CN112966309A

CN112966309A - Service implementation method and device based on block chain

Info

Publication number: CN112966309A
Application number: CN202110152337.4A
Authority: CN
Inventors: 贾博岩; 李艳鹏; 陆旭明
Original assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Priority date: 2021-02-03
Filing date: 2021-02-03
Publication date: 2021-06-15

Abstract

The specification discloses a service implementation method and device based on a block chain. The method comprises the following steps: a cooperative party receives a service processing request sent by a trustee, the service processing request carries encrypted service data sent by an entrusting party to the trustee, first digital identity information of the entrusting party and second digital identity information of the trustee, and the first digital identity information and the second digital identity information are generated by a distributed identity service platform; the cooperative party verifies whether the encrypted service data is tampered; inquiring whether a verifiable statement for representing the business entrustment relation between the entrustor and the trustee is stored in the block chain based on the first digital identity information and the second digital identity information, and verifying the validity of the verifiable statement under the condition that the verifiable statement is stored; and under the condition that the encrypted business data is not tampered and the validity verification of the verifiable statement passes, the cooperative party processes the encrypted business data.

Description

Service implementation method and device based on block chain

Technical Field

The present disclosure relates to the field of block chain technologies, and in particular, to a method and an apparatus for implementing a service based on a block chain.

Background

With the continuous development of the internet, a scenario that a plurality of enterprises jointly realize services by establishing a cooperative relationship is more and more common. How to improve the security and reliability of the cooperative service becomes the key point of attention in the industry.

Disclosure of Invention

In view of this, the present specification provides a method and an apparatus for implementing a service based on a block chain.

Specifically, the description is realized by the following technical scheme:

a service implementation method based on block chain realizes the service based on a trustee, a trustee and a cooperative party, wherein the trustee and the trustee have a service trust relationship, and the method comprises the following steps:

a cooperative party receives a service processing request sent by a trustee, wherein the service processing request carries encrypted service data sent by an entrusting party to the trustee, first digital identity information of the entrusting party and second digital identity information of the trustee, and the first digital identity information and the second digital identity information are generated by a distributed identity service platform;

the cooperative party verifies whether the encrypted business data is tampered;

inquiring whether a verifiable statement for representing the business entrustment relation between the entrustor and the trustee is stored in the blockchain or not based on the first digital identity information and the second digital identity information, and verifying the validity of the verifiable statement under the condition that the verifiable statement is stored;

and under the condition that the encrypted business data is not tampered and the validity of the verifiable statement passes, the cooperative party processes the encrypted business data.

A block chain-based service implementation device, which implements the service based on a delegator, a trustee and a cooperator, wherein the delegator and the trustee have a service consignment relationship, includes:

the service processing request receiving unit is used for receiving a service processing request sent by a trustee by a cooperative party, wherein the service processing request carries encrypted service data sent to the trustee by an entrusting party, first digital identity information of the entrusting party and second digital identity information of the trustee, and the first digital identity information and the second digital identity information are generated by a distributed identity service platform;

the encryption service data verification unit is used for verifying whether the encryption service data is tampered by a cooperative party;

the verifiable statement verification unit is used for inquiring whether a verifiable statement for representing the business entrustment relation between the entrustor and the trustee is stored in the blockchain or not based on the first digital identity information and the second digital identity information, and verifying the validity of the verifiable statement under the condition that the verifiable statement is stored;

and the encrypted service data processing unit is used for processing the encrypted service data by the cooperative party under the conditions that the encrypted service data is not tampered and the validity of the verifiable statement passes verification.

a processor;

a memory for storing machine executable instructions;

wherein, by reading and executing machine-executable instructions stored by the memory that correspond to blockchain-based business implementation logic, the processor is caused to:

the cooperative party verifies whether the encrypted business data is tampered;

One embodiment of the present specification realizes that, after receiving a service processing request sent by a trustee, a cooperator may verify encrypted service data sent by an entrusting party to the trustee in the service processing request to verify whether the encrypted service data is tampered, and may also find whether a corresponding verifiable statement exists on a block chain based on first digital identity information of the entrusting party and second digital identity information of the trustee carried in the service processing request, and verify the verifiable statement, and under the condition that the verifiable statement passes verification and the encrypted service data is not tampered, the cooperator processes the encrypted service data.

By adopting the method, on one hand, the business data sent to the trustee by the trustee is encrypted, so that the trustee can be prevented from tampering the business data to earn private interest, and the safety and the reliability of business processing are improved. On the other hand, the collaborator can also verify the service entrusting relationship between the entrusting party and the trustee through the verifiable statement so as to verify whether the relationship between the entrusting party and the trustee really exists, and only carries out service processing under the condition that the verification is passed, so that the safety and the reliability of the service processing can be improved.

Drawings

Fig. 1 is a flowchart illustrating a service implementation method based on a blockchain according to an exemplary embodiment of the present disclosure;

fig. 2 is a schematic view of a scenario of a service implementation method based on a block chain according to an exemplary embodiment of the present specification;

FIG. 3 is a multi-party interaction diagram illustrating a blockchain-based service implementation method according to an exemplary embodiment of the present disclosure;

fig. 4 is a hardware structure diagram of a server where a service implementation apparatus based on a block chain is located according to an exemplary embodiment of the present specification;

fig. 5 is a block diagram illustrating a service implementation apparatus based on a block chain according to an exemplary embodiment of the present disclosure.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.

The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

With the continuous development of the internet, a scenario that a plurality of enterprises jointly realize services by establishing a cooperative relationship is more and more common. For example, a delegation relationship can be established between enterprises, and a delegating party can delegate business data thereof to a trusted party for processing. Meanwhile, the entrusting party may want to cooperate with a third party (a collaborating party) to obtain the business support of the third party during the business implementation process, so that the business implementation process actually needs the participation of the entrusting party, the entrusted party and the collaborating party.

For the collaborators, when they receive the business data related to the cooperation of multiple parties, it is necessary to verify the validity of the business data to improve the safety and reliability of the business. For example, the collaborator can verify whether the business data is indeed entrusted to the trustee for processing by the entrusting party, so as to avoid the trustee seeking privacy benefit by using the uncommitted data. For another example, the collaborator may also verify whether the service data is tampered, so as to improve security.

The present specification provides a block chain-based service implementation method, in which a collaborator may provide service support for an entrusting party and a trustee, so that the trustee may send service data entrusted by the entrusting party to the collaborator for subsequent service processing, the collaborator may verify the service entrusted relationship between the entrusting party and the trustee and verify whether the data is tampered with, and only after the verification is passed, the subsequent service processing may be performed on the service data related to multi-party legality, thereby improving the security and reliability of the service.

Referring to fig. 1, fig. 1 is a flowchart illustrating a service implementation method based on a block chain according to an exemplary embodiment of the present disclosure. The method shown in fig. 1 may be applied in an electronic device with a memory and a processor, such as a server or a server cluster, deployed by a collaborator, and the method may include the following steps:

102, a cooperative party receives a service processing request sent by a trustee, wherein the service processing request carries encrypted service data sent by an entrusting party to the trustee, first digital identity information of the entrusting party and second digital identity information of the trustee, and the first digital identity information and the second digital identity information are generated by a distributed identity service platform;

104, the cooperative party verifies whether the encrypted service data is tampered;

step 106, inquiring whether a verifiable statement for representing the business entrustment relation between the entrustor and the trustee is stored in the blockchain based on the first digital identity information and the second digital identity information, and verifying the validity of the verifiable statement under the condition that the verifiable statement is stored;

and step 108, under the condition that the encrypted service data is not tampered and the validity of the verifiable statement passes, the cooperative party processes the encrypted service data.

The above steps are explained in detail below.

First, the trustee, and the collaborator in the present embodiment will be described.

In this embodiment, both the entrusting party and the entrusting party may be enterprises, organizations, and the like. For example, the trusting party may not have a perfect online Service processing capability, and the trusting party has a perfect online Service processing capability, so the trusting party may establish a Service delegation relationship with the trusting party, and then the trusting party sends its own Service data to the trusting party for processing, so as to implement, for example, background data maintenance, providing online Service, and the like, for example, the trusting party may be a saas (Software-as-a-Service) server. And, during the business processing, the entrusting party may also desire to cooperate with the collaborating party to obtain the business support of the collaborating party. The trustee can send the related business data of the trustee to the collaborator for business support related processing under the instruction of the trustee.

In this embodiment, since the entrusting party is not directly connected to the collaborating party, after the entrusting party determines the service data that needs to be supported by the collaborating party, the entrusting party may encrypt the service data and send the encrypted service data to the trustee, so that the trustee sends the encrypted service data to the collaborating party.

Of course, the entrusting party may cooperate with multiple collaborators through the entrusting party, and then the entrusting party may also specify the target collaborator when sending the encrypted service data, for example, an identifier of the target collaborator may be sent, and then the entrusting party may determine to which collaborator the encrypted service data needs to be sent according to the identifier.

In this embodiment, after receiving the encrypted service data, the trustee may send a service processing request to the collaborator, and the service processing request carries the encrypted service data, the first digital identity information of the trustee, and the second digital identity information of the trustee (the trustee).

The first digital identity information of the entrusting party may be sent to the entrusted party together with the encrypted service data when the entrusting party sends the encrypted service data, or may be sent in advance, which is not particularly limited. The digital identity information is used for proving the identity of the trustee and the trustee, and will be described in detail in the following embodiments.

In this embodiment, after receiving the service processing request, the cooperative party may verify encrypted service data carried in the service processing request to verify whether the encrypted service data is tampered. For example, the encrypted service data may carry a digital signature of the entrusting party, and the digital signature may be verified, and if the verification is passed, it indicates that the encrypted service data is not tampered by the entrusting party or other parties.

The collaborator can also verify the business entrusting relationship between the entrusting party and the entrusted party specified in the business processing request. For example, the collaborator may query whether a verifiable statement corresponding to the first digital identity information and the second digital identity information carried in the service processing request is stored in the blockchain, if so, verify the validity of the verifiable statement, and if the validity of the verifiable statement passes, the service delegation relationship between the delegating party and the entrusted party is true and reliable.

The present implementation does not make any special restrictions on the sequence of execution of verifying whether the encrypted service data is tampered and verifying the service delegation relationship.

In this embodiment, after the encrypted service data is not tampered and the service delegation relationship passes verification, the cooperative party performs service processing on the encrypted service data, where the service processing may be determined according to an actual service scenario, and no special limitation is imposed on the service processing.

As can be seen from the above description, in an embodiment of the present specification, after receiving a service processing request sent by a trustee, a cooperator may verify encrypted service data sent by a trustee to the trustee in the service processing request to verify whether the encrypted service data is tampered, and may also find whether a corresponding verifiable statement exists on a block chain based on first digital identity information of the trustee and second digital identity information of the trustee, which are carried in the service processing request, and verify the verifiable statement, and process the encrypted service data by the cooperator when the verifiable statement passes verification and the encrypted service data is not tampered.

Another service implementation method based on a block chain provided in this specification is described below.

The process by which a collaborator validates a business delegation relationship between a trustee and a trustee based on a verifiable assertion is first described.

In this embodiment, the trustee and the trustee may first apply for digital Identity information (DID).

The process of applying for digital identity information is described below by taking the trusted party as an example. The principal may apply for digital identity information based on a distributed identity service. The distributed identity service can be developed by any one of the entrusting party, the entrusted party and the cooperative party, and then the digital identity information can be applied by the distributed identity service provided by any one of the three parties. Or a distributed identity service platform independent of any one of the trusting party, the trustee and the collaborating party can exist, and the digital identity information can be applied through the distributed identity service platform.

In one example, there is a distributed identity service platform independent of the principal, the trustee, and the collaborator, the principal may send a request for generating digital identity information directly to the distributed identity service platform, and the request carries its authentication information, such as enterprise information, which may be enterprise four-element information (enterprise business license name, unified social credit code, legal representative name and legal representative identity number), or other information such as enterprise name, enterprise address, etc. The distributed identity service platform may generate first digital identity information based on the authentication information and send the first digital identity information to the principal.

In another example, where a collaborator or trusted party has developed a distributed identity service, then the trusted party may also generate digital identity information based on the collaborator or trusted party. The following description will take the collaborator as an example. Referring to fig. 2, a client, such as a website, an application program, etc., may be developed by the collaborator, the entrusting party may input the enterprise information in the related page displayed by the client, and the collaborator may verify the enterprise information after receiving the enterprise information. For example, the enterprise information may be verified based on data stored in a local database, or the enterprise information may be verified by acquiring data of a third party through a third party interface.

When the collaborator determines that the enterprise information is verified, the collaborator can send a digital identity information generation request to the distributed identity service system, and the request can also carry the enterprise information. The distributed identity service system can generate first digital identity information based on the enterprise information and send the generated first digital identity information to the collaborator, the collaborator can store and send the first digital identity information to the principal, and the first digital identity information can be used for proving the identity of the principal in subsequent business processing.

Similarly, the trusted party may also apply for the second digital identity information based on the method described above.

In this embodiment, after the trusting party and the trustee apply for obtaining the digital identity information, a verifiable statement representing the business trusting relationship can be generated.

In one example, the distributed identity service platform is independent of the principal, the trustee and the collaborator, the principal can send a generation request of the verifiable assertion to the distributed identity service platform, and the generation request carries the first digital identity information of the principal, the second digital identity information of the trustee and the business delegation relationship between the principal and the trustee, and the distributed identity service platform can generate the verifiable assertion after receiving the generation request, and the verifiable assertion can be used for proving that the business delegation relationship exists between the principal and the trustee. And may also send the generated verifiable statement to the delegator for the delegator to prove that it does have a business commitment relationship with the delegator.

In another example, where the distributed service is developed by a collaborator or a trusted party, the trusted party may also generate verifiable claims through the collaborator or the trusted party. For example, the trustee and the collaborator can develop a client page, the trustee can apply for establishing a business entrusting relationship on the page, and then the trustee or the collaborator generates a verifiable statement based on the business entrusting relationship.

The following description will be given by taking an example shown in fig. 2 as an example. If the trusting party wants the cooperative party to provide business support, a trustee query request can be initiated on a client-side related page developed by the cooperative party so as to search the trustee with authorization authority. After receiving the request, the cooperative party can search the trustee with the authorization authority from the database of the cooperative party, and then display the searched trustee list to the trustee on the client page. The delegator may specify from the list of trustees one or more trustees that he wants to establish a business commitment relationship.

For example, if the client a wants to request its own business data to the trustee B and the trustee C for processing. If the trustee B has applied for the digital identity information and the trustee C has not applied for the digital identity information, the collaborator can find the trustee with the authorization right as the trustee B after receiving the query request initiated by the trustee A.

In this embodiment, the collaborator may use all the queried trustees as those having the authorization right, may use the trustee with higher credit degree as that having the authorization right, or may use the trustee matching the business requirement of the trustee as that having the authorization right, which is not limited specifically.

The collaborator can obtain the first digital identity information of the entrusting party and the second digital identity information of the entrusted party according to the entrusted party appointed by the entrusting party, and then sends a generation request of the verifiable statement to the distributed identity service system so as to generate the verifiable statement based on the distributed identity service system.

For example, the generation request may carry a digital identity information of the entrusting party, a second digital identity information of the entrusting party, and a business entrusting relationship between the business party and the target entrusting party. After receiving the generation request, the distributed identity service system may generate a verifiable claim in response to the generation request, where the verifiable claim may include the first digital identity information and the second digital identity information, and a delegation relationship that the entity corresponding to the first digital identity information is a trustee and the entity corresponding to the second digital identity information is a trustee. The distributed identity service system may then send the generated verifiable claims to the collaborators. Moreover, the distributed identity service system may also generate a generation record of the verifiable claim, which may include an identification of the verifiable claim, a generation time of the verifiable claim, and so on. The distributed identity service system may save the generated record onto the blockchain as a proof of deposit.

For another example, the generation request may carry, in addition to the first digital identity information, the second digital identity information, and the service delegation relationship between the service party and the target delegation party, a validity period of a verifiable statement, where the validity period may be specified by the delegation party, and may be, for example, 1 month, 1 year, or may be a default duration. The distributed identity service system may also store the validity period when generating the verifiable claims, such as in a generation record of the verifiable claims, and subsequently verify the verifiable claims based on the validity period.

For another example, the generation request may also carry a delegation service data type specified by the delegating party, for example, the delegating party may specify the delegation service data type as an order type, then the distributed identity service system may also add the delegation service data type in the generated verifiable statement, and after a subsequent collaborating party receives the service data sent by the entrusting party, it may be determined whether the type of the received service data is consistent with the delegation service data type, so as to verify the received service data.

It should be noted that the above method can be used to generate a verifiable statement when the delegator specifies only one trusted party that needs to establish a business delegator relationship. When the trustee designates a plurality of trustees, the verifiable claims may be established according to the above method for each trustee, or the verifiable claims may be generated together based on the plurality of trustees, that is, digital identity information of the plurality of trustees may be included in one verifiable claim, which is not limited in this specification.

In this embodiment, after the distributed identity service system generates the verifiable claims, the generated verifiable claims may be returned to the collaborator. The collaborator may store the mapping relationship between the verifiable assertion and the digital identity information corresponding thereto, for example, may store the mapping relationship to a blockchain, so that the collaborator may determine the validity of the business data according to the stored verifiable assertion after receiving the business data. Table 1 below illustrates an exemplary preserved mapping relationship:

verifiable assertion identification	Principal digital identity information	Trusted party digital identity information
			aa	DID1	DID2
bb	DID3	DID4
			cc	DID1	DID5、DID6

TABLE 1

And the cooperative party can also send the generated identification of the verifiable statement to the entrusting party, and the entrusting party can find the unique corresponding verifiable statement in the distributed identity service system based on the identification, so that the entrusting party is proved to generate the business entrusting relationship between the entrusting party and the appointed entrusted party, and the business entrusting relationship is safe and reliable and cannot be easily tampered.

To this end, the process of the service delegation relationship between the collaborator certificate-storing delegating party and the trustee is completed, and a method for performing service processing based on the service delegation relationship is described below.

First, a service scenario of the present embodiment is described, but of course, the service scenario is only an exemplary description and is not intended to limit the present specification. In this embodiment, the entrusting party may be a logistics enterprise, and the logistics enterprise does not have a perfect online data processing capability, so that the logistics data of the entrusting party can be sent to the online freight platform, that is, the entrusting party performs processing. Meanwhile, the logistics enterprise also desires to perform business cooperation with the financial enterprise to perform financing and the like. The logistics enterprise and the online freight platform can apply for digital identity information through the distributed identity service platform and generate a verifiable statement representing the business entrusting relationship. The logistics enterprise can realize financing by the following method:

referring to fig. 3, fig. 3 is a multi-party interaction diagram illustrating a service implementation method based on a block chain according to an exemplary embodiment of the present disclosure. For convenience of explanation, the trusting party, and the collaborating party are still used for explanation in this embodiment. The block chain-based service implementation method may include the following steps:

step 302, the entrusting party sends the encrypted service data to the entrusted party.

In this embodiment, the entrusting party may send the encrypted service data to the entrusting party. The encrypted service data may be determined specifically according to an actual service scenario.

For example, for a business scenario of applying for financing by a logistics enterprise, enterprise information, credit investigation information, and the like may need to be provided during financing, so that the logistics enterprise needs to send the information to a financial enterprise, but since the logistics enterprise does not directly interface with the financial enterprise, but delegates its own business data to an online freight platform for processing, the logistics enterprise may encrypt the data and send the encrypted data to the online freight platform, and the encrypted data is sent to the financial enterprise by the online freight platform. The specific encryption method for encrypting the service data will be described in detail in the following step 206.

Step 304, the trusted party sends a service processing request to the collaborator.

In this embodiment, the trustee may send a service processing request to the collaborator, where the service processing request may carry, in addition to the encrypted service data sent by the principal, the first digital identity information of the principal, and the second digital identity information of the trustee, a second signature of the trustee, so that the collaborator verifies, based on the second signature, whether the data in the service processing request is tampered, which will be specifically described in detail in subsequent step 308. The first digital identity information and the second digital identity information are generated by a distributed identity service platform, which may refer to the foregoing embodiments.

In step 306, the cooperative party verifies whether the encrypted service data is tampered.

The following describes methods for verifying whether encrypted service data is tampered with in several different encryption manners:

in one example, the encrypted service data may be obtained by encrypting the original service data by a private key held by the trustee. Then, after receiving the encrypted service data, the cooperative party can determine whether the encrypted service data can be decrypted by the public key of the trusting party, and if so, it indicates that the encrypted service data is not tampered.

In another example, the encrypted service data may include the original service data and a private key signature obtained by encrypting the specified data by the trusting party by using a private key of the trusting party.

The designated data can be any data, the collaborator can judge whether the private key signature can be decrypted and verified by using the public key of the trustee, and if yes, the encrypted service data is not tampered.

The designated data may also be the original service data, that is, the encrypted service data includes the original service data and a private key signature obtained by encrypting a private key of the original service data, then the cooperator may first determine whether the private key signature can be decrypted and verified by using a public key of the principal, if so, further determine whether the decrypted service data obtained by decryption is consistent with the original service data, and if so, it indicates that the encrypted service data is not tampered.

The collaborator may have a CA (Certificate Authority, electronic authentication service) right, and the delegator may apply for the public key and the private key through the collaborator. Of course, the entrusting party may not use the above method to obtain the public key and the private key, and no particular limitation is imposed on this.

Besides the above example, the encrypted service data may be obtained by encrypting the original service data by using a symmetric encryption technique, and the trusted party may inform the collaborating party of the decrypted key in advance, so that the collaborating party may decrypt the encrypted service data based on the key, and the other parties may not decrypt the encrypted service data because they do not possess the key.

In addition, the service data can also be encrypted by combining the above methods, for example, the entrusting party can firstly encrypt the original service data by using a symmetric encryption key, and then generate a signature by using a private key, so that the encrypted service data is obtained, and the security can be further improved.

In step 308, the collaborator verifies whether the data in the business processing request is tampered.

The following describes a method for verifying whether data carried in a service processing request is tampered in several different encryption manners:

in one example, the data (first digital identity information, second digital identity information, encrypted service data) carried in the service processing request may be encrypted by the trusted party with a private key held by the trusted party. Then, after receiving the encrypted service data, the cooperative party can determine whether the encrypted service data can be decrypted by using the public key of the trustee, and if so, it indicates that the data carried in the service processing request is not tampered.

In another example, the trusted party may carry a private key signature in the transaction request, which may also be obtained by the trusted party encrypting the specified data with a private key.

The specified data may be any data. And the cooperative party can judge whether the private key signature can be decrypted and authenticated by adopting the public key of the trustee in the service processing request, and if so, the cooperative party determines that the data in the service processing request is not tampered.

The specifying data may also be encrypted service data, the first digital identity information and the second digital identity information in the service processing request. Similarly, the cooperative party may first determine whether the private key signature can be decrypted and verified by using the public key of the trustee, and if so, further determine whether the encrypted service data, the first digital identity information, and the second digital identity information obtained by decryption are consistent with the encrypted service data, the first digital identity information, and the second digital identity information carried in the service processing request, and if so, indicate that the encrypted service data is not tampered.

Similarly, the trustee can obtain the public key and the private key of the trustee according to the cooperative party, and can also generate the public key and the private key by other methods.

Besides the above method of adding the private key signature of the trustee to the service processing request, the trustee may also encrypt the data in the service processing request by adopting a symmetric encryption manner, or may also combine multiple encryption manners, which is not limited in particular.

It should be noted that, the present embodiment does not specifically limit the execution order of step 306 and step 308.

By adopting the method, on one hand, the entrusting party can encrypt the service data, and the trustee can not decrypt the service data, so that the service data can be ensured not to be falsified by the trustee, and the trustee can be prevented from seeking private profit by using false data. On the other hand, the trustee can also encrypt the data in the service processing request, and the data can be prevented from being maliciously tampered by other parties in the transmission process. By adopting the multi-level encryption method, the data security and reliability can be greatly improved.

At step 310, a query is made as to whether a verifiable claim exists.

In this embodiment, after generating the verifiable statement that represents the business delegation relationship between the delegating party and the trustee, the collaborator may further establish a mapping relationship between the first digital identity information of the delegating party, the second digital identity information of the trustee, and the verifiable statement identifier, and store the mapping relationship in the block chain.

After receiving the service processing request sent by the trustee, the collaborator can obtain the first digital identity information of the trustee and the second digital identity information of the trustee from the service processing request, and then inquire whether the block chain stores the corresponding verifiable declaration identification or not according to the first digital identity information and the second digital identity information. If yes, go to step 312, otherwise, go to the next step.

The above process may be implemented, for example, by a smart contract. The cooperative party can send a transaction carrying the first digital identity information and the second digital identity information to the block node device, the block node device can call an intelligent contract to search and verify a verifiable statement based on the transaction, and a contract code of the intelligent contract can realize: according to the first digital identity information of the entrusting party and the second digital identity information of the entrusting party carried in the service processing request, whether the verifiable statement corresponding to the first digital identity information and the second digital identity information exists or not is searched from the mapping relation between the identification of the verifiable statement and the digital identity information stored in the block chain, and in the searched mapping relation, the entity corresponding to the first digital identity information should be the entrusting party, and the entity corresponding to the second digital identity information should be the entrusting party.

Still taking the example in table 1 above as an example, for example, if the service processing request sent by the trustee includes the first digital identity information of the entrusting party being DID1 and the second digital identity information of the trustee being DID2, the digital identity information matches the first line in table 1 above, and the role of DID1 is the trustee, the role of DID2 is the trustee, and the delegation relationship between the entrusting party and the trustee is also matched with table 1 above. In which case it can be determined that the found authenticatable assertion is identified as aa.

For another example, if the service processing request sent by the trustee includes the first digital identity information of the entrusting party being DID2 and the second digital identity information of the trustee being DID1, although the digital identity information matches the first line in table 1 above, the entrusting relationship between the entrusting party and the trustee is not matched, which indicates that the corresponding verifiable declaration is not found.

For another example, if the first digital identity information of the entrusting party is DID3 and the second digital identity information of the entrusting party is DID2 in the service processing request sent by the entrusting party, the mapping relationship in table 1 above is not matched, and in this case, it is also said that the corresponding verifiable statement is not found.

In this embodiment, if the corresponding verifiable statement is not found, the cooperative party may send a notification to the trustee to inform that the service processing request is unreasonable, and may prompt the trustee to re-initiate the service processing request.

By adopting the method, the cooperative party can firstly prejudge the business processing relation between the entrusting party and the entrusted party, and when the fact that the corresponding verifiable statement does not exist between the entrusting party and the entrusted party is determined, the cooperative party can not execute the step of requesting the verification of the verifiable statement to the distributed identity service platform in the step 312 any more, so that the interaction between the platforms can be reduced, and the efficiency is improved.

Step 312, the collaborator sends a verifiable claim verification request to the distributed identity services platform.

At step 314, the distributed identity service platform verifies the verifiable claims.

Step 316, the distributed identity service platform sends the verifiable claim verification result to the collaborator.

In this embodiment, if the collaborator finds the corresponding verifiable assertion, a verification request of the verifiable assertion may be sent to the distributed identity service platform, and the verification request may carry the identifier of the found verifiable assertion.

After receiving the verification request, the distributed identity service platform can search whether the verifiable statement corresponding to the identifier exists according to the identifier carried in the request, and if the verifiable statement can be searched, the validity of the searched verifiable statement can be verified.

For example, the validity period of the verifiable assertion can be verified. The distributed identity service platform can obtain the validity period of the verifiable statement, wherein the validity period is saved when the verifiable statement is generated, can be the default time length of the system, and can also be specified by a consignor. Then, whether the current time is in the validity period of the verifiable statement or not can be judged, and if the current time is in the validity period, the validity of the verifiable statement is verified to be passed; otherwise, the verification fails. The distributed identity service platform can send the validity verification result of the verifiable statement to the collaborators.

For another example, the verifiable assertion may further include a type of the service data specified by the principal when the verifiable assertion is generated, for example, the type may be an order type, and then the collaborator may further send the decrypted service data together with an identifier of the verifiable assertion to the distributed identity service platform, where the distributed identity service platform may further determine whether the similarity of the service data is consistent with the type specified in the verifiable assertion, and if so, it indicates that the verification is passed; if not, the verification is not passed.

Of course, in addition to the above examples, the verifiable statement may further include other information, which may be determined according to an actual service scenario.

Step 318, processing the encrypted service data.

In this embodiment, if the collaborator receives that the verifiable statement fails to pass the validity verification, a notification of the failure of the service processing may be sent to the trusted party. If the validity verification is passed after the verification declaration received by the cooperative party is received, the business data can be processed.

The method for processing the service data is related to a service scenario, and this specification does not limit this method. For example, for the business scenario of applying for financing by the logistics enterprise, the entering enterprise may perform financing-related business processing on the encrypted business data.

By adopting the method, on one hand, the cooperative party can prove the service entrusting relationship for the entrusting party and the trustee by utilizing the verifiable statement, and the verifiable statement is not easy to be falsified and has verifiability, so that the condition of the false service entrusting relationship which is forged maliciously can be avoided. On the other hand, the cooperative party can verify whether the encrypted service data sent by the entrusting party is tampered or not and can also verify whether the data in the service processing request is tampered or not based on a multi-level encryption mode, and the safety of service processing can be further ensured.

Corresponding to the foregoing embodiment of the service implementation method based on a block chain, this specification further provides an embodiment of a service implementation apparatus based on a block chain.

The embodiment of the service implementation device based on the block chain in the present specification can be applied to a server. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the server where the device is located. From a hardware aspect, as shown in fig. 4, the hardware structure diagram of the server where the service implementation apparatus based on the block chain in this specification is located is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the server where the apparatus is located in the embodiment may also include other hardware according to the actual function of the server, which is not described again.

Referring to fig. 5, the service implementation apparatus based on the block chain may be applied in the server shown in fig. 4, and includes: a service processing request receiving unit 510, an encrypted service data verifying unit 520, a verifiable statement verifying unit 530, an encrypted service data processing unit 540, a verifiable statement generating unit 550, a verifiable statement storing unit 560, a trusteeship query request receiving unit 570, and a trusteeship query unit 580.

The service processing request receiving unit 510 receives a service processing request sent by a trustee, where the service processing request carries encrypted service data sent by an entrusting party to the trustee, first digital identity information of the entrusting party, and second digital identity information of the trustee, and the first digital identity information and the second digital identity information are generated by a distributed identity service platform;

an encrypted service data verification unit 520, which verifies whether the encrypted service data is tampered by the cooperator;

a verifiable statement verifying unit 530, configured to query, based on the first digital identity information and the second digital identity information, whether a verifiable statement that represents a business delegation relationship between the delegating party and the delegate is stored in the blockchain, and verify validity of the verifiable statement under a condition that the verifiable statement is stored;

and an encrypted service data processing unit 540, configured to, in a case that the encrypted service data is not tampered and the validity of the verifiable statement is verified, process the encrypted service data by the collaborator.

Optionally, the encrypted service data includes a first private key signature generated by the principal on the first specified data by using a local private key, and the encrypted service data verifying unit 520:

verifying the first private key signature;

and determining that the encrypted service data is not tampered under the condition that the first private key signature passes verification.

Optionally, the service processing request further includes a second private key signature generated by the trustee using the local private key to generate second specified data, and the encrypted service data verifying unit 520 further:

the collaborator verifies the second private key signature;

determining that the data carried in the service processing request is not tampered under the condition that the second private key signature passes verification;

the encrypted service data processing unit:

and under the conditions that the data carried in the service processing request is not tampered, the encrypted service data is not tampered, and the validity verification of the verifiable statement passes, the cooperative party processes the service data.

Optionally, the method further includes:

verifiable assertion generating unit 550:

receiving a service entrusting request sent by an entrusting party, wherein the service entrusting request carries a trustee appointed by the entrusting party;

determining first digital identity information of the entrusting party and second digital identity information of the entrusted party based on the business entrusting request;

sending a verifiable statement generation request to a distributed identity service platform, wherein the generation request carries the first digital identity information, the second digital identity information and the business entrusting relationship between the entrusting party and the entrusted party;

and receiving the verifiable declaration generated by the distributed identity service platform.

Optionally, the method further includes:

an authenticatable assertion saving unit 560 saves the authenticatable assertion onto the blockchain.

Optionally, the method further includes:

a trustee query request receiving unit 570 that receives a trustee query request sent by the trustee;

a trustee inquiry unit 580 for inquiring a trustee having an authorization right and returning an inquired trustee list to the trustee;

the trustee specified in the service delegation request is selected by the delegating party in the list of trustees.

Optionally, the verifiable assertion generating request further carries a validity period of a service delegation, and the distributed identity service platform further stores a mapping relationship between the verifiable assertion and the validity period after generating the verifiable assertion;

the verifiable assertion verifying unit 530:

sending a verification request of the verifiable declaration to a distributed identity service platform, so that the distributed identity service platform verifies whether the verifiable declaration is in the validity period, and determines that the validity verification of the verifiable declaration passes under the condition of the validity period;

and receiving a validity verification result of the verifiable statement sent by the distributed identity service platform.

Optionally, the generating process of the first digital identity information of the entrusting party and the second digital identity information of the entrusting party includes:

receiving enterprise information sent by the entrusting party;

sending a digital identity information generation request to a distributed identity service platform under the condition that the enterprise information passes verification;

receiving the first digital identity information sent by the distributed identity service platform;

sending the first digital identity information to the entrusting party;

receiving enterprise information sent by a trustee;

receiving the second digital identity information sent by the distributed identity service platform;

and sending the second digital identity information to the trustee.

The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.

For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

Corresponding to the foregoing embodiment of the service implementation method based on a block chain, this specification further provides an apparatus for implementing a service based on a block chain, where the apparatus includes: a processor and a memory for storing machine executable instructions. Wherein the processor and the memory are typically interconnected by means of an internal bus. In other possible implementations, the device may also include an external interface to enable communication with other devices or components.

In this embodiment, the processor is caused to, by reading and executing machine executable instructions stored by the memory that correspond to blockchain based service implementation logic:

the cooperative party verifies whether the encrypted business data is tampered;

Optionally, the encrypted service data includes a first private key signature generated by the trusted party on first specified data by using a local private key, and when verifying whether the encrypted service data is tampered, the processor is caused to:

verifying the first private key signature;

Optionally, the service processing request further includes a second private key generated by the trustee for second specified data by using the local private key, and the processor is further caused to:

the collaborator verifies the second private key signature;

the processing of the business data by the cooperative party under the condition that the encrypted business data is not tampered and the validity of the verifiable statement passes includes:

Optionally, the generation process of the verifiable statement, the processor is caused to:

Optionally, the processor is further caused to:

saving the verifiable claims onto a blockchain.

Optionally, the processor is further caused to:

receiving a trustee inquiry request sent by a trustee;

inquiring a trustee with authorization authority, and returning an inquired trustee list to the trustee;

upon verifying the validity of the verifiable assertion, the processor is caused to:

Optionally, in the generating process of the first digital identity information of the entrusting party and the second digital identity information of the entrusting party, the processor is caused to:

receiving enterprise information sent by the entrusting party;

sending the first digital identity information to the entrusting party;

receiving enterprise information sent by a trustee;

and sending the second digital identity information to the trustee.

Corresponding to the foregoing embodiments of the service implementation method based on a block chain, the present specification further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps:

the cooperative party verifies whether the encrypted business data is tampered;

Optionally, the encrypting the service data includes a first private key signature generated by the trusting party using a local private key to the first specified data, and the verifying whether the encrypting the service data is tampered includes:

verifying the first private key signature;

Optionally, the service processing request further includes a second private key signature generated by the trustee using the local private key to the second specified data, and the method further includes:

the collaborator verifies the second private key signature;

Optionally, the generating process of the verifiable declaration includes:

Optionally, the method further includes:

saving the verifiable claims onto a blockchain.

Optionally, the method further includes:

receiving a trustee inquiry request sent by a trustee;

the verifying the validity of the verifiable statement comprises:

receiving enterprise information sent by the entrusting party;

sending the first digital identity information to the entrusting party;

receiving enterprise information sent by a trustee;

and sending the second digital identity information to the trustee.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims

1. A service implementation method based on block chain realizes the service based on a trustee, a trustee and a cooperative party, wherein the trustee and the trustee have a service trust relationship, and the method comprises the following steps:

the cooperative party verifies whether the encrypted business data is tampered;

2. The method according to claim 1, wherein the encrypted service data includes a first private key signature generated by the trusted party on first specific data by using a local private key, and the verifying whether the encrypted service data is tampered includes:

verifying the first private key signature;

3. The method according to claim 1 or 2, wherein the service processing request further includes a second private key generated by the trustee for second designated data by using the local private key, and the method further includes:

the collaborator verifies the second private key signature;

4. The method of claim 1, wherein the generating of the verifiable assertion comprises:

5. The method of claim 4, further comprising:

saving the verifiable claims onto a blockchain.

6. The method of claim 4, further comprising:

receiving a trustee inquiry request sent by a trustee;

7. The method of claim 4, wherein the request for generating the verifiable assertion also carries a validity period of a service delegate, and the distributed identity service platform further saves a mapping relationship between the verifiable assertion and the validity period after generating the verifiable assertion;

the verifying the validity of the verifiable statement comprises:

8. The method of claim 1, wherein the generating of the first digital identity information of the entrusting party and the second digital identity information of the entrusting party comprises:

receiving enterprise information sent by the entrusting party;

sending the first digital identity information to the entrusting party;

receiving enterprise information sent by a trustee;

and sending the second digital identity information to the trustee.

9. A block chain-based service implementation device, which implements the service based on a delegator, a trustee and a cooperator, wherein the delegator and the trustee have a service consignment relationship, includes:

10. The apparatus according to claim 9, wherein the encrypted service data includes a first private key signature generated by the trusted party on the first specified data by using a local private key, and the encrypted service data verifying unit:

verifying the first private key signature;

11. The apparatus according to claim 9 or 10, wherein the service processing request further includes a second private key generated by the trustee for second specified data by using the local private key, and the encrypted service data verifying unit further:

the collaborator verifies the second private key signature;

the encrypted service data processing unit:

12. The apparatus of claim 9, further comprising:

the verifiable assertion generating unit:

13. The apparatus of claim 12, further comprising:

and an authenticatable assertion storing unit that stores the authenticatable assertion onto the blockchain.

14. The apparatus of claim 12, further comprising:

the trustee query request receiving unit is used for receiving a trustee query request sent by the trustee;

the trustee inquiry unit inquires a trustee with authorization authority and returns an inquired trustee list to the trustee;

15. The apparatus of claim 12, wherein the request for generating the verifiable assertion further carries a validity period of a service delegation, and the distributed identity service platform further stores a mapping relationship between the verifiable assertion and the validity period after generating the verifiable assertion;

the verifiable assertion verification unit:

16. The apparatus of claim 9, wherein the process of generating the first digital identity information of the entrusting party and the second digital identity information of the entrusting party comprises:

receiving enterprise information sent by the entrusting party;

sending the first digital identity information to the entrusting party;

receiving enterprise information sent by a trustee;

and sending the second digital identity information to the trustee.

17. A block chain-based service implementation device, which implements the service based on a delegator, a trustee and a cooperator, wherein the delegator and the trustee have a service consignment relationship, includes:

a processor;

a memory for storing machine executable instructions;

the cooperative party verifies whether the encrypted business data is tampered;