WO2019157970A1

WO2019157970A1 - Certificate issuing systems and methods based on blockchain

Info

Publication number: WO2019157970A1
Application number: PCT/CN2019/074115
Authority: WO
Inventors: Jiaqi XUE; Shuang ZHAO; Zheng GONG; Renjie Zhang
Original assignee: Beijing Didi Infinity Technology And Development Co., Ltd.
Priority date: 2018-02-13
Filing date: 2019-01-31
Publication date: 2019-08-22
Also published as: CN110163641A; CN110163641B

Abstract

A system for certificate issuing is provided. The system may include a blockchain network. The blockchain network may include a plurality of nodes configured to communicate with each of the other one or more nodes of the plurality of nodes. The plurality of nodes may at least include a request node, at least one validation node, and an issue node. The request node may receive a request for one or more certificates. In response to the request, the blockchain network may generate a first contract encoding the request. The request node may generate an instruction to approve the request, and transmit the instruction to the at least one validation node. The at least one validation node may validate the instruction. Upon a determination that the instruction is valid, the issue node may issue at least a portion of the one or more certificates to the request node.

Description

CERTIFICATE ISSUING SYSTEMS AND METHODS BASED ON BLOCKCHAIN

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to Chinese Patent Application No. 201810150124.6, filed on February 13, 2018, the contents of which are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

The present disclosure generally relates to systems and methods for certificate issuing, and in particular, to systems and methods for certificate issuing using a blockchain network.

BACKGROUND

With the development of Internet technology, certificates (e.g., a discount coupon) are widely used in marketing and sales to stimulate consumers to purchase products. Conventionally, certificates of a certificate system are generated and issued in a centralized manner. For example, a request for certificates may need to be approved by a certain entity (e.g., a central server) of the certificate system and issued to a corresponding requester by the certain entity after approval. This certificate system may have a potential security risk, for example, information in the certificate system can be easily tampered. Blockchain technique is increasingly used for maintaining a growing list of records (e.g., transaction records) . For example, a peer-to-peer blockchain network may be used to store the records in a distributed, verifiable, and permanent way. Therefore, it is desirable to provide effective systems and methods for certificate issuing using a blockchain network.

SUMMARY

According to an aspect of the present disclosure, a certificate system may be provided. The system may include a blockchain network. The blockchain network may include a plurality of nodes. Each of the plurality of nodes may be configured to communicate with each of the other one or more nodes of the plurality of nodes. The plurality of nodes may at least include a request node, at least one validation node, and an issue node. The system may further include at least one storage device including a set of instructions, and at least one processor in communication with the at least one storage device. When executing the instructions, the at least one processor may be configured to direct the system to perform one or more of the following operations. The request node may receive a request for one or more certificates. In response to the request, the system may generate a first contract encoding the request. The request node may generate an instruction to approve the request using a private key of the request node. The request node may transmit the instruction to approve the request to the at least one validation node. The at least one validation node may validate the instruction using a public key of the request node to generate a first validation result regarding the instruction. Upon a determination that first validation result that the instruction is valid, the issue node may issue at least a portion of the one or more certificates to the request node according the first contract.

In some embodiments, upon the first validation result that the instruction is valid, the issue node may generate the at least a portion of the one or more certificates according the first contract, and issue the at least a portion of the one or more certificates to the request node.

In some embodiments, the plurality of nodes may include an authority node. The authority node may generate a second contract encoding the generation of the at least a portion of the one or more certificates. The authority node may broadcast the second contract to each of the other one or more nodes of the blockchain network.

In some embodiments, the plurality of nodes may include an authority node. The authority node may generate a third contract encoding the issuing of the at least a portion of the one or more certificates. The authority node may broadcast the third contract to each of the other one or more nodes of the blockchain network.

In some embodiments, the plurality of nodes may include an authority node. The at least one validation node may include a financial node. Upon the first validation result that the instruction is valid, the financial node may allocate an asset for the request. The authority node may generate a fourth contract encoding the allocation of the asset. The issue node may validate the fourth contract to generate a second validation result regarding the fourth contract. Upon a second validation result that the fourth contract is valid, the issue node may generate at least a portion of the one or more certificates using the allocated asset.

In some embodiments, the issue node may update a certificate generation record by writing a fifth contract encoding the generation of the at least a portion of the one or more certificates into the certificate generation record. The issue node may broadcast the updated certificate generation record to each of the other one or more nodes of the blockchain network.

In some embodiments, the at least one validation node may include the issue node and a financial node. The financial node may validate the instruction using the public key of the request node to generate a third validation result. The issue node may validate the instruction using the public key of the request node to generate a fourth validation result, wherein the first validation result is based on the third validation result and the fourth validation result.

In some embodiments, upon the first validation result that the instruction is valid, the financial node may allocate an asset for the request according to the first contract. The issue node may generate the at least a portion of the one or more certificates using the allocated asset according to the first contract. The issue node may issue the at least a portion of the one or more certificates to the request node.

In some embodiments, the first contract may include at least one of an identity of the request node, a count of the one or more certificates, a discount rate of the one or more certificates, a discount amount of the one or more certificates, a validity period of the one or more certificates, a condition for use of the one or more certificates, a type of the one or more certificates, or a distribution rule of the one or more certificates.

According to another aspect of the present disclosure, a method for certificate issuing is provided. The method may be implemented on a blockchain network. The blockchain network may include a plurality of nodes. Each of the plurality of nodes may be configured to communicate with each of the other one or more nodes of the plurality of nodes. The plurality of nodes may at least include a request node, at least one validation node, and an issue node. The method may include receiving, by the request node, a request for one or more certificates. The method may also include generating a first contract encoding the request in response to the request. The method may also include generating, by the request node, an instruction to approve the request using a private key of the request node. The method may further include transmitting, by the request node to the at least one validation node, the instruction to approve the request. The method may further include validating, by the at least one validation node, the instruction using a public key of the request node to generate a first validation result regarding the instruction. The method may further include upon a determination that a first validation result that the instruction is valid, issuing, by the issue node, at least a portion of the one or more certificates to the request node according the first contract.

According to a further aspect of the present disclosure, a non-transitory computer readable medium is provided. The non-transitory computer readable medium may include executable instructions. When the executable instructions are executed by a blockchain network, the executable instructions may direct the blockchain network to perform a method. The blockchain network may include a plurality of nodes. Each of the plurality of nodes may be configured to communicate with each of the other one or more nodes of the plurality of nodes. The plurality of nodes may at least include a request node, at least one validation node, and an issue node. The method may include receiving, by the request node, a request for one or more certificates. The method may also include generating a first contract encoding the request in response to the request. The method may also include generating, by the request node, an instruction to approve the request using a private key of the request node. The method may further include transmitting, by the request node to the at least one validation node, the instruction to approve the request. The method may further include validating, by the at least one validation node, the instruction using a public key of the request node to generate a first validation result regarding the instruction. The method may further include upon a determination that a first validation result that the instruction is valid, issuing, by the issue node, at least a portion of the one or more certificates to the request node according the first contract.

Additional features will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following and the accompanying drawings or may be learned by production or operation of the examples. The features of the present disclosure may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities, and combinations set forth in the detailed examples discussed below.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is further described in terms of exemplary embodiments. These exemplary embodiments are described in detail with reference to the drawings. These embodiments are non-limiting exemplary embodiments, in which like reference numerals represent similar structures throughout the several views of the drawings, and wherein:

FIG. 1 is a schematic diagram illustrating an exemplary certificate system according to some embodiments of the present disclosure;

FIG. 2 is a schematic diagram illustrating exemplary hardware and/or software components of a computing device according to some embodiments of the present disclosure;

FIG. 3 is a schematic diagram illustrating exemplary hardware and/or software components of a mobile device according to some embodiments of the present disclosure;

FIG. 4 is a flowchart illustrating an exemplary process for certificate issuing according to some embodiments of the present disclosure;

FIG. 5 is a flowchart illustrating an exemplary process for certificate issuing according to some embodiments of the present disclosure;

FIG. 6 is a flowchart illustrating an exemplary process for certificate issuing according to some embodiments of the present disclosure; and

FIG. 7 is a block diagram illustrating an exemplary processing device according to some embodiments of the present disclosure.

DETAILED DESCRIPTION

The following description is presented to enable any person skilled in the art to make and use the present disclosure and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present disclosure is not limited to some embodiments shown but is to be accorded the widest scope consistent with the claims.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting. As used herein, the singular forms “a, ” “an, ” and “the” may be intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprise, ” “comprises, ” and/or “comprising, ” “include, ” “includes, ” and/or “including, ” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

These and other features, and characteristics of the present disclosure, as well as the methods of operation and functions of the related elements of structure and the combination of parts and economies of manufacture, may become more apparent upon consideration of the following description with reference to the accompanying drawings, all of which form a part of this disclosure. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended to limit the scope of the present disclosure. It is understood that the drawings are not to scale.

The flowcharts used in the present disclosure illustrate operations that systems implement according to some embodiments of the present disclosure. It is to be expressly understood, the operations of the flowchart may be implemented not in order. Conversely, the operations may be implemented in inverted order, or simultaneously. Moreover, one or more other operations may be added to the flowcharts. One or more operations may be removed from the flowcharts.

An aspect of the present disclosure certificate systems and certificate issuing methods. As used herein, the term “certificate” may refer to a ticket or a document that can be redeemed for a financial discount and/or rebate for purchasing or requesting a product or service. The certificate may also be referred to as a coupon. The certificate systems may include a blockchain network. The blockchain network may include a plurality of nodes, including a request node, at least one validation node (e.g., a financial node and/or an issue node) , and the issue node. The request node may receive a request for one or more certificates. In response to the request, the blockchain network may generate a first contract encoding the request. The request node may generate an instruction to approve the request using a private key of the request node. The request node may transmit the instruction to approve the request to the at least one validation node. The at least one validation node may validate the instruction using a public key of the request node to generate a first validation result. If the first validation result shows that the instruction is valid, the issue node may issue at least a portion of the one or more certificates to the request node according the first contract.

According to some embodiments of the present disclosure, the instruction to approve the request may need to be validated by the at least one validation node to verify an identity of a producer of the instruction and/or data integrity of the instruction. The request may be fulfilled only if the first validation result shows that the instruction is valid. This may prevent a bogus request or a tampered request from being fulfilled in the certificate systems. In addition, the blockchain network may generate one or more contracts recoding one or more events occurred in the certificate systems, such as the reception of the certificate request, the generation of the instruction, the generation of the first validation result, the issuing of the certificate (s) , or the like, or any combination thereof. The contract (s) may be broadcasted to and/or stored by each node of the certificate system, such that the contract (s) are stored in a distributed way to avoid information tampering.

Moreover, in some embodiments of the present disclosure, the systems and methods may employ one or more information security techniques (e.g., an information encryption and decryption technology, a digital signature technology) in information communication. This may allow secured communication and/or accurate transmission of specific data from a specific sender to a specific receiver (e.g., from specific node to another specific node in the blockchain network) .

FIG. 1 is a schematic diagram illustrating an exemplary certificate system according to some embodiments of the present disclosure. Certificate system 100 may be used to generate, issue, and/or manage certificates. The certificates may be redeemed for a financial discount and/or rebate for purchasing or requesting a product and/or a service. The product and/or service may include food, medicine, commodity, chemical product, electrical appliance, clothing, car, housing, luxury, or any other product, or any combination thereof. In some other embodiments, the product and/or service may include a servicing product, a financial product, a knowledge product, an Internet product, or the like, or any combination thereof. The Internet product may include an individual host product, a web product, a mobile Internet product, a commercial host product, an embedded product, or the like, or any combination thereof. The mobile internet product may be used in software of a mobile terminal, a program, a system, or the like, or any combination thereof. For example, the product may be any software and/or application used on the computer or mobile phone. The software and/or application may relate to socializing, shopping, transporting, entertainment, learning, investment, or the like, or any combination thereof.

In some embodiments, the certificates of the certificate system 100 may be used in purchasing or requesting one or more Online to Offline (O2O) services. Exemplary O2O services may include a transportation service, a meal delivery service, a delivery service, a shopping service, or the like, or any combination thereof. Particularly, in some embodiments, the certificates of the certificate system 100 may be used in purchasing or requesting one or more transportation services, such as a taxi hailing service, a chauffeur service, a carpool service, a bus service, a driver hiring service, a shuttle service, or the like, or any combination thereof.

In some embodiments, the certificates of the certificate system 100 may include one or more electronic certificates. The electronic certificate (s) may be directly used in purchasing or requesting one or more products. Alternatively, the electronic certificate (s) may need to be printed as a physical copy and the physical copy may be used in purchasing or requesting the product (s) .

As illustrated in FIG. 1, the certificate system 100 may include a blockchain network 110, a network 120, a user terminal 140, and a storage device 150. The blockchain network 110 may be configured to perform one or more methods for certificate generation, issuing, and/or management disclosed in this disclosure. The blockchain network 110 may be a decentralized network including a plurality of nodes 130. The nodes 130 may be connected to each other via the network 120 instead of being connected to a central server. In some embodiments, the blockchain network 110 may also be referred to as a coupon platform.

As used herein, a node 130 may refer to a computing unit that is capable of executing one or more functions of the node 130 disclosed in the present disclosure. The node 130 may be implemented on any type of computing device. For example, a node 130 may be implemented on a computing device, such as a personal computer, a tablet computer, a laptop computer, a mobile device, or the like, or a portion of the computing device. As another example, a node 130 may be implemented on a computing system including a plurality of computing devices. In some embodiments, a node 130 may be implemented on one or more components of a computing device 200 as shown in FIG. 2. In some embodiments, a node 130 may be implemented on one or more components of a mobile device 300 as shown in FIG. 3. In some embodiments, a node 130 may be implemented on a cloud platform. Merely by way of example, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, an inter-cloud, a multi-cloud, or the like, or any combination thereof.

In some embodiments, the blockchain network 110 may utilize a digital ledger to maintain a growing list of certificate records of the certificate system 100. The certificate records may include, for example, a certificate generation record, a certificate issuing record, a certificate using record, or the like, or any combination thereof. The digital ledger may be held and/or maintained by each node 130 of the blockchain network 110, making the digital ledger being decentralized and distributed. In some embodiments, the digital leger may include a chain of blocks (or referred to as a blockchain) . Each block may encode one or more records and be cryptographically linked to a previous block. For example, after a set of certificates are generated or issued by the blockchain network 110, a new block may be generated to record the generation or issuing of the set of certificates. The new block may be broadcasted to each node 130 of the blockchain network 110, wherein each node 130 may further update its digital ledger by adding the new block into the digital ledger. In some embodiments, information recorded in the digital ledger of a node 130 is stored in a verifiable and permanent way, and not allowed to be modified retroactively. For example, the information may be stored in a read-only database. In some embodiments, the blockchain network 110 may be of any type of blockchain networks, such as a public blockchain network, a private blockchain network, a semi-private blockchain network, a consortium blockchain network, or the like, or any combination thereof.

In some embodiments, the plurality of nodes 130 of the blockchain network 110 may have the same function or different functions. Merely by way of example, the nodes 130 may include a request node, a validation node, a financial node, an issue node, an authority node, or the like, or any combination thereof. The request node may be configured to receive requests for certificates (also referred to as certificate requests) from users of the certificate system 100 and/or to process the requests. The validation node may be configured to validate certificate requests. For example, in response to a certificate request, the request node may be configured to generate an instruction to approve the certificate request and the validation node may be configured to validate the certificate request by validating the instruction. The financial node may be configured to manage (e.g., allocate) assets in the certificate system 100. The issue node may be configured to generate and/or issue certificates. Optionally, the issue node may be further configured to maintain a certificate generation record in the certificate system 100. The authority node may refer to a node 130 that is authorized to perform a certain action in the certificate system 100. For example, the authority node may be authorized to generate a contract encoding an event occurred in the certificate system 100 and/or a result of the event. Exemplary events occurred in the certificate system 100 may include a reception of a certificate request for one or more certificates, a generation of an instruction to approve the certificate request, a generation of a validation result regarding the instruction, a generation of the certificate (s) , an issuing of the certificate (s) , an allocation of an asset, a use of the certificate (s) , or the like, or any combination thereof. In some embodiments, the request node may also be referred to as a business node. The issue node may also be referred to as a coupon node.

In some embodiments, a node 130 may have a function of a single type of node. Alternatively, a node 130 may have functions of a plurality of types of nodes. For example, the financial node and/or the issue node may also be validation nodes configured to validate certificate requests. As another example, any one of the request node, the validation node, the financial node, and the issue node may be an authorized node which is authorized to perform a certain action. Details regarding the nodes 130 of the blockchain network 110 may be found elsewhere in the present disclosure (e.g., FIGs. 4-6 and the relevant descriptions thereof) .

In some embodiments, a node 130 of the blockchain network 110 may be owned and maintained by an entity (e.g., an organization, a person) that maintains the certificate system 100. Taking a certificate system 100 that issues certificates for an O2O service system as an example, the financial node may be owned and/or maintained by a finance department of the O2O service system. The request node may be owned and/or maintained by a business department of the O2O service system.

The network 120 may facilitate exchange of information and/or data in the certificate system 100. For example, the plurality of nodes 130 of the blockchain network 110 may be connected to and/or communicate with each other via the network 120. As another example, one or more nodes 130 of the blockchain network 110 may be connected to and/or communicate with the user terminal 140 and the storage device 150 via the network 120. In some embodiments, the network 120 may be any type of wired or wireless network, or combination thereof. Merely by way of example, the network 120 may include a cable network, a wireline network, an optical fiber network, a telecommunications network, an intranet, an Internet, a local area network (LAN) , a wide area network (WAN) , a wireless local area network (WLAN) , a metropolitan area network (MAN) , a public telephone switched network (PSTN) , a Bluetooth network, a ZigBee network, a near field communication (NFC) network, or the like, or a combination thereof. In some embodiments, the network 120 may include one or more network access points. For example, the network 120 may include wired or wireless network access points such as base stations and/or internet exchange points 120-1, 120-2, …, through which one or more components of the certificate system 100 may be connected to the network 120 to exchange data and/or information.

The storage device 150 may be configured to store data and/or instructions. For example, the storage device 150 may store information related to the certificate system 100, such as user information, a certificate request record, a certificate generation record, a certificate issue record, a certificate usage record, or the like, or any combination thereof. As another example, the storage device 150 may store data and/or instructions that the blockchain network 110 may execute or use to perform exemplary methods described in the present disclosure. In some embodiments, the storage device 150 may include a mass storage device, removable storage device, a volatile read-and-write memory, a read-only memory (ROM) , or the like, or a combination thereof. Exemplary mass storage may include a magnetic disk, an optical disk, a solid-state drive, etc. Exemplary removable storage may include a flash drive, a floppy disk, an optical disk, a memory card, a zip disk, a magnetic tape, etc. Exemplary volatile read-and-write memory may include a random access memory (RAM) . Exemplary RAM may include a dynamic RAM (DRAM) , a double date rate synchronous dynamic RAM (DDR SDRAM) , a static RAM (SRAM) , a thyristor RAM (T-RAM) , and a zero-capacitor RAM (Z-RAM) , etc. Exemplary ROM may include a mask ROM (MROM) , a programmable ROM (PROM) , an erasable programmable ROM (EPROM) , an electrically erasable programmable ROM (EEPROM) , a compact disk ROM (CD-ROM) , and a digital versatile disk ROM, etc. In some embodiments, the storage device 150 may be implemented on a cloud platform. Merely by way of example, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, an inter-cloud, a multi-cloud, or the like, or a combination thereof.

In some embodiments, the storage device 150 may be connected to the network 120 to communicate with the user terminal 140, and/or one or more nodes 130 of the blockchain network 110. Additionally or alternatively, the storage device 150 may be directly connected to or communicate with the user terminal 140, and/or one or more nodes 130 of the blockchain network 110. In some embodiments, the storage device 150 may be part of a node 130. In some embodiments, each of the nodes 130 of the certificate system 100 may include a storage device 150.

In some embodiments, one or more components of the certificate system 100 (e.g., the nodes 130, the user terminal 140) may access the storage device 150. In some embodiments, one or more components of the certificate system 100 may read and/or write information stored in the storage device 150 when one or more conditions are met. For example, a node 130 may read and/or modify information stored in the storage device 150. As another example, the user terminal 140 may access information stored in the storage device 150 but have no permission to modify the information stored in the storage device 150.

The user terminal 140 may be associated with a user of the certificate system 100, and configured to enable a user interaction between the user and other components of the certificate system 100. For example, the user may transmit a request for one or more certificates to the blockchain network 110 via the user terminal 140. In some embodiments, the user terminal 140 may be connected to or communicated with one or more components of certificate system 100 (e.g., one or more nodes 130) via the network 120. Additionally or alternatively, the user terminal 140 may be connected to one or more components of the certificate system 100 directly.

In some embodiments, the user terminal 140 may include a mobile device 240-1, a tablet computer 240-2, a laptop computer 240-3, a built-in device 240-4, or the like, or a combination thereof. In some embodiments, the mobile device 240-1 may include a smart home device, a wearable device, a smart mobile device, a virtual reality device, an augmented reality device, or the like, or a combination thereof. In some embodiments, the smart home device may include a smart lighting device, a control device of an intelligent electrical apparatus, a smart monitoring device, a smart television, a smart video camera, an interphone, or the like, or a combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart footgear, a smart glass, a smart helmet, a smart watch, a smart clothing, a smart backpack, a smart accessory, or the like, or a combination thereof. In some embodiments, the smart mobile device may include a smartphone, a personal digital assistant (PDA) , a gaming device, a navigation device, a point of sale (POS) device, or the like, or a combination thereof. In some embodiments, the virtual reality device and/or the augmented reality device may include a virtual reality helmet, a virtual reality glass, a virtual reality patch, an augmented reality helmet, an augmented reality glass, an augmented reality patch, or the like, or a combination thereof. For example, the virtual reality device and/or the augmented reality device may include a Google Glass ^TM, a RiftCon ^TM, a Fragments ^TM, a Gear VR ^TM, etc.

In some embodiments, information communication and/or exchange within the certificate system 100 may be secured using one or more information security techniques. For example, the certificate system 100 may use an asymmetric encryption technique to ensure the information security. One or more components of the certificate system 100 may each own a private key and a public key. Taking a node 130 as an example, a private key of the node 130 may be held privatively by the node 130, and a public key of the node 130 may be freely shared with one or more other components of the certificate system 100. In some cases, the node 130 may encrypt information using its private key before transmitting the information to a receiver (e.g., another node) . The receiver may need to decrypt the encrypted information using the public key of the node 130. It should be noted that the asymmetric encryption technique is provided as an example of information security techniques, and not intended to limit the scope of the present disclosure. The certificate system 100 may utilize any other information security technique to ensure the information security.

It should be noted that the example illustrated in FIG. 1 and the description thereof are merely provided for the purposes of illustration, and not intended to limit the scope of the present disclosure. For persons having ordinary skills in the art, multiple variations and modifications may be made under the teachings of the present disclosure. However, those variations and modifications do not depart from the scope of the present disclosure. In some embodiments, the blockchain network 110 may include any number of nodes 130. In some embodiments, the certificate system 100 may include one or more additional components. Additionally or alternatively, one or more components of the certificate system 100 described above may be omitted. For example, the storage device 150 may be omitted. As another example, the certificate system 100 may further include a processing device (e.g., a processing device implemented on one or more components of computing device 200 as shown in FIG. 2, a processing device 700 as shown in FIG. 7) configured to perform one or more functions of the certificate system 100. As yet another example, the user terminal 140 may be omitted or be part of the blockchain network 110. Merely by way of example, the user terminal 140 may serve as a request node of the blockchain network 110.

FIG. 2 is a schematic diagram illustrating exemplary hardware and software components of a computing device according to some embodiments of the present disclosure. Computing device 200 may be used to implement any component of the certificate system 100 as described herein. For example, a node 130 of the blockchain network 110, a user terminal 140, and/or a processing device 700 may be implemented on the computing device 200, via its hardware, software program, firmware, or a combination thereof. Although only one such computing device is shown, for convenience, the computer functions relating to the certificate system 100 as described herein may be implemented in a distributed fashion on a number of similar platforms, to distribute the processing load.

As illustrated in FIG. 2, the computing device 200 may include a communication bus 210, a processor 220, a storage device, an input/output (I/O) 260, and a communication port 250. The processor 220 may execute computer instructions (e.g., program code) and perform functions of one or more components of the certificate system 100 (e.g., the blockchain network 110) in accordance with techniques described herein. For example, the processor 220 may validate a certificate request to generate a validation result regarding the certificate request. As another example, the processor 220 may generate one or more certificates if the validation result shows that the request is valid. The computer instructions may include, for example, routines, programs, objects, components, data structures, procedures, modules, and functions, which perform particular functions described herein. In some embodiments, the processor 220 may include interface circuits and processing circuits therein. The interface circuits may be configured to receive electronic signals from the communication bus 210, wherein the electronic signals encode structured data and/or instructions for the processing circuits to process. The processing circuits may conduct logic calculations, and then determine a conclusion, a result, and/or an instruction encoded as electronic signals. Then the interface circuits may send out the electronic signals from the processing circuits via the communication bus 210.

In some embodiments, the processor 220 may include one or more hardware processors, such as a microcontroller, a microprocessor, a reduced instruction set computer (RISC) , an application specific integrated circuits (ASICs) , an application-specific instruction-set processor (ASIP) , a central processing unit (CPU) , a graphics processing unit (GPU) , a physics processing unit (PPU) , a microcontroller unit, a digital signal processor (DSP) , a field programmable gate array (FPGA) , an advanced RISC machine (ARM) , a programmable logic device (PLD) , any circuit or processor capable of executing one or more functions, or the like, or any combinations thereof.

Merely for illustration, only one processor 220 is described in the computing device 200. However, it should be noted that the computing device 200 in the present disclosure may also include multiple processors, thus operations and/or method operations that are performed by one processor as described in the present disclosure may also be jointly or separately performed by the multiple processors. For example, if in the present disclosure the processor of the computing device 200 executes both operation A and operation B, it should be understood that operation A and operation B may also be performed by two or more different processors jointly or separately in the computing device 200 (e.g., a first processor executes operation A and a second processor executes operation B, or the first and second processors jointly execute operations A and B) .

The storage device may store data/information related to the certificate system 100. In some embodiments, the storage device may include a mass storage device, a removable storage device, a volatile read-and-write memory, a random access memory (RAM) 240, a read-only memory (ROM) 230, a disk 270, or the like, or any combination thereof. In some embodiments, the storage device may store one or more programs and/or instructions to perform exemplary methods described in the present disclosure. For example, the storage device may store a program for the processor 220 to execute.

The I/O 260 may input and/or output signals, data, information, etc. In some embodiments, the I/O 260 may enable a user interaction with the computing device 200. In some embodiments, the I/O 260 may include an input device and an output device. Examples of the input device may include a keyboard, a mouse, a touch screen, a microphone, or the like, or a combination thereof. Examples of the output device may include a display device, a loudspeaker, a printer, a projector, or the like, or a combination thereof. Examples of the display device may include a liquid crystal display (LCD) , a light-emitting diode (LED) -based display, a flat panel display, a curved screen, a television device, a cathode ray tube (CRT) , a touch screen, or the like, or a combination thereof.

The communication port 250 may be connected to a network (e.g., the network 120) to facilitate data communications. The communication port 250 may establish connections between the computing device 200 and one or more components of the certificate system 100. The connection may be a wired connection, a wireless connection, any other communication connection that can enable data transmission and/or reception, and/or any combination of these connections. The wired connection may include, for example, an electrical cable, an optical cable, a telephone wire, or the like, or any combination thereof. The wireless connection may include, for example, a Bluetooth ^TM link, a Wi-Fi ^TM link, a WiMax ^TM link, a WLAN link, a ZigBee link, a mobile network link (e.g., 3G, 4G, 5G, etc. ) , or the like, or a combination thereof. In some embodiments, the communication port 250 may be and/or include a standardized communication port, such as RS232, RS485, etc. In some embodiments, the communication port 250 may be a specially designed communication port.

FIG. 3 is a schematic diagram illustrating exemplary hardware and/or software components of a mobile device 300 according to some embodiments of the present disclosure. In some embodiments, a node 130 of the blockchain network 110 and/or a user terminal 140 may be implemented on the mobile device 300. As illustrated in FIG. 3, the mobile device 300 may include a communication platform 310, a display 320, a graphics processing unit (GPU) 330, a central processing unit (CPU) 340, an I/O 350, a memory 360, and a storage 390. In some embodiments, any other suitable component, including but not limited to a system bus or a controller (not shown) , may also be included in the mobile device 300.

In some embodiments, a mobile operating system 370 (e.g., iOS ^TM, Android ^TM, Windows Phone ^TM, etc. ) and one or more applications 380 may be loaded into the memory 360 from the storage 390 in order to be executed by the CPU 340. The applications 380 may include a browser or any other suitable mobile apps for receiving and rendering information relating to the certificate system 100. User interactions with the information stream may be achieved via the I/O 350 and provided to one or more other components of the certificate system 100 via the network 120.

To implement various modules, units, and their functionalities described in the present disclosure, computer hardware platforms may be used as the hardware platform (s) for one or more of the elements described herein. A computer with user interface elements may be used to implement a personal computer (PC) or any other type of work station or terminal device. A computer may also act as a server if appropriately programmed.

FIG. 4 is a flowchart illustrating an exemplary process for certificate issuing according to some embodiments of the present disclosure. Process 400 may be executed by the certificate system 100. For example, the process 400 may be implemented as a set of instructions (e.g., an application) stored in a storage device of the certificate system 100 (e.g., a storage of a node 130, the storage device 150, the ROM 230, and/or the RAM 240) . At least one processor of the certificate system 100 may execute the set of instructions, and when executing the instructions, the at least one processor may be configured to direct the certificate system 100 to perform the process 400. The at least one processor may include, for example, one or more processors of one or more nodes 130 of the blockchain network 110, the processor 220 of the computing device 200, the CPU 340 of the mobile device 300, or the like, or any combination thereof. In some embodiments, the at least one processor may direct the blockchain network 110 to perform the process 400. In some embodiments, the at least one processor may include one or more modules as shown in FIG. 7.

In 402, a request node of the blockchain network 110 may receive a request for one or more certificates.

In some embodiments, the request may be received from a requester via a user terminal (e.g., the user terminal 140) of the requester. Alternatively, the request node may be implemented on a computing device including an I/O (e.g., I/O 260) . The request may be received from the requester via the I/O of the request node. The requester may include any entity (e.g., an individual or an organization) that wants to apply for the certificate (s) . In some embodiments, the request may be received from a requester associated with a transportation service system. The requester may input a request to apply for one or more certificates for one or more transportation services. For example, a manager or a department of carpool service in the transportation service system may input a request to apply for carpool certificates. In some embodiments, the requester may be the request node itself. Merely by way of example, the request node may automatically initiate the request when a certain condition is met, for example, at a specific time point.

In some embodiments, the request may include information related to the certificate (s) and/or the requester. Exemplary information related to the certificate (s) and/or the requester may include an identification of the requester, a digital signature of the requester, a time stamp (e.g., a time point when the requester inputs the request) , the number (or count) of the certificate (s) , the content of each certificate, or the like, or any combination thereof. Exemplary content of a certain certificate may include a discount rate and/or discount amount of the certificate, a validity period of the certificate, a condition for use of the certificate (e.g., a condition states that the certificate is allowed to be used in a particular region) , a type of the certificate (e.g., a transportation service certificate, a restaurant certificate, or a movie certificate) , a distribution rule of the certificate (e.g., a rule states that the certificate is allowed to be distributed to a particular group) , or the like, or any combination thereof. In some embodiments, the content of different certificates may be same as or different from each other.

In some embodiments, the blockchain network 110 may only include one request node, and operation 402 may be performed by the request node. In some embodiments, the blockchain network 110 may include a plurality of request nodes. Operation 402 may be performed by any request node of the plurality of request nodes. Alternatively, operation 402 may be performed by a particular request node associated with the request. Merely by way of example, the blockchain network 110 includes a request node A configured to process requests for carpool certificates, a request node B configured to process requests for express car certificates, and a request node C configured to process requests for taxi certificates. If the request received in 402 is used to apply for one or more carpool certificates, operation 402 may be performed by the request node A.

In 404, in response to the request, the blockchain network 110 may generate a first contract encoding the request.

As used herein, a first contract may refer to a contract encoding the information related the request, such as the information related to the certificate (s) and/or the requester as described in connection with operation 402. In some embodiments, the first contract may be written by a programing language, such as JavaScript. Optionally, the first contract may be a smart contract which is self-executive. In some embodiments, operation 404 may be performed by any node 130 of the blockchain network 110. Attentively, operation 404 may be performed by an authority node which is authorized to generate a contract encoding a certificate request. Merely by way of example, the request node may be authorized to generate the first contract and perform operation 404.

In 406, the request node may generate an instruction to approve the request using a private key of the request node.

In some embodiments, the request node may hold a pair of a private key (also referred to as a first key herein) and a public key. The private key may be privately held by the request node. The public key may be public and available for one or more other components of the certificate system 100. The public-private key pair of the request node may be set by the certificate system 100 when the request node registered in the blockchain network 110. Alternatively, the public-private key pair of the request node may be determined by the blockchain network 110 in or after operation 404. For example, in operation 404, the blockchain network 110 may generate the first contract encoding the request and a public-private key pair of the request node corresponding to the request. The request node may have different public-private key pairs corresponding to different requests. The public key of the request node corresponding to the request may be transmitted to one or more other nodes 130, such as one or more validation nodes and/or one or more issue nodes of the blockchain network 110. In some embodiments, the public key of the request node may be transmitted to and held by a financial node of the blockchain network 110. The public key of the request node held by the financial node may also be referred as a financial key. Additionally or alternatively, the public key of the request node may be transmitted to and held by an issue node of the blockchain network 110. The public key of the request node held by the issue node may also be referred as an issue key.

In some embodiments, the instruction may include information related to the request and/or information related to at least one validation node, wherein the at least one validation node may be configured to validate the request. In some embodiments, the certificate system 100 may only include one validation node to serve as the at least one validation node. Alternatively, the blockchain network 110 may include a plurality of validation nodes. The at least one validation node may include any validation node of the plurality of validation nodes. For example, the at least one validation node include one or more validate nodes randomly selected from the plurality of validation nodes by the request node. Alternatively, the at least one validation node may be determined from the validation nodes by the request node according to the functions of the validation nodes. Merely by way of example, the blockchain network 110 includes a validation node A configured to validate requests for certificates for carpool services, a validation node B configured to validate requests for certificates for express car services, and a validation node C configured to validate requests for certificates for taxi services. If the request received in 402 is used to apply for one or more carpool certificates, the at least one validation node may include the validation node A. In some embodiments, the at least one validation node may be a financial node of the blockchain network 110. In some embodiments, the at least one validation node may include a financial node and an issue node of the blockchain network 110. The instruction that needs to be validated by the financial node and the issue node may also be referred as an encoded message related to the financial node and the issue node. In some embodiments, the at least one validation node may be the financial node. The instruction that needs to be validated by the financial node may also be referred as a first sub-encoded message related to the financial node.

The information related to the at least one validation node may include, for example, an identification and/or a public key of each of the at least one validation node. In some embodiments, the request node may generate the instruction by encrypting the information related to the request and/or the at least one validation node using the private key of the request node. For example, the request node may encrypt the information directly using its private key. Alternatively, the request node may first generate a digest of the information using cryptography (e.g., a hash function) , and then encrypt the digest using its private key to produce a digital signature. The digital signature as well as the original information related to the request and/or the at least one validation node may be included in the instruction.

In 408, the request node may transmit the instruction to approve the request to the at least one validation node.

In 410, the at least one validation node may validate the instruction using the public key of the request node to generate a first validation result.

In some embodiments, each of the at least one validation node may validate the instruction to generate a corresponding validation result, and the first validation result may be based on the validation result of each validation node. For illustration purposes, the validation of the instruction by a certain validation node is described as an example. In some embodiments, the validation of the instruction may include a validation of an identity of a producer of the instruction and/or a validation of data integrity of the instruction. As used herein, “data integrity” may refer to the accuracy and consistency of the instruction over its lifecycle (e.g., between a time point when the instruction is generated and a time point when the instruction is received by the validation node) . For example, the instruction may include the encrypted information related to the request and/or the at least one validation node as described in connection with operation 406. The validation node may validate the instruction by decrypting the instruction using the public key of the request node. The instruction can be proven to be produced by the request node if the validation node can decrypt the instruction using the public key of the request node. In this situation, the validation node may generate a validation result that the instruction is valid. On the other hand, if the instruction is unable to be decrypted by the public key of the request node, the validation node may generate a validation result that the instruction is invalid.

As another example, the instruction may include the digital signature (which includes the encrypted digest) and the original information related to the request and/or the at least one validation node as described in connection with operation 406. The validation node may first decrypt the digital signature to obtain the digest using the public key of the request node. The instruction may be proven to be produced by the request node if the digital signature can be decrypted by the public key of the request node. The validation node may further generate a second digest of the original information using cryptography (e.g., a hash function) , and compare the second digest with the digest obtained from the digital signature. The instruction can be proven to be complete if the second digest is the same as the digest obtained from the digital signature. The instruction can be proved to be incomplete if the second digest is different from the digest obtained from the digital signature. If the instruction is complete and proved to be produced by the request node, the validation node may generate a validation result that the instruction is valid. On the other hand, if the instruction is incomplete or the digital signature is unable to be decrypted by the public key of the request node, the validation node may generate a validation result that the instruction is invalid.

In some embodiments, the at least one validation node may include only one validation node. The first validation result may be the validation result of the only one validation node. Alternatively, the at least one validation node may include a plurality of validation nodes. The first validation result may be based on a validation result of each of the validation nodes. For convenience, a validation result that the instruction is valid is referred to as a positive result, and a validation result that the instruction is invalid is referred to as a negative result. For example, only if the validation results of all validation nodes are positive results, the first validation result may be that the instruction is valid; the first validation result may be that the instruction is invalid if there is one or more negative results among the validation results of all validation nodes. As another example, if the number (or count) of positive results is greater than a threshold, the first validation result may be that the instruction is valid; if the number (or count) of positive results is equal to or less than the threshold, the first validation result may be that the instruction is invalid.

In some embodiments, if the first validation result shows that the instruction is invalid, one or more of the at least one validation node may send a notification to one or more other nodes 130 of the blockchain network 110 to notify that the instruction is invalid. The blockchain network 110 may refuse to fulfill the request. The requester may need to transmit a new request to apply for the one or more certificates. If the first validation result shows that the instruction is valid, the process 400 may proceed to 412. In 412, an issue node of the blockchain network 110 may issue at least a portion of the one or more certificates (referred to as approved certificate (s) for brevity) to the request node according to the first contract.

In some embodiments, in 412, the request node may first generate the approved certificate (s) according to the first contract. The first contract may encode information related to the certificate (s) applied by the requester, such as the content of the certificate (s) . The approved certificate (s) may be generated according to the information related to the certificate (s) . For example, the approved certificate (s) may have the same content as the certificate (s) applied by the requester. In some embodiments, the approved certificate (s) may include all or a portion of the certificate (s) applied by the requester. For example, in some cases, the issue node may only issue a portion of the applied certificate (s) to the request node. Exemplary cases may include that the number (or count) of certificates (or a certain type of certificates) applied by the requester (or request node) exceeds a first threshold, that the number (or count) of certificates (or a certain type of certificates) issued by the certificate system 100 (or the issue node) exceeds a second threshold, or the like, or any combination thereof. In some embodiments, the request node may generate the approved certificate (s) using an asset allocated by a financial node. Details regarding the generation of the approved certificate (s) using the asset may be found elsewhere in the present disclosure (e.g., operation 508 and the relevant descriptions thereof) .

After the approved certificate (s) are generated, the issue node may issue the approved certificate (s) to the request node. In some embodiments, the issue node may issue the approved certificate (s) to the request node by transmitting the approved certificate (s) to the request node. The requester may view and/or process (e.g., edit) the approved certificate (s) via a computing device on which the request node is implemented. Alternatively, the request node may transmit the approved certificate (s) to a user terminal of the requester. The requester may view and/or process (e.g., edit) the approved certificate (s) via the user terminal. In some embodiments, the request node may have a certificate account in the certificate system 100. The issue node may issue the approved certificate (s) to the certificate account of the request node. The requester may access the certificate account of the request node via a computing device on which the request node is implemented or the user terminal of the requester. Alternatively, the issue node may further issue the approved certificate (s) to a certificate account of the requester. The requester may access its certificate account via its user terminal to view and/or process the approved certificate (s) .

In some embodiments, before the approved certificate (s) are issued to the request node, the blockchain network 110 may transmit an instruction to the request node and/or the financial node to verify the approved certificate (s) . For example, the request node and/or the financial node may verify the identification of the issue node and/or the content of the approved certificate (s) . After the approved certificate (s) are verified, the blockchain network 110 may direct the issue node to issue the approved certificate (s) to the request node.

In some embodiments, the blockchain network 110 may include only one issue node, and operation 412 may be performed by the issue node. In some embodiments, the blockchain network 110 may include a plurality of issue nodes. Operation 412 may be performed by any issue node of the plurality of issue nodes. Alternatively, operation 412 may be performed by a particular issue node associated with the request. Merely by way of example, the blockchain network 110 includes an issue node A configured to issue carpool certificates, an issue node B configured to issue express car certificates, and an issue node C configured to issue taxi certificates. If the request received in 402 is used to apply for one or more carpool certificates, operation 412 may be performed by the issue node A.

It should be noted that the above description regarding the process 400 is merely provided for the purposes of illustration, and not intended to limit the scope of the present disclosure. For persons having ordinary skills in the art, multiple variations and modifications may be made under the teachings of the present disclosure. However, those variations and modifications do not depart from the scope of the present disclosure. The operations of the illustrated process presented below are intended to be illustrative. In some embodiments, the process 400 may be accomplished with one or more additional operations not described and/or without one or more of the operations discussed. Additionally, the order in which the operations of the process 400 described above is not intended to be limiting.

In some embodiments, one or more events occurred in the process 400 may be recorded and/or broadcasted in the blockchain network 110. Exemplary events occurred in the process 400 may include the reception of the request, the generation of the first contract, the generation of the instruction, the generation of the first validation result, the generation of the approved certificate (s) , the issuing of the approved certificate (s) , or the like, or any combination thereof. In some embodiments, after an event has occurred, a certain authority node may generate a contract encoding the event, wherein the certain authority node may be any node of the blockchain network 110 which is authorized to generate the contract encoding the event. The contract encoding the event may include information related to the event, as such as a time point when the event occurs, one or more parties involved in the event, a result of the event, or the like, or any combination thereof. Optionally, the certain authority node may further broadcast the contract encoding the event to each of the one or more other nodes of the blockchain network 110. Each node receiving the contract may store the contract in its storage device (s) (e.g., the ROM 230, the RAM 240) . In some embodiments, the certain authority node may generate a block encoding the contract and transmit the block to each of the other node (s) in the blockchain network 110. Each of the other node (s) may add the block into its digital leger. In this way, each node of the blockchain network 110 may have a record regarding the event. This may ensure that the record regarding the event is stored in a distributed and secure way to prevent the record from being tampered.

For example, after the approved certificate (s) are generated, a first authority node of the blockchain network 110 may generate a second contract encoding the generation of the approved certificate (s) . The first authority node may be any node of the blockchain network 110 which is authorized to generate a contract encoding a certificate generation event. The first authority node may further broadcast the second contract to each of the other one or more nodes of the blockchain network 110. In some embodiments, the first authority node may be the issue node. The contract encoding the generation of the approved certificate (s) generated by the issue node may also be referred to as a fifth contract herein. Optionally, the issue node may update a certificate generation record by writing the fifth contract into the certificate generation record. The certificate generation record may include a plurality of records, each of which may include information related to one or more historical certificates generated in response to a historical certificate request. Exemplary information related to historical certificate (s) generated in response to a historical certificate request may include the number (or count) of the historical certificates, the generation time of the historical certificate (s) , a requester of the historical certificate request, the content of the historical certificate (s) , or the like, or any combination thereof. The issue node may further broadcast the updated certificate generation record to each of the other one or more nodes of the blockchain network.

As another example, after the approved certificate (s) are issued to the request node, a second authority node of the blockchain network 110 may generate a third contract encoding the issuing of the approved certificate (s) . The second authority node may be any node of the blockchain network 110 which is authorized to generate a contract encoding a certificate issuing event. The second authority node and the first authority node may be the same node or different nodes. The second authority node may further broadcast the third contract to each of the other one or more nodes of the blockchain network 110. In some embodiments, the first authority node and second authority node may be the same authority node. Optionally, the authority node may generate a single block encoding the first contract and the second contract, and broadcast the block to each of the other node (s) of the blockchain network 110.

Referring back to operation 408, in some embodiments, the at least one validation node needs to validate the instruction may include a financial node and the issue node.

Operations

410 and 412 may be achieved by perform one or more operations in process 500 as shown in FIG. 5. In 502, the financial node may validate the instruction using the public key of the request node held by the financial node (i.e., the financial key) to generate a third validation result. In 504, the issue node may validate the instruction using the public key of the request node held by the issue key (i.e., the issue key) to generate a fourth validation result. The first validation result may be based on the third and fourth validation results. For example, if both the third and fourth validation results show that the instruction is valid, the first validation result may be that the instruction is valid. If one or all of the third and fourth validation results show (s) that the instruction is invalid, the first validation result may be that the instruction is invalid.

In 506, upon a determination that a first validation result that the instruction is valid, the financial node may allocate an asset for the request according to the first contract.

The allocated asset may include a tangible asset (e.g., a financial asset, a material asset) and/or an intangible asset (e.g., a service asset) . The allocated asset may be associated with the content of the certificate (s) applied by the requester. For example, the requester may apply for one hundred certificates for car hailing services, wherein each certificate can be used to reduce a service fare by $2. In this situation, the allocated asset may be a financial asset, such as $200 or less than $200. As yet another example, the requester may apply for one hundred certificates for taxi services, wherein each certificate can be used to get a free taxi service if a passenger has requested taxi services for more than 10 times. In this situation, the allocated asset may be a service asset, such as a certain number (or count) of times (e.g., one hundred or less than one hundred) of free taxi services. As yet another example, the requester may apply for one hundred certificates for mobile phones, wherein each certificate can be used to get a free mobile phone if a customer buys two mobile phones. In this situation, the allocated asset may be a material asset, such as a certain number (e.g., one hundred or less than one hundred) of free mobile phones.

In some embodiments, the first contract may encode the information related to the certificate (s) applied by the requester, such as the number (or count) of the certificate (s) , the discount amount or rate of the certificate (s) , the type of the certificate (s) , or the like, or any combination thereof. The financial node may determine the allocated asset according to the first contract. For example, the financial node may determine the type and the total amount of asset needed in the generation of the certificate (s) according to the first contract. The financial node may then allocate all or a portion of the needed asset for the request. In some cases, the financial node may allocate a portion of the needed asset for the request. Exemplary cases may include that the amount of asset (or a certain type of asset) allocated to the requester (or the request node) exceeds a third threshold, that the amount of asset (or a certain type of asset) allocated by the certificate system 100 (or the financial node) exceeds a fourth threshold, or the like, or any combination thereof.

In 508, the issue node may generate at least a portion of the one or more certificates (also referred to as the approved certificate (s) ) using the allocated asset according to the first contract. For example, the issue node may determine a discount rate and/or a discount amount of each approved certificate according to the allocated asset (or the allocated asset together with the first contract) , wherein the total asset consumed by the approved certificate (s) may be equal to or less than the allocated asset. The issue node may further determine other content (e.g., a validation period, a condition of use, a distribution rule) of the approved certificate (s) according to the first contract. Details regarding the generation of the approved certificate (s) may be found elsewhere in the present disclosure (e.g., operation 412 and the relevant descriptions thereof) .

In 510, the issue node may issue the approved certificate (s) to the request node. Details regarding the issuing of the approved certificate (s) to the request node may be found elsewhere in the present disclosure (e.g., operation 412 and the relevant descriptions thereof) .

Referring back to operation 408 again, in some embodiments, the at least one validation node needs to validate the instruction may include the financial node.

Operations

410 and 412 may be achieved by performing one or more operations in process 600 as shown in FIG. 6. In 602, the financial node may validate the instruction using the public key of the request node to generate a third validation result. The first validation result may be the third validation result. If the first validation result shows that the instruction is valid, the process 600 may proceed to 604. In 604, the financial node may allocate an asset for the request according to the first contract. Operation 604 may be performed in a similar manner with operation 506, and the descriptions thereof are not repeated here.

In 606, a third authority node of the certificate system 100 may generate a fourth contract encoding the allocation of the asset. The third authority node may be any node of the blockchain network 110 which is authorized to generate a contract encoding an asset allocation event. The third authority node may be the same node as or a different node from the first or second authority node as described in connection with FIG. 5. In some embodiments, the third authority node may be the financial node. The fourth contract generated by the financial node may also be referred to as an asset contract. In some embodiments, the third authority node may generate the fourth contract by encrypting information related to the allocation of the asset. For example, the third authority node may encrypt the information related to allocation of the asset using a private key of the third authority node. Alternatively, the third authority node may generate a digital signature on the information using the private key of the third authority node. The encryption of the information related to allocation of the asset may be similar to the encryption of the information related to the request and/or the at least one validation node as described in connection with operation 406, and the descriptions thereof are not repeated here. In some embodiments, the third authority node may further transmit the fourth contract to the issue node for validation.

In 608, the issue node may validate the fourth contract to generate a second validation result regarding the fourth contract. In some embodiments, the issue node may validate the fourth contract by validating an identity of a producer of the fourth contract and/or validating data integrity of the fourth contract. In some embodiments, the issue node may validate the fourth contract using a public key of the third authority node. The validation of the fourth contract may be performed in a similar manner with the validation of the instruction as described in connection with operation 410, and the descriptions thereof are not repeated here.

If the second validation result shows that the fourth contract is valid, the process 600 may proceed to operations 610 and 612. In 610, the issue node may generate at least a portion of the one or more certificates using the allocated asset. In 612, the issue node may issue the at least a portion of the certificates to the request node. Operations 610 and 612 may be performed in a similar manner with

operation

508 and 510, respectively, and the descriptions thereof are not repeated here.

It should be noted that the above description regarding the process 600 is merely provided for the purposes of illustration, and not intended to limit the scope of the present disclosure. For persons having ordinary skills in the art, multiple variations and modifications may be made under the teachings of the present disclosure. However, those variations and modifications do not depart from the scope of the present disclosure. The operations of the illustrated process presented below are intended to be illustrative. In some embodiments, the process 600 may be accomplished with one or more additional operations not described and/or without one or more of the operations discussed. Additionally, the order in which the operations of the process described above is not intended to be limiting.

In some embodiments,

operations

606 and 608 may be omitted. In 610, the issue node may generate the approved certificate (s) directly using the allocated asset. Alternatively, in 606, the third authority node may generate the third contract without encrypting the information related to the allocation of the asset. The third authority node may further broadcast the third contract to each of the one or more other nodes in the blockchain network 110. Operation 608 may be omitted, and the issue node may generate the approved certificate (s) directly using the allocated asset in operation 610.

In some embodiments, the process 600 may further include one or more operations to record and/or broadcast one or more events occurred in the process 600. Exemplary events occurred in the process 600 may include the generation of the third validation result, the allocation of the asset, the generation of the approved certificate (s) , the generation of the fourth contract, the generation of the second validation result, the generation and/or issuing of the approved certificate (s) , or the like, or any combination thereof. Merely by way of example, if the issue node generates a second validation result that the fourth contract is valid (e.g., the issue node decrypts the asset contract) , the issue node may generate a contract (also referred to as a validation contract) encoding the second validation result, and broadcast the contract to other node (s) of the blockchain network 110. The recording and/or broadcasting of the event (s) occurred in the process 600 may be performed a similar manner with that of the event (s) occurred in the process 400, and the descriptions thereof are not repeated here.

In some embodiments, in a certificate issuing process (e.g., the

processes

400, 500, and/or 600) disclosed herein, all or a portion of information communication within the blockchain network 110 and/or between the blockchain network 110 and one or more other components of the certificate system 100 may be secured using one or more information security techniques, such as an information encryption and decryption technology, a digital signature technology. Merely by way of example, the request may be transmitted to the request node via a user terminal of the requester. The request may have been encrypted by the user terminal, for example, using a private key of the user terminal or the requester. The request node may need to decrypt the request to verify the identity of the user terminal or the requester after receiving the request.

FIG. 7 is a block diagram illustrating an exemplary processing device according to some embodiments of the present disclosure. In some embodiments, the processing device 700 may be implemented on one or more components of the computing device 200. In some embodiments, the process device 700 may be part of one or more nodes of the blockchain network 110. Alternatively, the processing device 700 may be an independent component of the certificate system 100.

In some embodiments, the processing device 700 may be configured to issuing coupons for a coupon platform. The coupon system may include a business node (also referred to as a request node) , a financial node, and a coupon node (also referred to as an issue node) . As shown in FIG. 7, the processing device 700 may include a request module 710, a generation module 720, and an issuing module 730.

In response to a coupon request received from the business node (also referred to as a request node) , the request module 710 may be configured to generate a first key of the business node and a first contract encoding the coupon request.

The generation module 720 may be configured to direct the business node to generate an encoded message using the first key, wherein the encoded message may be related to the financial node and the coupon node. The generation module 720 may also be configured to direct the financial node to decrypt the encoded message using a financial key. The generation module 720 may further be configured to direct the coupon node to decrypt the encoded message using a coupon key.

In some embodiments, the generation module 720 may include a control unit and a validation unit. The control unit may be configured to direct the business node to generate a first sub-encoded message related to the financial node using the first key. The control unit may also be configured to direct the financial node to decrypt the first sub-encoded message using the financial key, allocate an asset, and generate an asset contract after the decryption of the first sub-encoded message. The validation unit may be configured to direct the coupon node to decrypt the asset contract, generate a validation contract after the decryption of the asset contract, and broadcast the validation contract to each node of the coupon platform. In some embodiments, the generation module 720 may further be configured to direct the financial node to allocate an asset after the decryptions by the financial node and the coupon node.

The issuing module 730 may be configured to direct the coupon node to generate one or more coupons after the decryptions by the financial node and the coupon node. The issuing module 730 may also be configured to direct the coupon node to issue the one or more coupons to the business node according to the first contract. In some embodiments, the issuing module 730 may further be configured to direct the coupon node to generate the one or more coupons using an asset allocated by the financial node.

In some embodiments, the processing device 700 may further include a first broadcasting module and/or a second broadcasting module. The first broadcasting module may be configured to generate a second contract and broadcast the second contract to each node of the coupon platform. The second broadcasting module may be configured to generate a third contract and broadcast the third contract to each node of the coupon platform.

In some embodiments, the processing device 700 may further include a verification module. The verification module may be configured to transmit an instruction to the business node and the financial node to verify the one or more coupons generated by the issue node.

The modules in the processing device 700 may be connected to or communicate with each other via a wired connection or a wireless connection. The wired connection may include a metal cable, an optical cable, a hybrid cable, or the like, or any combination thereof. The wireless connection may include a Local Area Network (LAN) , a Wide Area Network (WAN) , a Bluetooth, a ZigBee, a Near Field Communication (NFC) , or the like, or any combination thereof. Two or more of the modules may be combined into a single module, and any one of the modules may be divided into two or more units. In some embodiments, one or more of the modules mentioned above may be omitted. In some embodiments, one or more of the modules mentioned above may be combined into a single module. For example, the first broadcasting module and the second broadcasting module may be combined into a single module. In some embodiments, the processing device 700 may further include one or more additional modules.

Having thus described the basic concepts, it may be rather apparent to those skilled in the art after reading this detailed disclosure that the foregoing detailed disclosure is intended to be presented by way of example only and is not limiting. Various alterations, improvements, and modifications may occur and are intended to those skilled in the art, though not expressly stated herein. These alterations, improvements, and modifications are intended to be suggested by this disclosure, and are within the spirit and scope of the exemplary embodiments of this disclosure.

Moreover, certain terminology has been used to describe embodiments of the present disclosure. For example, the terms “one embodiment, ” “an embodiment, ” and/or “some embodiments” mean that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Therefore, it is emphasized and should be appreciated that two or more references to “an embodiment, ” “one embodiment, ” or “an alternative embodiment” in various portions of this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined as suitable in one or more embodiments of the present disclosure.

Further, it will be appreciated by one skilled in the art, aspects of the present disclosure may be illustrated and described herein in any of a number of patentable classes or context including any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof. Accordingly, aspects of the present disclosure may be implemented entirely hardware, entirely software (including firmware, resident software, micro-code, etc. ) or combining software and hardware implementation that may all generally be referred to herein as a "block, " “module, ” “engine, ” “unit, ” “component, ” or “system. ” Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more computer readable media having computer readable program code embodied thereon.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including electro-magnetic, optical, or the like, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that may communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable signal medium may be transmitted using any appropriate medium, including wireless, wireline, optical fiber cable, RF, or the like, or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB. NET, Python or the like, conventional procedural programming languages, such as the “C” programming language, Visual Basic, Fortran 1703, Perl, COBOL 1702, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN) , or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider) or in a cloud computing environment or offered as a service such as a software as a service (SaaS) .

Furthermore, the recited order of processing elements or sequences, or the use of numbers, letters, or other designations, therefore, is not intended to limit the claimed processes and methods to any order except as may be specified in the claims. Although the above disclosure discusses through various examples what is currently considered to be a variety of useful embodiments of the disclosure, it is to be understood that such detail is solely for that purpose, and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover modifications and equivalent arrangements that are within the spirit and scope of the disclosed embodiments. For example, although the implementation of various components described above may be embodied in a hardware device, it may also be implemented as a software-only solution-e.g., an installation on an existing server or mobile device.

Similarly, it should be appreciated that in the foregoing description of embodiments of the present disclosure, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the various embodiments. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed subject matter requires more features than are expressly recited in each claim. Rather, claimed subject matter may lie in less than all features of a single foregoing disclosed embodiment.

Claims

A method for coupon issuing implemented on a coupon platform, the coupon platform including a business node, a financial node, and a coupon node, the method comprising:

in response to a coupon request received from the business node, generating a first contract encoding the coupon request and a first key of the business node;

generating, by the business node, an encoded message related to the financial node and the coupon node using the first key;

decrypting, by the financial node, the encoded message using a financial key;

decrypting, by the coupon node, the encoded message using a coupon key;

generating one or more coupons after the decryption by the financial node and the decryption by the coupon node; and

issuing, by the coupon node, the one or more coupons to the business node according to the first contract.
The method of claim 1, wherein:

the generating the one or more coupons after the decryption by the financial node and the decryption by the coupon node further comprises generating a second contract, and broadcasting the second contract to each node of the coupon platform; and

the issuing one or more coupons to the business node according to the first contract further comprises generating a third contract, and broadcasting the third contract to each node of the coupon platform.
The method of claim 1, wherein:

the generating an encoded message related to the financial node and the coupon node by the business node using the first key comprises: generating, by the business node, a first sub-encoded message related to the financial node using the first key; and

the decrypting the encoded message by the financial node using a financial key and decrypting the encoded message by the coupon node using a coupon key comprises:

by the financial node, decrypting the first sub-encoded message using the financial key, allocating an asset, and generating an asset contract after the decryption of the first sub-encoded message;

by the coupon node, decrypting the asset contract, generating a validation contract after the decryption of the asset contract, and broadcasting the validation contract to each node of the coupon platform.
The method of claim 1, wherein the generating one or more coupons by the coupon node further comprises:

allocating, by the financial node, an asset after the decryption by the financial node and the decryption by the coupon node; and

generating, by the coupon node, the one or more coupons using the asset.
The method of claim 3 or 4, wherein the coupon node is configured to validate at least one of a count of the one or more coupons, a condition for use of the one or more coupons, a discount amount of the one or more coupons, a validity period of the one or more coupons, or a distribution rule of the one or more coupons.
The method of any one of claims 1 to 4, wherein the method further comprises:

transmitting an instruction to the business node and the financial node to verify the one or more coupons after the one or more coupons are generated.
A system for issuing coupon on a coupon platform, the coupon platform including a business node, a financial node, and a coupon node, the system comprising:

a request module configured to: in response to a coupon request received from the business node, generate a first contract encoding the coupon request and a first key of the business node;

a generation module configured to:

direct the business node to generate an encoded message related to the financial node and the coupon node using the first key,

direct the financial node to decrypt the encoded message using a financial key, and

direct the coupon node to decrypt the encoded message using a coupon key; and

an issuing module configured to:

direct the coupon node to generate one or more coupons after the decryption by the financial node and the decryption by the coupon node, and

direct the coupon node to issue the one or more coupons to the business node according to the first contract.
The system of claim 7, further comprising:

a first broadcasting module configured to generate a second contract, and broadcast the second contract to each node of the coupon platform; and

a second broadcasting module configured to generate a third contract, and broadcast the third contract to each node of the coupon platform.
The system of claim 7, the generation module further comprising:

a control unit configured to:

direct the business node to generate a first sub-encoded message related to the financial node using the first key, and

direct the financial node to decrypt the first sub-encoded message using the financial key, allocate an asset, and generate an asset contract after the decryption of the first sub-encoded message; and a validation unit configured to:

direct the coupon node to decrypt the asset contract, generate a validation contract after the decryption of the asset contract, and broadcast the validation contract to each node of the coupon platform.
The system of claim 7, wherein:

the generation module is further configured to direct the financial node to allocate an asset after the decryption by the financial node and the decryption by the coupon node, and

the issuing module is further configured to direct the coupon node to generate the one or more coupons using the asset.
The system of claim 9 or 10, wherein the coupon node is configured to validate at least one of a count of the one or more coupons, a condition for use of the one or more coupons, a discount amount of the one or more coupons, a validity period of the one or more coupons, or a distribution rule of the one or more coupons.
The system of any one of claims 7 to 10, wherein the system further comprises a verification module configured to transmit an instruction to the business node and the financial node to verify the one or more coupons after the one or more coupons are generated.
A device for coupon issuing, the device comprising a storage medium including a set of instructions, and at least one processor in communication with the at least one storage medium, wherein when executing the instructions, the at least one processor is configured to direct the device to perform the method for coupon issuing of any one of claims 1-6.
A computer readable storage medium, the computer readable storage medium storing computer instructions, wherein when the computer instructions are executed by a computer, the computer performs the method for coupon issuing of any one of claims 1-6.
A certificate system, comprising:

a blockchain network, the blockchain network including a plurality of nodes, each of the plurality of nodes being configured to communicate with each of the other one or more nodes of the plurality of nodes, the plurality of nodes at least including a request node, at least one validation node, and an issue node;

at least one storage device including a set of instructions; and

at least one processor in communication with the at least one storage device, wherein when executing the instructions, the at least one processor is configured to direct the system to perform operations including:

receiving, by the request node, a request for one or more certificates;

in response to the request, generating a first contract encoding the request;

generating, by the request node, an instruction to approve the request using a private key of the request node;

transmitting, by the request node to the at least one validation node, the instruction to approve the request;

validating, by the at least one validation node, the instruction using a public key of the request node to generate a first validation result regarding the instruction, and

upon a determination that a first validation result that the instruction is valid, issuing, by the issue node, at least a portion of the one or more certificates to the request node according the first contract.
The system of claim 15, wherein to issue at least a portion of the one or more certificates to the request node according to the first contract upon a determination that the first validation result that the instruction is valid, the at least one processor is further configured to direct the system to perform additional operations including:

upon the determination that the first validation result that the instruction is valid, generating, by the issue node, the at least a portion of the one or more certificates according the first contract; and

issuing, by the issue node, the at least a portion of the one or more certificates to the request node.
The system of claim 16, wherein the plurality of nodes include an authority node, the at least one processor is further configured to direct the system to perform additional operations including:

generating, by the authority node, a second contract encoding the generation of the at least a portion of the one or more certificates; and

broadcasting, by the authority node, the second contract to each of the other one or more nodes of the blockchain network.
The system of claim 16, wherein the plurality of nodes include an authority node, the at least one processor is further configured to direct the system to perform additional operations including:

generating, by the authority node, a third contract encoding the issuing of the at least a portion of the one or more certificates; and

broadcasting, by the authority node, the third contract to each of the other one or more nodes of the blockchain network.
The system of claim 16, wherein the plurality of nodes include an authority node, the at least one validation node includes a financial node, the at least one processor is further configured to direct the system to perform additional operations including:

upon the determination that the first validation result that the instruction is valid, allocating, by the financial node, an asset for the request;

generating, by the authority node, a fourth contract encoding the allocation of the asset;

validating, by the issue node, the fourth contract to generate a second validation result regarding the fourth contract, and wherein the generating the at least a portion of the one or more certificates according to the first contract including:

upon a determination that a second validation result that the fourth contract is valid, generating, by the issue node, at least a portion of the one or more certificates using the allocated asset.
The system of any one of claims 16 to 19, wherein the at least one processor is further configured to direct the system to perform additional operations including:

updating, by the issue node, a certificate generation record by writing a fifth contract encoding the generation of the at least a portion of the one or more certificates into the certificate generation record; and

broadcasting, by the issue node, the updated certificate generation record to each of the other one or more nodes of the blockchain network.
The system of any one of claims 15 to 18, wherein the at least one validation node includes the issue node and a financial node, and to validate the instruction to generate a first validation result, the at least one processor is further configured to direct the system to perform additional operations including:

validating, by the financial node, the instruction using the public key of the request node to generate a third validation result; and

validating, by the issue node, the instruction using the public key of the request node to generate a fourth validation result, wherein the first validation result is based on the third validation result and the fourth validation result.
The system of claim 21, wherein to issue at least a portion of the one or more certificates to the request node according to the first contract upon the determination that the first validation result that the instruction is valid, the at least one processor is further configured to direct the system to perform additional operations including:

upon the determination that the first validation result that the instruction is valid, allocating, by the financial node, an asset for the request according to the first contract;

generating, by the issue node, the at least a portion of the one or more certificates using the allocated asset according to the first contract; and

issuing, by the issue node, the at least a portion of the one or more certificates to the request node.
The system of any one of claims 15 to 22, wherein the first contract includes at least one of an identity of the request node, a count of the one or more certificates, a discount rate of the one or more certificates, a discount amount of the one or more certificates, a validity period of the one or more certificates, a condition for use of the one or more certificates, a type of the one or more certificates, or a distribution rule of the one or more certificates.
A method for certificate issuing implemented on a blockchain network, the blockchain network including a plurality of nodes, each of the plurality of nodes being configured to communicate with each of the other one or more nodes of the plurality of nodes, the plurality of nodes at least including a request node, at least one validation node, and an issue node, the method comprising:

receiving, by the request node, a request for one or more certificates;

in response to the request, generating a first contract encoding the request;

generating, by the request node, an instruction to approve the request using a private key of the request node;

transmitting, by the request node to the at least one validation node, the instruction to approve the request;

validating, by the at least one validation node, the instruction using a public key of the request node to generate a first validation result regarding the instruction, and

upon a determination that a first validation result that the instruction is valid, issuing, by the issue node, at least a portion of the one or more certificates to the request node according the first contract.
The method of claim 24, wherein the issuing at least a portion of the one or more certificates to the request node according to the first contract upon a determination that a first validation result that the instruction is valid comprises:

upon the determination that the first validation result that the instruction is valid, generating, by the issue node, the at least a portion of the one or more certificates according the first contract; and

issuing, by the issue node, the at least a portion of the one or more certificates to the request node.
The method of claim 25, wherein the plurality of nodes include an authority node, the method further comprises:

generating, by the authority node, a second contract encoding the generation of the at least a portion of the one or more certificates; and

broadcasting, by the authority node, the second contract to each of the other one or more nodes of the blockchain network.
The method of claim 25, wherein the plurality of nodes include an authority node, the method further comprises:

generating, by the authority node, a third contract encoding the issuing of the at least a portion of the one or more certificates; and

broadcasting, by the authority node, the third contract to each of the other one or more nodes of the blockchain network.
The method of claim 25, wherein the plurality of nodes include an authority node, the at least one validation node includes a financial node, and the method further comprises:

upon the determination that the first validation result that the instruction is valid, allocating, by the financial node, an asset for the request;

generating, by the authority node, a fourth contract encoding the allocation of the asset;

validating, by the issue node, the fourth contract to generate a second validation result regarding the fourth contract, and wherein the generating the at least a portion of the one or more certificates according to the first contract including:

upon a determination that a second validation result that the fourth contract is valid, generating, by the issue node, at least a portion of the one or more certificates using the allocated asset.
The method of any one of claims 25 to 28, wherein the method further comprises:

updating, by the issue node, a certificate generation record by writing a fifth contract encoding the generation of the at least a portion of the one or more certificates into the certificate generation record; and

broadcasting, by the issue node, the updated certificate generation record to each of the other one or more nodes of the blockchain network.
The method of any one of claims 24 to 27, wherein the at least one validation node includes the issue node and a financial node, and the validating the instruction to generate a first validation result comprises:

validating, by the financial node, the instruction using the public key of the request node to generate a third validation result; and

validating, by the issue node, the instruction using the public key of the request node to generate a fourth validation result, wherein the first validation result is based on the third validation result and the fourth validation result.
The method of claim 30, wherein to issue at least a portion of the one or more certificates to the request node according to the first contract upon the determination that the first validation result that the instruction is valid, the method further includes:

upon the determination that the first validation result that the instruction is valid, allocating, by the financial node, an asset for the request according to the first contract;

generating, by the issue node, the at least a portion of the one or more certificates using the allocated asset according to the first contract; and

issuing, by the issue node, the at least a portion of the one or more certificates to the request node.
The method of any one of claims 24 to 31, wherein the first contract includes at least one of an identity of the request node, a count of the one or more certificates, a discount rate of the one or more certificates, a discount amount of the one or more certificates, a validity period of the one or more certificates, a condition for use of the one or more certificates, a type of the one or more certificates, or a distribution rule of the one or more certificates.
A non-transitory computer readable medium, comprising executable instructions that, when executed by a blockchain network, direct the blockchain network to perform a method, the blockchain network including a plurality of nodes, each of the plurality of nodes being configured to communicate with each of the other one or more nodes of the plurality of nodes, the plurality of nodes at least including a request node, at least one validation node, and an issue node, the method comprising:

receiving, by the request node, a request for one or more certificates;

in response to the request, generating a first contract encoding the request;

generating, by the request node, an instruction to approve the request using a private key of the request node;

transmitting, by the request node to the at least one validation node, the instruction to approve the request;

validating, by the at least one validation node, the instruction using a public key of the request node to generate a first validation result regarding the instruction, and

upon a determination that a first validation result that the instruction is valid, issuing, by the issue node, at least a portion of the one or more certificates to the request node according the first contract.
The non-transitory computer readable medium of claim 33, wherein the issuing at least a portion of the one or more certificates to the request node according to the first contract upon a determination that a first validation result that the instruction is valid comprises:

upon the determination that the first validation result that the instruction is valid, generating, by the issue node, the at least a portion of the one or more certificates according the first contract; and

issuing, by the issue node, the at least a portion of the one or more certificates to the request node.