WO2020215575A1 - Blockchain-based signature file saving method and apparatus, and computer device - Google Patents

Blockchain-based signature file saving method and apparatus, and computer device Download PDF

Info

Publication number
WO2020215575A1
WO2020215575A1 PCT/CN2019/103540 CN2019103540W WO2020215575A1 WO 2020215575 A1 WO2020215575 A1 WO 2020215575A1 CN 2019103540 W CN2019103540 W CN 2019103540W WO 2020215575 A1 WO2020215575 A1 WO 2020215575A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
digital certificate
blockchain
terminal
signature file
Prior art date
Application number
PCT/CN2019/103540
Other languages
French (fr)
Chinese (zh)
Inventor
李洪
江琳
刘翔
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020215575A1 publication Critical patent/WO2020215575A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party

Definitions

  • This application relates to the computer field, in particular to a method, device, computer equipment and storage medium for saving signature files based on blockchain.
  • the main purpose of this application is to provide a method, device, computer equipment and storage medium for saving signature files based on blockchain, which aims to support signature file signing, save signature files and ensure the authenticity of signature files.
  • this application proposes a method for saving signature files based on blockchain, which is applied to a server and includes the following steps:
  • the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate
  • the designated signature file is valid, save the designated signature file with signature in all blockchain nodes in the pre-built blockchain network, where the server is a block of the blockchain Chain node.
  • This application provides a block chain-based signature file storage device, which is applied to a server, and includes:
  • a signature request receiving unit configured to receive a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey;
  • the identity verification unit is configured to obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in And digital certificate verification plug-in;
  • a designated signature file obtaining unit configured to allow the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature if the identity verification of the terminal is correct;
  • the validity judging unit is configured to judge whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate Sex
  • the designated signature file storage unit is configured to, if the designated signature file is valid, save the designated signature file with a signature in all blockchain nodes in a pre-built blockchain network, where the server is A block chain node of the block chain.
  • the present application provides a computer device including a memory and a processor, the memory stores a computer program, and the processor implements the steps of any one of the above methods when the computer program is executed.
  • the present application provides a non-volatile computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the above methods are implemented.
  • the blockchain-based signature file storage method, device, computer equipment and storage medium of this application receive a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, it is allowed
  • the terminal performs a signature operation on the designated signature file to obtain a designated signature file with a signature, and if the designated signature file is valid, the designated signature file is recorded to all areas in the pre-built blockchain network Block chain node. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
  • FIG. 1 is a schematic flowchart of a method for saving a signature file based on a blockchain according to an embodiment of the application
  • FIG. 2 is a schematic block diagram of the structure of a block chain-based signature file storage device according to an embodiment of the application;
  • FIG. 3 is a schematic block diagram of the structure of a computer device according to an embodiment of the application.
  • an embodiment of the present application provides a method for saving a signature file based on a blockchain, which is applied to a server and includes the following steps:
  • S4 Determine whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
  • ukey also known as USBKEY
  • USB Universal Serial Bus Interface
  • a digital certificate is stored in the ukey to verify the ukey support.
  • Digital certificate refers to an authoritative third-party organization-CA (Certificate Authority, e-commerce certification authority) issued by the certificate used to identify the identity on the network, can also be called a CA certificate.
  • the digital certificate includes the identity information of the holder and the certificate public key, and the corresponding certificate private key is held by the user corresponding to the ukey.
  • the designated signature file can be any electronic file that requires an electronic signature, such as an electronic contract.
  • a terminal with ukey plugged in is more secure than a terminal without ukey plugged in due to the use of the identity verification function of ukey.
  • step S2 obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the ukey signature Plug-in and digital certificate verification plug-in.
  • This embodiment adopts an integrated plug-in including a ukey signature plug-in and a digital certificate verification plug-in. Compared with a separate plug-in, the step of calling the plug-in is saved, and the plug-ins that need to be used in this method are called uniformly at one time, and the integration is high. , Time-saving and efficient.
  • the process of verifying the identity of the terminal by the ukey signature plug-in can be in any manner, for example, obtaining a corresponding data certificate from the CA that issued the data certificate, and judging the data certificate of the CA organization and the data sent by the terminal Whether the certificates are the same, if they are the same, it is determined that the identity of the terminal is true.
  • the process of verifying the identity of the terminal by the ukey signature plug-in includes: obtaining the digital certificate sent by the terminal, information used for identity verification, and verifying the information used for identity verification according to the certificate private key Encrypting the ciphertext; using the ukey signature plug-in to obtain the certificate public key from the digital certificate; using the ukey signature plug-in to decrypt the ciphertext using the certificate public key to obtain decryption information; It is determined whether the decrypted information is the same as the information used for identity verification; if the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
  • step S3 if the identity verification of the terminal is correct, the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature. If the identity verification of the terminal is correct, it is certain that there will be no impersonation phenomenon, so the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature.
  • step S4 it is determined whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness.
  • the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness.
  • the process of using the digital certificate verification plug-in to verify the validity of the digital certificate includes: extracting the validity-related information of the digital certificate from the digital certificate, such as the effective date, the issuing CA institution, etc., Then judge whether the digital certificate is valid according to the information related to validity, for example, judge whether the current date is within the valid date.
  • the process of judging whether the specified signature file with the signature is valid according to a preset inspection rule may also include any method for judging whether the signature file is valid.
  • the designated signature file with the signature is stored in all the blockchain nodes in the pre-built blockchain network, where the server is the A blockchain node of the blockchain. If the designated signature file is valid, save the designated signature file to complete online signature storage. In order to ensure the security of the designated signature file and ensure that the content of the designated signature file is not tampered with, the designated signature file is recorded in all the blockchain nodes in the pre-built blockchain (that is, stored in the blockchain In the public account book), the data can not be changed by the blockchain to increase the security of the specified signature file.
  • the block chain can be constructed in any manner, for example, the server can be used as the initiator of the block chain network.
  • the specific process includes: creating a Blockchain class (block chain class) in any feasible language. Create a list for storing the blockchain in the constructor; after instantiating the Blockchain class, create the genesis block (the first block before the block); determine the consensus mechanism of the blockchain (such as workload Proof mechanism, equity proof mechanism, share authorization proof mechanism and Pool verification pool); receiving the terminal that agrees to the consensus mechanism as the node of the blockchain network, thereby obtaining the pre-built blockchain network.
  • the nodes (interacting subjects) of the blockchain network may be terminals that agree to the consensus mechanism. Among them, each node is connected to each other to verify whether the data has been tampered with (using hash value and asymmetric encryption technology in the blockchain).
  • the blockchain may be a public chain, a consortium chain or a private chain.
  • the digital certificate records the certificate public key, the user corresponding to the ukey holds the certificate private key, and the digital certificate sent by the terminal is obtained, and a preset integrated plug-in is used
  • the Ukey signature plug-in of the Ukey verifies the identity of the terminal according to the digital certificate, wherein the integrated plug-in includes the Ukey signature plug-in and the digital certificate verification plug-in.
  • Step S2 includes:
  • S204 Determine whether the decryption information is the same as the information used for identity verification
  • the certificate public key is recorded in the digital certificate, and the user corresponding to the ukey holds the certificate private key. Therefore, when the identity of the terminal needs to be verified, the certificate private key held by the user is used by the user.
  • the information used for identity verification (which can be any information used for comparison with the information decrypted by the server) is encrypted to obtain ciphertext.
  • the server can perform decryption operations through the certificate public key clearly recorded in the digital certificate.
  • the decryption information obtained by the server through the certificate public key decryption must be different from the information used for identity verification, so that the identity of the terminal can be determined Otherwise, it is determined that the identity verification of the terminal is correct.
  • said determining whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate includes:
  • the digital certificate records relevant information about the effective date, such as the effective start date and the effective end date.
  • the process of extracting the effective date of the digital certificate includes: obtaining the effective start date and the effective end date of extracting the digital certificate, taking the date between the effective start date and the effective end date as the effective date. If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid, and if the current date is within the effective date, it can be determined that the date is correct.
  • the method includes:
  • S405 Determine whether the e-commerce certification authority exists in a preset list of trusted certification agencies
  • the e-commerce certification authority As described above, it is achieved by judging whether the e-commerce certification authority (CA) exists in the preset trusted certification authority list, thereby judging whether the specified signature file with the signature is valid.
  • the e-commerce certification authority is not static, and the authority that can be authorized is not necessarily the same. Therefore, the e-commerce certification authority should be verified.
  • a list of trusted certification authorities is preset in the server, which records trusted e-commerce certification authorities, so that it is only necessary to determine whether the e-commerce certification authority exists in the trusted certification authority list to verify the The e-commerce certification authority. If the e-commerce certification authority exists in the preset list of trusted certification authorities, the e-commerce certification authority is deemed to be correct, and the designated signature file with the signature is determined to be valid.
  • the specified signature file with the signature is stored in all blockchain nodes in a pre-built blockchain network, where the server is Before step S5 of a block chain node of the block chain, it includes:
  • the designated languages include any feasible languages such as JAVA, C++, Python, etc.
  • Class is the basis for information encapsulation in object-oriented programming.
  • a class is a user-defined type, also called a type. Each class contains data descriptions and a set of functions for manipulating data or passing messages.
  • the blockchain class is the class describing the blockchain. Instantiating the blockchain class is to declare an object of the blockchain type, thereby obtaining the genesis block (the first block before the block), where the genesis block can be the previous block The hash value is recorded as 0. Based on the genesis block, other blocks are generated, wherein the other blocks record the hash value of the previous block, thereby forming a multi-block blockchain.
  • the terminal that agrees to the preset consensus mechanism of the blockchain is used as the blockchain node, thereby establishing the blockchain network.
  • the consensus mechanism is, for example, a workload certification mechanism, an equity certification mechanism, and a share authorization certification mechanism. Accordingly, the blockchain network is established.
  • the step S43 of establishing the blockchain network by using the terminal that agrees to the preset consensus mechanism of the blockchain as the blockchain node includes:
  • S4301 Receive a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
  • S4302 Determine whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset permission IP list;
  • the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset IP list of authority, then the terminal that agrees to the preset consensus mechanism of the blockchain is taken as the zone Block chain nodes, thereby establishing the block chain network.
  • the determination of the blockchain node is achieved.
  • a method of verifying authority is adopted to limit the blockchain nodes, thereby establishing the blockchain network, that is, the blockchain network is preferably a consortium chain or a private chain. Since this block chain is preferably used to store electronic contracts, the parties involved, expected to participate, and involved in the electronic contract are selected as the nodes of the block chain, which can make the block chain easier to build, manage and more flexible .
  • the terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node, thereby establishing the blockchain network.
  • the specified signature file with the signature is stored in all blockchain nodes in a pre-built blockchain network, where the server is After step S5 of a block chain node of the block chain, it includes:
  • S52 By querying the login account authority of the designated blockchain node, it is determined whether the designated blockchain node has the authority to query the signature file;
  • the query of the signature file is realized.
  • the electronic contract has a certain degree of confidentiality and does not want to be inquired by irrelevant personnel, so set the inquiry authority accordingly.
  • the login account permissions of the blockchain node it is determined whether the blockchain node has the signature file query permission, and if the blockchain node has the signature file query permission, the block is allowed
  • the chain node queries the signature file.
  • the login account includes user name login or ukey identity login.
  • the process of querying the login account authority of the blockchain node includes: obtaining the login account, determining whether the login account exists in the preset signature file query authority list, and if it exists, determining that it has the signature file query authority.
  • the blockchain-based signature file saving method of this application receives a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, the terminal is allowed to sign on the designated signature file. A signature operation is performed on the file to obtain a designated signature file with a signature. If the designated signature file is valid, the designated signature file is recorded in all blockchain nodes in the pre-built blockchain network. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
  • an embodiment of the present application provides a block chain-based signature file storage device applied to a server, including:
  • the signature request receiving unit 10 is configured to receive a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey;
  • the identity verification unit 20 is configured to obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature Plug-in and digital certificate verification plug-in;
  • the designated signature file obtaining unit 30 is configured to allow the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature if the identity verification of the terminal is correct;
  • the validity judging unit 40 is configured to judge whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness
  • the designated signature file storage unit 50 is configured to, if the designated signature file is valid, save the designated signature file with the signature in all blockchain nodes in a pre-built blockchain network, where the server is A blockchain node of the blockchain.
  • ukey also known as USBKEY
  • USB Universal Serial Bus Interface
  • a digital certificate is stored in the ukey to verify the ukey support.
  • Digital certificate refers to an authoritative third-party organization-CA (Certificate Authority, e-commerce certification authority) issued by the certificate used to identify the identity on the network, can also be called a CA certificate.
  • the digital certificate includes the identity information of the holder and the certificate public key, and the corresponding certificate private key is held by the user corresponding to the ukey.
  • the designated signature file can be any electronic file that requires an electronic signature, such as an electronic contract.
  • a terminal with ukey plugged in is more secure than a terminal without ukey plugged in due to the use of the identity verification function of ukey.
  • the digital certificate sent by the terminal is obtained, and the identity of the terminal is verified according to the digital certificate using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the ukey signature Plug-in and digital certificate verification plug-in.
  • This embodiment adopts an integrated plug-in including a ukey signature plug-in and a digital certificate verification plug-in. Compared with a separate plug-in, the step of calling the plug-in is saved, and the plug-ins that need to be used in this method are called uniformly at one time, and the integration is high. , Time-saving and efficient.
  • the process of verifying the identity of the terminal by the ukey signature plug-in can be in any manner, for example, obtaining a corresponding data certificate from the CA that issued the data certificate, and judging the data certificate of the CA organization and the data sent by the terminal Whether the certificates are the same, if they are the same, it is determined that the identity of the terminal is true.
  • the process of verifying the identity of the terminal by the ukey signature plug-in includes: obtaining the digital certificate sent by the terminal, information used for identity verification, and verifying the information used for identity verification according to the certificate private key Encrypting the ciphertext; using the ukey signature plug-in to obtain the certificate public key from the digital certificate; using the ukey signature plug-in to decrypt the ciphertext using the certificate public key to obtain decryption information; It is determined whether the decrypted information is the same as the information used for identity verification; if the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
  • the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature. If the identity verification of the terminal is correct, it is certain that there will be no impersonation phenomenon, so the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature.
  • the process of using the digital certificate verification plug-in to verify the validity of the digital certificate includes: extracting the validity-related information of the digital certificate from the digital certificate, such as the effective date, the issuing CA institution, etc., Then judge whether the digital certificate is valid according to the information related to validity, for example, judge whether the current date is within the valid date. Further, the process of judging whether the specified signature file with the signature is valid according to a preset inspection rule may also include any method for judging whether the signature file is valid.
  • the designated signature file with the signature is stored in all blockchain nodes in the pre-built blockchain network, where the server is the A blockchain node of the blockchain. If the designated signature file is valid, save the designated signature file to complete online signature storage. In order to ensure the security of the designated signature file and ensure that the content of the designated signature file is not tampered with, the designated signature file is recorded in all the blockchain nodes in the pre-built blockchain (that is, stored in the blockchain In the public account book), the data can not be changed by the blockchain to increase the security of the specified signature file.
  • the block chain can be constructed in any manner, for example, the server can be used as the initiator of the block chain network.
  • the specific process includes: creating a Blockchain class (block chain class) in any feasible language. Create a list for storing the blockchain in the constructor; after instantiating the Blockchain class, create the genesis block (the first block before the block); determine the consensus mechanism of the blockchain (such as workload Proof mechanism, equity proof mechanism, share authorization proof mechanism and Pool verification pool); receiving the terminal that agrees to the consensus mechanism as the node of the blockchain network, thereby obtaining the pre-built blockchain network.
  • the nodes (interacting subjects) of the blockchain network may be terminals that agree to the consensus mechanism. Among them, each node is connected to each other to verify whether the data has been tampered with (using hash value and asymmetric encryption technology in the blockchain).
  • the blockchain may be a public chain, a consortium chain or a private chain.
  • the digital certificate records the certificate public key
  • the user corresponding to the ukey holds the certificate private key
  • the identity verification unit 20 includes:
  • the digital certificate acquisition subunit is configured to acquire the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
  • a certificate public key obtaining subunit configured to use the ukey signature plug-in to obtain the certificate public key from the digital certificate
  • the decryption subunit is used to decrypt the ciphertext using the certificate public key to obtain decryption information
  • the decryption information judging subunit is used to judge whether the decrypted information is the same as the information used for identity verification;
  • the identity verification correctness determination subunit is configured to determine that the identity verification of the terminal is correct if the decrypted information is the same as the information used for identity verification.
  • the certificate public key is recorded in the digital certificate, and the user corresponding to the ukey holds the certificate private key. Therefore, when the identity of the terminal needs to be verified, the certificate private key held by the user is used by the user.
  • the information used for identity verification (which can be any information used for comparison with the information decrypted by the server) is encrypted to obtain ciphertext.
  • the server can perform decryption operations through the certificate public key clearly recorded in the digital certificate.
  • the decryption information obtained by the server through the certificate public key decryption must be different from the information used for identity verification, so that the identity of the terminal can be determined Otherwise, it is determined that the identity verification of the terminal is correct.
  • the valid judgment unit 40 includes:
  • An effective date extraction subunit for extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
  • the effective date judging subunit is used to judge whether the current date is within the effective date
  • the invalidity determination subunit is used for determining that the designated signature file with signature is invalid if the current date is not within the effective date.
  • the digital certificate records relevant information about the effective date, such as the effective start date and the effective end date.
  • the process of extracting the effective date of the digital certificate includes: obtaining the effective start date and the effective end date of extracting the digital certificate, taking the date between the effective start date and the effective end date as the effective date. If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid, and if the current date is within the effective date, it can be determined that the date is correct.
  • the valid judgment unit 40 includes:
  • the authority extraction subunit is configured to extract the e-commerce certification authority that issued the digital certificate from the digital certificate if the current date is within the effective date;
  • the trusted certification authority judging subunit is used to determine whether the e-commerce certification authority exists in the preset trusted certification authority list;
  • the validity determination subunit is configured to determine that the designated signature file with the signature is valid if the e-commerce certification authority exists in the preset trusted certification authority list.
  • the e-commerce certification authority As described above, it is achieved by judging whether the e-commerce certification authority (CA) exists in the preset trusted certification authority list, thereby judging whether the specified signature file with the signature is valid.
  • the e-commerce certification authority is not static, and the authority that can be authorized is not necessarily the same. Therefore, the e-commerce certification authority should be verified.
  • a list of trusted certification authorities is preset in the server, which records trusted e-commerce certification authorities, so that it is only necessary to determine whether the e-commerce certification authority exists in the trusted certification authority list to verify the The e-commerce certification authority. If the e-commerce certification authority exists in the preset list of trusted certification authorities, the e-commerce certification authority is deemed to be correct, and the designated signature file with the signature is determined to be valid.
  • the device includes:
  • Genesis block establishment unit used to create a blockchain class in the server in a specified language, and establish a genesis block after instantiating the blockchain class
  • a block generating unit configured to generate other blocks based on the genesis block, wherein the hash value of the previous block is recorded in the other blocks;
  • the block chain network establishment unit is used to establish the block chain network by using terminals that agree with the preset consensus mechanism of the block chain as the block chain node.
  • the designated languages include any feasible languages such as JAVA, C++, Python, etc.
  • Class is the basis for information encapsulation in object-oriented programming.
  • a class is a user-defined type, also called a type. Each class contains data descriptions and a set of functions for manipulating data or passing messages.
  • the blockchain class is the class describing the blockchain. Instantiating the blockchain class is to declare an object of the blockchain type, thereby obtaining the genesis block (the first block before the block), where the genesis block can be the previous block The hash value is recorded as 0. Based on the genesis block, other blocks are generated, wherein the other blocks record the hash value of the previous block, thereby forming a multi-block blockchain.
  • the terminal that agrees to the preset consensus mechanism of the blockchain is used as the blockchain node, thereby establishing the blockchain network.
  • the consensus mechanism is, for example, a workload certification mechanism, an equity certification mechanism, and a share authorization certification mechanism. Accordingly, the blockchain network is established.
  • the block chain network establishment unit includes:
  • the joining request receiving subunit is used to receive a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
  • the authority IP judging subunit is used to determine whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset authority IP list;
  • the block chain network establishment sub-unit is configured to: if the IP address of the terminal that agrees to the preset consensus mechanism of the block chain exists in the preset permission IP list, then agree to the block chain
  • the terminal with a preset consensus mechanism serves as a blockchain node, thereby establishing the blockchain network.
  • the determination of the blockchain node is achieved.
  • a method of verifying authority is adopted to limit the blockchain nodes, thereby establishing the blockchain network, that is, the blockchain network is preferably a consortium chain or a private chain. Since this block chain is preferably used to store electronic contracts, the parties involved, expected to participate, and involved in the electronic contract are selected as the nodes of the block chain, which can make the block chain easier to build, manage and more flexible .
  • the terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node, thereby establishing the blockchain network.
  • the device includes:
  • the query request receiving unit is used to receive the signature file query request sent by the designated blockchain node;
  • the query authority determining unit is used to query the login account authority of the designated blockchain node to determine whether the designated blockchain node has the signature file query authority;
  • the query permission unit is configured to allow the designated blockchain node to query the signature file if the designated blockchain node has the signature file query authority.
  • the query of the signature file is realized.
  • the electronic contract has a certain degree of confidentiality and does not want to be inquired by irrelevant personnel, so set the inquiry authority accordingly.
  • the login account permissions of the blockchain node it is determined whether the blockchain node has the signature file query permission, and if the blockchain node has the signature file query permission, the block is allowed
  • the chain node queries the signature file.
  • the login account includes user name login or ukey identity login.
  • the process of querying the login account authority of the blockchain node includes: obtaining the login account, determining whether the login account exists in the preset signature file query authority list, and if it exists, determining that it has the signature file query authority.
  • the block chain-based signature file storage device of the present application receives a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, the terminal is allowed to sign on the designated signature file.
  • a signature operation is performed on the file to obtain a designated signature file with a signature. If the designated signature file is valid, the designated signature file is recorded in all blockchain nodes in the pre-built blockchain network. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
  • an embodiment of the present application also provides a computer device.
  • the computer device may be a server, and its internal structure may be as shown in the figure.
  • the computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the computer designed processor is used to provide calculation and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, a computer program, and a database.
  • the memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium.
  • the database of the computer equipment is used to store the data used in the signature file preservation method based on the blockchain.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the above-mentioned processor executes the above-mentioned blockchain-based signature file storage method, wherein the steps included in the method respectively correspond to the steps of executing the blockchain-based signature file storage method of the foregoing embodiment, and will not be repeated here.
  • An embodiment of the present application also provides a non-volatile computer-readable storage medium on which a computer program is stored.
  • a method for saving a signature file based on a blockchain is realized, wherein the method includes The steps respectively correspond to the steps of executing the method for storing signature files based on the blockchain of the foregoing embodiment one by one, and will not be repeated here.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

A blockchain-based signature file saving method and apparatus, a computer device, and a storage medium. The method comprises: receiving a request for signature on a specified signature file sent by a terminal having a ukey inserted thereon; obtaining a digital certificate sent by the terminal; if the identity of the terminal is verified to be correct, allowing the terminal to execute a signature operation on the specified signature file; determining whether the specified signature file having a signature is valid; and if the specified signature file is valid, saving the specified signature file having the signature in all blockchain nodes in a pre-constructed blockchain network, a server being a blockchain node of the blockchain. Therefore, signing on a signature file is supported, the signature file is saved, and the authenticity of the signature file is ensured.

Description

基于区块链的签名文件保存方法、装置和计算机设备Block chain-based signature file preservation method, device and computer equipment
本申请要求于2019年4月25日提交中国专利局、申请号为201910341157.3,发明名称为“基于区块链的签名文件保存方法、装置和计算机设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 25, 2019, the application number is 201910341157.3, and the invention title is "Blockchain-based signature file preservation method, device and computer equipment", and its entire content Incorporated in this application by reference.
技术领域Technical field
本申请涉及到计算机领域,特别是涉及到一种基于区块链的签名文件保存方法、装置、计算机设备和存储介质。This application relates to the computer field, in particular to a method, device, computer equipment and storage medium for saving signature files based on blockchain.
背景技术Background technique
企业在发展过程中,契约都以合同的形式来落地,而电子合同越来越成为发展趋势,为了能够实现电子合同的在线签订,目前一般在第三方的在线签约平台上进行电子合同的签订。但是,第三方的在线签约平台的权威性难以得到保证,不适宜保存签约的电子合同,相对而言较容易使电子合同受到篡改,因此电子合同的安全性得不到保证,若出现合同纠纷时,第三方的在线签约平台中保存的电子合同存在被篡改的可能,那么电子合同的真实性会被质疑,不利于纠纷的解决。发明人意识到,现有技术缺乏能够支持电子合同签订、能保存电子合同并保证电子合同真实性的技术方案。In the development process of enterprises, contracts are implemented in the form of contracts, and electronic contracts are increasingly becoming a development trend. In order to realize the online signing of electronic contracts, electronic contracts are generally signed on third-party online signing platforms. However, the authority of the third-party online contract platform is difficult to guarantee, and it is not suitable to save the signed electronic contract. It is relatively easy to tamper with the electronic contract. Therefore, the security of the electronic contract cannot be guaranteed. If there is a contract dispute , The electronic contract stored in the third-party online contracting platform may be tampered with, so the authenticity of the electronic contract will be questioned, which is not conducive to the settlement of disputes. The inventor realizes that the prior art lacks a technical solution that can support the signing of electronic contracts, preserve electronic contracts, and ensure the authenticity of electronic contracts.
技术问题technical problem
本申请的主要目的为提供一种基于区块链的签名文件保存方法、装置、计算机设备和存储介质,旨在支持签名文件签订、保存签名文件并保证签名文件真实性。The main purpose of this application is to provide a method, device, computer equipment and storage medium for saving signature files based on blockchain, which aims to support signature file signing, save signature files and ensure the authenticity of signature files.
技术解决方案Technical solutions
为了实现上述发明目的,本申请提出一种基于区块链的签名文件保存方法,应用于服务器,包括以下步骤:In order to achieve the above-mentioned purpose of the invention, this application proposes a method for saving signature files based on blockchain, which is applied to a server and includes the following steps:
接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;Receiving a signature request on a designated signature file sent by a terminal plugged with ukey, where a digital certificate is stored in the ukey;
获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;Obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in and a digital certificate verification plug-in ;
若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;If the identity verification of the terminal is correct, allowing the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature;
根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;Judging whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。If the designated signature file is valid, save the designated signature file with signature in all blockchain nodes in the pre-built blockchain network, where the server is a block of the blockchain Chain node.
本申请提供一种基于区块链的签名文件保存装置,应用于服务器,包括:This application provides a block chain-based signature file storage device, which is applied to a server, and includes:
签名请求接收单元,用于接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;A signature request receiving unit, configured to receive a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey;
身份验证单元,用于获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;The identity verification unit is configured to obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in And digital certificate verification plug-in;
指定签名文件获取单元,用于若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;A designated signature file obtaining unit, configured to allow the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature if the identity verification of the terminal is correct;
有效判断单元,用于根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;The validity judging unit is configured to judge whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate Sex
指定签名文件保存单元,用于若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。The designated signature file storage unit is configured to, if the designated signature file is valid, save the designated signature file with a signature in all blockchain nodes in a pre-built blockchain network, where the server is A block chain node of the block chain.
本申请提供一种计算机设备,包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现上述任一项所述方法的步骤。The present application provides a computer device including a memory and a processor, the memory stores a computer program, and the processor implements the steps of any one of the above methods when the computer program is executed.
本申请提供一种非易失性的计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任一项所述的方法的步骤。The present application provides a non-volatile computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the above methods are implemented.
有益效果Beneficial effect
本申请的基于区块链的签名文件保存方法、装置、计算机设备和存储介质,接收插接有ukey的终端发送的在指定签名文件上的签名请求,若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件,若所述指定签名文件有效,则将所述指定签名文件记录至预先构建的区块链网络中的所有区块链节点中。从而实现了在线签名、保存签名文件并保证保存的签名文件的真实性。The blockchain-based signature file storage method, device, computer equipment and storage medium of this application receive a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, it is allowed The terminal performs a signature operation on the designated signature file to obtain a designated signature file with a signature, and if the designated signature file is valid, the designated signature file is recorded to all areas in the pre-built blockchain network Block chain node. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
附图说明Description of the drawings
图1 为本申请一实施例的基于区块链的签名文件保存方法的流程示意图;FIG. 1 is a schematic flowchart of a method for saving a signature file based on a blockchain according to an embodiment of the application;
图2 为本申请一实施例的基于区块链的签名文件保存装置的结构示意框图;FIG. 2 is a schematic block diagram of the structure of a block chain-based signature file storage device according to an embodiment of the application;
图3 为本申请一实施例的计算机设备的结构示意框图。FIG. 3 is a schematic block diagram of the structure of a computer device according to an embodiment of the application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics, and advantages of the purpose of this application will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
本发明的最佳实施方式The best mode of the invention
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions, and advantages of this application clearer, the following further describes this application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and not used to limit the application.
参照图1,本申请实施例提供一种基于区块链的签名文件保存方法,应用于服务器,包括以下步骤:1, an embodiment of the present application provides a method for saving a signature file based on a blockchain, which is applied to a server and includes the following steps:
S1、接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;S1. Receive a signature request on a designated signature file sent by a terminal plugged with ukey, where a digital certificate is stored in the ukey;
S2、获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;S2. Obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in and a digital certificate verification Verification plug-in;
S3、若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;S3. If the identity verification of the terminal is correct, allowing the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature;
S4、根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;S4. Determine whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
S5、若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。S5. If the specified signature file is valid, save the specified signature file with the signature in all blockchain nodes in the pre-built blockchain network, where the server is one of the blockchains Blockchain node.
如上述步骤S1所述,接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书。其中ukey(也称USBKEY)是一种通过USB (通用串行总线接口)直接与计算机相连、具有密码验证功能、可靠高速的小型存储设备,ukey中存储有数字证书,用于验证所述ukey持有者的身份以及执行签名操作。数字证书是指由权威的第三方机构——CA机构(Certificate Authority,电子商务认证授权机构)签发的,用于在网络上识别身份的证书,也可称为CA证书。所述数字证书包括了持有者的身份信息与证书公钥,相应的证书私钥为所述ukey对应的用户持有。指定签名文件可为任意需要电子签名的电子文件,例如电子合同。插接有ukey的终端,相比于未插接有ukey的终端,由于利用了ukey的身份验证功能,安全性更高。As described in the above step S1, receiving a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey. Among them, ukey (also known as USBKEY) is a small storage device that is directly connected to the computer via USB (Universal Serial Bus Interface), has a password verification function, and is reliable and high-speed. A digital certificate is stored in the ukey to verify the ukey support. The identity of the owner and the execution of the signature operation. Digital certificate refers to an authoritative third-party organization-CA (Certificate Authority, e-commerce certification authority) issued by the certificate used to identify the identity on the network, can also be called a CA certificate. The digital certificate includes the identity information of the holder and the certificate public key, and the corresponding certificate private key is held by the user corresponding to the ukey. The designated signature file can be any electronic file that requires an electronic signature, such as an electronic contract. A terminal with ukey plugged in is more secure than a terminal without ukey plugged in due to the use of the identity verification function of ukey.
如上述步骤S2所述,获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件。本实施方式采用包括ukey签名插件和数字证书校验插件的集成插件,相对于分离的插件而言,节省了分步调用插件的步骤,一次性将本方法需要使用的插件统一调用,集成度高,省时高效。其中,ukey签名插件验证所述终端的身份的过程可为任意方式,例如从签发所述数据证书的CA机构中获取相应的数据证书,判断所述CA机构的数据证书与所述终端发送的数据证书是否相同,若相同则判定所述终端的身份为真。进一步地,ukey签名插件验证所述终端的身份的过程包括:获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密的密文;使用所述ukey签名插件从所述数字证书中获取所述证书公钥;使用所述ukey签名插件,采用所述证书公钥对所述密文进行解密,获得解密信息;判断所述解密信息是否与所述用于身份验证的信息相同;若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。As described in step S2 above, obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the ukey signature Plug-in and digital certificate verification plug-in. This embodiment adopts an integrated plug-in including a ukey signature plug-in and a digital certificate verification plug-in. Compared with a separate plug-in, the step of calling the plug-in is saved, and the plug-ins that need to be used in this method are called uniformly at one time, and the integration is high. , Time-saving and efficient. The process of verifying the identity of the terminal by the ukey signature plug-in can be in any manner, for example, obtaining a corresponding data certificate from the CA that issued the data certificate, and judging the data certificate of the CA organization and the data sent by the terminal Whether the certificates are the same, if they are the same, it is determined that the identity of the terminal is true. Further, the process of verifying the identity of the terminal by the ukey signature plug-in includes: obtaining the digital certificate sent by the terminal, information used for identity verification, and verifying the information used for identity verification according to the certificate private key Encrypting the ciphertext; using the ukey signature plug-in to obtain the certificate public key from the digital certificate; using the ukey signature plug-in to decrypt the ciphertext using the certificate public key to obtain decryption information; It is determined whether the decrypted information is the same as the information used for identity verification; if the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
如上述步骤S3所述,若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件。若所述终端的身份验证无误,则可以肯定不会出现冒名顶替的现象,因此允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件。As described in step S3 above, if the identity verification of the terminal is correct, the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature. If the identity verification of the terminal is correct, it is certain that there will be no impersonation phenomenon, so the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature.
如上述步骤S4所述,根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性。如前述,虽然已经确定终端的身份无误,但是数字证书的有效性还需要进一步确认。其中采用所述数字证书校验插件检验所述数字证书的有效性的过程包括:从所述数字证书中提取所述数字证书的与有效性相关的信息,例如有效日期、签发的CA机构等,再根据与有效性相关的信息判断所述数字证书是否有效,例如判断当前日期是否在有效日期之内。进一步地,根据预设的检验规则,判断所述具有签名的指定签名文件是否有效的过程还可以包括任意可判断签名文件是否有效的方式。As described in step S4 above, it is determined whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness. As mentioned above, although the identity of the terminal has been determined to be correct, the validity of the digital certificate needs further confirmation. The process of using the digital certificate verification plug-in to verify the validity of the digital certificate includes: extracting the validity-related information of the digital certificate from the digital certificate, such as the effective date, the issuing CA institution, etc., Then judge whether the digital certificate is valid according to the information related to validity, for example, judge whether the current date is within the valid date. Further, the process of judging whether the specified signature file with the signature is valid according to a preset inspection rule may also include any method for judging whether the signature file is valid.
如上述步骤S5所述,若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。若所述指定签名文件有效,那么将所述指定签名文件保存即可完成在线签名存证。为了保证指定签名文件的安全性且保证指定签名文件内容不被篡改,故将所述指定签名文件记录至预先构建的区块链中的所有区块链节点中(即保存在所述区块链的公共账本中),从而利用区块链的数据不可更改特性以增加指定签名文件的安全性。其中,所述区块链的搭建方式可为任意方式,例如可由所述服务器作为区块链网络发起者,具体的过程包括:以任一可行语言创建一个 Blockchain 类(区块链类),在构造函数中创建用于储存区块链的列表;将所述Blockchain类实例化后,建立创世块(没有区块前的第一个区块);确定区块链的共识机制(例如工作量证明机制、权益证明机制、股份授权证明机制和Pool验证池);接收同意所述共识机制的终端作为所述区块链网络的节点,从而获得所述预先搭建的区块链网络。其中,所述区块链网络的节点(相互交互的主体)可为同意所述共识机制的终端。其中,各节点间互相连接,可相互验证数据是否被篡改(利用哈希值与区块链中的非对称加密技术)。所述区块链可为公有链、联盟链或者是私有链。As described in step S5 above, if the designated signature file is valid, the designated signature file with the signature is stored in all the blockchain nodes in the pre-built blockchain network, where the server is the A blockchain node of the blockchain. If the designated signature file is valid, save the designated signature file to complete online signature storage. In order to ensure the security of the designated signature file and ensure that the content of the designated signature file is not tampered with, the designated signature file is recorded in all the blockchain nodes in the pre-built blockchain (that is, stored in the blockchain In the public account book), the data can not be changed by the blockchain to increase the security of the specified signature file. Wherein, the block chain can be constructed in any manner, for example, the server can be used as the initiator of the block chain network. The specific process includes: creating a Blockchain class (block chain class) in any feasible language. Create a list for storing the blockchain in the constructor; after instantiating the Blockchain class, create the genesis block (the first block before the block); determine the consensus mechanism of the blockchain (such as workload Proof mechanism, equity proof mechanism, share authorization proof mechanism and Pool verification pool); receiving the terminal that agrees to the consensus mechanism as the node of the blockchain network, thereby obtaining the pre-built blockchain network. Wherein, the nodes (interacting subjects) of the blockchain network may be terminals that agree to the consensus mechanism. Among them, each node is connected to each other to verify whether the data has been tampered with (using hash value and asymmetric encryption technology in the blockchain). The blockchain may be a public chain, a consortium chain or a private chain.
在一个实施方式中,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件的步骤S2,包括:In one embodiment, the digital certificate records the certificate public key, the user corresponding to the ukey holds the certificate private key, and the digital certificate sent by the terminal is obtained, and a preset integrated plug-in is used The Ukey signature plug-in of the Ukey verifies the identity of the terminal according to the digital certificate, wherein the integrated plug-in includes the Ukey signature plug-in and the digital certificate verification plug-in. Step S2 includes:
S201、获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;S201. Obtain the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
S202、使用所述ukey签名插件从所述数字证书中获取所述证书公钥;S202. Use the ukey signature plug-in to obtain the certificate public key from the digital certificate;
S203、采用所述证书公钥对所述密文进行解密,获得解密信息;S203. Use the certificate public key to decrypt the ciphertext to obtain decryption information;
S204、判断所述解密信息是否与所述用于身份验证的信息相同;S204: Determine whether the decryption information is the same as the information used for identity verification;
S205、若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。S205: If the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
如上所述,实现了验证所述终端的身份。所述数字证书中记录有证书公钥,所述ukey对应的用户持有所述证书私钥,因此在需要验证终端的身份之时,由所述用户采用其持有的证书私钥,对用于身份验证的信息(可为任意信息,用于与被服务器解密后的信息对比)进行加密,以获得密文。而服务器通过数字证书中明文记载的证书公钥,可以执行解密操作。若所述密文并非是所述证书私钥加密得到的,那么服务器通过证书公钥解密得到的解密信息必然与所述用于身份验证的信息不相同,由此可以确定所述终端的身份有误;反之,则判定所述终端的身份验证无误。As described above, verification of the identity of the terminal is achieved. The certificate public key is recorded in the digital certificate, and the user corresponding to the ukey holds the certificate private key. Therefore, when the identity of the terminal needs to be verified, the certificate private key held by the user is used by the user. The information used for identity verification (which can be any information used for comparison with the information decrypted by the server) is encrypted to obtain ciphertext. The server can perform decryption operations through the certificate public key clearly recorded in the digital certificate. If the ciphertext is not obtained by encrypting the certificate private key, the decryption information obtained by the server through the certificate public key decryption must be different from the information used for identity verification, so that the identity of the terminal can be determined Otherwise, it is determined that the identity verification of the terminal is correct.
在一个实施方式中,所述根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性的步骤S4,包括:In one embodiment, said determining whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate The validity step S4 includes:
S401、采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;S401. Extract the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
S402、判断当前日期是否在所述有效日期之内;S402: Determine whether the current date is within the effective date;
S403、若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。S403: If the current date is not within the effective date, determine that the designated signature file with the signature is invalid.
如上所述,实现了根据预设的检验规则,判断所述具有签名的指定签名文件是否有效。其中,数字证书里记载了有效日期的相关信息,例如有效起始日期与有效结束日期。提取所述数字证书的有效日期的过程包括:获取提取所述数字证书的有效起始日期与有效结束日期,以所述有效起始日期与至有效结束日期之间的日期作为有效日期。若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效,若当前日期在所述有效日期之内,则可以判定日期无误。As mentioned above, it is realized whether the specified signature file with signature is valid according to the preset inspection rule. Among them, the digital certificate records relevant information about the effective date, such as the effective start date and the effective end date. The process of extracting the effective date of the digital certificate includes: obtaining the effective start date and the effective end date of extracting the digital certificate, taking the date between the effective start date and the effective end date as the effective date. If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid, and if the current date is within the effective date, it can be determined that the date is correct.
在一个实施方式中,所述判断当前日期是否在所述有效日期之内的步骤S402之后,包括:In one embodiment, after the step S402 of determining whether the current date is within the effective date, the method includes:
S404、若当前日期在所述有效日期之内,则从所述数字证书中提取签发所述数字证书的电子商务认证授权机构;S404: If the current date is within the effective date, extract the e-commerce certification authority that issued the digital certificate from the digital certificate;
S405、判断所述电子商务认证授权机构是否存在于预设的可信认证机构列表中;S405: Determine whether the e-commerce certification authority exists in a preset list of trusted certification agencies;
S406、若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则判定所述具有签名的指定签名文件有效。S406: If the e-commerce certification authority exists in the preset list of trusted certification agencies, determine that the specified signature file with the signature is valid.
如上所述,实现了通过判断电子商务认证授权机构(CA) 是否存在于预设的可信认证机构列表中,从而判断所述具有签名的指定签名文件是否有效。电子商务认证授权机构并非是一成不变的,并且能授权的权限也不一定相同,因此应当核实电子商务认证授权机构。具体地,在服务器中预设有可信认证机构列表,其中记载了可以信任的电子商务认证授权机构,从而仅需判断电子商务认证授权机构是否存在所述可信认证机构列表,就能核实所述电子商务认证授权机构。若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则认为所述电子商务认证授权机构无误,进而判定所述具有签名的指定签名文件有效。As described above, it is achieved by judging whether the e-commerce certification authority (CA) exists in the preset trusted certification authority list, thereby judging whether the specified signature file with the signature is valid. The e-commerce certification authority is not static, and the authority that can be authorized is not necessarily the same. Therefore, the e-commerce certification authority should be verified. Specifically, a list of trusted certification authorities is preset in the server, which records trusted e-commerce certification authorities, so that it is only necessary to determine whether the e-commerce certification authority exists in the trusted certification authority list to verify the The e-commerce certification authority. If the e-commerce certification authority exists in the preset list of trusted certification authorities, the e-commerce certification authority is deemed to be correct, and the designated signature file with the signature is determined to be valid.
在一个实施方式中,所述若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点的步骤S5之前,包括:In one embodiment, if the specified signature file is valid, the specified signature file with the signature is stored in all blockchain nodes in a pre-built blockchain network, where the server is Before step S5 of a block chain node of the block chain, it includes:
S41、采用指定语言在所述服务器中创建区块链类,在将所述区块链类实例化后建立创世块;S41. Create a blockchain class in the server in a designated language, and establish a genesis block after instantiating the blockchain class;
S42、基于所述创世块,生成其他区块,其中所述其他区块中记载有前一区块的哈希值;S42. Generate other blocks based on the genesis block, where the hash value of the previous block is recorded in the other blocks;
S43、以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。S43. Use a terminal that agrees to the preset consensus mechanism of the blockchain as a blockchain node to establish the blockchain network.
如上所述,实现了构建区块链网络。其中指定语言包括JAVA、C++、Python等任意可行语言。类(Class)是面向对象程序设计实现信息封装的基础。类是一种用户定义类型,也称类型。每个类包含数据说明和一组操作数据或传递消息的函数。所述区块链类即是描述区块链的类。将区块链类实例化,即是声明一个区块链类型的对象,从而获得了创世块(没有区块前的第一个区块),其中创世块中可将前一区块的哈希值记载为0。再基于所述创世块,生成其他区块,其中所述其他区块记载有前一区块的哈希值,从而构成了一条具有多区块的区块链。再将同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。其中,所述共识机制例如工作量证明机制、权益证明机制、股份授权证明机制等。据此,建立所述区块链网络。As mentioned above, the construction of a blockchain network is realized. The designated languages include any feasible languages such as JAVA, C++, Python, etc. Class is the basis for information encapsulation in object-oriented programming. A class is a user-defined type, also called a type. Each class contains data descriptions and a set of functions for manipulating data or passing messages. The blockchain class is the class describing the blockchain. Instantiating the blockchain class is to declare an object of the blockchain type, thereby obtaining the genesis block (the first block before the block), where the genesis block can be the previous block The hash value is recorded as 0. Based on the genesis block, other blocks are generated, wherein the other blocks record the hash value of the previous block, thereby forming a multi-block blockchain. Then, the terminal that agrees to the preset consensus mechanism of the blockchain is used as the blockchain node, thereby establishing the blockchain network. Among them, the consensus mechanism is, for example, a workload certification mechanism, an equity certification mechanism, and a share authorization certification mechanism. Accordingly, the blockchain network is established.
在一个实施方式中,所述以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络的步骤S43,包括:In one embodiment, the step S43 of establishing the blockchain network by using the terminal that agrees to the preset consensus mechanism of the blockchain as the blockchain node includes:
S4301、接收同意所述区块链的预设共识机制的终端发送的加入区块链的请求;S4301: Receive a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
S4302、判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中;S4302: Determine whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset permission IP list;
S4303、若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。S4303. If the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset IP list of authority, then the terminal that agrees to the preset consensus mechanism of the blockchain is taken as the zone Block chain nodes, thereby establishing the block chain network.
如上所述,实现了确定区块链节点。本实施方式中采用验证权限的方式以限定区块链节点,从而建立所述区块链网络,即优选区块链网络为联盟链或私有链。由于本区块链优选用于存储电子合同,因此选用参与、预期参与、涉及所述电子合同的各方为所述区块链的节点,能够使所述区块链更易搭建、管理且更灵活。具体地,通过判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中,若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。As mentioned above, the determination of the blockchain node is achieved. In this embodiment, a method of verifying authority is adopted to limit the blockchain nodes, thereby establishing the blockchain network, that is, the blockchain network is preferably a consortium chain or a private chain. Since this block chain is preferably used to store electronic contracts, the parties involved, expected to participate, and involved in the electronic contract are selected as the nodes of the block chain, which can make the block chain easier to build, manage and more flexible . Specifically, by judging whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset IP list of permissions, if the terminal agrees to the preset consensus mechanism of the blockchain If the IP address of is in the preset permission IP list, the terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node, thereby establishing the blockchain network.
在一个实施方式中,所述若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点的步骤S5之后,包括:In one embodiment, if the specified signature file is valid, the specified signature file with the signature is stored in all blockchain nodes in a pre-built blockchain network, where the server is After step S5 of a block chain node of the block chain, it includes:
S51、接收指定区块链节点发送的签名文件查询请求;S51. Receive a signature file query request sent by a designated blockchain node;
S52、通过查询所述指定区块链节点的登陆帐号权限,从而判断所述指定区块链节点是否具有签名文件查询权限;S52: By querying the login account authority of the designated blockchain node, it is determined whether the designated blockchain node has the authority to query the signature file;
S53、若所述指定区块链节点具有签名文件查询权限,则允许所述指定区块链节点查询签名文件。S53: If the designated blockchain node has the signature file query authority, allowing the designated blockchain node to query the signature file.
如上所述,实现了签名文件的查询。电子合同具有一定保密性,并不希望被不相干人员进行查询,据此设置查询权限。具体地,通过查询所述区块链节点的登陆帐号权限,从而判断所述区块链节点是否具有签名文件查询权限,若所述区块链节点具有签名文件查询权限,则允许所述区块链节点查询签名文件。其中,所述登陆帐号包括用户名登陆或者ukey身份登陆。查询所述区块链节点的登陆帐号权限的过程包括:获取登陆帐号,判断预设的签名文件查询权限列表中是否存在所述登陆帐号,若存在则确定具有签名文件查询权限。As mentioned above, the query of the signature file is realized. The electronic contract has a certain degree of confidentiality and does not want to be inquired by irrelevant personnel, so set the inquiry authority accordingly. Specifically, by querying the login account permissions of the blockchain node, it is determined whether the blockchain node has the signature file query permission, and if the blockchain node has the signature file query permission, the block is allowed The chain node queries the signature file. Wherein, the login account includes user name login or ukey identity login. The process of querying the login account authority of the blockchain node includes: obtaining the login account, determining whether the login account exists in the preset signature file query authority list, and if it exists, determining that it has the signature file query authority.
本申请的基于区块链的签名文件保存方法,接收插接有ukey的终端发送的在指定签名文件上的签名请求,若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件,若所述指定签名文件有效,则将所述指定签名文件记录至预先构建的区块链网络中的所有区块链节点中。从而实现了在线签名、保存签名文件并保证保存的签名文件的真实性。The blockchain-based signature file saving method of this application receives a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, the terminal is allowed to sign on the designated signature file. A signature operation is performed on the file to obtain a designated signature file with a signature. If the designated signature file is valid, the designated signature file is recorded in all blockchain nodes in the pre-built blockchain network. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
参照图2,本申请实施例提供一种基于区块链的签名文件保存装置,应用于服务器,包括:2, an embodiment of the present application provides a block chain-based signature file storage device applied to a server, including:
签名请求接收单元10,用于接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;The signature request receiving unit 10 is configured to receive a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey;
身份验证单元20,用于获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;The identity verification unit 20 is configured to obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature Plug-in and digital certificate verification plug-in;
指定签名文件获取单元30,用于若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;The designated signature file obtaining unit 30 is configured to allow the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature if the identity verification of the terminal is correct;
有效判断单元40,用于根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;The validity judging unit 40 is configured to judge whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness
指定签名文件保存单元50,用于若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。The designated signature file storage unit 50 is configured to, if the designated signature file is valid, save the designated signature file with the signature in all blockchain nodes in a pre-built blockchain network, where the server is A blockchain node of the blockchain.
如上述单元10所述,接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书。其中ukey(也称USBKEY)是一种通过USB (通用串行总线接口)直接与计算机相连、具有密码验证功能、可靠高速的小型存储设备,ukey中存储有数字证书,用于验证所述ukey持有者的身份以及执行签名操作。数字证书是指由权威的第三方机构——CA机构(Certificate Authority,电子商务认证授权机构)签发的,用于在网络上识别身份的证书,也可称为CA证书。所述数字证书包括了持有者的身份信息与证书公钥,相应的证书私钥为所述ukey对应的用户持有。指定签名文件可为任意需要电子签名的电子文件,例如电子合同。插接有ukey的终端,相比于未插接有ukey的终端,由于利用了ukey的身份验证功能,安全性更高。As described in the aforementioned unit 10, receiving a signature request on a designated signature file sent by a terminal with a ukey plugged in, wherein a digital certificate is stored in the ukey. Among them, ukey (also known as USBKEY) is a small storage device that is directly connected to the computer via USB (Universal Serial Bus Interface), has a password verification function, and is reliable and high-speed. A digital certificate is stored in the ukey to verify the ukey support. The identity of the owner and the execution of the signature operation. Digital certificate refers to an authoritative third-party organization-CA (Certificate Authority, e-commerce certification authority) issued by the certificate used to identify the identity on the network, can also be called a CA certificate. The digital certificate includes the identity information of the holder and the certificate public key, and the corresponding certificate private key is held by the user corresponding to the ukey. The designated signature file can be any electronic file that requires an electronic signature, such as an electronic contract. A terminal with ukey plugged in is more secure than a terminal without ukey plugged in due to the use of the identity verification function of ukey.
如上述单元20所述,获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件。本实施方式采用包括ukey签名插件和数字证书校验插件的集成插件,相对于分离的插件而言,节省了分步调用插件的步骤,一次性将本方法需要使用的插件统一调用,集成度高,省时高效。其中,ukey签名插件验证所述终端的身份的过程可为任意方式,例如从签发所述数据证书的CA机构中获取相应的数据证书,判断所述CA机构的数据证书与所述终端发送的数据证书是否相同,若相同则判定所述终端的身份为真。进一步地,ukey签名插件验证所述终端的身份的过程包括:获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密的密文;使用所述ukey签名插件从所述数字证书中获取所述证书公钥;使用所述ukey签名插件,采用所述证书公钥对所述密文进行解密,获得解密信息;判断所述解密信息是否与所述用于身份验证的信息相同;若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。As described in the aforementioned unit 20, the digital certificate sent by the terminal is obtained, and the identity of the terminal is verified according to the digital certificate using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the ukey signature Plug-in and digital certificate verification plug-in. This embodiment adopts an integrated plug-in including a ukey signature plug-in and a digital certificate verification plug-in. Compared with a separate plug-in, the step of calling the plug-in is saved, and the plug-ins that need to be used in this method are called uniformly at one time, and the integration is high. , Time-saving and efficient. The process of verifying the identity of the terminal by the ukey signature plug-in can be in any manner, for example, obtaining a corresponding data certificate from the CA that issued the data certificate, and judging the data certificate of the CA organization and the data sent by the terminal Whether the certificates are the same, if they are the same, it is determined that the identity of the terminal is true. Further, the process of verifying the identity of the terminal by the ukey signature plug-in includes: obtaining the digital certificate sent by the terminal, information used for identity verification, and verifying the information used for identity verification according to the certificate private key Encrypting the ciphertext; using the ukey signature plug-in to obtain the certificate public key from the digital certificate; using the ukey signature plug-in to decrypt the ciphertext using the certificate public key to obtain decryption information; It is determined whether the decrypted information is the same as the information used for identity verification; if the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
如上述单元30所述,若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件。若所述终端的身份验证无误,则可以肯定不会出现冒名顶替的现象,因此允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件。As described in the aforementioned unit 30, if the identity verification of the terminal is correct, the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature. If the identity verification of the terminal is correct, it is certain that there will be no impersonation phenomenon, so the terminal is allowed to perform a signature operation on the designated signature file to obtain a designated signature file with a signature.
如上述单元40所述,根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性。如前述,虽然已经确定终端的身份无误,但是数字证书的有效性还需要进一步确认。其中采用所述数字证书校验插件检验所述数字证书的有效性的过程包括:从所述数字证书中提取所述数字证书的与有效性相关的信息,例如有效日期、签发的CA机构等,再根据与有效性相关的信息判断所述数字证书是否有效,例如判断当前日期是否在有效日期之内。进一步地,根据预设的检验规则,判断所述具有签名的指定签名文件是否有效的过程还可以包括任意可判断签名文件是否有效的方式。As described in the aforementioned unit 40, it is determined whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the digital certificate Effectiveness. As mentioned above, although the identity of the terminal has been determined to be correct, the validity of the digital certificate needs further confirmation. The process of using the digital certificate verification plug-in to verify the validity of the digital certificate includes: extracting the validity-related information of the digital certificate from the digital certificate, such as the effective date, the issuing CA institution, etc., Then judge whether the digital certificate is valid according to the information related to validity, for example, judge whether the current date is within the valid date. Further, the process of judging whether the specified signature file with the signature is valid according to a preset inspection rule may also include any method for judging whether the signature file is valid.
如上述单元50所述,若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。若所述指定签名文件有效,那么将所述指定签名文件保存即可完成在线签名存证。为了保证指定签名文件的安全性且保证指定签名文件内容不被篡改,故将所述指定签名文件记录至预先构建的区块链中的所有区块链节点中(即保存在所述区块链的公共账本中),从而利用区块链的数据不可更改特性以增加指定签名文件的安全性。其中,所述区块链的搭建方式可为任意方式,例如可由所述服务器作为区块链网络发起者,具体的过程包括:以任一可行语言创建一个 Blockchain 类(区块链类),在构造函数中创建用于储存区块链的列表;将所述Blockchain类实例化后,建立创世块(没有区块前的第一个区块);确定区块链的共识机制(例如工作量证明机制、权益证明机制、股份授权证明机制和Pool验证池);接收同意所述共识机制的终端作为所述区块链网络的节点,从而获得所述预先搭建的区块链网络。其中,所述区块链网络的节点(相互交互的主体)可为同意所述共识机制的终端。其中,各节点间互相连接,可相互验证数据是否被篡改(利用哈希值与区块链中的非对称加密技术)。所述区块链可为公有链、联盟链或者是私有链。As described in the above unit 50, if the designated signature file is valid, the designated signature file with the signature is stored in all blockchain nodes in the pre-built blockchain network, where the server is the A blockchain node of the blockchain. If the designated signature file is valid, save the designated signature file to complete online signature storage. In order to ensure the security of the designated signature file and ensure that the content of the designated signature file is not tampered with, the designated signature file is recorded in all the blockchain nodes in the pre-built blockchain (that is, stored in the blockchain In the public account book), the data can not be changed by the blockchain to increase the security of the specified signature file. Wherein, the block chain can be constructed in any manner, for example, the server can be used as the initiator of the block chain network. The specific process includes: creating a Blockchain class (block chain class) in any feasible language. Create a list for storing the blockchain in the constructor; after instantiating the Blockchain class, create the genesis block (the first block before the block); determine the consensus mechanism of the blockchain (such as workload Proof mechanism, equity proof mechanism, share authorization proof mechanism and Pool verification pool); receiving the terminal that agrees to the consensus mechanism as the node of the blockchain network, thereby obtaining the pre-built blockchain network. Wherein, the nodes (interacting subjects) of the blockchain network may be terminals that agree to the consensus mechanism. Among them, each node is connected to each other to verify whether the data has been tampered with (using hash value and asymmetric encryption technology in the blockchain). The blockchain may be a public chain, a consortium chain or a private chain.
在一个实施方式中,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述身份验证单元20,包括:In one embodiment, the digital certificate records the certificate public key, the user corresponding to the ukey holds the certificate private key, and the identity verification unit 20 includes:
数字证书获取子单元,用于获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;The digital certificate acquisition subunit is configured to acquire the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
证书公钥获取子单元,用于使用所述ukey签名插件从所述数字证书中获取所述证书公钥;A certificate public key obtaining subunit, configured to use the ukey signature plug-in to obtain the certificate public key from the digital certificate;
解密子单元,用于采用所述证书公钥对所述密文进行解密,获得解密信息;The decryption subunit is used to decrypt the ciphertext using the certificate public key to obtain decryption information;
解密信息判断子单元,用于判断所述解密信息是否与所述用于身份验证的信息相同;The decryption information judging subunit is used to judge whether the decrypted information is the same as the information used for identity verification;
身份验证无误判定子单元,用于若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。The identity verification correctness determination subunit is configured to determine that the identity verification of the terminal is correct if the decrypted information is the same as the information used for identity verification.
如上所述,实现了验证所述终端的身份。所述数字证书中记录有证书公钥,所述ukey对应的用户持有所述证书私钥,因此在需要验证终端的身份之时,由所述用户采用其持有的证书私钥,对用于身份验证的信息(可为任意信息,用于与被服务器解密后的信息对比)进行加密,以获得密文。而服务器通过数字证书中明文记载的证书公钥,可以执行解密操作。若所述密文并非是所述证书私钥加密得到的,那么服务器通过证书公钥解密得到的解密信息必然与所述用于身份验证的信息不相同,由此可以确定所述终端的身份有误;反之,则判定所述终端的身份验证无误。As described above, verification of the identity of the terminal is achieved. The certificate public key is recorded in the digital certificate, and the user corresponding to the ukey holds the certificate private key. Therefore, when the identity of the terminal needs to be verified, the certificate private key held by the user is used by the user. The information used for identity verification (which can be any information used for comparison with the information decrypted by the server) is encrypted to obtain ciphertext. The server can perform decryption operations through the certificate public key clearly recorded in the digital certificate. If the ciphertext is not obtained by encrypting the certificate private key, the decryption information obtained by the server through the certificate public key decryption must be different from the information used for identity verification, so that the identity of the terminal can be determined Otherwise, it is determined that the identity verification of the terminal is correct.
在一个实施方式中,所述有效判断单元40,包括:In one embodiment, the valid judgment unit 40 includes:
有效日期提取子单元,用于采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;An effective date extraction subunit for extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
有效日期判断子单元,用于判断当前日期是否在所述有效日期之内;The effective date judging subunit is used to judge whether the current date is within the effective date;
无效判定子单元,用于若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。The invalidity determination subunit is used for determining that the designated signature file with signature is invalid if the current date is not within the effective date.
如上所述,实现了根据预设的检验规则,判断所述具有签名的指定签名文件是否有效。其中,数字证书里记载了有效日期的相关信息,例如有效起始日期与有效结束日期。提取所述数字证书的有效日期的过程包括:获取提取所述数字证书的有效起始日期与有效结束日期,以所述有效起始日期与至有效结束日期之间的日期作为有效日期。若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效,若当前日期在所述有效日期之内,则可以判定日期无误。As mentioned above, it is realized whether the specified signature file with signature is valid according to the preset inspection rule. Among them, the digital certificate records relevant information about the effective date, such as the effective start date and the effective end date. The process of extracting the effective date of the digital certificate includes: obtaining the effective start date and the effective end date of extracting the digital certificate, taking the date between the effective start date and the effective end date as the effective date. If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid, and if the current date is within the effective date, it can be determined that the date is correct.
在一个实施方式中,所述有效判断单元40,包括:In one embodiment, the valid judgment unit 40 includes:
授权机构提取子单元,用于若当前日期在所述有效日期之内,则从所述数字证书中提取签发所述数字证书的电子商务认证授权机构;The authority extraction subunit is configured to extract the e-commerce certification authority that issued the digital certificate from the digital certificate if the current date is within the effective date;
可信认证机构判断子单元,用于判断所述电子商务认证授权机构是否存在于预设的可信认证机构列表中;The trusted certification authority judging subunit is used to determine whether the e-commerce certification authority exists in the preset trusted certification authority list;
有效判定子单元,用于若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则判定所述具有签名的指定签名文件有效。The validity determination subunit is configured to determine that the designated signature file with the signature is valid if the e-commerce certification authority exists in the preset trusted certification authority list.
如上所述,实现了通过判断电子商务认证授权机构(CA) 是否存在于预设的可信认证机构列表中,从而判断所述具有签名的指定签名文件是否有效。电子商务认证授权机构并非是一成不变的,并且能授权的权限也不一定相同,因此应当核实电子商务认证授权机构。具体地,在服务器中预设有可信认证机构列表,其中记载了可以信任的电子商务认证授权机构,从而仅需判断电子商务认证授权机构是否存在所述可信认证机构列表,就能核实所述电子商务认证授权机构。若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则认为所述电子商务认证授权机构无误,进而判定所述具有签名的指定签名文件有效。As described above, it is achieved by judging whether the e-commerce certification authority (CA) exists in the preset trusted certification authority list, thereby judging whether the specified signature file with the signature is valid. The e-commerce certification authority is not static, and the authority that can be authorized is not necessarily the same. Therefore, the e-commerce certification authority should be verified. Specifically, a list of trusted certification authorities is preset in the server, which records trusted e-commerce certification authorities, so that it is only necessary to determine whether the e-commerce certification authority exists in the trusted certification authority list to verify the The e-commerce certification authority. If the e-commerce certification authority exists in the preset list of trusted certification authorities, the e-commerce certification authority is deemed to be correct, and the designated signature file with the signature is determined to be valid.
在一个实施方式中,所述装置,包括:In one embodiment, the device includes:
创世块建立单元,用于采用指定语言在所述服务器中创建区块链类,在将所述区块链类实例化后建立创世块;Genesis block establishment unit, used to create a blockchain class in the server in a specified language, and establish a genesis block after instantiating the blockchain class;
区块生成单元,用于基于所述创世块,生成其他区块,其中所述其他区块中记载有前一区块的哈希值;A block generating unit, configured to generate other blocks based on the genesis block, wherein the hash value of the previous block is recorded in the other blocks;
区块链网络建立单元,用于以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。The block chain network establishment unit is used to establish the block chain network by using terminals that agree with the preset consensus mechanism of the block chain as the block chain node.
如上所述,实现了构建区块链网络。其中指定语言包括JAVA、C++、Python等任意可行语言。类(Class)是面向对象程序设计实现信息封装的基础。类是一种用户定义类型,也称类型。每个类包含数据说明和一组操作数据或传递消息的函数。所述区块链类即是描述区块链的类。将区块链类实例化,即是声明一个区块链类型的对象,从而获得了创世块(没有区块前的第一个区块),其中创世块中可将前一区块的哈希值记载为0。再基于所述创世块,生成其他区块,其中所述其他区块记载有前一区块的哈希值,从而构成了一条具有多区块的区块链。再将同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。其中,所述共识机制例如工作量证明机制、权益证明机制、股份授权证明机制等。据此,建立所述区块链网络。As mentioned above, the construction of a blockchain network is realized. The designated languages include any feasible languages such as JAVA, C++, Python, etc. Class is the basis for information encapsulation in object-oriented programming. A class is a user-defined type, also called a type. Each class contains data descriptions and a set of functions for manipulating data or passing messages. The blockchain class is the class describing the blockchain. Instantiating the blockchain class is to declare an object of the blockchain type, thereby obtaining the genesis block (the first block before the block), where the genesis block can be the previous block The hash value is recorded as 0. Based on the genesis block, other blocks are generated, wherein the other blocks record the hash value of the previous block, thereby forming a multi-block blockchain. Then, the terminal that agrees to the preset consensus mechanism of the blockchain is used as the blockchain node, thereby establishing the blockchain network. Among them, the consensus mechanism is, for example, a workload certification mechanism, an equity certification mechanism, and a share authorization certification mechanism. Accordingly, the blockchain network is established.
在一个实施方式中,所述区块链网络建立单元,包括:In one embodiment, the block chain network establishment unit includes:
加入请求接收子单元,用于接收同意所述区块链的预设共识机制的终端发送的加入区块链的请求;The joining request receiving subunit is used to receive a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
权限IP判断子单元,用于判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中;The authority IP judging subunit is used to determine whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset authority IP list;
区块链网络建立子单元,用于若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。The block chain network establishment sub-unit is configured to: if the IP address of the terminal that agrees to the preset consensus mechanism of the block chain exists in the preset permission IP list, then agree to the block chain The terminal with a preset consensus mechanism serves as a blockchain node, thereby establishing the blockchain network.
如上所述,实现了确定区块链节点。本实施方式中采用验证权限的方式以限定区块链节点,从而建立所述区块链网络,即优选区块链网络为联盟链或私有链。由于本区块链优选用于存储电子合同,因此选用参与、预期参与、涉及所述电子合同的各方为所述区块链的节点,能够使所述区块链更易搭建、管理且更灵活。具体地,通过判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中,若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。As mentioned above, the determination of the blockchain node is achieved. In this embodiment, a method of verifying authority is adopted to limit the blockchain nodes, thereby establishing the blockchain network, that is, the blockchain network is preferably a consortium chain or a private chain. Since this block chain is preferably used to store electronic contracts, the parties involved, expected to participate, and involved in the electronic contract are selected as the nodes of the block chain, which can make the block chain easier to build, manage and more flexible . Specifically, by judging whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset IP list of permissions, if the terminal agrees to the preset consensus mechanism of the blockchain If the IP address of is in the preset permission IP list, the terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node, thereby establishing the blockchain network.
在一个实施方式中,所述装置,包括:In one embodiment, the device includes:
查询请求接收单元,用于接收指定区块链节点发送的签名文件查询请求;The query request receiving unit is used to receive the signature file query request sent by the designated blockchain node;
查询权限判断单元,用于通过查询所述指定区块链节点的登陆帐号权限,从而判断所述指定区块链节点是否具有签名文件查询权限;The query authority determining unit is used to query the login account authority of the designated blockchain node to determine whether the designated blockchain node has the signature file query authority;
允许查询单元,用于若所述指定区块链节点具有签名文件查询权限,则允许所述指定区块链节点查询签名文件。The query permission unit is configured to allow the designated blockchain node to query the signature file if the designated blockchain node has the signature file query authority.
如上所述,实现了签名文件的查询。电子合同具有一定保密性,并不希望被不相干人员进行查询,据此设置查询权限。具体地,通过查询所述区块链节点的登陆帐号权限,从而判断所述区块链节点是否具有签名文件查询权限,若所述区块链节点具有签名文件查询权限,则允许所述区块链节点查询签名文件。其中,所述登陆帐号包括用户名登陆或者ukey身份登陆。查询所述区块链节点的登陆帐号权限的过程包括:获取登陆帐号,判断预设的签名文件查询权限列表中是否存在所述登陆帐号,若存在则确定具有签名文件查询权限。As mentioned above, the query of the signature file is realized. The electronic contract has a certain degree of confidentiality and does not want to be inquired by irrelevant personnel, so set the inquiry authority accordingly. Specifically, by querying the login account permissions of the blockchain node, it is determined whether the blockchain node has the signature file query permission, and if the blockchain node has the signature file query permission, the block is allowed The chain node queries the signature file. Wherein, the login account includes user name login or ukey identity login. The process of querying the login account authority of the blockchain node includes: obtaining the login account, determining whether the login account exists in the preset signature file query authority list, and if it exists, determining that it has the signature file query authority.
本申请的基于区块链的签名文件保存装置,接收插接有ukey的终端发送的在指定签名文件上的签名请求,若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件,若所述指定签名文件有效,则将所述指定签名文件记录至预先构建的区块链网络中的所有区块链节点中。从而实现了在线签名、保存签名文件并保证保存的签名文件的真实性。The block chain-based signature file storage device of the present application receives a signature request on a designated signature file sent by a terminal plugged in Ukey, and if the terminal’s identity verification is correct, the terminal is allowed to sign on the designated signature file. A signature operation is performed on the file to obtain a designated signature file with a signature. If the designated signature file is valid, the designated signature file is recorded in all blockchain nodes in the pre-built blockchain network. In this way, online signing and saving of signature files are realized and the authenticity of the saved signature files is guaranteed.
参照图3,本申请实施例中还提供一种计算机设备,该计算机设备可以是服务器,其内部结构可以如图所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设计的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的数据库用于存储基于区块链的签名文件保存方法所用数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种基于区块链的签名文件保存方法。3, an embodiment of the present application also provides a computer device. The computer device may be a server, and its internal structure may be as shown in the figure. The computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the computer designed processor is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used to store the data used in the signature file preservation method based on the blockchain. The network interface of the computer device is used to communicate with an external terminal through a network connection. When the computer program is executed by the processor, a method for saving signature files based on blockchain is realized.
上述处理器执行上述基于区块链的签名文件保存方法,其中所述方法包括的步骤分别与执行前述实施方式的基于区块链的签名文件保存方法的步骤一一对应,在此不再赘述。The above-mentioned processor executes the above-mentioned blockchain-based signature file storage method, wherein the steps included in the method respectively correspond to the steps of executing the blockchain-based signature file storage method of the foregoing embodiment, and will not be repeated here.
本领域技术人员可以理解,图中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定。Those skilled in the art can understand that the structure shown in the figure is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied.
本申请一实施例还提供一种非易失性的计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现基于区块链的签名文件保存方法,其中所述方法包括的步骤分别与执行前述实施方式的基于区块链的签名文件保存方法的步骤一一对应,在此不再赘述。An embodiment of the present application also provides a non-volatile computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, a method for saving a signature file based on a blockchain is realized, wherein the method includes The steps respectively correspond to the steps of executing the method for storing signature files based on the blockchain of the foregoing embodiment one by one, and will not be repeated here.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的和实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可以包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双速据率SDRAM(SSRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile computer readable storage. In the medium, when the computer program is executed, it may include the procedures of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media provided in this application and used in the embodiments may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Claims (20)

  1. 一种基于区块链的签名文件保存方法,应用于服务器,其特征在于,包括:A method for saving signature files based on blockchain, applied to a server, and characterized in that it includes:
    接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;Receiving a signature request on a designated signature file sent by a terminal plugged with ukey, where a digital certificate is stored in the ukey;
    获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;Obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in and a digital certificate verification plug-in ;
    若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;If the identity verification of the terminal is correct, allowing the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature;
    根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;Judging whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
    若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。If the designated signature file is valid, save the designated signature file with signature in all blockchain nodes in the pre-built blockchain network, where the server is a block of the blockchain Chain node.
  2. 根据权利要求1所述的基于区块链的签名文件保存方法,其特征在于,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件的步骤,包括:The method for saving a signature file based on a blockchain according to claim 1, wherein the digital certificate records a certificate public key, the user corresponding to the ukey holds the certificate private key, and the terminal obtains And verify the identity of the terminal according to the digital certificate by using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the ukey signature plug-in and the digital certificate verification plug-in. The steps include :
    获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;Acquiring the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
    使用所述ukey签名插件从所述数字证书中获取所述证书公钥;Obtaining the certificate public key from the digital certificate using the ukey signature plug-in;
    采用所述证书公钥对所述密文进行解密,获得解密信息;Decrypt the ciphertext using the certificate public key to obtain decryption information;
    判断所述解密信息是否与所述用于身份验证的信息相同;Determine whether the decrypted information is the same as the information used for identity verification;
    若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。If the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
  3. 根据权利要求1所述的基于区块链的签名文件保存方法,其特征在于,所述根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性的步骤,包括:The method for saving a signature file based on a blockchain according to claim 1, wherein said determining whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule At least including the step of using the digital certificate verification plug-in to verify the validity of the digital certificate, including:
    采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;Extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
    判断当前日期是否在所述有效日期之内;Determine whether the current date is within the effective date;
    若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid.
  4. 根据权利要求3所述的基于区块链的签名文件保存方法,其特征在于,所述判断当前日期是否在所述有效日期之内的步骤之后,包括:The method for saving a signature file based on a blockchain according to claim 3, wherein after the step of judging whether the current date is within the effective date, the method comprises:
    若当前日期在所述有效日期之内,则从所述数字证书中提取签发所述数字证书的电子商务认证授权机构;If the current date is within the valid date, extract the e-commerce certification authority that issued the digital certificate from the digital certificate;
    判断所述电子商务认证授权机构是否存在于预设的可信认证机构列表中;Judging whether the e-commerce certification authority exists in a preset list of trusted certification agencies;
    若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则判定所述具有签名的指定签名文件有效。If the e-commerce certification authority exists in the preset list of trusted certification agencies, it is determined that the specified signature file with the signature is valid.
  5. 根据权利要求1所述的基于区块链的签名文件保存方法,其特征在于,所述若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点的步骤之前,包括:The method for saving a signature file based on a blockchain according to claim 1, wherein if the designated signature file is valid, the designated signature file with the signature is saved in a pre-built blockchain network Among all the blockchain nodes in the block chain, where the server is a block chain node of the block chain before the step includes:
    采用指定语言在所述服务器中创建区块链类,在将所述区块链类实例化后建立创世块;Use a designated language to create a blockchain class in the server, and create a genesis block after instantiating the blockchain class;
    基于所述创世块,生成其他区块,其中所述其他区块中记载有前一区块的哈希值;Generate other blocks based on the genesis block, wherein the hash value of the previous block is recorded in the other blocks;
    以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。A terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node, thereby establishing the blockchain network.
  6. 根据权利要求5所述的基于区块链的签名文件保存方法,其特征在于,所述以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络的步骤,包括:The method for saving a signature file based on a blockchain according to claim 5, wherein the terminal that agrees to the preset consensus mechanism of the blockchain is used as a blockchain node to establish the blockchain The steps of the network include:
    接收同意所述区块链的预设共识机制的终端发送的加入区块链的请求;Receiving a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
    判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中;Judging whether the IP address of the terminal agreeing to the preset consensus mechanism of the blockchain exists in the preset permission IP list;
    若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。If the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset permission IP list, then the terminal that agrees to the preset consensus mechanism of the blockchain is taken as the blockchain Node, thereby establishing the blockchain network.
  7. 根据权利要求1所述的基于区块链的签名文件保存方法,其特征在于,所述若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点的步骤之后,包括:The method for saving a signature file based on a blockchain according to claim 1, wherein if the designated signature file is valid, the designated signature file with the signature is saved in a pre-built blockchain network After the step where the server is a block chain node of the block chain among all the block chain nodes in the block chain, the steps include:
    接收指定区块链节点发送的签名文件查询请求;Receive the signature file query request sent by the designated blockchain node;
    通过查询所述指定区块链节点的登陆帐号权限,从而判断所述指定区块链节点是否具有签名文件查询权限;By querying the login account authority of the designated blockchain node, it is determined whether the designated blockchain node has the authority to query signature files;
    若所述指定区块链节点具有签名文件查询权限,则允许所述指定区块链节点查询签名文件。If the designated blockchain node has the signature file query authority, the designated blockchain node is allowed to query the signature file.
  8. 一种基于区块链的签名文件保存装置,应用于服务器,其特征在于,包括:A device for storing signature files based on blockchain, applied to a server, is characterized in that it includes:
    签名请求接收单元,用于接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;A signature request receiving unit, configured to receive a signature request on a designated signature file sent by a terminal plugged with ukey, wherein a digital certificate is stored in the ukey;
    身份验证单元,用于获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;The identity verification unit is configured to obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in And digital certificate verification plug-in;
    指定签名文件获取单元,用于若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;A designated signature file obtaining unit, configured to allow the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature if the identity verification of the terminal is correct;
    有效判断单元,用于根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;The validity judging unit is configured to judge whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate Sex
    指定签名文件保存单元,用于若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。The designated signature file storage unit is configured to, if the designated signature file is valid, save the designated signature file with a signature in all blockchain nodes in a pre-built blockchain network, where the server is A block chain node of the block chain.
  9. 根据权利要求8所述的基于区块链的签名文件保存装置,其特征在于,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述身份验证单元,包括:The block chain-based signature file storage device according to claim 8, wherein the digital certificate records a certificate public key, the user corresponding to the ukey holds the certificate private key, and the identity verification unit, include:
    数字证书获取子单元,用于获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;The digital certificate acquisition subunit is configured to acquire the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
    证书公钥获取子单元,用于使用所述ukey签名插件从所述数字证书中获取所述证书公钥;A certificate public key obtaining subunit, configured to use the ukey signature plug-in to obtain the certificate public key from the digital certificate;
    解密子单元,用于采用所述证书公钥对所述密文进行解密,获得解密信息;The decryption subunit is used to decrypt the ciphertext using the certificate public key to obtain decryption information;
    解密信息判断子单元,用于判断所述解密信息是否与所述用于身份验证的信息相同;The decryption information judging subunit is used to judge whether the decrypted information is the same as the information used for identity verification;
    身份验证无误判定子单元,用于若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。The identity verification correctness determination subunit is configured to determine that the identity verification of the terminal is correct if the decrypted information is the same as the information used for identity verification.
  10. 根据权利要求8所述的基于区块链的签名文件保存装置,其特征在于,所述有效判断单元40,包括:The block chain-based signature file storage device according to claim 8, wherein the validity determining unit 40 comprises:
    有效日期提取子单元,用于采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;An effective date extraction subunit for extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
    有效日期判断子单元,用于判断当前日期是否在所述有效日期之内;The effective date judging subunit is used to judge whether the current date is within the effective date;
    无效判定子单元,用于若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。The invalidity determination subunit is used for determining that the designated signature file with signature is invalid if the current date is not within the effective date.
  11. 根据权利要求10所述的基于区块链的签名文件保存装置,其特征在于,所述有效判断单元40,包括:The block chain-based signature file storage device according to claim 10, wherein the validity determining unit 40 comprises:
    授权机构提取子单元,用于若当前日期在所述有效日期之内,则从所述数字证书中提取签发所述数字证书的电子商务认证授权机构;The authority extraction subunit is configured to extract the e-commerce certification authority that issued the digital certificate from the digital certificate if the current date is within the effective date;
    可信认证机构判断子单元,用于判断所述电子商务认证授权机构是否存在于预设的可信认证机构列表中;The trusted certification authority judging subunit is used to determine whether the e-commerce certification authority exists in the preset trusted certification authority list;
    有效判定子单元,用于若所述电子商务认证授权机构存在于预设的可信认证机构列表中,则判定所述具有签名的指定签名文件有效。The validity determination subunit is configured to determine that the designated signature file with the signature is valid if the e-commerce certification authority exists in the preset trusted certification authority list.
  12. 根据权利要求8所述的基于区块链的签名文件保存装置,其特征在于,所述装置,包括:The block chain-based signature file storage device according to claim 8, wherein the device comprises:
    创世块建立单元,用于采用指定语言在所述服务器中创建区块链类,在将所述区块链类实例化后建立创世块;Genesis block establishment unit, used to create a blockchain class in the server in a specified language, and establish a genesis block after instantiating the blockchain class;
    区块生成单元,用于基于所述创世块,生成其他区块,其中所述其他区块中记载有前一区块的哈希值;A block generating unit, configured to generate other blocks based on the genesis block, wherein the hash value of the previous block is recorded in the other blocks;
    区块链网络建立单元,用于以同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。The block chain network establishment unit is used to establish the block chain network by using terminals that agree with the preset consensus mechanism of the block chain as the block chain node.
  13. 根据权利要求12所述的基于区块链的签名文件保存装置,其特征在于,所述区块链网络建立单元,包括:The block chain-based signature file storage device according to claim 12, wherein the block chain network establishment unit comprises:
    加入请求接收子单元,用于接收同意所述区块链的预设共识机制的终端发送的加入区块链的请求;The joining request receiving subunit is used to receive a request to join the blockchain sent by a terminal that agrees to the preset consensus mechanism of the blockchain;
    权限IP判断子单元,用于判断所述同意所述区块链的预设共识机制的终端的IP地址是否存在于预设的权限IP列表中;The authority IP judging subunit is used to determine whether the IP address of the terminal that agrees to the preset consensus mechanism of the blockchain exists in the preset authority IP list;
    区块链网络建立子单元,用于若所述同意所述区块链的预设共识机制的终端的IP地址存在于预设的权限IP列表中,则将所述同意所述区块链的预设共识机制的终端作为区块链节点,从而建立所述区块链网络。The block chain network establishment sub-unit is configured to: if the IP address of the terminal that agrees to the preset consensus mechanism of the block chain exists in the preset permission IP list, then agree to the block chain The terminal with a preset consensus mechanism serves as a blockchain node, thereby establishing the blockchain network.
  14. 根据权利要求8所述的基于区块链的签名文件保存装置,其特征在于,所述装置,包括:The block chain-based signature file storage device according to claim 8, wherein the device comprises:
    查询请求接收单元,用于接收指定区块链节点发送的签名文件查询请求;The query request receiving unit is used to receive the signature file query request sent by the designated blockchain node;
    查询权限判断单元,用于通过查询所述指定区块链节点的登陆帐号权限,从而判断所述指定区块链节点是否具有签名文件查询权限;The query authority determining unit is used to query the login account authority of the designated blockchain node to determine whether the designated blockchain node has the signature file query authority;
    允许查询单元,用于若所述指定区块链节点具有签名文件查询权限,则允许所述指定区块链节点查询签名文件。The query permission unit is configured to allow the designated blockchain node to query the signature file if the designated blockchain node has the signature file query authority.
  15. 一种计算机设备,包括存储器和处理器,所述存储器存储有计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现基于区块链的签名文件保存方法,该基于区块链的签名文件保存方法,包括:A computer device includes a memory and a processor, the memory stores computer-readable instructions, and is characterized in that when the processor executes the computer-readable instructions, a method for saving a signature file based on a blockchain is implemented, which is based on The method of saving the signature file of the blockchain includes:
    接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;Receiving a signature request on a designated signature file sent by a terminal plugged with ukey, where a digital certificate is stored in the ukey;
    获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;Obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in and a digital certificate verification plug-in ;
    若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;If the identity verification of the terminal is correct, allowing the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature;
    根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;Judging whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
    若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。If the designated signature file is valid, save the designated signature file with signature in all blockchain nodes in the pre-built blockchain network, where the server is a block of the blockchain Chain node.
  16. 根据权利要求15所述的计算机设备,其特征在于,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件的步骤,包括:The computer device according to claim 15, wherein the digital certificate records a certificate public key, the user corresponding to the ukey holds the certificate private key, and the obtaining the digital certificate sent by the terminal, And use the ukey signature plug-in in the preset integrated plug-in to verify the identity of the terminal according to the digital certificate, where the integrated plug-in includes the ukey signature plug-in and the digital certificate verification plug-in, the steps include:
    获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;Acquiring the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
    使用所述ukey签名插件从所述数字证书中获取所述证书公钥;Obtaining the certificate public key from the digital certificate using the ukey signature plug-in;
    采用所述证书公钥对所述密文进行解密,获得解密信息;Decrypt the ciphertext using the certificate public key to obtain decryption information;
    判断所述解密信息是否与所述用于身份验证的信息相同;Determine whether the decrypted information is the same as the information used for identity verification;
    若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。If the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
  17. 根据权利要求15所述的计算机设备,其特征在于,所述根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性的步骤,包括:The computer device according to claim 15, wherein said determining whether the designated signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate The step of verifying the validity of the digital certificate by the verification plug-in includes:
    采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;Extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
    判断当前日期是否在所述有效日期之内;Determine whether the current date is within the effective date;
    若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid.
  18. 一种非易失性的计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现基于区块链的签名文件保存方法,该基于区块链的签名文件保存方法,包括:A non-volatile computer-readable storage medium with a computer program stored thereon, characterized in that, when the computer program is executed by a processor, a method for saving a signature file based on a blockchain is implemented. Methods for saving signature files include:
    接收插接有ukey的终端发送的在指定签名文件上的签名请求,其中所述ukey中存储有数字证书;Receiving a signature request on a designated signature file sent by a terminal plugged with ukey, where a digital certificate is stored in the ukey;
    获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件;Obtain the digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using a ukey signature plug-in in a preset integrated plug-in, wherein the integrated plug-in includes a ukey signature plug-in and a digital certificate verification plug-in ;
    若所述终端的身份验证无误,则允许所述终端在所述指定签名文件上执行签名操作,获得具有签名的指定签名文件;If the identity verification of the terminal is correct, allowing the terminal to perform a signature operation on the designated signature file to obtain a designated signature file with a signature;
    根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性;Judging whether the specified signature file with signature is valid according to a preset verification rule, wherein the preset verification rule at least includes using the digital certificate verification plug-in to verify the validity of the digital certificate;
    若所述指定签名文件有效,则将所述具有签名的指定签名文件保存在预先构建的区块链网络中的所有区块链节点中,其中所述服务器为所述区块链的一个区块链节点。If the designated signature file is valid, save the designated signature file with signature in all blockchain nodes in the pre-built blockchain network, where the server is a block of the blockchain Chain node.
  19. 根据权利要求18所述的非易失性的计算机可读存储介质,其特征在于,所述数字证书中记载有证书公钥,所述ukey对应的用户持有证书私钥,所述获取所述终端发送的所述数字证书,并利用预设的集成插件中的ukey签名插件根据所述数字证书验证所述终端的身份,其中所述集成插件包括ukey签名插件和数字证书校验插件的步骤,包括:The non-volatile computer-readable storage medium according to claim 18, wherein a certificate public key is recorded in the digital certificate, the user corresponding to the ukey holds the certificate private key, and the acquiring The digital certificate sent by the terminal, and verify the identity of the terminal according to the digital certificate using the ukey signature plug-in in the preset integrated plug-in, wherein the integrated plug-in includes the steps of ukey signature plug-in and digital certificate verification plug-in, include:
    获取所述终端发送的所述数字证书、用于身份验证的信息、以及根据所述证书私钥对所述用于身份验证的信息进行加密后得到的密文;Acquiring the digital certificate sent by the terminal, the information used for identity verification, and the ciphertext obtained by encrypting the information used for identity verification according to the certificate private key;
    使用所述ukey签名插件从所述数字证书中获取所述证书公钥;Obtaining the certificate public key from the digital certificate using the ukey signature plug-in;
    采用所述证书公钥对所述密文进行解密,获得解密信息;Decrypt the ciphertext using the certificate public key to obtain decryption information;
    判断所述解密信息是否与所述用于身份验证的信息相同;Determine whether the decrypted information is the same as the information used for identity verification;
    若所述解密信息与所述用于身份验证的信息相同,则判定所述终端的身份验证无误。If the decrypted information is the same as the information used for identity verification, it is determined that the identity verification of the terminal is correct.
  20. 根据权利要求18所述的非易失性的计算机可读存储介质,其特征在于,所述根据预设的检验规则,判断所述具有签名的指定签名文件是否有效,其中所述预设的检验规则至少包括采用所述数字证书校验插件检验所述数字证书的有效性的步骤,包括:The non-volatile computer-readable storage medium according to claim 18, wherein said determining whether said designated signature file with signature is valid according to a preset verification rule, wherein said preset verification The rule includes at least the step of using the digital certificate verification plug-in to verify the validity of the digital certificate, including:
    采用所述数字证书校验插件从所述数字证书中提取所述数字证书的有效日期;Extracting the effective date of the digital certificate from the digital certificate by using the digital certificate verification plug-in;
    判断当前日期是否在所述有效日期之内;Determine whether the current date is within the effective date;
    若当前日期不在所述有效日期之内,则判定所述具有签名的指定签名文件无效。If the current date is not within the effective date, it is determined that the designated signature file with the signature is invalid.
PCT/CN2019/103540 2019-04-25 2019-08-30 Blockchain-based signature file saving method and apparatus, and computer device WO2020215575A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910341157.3A CN110175467A (en) 2019-04-25 2019-04-25 Signature file store method, device and computer equipment based on block chain
CN201910341157.3 2019-04-25

Publications (1)

Publication Number Publication Date
WO2020215575A1 true WO2020215575A1 (en) 2020-10-29

Family

ID=67690104

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103540 WO2020215575A1 (en) 2019-04-25 2019-08-30 Blockchain-based signature file saving method and apparatus, and computer device

Country Status (2)

Country Link
CN (1) CN110175467A (en)
WO (1) WO2020215575A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain
CN110781140B (en) * 2019-09-06 2023-08-18 平安科技(深圳)有限公司 Method, device, computer equipment and storage medium for signing data in blockchain
CN110569674B (en) * 2019-09-10 2023-11-17 腾讯科技(深圳)有限公司 Authentication method and device based on block chain network
CN110599210A (en) * 2019-09-27 2019-12-20 腾讯云计算(北京)有限责任公司 Information management method and device of block chain
CN110874747A (en) * 2019-10-16 2020-03-10 支付宝(杭州)信息技术有限公司 Product service data uploading method, product service data storing device, product service data storing equipment and product service data storing medium
CN110795765B (en) * 2019-11-04 2021-09-10 厦门无链之链科技有限公司 Personal mobile block chain operating system based on U shield
CN111010367B (en) * 2019-11-07 2022-11-29 深圳市电子商务安全证书管理有限公司 Data storage method and device, computer equipment and storage medium
CN111209589A (en) * 2019-12-31 2020-05-29 航天信息股份有限公司 Method and system for dynamic data desensitization based on regional chain
CN111953490B (en) * 2020-08-31 2023-11-14 上海雷龙信息科技有限公司 Digital signature method and system based on block chain technology
CN112632634B (en) * 2020-12-22 2023-12-29 深圳市赫德创新科技有限公司 Signature data processing method, device, computer equipment and storage medium
CN113505358B (en) * 2021-09-10 2022-06-03 万加合一数字科技集团有限公司 Method for supervising information processing behaviors
CN114679311B (en) * 2022-03-22 2023-04-07 电子科技大学 Block chain-based document data security verification method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180219857A1 (en) * 2017-01-27 2018-08-02 Soumendra Bhattacharya Systems and methods for certificate chain validation of secure elements
CN109167763A (en) * 2018-08-16 2019-01-08 国网浙江省电力有限公司电力科学研究院 A kind of power industry electronic data security method and system based on block chain
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN109560939A (en) * 2019-01-29 2019-04-02 张超 A kind of block method and the device out of block chain
CN109598615A (en) * 2018-11-30 2019-04-09 深圳市链联科技有限公司 A method of the transaction of block chain is participated in entity identities
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546182A (en) * 2012-02-01 2012-07-04 李智虎 Method, system and device for signing electronic contract without trusted third party
CN109472166B (en) * 2018-11-01 2021-05-07 恒生电子股份有限公司 Electronic signature method, device, equipment and medium
CN109543456B (en) * 2018-11-06 2021-07-09 北京新唐思创教育科技有限公司 Block generation method and computer storage medium
CN109639651A (en) * 2018-11-22 2019-04-16 安云印(天津)大数据科技有限公司 Contract based on living body authentication and block chain technology signs authentication method and its system online

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180219857A1 (en) * 2017-01-27 2018-08-02 Soumendra Bhattacharya Systems and methods for certificate chain validation of secure elements
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN109167763A (en) * 2018-08-16 2019-01-08 国网浙江省电力有限公司电力科学研究院 A kind of power industry electronic data security method and system based on block chain
CN109598615A (en) * 2018-11-30 2019-04-09 深圳市链联科技有限公司 A method of the transaction of block chain is participated in entity identities
CN109560939A (en) * 2019-01-29 2019-04-02 张超 A kind of block method and the device out of block chain
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain

Also Published As

Publication number Publication date
CN110175467A (en) 2019-08-27

Similar Documents

Publication Publication Date Title
WO2020215575A1 (en) Blockchain-based signature file saving method and apparatus, and computer device
US11899820B2 (en) Secure identity and profiling system
TWI725793B (en) System and method for mapping decentralized identifiers to real-world entities
US11128477B2 (en) Electronic certification system
US10567370B2 (en) Certificate authority
US7526649B2 (en) Session key exchange
US8185938B2 (en) Method and system for network single-sign-on using a public key certificate and an associated attribute certificate
RU2434340C2 (en) Infrastructure for verifying biometric account data
WO2021120615A1 (en) Encryption apparatus, encryption system and data encryption method
WO2016155281A1 (en) Application identifier management method and device
TW200833060A (en) Authentication delegation based on re-verification of cryptographic evidence
WO2021190197A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
WO2020211481A1 (en) Method, device and system for generating blockchain authorization information
ES2665887T3 (en) Secure data system
WO2016173211A1 (en) Application identifier management method and device
US20230206219A1 (en) Identification token, systems and methods for identification and identity verification.
Abraham et al. SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance.
KR20220006234A (en) Method for creating decentralized identity able to manage user authority and system for managing user authority using the same
JPH10336172A (en) Managing method of public key for electronic authentication
JP4998314B2 (en) Communication control method and communication control program
JPH1125045A (en) Access control method, its device, attribute certificate issuing device, and machine-readable recording medium
US11323267B1 (en) Systems and methods for maintaining confidentiality, integrity, and authenticity of the last secret
CN116506118A (en) Identity privacy protection method in PKI certificate transparentization service
CN111404680B (en) Password management method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19925670

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19925670

Country of ref document: EP

Kind code of ref document: A1