CN115174183A

CN115174183A - Block chain-based digital file signing method and device

Info

Publication number: CN115174183A
Application number: CN202210754107.XA
Authority: CN
Inventors: 栗志果
Original assignee: Ant Blockchain Technology Shanghai Co Ltd
Current assignee: Ant Blockchain Technology Shanghai Co Ltd
Priority date: 2022-06-28
Filing date: 2022-06-28
Publication date: 2022-10-11

Abstract

One or more embodiments of the present specification provide a block chain-based digital document signing method and apparatus, which are applied to a signing initiator client; the method comprises the following steps: responding to a signing processing operation aiming at the target digital file initiated by a signing initiator, and determining other signing participants who participate in signing the target digital file; in response to the determined other signing participants, calling a decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain; and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public keys of other signing participants so that the other signing participants respond to the acquired encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

Description

Block chain-based digital file signing method and device

Technical Field

One or more embodiments of the present disclosure relate to the field of block chain technologies, and in particular, to a digital file signing method and apparatus based on a block chain.

Background

For an organization, a business entity, even an individual, etc., it is generally necessary to perform a signing process on some document related to the organization, such as signing the document and stamping a stamp pattern on the document by using a stamp thereof, so as to indicate the correctness and authenticity of the document authorized by the signature on the document.

With the more and more widespread application of paperless office, the signing processing of the digital document is generally realized through data interaction between different users. Under the circumstances, how to ensure the data security of the digital file in the signing process becomes a problem to be urgently solved.

Disclosure of Invention

One or more embodiments of the present disclosure provide the following technical solutions:

the specification provides a digital file signing method based on a block chain, which is applied to a client corresponding to a signing initiator; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the method comprises the following steps:

in response to a signing processing operation initiated by the signing initiator for the target digital document, determining other signing participants who participate in signing the target digital document;

responding to the determined other signing participants, calling decryption logic contained in the first intelligent contract, and decrypting the encrypted target digital file stored in the block chain; and (c) a second step of,

and in response to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants can decrypt the encrypted target digital file based on the private keys of the other signing participants in response to the acquired encrypted target digital file and sign the decrypted target digital file.

The specification also provides a digital file signing method based on the block chain, which is applied to a client corresponding to a signing participant; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the method comprises the following steps:

acquiring the encrypted target digital file; when the signing initiator responds to signing processing operation, initiated by the signing initiator, for the target digital file and determines other signing participants participating in signing the target digital file, the signing initiator calls decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain, responds to the completion of decryption processing of the target digital file, further calls the encryption logic contained in the first intelligent contract, and encrypts the decrypted target digital file based on a public key of the other signing participants to obtain the encrypted target digital file;

in response to the obtained encrypted target digital file, decrypting the encrypted target digital file based on the private keys of the other signing participants;

and signing the decrypted target digital file.

The specification also provides a digital file signing method based on the block chain, which is applied to a block chain service platform; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing and managing the target digital file is deployed on the blockchain; the method comprises the following steps:

receiving a signing request sent by a client corresponding to a signing initiator in response to a signing processing operation aiming at the target digital file initiated by the signing initiator;

determining, in response to the signing request, other signing participants that participated in signing the target digital file;

The present specification also provides a block chain-based digital document signing apparatus, which is applied to a client corresponding to a signing initiator; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the device comprises:

the determining module is used for responding to the signing processing operation aiming at the target digital file initiated by the signing initiator and determining other signing participants participating in signing the target digital file;

the calling module is used for calling decryption logic contained in the first intelligent contract in response to the determined other signing participants and decrypting the encrypted target digital file stored in the block chain; and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

The specification also provides a block chain-based digital document signing device which is applied to a client corresponding to a signing participant; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing and managing the target digital file is deployed on the blockchain; the device comprises:

the acquisition module acquires the encrypted target digital file; when the signing initiator responds to signing processing operation initiated by the signing initiator and aiming at the target digital file and determines other signing participants participating in signing the target digital file, the signing initiator calls decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain, responds to the completion of decryption processing of the target digital file, further calls the encryption logic contained in the first intelligent contract, and encrypts the decrypted target digital file based on the public keys of the other signing participants to obtain the encrypted target digital file;

the decryption module is used for responding to the obtained encrypted target digital file and decrypting the encrypted target digital file based on the private keys of the other signing participants;

and the signing module is used for signing the decrypted target digital file.

The specification also provides a block chain-based digital file signing device, which is applied to a block chain service platform; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the device comprises:

the receiving module is used for receiving a signing request sent by a client corresponding to a signing initiator in response to signing processing operation aiming at the target digital file initiated by the signing initiator;

a determination module, responsive to the signing request, to determine other signing participants that participated in signing the target digital document;

the calling module is used for calling the decryption logic contained in the first intelligent contract in response to the determined other signing participants and decrypting the encrypted target digital file stored in the block chain; and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

The present specification also provides an electronic device comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the steps of the method as described in any one of the above by executing the executable instructions.

The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of the preceding claims.

In the above technical solution, a target digital file to be signed may be encrypted and stored in a blockchain, and then, in response to a signing processing operation initiated by a signing initiator and directed to the target digital file, other signing participants participating in signing the target digital file may be determined, a decryption logic included in a first intelligent contract deployed on the blockchain and used for signing and managing the target digital file is invoked, the encrypted target digital file stored in the blockchain is decrypted, an encryption logic included in the first intelligent contract is further invoked, the target digital file is re-encrypted based on a public key of the other signing participants, so that the other signing participants respond to the obtained encrypted target digital file, re-decrypt the encrypted target digital file based on private keys of the other signing participants, and sign the target digital file.

Through the manner, on the first hand, because the encrypted digital file is stored in the blockchain, in this case, the unencrypted and original digital file cannot be directly obtained from the blockchain, so that the data security of the digital file can be ensured; in a second aspect, when the digital file is provided to a signing participant who participates in signing the digital file and the signing participant signs the digital file, the digital file can be encrypted based on the public key of the signing participant, so that data leakage in a data interaction process can be avoided, and the data security of the digital file is further improved.

Drawings

Fig. 1 is a schematic diagram of a network environment associated with a blockchain in accordance with an exemplary embodiment of the present disclosure.

Fig. 2 is a flowchart illustrating a block chain-based digital file signature method according to an exemplary embodiment of the present disclosure.

FIG. 3 is a schematic diagram of a user interface shown in an exemplary embodiment of the present description.

Fig. 4 is a flowchart illustrating another block chain-based digital file signing method in an exemplary embodiment of the present description.

Fig. 5 is a flowchart illustrating another block chain-based digital file signing method according to an exemplary embodiment of the present specification.

Fig. 6 is a hardware block diagram of an electronic device where a block chain based digital document signing apparatus is located according to an exemplary embodiment of the present specification.

Fig. 7 is a block diagram of a blockchain-based digital document signing apparatus as illustrated in an exemplary embodiment of the present specification.

Fig. 8 is a block diagram of another block chain based digital document signing apparatus, shown in an exemplary embodiment of this specification.

Fig. 9 is a block diagram of another block chain based digital document signing apparatus, shown in an exemplary embodiment of this specification.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims that follow.

It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the methods may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.

Blockchains are generally divided into three types: public chain (Public Blockchain), private chain (Private Blockchain), and federation chain (Consortium Blockchain). In addition, there may be various combinations of the above, such as a combination of a private chain and a federation chain, a combination of a federation chain and a public chain, and so on.

Of the three types of blockchains described above, the most decentralized is the public chain. A party joining the public chain (which may also be referred to as a node in the blockchain) may read the data records on the chain, participate in transactions, compete for accounting rights for new blocks, etc. Moreover, each node can freely join or leave the network and perform related operations.

Private chains are the opposite, with the network's write rights being controlled by an organization or organization and the data read rights being specified by the organization. That is, the private chain can be viewed as a weakly centralized system with strict restrictions on nodes and a small number of nodes. This type of blockchain is more suitable for use within a particular establishment.

The alliance chain is between the public chain and the private chain, and partial decentralization can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; the nodes are authorized to join the network and form a benefit-related alliance, and the operation of the block chain is maintained together.

In a blockchain network, blockchain link points are logical communication entities; the different types of multiple blockchain nodes may run on the same physical server or may run on different physical servers.

Referring to fig. 1, fig. 1 is a schematic diagram illustrating a network environment associated with a blockchain according to an exemplary embodiment of the present disclosure.

In the network environment as shown in fig. 1, a user-side computing device 101, a server-side 102, and at least one blockchain system may be included; such as blockchain system 103, blockchain system 104, and blockchain system 105.

In one embodiment shown, the user-side computing device 101, may include a variety of different types of user-side computing devices; for example, the user-side computing device may include devices such as PC computing devices, mobile computing devices, internet of things devices, and other forms of smart devices with certain computing capabilities, among others.

It should be noted that the user-side computing device 101 does not indicate that all the user-side computing devices are in the same communication network, but merely refers to these user-side computing devices collectively.

In one embodiment shown, some of the user-side computing devices 101 may be coupled to the server-side 102 through various communication networks; for example, device 3 is coupled to server side 102.

Some of the user-side computing devices 101 may also be not coupled to the server 102, but directly coupled to the blockchain system as blockchain link points; for example, the device 4 may be directly coupled to the blockchain system 103 as a blockchain link point.

In one embodiment shown, the user-side computing device 101, may also include one or more user-side servers; for example, device 5 and device 6. Some of the user-side computing devices 101 may be coupled to the user-side server; for example, device 1 is coupled to device 5 and device 2 is coupled to device 6. The user-side server may be further coupled to the blockchain system as a blockchain link point, or may be further coupled to the server 102 through various communication networks; for example, the device 5 may be further coupled directly to the blockchain system as a blockchain link point, and the device 6 is further coupled to the server side 102.

In an embodiment shown, the user-side server may be implemented by a service entity that builds a user account system; the service entities may include an operator entity that provides service bearers for various online and/or offline services to the user. Correspondingly, the operation entity may include an operator corresponding to the service bearer; for example, the operation entity may include an individual, an organization, and the like that operate and manage the service bearer.

In one embodiment shown, the server side 102 may also be coupled to one or more blockchain systems through various communication networks; for example, the server side 102 is respectively coupled to the blockchain system 103, the blockchain system 104, and the blockchain system 105, and so on.

In one illustrated embodiment, the communication network may include wired and/or wireless communication networks; for example, it may be a Local Area Network (LAN), wide Area Network (WAN), internet, or a combination thereof implemented based on a wired access Network or a wireless access Network provided by an operator, such as a mobile cellular Network.

In one embodiment, each blockchain system may maintain one or more blockchains (e.g., public blockchains, private blockchains, federation blockchains, etc.) and include a plurality of blockchain nodes for carrying the one or more blockchains; for example, a block chain node 1, a block link point 2, a block link point 3, a block link point 4, a block link point i, etc., as shown in fig. 1, may collectively carry one or more block chains. And cross-chain data access can be performed among the blockchains contained in each blockchain system and among the blockchain systems.

In one embodiment shown, the block link points may be physical devices, or may be virtual devices implemented in a server or a server cluster; for example, a block link point may be one physical host in a server cluster, or may be a virtual machine created by virtualizing hardware resources carried by a server or a server cluster based on a virtualization technology. Each blockchain node may be coupled together by various types of communication methods (e.g., TCP/IP, etc.) to form a network to carry one or more blockchains.

In one illustrated embodiment, the server side 102 may include a BaaS platform (also referred to as BaaS cloud) for providing a Blockchain Service (BaaS).

The BaaS platform may provide block chain services to user-side computing devices coupled to the BaaS platform by providing pre-compiled software for activities that occur on the block chain (such as subscription and notification, user verification, database management, and remote updates).

For example, a BaaS platform may provide software such as MQ (Message Queue) services; the user side computing equipment coupled with the BaaS platform can subscribe an intelligent contract deployed on a certain blockchain in a blockchain system coupled with the BaaS platform and generate a contract event on the blockchain after triggering execution; and the BaaS platform can monitor the event generated on the block chain after the intelligent contract is triggered to be executed, and then based on software related to MQ service, the contract event is added to the message queue in the form of notification message, so that the user side computing equipment subscribing the message queue can obtain the notification related to the contract event.

For data generated outside the blockchain, it can be constructed into a standard transaction (transaction) format supported by the blockchain and then published to the blockchain, with all nodes in the blockchain network agreeing on the transaction. After the consensus is achieved, the transaction can be persisted in the blockchain by a node in the blockchain network as a billing node.

In a programmable blockchain, a user may be supported to create and invoke some complex logic in the blockchain network by providing the user with the functionality of smart contracts (smart contracts). An intelligent contract is a program on a blockchain that can be executed triggered by a transaction. An intelligent contract may be defined in the form of code.

After the intelligent contract is created, a contract account corresponding to the intelligent contract appears on the blockchain and has a specific address. The behavior of an intelligent contract is controlled by a contract code (code) in the contract account, while an account store (store) in the contract account preserves the state of the intelligent contract.

The transaction for invoking the smart contract may include the address of the account from which the intelligent contract was initiated to invoke, the address of the intelligent contract to be invoked, and the methods and parameters for invoking the intelligent contract. After invoking the smart contract, the state of the smart contract may change; the status of an intelligent contract may be viewed by communicating with the block link points.

The intelligent contract can be independently executed by each node in the blockchain network in a specified mode, all execution records and related data can be stored on the blockchain, and therefore after the execution of the transaction is finished, transaction certificates which cannot be tampered and cannot be lost are stored on the blockchain.

The intelligent contracts deployed on the blockchain can only access data contents stored on the blockchain generally; in practical applications, for some complex business scenarios implemented based on the intelligent contract technology, the intelligent contract may need to access external data stored on the data entity outside the chain.

In this scenario, the intelligent contract deployed on the blockchain may access data on the data entities outside the chain through the predictive engine program, thereby implementing data interaction between the intelligent contract and the data entities in the real world. The data entities outside the chain may include, for example, centralized servers or data centers deployed outside the chain.

In practical application, when a predictive engine program is deployed for an intelligent contract on a blockchain, a predictive engine intelligent contract corresponding to the predictive engine program can be deployed on the blockchain; wherein, the intelligent contract of the prediction machine is used for maintaining external data sent by the prediction machine program to the intelligent contract on the block chain; for example, external data sent by the predictive machine program to the smart contract on the blockchain may be stored in the account storage space (storage field) of the predictive machine smart contract.

When a target intelligent contract on the blockchain is called, external data required by the target intelligent contract can be read from the account storage space of the prediction machine intelligent contract to complete the calling process of the intelligent contract.

It should be noted that, when sending external data to the intelligent contract on the blockchain, the predictive engine program may adopt an active sending mode or a passive sending mode.

In one implementation, the data entity outside the chain may send external data to be provided to the target intelligent contract to the intelligent contract of the predictive controller after signing by using the private key of the predictive controller program; for example, the signed external data may be sent to the intelligent contract of the prediction machine in a periodic sending manner;

the intelligent contract of the predictive machine can maintain a CA certificate of the predictive machine program, after receiving external data sent by a data entity outside the chain, the signature of the external data can be verified by using a public key of the predictive machine program maintained in the CA certificate, and after the signature passes, the external data sent by the data entity outside the chain is stored in an account storage space of the intelligent contract of the predictive machine.

In another implementation manner, when a target intelligent contract on a blockchain is called, if external data required by the target intelligent contract is not read from an account storage space of the predictive machine intelligent contract, the predictive machine intelligent contract may interact with the predictive machine program by using an event mechanism of the intelligent contract, and the external data required by the target intelligent contract is sent to the account storage space of the predictive machine intelligent contract by the predictive machine program.

For example, when a target intelligent contract on a blockchain is called, if external data required by the target intelligent contract is not read from an account storage space of the intelligent contract of the language predictive machine, the intelligent contract of the language predictive machine can generate an external data acquisition event, record the external data acquisition event into a transaction log of the transaction calling the intelligent contract, and store the transaction log into a storage space of a node device; the predicting machine program can monitor a transaction log generated by the predicting machine intelligent contract stored in the storage space of the node device, and after monitoring an external data acquisition event in the transaction log, respond to the monitored external data acquisition event and send external data required by the target intelligent contract to the predicting machine intelligent contract.

The event mechanism of the intelligent contract is a mode for the interaction between the intelligent contract and the out-of-chain entity. For intelligent contracts deployed on blockchains, direct interaction with out-of-chain entities is generally not possible; for example, the intelligent contract cannot generally send the invocation result of the intelligent contract to the invocation initiator of the intelligent contract point-to-point after the invocation is completed.

The call results (including intermediate results and final call results) generated by the intelligent contract during the call are usually recorded in the form of events (events) to the transaction log (transaction logs) of the transaction that called the intelligent contract, and stored in the memory space of the block link point. And the entity outside the chain which needs to interact with the intelligent contract can acquire the calling result of the intelligent contract by monitoring the transaction log stored in the storage space of the block chain node.

The technical scheme includes that a target digital file to be signed can be stored in a block chain in an encrypted mode, then signing processing operation aiming at the target digital file initiated by a signing initiator can be responded, other signing participants participating in signing the target digital file are determined, decryption logic contained in a first intelligent contract which is deployed on the block chain and used for signing management of the target digital file is called, the encrypted target digital file stored in the block chain is decrypted, encryption logic contained in the first intelligent contract is further called, and the target digital file is encrypted again based on public keys of the other signing participants, so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file again based on private keys of the other signing participants, and sign and process the target digital file.

In particular implementation, on one hand, the target digital file to be signed can be stored in the block chain in an encrypted manner; in another aspect, a first intelligent contract for performing signing management on the target digital file may be deployed on the blockchain.

For the target digital file, the signing initiator can initiate signing processing operation aiming at the target digital file through the client.

When the client detects the signing processing operation, the client may determine other signing participants who participate in signing the target digital file in response to the signing processing operation.

The client may invoke a decryption logic included in the first intelligent contract to decrypt the encrypted target digital file stored in the blockchain when determining other signing participants who participate in signing the target digital file. Since the encrypted target digital file is stored in the blockchain, in this case, the unencrypted original target digital file can be obtained by decrypting the encrypted target digital file.

When the encrypted target digital file is decrypted by calling the decryption logic included in the first intelligent contract, the encryption logic included in the first intelligent contract may be further called, the target digital file may be re-encrypted based on the public keys of the other signing participants, and then the signing participants may respond to the obtained re-encrypted target digital file and re-decrypt the re-encrypted target digital file based on the private keys of the signing participants, so as to obtain the unencrypted and original target digital file, and sign the target digital file.

Through the above manner, on the first hand, since the encrypted digital file is stored in the block chain, in this case, the unencrypted and original digital file cannot be directly obtained from the block chain, so that the data security of the digital file can be ensured; in the second aspect, when the digital file is provided to a signing participant who participates in signing the digital file and the signing participant signs the digital file, the digital file can be encrypted based on the public key of the signing participant, so that data leakage in the data interaction process can be avoided, and the data security of the digital file is further improved.

Referring to fig. 2, fig. 2 is a flowchart illustrating a block chain-based digital file signing method according to an exemplary embodiment of the present disclosure.

In this embodiment, the block chain-based digital document signing method may be applied to a client corresponding to a signing initiator. The signing initiator can initiate signing processing operation for the digital file needing signing processing through the client, and the client corresponding to the signing participant can perform data interaction with the blockchain, so that signing processing of the digital file is completed. Wherein, the signing initiator can be a user initiating the signing process of the digital file; the signing party may be a user that participates in signing the digital document.

In conjunction with the network environment shown in FIG. 1, the client described above may run on device 4 in user-side computing device 101. The blockchain described above may be any type of blockchain that provides intelligent contract functionality.

For any digital file to be signed (hereinafter referred to as the target digital file), it may be stored encrypted in the blockchain described above. Accordingly, an intelligent contract (hereinafter referred to as a first intelligent contract) for performing signing management on the target digital file may be deployed on the blockchain.

In one illustrated embodiment, the target digital file may be an electronic contract. Electronic contracts are often cases that require common signing by multiple parties; that is, there may be more than one signing party to an electronic contract. The user may refer to an individual, or may refer to an organization, and the like, which is not limited in this specification.

The block chain-based digital document signing method can comprise the following steps:

step 202: in response to a signing processing operation initiated by the signing initiator for the target digital document, determining other signing participants that are involved in signing the target digital document.

In this embodiment, for the target digital file, the signing initiator may initiate a signing processing operation for the target digital file through the client.

Specifically, the client may output a user interface for signing the digital file to the signing initiator as shown in fig. 3. The signing initiator may upload the target digital document first in the user interface, and select a required signing party from all users, and then may click a "confirm" button after the uploading of the target digital document and the selection of the required signing party are completed, to trigger the signing process of the target digital document by the required signing party. In this case, the client may determine the user's click operation on the "confirm" button as the signing processing operation initiated by the signing initiator for the target digital file.

As described above, the signing initiator may select a required signing participant from all users through the user interface for signing the digital document, so as to determine the required signing participant as another signing participant participating in signing the target digital document.

Or, according to the file content of the target digital file, the required signing participants can be determined from all users; at this time, the signing participants are users who need to sign the target digital document under practical conditions. Subsequently, the signing participants may be determined to be other signing participants that participate in signing the target digital document.

In practical applications, the signing initiator of the target digital file may be any one of a plurality of signing participants of the target digital file; alternatively, instead of multiple signing parties belonging to the target digital document, users other than the multiple signing parties may be used; this is not limited by the present description.

If the signing initiator is any one of the signing participants, the signing initiator is generally considered to have signed the target digital file and stores the target digital file in the blockchain in an encrypted manner. In this case, the other signing participants mentioned above may comprise other signing participants of the plurality of signing participants than the signing initiator.

If the signing initiator is a user other than the plurality of signing participants, the other signing participants may include the plurality of signing participants.

Step 204: and responding to the determined other signing participants, calling decryption logic contained in the first intelligent contract, and decrypting the encrypted target digital file stored in the block chain.

In this embodiment, the client may invoke the first intelligent contract when determining other signing participants who participate in signing the target digital file.

In practical applications, the client may construct the call data for calling the first intelligent contract into a standard transaction format supported by the blockchain, as a contract call transaction, and issue the contract call transaction to the blockchain, where all the blockchain nodes in the blockchain agree with the contract call transaction. After agreement is reached, the contract invocation transaction may be packaged into blocks by blockchain nodes in the blockchain that act as accounting nodes. For the contract invocation transaction packaged into a block, each block link point in the block chain may invoke the first intelligent contract in response to the contract invocation transaction.

Specifically, the block chain node may invoke decryption logic included in the first intelligent contract, that is, execute a partial code corresponding to the decryption logic in the code of the first intelligent contract, and perform decryption processing on the encrypted target digital file stored in the block chain. Since the encrypted target digital file is stored in the blockchain, in this case, the unencrypted original target digital file can be obtained by decrypting the encrypted target digital file.

Step 206: and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

In this embodiment, when the decryption logic included in the first intelligent contract is invoked to complete the decryption process on the encrypted target digital file, that is, to decrypt the target digital file, the encryption logic included in the first intelligent contract may be further invoked to re-encrypt the target digital file based on the public keys of the other signing participants, and then, in response to the obtained re-encrypted target digital file, the signing participants may re-decrypt the re-encrypted target digital file based on the private keys of the signing participants to obtain the original target digital file without encryption, and sign the target digital file.

Taking any one of the other signing participants (hereinafter referred to as a target signing participant) as an example, the encryption logic included in the first intelligent contract may be further invoked, the target digital file is re-encrypted based on the public key of the target signing participant, and subsequently, the target signing participant may respond to the obtained re-encrypted target digital file and re-decrypt the re-encrypted target digital file based on the private key of the target signing participant to obtain the unencrypted and original target digital file, and sign the target digital file. The private key of the target signing participant and the public key of the target signing participant are a pair of asymmetric keys held by the target signing participant.

It should be noted that, the signing party in this specification may also refer to a client corresponding to the signing party.

The embodiment shown in fig. 2 will be described in detail below in terms of decrypting the target digital file stored in the blockchain in an encrypted manner, re-encrypting the target digital file, re-decrypting the target digital file, and performing a signing process on the target digital file.

(1) Decrypting the encrypted target digital file stored in the blockchain

In one embodiment, the target digital file may be stored in the blockchain encrypted based on a symmetric key corresponding to the first smart contract.

In this case, when the decryption logic included in the first smart contract is invoked to decrypt the encrypted target digital file stored in the block chain, the decryption logic included in the first smart contract may be specifically invoked to decrypt the encrypted target digital file stored in the block chain based on the symmetric key corresponding to the first smart contract.

In an illustrated embodiment, in order to further improve data security, a TEE (Trusted Execution Environment) may be installed on a node device in the block chain, and the first smart contract may be deployed in the TEE. Accordingly, a symmetric key corresponding to the first smart contract may be stored in the TEE.

Specifically, the code of the first smart contract may be encrypted based on the symmetric key corresponding to the first smart contract, and the encrypted first smart contract is deployed in the blockchain, and then the encrypted first smart contract stored in the blockchain may be loaded into the TEE, and the TEE decrypts the encrypted first smart contract based on the symmetric key, and executes the code of the first smart contract obtained through decryption, so as to implement invocation of the first smart contract.

In this case, when the encrypted target digital file stored in the block chain is decrypted based on the symmetric key corresponding to the first smart contract, the encrypted target digital file stored in the block chain may be decrypted in the TEE based on the symmetric key stored in the TEE.

(2) Re-encrypting the target digital file

In an embodiment shown, a TEE may be installed on a node device in the blockchain, and the first smart contract may be deployed in the TEE. Accordingly, a symmetric key corresponding to the first smart contract may be stored in the TEE.

In this case, when the encryption logic included in the first intelligent contract is called and the target digital file is re-encrypted based on the public keys of the other signing participants, the encryption logic included in the first intelligent contract may be called specifically, and the target digital file is re-encrypted based on the public keys of the signing participants in the TEE.

(3) Re-decrypting the target digital document and signing the target digital document

In practical application, the other signing participants can keep their private keys in their own custody; or the signing participants can host and store the private keys of the signing participants to a storage system, so that the private keys of the signing participants can be directly obtained from the storage system when the digital file is signed and processed, the signing participants do not need to provide the private keys, and convenience is provided for the signing participants while the data security of the private keys is guaranteed.

In one embodiment shown, if the other signing parties themselves keep their private keys, they need to re-decrypt the target digital file.

In the case where the target digital file is re-encrypted based on the public key of the other signing participants by calling the encryption logic included in the first intelligent contract, since the re-encrypted target digital file is the calling result of the first intelligent contract, in this case, the signing events of the signing participants for the target digital file can be generated, and the events can be recorded in the transaction log of the contract calling transaction and stored in the block chain. Wherein the signing event may comprise the target digital file re-encrypted based on the public keys of the signing participants.

The other signing participants can acquire the signing event by monitoring the transaction log stored in the block chain, so that the target digital file included in the signing event after being encrypted again is acquired. Alternatively, the signing participants may subscribe to the signing event from an SDK (Software Development Kit) deployed at a block link point in the block chain as an event notification center to send the signing event to the signing participants when the SDK detects that the signing event is generated, so that the signing participants can retrieve the signing event and thus the target digital file included in the signing event after re-encryption.

Subsequently, the other signing participants can respond to the obtained re-encrypted target digital file, re-decrypt the re-encrypted target digital file based on the private keys of the signing participants to obtain the original target digital file without encryption, and sign the target digital file.

In an embodiment shown, a second intelligent contract for signing the target digital file based on the digital seals of the other signing participants may be further deployed on the blockchain.

In this case, for the other signing participants who keep their private keys in their own storage, the signing participants can decrypt the re-encrypted target digital file again based on the private keys of the signing participants to obtain the original target digital file without encryption, and can generate authorization information for signing the target digital file based on the digital seals of the signing participants, and sign the authorization information based on the private keys of the signing participants.

Subsequently, the other signing participants may submit the re-decrypted target digital file and the signed authorization information as call parameters to the second intelligent contract to call the second intelligent contract.

In practical applications, the other signing participants may construct the invoking parameter into a standard transaction format supported by the blockchain as a contract invoking transaction, and issue the contract invoking transaction to the blockchain, where all blockchain nodes in the blockchain agree on the contract invoking transaction. After agreement is reached, the contract invocation transaction may be packaged into blocks by blockchain nodes in the blockchain that act as accounting nodes. For the contract invocation transaction packaged into a block, each block link point in the block chain may invoke the second intelligent contract in response to the contract invocation transaction.

Specifically, the block chain node may invoke a signature logic included in the second intelligent contract, verify the signature of the authorization information based on the public keys of the other signing participants, and perform signature processing on the re-decrypted target digital file based on the digital seals of the signing participants after the verification is passed, so as to complete signature processing on the target digital file.

In one embodiment, if the other signing parties escrow their private keys for storage in a storage system, the signing parties may be replaced by second intelligent contracts deployed on the blockchain for signing the target digital file based on their digital seals, to re-decrypt the target digital file.

When the target digital file is encrypted again based on the public keys of the other signing participants by calling the encryption logic contained in the first intelligent contract, the first intelligent contract can continue to generate authorization information for signing the target digital file based on the digital seals of the signing participants, and the private keys of the signing participants are obtained from the storage system so as to sign the authorization information based on the private keys of the signing participants.

Subsequently, the target digital file which is re-encrypted and the authorization information which is signed can be submitted to the second intelligent contract by the first intelligent contract as a call parameter for calling the cross-contract, so as to call the second intelligent contract.

In practical applications, the first smart contract may create a message including the re-encrypted target digital file and the signed authorization information based on a message call mechanism between different smart contracts, and send the message to the second smart contract, so that the second smart contract may respond to the message when receiving the message, obtain the signed re-encrypted target digital file and the signed authorization information in the message, and execute a corresponding code in codes of the second smart contract based on the re-encrypted target digital file and the signed authorization information.

Specifically, the signing logic included in the second intelligent contract may be invoked across contracts, on one hand, the private keys of the signing participants are obtained from the storage system, so as to decrypt the re-encrypted target digital file based on the private keys of the signing participants, on the other hand, the signature of the authorization information is verified based on the public keys of the signing participants, and after the verification is passed, the re-decrypted target digital file is further signed based on the digital seals of the signing participants, so as to complete the signing processing of the target digital file.

In practical application, the digital seals of the other signing participants can be stored in the block chain in advance, so that the digital seals of the signing participants can be directly acquired from the block chain when the digital seals of the signing participants need to be used subsequently.

Through the manner, on the first hand, because the encrypted digital file is stored in the blockchain, in this case, the unencrypted and original digital file cannot be directly obtained from the blockchain, so that the data security of the digital file can be ensured; in the second aspect, when the digital file is provided to a signing participant who participates in signing the digital file and the signing participant signs the digital file, the digital file can be encrypted based on the public key of the signing participant, so that data leakage in the data interaction process can be avoided, and the data security of the digital file is further improved.

Referring to fig. 4, fig. 4 is a block chain-based digital file signature method according to an exemplary embodiment of the present disclosure.

In this embodiment, the block chain-based digital file signing method described above may be applied to clients corresponding to signing parties. The client and the client corresponding to the signing initiator may perform data interaction with the blockchain, thereby completing the signing process of the digital file. Wherein, the signing initiator can be a user initiating the signing process of the digital file; the signing participant may be a user that participates in signing the digital document.

In conjunction with the network environment shown in FIG. 1, the client described above may run on device 4 in user-side computing device 101. The blockchain may be any type of blockchain that provides intelligent contract functionality.

In one illustrated embodiment, the target digital file may be an electronic contract. Electronic contracts are often cases that require common signing by multiple parties; that is, there may be more than one signing party to an electronic contract. The user may refer to an individual, an organization, and the like, which is not limited in this specification.

step 402: acquiring the encrypted target digital file; the encrypted target digital file is obtained by a signing initiator calling a decryption logic contained in the first intelligent contract when determining other signing participants participating in signing the target digital file in response to signing processing operation, initiated by the signing initiator, on the target digital file, the signing processing operation is initiated by the signing initiator aiming at the target digital file, and in response to the completion of the decryption processing on the target digital file, the decryption logic contained in the first intelligent contract is further called, and the decrypted target digital file is encrypted based on a public key of the other signing participants.

Step 404: and in response to the obtained encrypted target digital file, decrypting the encrypted target digital file based on the private keys of the other signing participants.

Step 406: and signing the decrypted target digital file.

In one embodiment, the obtaining the encrypted target digital file includes:

acquiring the signing event of the other signing participants for the target digital file from the block chain; wherein the signing event is generated by the signing initiator and stored to the blockchain; the signing event comprises the encrypted target digital file.

In one embodiment, a second intelligent contract used for signing the target digital file based on the digital seals of the other signing participants is also deployed on the blockchain;

the signing processing of the decrypted target digital file includes:

generating authorization information for signing the target digital file based on the digital seals of the other signing participants, and signing the authorization information based on the private keys of the other signing participants;

and submitting the decrypted target digital file and the signed authorization information as calling parameters to the second intelligent contract so as to call signature logic contained in the second intelligent contract, verifying the signature of the authorization information based on the public keys of other signing participants, and signing the decrypted target digital file based on the digital seals of the other signing participants after the verification is passed so as to finish signing the target digital file.

For specific implementation of each step in the embodiment shown in fig. 4, reference may be made to the embodiment shown in fig. 2, and details are not repeated herein.

Referring to fig. 5, fig. 5 illustrates another block chain-based digital file signature method according to an exemplary embodiment of the present disclosure.

The digital file signing method based on the block chain can be applied to a block chain service platform. The signing initiator can initiate signing processing operation aiming at the digital file needing signing processing through the client corresponding to the signing initiator, the client corresponding to the signing initiator and the client corresponding to the signing participant can perform data interaction with the blockchain service platform, and the blockchain service platform can further perform data interaction with the blockchain, so that the signing processing of the digital file is completed. Wherein, the signing initiator can be a user initiating the signing process of the digital file; the signing participant may be a user that participates in signing the digital document.

In conjunction with the network environment shown in FIG. 1, the client described above may run on device 3 in user-side computing device 101; the blockchain service platform may run on the server side 102. The blockchain described above may be any type of blockchain that provides intelligent contract functionality.

In one illustrated embodiment, the target digital file may be an electronic contract. Electronic contracts are often cases that require common signing by multiple parties; that is, there may be multiple signing participants for an electronic contract. The user may refer to an individual, an organization, and the like, which is not limited in this specification.

step 502: and receiving a signing request sent by a client corresponding to a signing initiator in response to a signing processing operation initiated by the signing initiator for the target digital file.

In this embodiment, for the target digital file, the signing initiator may initiate signing processing operations for the target digital file through the client.

The client side can respond to the signing processing operation when detecting the signing processing operation, construct a signing request and send the signing request to the blockchain service platform, so that the blockchain service platform can receive the signing request.

Step 504: in response to the signing request, determining other signing parties that participate in signing the target digital file.

In this embodiment, when receiving the signing request, the blockchain service platform may determine other signing participants who participate in signing the target digital file in response to the signing request.

For a specific implementation of determining other signing parties participating in signing the target digital file, reference may be made to step 202, which is not described herein in detail.

Step 506: and responding to the determined other signing participants, calling decryption logic contained in the first intelligent contract, and decrypting the encrypted target digital file stored in the block chain.

Step 508: and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

For the specific implementation of step 506 and step 508, reference may be made to step 504 and step 506, which are not described herein again.

In one illustrated embodiment, the target digital file is stored in the blockchain encrypted based on a symmetric key corresponding to the first smart contract;

the decrypting the encrypted target digital file stored in the block chain includes:

and decrypting the encrypted target digital file stored in the block chain based on the symmetric key corresponding to the first intelligent contract.

In one illustrated embodiment, the first smart contract is deployed in a TEE hosted on a node device in the blockchain; a symmetric key corresponding to the first smart contract is maintained in the TEE;

the decrypting the encrypted target digital file stored in the blockchain based on the symmetric key corresponding to the first smart contract includes:

decrypting, in the TEE, the encrypted target digital file stored in the blockchain based on a symmetric key corresponding to the first intelligent contract maintained in the TEE;

the encrypting the decrypted target digital file based on the public key of the other signing participants comprises:

and encrypting the decrypted target digital file in the TEE based on the public keys of the other signing participants.

In one embodiment shown, the encrypting the decrypted target digital file based on the public key of the other signing party, so that the other signing party, in response to the obtained encrypted target digital file, decrypts the encrypted target digital file based on the private key of the other signing party, and signs the decrypted target digital file, includes:

encrypting the decrypted target digital file based on the public key of the other signing party, generating a signing event of the other signing party for the target digital file, and storing the signing event to the block chain, wherein the signing event comprises the encrypted target digital file, so that the other signing party acquires the signing event from the block chain, and in response to the signing event, decrypting the encrypted target digital file based on the private key of the other signing party, and signing the decrypted target digital file.

the encrypting the decrypted target digital file based on the public key of the other signing party, generating a signing event for the other signing party to the target digital file, and storing the signing event to the block chain, wherein the signing event includes the encrypted target digital file, so that the other signing party acquires the signing event from the block chain, and in response to the signing event, decrypting the encrypted target digital file based on the private key of the other signing party, and signing the decrypted target digital file, includes:

encrypting the decrypted target digital file based on the public key of the other signing party, generating a signing event for the other signing party to the target digital file, and storing the signing event to the block chain, wherein the signing event comprises the encrypted target digital file, so that the other signing party acquires the signing event from the block chain, in response to the signing event, decrypting the encrypted target digital file based on the private key of the other signing party, and generating authorization information for signing the target digital file based on the digital seal of the other signing party, signing the authorization information based on the private key of the other signing party, submitting the decrypted target digital file and the signed authorization information as calling parameters to the second intelligent contract, calling the signing logic contained in the second intelligent contract, verifying the signature of the authorization information based on the public key of the other signing party, and after the verification is passed, verifying the signature of the target digital file based on the public key of the other signing party, and completing the signing of the target digital file.

In one embodiment, a second intelligent contract for signing the target digital file based on the digital seals of the other signing participants is also deployed on the blockchain;

the encrypting the decrypted target digital file based on the public key of the other signing party so that the other signing party responds to the obtained encrypted target digital file, decrypting the encrypted target digital file based on the private key of the other signing party, and signing the decrypted target digital file, includes:

encrypting the decrypted target digital file based on the public keys of the other signing participants, generating authorization information for signing and sealing the target digital file based on the digital seals of the other signing participants, acquiring private keys hosted and stored by the other signing participants, signing and processing the authorization information based on the private keys, submitting the encrypted target digital file and the signed authorization information as calling parameters for cross-contract calling to the second intelligent contract, calling signature logic contained in the second intelligent contract in a cross-contract mode, acquiring the private keys hosted and stored by the other signing participants, decrypting the encrypted target digital file based on the private keys, verifying the signature of the authorization information based on the public keys of the other signing participants, and signing and processing the decrypted target digital file based on the digital seals of the other signing participants after the verification is passed, so as to finish signing and processing of the target digital file.

In one embodiment shown, the other signing participants comprise a plurality of signing participants.

In one illustrated embodiment, the target digital file comprises an electronic contract.

The specific implementation of each step in the embodiment shown in fig. 5 may refer to the embodiment shown in fig. 2, and this description is not repeated here.

In the above technical solution, a target digital file to be signed may be encrypted and stored in a blockchain, and then, in response to a signing processing operation initiated by a signing initiator and directed to the target digital file, other signing participants participating in signing the target digital file may be determined, a decryption logic included in a first intelligent contract deployed on the blockchain and used for signing and managing the target digital file is invoked, the encrypted target digital file stored in the blockchain is decrypted, an encryption logic included in the first intelligent contract is further invoked, the target digital file is re-encrypted based on public keys of the other signing participants, so that the other signing participants re-sign the encrypted target digital file in response to the obtained encrypted target digital file, re-decrypt the encrypted target digital file based on private keys of the other signing participants, and sign the target digital file.

In correspondence with the foregoing embodiments of the blockchain-based digital document signing method, the present specification also provides embodiments of a blockchain-based digital document signing apparatus.

The embodiment of the block chain-based digital document signing device can be applied to the electronic equipment. The apparatus embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. In terms of hardware, as shown in fig. 6, the present specification is a hardware structure diagram of an electronic device where a digital document signing apparatus based on a block chain is located, and besides the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 6, the electronic device where the apparatus is located in the embodiment may also include other hardware according to an actual function of the digital document signing based on the block chain, which is not described again.

Referring to fig. 7, fig. 7 is a block diagram of a block chain based digital document signing apparatus in an exemplary embodiment of the present specification.

The block chain-based digital document signing device can be applied to a client corresponding to a signing initiator running on the electronic equipment shown in fig. 6; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract is deployed on the blockchain for performing signing management on the target digital file.

The block chain-based digital document signing apparatus may include:

a determining module 701, configured to determine, in response to a signing processing operation initiated by the signing initiator and directed to the target digital file, other signing participants who participate in signing the target digital file;

the invoking module 702 is configured to invoke decryption logic included in the first intelligent contract in response to the determined other signing participants, and perform decryption processing on the encrypted target digital file stored in the block chain; and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

Referring to fig. 8, fig. 8 is a block diagram of a block chain based digital document signing apparatus in an exemplary embodiment of the present specification.

The block chain-based digital document signing apparatus can be applied to a client corresponding to a signing party running on an electronic device as shown in fig. 6; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract is deployed on the blockchain for performing signing management on the target digital file.

The block chain-based digital document signing apparatus may include:

an obtaining module 801, configured to obtain the encrypted target digital file; when the signing initiator responds to signing processing operation initiated by the signing initiator and aiming at the target digital file and determines other signing participants participating in signing the target digital file, the signing initiator calls decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain, responds to the completion of decryption processing of the target digital file, further calls the encryption logic contained in the first intelligent contract, and encrypts the decrypted target digital file based on the public keys of the other signing participants to obtain the encrypted target digital file;

the decryption module 802, in response to acquiring the encrypted target digital file, decrypts the encrypted target digital file based on the private keys of the other signing participants;

and the signing module 803 signs the decrypted target digital file.

Referring to fig. 9, fig. 9 is a block diagram of another block chain based digital document signing apparatus in an exemplary embodiment of the present specification.

The block chain-based digital document signing apparatus can be applied to a block chain service platform running on an electronic device as shown in fig. 6; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract is deployed on the blockchain for performing signing management on the target digital file.

The block chain-based digital document signing apparatus may include:

a receiving module 901, configured to receive a signing request sent by a client corresponding to a signing initiator in response to a signing processing operation initiated by the signing initiator for the target digital file;

a determining module 902, responsive to the signing request, determining other signing participants that participate in signing the target digital document;

the calling module 903 is used for calling decryption logic contained in the first intelligent contract in response to the determined other signing participants, and decrypting the encrypted target digital file stored in the block chain; and responding to the completion of the decryption processing of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants so that the other signing participants respond to the obtained encrypted target digital file, decrypt the encrypted target digital file based on the private keys of the other signing participants, and sign the decrypted target digital file.

For the device embodiments, they correspond substantially to the method embodiments, and so reference may be made to the method embodiments for relevant portions of their description.

The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the technical solution of the present specification.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises that element.

The foregoing description of specific embodiments has been presented for purposes of illustration and description. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used herein in one or more embodiments to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if," as used herein, may be interpreted as "at \8230; \8230when" or "when 8230; \823030when" or "in response to a determination," depending on the context.

The above description is intended only to be exemplary of the one or more embodiments of the present disclosure, and should not be taken as limiting the one or more embodiments of the present disclosure, as any modifications, equivalents, improvements, etc. that come within the spirit and scope of the one or more embodiments of the present disclosure are intended to be included within the scope of the one or more embodiments of the present disclosure.

Claims

1. A digital document signing method based on block chain is applied to a client corresponding to a signing initiator; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing and managing the target digital file is deployed on the blockchain; the method comprises the following steps:

2. The method of claim 1, wherein the target digital file is stored in the blockchain encrypted based on a symmetric key corresponding to the first smart contract;

3. The method of claim 2, the first smart contract deployed in a TEE hosted on a node device in the blockchain; a symmetric key corresponding to the first intelligent contract is maintained in the TEE;

decrypting the encrypted target digital file stored in the block chain in the TEE based on a symmetric key corresponding to the first intelligent contract maintained in the TEE;

the encrypting the decrypted target digital file based on the public keys of the other signing participants comprises the following steps:

4. The method according to claim 1, wherein the encrypting the decrypted target digital file based on the public key of the other signing party so that the other signing party, in response to the obtained encrypted target digital file, decrypts the encrypted target digital file based on the private key of the other signing party and signs the decrypted target digital file, includes:

encrypting the decrypted target digital file based on the public key of the other signing participants, generating a signing event of the other signing participants for the target digital file, storing the signing event to the block chain, wherein the signing event comprises the encrypted target digital file, so that the other signing participants acquire the signing event from the block chain, responding to the signing event, decrypting the encrypted target digital file based on the private keys of the other signing participants, and signing the decrypted target digital file.

5. The method according to claim 4, wherein a second intelligent contract for signing the target digital file based on the digital seals of the other signing participants is also deployed on the blockchain;

6. The method of claim 1, further deploying on the blockchain a second intelligent contract for signing the target digital document based on the digital seals of the other signing participants;

encrypting the decrypted target digital file based on the public keys of the other signing participants, generating authorization information for signing and processing the target digital file based on the digital seals of the other signing participants, acquiring private keys stored in escrow of the other signing participants, performing signature processing on the authorization information based on the private keys, submitting the encrypted target digital file and the signed authorization information as call parameters for cross-contract call to the second intelligent contract, calling signature logic contained in the second intelligent contract in a cross-contract manner, acquiring the private keys stored in escrow of the other signing participants, decrypting the encrypted target digital file based on the private keys, verifying the signature of the authorization information based on the public keys of the other signing participants, and signing and processing the decrypted target digital file based on the digital seals of the other signing participants after verification is passed, so as to complete the signing and processing on the target digital file.

7. The method of claim 1, the other signing participants comprising a plurality of signing participants.

8. The method of claim 1, the target digital file comprising an electronic contract.

9. A digital document signing method based on a block chain is applied to a client corresponding to a signing participant; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the method comprises the following steps:

acquiring the encrypted target digital file; when the signing initiator responds to signing processing operation initiated by the signing initiator and aiming at the target digital file and determines other signing participants participating in signing the target digital file, the signing initiator calls decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain, responds to the completion of decryption processing of the target digital file, further calls the encryption logic contained in the first intelligent contract, and encrypts the decrypted target digital file based on the public keys of the other signing participants to obtain the encrypted target digital file;

and signing the decrypted target digital file.

10. The method of claim 9, the obtaining the encrypted target digital file comprising:

obtaining the signing events of the other signing participants for the target digital file from the blockchain; wherein the signing event is generated by the signing initiator and stored to the blockchain; the signing event comprises the encrypted target digital file.

11. The method according to claim 9, wherein a second intelligent contract for signing the target digital file based on the digital seals of the other signing participants is also deployed on the blockchain;

the signing processing of the decrypted target digital file includes:

generating authorization information for signing and sealing the target digital file based on the digital seals of the other signing participants, and signing and processing the authorization information based on the private keys of the other signing participants;

12. A digital file signing method based on block chain is applied to a block chain service platform; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the method comprises the following steps:

in response to the signing request, determining other signing participants that participate in signing the target digital document;

in response to the determined other signing participants, invoking decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain; and the number of the first and second groups,

and in response to the completion of the decryption of the target digital file, further calling an encryption logic contained in the first intelligent contract, and encrypting the decrypted target digital file based on the public key of the other signing participants, so that the other signing participants can decrypt the encrypted target digital file based on the private keys of the other signing participants in response to the acquired encrypted target digital file and sign the decrypted target digital file.

13. The method of claim 12, wherein the target digital file is stored in the blockchain encrypted based on a symmetric key corresponding to the first smart contract;

14. The method of claim 13, the first intelligent contract deployed in a TEE hosted on a node device in the blockchain; a symmetric key corresponding to the first smart contract is maintained in the TEE;

15. The method according to claim 12, wherein the encrypting the decrypted target digital file based on the public key of the other signing party so that the other signing party, in response to the obtained encrypted target digital file, decrypts the encrypted target digital file based on the private key of the other signing party and signs the decrypted target digital file, comprises:

16. The method according to claim 15, wherein a second intelligent contract is further deployed on the blockchain for signing the target digital document based on the digital seals of the other signing participants;

the encrypting the decrypted target digital file based on the public key of the other signing party, generating a signing event for the other signing party to the target digital file, storing the signing event to the blockchain, wherein the signing event includes the encrypted target digital file, so that the other signing party acquires the signing event from the blockchain, and in response to the signing event, decrypting the encrypted target digital file based on the private key of the other signing party, and signing the decrypted target digital file, includes:

17. The method according to claim 12, wherein a second intelligent contract for signing the target digital file based on the digital seals of the other signing participants is also deployed on the blockchain;

18. The method of claim 12, the other signing participants comprising a plurality of signing participants.

19. The method of claim 12, the target digital file comprising an electronic contract.

20. A block chain-based digital document signing device is applied to a client corresponding to a signing initiator; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the device comprises:

the determining module is used for responding to the signing processing operation aiming at the target digital file initiated by the signing initiator and determining other signing participants who participate in signing the target digital file;

21. A block chain-based digital document signing device is applied to a client corresponding to a signing participant; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing management of the target digital file is deployed on the blockchain; the device comprises:

the acquisition module acquires the encrypted target digital file; when the signing initiator responds to signing processing operation, initiated by the signing initiator, for the target digital file and determines other signing participants participating in signing the target digital file, the signing initiator calls decryption logic contained in the first intelligent contract to decrypt the encrypted target digital file stored in the block chain, responds to the completion of decryption processing of the target digital file, further calls the encryption logic contained in the first intelligent contract, and encrypts the decrypted target digital file based on a public key of the other signing participants to obtain the encrypted target digital file;

and the signing module is used for signing the decrypted target digital file.

22. A digital file signing device based on a block chain is applied to a block chain service platform; encrypting and storing a target digital file to be signed in a block chain; a first intelligent contract used for signing and managing the target digital file is deployed on the blockchain; the device comprises:

the receiving module is used for receiving a signing request sent by a client corresponding to a signing initiator in response to a signing processing operation aiming at the target digital file initiated by the signing initiator;

23. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any one of claims 1-8, 9-11, or 12-19 by executing the executable instructions.

24. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any of claims 1-8, 9-11, or 12-19.