodiment, in terms of obtaining a certificate identifier corresponding to the self-identity certificate, the generating unit is further specifically configured to:
and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
In a possible embodiment, the generating unit is further specifically configured to:
acquiring a self identity certificate and a private key corresponding to the second node;
acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using the private key to acquire a signature corresponding to the second node;
generating a first verification message for the second node based on the signature, the sent message, and certificate field contents, wherein the certificate field contents include the certificate identification; or
And generating a second verification message of the second node according to the signature, the sending message and the certificate field content, wherein the certificate field content comprises the self-identity certificate.
In a fifth aspect, an embodiment of the present invention provides an apparatus, including:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to cause the apparatus to perform any of the methods of the first and second aspects.
In a sixth aspect, the present invention provides a computer-readable storage medium, which includes program instructions, which when run on a computer, cause the computer to perform any of the methods of the first and second aspects.
It can be seen that, in the scheme of the embodiment of the present invention, in the method and apparatus for delivering and verifying a blockchain transaction, a first verification message is first generated at a second node, and the first verification message is sent to a first node, and the first node receives the first verification message, and obtains a certificate field in the first verification message through parsing, so as to obtain an identity certificate, and verifies the identity of the second node. In the process, the certificate field in the first verification message can be a certificate identifier corresponding to the self-identity certificate of the second node, so that the original self-identity certificate of the second node is replaced, the data processing amount in the blockchain transaction process is reduced, the network overhead and the storage overhead are reduced, and the blockchain transaction efficiency is improved.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block chain structure according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an alliance chain structure according to an embodiment of the present invention;
FIG. 3 is a block chain transaction delivery verification method according to an embodiment of the present invention;
FIG. 4 is a block chain transaction delivery verification method according to another embodiment of the present invention;
FIG. 5 is a schematic view of a Fabric transaction flow according to an embodiment of the present invention;
FIG. 6 is a block chain transaction verification delivery process according to an embodiment of the present disclosure;
fig. 7 is a block chain transaction verification apparatus according to an embodiment of the present invention;
FIG. 8 is a block chain transaction delivery apparatus according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solution of the present invention better understood by those skilled in the art, the technical solution in the embodiment of the present invention will be described below with reference to the drawings in the embodiment of the present invention.
Referring to fig. 1, fig. 1 is a block chain structure diagram according to an embodiment of the present invention, as shown in fig. 1, a ring structure composed of a plurality of terminals (data blocks) is included in fig. 1, where each terminal is a node, and the ring structure is a block chain. In the block chain structure, each node has the same position, the consistency of storage is ensured by means of a consensus mechanism, and each terminal stores complete data.
For all nodes in the same blockchain system, the transaction information stored on the blockchain is public, so in order to ensure the security of the transaction, the account identity information needs to be highly encrypted and can be accessed only under the authorization of the data owner. In this process, the authentication of the user identity information is usually realized by using an asymmetric encryption technology.
Fig. 2 is a schematic diagram of an alliance chain structure according to an embodiment of the present invention, and as shown in fig. 2, the alliance chain includes a plurality of peer nodes, and all the peer nodes in the alliance chain are connected by a dotted line. Some peer nodes form an organization, for example, nodes 1.1-1.3 form organization 1(org1), nodes 2.1-2.3 form organization 2(org2), nodes 3.1-3.3 form organization 3(org3), and peer nodes in the same organization are connected in pairs through thin solid lines. Peer nodes in different organizations can form channels (channels), and data among different channels are isolated from each other and used for ensuring that transaction information is only visible to transaction participants. The peer nodes in the same channel are connected by thick solid lines and are connected with the sort node (orderer). Each channel is an independent blockchain, so that multiple users can share the same blockchain system without worrying about information leakage problems. One or more sequencing nodes are used for finishing sequencing Service (Ordering Service), and are responsible for sequencing all transactions sent to the network, ensuring the transaction sequence in a block chain, generating blocks (blocks) according to a specified block-out strategy for the sequenced transactions, and broadcasting the blocks to the peer nodes.
The federation link structure shown in FIG. 2 also includes a client node that issues a transaction proposal by a client and responds to the transaction proposal by a peer node to finalize the transaction. All nodes in the federation chain are issued with identity certificates by an authoritative Certificate Authority (CA) for undertaking the task of verifying the validity of public keys of asymmetric encryption technologies in the blockchain.
Since the identity certificate issued by the CA is used for authentication of node signatures, the identity certificate is packed, sent, analyzed, and signed in each transaction, and the data volume of the identity certificate is sometimes even larger than the transaction data volume of the blockchain, which causes large data redundancy and reduces the efficiency of blockchain transactions.
In order to solve the above problem, fig. 3 is a block chain transaction delivery verification method according to an embodiment of the present invention, as shown in fig. 3, the method includes:
101. the second node determines whether the certificate list of the second node includes the self-identity certificate.
Authentication is performed when all nodes in the blockchain system perform transactions (or data transmission). The CA issues an identity certificate (containing a public key), a private key and a root certificate for each node in the blockchain system. The private key is used for signing a message or a message digest to be sent by a sending node, then the signature and an identity certificate are sent to a receiving node, the receiving node authenticates the identity certificate by adopting a root certificate, the legality of the identity certificate is confirmed, then a public key in the identity certificate is obtained, the signature (generated by encrypting the private key) of the sending node is authenticated, and the authentication process of the sending node is completed.
In the embodiment of the invention, the second node is the node sending the message, and the first node is the node receiving the message. The client or the peer node in the federation chain can be used as a node for sending messages, namely a second node; the client, the peer node and the sequencing node may all be the nodes that receive the message, i.e., the first node.
In addition, the certificate list of the second node is used for storing the identity certificates of all nodes which have completed transactions with the second node and the certificate identifications corresponding to the identity certificates. In the process of conducting the transaction in the blockchain, the transaction is achieved by means of a consensus mechanism, so that the transaction can be achieved only when all nodes involved in the transaction are authenticated and transacted with all other nodes, and then the certificate list of each node stores the identity certificates of all nodes involved in the transaction and the certificate identifications corresponding to the identity certificates, including the identity certificates.
If the certificate list of the second node does not include the self-identity certificate, the second node does not transact with other nodes in the channel.
102. If the certificate list comprises the self identity certificate, the second node acquires a certificate identifier corresponding to the self identity certificate and generates a first verification message comprising the certificate identifier.
Specifically, in order to reduce the data processing amount when a transaction is performed between nodes in a federation chain, the certificate field content in the authentication message sent by the second node is replaced by a certificate identifier, where the certificate identifier represents a mark used for representing the identity of the identity, and because the identity uniquely marks one node, the certificate identifier corresponding to the identity also needs to uniquely mark one node. In addition, the certificate identifier should uniquely correspond to the identity certificate, that is, only a unique certificate identifier can be obtained according to one identity certificate, and after the identity certificate or the identity identifier is tampered, the certificate identifier and the identity certificate do not correspond to each other.
And after the certificate list of the second node comprises the self identity card, generating a first verification message, and sending the verification message to the first node to complete verification and transaction between the nodes. And the certificate field content in the first and second nodes is the certificate identification of the second node.
Optionally, the obtaining of the certificate identifier corresponding to the self identity certificate includes: and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
Specifically, according to the characteristics of the certificate identifier, it can be determined that the hash value obtained by performing hash operation on the identity certificate can be used as the certificate identifier corresponding to the identity certificate. The hash value is a value with a fixed format, and the identity certificate is subjected to hash operation to obtain a corresponding hash value, so that the data volume can be greatly reduced. And the hash values obtained for different data will not be substantially the same. Therefore, the identity certificate sent in the transaction process is replaced by the hash value corresponding to the identity certificate, so that the transaction data volume can be reduced, and the identity certificate corresponding to the second node can be obtained according to the certificate identifier to carry out subsequent node verification.
Optionally, the method further includes: receiving a self identity certificate and a private key which are issued by a CA and correspond to the second node; acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using a private key to acquire a signature corresponding to the second node; generating a first verification message for the second node based on the signature, the sent message, and a certificate field, wherein the certificate field content includes the certificate identification; or generating a second verification message of the second node according to the signature, the sending message and the certificate field, wherein the content of the certificate field comprises the self-identity certificate.
In particular, the authentication message of the second node is used to complete the authentication of the second node and to close the transaction at the first node. Thus, the authentication message includes both the identity information and the transaction data. The specific process of generating the verification message is as follows: and acquiring the self-identity certificate and the private key of the second node, wherein the self-identity certificate is the identity certificate corresponding to the second node. The private key is used for encrypting the sending message of the second node or the digest of the sending message to obtain the signature corresponding to the second node. And generating a verification message according to the signature, the sending message and the certificate field content. Under the condition that the certificate list of the second node comprises the self identity certificate, the content of the certificate field is a certificate identifier corresponding to the self identity certificate, and the generated verification message is a first verification message; and under the condition that the certificate list of the second node does not comprise the self identity certificate, the content of the certificate field is the self identity certificate, and the generated verification message is the second verification message.
103. The second node sends a first authentication message to the first node.
In this embodiment of the present application, it is determined that the certificate list of the second node includes the self-identity certificate of the second node, and therefore, a first verification message is generated according to the certificate identifier corresponding to the self-identity certificate, and then the second node sends the first verification message to the first node, so as to complete the identity authentication of the second node and complete the process of transmitting the transaction data to the first node by the second node.
104. The first node receives a first verification message sent by a second node, and analyzes the first verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier.
The certificate list of the first node is used for storing identity certificates of all nodes which have completed transactions with the first node and certificate identifications corresponding to the identity certificates. As can be seen from the above, the certificate identifier is included in the first authentication message, and then the certificate field content in the first authentication message obtained by parsing by the first node includes the certificate identifier.
105. And the first node acquires the identity certificate corresponding to the certificate identification from the certificate list of the first node.
And after the certificate identification is obtained, traversing the certificate list of the first node and obtaining the identity certificate corresponding to the certificate identification.
The certificate list of the first node contains the certificate identification of the second node, which indicates that the two nodes have already conducted transactions before. Each transaction between federation link nodes requires authentication of the node identity. Non-first-time transactions may reduce the amount of transaction data, i.e., replace the identity certificate in the verification message with a certificate identification. When the certificate list stored by the first node is determined to include the certificate identifier of the second node, the identity certificate corresponding to the certificate identifier of the second node, namely the identity certificate of the second node, is obtained from the certificate list, and then the identity of the second node is verified.
If the certificate list stored by the first node does not include the certificate identifier of the second node, the first node and the second node may not have performed a transaction, or the data related to the identity certificate stored by the first node is lost or tampered, and the transaction fails, and the second node is notified to resend the verification message.
Optionally, before obtaining the identity certificate corresponding to the certificate identifier from the certificate list of the first node, the method further includes: storing a certificate list of the first node in a cache of the first node; and/or storing a list of certificates for the first node in a local database of the first node.
Specifically, the certificate list of the first node is stored in the cache of the first node, so that the content in the certificate list can be quickly acquired, and the verification efficiency of the second node is further improved. The certificate list of the first node is stored in a local database of the first node, so that the storage safety of the certificate list can be ensured. If the storage safety is ensured while the verification efficiency is improved, the certificate list can be stored in the cache and the local database simultaneously.
Optionally, the certificate identifier in the certificate list may be obtained, and the certificate identifier is stored in the cache of the first node, while the certificate list is continuously stored in the local database of the first node, and when it is resolved that the content of the certificate field of the second node includes the certificate identifier, the certificate identifier in the cache of the first node is traversed. Therefore, on one hand, the efficiency of determining whether the certificate list of the first node comprises the certificate identifier of the second node can be improved, and on the other hand, the certificate identifier in the certificate list is stored in the cache instead of the whole certificate list, so that the storage burden of the cache can be reduced. The certificate list is stored in the local database of the first node, so that the storage burden of the cache can be reduced while the storage safety of the certificate list is ensured.
106. And the first node verifies the second node according to the identity certificate corresponding to the certificate identification.
The identity certificate obtained according to the certificate identification is the identity certificate corresponding to the second node, the identity certificate is used for verifying the identity of the second node, and the verification process is as follows: and the first node authenticates the identity certificate by adopting the root certificate obtained from the CA, confirms the validity of the identity certificate, acquires the public key in the identity certificate, decrypts the signature of the second node and completes the authentication process of the second node.
As can be seen, in the embodiment of the present application, when receiving a verification message sent by a second node, if it is analyzed that the content of the certificate field includes the certificate identifier, the first node traverses the certificate list of the first node, determines that the certificate list includes the certificate identifier, then obtains an identity certificate corresponding to the certificate identifier from the certificate list, and then verifies the second node according to the identity certificate. In the process, the first node receives the certificate identification instead of the identity certificate, so that the receiving efficiency can be improved; the identity certificate corresponding to the certificate identification is obtained from the certificate list, so that the convenience of obtaining the identity certificate can be improved, and the reliability is guaranteed. The method improves the efficiency of receiving and acquiring the identity certificate for transaction verification on the whole.
Referring to fig. 4, fig. 4 is a block chain transaction delivery verification method according to another embodiment of the present invention, as shown in fig. 4, the method includes:
201. the second node determines whether the certificate list of the second node includes the self-identity certificate.
The description of this step is the same as that of step 101, and is not repeated here.
202. If the certificate list of the second node does not comprise the self-identity certificate, the self-identity certificate of the second node is obtained from the outside of the certificate list, and a second verification message comprising the self-identity certificate is generated.
Specifically, if the certificate list of the second node does not include the identity certificate of the second node, it is indicated that the second node has not transacted with other nodes in the channel, and the first node that has not transacted has not received the identity certificate of the second node, and naturally, the identity certificate of the second node cannot be stored and acquired, and the identity of the second node cannot be verified according to the identity certificate. At this time, the second node obtains the self-identity certificate, which may be obtained from the CA or from the storage space of the second node, generates a second verification message including the self-identity certificate, and sends the second verification message to the first node to perform a transaction.
In a possible case, the second node sends the first verification message to the first node, but the certificate list of the first node is traversed without including the certificate identifier of the second node due to the loss or tampering of the stored content of the first node. The first node sends a prompt message to the second node for prompting the second node to resend the verification message. And after receiving the prompt message, the second node regenerates the second verification message and sends the second verification message to the first node.
203. The second node sends the second authentication message to the first node.
The second node generates a second verification message, that is, sends the second verification message to the first node, so as to complete the identity authentication of the second node and complete the process of transmitting the transaction data to the first node by the second node. Typically, the second authentication message is generated and sent before the first authentication message because the second authentication message was generated without the second node having transacted with other nodes in the channel.
204. And the first node receives a second verification message sent by the second node, and analyzes the verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate.
And after receiving the verification message sent by the second node, the first node analyzes the verification message to obtain the field content of the certificate. In the embodiment of the present invention, the second verification message sent by the second node includes the identity certificate of the second node, so that the first node can analyze and obtain the identity certificate in the second verification message after receiving the second verification message.
205. And the first node verifies the second node according to the identity certificate.
When the identity certificate is analyzed from the second verification message, the identity certificate of the second node can be directly used for identity verification of the second node, and the verification process is as follows: and the first node authenticates the identity certificate by adopting the root certificate obtained from the CA, confirms the validity of the identity certificate, acquires the public key in the identity certificate, decrypts the signature of the second node and completes the authentication process of the second node.
206. The first node determines whether the identity certificate is included in a certificate list of the first node.
After the authentication is completed, it is determined whether the identity certificate is included in the certificate list of the first node. Normally, the certificate list of each node is the identity certificate of the nodes that have transacted with each other and their corresponding certificate identities, so the certificate list of the first node should be the same as the certificate list of the second node. If the certificate list of the second node does not include the self identity certificate, the certificate list of the first node should not include the identity certificate of the second node.
207. If the identity certificate is determined not to be included in the certificate list of the first node, the first node generates a certificate identifier corresponding to the identity certificate according to the identity certificate, and adds the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
If the identity certificate of the second node is not contained in the certificate list of the first node, it indicates that the first node does not store the identity certificate of the second node, a certificate identifier corresponding to the identity certificate is generated according to the identity certificate, and the identity certificate and the corresponding certificate identifier are added to the certificate list of the first node, so that the first node can directly obtain the identity certificate of the second node from the certificate list stored in the first node when node transaction is carried out next time.
If the first node determines that the identity certificate of the second node is contained in the certificate list of the first node, if possible, the certificate list of the second node does not include the identity certificate of the second node, and the situation is not consistent with the situation of the certificate list of the first node, then the certificate list of the second node may be lost or tampered, and the first node may send a prompt to the second node while completing the verification of the second node. On the other hand, when the second node sends the verification message to the first node, the second node also needs to store the verification message, so that the identity certificate of the second node is stored again, and the first node does not need to give any notice.
It can be seen that, in this embodiment of the application, when the first node receives the verification message of the second node, if the certificate field content is analyzed from the verification message as the identity certificate, the identity certificate is used to verify the second node, and meanwhile, it is determined whether the certificate list of the first node includes the identity certificate, and if not, the identity certificate and the corresponding certificate identifier are added to the certificate list of the first node, so that when a subsequent node performs a transaction, the certificate field content in the verification message can be replaced by the certificate identifier, and this process can effectively improve the verification efficiency of the second node.
The blockchain transaction process in one particular federation chain is described below. There are many excellent architectural implementations in a federation chain, one of which is hyper ledger Fabric (Fabric). Referring to fig. 5, fig. 5 is a schematic view of a Fabric transaction flow provided by an embodiment of the present invention, and as shown in fig. 5, a client Software Development Kit (SDK) initiates a transaction proposal, which is a request for invoking a smart contract function so as to read or write an account book. The transaction proposal is signed using a private key issued by the CA and the signature, certificate field contents are packaged into the transaction proposal. And sending the transaction proposal to a peer node, wherein the peer node can be divided into an endorsement node (Endorser) and an accounting node (Committer), the endorsement node receives the transaction proposal of the client, verifies the transaction proposal, executes an intelligent contract according to the transaction proposal, comprises reading a history state, generating a read-write set, finally generating an execution result, signing the execution result by adopting a private key of the peer node, and packaging the signature, the certificate field content and the execution result into a transaction response. The client receives the transaction response, verifies the transaction response, packages the transaction proposal and the transaction response into the transaction, wherein the transaction comprises a read set and a write set, and finally sends the transaction to the sequencing node. The sequencing node receives transactions from all channels in the network, checks client signatures, sequences the transactions according to time sequence and channels, and creates blocks according to a specified block-out strategy. And the sequencing node sends the block to a billing node in the same channel corresponding to the transaction, and the billing node verifies the client and the endorsement node corresponding to the transaction and checks the possible double-flower problem. After the verification is completed, each accounting node writes the block into the block chain of the accounting node, submits the write set of the valid transaction to the current state database, and completes the updating of the account book.
The process always runs through the verification process among the nodes, and comprises the steps that the second node sends a verification message, and the first node receives the verification message and verifies a signature in the verification message. When the second node is a client, the first node is a peer node (comprising an endorsement node and an accounting node) or a sequencing node, when the second node is the peer node, the first node is the client, and when the second node is the sequencing node, the first node is the peer node. Referring to fig. 6 specifically for verification process, fig. 6 is a schematic diagram of a block chain transaction verification delivery process provided in this embodiment of the present application, as shown in fig. 6, the method is executed on the premise that a root certificate, and a corresponding private key and an identity certificate thereof have been issued by a CA to a second node and a first node, and the method includes:
301. and determining whether the certificate list of the second node comprises the self-identity certificate, if so, executing step 302, and if not, executing step 303.
302. And acquiring a certificate identifier corresponding to the self identity certificate, and generating a first verification message comprising the certificate identifier.
303. And acquiring the self-identity certificate of the second node, and generating a second verification message comprising the self-identity certificate.
304. Sending the first authentication message or the second authentication message to the first node.
305. And receiving a second verification message sent by a second node, and analyzing the verification message to obtain certificate field content, wherein the certificate field content is the identity certificate.
306. And verifying the second node according to the identity certificate.
307. Determining whether the identity certificate is included in a certificate list of the first node.
308. If the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
309. And receiving a first verification message sent by a second node, and analyzing the verification message to obtain certificate field content, wherein the certificate field content is the certificate identifier.
310. And acquiring the identity certificate corresponding to the certificate identification from the certificate list of the first node.
311. And verifying the second node according to the identity certificate.
The detailed description of steps 301 to 311 may refer to the corresponding description of the display method described in steps 101 to 107 and steps 201 to 207, and is not repeated herein.
It can be seen that, in this embodiment of the application, when the first node receives the verification message of the second node, if the certificate field content is analyzed as the certificate identifier, the certificate identifier is matched with the certificate list of the first node to obtain the identity certificate corresponding to the certificate identifier, so that data processing amount of the first node when receiving the verification message can be reduced, and meanwhile, the identity certificate of the second node is obtained from the certificate list stored in the first node, so that convenience and security for obtaining the identity certificate can be improved. If the certificate field content is analyzed from the verification message as the identity certificate, the identity certificate is adopted to verify the second node, whether the certificate list of the first node comprises the identity certificate is determined, if not, the identity certificate and the corresponding certificate identification are added into the certificate list of the first node, so that the identity certificate in the verification message can be replaced by the certificate identification in the subsequent node transaction, and the verification efficiency of the second node can be effectively improved in the process.
Referring to fig. 7, fig. 7 is a block chain transaction verification apparatus according to an embodiment of the present invention. As shown in fig. 7, the blockchain transaction verification device 400 includes:
a receiving unit 401, configured to receive a first verification message sent by a second node, and analyze the first verification message to obtain a certificate field content, where the certificate field content includes a certificate identifier;
an obtaining unit 402, configured to obtain an identity certificate corresponding to the certificate identifier from a certificate list of the first node, where the certificate list includes a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers;
an authenticating unit 403, configured to authenticate the second node according to the identity certificate.
As can be seen, in the block chain transaction verification apparatus provided in this embodiment of the application, when receiving the verification message sent by the second node, if it is analyzed that the certificate field content includes the certificate identifier, the first node obtains the identity certificate corresponding to the certificate identifier from the certificate list, and then verifies the second node according to the identity certificate. In the process, the first node receives the certificate identification instead of the identity certificate, so that the receiving efficiency can be improved; the identity certificate corresponding to the certificate identification is obtained from the certificate list, so that the convenience of obtaining the identity certificate can be improved, and the reliability is guaranteed. The method improves the efficiency of receiving and acquiring the identity certificate for transaction verification on the whole.
In an optional example, the obtaining unit 402 is further configured to:
receiving a second verification message sent by a second node, analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate, and the second verification message is sent before the first verification message;
the verification unit 403 is further configured to:
verifying the second node according to the identity certificate;
determining whether the identity certificate is included in a certificate list of the first node;
if the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
In an optional example, the apparatus further comprises a storage unit 404 for:
storing a certificate list of the first node in a cache of the first node; and/or
Storing a certificate list for the first node in a local database of the first node.
Referring to fig. 8, fig. 8 is a block chain transaction delivery apparatus according to an embodiment of the present invention. As shown in fig. 8, the blockchain transaction delivery apparatus 500 includes:
a determining unit 501, configured to determine whether a certificate list of the second node includes a self-identity certificate;
a generating unit 502, configured to, if it is determined that the certificate list includes a self-identity certificate, obtain a certificate identifier corresponding to the self-identity certificate, and generate a first verification message including the certificate identifier;
a sending unit 503, configured to send the first authentication message to the first node.
In an optional example, after determining whether the certificate list of the second node includes the self-identity certificate, the generating unit 502 is further configured to:
if the certificate list of the second node does not comprise the self-identity certificate, acquiring the self-identity certificate of the second node from the outside of the certificate list, and generating a second verification message comprising the self-identity certificate;
sending the second authentication message to the first node.
As can be seen, in the blockchain transaction delivery apparatus provided in the embodiment of the present application, when it is determined that the certificate list of the second node includes the self-identity certificate, the certificate identifier corresponding to the self-identity certificate is obtained, the first verification message including the certificate identifier is generated, and finally the first verification message is sent to the first node. In the process, after the certificate list of the second node comprises the self identity certificate, the first verification message sent to the first node comprises the certificate identification corresponding to the self identity certificate instead of the certificate, so that the data processing amount during generation of the first verification message can be effectively reduced, and the generation and sending efficiency of the first verification message is improved. The method improves the efficiency of generating and sending the first verification message for transaction verification on the whole.
In an optional example, in terms of obtaining a certificate identifier corresponding to the self-identity certificate, the generating unit 502 is further specifically configured to:
and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
In an optional example, the generating unit 502 is further specifically configured to:
acquiring a self identity certificate and a private key corresponding to the second node;
acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using the private key to acquire a signature corresponding to the second node;
generating a first verification message for the second node based on the signature, the sent message, and certificate field contents, wherein the certificate field contents include the certificate identification; or
And generating a second verification message of the second node according to the signature, the sending message and the certificate field content, wherein the certificate field content comprises the self-identity certificate.
It should be noted that each unit of the blockchain transaction verification device and the blockchain transaction delivery device is used for executing the relevant steps of the method.
In the present embodiment, the apparatus 400 and the apparatus 500 are presented in the form of a unit. An "element" may refer to an application-specific integrated circuit (ASIC), a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that may provide the described functionality. Further, the above receiving unit 401, traversing unit 402, acquiring unit 403, and verifying unit 404, or determining unit 501, generating unit 502, and transmitting unit 503 may be implemented by processor 601 of apparatus 600 shown in fig. 9.
As shown in fig. 9, the apparatus 600 may be implemented in the structure of fig. 9, and the apparatus 600 includes at least one processor 601, at least one memory 602, and at least one communication interface 603. The processor 601, the memory 602 and the communication interface 603 are connected through the communication bus and perform communication with each other.
The processor 601 may be a general purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of programs according to the above schemes.
Communication interface 603 may be used to communicate with other devices or communication Networks, such as ethernet, Radio Access Network (RAN), Wireless Local Area Networks (WLAN), etc.
The Memory 602 may be a Read-Only Memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory may be self-contained and coupled to the processor via a bus. The memory may also be integral to the processor.
The memory 602 is used for storing application program codes for executing the above scheme, and the processor 601 controls the execution. The processor 601 is used to execute application program code stored in the memory 602.
The memory 602 stores code that may perform the blockchain transaction verification method and blockchain transaction delivery method provided above. Such as: the second node determines whether the certificate list of the second node comprises a self-identity certificate or not; if the certificate list comprises the self identity certificate, acquiring a certificate identifier corresponding to the self identity certificate, and generating a first verification message comprising the certificate identifier; sending the first authentication message to the first node. A first node receives a first verification message sent by a second node, and analyzes the first verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier; acquiring an identity certificate corresponding to the certificate identifier from a certificate list of the first node, wherein the certificate list comprises a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers; and verifying the second node according to the identity certificate.
An embodiment of the present invention further provides a computer storage medium, where the computer storage medium may store a program, and the program includes, when executed, some or all of the steps of any one of the blockchain transaction verification method and the blockchain transaction delivery method described in the above method embodiments.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above embodiments of the present invention are described in detail, and the principle and the implementation of the present invention are explained by applying specific embodiments, and the above description of the embodiments is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in view of the above, the content of the present specification should not be construed as a limitation to the present invention.

Claims (15)

1. A blockchain transaction verification method applied to a first node in a blockchain system, the method comprising:
receiving a first verification message sent by a second node, and analyzing the first verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier;
acquiring an identity certificate corresponding to the certificate identifier from a certificate list of the first node, wherein the certificate list comprises a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers;
and verifying the second node according to the identity certificate.
2. The method of claim 1, further comprising:
receiving a second verification message sent by a second node, and analyzing the second verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate;
verifying the second node according to the identity certificate;
determining whether the identity certificate is included in a certificate list of the first node;
if the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
3. The method according to claim 1 or 2, wherein before obtaining the identity certificate corresponding to the certificate identity from the certificate list of the first node, the method further comprises:
storing a certificate list of the first node in a cache of the first node; and/or
Storing a certificate list for the first node in a local database of the first node.
4. A blockchain transaction delivery method applied to a second node in a blockchain system, the method comprising:
determining whether a certificate list of the second node comprises a self-identity certificate, wherein the self-identity certificate is an identity certificate issued by a CA (certificate authority) for the second node;
if the certificate list of the second node comprises the self identity certificate, acquiring a certificate identifier corresponding to the self identity certificate, and generating a first verification message comprising the certificate identifier;
sending the first authentication message to the first node.
5. The method of claim 4, wherein after determining whether the self-identity certificate is included in the certificate list of the second node, the method further comprises:
if the certificate list of the second node does not comprise the self-identity certificate, acquiring the self-identity certificate of the second node from the outside of the certificate list, and generating a second verification message comprising the self-identity certificate;
sending the second authentication message to the first node.
6. The method according to claim 4 or 5, wherein the obtaining of the certificate identifier corresponding to the self-identity certificate comprises:
and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
7. The method according to any one of claims 4-6, further comprising:
acquiring a self identity certificate and a private key corresponding to the second node;
acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using the private key to acquire a signature corresponding to the second node;
generating a first verification message for the second node based on the signature, the sent message, and certificate field contents, wherein the certificate field contents include the certificate identification; or
And generating a second verification message of the second node according to the signature, the sending message and the certificate field content, wherein the certificate field content comprises the self-identity certificate.
8. A blockchain transaction verification apparatus, the apparatus comprising:
the receiving unit is used for receiving a first verification message sent by a second node and analyzing the first verification message to obtain certificate field content, wherein the certificate field content comprises a certificate identifier;
an obtaining unit, configured to obtain an identity certificate corresponding to the certificate identifier from a certificate list of the first node, where the certificate list includes a plurality of certificate identifiers and an identity certificate corresponding to each certificate identifier in the plurality of certificate identifiers;
and the verification unit is used for verifying the second node according to the identity certificate.
9. The apparatus of claim 8, wherein the obtaining unit is further configured to:
receiving a second verification message sent by a second node, analyzing the verification message to obtain certificate field content, wherein the certificate field content comprises an identity certificate, and the second verification message is sent before the first verification message;
the verification unit is further configured to:
verifying the second node according to the identity certificate;
determining whether the identity certificate is included in a certificate list of the first node;
if the identity certificate is determined not to be contained in the certificate list of the first node, generating a certificate identifier corresponding to the identity certificate according to the identity certificate, and adding the identity certificate and the certificate identifier corresponding to the identity certificate to the certificate list of the first node.
10. The apparatus according to claim 8 or 9, further comprising a storage unit for:
storing a certificate list of the first node in a cache of the first node; and/or
Storing a certificate list for the first node in a local database of the first node.
11. A blockchain transaction delivery apparatus, the apparatus comprising:
a determining unit, configured to determine whether a certificate of self identity is included in the certificate list of the second node;
the generating unit is used for acquiring a certificate identifier corresponding to the self identity certificate and generating a first verification message comprising the certificate identifier if the certificate list comprises the self identity certificate;
a sending unit, configured to send the first verification message to the first node.
12. The apparatus according to claim 11, wherein after determining whether the certificate list of the second node includes the self-identity certificate, the generating unit is further configured to:
if the certificate list of the second node does not comprise the self-identity certificate, acquiring the self-identity certificate of the second node from the outside of the certificate list, and generating a second verification message comprising the self-identity certificate;
sending the second authentication message to the first node.
13. The apparatus according to claim 11 or 12, wherein in terms of obtaining the certificate identifier corresponding to the self-identity certificate, the generating unit is further specifically configured to:
and carrying out Hash operation on the identity certificate to obtain a certificate identifier corresponding to the identity certificate.
14. The apparatus according to any one of claims 11-13, wherein the generating unit is further specifically configured to:
acquiring a self identity certificate and a private key corresponding to the second node;
acquiring a sending message of the second node, and encrypting the sending message or the abstract of the sending message by using the private key to acquire a signature corresponding to the second node;
generating a first verification message for the second node based on the signature, the sent message, and certificate field contents, wherein the certificate field contents include the certificate identification; or
And generating a second verification message of the second node according to the signature, the sending message and the certificate field content, wherein the certificate field content comprises the self-identity certificate.
15. An apparatus, comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to cause the apparatus to perform the method of any of claims 1-7.
CN201910588164.3A 2019-06-28 2019-06-28 Block chain transaction delivery verification method and device Pending CN112150158A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910588164.3A CN112150158A (en) 2019-06-28 2019-06-28 Block chain transaction delivery verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910588164.3A CN112150158A (en) 2019-06-28 2019-06-28 Block chain transaction delivery verification method and device

Publications (1)

Publication Number Publication Date
CN112150158A true CN112150158A (en) 2020-12-29

Family

ID=73891784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910588164.3A Pending CN112150158A (en) 2019-06-28 2019-06-28 Block chain transaction delivery verification method and device

Country Status (1)

Country Link
CN (1) CN112150158A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113421093A (en) * 2021-04-28 2021-09-21 中国电子科技网络信息安全有限公司 Simplified storage method for block chain system certificate
CN115277147A (en) * 2022-07-21 2022-11-01 深圳壹账通智能科技有限公司 File tracing verification method, electronic device and readable storage medium

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020147905A1 (en) * 2001-04-05 2002-10-10 Sun Microsystems, Inc. System and method for shortening certificate chains
EP1633100A1 (en) * 2004-09-01 2006-03-08 Research In Motion Limited Providing certificate matching in a system and method for searching and retrieving certificates
JP2011160361A (en) * 2010-02-03 2011-08-18 Mitsubishi Electric Corp Certificate verification system, route-restriction information generating device, certificate verification apparatus and certificate verification method
DE102013103531A1 (en) * 2013-04-09 2014-10-09 Bundesdruckerei Gmbh Data processing apparatus for authenticating execution of an electronic application
US20140331291A1 (en) * 2011-12-29 2014-11-06 The Third Institute Of The Ministry Of Public Security Method for generating and check-controlling network identity indentification code in network electronic identification card
US20150318997A1 (en) * 2013-01-08 2015-11-05 Mitsubishi Electric Corporation Authentication processing apparatus, authentication processing system, authentication processing method and authentication processing program
CN106487518A (en) * 2016-10-31 2017-03-08 金联汇通信息技术有限公司 A kind of real-name authentication system and method for express delivery industry
EP3160078A1 (en) * 2015-10-21 2017-04-26 Thomson Licensing Network, method and certificate for providing a secured communication between devices, and respective device
CN106603234A (en) * 2015-10-14 2017-04-26 阿里巴巴集团控股有限公司 Method, device and system for device identity authentication
CN107395343A (en) * 2017-07-10 2017-11-24 腾讯科技(深圳)有限公司 Certificate management method and system
WO2018050081A1 (en) * 2016-09-13 2018-03-22 中国移动通信有限公司研究院 Device identity authentication method and apparatus, electric device, and storage medium
CN108566395A (en) * 2018-04-20 2018-09-21 济南浪潮高新科技投资发展有限公司 A kind of document transmission method, apparatus and system based on block chain
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN108960832A (en) * 2018-08-09 2018-12-07 全链通有限公司 The method for secret protection and system of block chain real name communication

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020147905A1 (en) * 2001-04-05 2002-10-10 Sun Microsystems, Inc. System and method for shortening certificate chains
EP1633100A1 (en) * 2004-09-01 2006-03-08 Research In Motion Limited Providing certificate matching in a system and method for searching and retrieving certificates
JP2011160361A (en) * 2010-02-03 2011-08-18 Mitsubishi Electric Corp Certificate verification system, route-restriction information generating device, certificate verification apparatus and certificate verification method
US20140331291A1 (en) * 2011-12-29 2014-11-06 The Third Institute Of The Ministry Of Public Security Method for generating and check-controlling network identity indentification code in network electronic identification card
US20150318997A1 (en) * 2013-01-08 2015-11-05 Mitsubishi Electric Corporation Authentication processing apparatus, authentication processing system, authentication processing method and authentication processing program
DE102013103531A1 (en) * 2013-04-09 2014-10-09 Bundesdruckerei Gmbh Data processing apparatus for authenticating execution of an electronic application
CN106603234A (en) * 2015-10-14 2017-04-26 阿里巴巴集团控股有限公司 Method, device and system for device identity authentication
EP3160078A1 (en) * 2015-10-21 2017-04-26 Thomson Licensing Network, method and certificate for providing a secured communication between devices, and respective device
WO2018050081A1 (en) * 2016-09-13 2018-03-22 中国移动通信有限公司研究院 Device identity authentication method and apparatus, electric device, and storage medium
CN106487518A (en) * 2016-10-31 2017-03-08 金联汇通信息技术有限公司 A kind of real-name authentication system and method for express delivery industry
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN107395343A (en) * 2017-07-10 2017-11-24 腾讯科技(深圳)有限公司 Certificate management method and system
CN108566395A (en) * 2018-04-20 2018-09-21 济南浪潮高新科技投资发展有限公司 A kind of document transmission method, apparatus and system based on block chain
CN108960832A (en) * 2018-08-09 2018-12-07 全链通有限公司 The method for secret protection and system of block chain real name communication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113421093A (en) * 2021-04-28 2021-09-21 中国电子科技网络信息安全有限公司 Simplified storage method for block chain system certificate
CN115277147A (en) * 2022-07-21 2022-11-01 深圳壹账通智能科技有限公司 File tracing verification method, electronic device and readable storage medium

Similar Documents

Publication Publication Date Title
US11477032B2 (en) System and method for decentralized-identifier creation
CN109327528B (en) Node management method and device based on block chain
CN110692214B (en) Method and system for ownership verification using blockchain
CN111034114B (en) Blockchain architecture with record security
CN107438002B (en) Block chain based system and electronic device and method in system
CN110599069B (en) Application evaluation method and device based on block chain network
WO2021000419A1 (en) System and method for blockchain-based cross-entity authentication
CN112437938A (en) System and method for block chain address and owner verification
KR20210128453A (en) Computer-implemented systems and methods for implementing transfers via blockchain networks.
CN109614813B (en) Privacy transaction method and device based on block chain and application method and device thereof
US11558199B1 (en) Systems and methods for privacy preserving distributed ledger consensus
EP3869376B1 (en) System and method for blockchain based decentralized storage with dynamic data operations
CN112150158A (en) Block chain transaction delivery verification method and device
CN115705601A (en) Data processing method and device, computer equipment and storage medium
CN109818965B (en) Personal identity verification device and method
WO2021121030A1 (en) Resource transfer method, settlement terminal, and server node
JP2023524492A (en) A Decentralized Payments Network That Protects Your Privacy
CN112950180A (en) Community certificate method and system based on alliance chain, electronic device and storage medium
CN117061089B (en) Voting management method, device, equipment and storage medium
CN111652598B (en) Block chain-based underwriting protocol signing method and device
CN110189184B (en) Electronic invoice storage method and device
Isern-Deyà et al. Micropayment proposal with formal verification using coloured petri nets and performance analysis on the android platform
CN115632794A (en) Distributed digital identity verification system, method and related device
CN113781025A (en) Method, server and system for preventing repeated transfer under double offline payment
CN116975901A (en) Identity verification method, device, equipment, medium and product based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination