CN114666064A - Block chain-based digital asset management method, device, storage medium and equipment - Google Patents

Block chain-based digital asset management method, device, storage medium and equipment Download PDF

Info

Publication number
CN114666064A
CN114666064A CN202210300769.XA CN202210300769A CN114666064A CN 114666064 A CN114666064 A CN 114666064A CN 202210300769 A CN202210300769 A CN 202210300769A CN 114666064 A CN114666064 A CN 114666064A
Authority
CN
China
Prior art keywords
node
public key
transaction
resource
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210300769.XA
Other languages
Chinese (zh)
Inventor
李志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Qilian Technology Co ltd
Original Assignee
Guangdong Qilian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Qilian Technology Co ltd filed Critical Guangdong Qilian Technology Co ltd
Priority to CN202210300769.XA priority Critical patent/CN114666064A/en
Publication of CN114666064A publication Critical patent/CN114666064A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

The application provides a block chain-based digital asset management method, a device, a storage medium and computer equipment, wherein the digital asset management method comprises the following steps: responding to a resource storage request initiated by a first node, and storing resources to be stored by the first node to a blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in the corresponding asset encryption key pair; responding to a public key storage request initiated by a first node, and storing an asset encryption public key in an asset encryption key pair corresponding to each authority level to a blockchain system; when receiving an intelligent contract created by a first node, executing the intelligent contract to send a target resource to a second node; and when receiving an access request initiated by the second node, sending the public key storage address to the second node. The privacy protection for digital assets can be enhanced.

Description

Block chain-based digital asset management method, device, storage medium and equipment
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for managing digital assets based on blockchain, a storage medium, and a computer device.
Background
The block chain is a multi-party cooperation oriented technology and is widely applied to scenes such as asset transfer, auction and the like. One of the important reasons why blockchain technology can be widely applied in the field of digital assets is to protect the privacy of accounts and transactions. However, in the existing block chain technology, it is difficult to protect the privacy of resources, and the privacy of the asset owner is compromised.
Disclosure of Invention
The embodiment of the application provides a block chain-based digital asset management method, a block chain-based digital asset management device, a storage medium and computer equipment, which can enhance privacy protection of digital assets.
The application provides a block chain-based digital asset management method, which comprises the following steps:
responding to a resource storage request initiated by a first node, and storing resources to be stored by the first node to a blockchain system; the resource is a digital asset encrypted by the first node by using an asset encryption private key in a corresponding asset encryption key pair according to a preset authority level;
responding to a public key storage request initiated by the first node, and storing an asset encryption public key in an asset encryption key pair corresponding to each authority level to the blockchain system;
when receiving the intelligent contract created by the first node, executing the intelligent contract to send the target resource to the second node; the intelligent contract comprises an identity account of a second node, access authority of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node;
when receiving an access request initiated by the second node, sending a public key storage address to the second node; and the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address to decrypt the target resource.
In one embodiment, the digital asset management method further comprises:
verifying the identity information of the first node based on a zero-knowledge proof algorithm;
when the identity information of the first node is verified to be valid, a first transaction public key in a first transaction key pair generated by the first node is acquired;
and storing the first transaction public key as the identity account of the first node so as to add the first node into a block chain node.
In one embodiment, the obtaining the first transaction public key of the transaction key pair generated by the first node includes:
sending an authentication public key in an authentication key pair to the first node;
acquiring a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key;
and decrypting the first ciphertext packet by using an authentication private key in the authentication key pair to obtain the first transaction public key.
In one embodiment, the executing the intelligent contract to send the target resource to the second node when receiving the intelligent contract created by the first node includes:
when the intelligent contract created by the first node is received, verifying the effectiveness of a target resource in the intelligent contract by using the first transaction public key through zero-knowledge proof; the intelligent contract is created by uploading the first node to the block chain system after being signed by a first transaction private key corresponding to the first transaction public key;
and when the target resource is verified to be effective, executing the intelligent contract to send the target resource to the second node.
In one embodiment, the digital asset management method further comprises:
verifying the identity information of the second node based on a zero-knowledge proof algorithm;
when the identity information of the second node is verified to be valid, a second transaction public key in a second transaction key pair generated by the second node is obtained;
and storing the second transaction public key as the identity account of the second node so as to add the second node into the block chain node.
In one embodiment, the obtaining the second transaction public key of the second transaction key pair generated by the second node includes:
sending an authentication public key in an authentication key pair to the second node;
acquiring a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key;
and decrypting the second ciphertext packet by using the authentication private key in the authentication key pair to obtain the second transaction public key.
In one embodiment, the access right includes a right level of the resource accessible by the second node and an access time of the accessible resource.
The present application further provides a block chain-based digital asset management device, comprising:
the resource storage module is used for responding to a resource storage request initiated by a first node and storing resources to be stored by the first node to a block chain system; the resource is a digital asset encrypted by the first node by adopting an asset encryption private key in a corresponding asset encryption key pair according to a preset authority level;
a key storage module, configured to store, in response to a public key storage request initiated by the first node, an asset encryption public key in an asset encryption key pair corresponding to each authority level to a blockchain system;
the service execution module is used for executing the intelligent contract when receiving the intelligent contract created by the first node so as to send the target resource to the second node; the intelligent contract comprises an identity account of a second node, access authority of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node;
the public key storage address sending module is used for sending a public key storage address to the second node when receiving an access request initiated by the second node; and the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address to decrypt the target resource.
The present application further provides a storage medium having stored therein computer-readable instructions, which, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method as described in any of the above embodiments.
The present application further provides a computer device, comprising: one or more processors, and a memory;
the memory has stored therein computer readable instructions which, when executed by the one or more processors, perform the steps of the blockchain-based digital asset management method of any of the embodiments described above.
According to the technical scheme, the embodiment of the application has the following advantages:
the block chain-based digital asset management method, the block chain-based digital asset management device, the block chain-based digital asset management storage medium and the computer equipment have the advantages that a plurality of resources obtained by encrypting digital assets through first nodes by using asset encryption private keys of different authority levels are stored in a block chain system in response to a resource storage request initiated by the first nodes, asset encryption public keys corresponding to different authority levels are also stored in the block chain system and are separated from the resources, decentralized and distributed storage of the resources and the keys is realized, the storage safety is improved, when a certain resource is required to be provided as a target resource for a second node to access, the first node can create an intelligent contract containing an identity account number of the second node, an access authority of the second node and identification information of the target resource, the block chain nodes execute the intelligent contract to send the target resource to the second node, when the second node initiates an access request, the block chain node sends the public key storage address to the second node, the second node can acquire the asset encryption public key which is matched with the access authority of the second node and used for decrypting the target resource according to the public key storage address, the second node can decrypt the target resource by using the asset encryption public key to realize access to the digital asset in the target resource, the digital asset of an asset holder (namely the first node) can only be accessed by a visitor who is allowed to access the digital asset, the visitor can only access the digital asset which is endowed with the access authority, and privacy protection of the digital asset is enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a flow diagram of a digital asset management method in one embodiment;
FIG. 2 is a flow diagram of a digital asset management method in another embodiment;
FIG. 3 is a flowchart of the steps for obtaining a first transaction public key of a first transaction key pair generated by a first node, in one embodiment;
FIG. 4 is a flowchart of the steps for executing an intelligent contract to send a target resource to a second node upon receiving an intelligent contract created by a first node, in one embodiment;
FIG. 5 is a flow diagram of a digital asset management method in yet another embodiment;
FIG. 6 is a flowchart of the step of obtaining a second transaction public key of a second transaction key pair generated by a second node, in one embodiment;
FIG. 7 is a block diagram of a digital asset management device in one embodiment;
FIG. 8 is a diagram of the internal structure of a computer device in one embodiment.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application is applied to a blockchain system, and the blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and comprises public and private key generation maintenance (account management), key management, user real identity and blockchain address corresponding relation maintenance (authority management) and the like, and under the authorization condition, the user management module supervises and audits the transaction condition of certain real identities and provides rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node point devices and used for verifying the effectiveness of the service request, recording the effective request after consensus is completed on storage, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the encrypted service information to a shared account (network communication) completely and consistently, and performs recording and storage; the intelligent contract module is responsible for registering and issuing contracts, triggering the contracts and executing the contracts, developers can define contract logics through a certain programming language, issue the contract logics to a block chain (contract registration), call keys or other event triggering and executing according to the logics of contract clauses, complete the contract logics and simultaneously provide the function of upgrading and canceling the contracts; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like.
The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme to the business participants for use.
The system related to the embodiment of the present application may be a blockchain system formed by connecting a client, a plurality of nodes (any form of computing devices in an access network, such as a server, a user terminal) through a network communication form.
An embodiment of the present application provides a block chain-based digital asset management method, as shown in fig. 1, the method includes steps S101 to S104, where:
step S101, in response to a resource storage request initiated by a first node, storing a resource to be stored by the first node to a blockchain system.
The resource is a digital asset encrypted by the first node according to a preset authority level by using an asset encryption private key in a corresponding asset encryption key pair; digital assets refer to non-monetary assets owned or controlled by a business or individual, in the form of electronic data, held in daily activities for sale or in the process of production; the first node refers to one of the computing devices in the access blockchain system.
Step S102, responding to a public key storage request initiated by the first node, and storing the asset encryption public keys in the asset encryption key pairs corresponding to the authority levels to the blockchain system.
The asset encryption key pair is an asset encryption private key used for encrypting the digital asset and an asset encryption public key used for decrypting the resource to obtain the encrypted digital asset, which are generated by the first node, and the asset encryption key pairs corresponding to different authority levels are different, and each authority level has at least one pair of asset encryption key pairs. The public key storage request is used for requesting the blockchain system to store the asset encryption public keys in each asset encryption key pair generated by the first node, the blockchain system responds to the public key storage request and stores the asset encryption public keys at each authority level, and specifically, the blockchain system can store each asset encryption public key to the user management module.
It should be noted that, the user management module does not refer to a specific computing device, but refers to a part for implementing the management of the identity information of all participants in the blockchain system, and may be a certain computing device, multiple computing devices, or a part of a computing area of each computing device.
And step S103, when the intelligent contract created by the first node is received, executing the intelligent contract to send the target resource to the second node.
The intelligent contract comprises an identity account of the second node, access authority of the second node and identification information of the target resource, wherein the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node; the target resource is a digital asset encrypted and stored in the blockchain system to be accessed by the second node.
An intelligent contract is a computer protocol intended to propagate, validate or execute contracts in an informational manner. When the first node needs to perform transaction with the second node, the transaction needs to be realized through the intelligent contract, and the block chain system can execute the intelligent contract to complete the transaction between the first node and the second node. The identity account number of the second node is a code number used for representing the identity of the second node in the blockchain system, and one identity account number corresponds to one node in the blockchain system, so that the second node of the first node needing to be transacted can be determined by recording the identity account number of the second node in the intelligent contract, and further the blockchain system can determine two transaction parties. The identification information is information used by the blockchain to locate the target resource and make a call, and specifically, the identification information may include a storage address of the target resource.
When transaction is carried out, in order to ensure the privacy of the digital assets, the first node allocates the authority level corresponding to the digital assets which are allowed to be accessed to the second node, so that the second node can obtain the asset encryption public key for decrypting the target resource.
In one embodiment, the access right includes a right level of the resource accessible by the second node and an access time of the accessible resource. The access time can be understood as the time when the asset encryption public key can be acquired, and if the second node does not apply to acquire the asset encryption public key beyond the time, the second node cannot acquire the asset encryption public key in the transaction, that is, the access right of the second node is invalid. The embodiment can further improve the safety of the digital assets and avoid the misuse of the access rights by the visitors.
And step S104, when receiving the access request initiated by the second node, sending the public key storage address to the second node.
And the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address for decrypting the target resource. The access request is a request that the second node applies to the blockchain system for obtaining the storage address of the public key, so that the asset encryption public key can be obtained to decrypt the target resource.
According to the block chain-based digital asset management method, a plurality of resources obtained by encrypting digital assets through the first node by using asset encryption private keys of different authority levels are stored in the block chain system by responding to a resource storage request initiated by the first node, and asset encryption public keys corresponding to different authority levels are also stored in the block chain system and are separated from the resources, decentralized and distributed storage of the resources and the secret keys is realized, and the storage safety is improved. When a certain resource is required to be provided to a second node as a target resource for access, the first node creates an intelligent contract containing an identity account of the second node, the access authority of the second node and identification information of the target resource, a block chain node executes the intelligent contract to send the target resource to the second node, when the second node initiates an access request, the block chain node sends a public key storage address to the second node, the second node can obtain an asset encryption public key which is matched with the access authority of the second node and used for decrypting the target resource according to the public key storage address, the second node can decrypt the target resource by using the asset encryption public key to realize access to the digital asset therein, and ensure that the digital asset of an asset holder (namely the first node) can only be accessed by an accessor who is allowed to access and the accessor can only access the digital asset which is endowed with the access authority, enhancing privacy protection for the digital assets themselves.
It should be noted that the "transaction" mentioned in the present application should not be construed narrowly as the behavior of the buyer and the seller to communicate with valuable goods and services, but may be understood as the information transfer implemented in the blockchain system, including data access, asset exchange, and so on.
In one embodiment, as shown in FIG. 2, the digital asset management method further comprises steps S201-S203, wherein:
step S201, verifying the identity information of the first node based on a zero-knowledge proof algorithm.
Where a zero knowledge proof algorithm refers to a prover that can convince a verifier that a certain statement is correct without providing the verifier with any useful information. In this embodiment, the blockchain system is made to believe that the identity information of the first node is valid without the first node providing useful information about the identity to the blockchain system.
Specifically, identity information verification of the first node may be implemented by using a zero-knowledge proof based on RSA digital signature:
the method comprises the steps that a first node sends identity information m to a trusted authorization center CA, the CA randomly generates two large prime numbers p and q according to an RSA secret key generation algorithm, n is calculated to be p multiplied by q, then an integer e is selected, d is calculated, ed is 1mod phi (n), wherein (n, e) is a public key, (p, d, q) is a private key, p and q can be destroyed, and d is used as a private key; the CA has an RSA digital signature of the identity information m as s ═ md (mod n), and the signed file is an identity certificate and comprises the information m and the signature s; the CA sends the identity certificate, the public key (n, e) and the private key d to the first node, and the first node stores the identity certificate, the public key (n, e) and the private key d;
the first node sends the identity certificate and the public key (n, e) to B; (2) b, receiving the information, calculating m ═ se (mod n) by using the public key d, and if the information m ═ m', proving that the signature is correct; (3) if the signature is verified to be correct, performing a zero-knowledge proof authentication process; (4) the identity authentication is carried out by adopting an interactive zero-knowledge proof method, and the user A executes the following zero-knowledge proof protocol:
Figure BDA0003565377230000091
where α represents the secret information of the user, i.e. the RSA signature on the identity information m, H (·) is a public anti-collision hash function of {0,1} → {0,1} l, (n, e) and H (m) are shared information, P represents the identity of the user a, and may be a fixed IP or a name marked in a public key certificate, etc., Timestamp is a Timestamp marking a zero-knowledge proof, and Nonce is a Nonce preventing replay attack.
Authentication Server B optional
Figure BDA0003565377230000092
Sent to the first node, the first node optionally
Figure BDA0003565377230000093
And (3) calculating:
Figure BDA0003565377230000094
the first node calculates using its digital signature s
Figure BDA0003565377230000095
And is
Figure BDA0003565377230000096
The first node passes zero proof of knowledge { s1, c, k, Pid, Timestamp, Nonce } to the blockchain system, which, after receiving the zero proof of knowledge, verifies whether the following equation holds:
Figure BDA0003565377230000101
if the equation is established, the first node is believed to possess the digital signature, and the certification is accepted to indicate that the identity of the first node is real and legal, that is, the identity information of the first node is valid.
Step S202, when the identity information of the first node is verified to be valid, a first transaction public key in a first transaction key pair generated by the first node is obtained.
Step S203, the first transaction public key is stored as the identity account of the first node, so as to add the first node into the block chain node.
The first transaction key pair is an identity certificate of the first node for conducting transaction in the blockchain system, and other nodes can verify whether the transaction is created for the first node through the first transaction public key. The first transaction public key is used as an identity account number of the first node, and the blockchain system can be located to the first node through the first transaction public key. The first node may encrypt information that needs to be uploaded to the blockchain system using a first transaction private key corresponding to the first transaction public key.
The embodiment utilizes zero knowledge proof to realize the identity verification of the first node, can protect the identity information privacy of the first node, and improves the data security.
In one embodiment, as shown in fig. 3, obtaining the first transaction public key of the first transaction key pair generated by the first node includes steps S301 to S303, where:
step S301, sending the authentication public key in the authentication key pair to the first node.
The authentication key pair is a key pair used by the block chain system for encrypting and decrypting information interacted in the authentication process.
Step S302, a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key is obtained.
The first ciphertext packet is a data packet obtained by the first node encrypting the first transaction public key by using the authentication public key, namely the encrypted first transaction public key.
Step S303, the first ciphertext block is decrypted by using the authentication private key of the authentication private key pair, and the first transaction public key is obtained.
The block chain system decrypts the first ciphertext packet by using the authentication private key to obtain the first transaction public key of the first node.
In this embodiment, the authentication key pair is used to realize encrypted transmission of the first transaction public key, so that privacy is improved, and the identity security of the first node is protected.
In one embodiment, as shown in fig. 4, when receiving an intelligent contract created by a first node, executing the intelligent contract to send a target resource to a second node includes steps S401-S402, wherein:
step S401, when receiving the intelligent contract created by the first node, verifying the validity of the target resource in the intelligent contract by using the first transaction public key.
And the intelligent contract is created by uploading the first node to the blockchain system after being signed by using the first transaction private key corresponding to the first transaction public key.
The validity verification process for the target resource may refer to the process of verifying the identity information of the first node in the foregoing embodiment, which is not described herein again.
And step S402, when the target resource is verified to be effective, executing an intelligent contract to send the target resource to the second node.
If the target resource is verified as invalid, i.e., the current transaction may be an abnormal transaction, only that contract will not be executed.
Through zero knowledge proof verification in this embodiment, the blockchain system can realize verification of validity of the target resource without knowing the encrypted digital asset of the target resource, so that the privacy of the digital asset is enhanced while the transaction security is ensured, and the digital asset is prevented from being leaked in the process of maintaining a blockchain account book by other nodes in the blockchain system.
In one embodiment, as shown in FIG. 5, the digital asset management method further comprises steps S501-S503, wherein:
step S501, identity information of the second node is verified based on a zero-knowledge proof algorithm.
The identity information verification of the second node based on the zero-knowledge proof algorithm is to make the blockchain system believe that the identity information of the second node is valid without the second node providing useful information about the identity to the blockchain system.
The identity information verification of the second node may be implemented by using a zero-knowledge proof based on RSA digital signature, and the specific process may refer to the identity information verification process of the first node in the foregoing embodiment, which is not described herein again.
Step S502, when the identity information of the second node is verified to be valid, a second transaction public key in a second transaction key pair generated by the second node is obtained.
Step S503, storing the second transaction public key as the identity account of the second node, so as to add the second node to the block chain node.
The second transaction key pair is an identity certificate used by the second node for conducting transactions in the blockchain system, and other nodes can verify whether the transactions are created for the second node through the second transaction public key. The second transaction public key is used as an identity account of the second node, and the blockchain system can be located to the second node through the second transaction public key. The second node may encrypt information that needs to be uploaded to the blockchain system using a second transaction private key corresponding to the second transaction public key.
The embodiment utilizes zero knowledge proof to realize the identity verification of the second node, thereby protecting the identity information privacy of the second node and improving the data security.
In one embodiment, as shown in fig. 6, acquiring the second transaction public key in the second transaction key pair generated by the second node includes steps S601-S603, where:
step S601, sending the authentication public key in the authentication key pair to the second node.
The authentication key pair is a key pair used by the blockchain system for encrypting and decrypting information interacted in the authentication process.
Step S602, a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key is obtained.
The second ciphertext packet is a data packet obtained by the second node encrypting the second transaction public key by using the authentication public key, namely the encrypted second transaction public key.
Step S603, the second ciphertext package is decrypted by using the authentication private key in the authentication key pair, and a second transaction public key is obtained.
And the block chain system decrypts the second ciphertext packet by using the authentication private key to obtain a second transaction public key of the second node.
In this embodiment, the authentication key pair is used to realize encrypted transmission of the second transaction public key, so that privacy is improved, and the identity security of the second node is protected.
It should be understood that although the various steps in the flowcharts of fig. 1-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least some of the steps in fig. 1-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
The following describes a text processing apparatus provided in an embodiment of the present application, and the text processing apparatus described below and the text processing method described above may be referred to correspondingly.
As shown in fig. 7, the present application also provides a block chain-based digital asset management device 700, comprising:
a resource storage module 710, configured to store, in response to a resource storage request initiated by a first node, a resource to be stored by the first node to a blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in the corresponding asset encryption key pair;
a key storage module 720, configured to respond to a public key storage request initiated by the first node, store the asset encryption public keys in the asset encryption key pairs corresponding to the authority levels to the blockchain system;
the service execution module 730 is configured to execute the intelligent contract when receiving the intelligent contract created by the first node, so as to send the target resource to the second node; the intelligent contract comprises an identity account number of the second node, access authority of the second node and identification information of the target resource, and the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node;
the public key storage address sending module 740 is configured to send a public key storage address to the second node when receiving an access request initiated by the second node; and the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address for decrypting the target resource.
In one embodiment, the digital asset management device further comprises:
the first node verification module is used for verifying the identity information of the first node based on a zero-knowledge proof algorithm;
the first transaction public key acquisition module is used for acquiring a first transaction public key in a first transaction key pair generated by the first node when the identity information of the first node is verified to be valid;
and the first storage module is used for storing the first transaction public key as the identity account of the first node so as to add the first node into the block chain node.
In one embodiment, the first transaction public key obtaining module includes:
the first public key sending unit is used for sending the authentication public key in the authentication key pair to the first node;
the first ciphertext packet acquiring unit is used for acquiring a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key;
and the first decryption unit is used for decrypting the first ciphertext packet by using the authentication private key in the authentication private key pair to obtain a first transaction public key.
In one embodiment, the service execution module includes:
the contract verification unit is used for verifying the effectiveness of target resources in the intelligent contract by using the first transaction public key when the intelligent contract created by the first node is received; the intelligent contract is that the first node uses a first transaction private key corresponding to the first transaction public key to sign and then uploads the signature to the blockchain system to complete the creation;
and the data sending unit is used for executing the intelligent contract to send the target resource to the second node when the target resource is verified to be effective.
In one embodiment, the digital asset management device further comprises:
the second node verification module is used for verifying the identity information of the second node based on a zero-knowledge proof algorithm;
the second transaction public key acquisition module is used for acquiring a second transaction public key in a second transaction key pair generated by the second node when the identity information of the second node is verified to be valid;
and the second storage module is used for storing the second transaction public key as the identity account of the second node so as to add the second node into the block chain node.
In one embodiment, the second transaction public key obtaining module includes:
the first public key sending unit is used for sending the authentication public key in the authentication key pair to the second node;
the second ciphertext packet acquiring unit is used for acquiring a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key;
and the second decryption unit is used for decrypting the second ciphertext packet by using the authentication private key in the authentication private key pair to obtain a second transaction public key.
The division of the modules in the above block chain-based digital asset management device is merely for illustration, and in other embodiments, the digital asset management device may be divided into different modules as needed to complete all or part of the functions of the above digital asset management device.
For specific limitations of the digital asset management device, see the above limitations on the digital asset management method, which are not described herein again. The various modules in the digital asset management device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, the present application further provides a storage medium having stored therein computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method as in any one of the above embodiments.
In one embodiment, the present application further provides a computer device having stored therein computer readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method as in any one of the above embodiments.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store transaction data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a blockchain-based digital asset management method.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Any reference to memory, storage, database, or other medium used herein may include non-volatile and/or volatile memory. The nonvolatile Memory may include a ROM (Read-Only Memory), a PROM (Programmable Read-Only Memory), an EPROM (Erasable Programmable Read-Only Memory), an EEPROM (Electrically Erasable Programmable Read-Only Memory), or a flash Memory. Volatile Memory can include RAM (Random Access Memory), which acts as external cache Memory. By way of illustration and not limitation, RAM is available in many forms, such as SRAM (Static Random Access Memory), DRAM (Dynamic Random Access Memory), SDRAM (Synchronous Dynamic Random Access Memory), Double Data Rate DDR SDRAM (Double Data Rate Synchronous Random Access Memory), ESDRAM (Enhanced Synchronous Dynamic Random Access Memory), SLDRAM (Synchronous Link Dynamic Random Access Memory), RDRAM (Random Dynamic Random Access Memory), and DRmb DRAM (Dynamic Random Access Memory).
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise. Also, as used in this specification, the term "and/or" includes any and all combinations of the associated listed items.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, the embodiments may be combined as needed, and the same and similar parts may be referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A blockchain-based digital asset management method, the method comprising:
responding to a resource storage request initiated by a first node, and storing resources to be stored by the first node to a blockchain system; the resource is a digital asset encrypted by the first node by using an asset encryption private key in a corresponding asset encryption key pair according to a preset authority level;
responding to a public key storage request initiated by the first node, and storing an asset encryption public key in an asset encryption key pair corresponding to each authority level to the block chain system;
when receiving the intelligent contract created by the first node, executing the intelligent contract to send the target resource to the second node; the intelligent contract comprises an identity account of a second node, access authority of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node;
when receiving an access request initiated by the second node, sending a public key storage address to the second node; and the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address to decrypt the target resource.
2. The digital asset management method according to claim 1, further comprising:
verifying the identity information of the first node based on a zero-knowledge proof algorithm;
when the identity information of the first node is verified to be valid, a first transaction public key in a first transaction key pair generated by the first node is acquired;
and storing the first transaction public key as the identity account of the first node so as to add the first node into a block chain node.
3. The digital asset management method according to claim 2, wherein said obtaining a first transaction public key of a first transaction key pair generated by said first node comprises:
sending an authentication public key in an authentication key pair to the first node;
acquiring a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key;
and decrypting the first ciphertext packet by using an authentication private key in the authentication key pair to obtain the first transaction public key.
4. The digital asset management method according to claim 2, wherein said executing the intelligent contract to send the target resource to the second node upon receiving the intelligent contract created by the first node comprises:
when the intelligent contract created by the first node is received, verifying the effectiveness of a target resource in the intelligent contract by using the first transaction public key through zero-knowledge proof; the intelligent contract is created by uploading a signature of a first transaction private key corresponding to the first transaction public key to the blockchain system by the first node;
and when the target resource is verified to be effective, executing the intelligent contract to send the target resource to the second node.
5. The digital asset management method according to claim 1, further comprising:
verifying the identity information of the second node based on a zero-knowledge proof algorithm;
when the identity information of the second node is verified to be valid, a second transaction public key in a second transaction key pair generated by the second node is obtained;
and storing the second transaction public key as the identity account of the second node so as to add the second node into the block chain node.
6. The asset management method according to claim 5, wherein said obtaining a second transaction public key of a second transaction key pair generated by said second node comprises:
sending an authentication public key in an authentication key pair to the second node;
acquiring a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key;
and decrypting the second ciphertext packet by using the authentication private key in the authentication key pair to obtain the second transaction public key.
7. The digital asset management method according to claim 1, wherein said access right comprises a right level of a resource accessible by said second node and an access time of the accessible resource.
8. A blockchain-based digital asset management device, comprising:
the resource storage module is used for responding to a resource storage request initiated by a first node and storing resources to be stored by the first node to a block chain system; the resource is a digital asset encrypted by the first node by using an asset encryption private key in a corresponding asset encryption key pair according to a preset authority level;
a key storage module, configured to store, in response to a public key storage request initiated by the first node, an asset encryption public key in an asset encryption key pair corresponding to each authority level to a blockchain system;
the service execution module is used for executing the intelligent contract when receiving the intelligent contract created by the first node so as to send the target resource to the second node; the intelligent contract comprises an identity account of a second node, access authority of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the block chain system; the access right is used for distributing the right of accessing the resource for the second node;
the public key storage address sending module is used for sending a public key storage address to the second node when receiving an access request initiated by the second node; and the node corresponding to the public key storage address is used for storing the asset encryption public key corresponding to the access authority, so that the second node acquires the asset encryption public key based on the public key storage address to decrypt the target resource.
9. A storage medium, characterized by: the storage medium having stored therein computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method of any one of claims 1 to 7.
10. A computer device, comprising: one or more processors, and a memory;
the memory having stored therein computer readable instructions which, when executed by the one or more processors, perform the steps of the blockchain-based digital asset management method of any one of claims 1 to 7.
CN202210300769.XA 2022-03-25 2022-03-25 Block chain-based digital asset management method, device, storage medium and equipment Pending CN114666064A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210300769.XA CN114666064A (en) 2022-03-25 2022-03-25 Block chain-based digital asset management method, device, storage medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210300769.XA CN114666064A (en) 2022-03-25 2022-03-25 Block chain-based digital asset management method, device, storage medium and equipment

Publications (1)

Publication Number Publication Date
CN114666064A true CN114666064A (en) 2022-06-24

Family

ID=82032163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210300769.XA Pending CN114666064A (en) 2022-03-25 2022-03-25 Block chain-based digital asset management method, device, storage medium and equipment

Country Status (1)

Country Link
CN (1) CN114666064A (en)

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534097A (en) * 2016-10-27 2017-03-22 上海亿账通区块链科技有限公司 Block chain trading based authority control method and system
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data
CN109040057A (en) * 2018-07-26 2018-12-18 百色学院 A kind of multi-key cipher cascade protection privacy system and method based on block chain
CN109981622A (en) * 2019-03-15 2019-07-05 智链万源(北京)数字科技有限公司 Block chain network node permission reverse proxy method and apparatus
CN110033258A (en) * 2018-11-12 2019-07-19 阿里巴巴集团控股有限公司 Business datum encryption method and device based on block chain
KR102009160B1 (en) * 2018-10-19 2019-08-09 빅픽처랩 주식회사 Information trust engine system based on block-chain
CN110213268A (en) * 2019-05-31 2019-09-06 联想(北京)有限公司 A kind of data processing method, data processing equipment and computer system
CN110458558A (en) * 2019-07-04 2019-11-15 重庆金融资产交易所有限责任公司 Data encryption method, device and computer equipment based on block chain
CN110765488A (en) * 2019-10-28 2020-02-07 联想(北京)有限公司 Data storage and reading method and electronic equipment
CN110766550A (en) * 2019-09-05 2020-02-07 阿里巴巴集团控股有限公司 Asset query method and device based on block chain and electronic equipment
CN111901402A (en) * 2019-02-19 2020-11-06 创新先进技术有限公司 Method, node and storage medium for implementing privacy protection in block chain
CN112347516A (en) * 2020-11-27 2021-02-09 网易(杭州)网络有限公司 Asset certification method and device based on block chain
CN112446039A (en) * 2020-11-19 2021-03-05 杭州趣链科技有限公司 Block chain transaction processing method, device, equipment and storage medium
CN112801664A (en) * 2021-03-17 2021-05-14 广州弘晟计算机系统有限公司 Intelligent contract supply chain trusted service method based on block chain
CN113392430A (en) * 2021-05-27 2021-09-14 中国联合网络通信集团有限公司 Digital resource management method and system based on intelligent contract authentication
CN113989047A (en) * 2018-07-27 2022-01-28 创新先进技术有限公司 Asset publishing method and device based on block chain and electronic equipment

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534097A (en) * 2016-10-27 2017-03-22 上海亿账通区块链科技有限公司 Block chain trading based authority control method and system
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data
CN109040057A (en) * 2018-07-26 2018-12-18 百色学院 A kind of multi-key cipher cascade protection privacy system and method based on block chain
CN113989047A (en) * 2018-07-27 2022-01-28 创新先进技术有限公司 Asset publishing method and device based on block chain and electronic equipment
KR102009160B1 (en) * 2018-10-19 2019-08-09 빅픽처랩 주식회사 Information trust engine system based on block-chain
CN110033258A (en) * 2018-11-12 2019-07-19 阿里巴巴集团控股有限公司 Business datum encryption method and device based on block chain
CN111901402A (en) * 2019-02-19 2020-11-06 创新先进技术有限公司 Method, node and storage medium for implementing privacy protection in block chain
CN109981622A (en) * 2019-03-15 2019-07-05 智链万源(北京)数字科技有限公司 Block chain network node permission reverse proxy method and apparatus
CN110213268A (en) * 2019-05-31 2019-09-06 联想(北京)有限公司 A kind of data processing method, data processing equipment and computer system
CN110458558A (en) * 2019-07-04 2019-11-15 重庆金融资产交易所有限责任公司 Data encryption method, device and computer equipment based on block chain
CN110766550A (en) * 2019-09-05 2020-02-07 阿里巴巴集团控股有限公司 Asset query method and device based on block chain and electronic equipment
CN110765488A (en) * 2019-10-28 2020-02-07 联想(北京)有限公司 Data storage and reading method and electronic equipment
CN112446039A (en) * 2020-11-19 2021-03-05 杭州趣链科技有限公司 Block chain transaction processing method, device, equipment and storage medium
CN112347516A (en) * 2020-11-27 2021-02-09 网易(杭州)网络有限公司 Asset certification method and device based on block chain
CN112801664A (en) * 2021-03-17 2021-05-14 广州弘晟计算机系统有限公司 Intelligent contract supply chain trusted service method based on block chain
CN113392430A (en) * 2021-05-27 2021-09-14 中国联合网络通信集团有限公司 Digital resource management method and system based on intelligent contract authentication

Similar Documents

Publication Publication Date Title
CN111737724B (en) Data processing method and device, intelligent equipment and storage medium
EP3673435B1 (en) Improving integrity of communications between blockchain networks and external data sources
US10685099B2 (en) System and method for mapping decentralized identifiers to real-world entities
EP3619889B1 (en) Retrieving public data for blockchain networks using highly available trusted execution environments
TWI709314B (en) Data processing method and device
US8843415B2 (en) Secure software service systems and methods
CN109450843B (en) SSL certificate management method and system based on block chain
CN114499895B (en) Data trusted processing method and system fusing trusted computing and block chain
CN112507363A (en) Data supervision method, device and equipment based on block chain and storage medium
JP2007282295A (en) Cryptographic system and method with key escrow feature
CN108880995B (en) Block chain-based unfamiliar social network user information and message pushing encryption method
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
CN110601855B (en) Root certificate management method and device, electronic equipment and storage medium
CN112231769A (en) Block chain-based numerical verification method and device, computer equipment and medium
CN111460457A (en) Real estate property registration supervision method, device, electronic equipment and storage medium
CN112632574A (en) Multi-mechanism data processing method and device based on alliance chain and related equipment
CN114866323B (en) User-controllable privacy data authorization sharing system and method
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
KR102056612B1 (en) Method for Generating Temporary Anonymous Certificate
CN113869901B (en) Key generation method, key generation device, computer-readable storage medium and computer equipment
CN112948789B (en) Identity authentication method and device, storage medium and electronic equipment
KR102211033B1 (en) Agency service system for accredited certification procedures
CN114666064A (en) Block chain-based digital asset management method, device, storage medium and equipment
Shahzad et al. Blockchain based monitoring on trustless supply chain processes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination